Bogus Windows License Spam is in the Wild

October 26, 2012 by  
Filed under Security News

For everyone’s information:

Below is a screenshot of a new spam run in the wild, and the sender (whoever he, she, or it is) presents to recipients a very suspicious but very free license for Microsoft Windows that they can download.

Sounds too good to be true? It probably is.


From: {random email address}
Subject: Re: Fwd: Order N [redacted]
Message body:

You can download your Microsoft Windows License here –

Microsoft Corporation

Clicking the hyperlinked text leads recipients to a number of .ru websites hosting the file, page2.htm (screenshot below), which contains obfuscated JavaScript code that loads the Web page fidelocastroo(dot)ru(colon)8080/forums/links/column(dot)php.



This spam is a launchpad for a BlackholeCridex attack on user systems.

This method is likewise being used by the most recent campaign of the “Copies of Policies” spam, also in the wild.

Our AV Labs researchers have documented their findings in detail regarding these spam runs on our GFI Software Tumblr page. Please visit

Stay safe!


By Jovi Umawing @

Be aware of rogue security of Fake AVG software

February 1, 2011 by  
Filed under Security News

We have noticed rogue antivirus software that pretends to be the AVG Anti-Virus 2011. As usually  social engineering is in use –  well known names (AVG, Microsoft Security Essentials)  and designs of trusted applications are present in order to increase credibility.



Read more

UK Government: We’re sticking with Internet Explorer 6

August 5, 2010 by  
Filed under Security News

Gulp. At the end of last week, along with thousands of other Brits, I received an email from the UK Government telling me that they had responded to a petition I had signed urging the Prime Minister to encourage government departments to upgrade from Internet Explorer 6.


You can read the UK Government’s response here.


In a nutshell, Her Majesty’s Government says it is more cost-effective to stick with Internet Explorer 6 (which has been dogged with security issues) rather than switch to an alternative browser or a more up-to-date version.


Too expensive, huh?


You have to wonder if that’s going to be considered an acceptable excuse by the general public when there’s a serious security breach that exploits a creaky old browser that’s been around since 2001.


Where’s the wisdom in sticking with IE 6 when Microsoft itself has urged users to upgrade to a more secure version, many websites are dropping support for it, and security professionals advise that installations of Internet Explorer 6 should be taken outside and beaten with a heavy stick.


Read More…



Microsoft readies emergency patch for Shortcut zero-day flaw

August 5, 2010 by  
Filed under Security News

Updated Good news from Microsoft. It has announced that it plans to release an emergency out-of-band update to patch a critical Windows security vulnerability that is being actively exploited by malware.


The so-called Shortcut exploit is being exploited by specially crafted shortcut (.LNK) files that point to malicious code and trick Windows into executing it without user interaction.


Malware exploiting the vulnerability have included Stuxnet, Chymin and Dulkis, Zbot, and – most recently – Sality.


“In the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers,” Christopher Budd, Senior Security Response Communications Manager at Microsoft, wrote on the MSRC blog.


Microsoft normally publishes its security patches on the second Tuesday of each month, but this one is scheduled to be released today (Monday, August 2 2010) at 10am PST (1800 BST).


Whenever Microsoft releases an out-of-band patch it’s a big deal – they clearly think it’s an important enough issue to break their regular cycle and you should pay attention too. We would recommend that computer users apply the patch as soon as possible.


As Microsoft is issuing a permanent patch for the shortcut vulnerability, we would recommend that users uninstall the Sophos Windows Shortcut Exploit Protection Tool before applying the Microsoft fix.



Read More…



New version of Microsoft Security Essentials is now available!

July 21, 2010 by  
Filed under Protection Tools

Microsoft Security Essentials

Microsoft has released the beta for the next version of Microsoft Security Essentials. The software, Security Essentials, is a free toolset for any Windows user to protect themselves from the malware that plagues the world of Windows computing.


Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure – when you’re green, you’re good. It’s that simple. New features in the beta of Microsoft Security Essentials include:


  • Windows Firewall integration – During setup, Microsoft Security Essentials will now ask if you would like to turn the Windows Firewall on or off.
  • Enhanced protection for web-based threats – Microsoft Security Essentials now integrates with Internet Explorer to provide protection against web-based threats.
  • New protection engine – The updated anti-malware engine offers enhanced detection and cleanup capabilities with better performance.
  • Network inspection system – Protection against network-based exploits is now built in to Microsoft Security Essentials.


To download the beta of Microsoft Security Essentials, click here to visit the Microsoft Connect page to register for the beta. Once completed – you will find the instructions for downloading and installing the beta.



Source :


Security risks for those who stay with Windows XP SP2

July 13, 2010 by  
Filed under Security News

Tomorrow (Tuesday 13 July 2010) Microsoft will issue its last ever security patches for Windows XP Service Pack 2 (SP2).


The service pack, which was first released in August 2004, will no longer be supported by Microsoft after Tuesday meaning that users will no longer receive any security patches – regardless of how critical any discovered vulnerability may be.


Furthermore, it’s not just Windows XP SP2 that Microsoft won’t be updating – but your installations for Internet Explorer, Windows Media Player, Outlook Express and other Windows XP SP2 components also won’t receive security patches if you’re running that version of the operating system.


You may be wondering – “What’s the problem? After all, Windows XP SP3 was released in 2008, and replaced SP2, right?”


Well, yes. It did. But recently published statistics suggest that an alarming 77% of organisations are running Windows XP SP2 on 10% or more of their PCs.


That’s an awful lot of computers which may not be properly protected when a new vulnerability is discovered – and could potentially be vulnerable to a malware attack.


Microsoft would probably like you to update your computers to Windows 7, but that may be a tall order for many older PCs. If you’re not ready for Windows 7, make sure you apply the free update to Windows XP SP3. Windows XP SP3 will be supported by Microsoft until at least April 2014.


Read More…

Critical security updates from Microsoft and Adobe

May 12, 2010 by  
Filed under Security News

It was “Patch Tuesday” yesterday, which means another parcel of security updates for computer users to unwrap, and this time the fixes aren’t just from Microsoft, but from Adobe too.


First on the menu is Microsoft, which has served up two security bulletins detailing vulnerabilities that could be exploited by hackers to execute malicious code (such as a worm) on your computer.


The first of these security holes exists in Outlook Express, Windows Mail, and Windows Live Mail. Microsoft’s Security Research & Defense blog goes into some detail about the vulnerability, explaining that although the security hole is given a “critical rating” on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008, it is considered less serious for Windows 7 users as Windows Live Mail is not installed by default on that platform.


The other patch from Microsoft addresses a vulnerability in Visual Basic for Applications, a component used by Microsoft Office and other third-party products. Microsoft has given this security update its highest possible rating – “Critical” – for all supported versions of Microsoft Visual Basic for Applications SDK and third-party applications that use Microsoft Visual Basic for Applications. It is also rated “Important” for all supported editions of Microsoft Office XP, Microsoft Office 2003, and the 2007 Microsoft Office System.


Adobe Shockwave PlayerNext up is Adobe, who have released patches to squash over 20 security vulnerabilities in its Shockwave and ColdFusion products.


The critical vulnerabilities identified in Adobe Shockwave Player and earlier versions impact both Windows and Macintosh users, and could allow attackers to run malicious code on your computer.


Adobe recommends that users update their version of Adobe Shockwave Player to version


Details of the ColdFusion vulnerabilities, classed as “important”, are provided in Adobe Security Bulletin APSB10-11.


Enough of waffle. Download and install the patches if your computer is affected.


By Graham Cluley, Sophos


Microsoft to release emergency Internet Explorer patch on Tuesday

March 29, 2010 by  
Filed under Security News

Microsoft has announced that it will be issuing an emergency out-of-band patch for a critical security hole in some versions of Internet Explorer on Tuesday 30 March.


According to a Microsoft advisory, the emergency fix is designed to protect users of Internet Explorer 6 and Internet Explorer 7.


Microsoft normally bundles its security updates into a monthly package, known in the industry as “Patch Tuesday” (the second Tuesday of each month), and it is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle. Clearly Microsoft considers the bug particularly important to patch as soon as possible.


And in my opinion they’re right not to leave this vulnerability unpatched until April 13th. Earlier this month I described how hackers are actively exploiting the vulnerability, in their attempt to infect computers.


The researchers in SophosLabs reported some of the malicious spam messages we have seen being distributed which attempt to trick users into visiting websites that will exploit the zero day vulnerability and infect Windows PCs.


More information about the security flaw can be found in Sophos’s analysis of the problem.


So, if you are still using Internet Explorer versions 6 or 7, please be sure to update your systems as soon as Microsoft releases the fix. But, in all honesty, what are you doing running such old versions of IE anyway? Shouldn’t you have upgraded to Internet Explorer 8 by now?


By Graham Cluley, Sophos



Related Blogs

    Protecting against the Internet Explorer zero day vulnerability

    March 16, 2010 by  
    Filed under Security News

    A few days ago Microsoft warned its users of an unpatched security hole in its products that could leave Windows users exposed to attacks by cybercriminals.


    The Internet Explorer vulnerability, which has the CVE reference CVE-2010-0806 and fortunately does not affect Internet Explorer 8, is being actively exploited by malicious hackers. As reported on the SophosLabs blog, we have seen malicious spam messages being distributed which try and trick users into visiting websites that will exploit the zero day vulnerability to infect PCs.


    Sophos detects the exploit scripts seen so far generically as Troj/ExpJS-R.


    A proper patch from Microsoft for the problem is not yet available, but the company has issued a couple of workarounds that can be used by vulnerable Windows users.


    One of Microsoft’s workarounds makes it easy for users to automate the changes that need to be made to the Windows registry (something that normally can give regular users the heebie-jeebies) to disable the “peer factory” class on Windows XP and Windows Server 2003.


    They have also provided a workaround that enables Data Execution Prevention (DEP) on Internet Explorer 6 Service Pack 2 and Internet Explorer 7.


    If you are responsible for the security of a number of Windows PC, rather than just your personal computer, you may wish to read the more detailed advice Microsoft provides on workarounds.


    More information about the security flaw can be found in Sophos’s analysis of the problem.


    There’s no word yet on when Microsoft will make available a proper fix for this problem, or indeed whether it will be included in their next scheduled “Patch Tuesday” bundle of patches scheduled for April 13th or released as an out-of-bound fix.


    But I think it’s good that they gave the less geeky users of computers a fairly easy way to implement the workaround, rather than leaving them befuddled by complicated instructions.


    This latest attack is a timely reminder for all Internet Explorer users that maybe it’s high time they updated their systems to version 8.0 of the popular web browser.


    By Graham Cluley, Sophos



    Check your password — is it strong?

    March 2, 2010 by  
    Filed under Protection Tools

    Your online accounts, computer files, and personal information are more secure when you use strong passwords to help protect them.


    Test the strength of your passwords: Click Here


    Powered by Microsoft

    Next Page »