SecurityDaze

Saturday, June 23, 2012

NOT UNEXPECTEDLY, AND MUCH REPEATED

"THERE'S A NEW VIRUS IN TOWN"

The first thing I'd like you to do is look at the MS12-037 bulletin on Microsoft's website [ed. - ah heck, click HERE to go to the page] And here is a brief snippet:

"This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Did you catch all of that? Basically, it takes advantage of a security issue addressed by bulletin MS12-037, and once it does this it downloads malicious files onto your PC. Usually most Anti-Virus/Security firms have their own name for each virus, trojan, or worm they find. Trend Micro's is JS_DLOADER.SMGA, and of course Microsoft issued a patch for this last month, but either it's not working, or, you are ignoring your Microsoft updates. Because they have already proclaimed IE8 "DEAD", you may be more at risk (I'm not sure, but I think they still do IE8 updates), or, download FireFox and start using it. And yes, I can already hear Vista and Win7 users moaning "O-why-O-why-did-I-go-back-to-IE8?", if you recall, it was because you couldn't get IE9 to work on sites you need access to for work, but don't worry, IE9 users are in danger as well.

But I digress....

Once the DLOADER is in place it signals back to a remote server (possibly using the Vulcan "Cloaking Shield") and downloads a .JPG file. Sounds innocent enough right? wrong. In a previous blog post I wrote about how malicious code could be written and hidden even in a .JPG photo. The code in this .JPG contains a BACKDOOR. If you're not familiar with the term, a BACKDOOR on your PC allows another user to communicate, run commands, add more viruses and control your PC via port 80. Did you notice the name of the first infection? See the "JS"? Can you guess what JS stands for? If you said "Java Script" you are correct, and if I recall, it seems like just yesterday when I reminded readers to keep their JAVA (amongst other things) up-2-date. Click on JAVA now and run an update (please).

I didn't start this Blog until January or February, but I've passed the 1,400 views mark without advertising. So to my fearless fans out in the cold and dangerous cybernet, I say "Thank You" for taking time out of our day to read it.

'Nuff Said

The IT Monkey

No comments:

Post a Comment

TOP TEN SECURITY TIPS

1. Verify that your wireless router is secured, has a name that does not indicate either your name or the router manufacturer, has WPS disabled, and the admin password is not the default password.

2. Keep your Anti-Virus up-2-date. If you have Symantec Anti-Virus 2011, purchase 2012, and when 2013 comes out, upgrade to it.

3. Quick scan your PC twice a month with Malwarebytes.

4. Update your Adobe Reader/Flash, and Java, directly from their websites. Do not trust the pop-up that says you have updates to install.

5. When a pop-up jumps onto your screen, if you don't know what it is, close it.

6. Outlook users (not Outlook Express), keep your "Viewing Pane" closed.

7. If your PC becomes infected, turn it off until a tech arrives.

8. Keep your data backed up, either via external USB drives, or an online service like Carbonite.

9. Don't be cheap. Free anti-virus software only protects you to a certain point. Symantec Internet 2012 will let you know if a link is good or bad when doing a search. If you consider the cost of the software vs. expensive and time consuming virus/trojan removal, it's a small price to pay.

10. Don't trust your email - too many emails which appear to be legit, are not.