March, 2011:

Please be careful with all website links that are presented to you in Facebook, email, or in web searchers.  Attackers are using SQL Injection attacks to seed vulnerable websites with FAKEAV and other malware.

LizaMoon Mass SQL Injection Attack continues
http://blog.trendmicro.com/lizamoon-etc-sql-injection-attack-still-on-going/
http://www.eweek.com/c/a/Security/LizaMoon-Mass-SQL-Injection-Attack-Points-to-Rogue-AV-Site-852537/

QUOTE: Websense Security Labs discovered a mass-injection campaign infecting more than 28,000 URLs, including a few Apple iTunes URLs that redirect users to a rogue AV site.  Attackers have launched a large-scale SQL injection attack that has compromised several thousand legitimate Websites, including a few catalog pages from Apple’s iTunes music store.

Websense Security Labs and the Websense Threatseeker Network discovered the mass-injection campaign that compromised over 28,000 URLs, including several iTunes URLs, according to Patrik Runald, a senior manager of security research at Websense Security Labs, who posted an alert on the Security Labs blog. The mass-injection attack has been named LizaMoon after the domain hosting the attack code.

Unlike the recent SQL injection attack that affected MySQL.com and Sun.com, this mass injection is a SQL injection attack against a large volume of legitimate sites. The LizaMoon attack inserts a line of code referencing a PHP script that redirects users to another malware site.

While this AVERT warning pertains primarily to the UK, please be careful with all EMAIL messages that seem to come from the IRS or other official agencies.  Remember that the IRS does not have your email address and usually criminals want personal or bank account information.  Only work through trusted sources.

Tax Season – Beware of scams and fake messages
http://blogs.mcafee.com/mcafee-labs/u-k-tax-scams-on-the-horizon

QUOTE: As the saying goes: Death and taxes are the only constants in life. This adage can be applied to scams on the Internet as well. Every tax season we can count on scams like these to raise their heads and try to bilk users out of their identity information and hard-earned money. A few of the messaging and spam researchers at McAfee Labs sent me some samples earlier today that I would like to share.

Trend has just offered a new beta version of a standalone FAKEAV removal tool.  This new process based cleaner appears to be comprehensive. It can be downloaded free of charge and used in SAFE MODE to clean these complex infections.

Trend Micro – Creates new FAKEAV standalone removal tool
http://esupport.trendmicro.com/0/Fake-Antivirus-FakeAV-Removal-Tool.aspx

QUOTE: Fake Antivirus (FakeAV) threats have been rampant in the past few years. Various FAKEAV variants have infected millions of PCs and are continuously spreading worldwide. One reason why FAKEAV infections have become well-known to users is because they have visual payloads. Variants of the malware family often display pop-up messages telling users that their machines have been infected. This may cause panic among users, pressuring them to purchase rogue antivirus applications in the hope of resolving the issue. Users, however, should never purchase antivirus software from unknown sources.

eWeek shares this article related to IE9, noting many new improvements in functionality and security

Internet Explorer 9 – Ten Reasons to Use it
http://www.eweek.com/c/a/Enterprise-Applications/Microsoft-Internet-Explorer-9-Arrives-10-Reasons-to-Use-It-851132/

QUOTE: Microsoft has officially launched Internet Explorer 9. Although the browser’s history has been spotty, Internet Explorer 9 is the one new browser that every user should be trying. Microsoft has officially launched Internet Explorer 9. The browser, which is being touted by many reviewers already as the best version of the software the company has ever released, follows a long line of predecessors that at times won customers over and at other times failed miserably. But it’s a new day for Microsoft and Internet Explorer. The time has finally come for the company to face Google’s Chrome browser head-on.

1. It’s fast
2. A vastly improved interface
3. It’s awfully Chrome-like
4. The Pinned Sites feature is nice
5. It’s much more secure
6. It’s a big step up over previous versions
7. The enterprise will be happy
8. A new Microsoft?
9. Putting an end to tracking
10. It’s another good reason to ditch Windows XP

Please be careful with links that might be presented to you in Facebook. Another new XSS worm is circulating that can automatically post messages with malicious links on Facebook walls of your friends and contacts. 

Facebook – New XSS Worm Allows Automatic Wall Posts
http://www.symantec.com/connect/blogs/new-xss-facebook-worm-allows-automatic-wall-posts

QUOTE: Currently a new and unpatched cross-site scripting (XSS) vulnerability in Facebook is being widely used to automatically post messages to other user’s walls. The vulnerability was used for some time in some smaller cases; however, it is now widely being used for the first time by many different groups—especially in Indonesia, where we are seeing thousands of infected messages being posted by unknowing users.

Any user who is logged into Facebook and visits a site that contains such an element will automatically post an arbitrary message to his or her wall. There is no other user interaction required, and there are no tricks involved, like clickjacking. Just visiting an infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook.

Mouse Training Company – Free MS Office Training Manuals
http://www.mousetraining.co.uk/ms-office-training-manuals.html

QUOTE: We have made all our MS Office training manuals available to download for free. The files are in PDF format that will allow you Save, Print or Email to yourself.  If you are not a Mouse Training client and would like to make use of the manuals, we kindly ask that you provide a HTML link back to our site from your company website. Please use the following information for the link. The manuals are copyright protected under Wiki Commons License. This agreement will allow you to download, edit, distribute and store the manuals without limit.

Internet Private Browsing – IE, Firefox, and Chrome
http://blog.trendmicro.com/private-browsing/

QUOTE: Chrome, Firefox, and Internet Explorer released major updates this week. The timing may be a coincidence or not but there is a very interesting feature that all three browsers are developing almost at the same time—private browsing.

Each of the three approaches to private browsing has its merits:

• Mozilla Firefox advocates the use of a new HTTP header that, with time, all websites should honor

• Google Chrome instead uses a blacklist of websites published by Google

• Microsoft Internet Explorer is similar, except that it allows for a more granular control over lists

Finally, private browsing! But how does this change my life? Well, for starters, you can now minimize the amount of targeted advertising you’re exposed to. That’s if you want to, of course. The key element is choice. The three main browsers have chosen three very different ways to implement privacy.

Some of the key security enhancements found in the new version of Firefox are listed below:

Firefox 4 Security Features
http://isc.sans.edu/diary.html?storyid=10594
https://developer.mozilla.org/en/Firefox_4_for_developers#Security

Firefox 4 – All Features (Technical writeup)
https://developer.mozilla.org/en/Firefox_4_for_developers

QUOTE: Like no other release before it, Firefox 4 includes a number of significant security features. These features are addressing attacks that are in particularly hard to avoid by developers and in which the browser is more so the victim then the server.

These attacks, Cross Site Scripting (XSS), redirects to HTTP pages from HTTPS and Clickjacking use vulnerable web applications more as a mirror to bounce attacks into the browser. The browser can provide meaningful protection against these attacks, unlike for more server centric attacks like sql injection, for which the attacker is in full control of the client.

All Apple Mac OS X users should update their systems as prompted.  There were 53 issues addressed in several components including third party software

Apple Mac OS X – Security Update 2011-001
http://blogs.pcmag.com/securitywatch/2011/03/mac_os_x_update_fixes_dozens_o.php

Mac OS X v10.6.7 and Security Update 2011-001
http://support.apple.com/kb/HT4581

QUOTE: This document describes the security content of Mac OS X v10.6.7 and Security Update 2011-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

We should be careful when sharing information on Facebook and other social networks. Sometimes, I see friends sharing advanced plans of a trip, vacation, or other outing. As these posts are often available to the general public, there have indeed been accounts of folks burglarized while away and criminals confusing that they discovered it via a Facebook post.

Social Network Users too friendly in sharing information publicly
http://blogs.pcmag.com/securitywatch/2011/03/survey_says_users_too_friendly.php

QUOTE: It’s old news that people are way too trusting on social media sites with their personal information, but it’s no less disturbing for being banal. Would you walk around on the street holding a sign displaying your birthday, home town, and other data people commonly put in their Facebook public profiles?

ID Analytics’s message is that you shouldn’t be one of the low-hanging fruit. They have 3 rules of thumb for protecting your identity:

1. Be careful what you share
2. Protect what you have
3. Monitor, monitor, monitor

ID Analytics – In-depth study of Privacy
http://www.idanalytics.com/news-and-events/news-releases/2011/3-22-2011.php