There is now malware in the wild exploiting the IE flaw as reported here. If you haven’t already followed the suggestions there you should do so now.
Microsoft is going to release a special patch for this exploit. I will update this post when they announce the date of the patch availability.
See http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx
UPDATE: The patch should be released tomorrow January 21st.
UPDATE: The patch is now available on Windows Update!
What is is: A malicious website can be crafted that will allow IE to be compromised and allow code to be executed on your computer.
What is affected: Internet Explorer versions 6, 7 and 8.
What you can do:
- Get the IE patch from WindowsUpdate.
- Run Internet Explorer in protected mode on Vista and Windows7.
- Use a lower access account when browsing the web. Do not log in as administrator.
- Raise the security zone in Internet Explorer to high.
- Use an alternate browser such as Firefox or Opera.
More technical details can be found @ http://www.microsoft.com/technet/security/advisory/979352.mspx
Hot on the heels of the earthquake in Haiti the rogue AV people have once again poisoned Google search. If you are searching for information about the disaster be very careful of the links you click on. Do not download anything that tells you that you have a virus or malware or that your computer is under attack.
Things to watch out for
Users of The Cleaner 2010 are protected from this threat.
I’ve installed new forum software on the website. I am hoping it will be more accessible and usable and easier to manage. The old forum was getting hit hard by spam bots and this new one has better controls. Enjoy it!
The link is http://www.moosoft.com/forum
Well I couldn’t wait! The new site is now live at http://www.moosoft.com
It’s a great improvement over the old site in terms of aesthetics and usability.
The latest Facebook and Zbot run starts with an email like this:
From: Facebook <update+eikyxpuvsr@[].com> To: <> Subject: Facebook Account Update or Facebook Update Tool Dear Facebook user, In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security. Before you are able to use the new login system, you will be required to update your account. Click here to update your account online now. If you have any questions, reference our New User Guide. Thanks, The Facebook Team Update your Facebook account Update This message was intended for <>.
Which leads to to this login phish:
And finally the Zbot delivery:
The latest Zbot campaign claims to be a package of photographs that you need to download and run to see. This is the malware delivery. If you see a site like this you should close it immediately.
The Cleaner 2010 users are protected from this threat. Credit goes to “ISC SIE Security researchers” for finding this new campaign.
There is a third worm in the wild targeting the iPhone. Change the root password if you have a jail broken iPhone before it is too late. There is a tutorial here: http://cydia.saurik.com/password.html
A source who’s seen the worm in the wild tells Macworld that, after compromising the phone, the worm goes on to replace the phone’s copy of the SSH remote login software, changes the root password (so you can’t stop the worm without wiping the phone), skims your SMS database, checks in with its Lithuania-based overlords via the network, and then starts running a piece of software that searches for other vulnerable phones on both the local network and known IP address ranges of specific Internet Service Providers (mostly European).
Read more here
The scam starts with an email that contains a link to the phishing site.
From: Social Security Administration <> To: <> Subject: Review your annual Social Security statement Due to possible calculation errors, your annual Social Security statement may contain errors. Use the link below to review your annual Social Security statement: Review your annual Social Security statement ------------------------------------------------------------------- This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.
If you click the link in the email you are presented with the following web page. This is where they steal your social security number.
Stealing your SS#
After that you are shown this screen. This is where the malware is delivered.
Delivering the malware
If you receive this email like this you should delete it immediately. The malware in this case is called Zbot and is designed to steal bank account information.