The first thing I'd like you to do is look at the MS12-037 bulletin on Microsoft's website [ed. - ah heck, click HERE to go to the page] And here is a brief snippet:
"This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Did you catch all of that? Basically, it takes advantage of a security issue addressed by bulletin MS12-037, and once it does this it downloads malicious files onto your PC. Usually most Anti-Virus/Security firms have their own name for each virus, trojan, or worm they find. Trend Micro's is JS_DLOADER.SMGA, and of course Microsoft issued a patch for this last month, but either it's not working, or, you are ignoring your Microsoft updates. Because they have already proclaimed IE8 "DEAD", you may be more at risk (I'm not sure, but I think they still do IE8 updates), or, download FireFox and start using it. And yes, I can already hear Vista and Win7 users moaning "O-why-O-why-did-I-go-back-to-IE8?", if you recall, it was because you couldn't get IE9 to work on sites you need access to for work, but don't worry, IE9 users are in danger as well.
But I digress....
Once the DLOADER is in place it signals back to a remote server (possibly using the Vulcan "Cloaking Shield") and downloads a .JPG file. Sounds innocent enough right? wrong. In a previous blog post I wrote about how malicious code could be written and hidden even in a .JPG photo. The code in this .JPG contains a BACKDOOR. If you're not familiar with the term, a BACKDOOR on your PC allows another user to communicate, run commands, add more viruses and control your PC via port 80. Did you notice the name of the first infection? See the "JS"? Can you guess what JS stands for? If you said "Java Script" you are correct, and if I recall, it seems like just yesterday when I reminded readers to keep their JAVA (amongst other things) up-2-date. Click on JAVA now and run an update (please).
I didn't start this Blog until January or February, but I've passed the 1,400 views mark without advertising. So to my fearless fans out in the cold and dangerous cybernet, I say "Thank You" for taking time out of our day to read it.
'Nuff Said
No comments:
Post a Comment