Tuesday, February 24, 2009

Microsoft Security Advisory (968272)

Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution

Microsoft is currently investigating this vulnerability and as yet have not released a patch but does offer workarounds their Microsoft Security Advisory (968272) page.

Sunday, December 14, 2008

Rogue Security Software

What is rogue security software?

Rogue security (anti-virus, anti-malware) software is fake software, designed to scare you into believing that your computer is infected and to entice you to buy the product for removal of said infections.

Most rogue security programs appear professionally designed and often mimic some portion of Microsoft's Security Center or other real security products. They perform fake scans of your computer which when completed informs you that you're infected with malware and myriad pop-up alerts of infection. They are supposedly trial versions of the product and the purchase of the full version is necessary for removal of the infections.

The list of infections generated by the rogue software are fake as well as the protection offered by the software. The only real things that do happen is that your computer is definitely infected now, your credit card gets billed, and some bad guy now has your credit card number.

Methods of Infection

The purveyors of these products use all available means to get their products to you, ranging from spam e-mail containing malicious links, web advertisements, silent install by visiting a website, operating system/web browser exploits, video codec downloads or even by your already infected computer (trojan downloader, dropper) that downloads the software.

Generally though, a visit to a legitimate but compromised website occurs and will invoke a Windows dialog stating that your computer is infected and by clicking on "Ok" you are directed to the products website where a free scan is offered and if accepted the download begins. Sometimes even clicking on cancel or the X will initiate the download as well; to be safe use ALT+F4 to close the dialog.

Best Practices - Protection against rogue security software

  • Keep both your operating system and web browser patched and up-to-date.
  • Install and keep up-to-date anti-malware software from only trusted and reputable companies/websites (actual vendor's website or download.com).
  • Ignore and delete spam - never click on an spam email link or open attachments.
  • Avoid P2P file sharing or other downloads that may be bundled with other malware.
  • Exercise caution when clicking on IM links.
  • Consider carefully how strong your desire is to view a video before downloading a supposed codec.

    Tip: Reputable websites like YouTube or CNN will not require you to download a codec because they use standard technologies so that everyone can browse their content. Another good idea is to always have the latest version of Flash installed so that you won't be tricked into the "You need the latest version of Flash to view the video" trick.

  • Consider installing a site advisor or link checker such as Finjan Secure Browsing, McAfee SiteAdvisor or Web Of Trust (WOT).
  • Think before clicking on that web advertisement offering a "Free Scan", and be cautious of paid or sponsored advertisements on search engine result pages when searching for security software.
  • Remember to close security pop-ups with ALT+F4 or through Task Manager.

Examples of Rogue Security Software

Here are some photos of different rogue software that have been detected recently by researchers at Sunbelt Software's malware research labs.


According to Sophos Labs, they encounter 5 new fake anti-malware vendor websites everyday, here is one such example:

Saturday, December 13, 2008

Re-thinking Password Managers

Using your web browser's built-in Password Manager can be a real life saver when it comes to remembering all your passwords but how secure is this feature?

Not very, according to the testing done by Chapin Information Services, Inc. The password managers of both Google Chrome and Safari scored the lowest while Opera and Firefox tied for the highest. Scoring the highest shouldn't really instill much confidence though, out of the 21 tests performed both Opera and Firefox only succeeded in passing 7. Google Chrome and Safari passed only 2, and Internet Explorer passed 5. Read the entire article for a better understanding of the Web Browser Password Manager tests performed.

With the top two browser's Password Managers leaving seventeen vulnerabilities open to the safekeeping of our passwords, that is reason enough to re-think their usage.