PC-Armor Computer Security News Blog

Serious Apple QuickTime Vulnerability

SearchSecurity.com reported that exploit code is now available to malicious individuals who wish to hijack vulnerable computers. The criminals must trick the end user to visit a malicious web site or open an infected QTL File for the attack to be successful. You can read the article here:

As the article states, until Apple releases a patch for this problem, everyone would be well-advised to block outgoing traffic over port TCP 554 on their firewalls. Think twice before watching videos and visiting sites with which you are unfamiliar!

UPDATE: It appears there are many suggestions to work around this vulnerability until a patch is released, including blocking UDP ports 6970-6999.  You can read the details on the US-CERT site at: http://www.kb.cert.org/vuls/id/659761

Your Google Kit is Ready

I received two emails with the subject of “Your Google Kit is Ready” today.  After reviewing the information in the header of each email, I found that both emails came from different domains, and one of the emails was flagged as spam because the program indicated the address may have been forged.  One interesting commonality is that both emails came from “GoogleGuru@…“; which were different domains, but the same the user account names.  Does that seem suspicious to you?  It seems strange to me that I received two new emails from “GoogleGuru” at two different domains.  This may be a new scam and you should be very careful if you receive one of these emails.

The body of the email states:

NEWS RELEASE: 

Google just announced that it is sharing its AdWords program with local individuals who want to earn funds from home on their computer.

This is a legitimate program, so you must be serious about earning extra every month.

For more information…

They want you to click a link, which was removed for your protection

Spammers and scammers often entice the recipient with a way to earn money and of course, they include a link for all interested parties.  I’m not sure where the link(s) will  take the user or even if their computer will become infected with Trojans and other malicious code.  All I know is that when I start seeing emails with similar subjects start flooding my Inbox, I become HIGHLY suspicious very quickly. 

You may consider monitoring the SANS Internet Storm Center, US-CERT, and other security sites to see if new articles start surfacing regarding this particular email subject, BEFORE, you click the links contained within the email.

Stay safe!

Be very careful before you open .FLAC Audio Files!

US-CERT and eEye Digital Security have released a warning about a serious vulnerability with FLAC audio files that could result in remote code execution capable of installing Trojans and other malware!  The systems that are currently affected include:

• America Online
• Cog
• dBpoweramp
• FLAC
• Foobar2000
• jetAudio
• PhatBox
• Yahoo

You can read the US-CERT advisory at:

http://www.kb.cert.org/vuls/id/544656

The eEye Digital Security can be found at:

http://research.eeye.com/html/advisories/published/AD20071115.html

The estimated date for an update to patch the vulnerabilities, according to eEye Digital Security, will be around December 26, 2007. 

Be very careful before you decide to open any .FLAC files attached to an email!

Pop-up Ads may be infecting your computer!

Eweek ran a security article on November 12 about DoubleClick and how they are ramping up efforts to combat malicious software that has infected many of their online advertisements.

Apparently, many DoubleClick ads found on popular and well-known websites like CNN and the Economist have been popping up informing the visitor that their computer is infected with viruses and that by downloading and installing the [rogue] security software, they would be able to remove the infections.

According to the article, the malicious ads were Trojans that would continuously pop up warnings until the end user paid for the bogus program.  You can read the article at:

http://www.eweek.com/article2/0%2C1895%2C2215635%2C00.asp

I have not experienced any such pop-ups, partly because I configured my browsers and security software to block pop-up advertising.  The other reason I may have avoided these malicious programs is that I filtered out “DoubleClick” on my Router/Firewall a couple of years ago; therefore, whenever I visit pages with advertising by DoubleClick on any website…the ad is replaced with a message stating that the website was blocked by my firewall.

Anytime you come across advertisements or web sites you do not want anyone on your network to open; simply add the name of the site to your perimeter firewall web content filtering rules.  When you filter out unwanted sites, they simply will never open!

Cheers!

Scams, Scams, and more Scams

As I was checking various security sites today, I was intrigued with today’s F-Secure Blog, “Challenge – Money Laundering Fraud”.  This brief article reviews a site devoted to educating Internet Users about active money laundering scams and is a very good resource for those who do not want to get burned by one of these scams.  You can read the F-Secure article at:

http://www.f-secure.com/weblog/archives/00001314.html

Check out the links to both sites in the article, because they have some excellent information and examples to help you avoid becoming a victim to these types of scams.

Trends in Badware 2007

Stopbadware.org recently released a 12-Page report outlining the current threats to user’s privacy and security when using computers that are connected to the Internet.  This report is a “Must Read” for everyone who surfs the Internet and can be viewed at:

http://stopbadware.org/pdfs/trends_in_badware_2007.pdf

“Trends in Badware 2007” starts with a brief history about viruses, why they were initially created, and how and why they evolved into the many different forms threatening everyone’s personal privacy today.  The rest of the reports discusses the different types of attacks that are now threatening all Internet-connected users, how each threat infects computers, and the types of damage each one is capable of inflicting.

We encourage everyone to read this report; it is well worth your time and will undoubtedly raise your level of awareness and encourage you to invest in good protection!

Critical Microsoft Update Scam

Heads Up!  If you receive an email claiming to be a Critical Security Update for Microsoft Windows…DELETE IT IMMEDIATELY!  As F-Secure reported on their Weblog today, there is an attachment named “update.zip” and it is a malicious attachment with a Trojan Downloader packaged inside.  You can read the article at:

http://www.f-secure.com/weblog/archives/00001308.html

Anytime you need to check for a Microsoft Security update, simply click the “Start” button and then click the “Windows Update” menu from the “Start Menu“.  This will open the Official Microsoft Windows update site where you can quickly check to see if you need any updates.

This applies to any other software you have installed.  Most programs have an update feature built in to their programs whereby you click an update button or menu to check for updates.

Remember, you should not open unsolicited emails or attachments, and under no circumstances, should you ever click on any link inside of an unsolicited email!