Sophos has posted a new blog entry about a bogus contractual agreement. The email contain a zip file attachment and the author, SKM, notes that the file inside the zip file is an executable file and it is also a malware. It is identified as Troj/Agent-HLV.

The blog entry contains an example of what the agreement looks like. It consists of two paragraphs and it tells the reader that the sender prepared a contract and added some paragraphs that the receiver requested in the contract. The sender also tells the reader that they are ready to make a payment for the first consignment.

Source: Sophos

An email which contains an attachment with a filename of dontopen.exe has been received by Sophos. When the user runs the executable file, it will display a message and it will shut off the computer of the user in 60 seconds according to Sophos.

The display says, “This system is shutting down. Please save all work in progress and  log off. Any unsaved changes will be lost.” It also has another sentence but the article covered the last word.

The file was identified as Troj/Shutdown-I. A screenshot of the message was included in the article. The author notes that they the clock back so it does not say 60 seconds in the screenshot.

Source: Sophos

Anti-Malware toolkit is a free, portable application designed to bulk download the most recent versions of the tools we use for malware removal and put them in a designated directory (such as your USB thumb drive). Just tick the boxes of the software you want and press Download.

It has options to download the following software as the main malware removal applications:
SpywareBlaster, CCleaner, RogueRemover Free, SUPERAntiSpyware, Malwarebytes Anti-Malware, Spybot S&D, HijackThis

It also has the option to download the most recent definitions for Malwarebytes Anti-Malware and Spybot S&D. The software then has a “Recommended” section that gives you the option to download Firefox, Opera, Thunderbird, Avast, AntiVir, Comodo Firewall Pro and UPHClean.

It also provides the option to download a handful of common repair utilities such as Dial-a-fix, JavaRa, Autoruns, Process Explorer, Unlocker, LSPFix and Windows Installer Cleanup.

This is a handy tool to keep the installers on your USB Drive up to date.
Read the rest of this entry »

An XSS filter will be included on Internet Explorer version 8 according to an article from The Register.

The engineers will make sure that the filter will not slow down the browser or choke on false positives. “It is challenging to mitigate XSS in a way that balances the needs of compatibility, security, and performance,” writes David Ross who is a Microsoft Security Vulnerability Research & Defense blogger.

Giorgio Maone who is the creator of a Firefox plugin called NoScript told The Register that, “If you deploy a security feature already knowing how to work-around it, I think it’s more security theater than anything else.”

Source: The Register

According to various tech sites, approximately  35% of new computers downgrade to Windows XP from Windows Vista.

The downgrade occurs either at the factory or the buyer downgrades the system by himself or herself. The study is based on the past six months and on over 3,000 PCs.

Bill Lindner, a writer at infopackets.com notes that “it would be interesting to see a more thorough examination performed.”

The downgrade option is available to those who purchase a Windows Vista Business and Vista Ultimate operating system as well as Vista Enterprise OS.

Source: Infopackets

A poster on the Technibble forums recently mentioned that his client wanted him to provide and install pirate software onto their computer. He also mentioned that in his part of the world (the middle east) that pirate software is very common and readily available.

He asked our community whether he was handicapping his business by hesitating to provide pirate software when all the other technicians were doing it. It was a good question with a simple answer.
Read the rest of this entry »

Sophos has detected two types of scams recently. The first one is about an ecard and the second one is about Russian Brides.

The ecard scam lets the user know that someone sent them an ecard with a “dear friend” message included in the ‘To’ field of the address. It contains a link to a site that ends with a .exe extension. Sophos notes that it is Troj/Meredr-Gen.

The Russian Bride email lets the user know that he (the sender) is sending a letter to his bride (supposedly the user). He wants you to send money and there is also an attachment which is the same type of file as the attachment in the ecard spam.

Source: Sophos

Users who are using Windows Vista with Service Pack 1 as well as Windows XP with Service Pack 2 are affected by a flaw that has been discovered recently on Apple’s multimedia viewer, QuickTime.

If a user opens a malicious file, a hacker could take full control of his or her computer according to Petko D. Petkov.

He said, “I highly doubt that anyone knows how to exploit this vulnerability. I haven’t shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there.”

Source: COMPUTERWORLD

Those who want to watch the online coverage of NBC of the 2008 summer olympic games needs to have Silverlight 2, a video player, installed on their computer. Unfortunately, old Mac systems such as iMacs, iBooks, Mac minis and PowerBooks do not have the capability to run the video player according to an L.A. Times blog. This is the same case on a computer which is running a Linux operating system.

The article includes a list of the player’s features which includes a picture-in-picture thumbnail and the ability to stream four events at once.

If a user attempts to stream a video, he or she will be greeted with a screen which lists technical requirements about the video player.

Source: Information Week

Many people are reporting in various forums about a flaw on the clipboard function of operating systems.

The flaw is that when a user surfs to a seemingly legitimate site, a malicious link is copied to the clipboard of his computer. There is no way to get rid of it according to The Register unless the user reboots his or her computer.

A blog called Spyware Sucks notes that this flaw is based on an Adobe Flash code.

The users who made reports say that they are using Firefox with either a Mac OS X or Windows operating system.

Source: The Register