Yesterday afternoon about 3pm a number of clients all had Anti-Virus threat detected messages (pictured above).

Some rogue definition updates falsely identified some word documents as being infected with the msword.smtag trojan.

As the first call came in I took it on face value and remotely took over the users PC.

I couldn’t find anything obvious so I quickly installed the SysInternals Process Monitor (Link) to have a good rummage around. Still nothing.

I quarantined the files and submitted them for further investigation with Eset.

Then about 10 minutes later another call comes in from another site with the same problem.

My first thought is false positive, so I quickly call Eset technical support in the UK on 0845 838 0832 and quickly get confirmation of the false positive.

Updated anti-virus definitions would be available shortly so we just had to wait it out.

Link: www.eset.co.uk

Omar Shahine is a Tech Blogger and a Microsoft Employee. I love his blog.

Unfortunately Omar’s is in a bit of a sticky situation at the moment his online identity has been compromised.

Essentially someone has broken into his Hotmail account and he goes into some depth about what he is doing about it.

Now Omar is in a unique position he works for Microsoft. If he cant get to the bottom of this issue then I haven’t clue who could.

So if you keep lots of your life online in the likes of hotmail/google then I suggest you read all about his experience on the link below, just for preparedness if nothing else. Also check the comments for additional info and tips.

Link: http://www.shahine.com/omar/WhatWillYouDoWhenItHappensToYou.aspx

My tips are for your online silos

1) Keep very little online

Example: if you order goods online why not print the receipt to PDF and store the PDF on your local computer and delete the one in your online mailbox.

2) Change your password often.

Example: Use a combination of letters and numbers

3) Check your account frequently for signs of tampering

Example: an email request to reset passwords etc.

4) Be very wary of public access computers like in Internet Cafe’s for example.

If you have other helpful tips please use the comments.

I have seen the above dialogue box twice in the last week and it just creeps me out.

I cant think of any good legitimate reason a Website should have access to my local clipboard.

After doing some reading on this apparently IE7 can sometimes set this off in error and you can turn it off, however I would rather be bothered with false positives than not know what a particular Website is doing to my computer.

There are a number of Websites on the web designed specifically to try install Malware/Spyware on your computer or worse steal confidential information like usernames and passwords.

The number of these sites is growing.

In the bad old days Viruses\Malware\Spyware travelled by e-mail but in 2008 you are more likely to get hit by visiting a Website.

Tip: If you have any doubts about a particular Website, exercise caution move on and try another one.

Things to Avoid: Sites that try and install software.

The above prompt is trying to install an ActiveX Control. An ActiveX Control is like software that installs in your web browser.

Tip: In some cases you may need to install an ActiveX control to access some feature of the site but only accept those you *REALLY* need. Clicking yes  blindly to everything is asking for trouble.

On the link below is a well written but slightly old article on Malware.

Link: http://arstechnica.com/articles/paedia/malware.ars/1

One of the December 2007 security updates from Microsoft can cause IE6 to crash if you are running on Windows XP SP2.

**Update 21/12/2007: A Fix has been issued (<<Click)

From the source:-

After downloading the Internet Explorer Cumulative Security Update for December 2007, some customers using IE6 on Windows XP Service Pack 2 have experienced an unexpected crash or hang upon launching Internet Explorer.

This might occur while navigating to a website hosting considerable media content (for example: http://msn.com) resulting in Internet Explorer displaying a dialogue that states “Internet Explorer has experienced a problem and needs to close”. If you experience this issue, implement the applicable workaround provided in the following knowledge base article:

• Microsoft Knowledge Base article 946627

For your security, we strongly recommend that you deploy the Internet Explorer Cumulative Security Update for December 2007.

Terry McCoy
Program Manager
Internet Explorer Security

Link: post-install-issues-with-ms07-069-ie6-on-xpsp2.aspx

Registry Fix: http://support.microsoft.com/kb/946627

____________________

Dear Microsoft

A few things

1) If one of your updates causes problems, would it not be prudent to remove it, fix it and replace it.

2) Expecting end users to carry out a complex registry modification to fix a problem you created is beyond a joke.

3) I am confused about Terry’s Post. He says “We have known problems with MS07-069, but we recommend you install it”.

Social Comment: The blogs are wild today with how IE8 has passed the acid test

Link: Internet Explorer 8 and Acid2- A Milestone

IE8 has an installed base of zero, IE6 is still used by tens of millions. Go back to the well and fix the plumbing.

Your friend in Tech

Colin

Yesterday Alistair Darling announced that two CD’s containing the details of 25m people on the child benefit database had gone missing in October 2007.

The reason this is headline news is that based on the basic information contained on the CD’s:-

Name, Address, Date of Birth, National Insurance Number, Children’s names, their Date of Birth, Bank details like sort code and account number etc.

A semi-skilled social engineer could probably work out about 25% of the passwords used for things like banking.

Currently no one knows the location of the missing CD’s

So what should you do

1) Review any “passwords” you use based on your child’s name or date of birth.

2) Check your bank account statements regularly.

3) Beware of any communication asking for additional information about any “accounts” you may have.

Tip: There will be a wave of email and web scams on the back of this, example: “After the recent data loss we now need you to confirm x and y with us.

DO NOT GIVE OUT ANY INFORMATION TO ANYONE, PARTICULARLY ONLINE or BY EMAIL.

4) Watch your junk mail for signs on new activity like a flood of offers etc.

Here is a better fleshed out Q and A on this topic.

Link: http://news.bbc.co.uk/1/hi/uk_politics/7103828.stm

Here are some links about this story:-

http://news.google.co.uk/nwshp?oe=UTF-8&hl=en&tab=wn&ncl=1123877007

If you are confused about what identity theft is go here:-

http://www.identitytheft.org.uk/protect-yourself.htm

Stay Safe.