Free Windows Shortcut Exploit Protection Tool From SOPHOS

Shortcut zero-day attack code goes public

If you’ve been following Chet Wisniewski’s blog over the last few days you will already know about the serious zero-day vulnerability that has been found in versions of Windows.

 

Since confirmed by Microsoft, there exists a vulnerability in versions of Windows which allows a maliciously-crafted Windows shortcut file (.lnk) run a malicious DLL file, simply by being viewed on a USB stick.

 

Furthermore, the attack can be initiated automatically by viewing an affected USB storage device via Windows Explorer, even with AutoRun and AutoPlay are disabled. The Microsoft Security Response Center (MSRC) says that the security hole can also be remotely exploited via WebDAV and network shares.

 

You can watch the following YouTube video where Chet shows the attack in action:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

In this case, the DLL executed carries a rootkit – helping hide the infection from prying eyes.

 

What is of particular concern, of course, is that other malicious hackers might try to exploit the vulnerability – as it would certainly be a useful tool in any malware’s arsenal. The chances of that occurring has increased over the weekend, as a hacker called Ivanlef0u published proof-of-concept code onto the internet.

 

In the past we’ve seen worms (Conficker is perhaps the most famous example) spread successfully via USB devices, which prompted many firms to disable AutoPlay.

 

There is a real risk that more malware will take advantage of the zero-day exploit now the code is “out there”, taking things to a whole new level.

 

So far, Microsoft has not made a patch available for the problem and has given no timeline as to when a proper fix will be available. However, I’m sure they are feverishly working on a security update for this critical vulnerability.

 

Sophos detects the malware we’ve seen so far using the exploit as W32/Stuxnet-B and Troj/Cplink-A.

 

 

Read More…

 

90 Second Security Roundup (Video)

 

 

Tips to Detect Virus Files and Infected files

How to detect virus files?

Virus files now a days are more improved and hard to find than earlier, now some files have nice icon so user cant imagine that file is virus or unwanted. Normal Properties of virus or infected files, that always tries to connect internet and get other unwanted softwares or files to the victims computer.

 

Some Trojan files like Sality.AA copies its file to windows\system32 with same file size, so it can identify easily, some may in hidden, and creates files in all folder with same name as folder. For Example, i have a folder in C:\myfolder, when this trojan infect the system, creates files in that folder with name myfolder.exe with size ~499 KB, if we open that file nothing opens but system will get busy. Like that so many files where created in those Drives and folders.

 

How To Delete these files:

Use Windows Search utility or any alternative, before that find file size of file created, like myfolder.exe, if this filesize is 499 KB, add file size in Search parameter so you can easily delete all folder named execute files.

 

Note:

If any exe file is running, you cannot delete some files, before that end those suspected file processess. You can use Windows Task Manager or any Alternative Task Processes lister like Process Explorer.
Get Process explorer from
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
http://en.wikipedia.org/wiki/Process_Explorer

 

From Process Explorer you can delete files, download this free program.

 

Detect Infected Virus Files.

 

To Detect infected files is simple. If you think your normal application tooks more time than normal, it may be the cause of virus infection. Bitdefender is the Best Antivirus software can be used in Disinfection of virus infected files.

 

 

First human ‘infected with computer virus’

 

A British scientist says he is the first man in the world to become infected with a computer virus.

 

Dr Mark Gasson from the University of Reading contaminated a computer chip which was then inserted into his hand.

 

The device, which enables him to pass through security doors and activate his mobile phone, is a sophisticated version of ID chips used to tag pets.

 

In trials, Dr Gasson showed that the chip was able to pass on the computer virus to external control systems.

 

If other implanted chips had then connected to the system they too would have been corrupted, he said.

 

Medical alert

Dr Gasson admits that the test is a proof of principle but he thinks it has important implications for a future where medical devices such as pacemakers and cochlear implants become more sophisticated, and risk being contaminated by other human implants.

 

“With the benefits of this type of technology come risks. We may improve ourselves in some way but much like the improvements with other technologies, mobile phones for example, they become vulnerable to risks, such as security problems and computer viruses.”

 

However, Dr Gasson predicts that wider use will be made of implanted technology.

 

“This type of technology has been commercialised in the United States as a type of medical alert bracelet, so that if you’re found unconscious you can be scanned and your medical history brought up.”

Professor Rafael Capurro of the Steinbeis-Transfer-Institute of Information Ethics in Germany told BBC News that the research was “interesting”.

 

“If someone can get online access to your implant, it could be serious,” he said.

 

Cosmetic surgery

Professor Capurro contributed to a 2005 ethical study for the European Commission that looked at the development of digital implants and possible abuse of them.

 

“From an ethical point of view, the surveillance of implants can be both positive and negative,” he said.

 

“Surveillance can be part of medical care, but if someone wants to do harm to you, it could be a problem.”

In addition, he said, that there should be caution if implants with surveillance capabilities started to be used outside of a medical setting.

 

However, Dr Gasson believes that there will be a demand for these non-essential applications, much as people pay for cosmetic surgery.

 

“If we can find a way of enhancing someone’s memory or their IQ then there’s a real possibility that people will choose to have this kind of invasive procedure.”

Dr Gasson works at the University of Reading’s School of Systems Engineering and will present the results of his research at the International Symposium for Technology and Society in Australia next month. Professor Capurro will also talk at the event.

 

 

By Rory Cellan-Jones, http://news.bbc.co.uk

The sexiest video ever? Facebook users hit by Candid Camera Prank attack (Video)

 

Video Source : Websense Security Labs

More info

Watch out !! from “Winamp” “Without a Doubt” spam at Facebook

If you got some posts from your friends in your facebook wall that says “YOUR NAME, THIS IS WITHOUT DOUBT THE SEXIEST VIDEO EVER! …” with a link “Candid Camera Prank! [HQ]“, like this picture.

If you click on the link then “Allow”  it will get your private information and posts at all your friends wall the same message, see this picture.

To protect your self when you receive the same message in your wall, don’t click on the link and click on Remove button on the right.

 

Take Care, Virus Experts Team.

 

McAfee Antivirus Plus Free For 6 Months

 

 

This McAfee Antivirus Plus provided by EMC-IOMEGA,no need product key and download software client and run the installer only.

 

Go to this web page and click ‘Download’ icon,then enter in your name,email and password,click ‘I Agree’.

 

A print receipt set up for you and click ‘Download’.You need go to your email inbox and getting email sending by McAfee,click the activation link.

 

Click ‘Download’ icon after success activate the link,follow the instruction to process and you will getting McAfee Antivirus Plus for six months.

 

Source : techgravy.net

New Mac backdoor Trojan horse discovered

 

Pinhead or HellRTS? What’s in a name?

 

Mac malware is making the headlines again – this time in the form of a remote access trojan which has been given the name OSX/HellRTS.D by French security firm Intego.

 

The folks at Intego blogged about the new Mac threat they discovered, which when run on a Mac OS X computer can allow remote hackers to gain access.

 

Users of Sophos Anti-Virus for Mac are protected, as we detect the malware as OSX/Pinhead-B, but presently it looks like this is not considered a serious threat and we have received no reports of infections from customers.

 

It does, however, appear to have been distributed disguised as iPhoto, the photo application which ships on modern Mac computers. This is clearly an attempt to fool victims via a social engineering trick into installingt the malicious code on their computers.

 

As always, be careful about the origin of applications you run on your computer, and keep your protection up-to-date. As many Mac users do not presently run any anti-virus software at all, they could be considered a soft target for more attacks like this in the future.

 

There’s a lot less malicious software for Mac computers than Windows PCs, but the fact that so many Mac owners don’t take security seriously enough might encourage an increasing amount of crime on their platform going forward.

 

By Graham Cluley, Sophos

 

 

Farm Town virus warning: Malvertising at work?

Players of the online game Farm Town are being warned to be on their guard for malicious adverts that display fake security warnings in an attempt to dupe unsuspecting users into installing malicious code or handing over their credit card details.

 

SlashKey, the developers of the game which has over 9.6 million monthly active users on Facebook, has posted a warning on its forum advising players to be wary of warnings that suddenly pop-up telling them that their computer is infected:

If you suddenly get a warning that your computer is infected with viruses and you MUST run this scan now, DO NOT CLICK ON THE LINK, CLOSE THE WINDOW IMMEDIATELY. You should then run a full scan with your antivirus program to ensure that any stray parts of this malware are caught and quarantined.

If you do research on many of these spyware programs you will also find a myriad of sites proclaiming they are the only ones who can rid you of these programs. This is not true and on a personal level I urge you to use great caution as some of these so called wonder cures are as much of a scam as the malware you are trying to remove.

 

Hundreds of Farm Town players have responded on the forum, saying that they have been on the receiving end of the attack – but the worry is that many many more users may not have seen the warning and could have been tricked by the fake anti-virus warnings into infecting their computers or handing over personal information.

It appears that the problem is related to the third-party advertising that Farm Town displays underneath its playing window. In all likelihood, hackers have managed to poison some of the adverts that are being served to Farm Town by the outside advert provider.

 

Such malicious advertising (or malvertising as it is known) has been the vector for other infections in the past, including attacks against the readers of the New York Times and Gizmodo.

 

What makes this attack all the more serious, of course, is the sheer number of people that regularly play Farm Town, and that – in all likelihood – they might not be as tech-savvy as the typical Gizmodo reader, and thus more vulnerable to falling for the hackers’ scam.

 

Rather than SlashKey simply asking its players to report offending adverts when they appear, it might be sensible for the company to disable third-party adverts appearing alongside Farm Town until the problem is fixed.

 

It may not be Farm Town’s fault that a third-party advertising network is serving up malicious ads, but doing anything less is surely showing a careless disregard for the safety of its players.

 

Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software. If you do feel you have to play Farm Town then it might be wise to disable adverts in your browser (for instance, using an add-on such as Adblock Plus on Firefox).

 

By the way, if you are on Facebook and want to keep yourself informed about the latest security news you may want to become a Fan of Sophos on Facebook.

 

 

By Graham Cluley, Sophos

 

 

 

Next Page »