Back with a vengence: Fresh MS06-028 malicious PowerPoint documents

We have seen a few malicious PowerPoint documents come through the labs in the past few days. These malicious documents exploit the MS06-028 vulnerability, for which a patch has been available since June 21… 2006. Yes, that’s right — a patch has been available for more than 3 years.

Mobile Users Unfazed by Web Threats

Users are under the impression that mobile phones are more secure than PCs, according to the latest Trend Micro survey. A number of users are found not practicing safe browsing when using their mobile phones. The survey shows that 44% of over 1,000 respondents are lax when it comes to surfing using their mobile phones. The respondents are actually more concerned of losing data such as contact numbers via physical phone loss rather than information loss due to Web threats and phishing or spam attacks. In fact, only 23% utilize security software already installed in their phones. Some even believe … Continue reading Mobile Users Unfazed by Web Threats

Developer denies software to beat Chinese censors is malicious

UltraSurf programmer says the software acts suspiciously, but it’s just trying to put one over on the Great Firewall of China. Software designed to beat Chinese censorship may behave in ways that seem suspect, but it is all part of the application’s strategy to fool the Great Firewall of China, according to one programmer of the software. “There are many built-in tricks that do all kinds of things to confuse the firewall,” says David Tian, a scientist for NASA who works spare-time on UltraSurf, the free software designed to promote unrestricted Internet access for citizens of China persecuted for being … Continue reading Developer denies software to beat Chinese censors is malicious

Firefox Add-on Spies on Google Search Results

Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called “Adobe Flash Player 0.2,” the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts. The said add-on injects ads into the user’s Google search results pages. More disturbing, however, is its capability to monitor the user’s browsing activities, particularly his/her Google search queries using the Firefox browser. It then sends the information it gathers to http://{BLOCKED}

If a free scanner says you have infection but it does not say which file….

is infected… dump that free scanner.  Use alternative scanners (online or on-demand scanner) Webroot Spy Sweeper is offering free scan but if it found infection, there is no information on which file is infected.  People who come across on such like this one in CNET Forums cannot even quarantine the file, leaving the end-user curious whether the detection of Spy Sweeper’s free scan is correct or a false positive.  You have to pay before you can quarantine without information on what it will quarantine or heal? Webroot must be kidding.

AVG false positive on legitimate applications causes trouble

Many AVG users are now asking help in forum on why they could not run legitimate applications such as Firefox, Microsoft Word, CCleaner, Malwarebytes’ Anti-malware etc.  Other users has reported to receive a dialog box that the executable of the program that they are trying to open is is not a valid Win32 application.  While some are getting that a .dll file is missing. Sample reports yesterday and the other day is here, here and here.  Moderator of CNET, Carol has provided also some links on similar reports mentioned at All of the above reports started to happen to … Continue reading AVG false positive on legitimate applications causes trouble

Hackers scalp Apache

The website of Apache was taken offline for several hours on Friday after the SSH remote administration key on one of its servers was compromised. It’s unclear at present whether any code on the Apache website was actually modified. Nor do we know how the attack was carried out or who was behind it. Apache’s web site was restored after DNS records were changed so that servers based in Europe rather than at the main US site were carrying the load.

Apple’s Snow Leopard Brings Compatibility, Security Concerns

Adobe CS3 users are expressing dismay that Snow Leopard compatibility hasn’t been tested while hackers tempt Mac users with malware in Snow Leopard clothing. Apple’s Snow Leopard update for Mac OS X ships later this week, but compatibility and security worries have already arrived. Adobe (NSDQ: ADBE) on Tuesday confirmed that its Creative Suite 4 (CS4) line of products is compatible with Snow Leopard, except for Adobe Drive/Version Cue. It also acknowledged that its older CS3 software has not been tested with Apple’s forthcoming operating system. In an effort to dispel worries that CS3 users would be unable to use … Continue reading Apple’s Snow Leopard Brings Compatibility, Security Concerns

FBI fears free laptops could be malware scam

Beware geeks offering gifts. Malware authors may have found a new way to skirt firewalls – send some pre-infected laptops in the post. That’s the fear of the FBI which is investigating the despatch of laptops to US state governors. Five HP laptops were sent to West Virginia Governor Joe Mahchin a few weeks ago.  According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted. The West Virginia laptops were delivered to the governor’s office … Continue reading FBI fears free laptops could be malware scam