Microsoft have released an additional Patch to plug some vulnerabilities in Internet Explorer 7.0

I am not sure if this is a slow news day in the Internet Security world but lets assume this is serious and go grab the patch.

Tip: It requires a reboot.

If your Windows PC isn’t set for automatic updates then browse to www.windowsupdate.com to get it.

I am noticing a trend that Spyware/Malware attacks are making a comeback and are getting more sophisticated.

In the good old days Spam e-mail used to be just advertising but increasingly that innocuous looking spam e-mail has other ideas.

It can be one or more of the following:-

Malware: Malicious software designed to get on your PC without your knowledge.

Spyware: They steal your passwords via keystrokes that are sent back to the spyware author.

Virus: Designed to cause harm to your computer.

Phishing: Designed to get you to impart privileged information.

Problem Area’s

Internet Surfing: The number of malicious or infected web sites is in the millions. You can no longer just click, click on every link you see.

Tip: Make sure you have your Phishing Filter on and have up to date Anti-Virus Software running.

Inbox: Even with good Anti-Spam defences Spam e-mail gets through about one third will have a link to something bad.

Tip: Don’t even get curious with suspect e-mails and click links just to see. Delete, Delete and Delete.

Stay Safe online Link: http://news.bbc.co.uk/1/hi/technology/5414992.stm

Finding the real news in today’s media is getting more complicated.

This is extends to tech reporting.

Check these 597 news articles about UK ISP’s sending out warning letters to music file sharers.

Link: all 579 news articles »

Check out these 299 news articles about a DNS flaw that puts every Internet user at risk.

Link: all 299 news articles »

One of these stories is important…

What is DNS? Link: http://en.wikipedia.org/wiki/Domain_Name_System

It turns names like  www.mysitewhatever.com into an ip address example 111.222.121.12

The DNS exploit allows hackers to divert your web traffic to another site without you knowing.

So you may think your on www.mybank.co.uk but you could be invisibly re-directed to a site the hackers set up to capture your data.

Typically your ISP needs to patch/update their own DNS servers as you use these to route your web traffic around the Internet.

So how do you know if you are vulnerable?

Tech Tip:

There is a DNS checker on this site (http://www.doxpara.com/)

Look for this in the right hand side of the page.

or

On this really useful site  (http://www.dnsstuff.com/)

Look for this at the bottom left:

If you find your are vulnerable send an e-mail to you ISP asking when they will patch their DNS servers to protect you.

In the mean time be extra careful. Oh and stop downloading music.

The mobile phone company O2 had to shut down their web based MMS viewing web site.

If an o2 customer received an MMS (picture or video) and did not have a MMS capable phone O2 would host the content (picture or video) on their web site.

However it would appear for some of this content Google was able to search and index the supposedly private content and it was publicly viewable by doing a Google search.

The viewing  Web site has now been taken offline to protect customers privacy.

To make matters worse the contact details of the sender and recipient were also exposed.

Link: http://news.google.co.uk/nwshp?tab=wn&ned=uk&ncl=1228737394&hl=en&topic=t

Update 24/07/2008 – Nod32 Now Identifies this – See bottom of post.

—

Several clients were targeted with e-mails that contained .zip files.

The contents of which were crafted to look like legitimate e-mails from UPS with invoices attached (see above).

Inside the .zip file was an executable file disguised as a Microsoft Word document (see above). That is a fake icon. The file is really called ups_invoice.exe

You can even scan the .exe file with Anti-Virus software in my case the latest Business Edition of Nod32 and it will not be detected.

I even submitted the .exe file to eset and they said:-

“The file is corrupt and thus non-functional. As such, it should not be detected as it does not pose any risk” [TRACK#4884AA4D0007]

That is a complete load of rubbish, I took the same file and managed to infect my test bed XP machine running the latest version of Nod32.

So you really are at the mercy of the end user doing the right thing and not opening unsolicited attachments.

It would appear to be able to defeat the End Users Anti-Virus by connecting to the Internet to download the payload and sneaking itself onto your computer. The end user is complicit in this, they have to run the infected file. As you can see from the shots above this has been cleverly engineered to be difficult to spot.

With up to date Anti-Virus software not being able to detect the original .exe file it really is open season.

Tech Tip: If you are worried users might get caught out then ban .zip files if you can.

More details here: http://pandalabs.pandasecurity.com/archive/Fake-UPS-Invoice-Email.aspx

Updated 24/07/2008

I just get the impression the AV companies were caught napping on this one.

But the good news is those pesky attachments are now being identified.