…in a word YES, if you know how.

Go into any Starbucks, or similar, coffee shop on a busy day and you will notice many folks sitting down with their laptops and Netbooks using the free (usualy) WiFi.

It is truly scary to think how many of those laptops I could easily invade whilst sitting there myself, armed only with a Windows laptop and some free software available for download via the Internet.

Or, another scenario is driving through a town/city looking for businesses with wireless networks that are either unsecured or poorly secured.

Perhaps even sitting in a hotel room all day connected to the free WiFi and slipping in and out of other folks laptops.

Wireless networks are everywhere today, even many homes now have them…. and yet I see SO MANY that can easily be hacked into and sensitive data such as passwords to online banking stolen.

I am not trying to be alarmist here, just trying to provide a wake up to the home user/small business user who are basically targets waiting to be found by cyber criminals!

Did you know anyone can learn enough skills to become a half-decent cyber criminal just by spending a day on YouTube.com ?

Don’t believe me? …just look at some of these Video titles:

# Hacking WiFi Passwords with Cowpatty…

# Vista Security Hacks…

# How to Steal WPA-PSK keys…

# Bypass Local Windows Logins with a Kernel Modifying Boot CD…

# Bypass Your Corporate or University Firewalls…

# WiFi Packet Sniffing…

# Intercepting Passwords on a Network…

# Cracking Wireless Passwords…

# How to Hack a Friends Computer…

# How to Steal Data from WiFi Connected Laptops in a Coffee Shop…

# Making Money by Infecting Internet PCs with Malware…

…and yet many security threats can be limited just by knowing a few simple steps.

There are many websites that can help you just Google some security terms and then read through the many pages. Or, you could grab my latest guide aimed at helping Windows PC users to NOT becoming a victim of CyberCrime: PC Security Bootcamp.

Kind Regards

Marc Liron – Microsoft MVP

At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.

Nearly every digital copier built since 2002 contains a hard drive – like the one on your personal computer – storing an image of every document copied, scanned, or emailed by the machine.

In the process, it’s turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.

If you’re in the identity theft business it seems this would be a pot of gold.

“The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms,” John Juntunen said, “that information would be very valuable.”

All the major manufacturers offer security or encryption packages on their products. One product from Sharp automatically erases an image from the hard drive. It costs $500.

But evidence keeps piling up in warehouses that many businesses are unwilling to pay for such protection, and that the average American is completely unaware of the dangers posed by digital copiers.

…watch this short but shocking report:

Click here to view the embedded video.

.

Marc liron – Microsoft MVP

A new survey on the state of internet security has found a large increase in malware and suggested that a new PC is infected every 4.6 seconds.

The Symantec report, which covers 2009, highlighted a number of trends across the year, one of which is the shift in malicious activity to emerging countries.

Another major trend was the increase in availability of DIY toolkits such as Zeus that allowed novice hackers to carry out cyber crime.

Overall the United States was the country with the highest levels of malicious activity. The UK came sixth in the chart, down from fourth place the year before.

Click here to view the embedded video.

Kind Regards

Marc Liron – Microsoft MVP

Web hosting company Network Solutions LLC has had a bad month for security this April 2010.

At the start of the month some of their customers who were running WordPress blogs started noticing that visitors to their sites were being redirected to a website that then infected their PCs with malware!

Sadly, the company tried to explain it as an issue with WordPress and try an deflect any questions away from their own security setup.

It later became apparent that Network Solutions LLC had a poor security configuration on one of their servers and that allowed people on the same box to read each others’ configuration files – YIKES!

…essentially that meant the person that did this, just setup an account with the company and was then able to “scan” other customers WordPress files and insert the code for the malware URL redirect.

(If you want some basic security advice for WordPress blogs then I have a section in my new Security Guide that walks through this important topic.)

The second security problem Network Solutions LLC have had this month is some customers having code added to their websites! Here is a quote from their support blog:

“We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience. At this time since anything we say in public may help the perpetrators, we are unable to provide details. It may not be accurate to categorize this as a  single issue such as “file permissions”. Please know that we have all hands on deck fighting this new internet threat and investigating the cause.”

…well this clearly shows, in their rather cryptic language, that this is NOT another WordPress iframe injection issue.

So what is it?  …well the company are not saying at the moment.

When it comes to selecting a webhost for your hosting needs, i suggest you do some research in the search engines first to read any stories like this one.

Regards

Marc Liron – Microsoft MVP

An interview with David Lang, Dells program manager for federal security. David talks about Dells joining of the Cloud Security Alliance (CSA) at the end of last year and how he addresses questions around cloud security and what type of environments you find in federal space.

Click here to view the embedded video.

Kind Regards

Marc Liron – Microsoft MVP

Critical vulnerabilities have been identified in Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh.

These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. This update represents the second quarterly security update for Adobe Reader and Acrobat.

Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4.

For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX.

Affected software versions:

- Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh, and UNIX

- Adobe Acrobat 9.1.3 and earlier versions for Windows and Macintosh

Solution:

- Adobe Reader

Adobe Reader users on Windows can find the appropriate update here:

http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

- Acrobat

Acrobat Standard and Pro users on Windows can find the appropriate update here:

http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Acrobat Pro Extended users on Windows can find the appropriate update here:

http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows

Acrobat 3D users on Windows can find the appropriate update here:

http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows

Severity Rating:

Adobe categorizes this as a critical update.

NOTE:

There are reports that this issue is being exploited in the wild, via limited, targeted attacks.

This update resolves a memory corruption issue that could potentially lead to code execution.

This update resolves multiple heap overflow vulnerabilities that could potentially lead to code execution.

This update resolves an invalid array index issue that could potentially lead to code execution.

Regards

Marc Liron – Microsoft MVP

Microsoft today released a series of patches to cover security issues in the Windows operating system and Office.

Here are the details on this month’s critical bulletins:

MS09-050 – Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)

This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

MS09-051 – Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)

This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-052 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)

This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-054 – Cumulative Security Update for Internet Explorer (974455)

This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability – CVE-2009-2529.

MS09-055 – Cumulative Security Update of ActiveX Kill Bits (973525)

This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-060 – Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-061 – Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.

MS09-062 – Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-053 – Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

MS09-056 – Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)

This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.

MS09-057 – Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-058 -  Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)

This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

MS09-059 – Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

If your PC is not already set to automatically download and install the updates from the Microsoft Update service you can perform the task manually here.

Kind Regards

Marc Liron – Microsoft MVP

FBI Director Robert Mueller tells how he almost fell for a phishing scam.

The lesson here is NEVER click on emails sent to you from a bank or any other financial organization. Open up your Internet Explorer 8 and manually type in the URL to go to the website. If the email was claiming you needed to reset your password etc. PHONE your bank and ask them if they actually sent the email – I’ll bet they did not. Banks WRITE to you about these things!

Make sure you have an upto date antispyware/anti-virus solution on the PC such as :

http://www.updatexp.com/spyware-doctor-antivirus.html

Click here to view the embedded video.

.

Regards

Marc Liron – Microsoft MVP

.

Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.

Here are the details on this month’s critical bulletins:

MS09-045: A remote code execution vulnerability exists in the way that the JScript scripting engine processes scripts in Web pages. The vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running a specially crafted script.  When the JScript scripting engine attempts to load the decoded script into memory in order to run it, a memory corruption can occur that may either cause Internet Explorer to stop responding, or lead to code execution. This flaw affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

MS09-046: A remote code execution vulnerability exists in the DHTML Editing Component ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When the Microsoft DHTML Editing Component ActiveX Control is instantiated in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code.  This update is rated “critical” for all supported editions of Microsoft Windows 2000 and Windows XP and Moderate for all supported editions of Windows Server 2003.

MS09-047: This bulletin includes fixes for two different vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file.  A malicious hacker could use booby-trapped MP3 of ASF files to launch code execution attacks. The update is rated critical for Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Microsoft Media Foundation, Windows Media Services 9.1, and Windows Media Services 2008.

MS09-049: Covers a serious vulnerability in the Windows Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.  The vulnerability is caused by lack of validation of part of a specific malformed frame transmitted by a remote wireless transmitter. This could lead to a heap overflow situation that may result in arbitrary code execution.

MS09-048: This update patches three different vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service.  Microsoft suggests that businesses use firewall best practices and standard default firewall configurations to help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

If your PC is not already set to automatically download and install the updates from the Microsoft Update service you can perform the task manually here.

Kind Regards

Marc Liron – Microsoft MVP

Microsoft released a series of security updates for Windows and Office on August 11th 2009.

The following is a summary of these security updates.

If you have not already received these updates on your computer via Automatic Updates then manually install them by visiting the Microsoft Update website using Internet Explorer.

August 2009 Windows and Office Security Updates

Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (KB957638)

Maximum Severity Rating: Critical

This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Office XP & 2003, Microsoft Visual Studio 2003 SP1, Microsoft ISA Server 2004 & 2006, Microsoft BizTalk Server 2002, Small Business Accounting 2006

—-

Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (KB970927)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows (All Versions), Microsoft Server 2008, Remote Desktop Connection Client for Mac

—-

Vulnerabilities in WINS Could Allow Remote Code Execution (KB969883)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

Affected Software: Microsoft Windows 2000 SP4, Windows Server 2003 SP2

—-

Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (KB971557)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 2000 SP4, Windows Server 2003 SP2

—-

Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (KB973908)

Maximum Severity Rating: Critical

This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 200 SP4, Windows XP SP2 & SP3, Windows Vista SP1 & SP2, Windows Server 2003 SP2 & 2008

—-

Vulnerability in Workstation Service Could Allow Elevation of Privilege (KB971657)

Maximum Severity Rating: Important

This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

Affected Software: Windows XP SP2 & SP3, Windows Vista SP1 & SP2, Windows Server 2003 SP2 & 2008

—-

Vulnerability in Message Queuing Could Allow Elevation of Privilege (KB971032)

Maximum Severity Rating: Important

This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

Affected Software: Windows XP SP2, Windows Vista, Windows Server 2003 SP2

—-

Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (KB970957)

Maximum Severity Rating: Important

This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.

Affected Software: Windows Vista and Vista SP1, Windows Server 2008

* Because IIS 7.0 does not run on Windows Vista Starter and Windows Vista Home Basic, the following editions are not affected: Windows Vista Starter (32-bit), Windows Vista Home Basic (32-bit), and Windows Vista Home Basic (64-bit).

—-

Vulnerability in Telnet Could Allow Remote Code Execution (KB960859)

Maximum Severity Rating: Important

This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 200 SP4, Windows XP SP2 & XP SP3, Windows Vista and Vista SP1, Windows Server 2003 SP2, Windows Server 2008

—-

Trojans accounted for 70 percent of the new malware detected during the second quarter of 2009

This type of malware was also responsible for over a third of all infections between April and June. The Downloader.MDW Trojan was the most active strain of malware during this period.

Trojans accounted for 70 percent of all new malware between April and June 2009, according to data compiled in the latest  PandaLabs Quarterly Report.

One of the most notable findings of the report is the 6.25% drop in spyware, which now represents just 6.9% of all new malware. In contrast, adware rose dramatically over this period, from 7.54 percent in the previous quarter to 16.37 percent. This is largely due to the increase in fake antivirus applications, a type of adware that passes itself off as a legitimate security solution. As for worms, their percentage has also risen slightly, now accounting for 4.4 percent of all malware.

Trojans were also responsible for more infections than any other type of malware over this period. This type of malware was behind 34.37 percent of all infections detected by PandaLabs, an increase of 2.86 percent with respect to the previous quarter. Adware infection levels remained stable, accounting for 19.62 percent of the total. Worms increased slightly (0.89%), staying in the picture due largely to the effectiveness with which they spread.

Dialers, at 4.48%, stubbornly refused to disappear despite the overriding trend for broadband instead of dial-up connections.

In terms of specific strains of malware, the number one ranked specimen between April and June 2009 was Downloader.MDW, a Trojan designed to download other malware on to computers. The Virtumonde spyware and Rebooter.J Trojan were also among the malicious codes that caused most infections.

When broken down geographically, Taiwan continues to top the list with 33.63 percent of computers infected with active malware. Turkey and Poland come next, with just under 30 percent. Three Scandinavian countries, Sweden (14.2%), Norway (12.48%) and Finland (12.17%), are the countries with the lowest number of computers infected by active malware during the first half of 2009.

Malicious use of Twitter

A worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users. It then infected the new user’s profile to continue propagating. New variants appeared, and finally the creator’s identity was revealed: one Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using different techniques, above all BlackHat SEO. Twitter has a feature called “Trending Topics”, which is a list of the most popular topics that appears in the interface of all Twitter users. When users select a topic through this feature, they will see all ‘tweets’ published related to this issue. In this case, malicious users were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded. The first attack focused on just one of the topics, but just a few days later the scope of the attack increased and all popular topics contained malicious links. When the actor David Carradine died, in just a few hours there were hundreds of malicious tweets, and the same occurred with other popular issues on Twitter.

Panda Security Software:

Panda Security Anti-Virus Products

.

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

The sixth video of the report is now available – join Tim Rains (Microsoft Trustworth Computing) and Vinny Gullotto (Microsoft Malware Protection Center) in this informative video on security:

Click here to view the embedded video.

Regards

Marc Liron – Microsoft MVP

CRITICAL vulnerabilities have been identified in Adobe Reader 9.0 and Acrobat 9.0 and earlier versions.

These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that one of these issues is being exploited!

# Adobe recommends users of Adobe Reader and Acrobat 9.0 update to Adobe Reader 9.1 and Acrobat 9.1.

# Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1.

For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.

Users who have previously updated to Adobe Reader 9.1 and Acrobat 9.1 for Windows and Macintosh need not take any action.

As of March 24, Adobe has also made available the Adobe Reader 9.1 and Adobe Reader 8.1.4 updates for Unix.

Adobe recommends Adobe Reader users update to Adobe Reader 9.1, available here:

http://get.adobe.com/reader/

Users with Adobe Reader 7.0 through 8.1.3, who can’t update to Adobe Reader 9.1, should update to Adobe Reader 8.1.4 or Adobe Reader 7.1.1, available from one of the following links:

http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix

If have NOT done so already then upgrade NOW!

Regards

Marc Liron – Microsoft MVP
.

A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities have been addressed in this update.

Adobe recommends users update to the most current version of Flash Player available for their platform.

Affected software versions:

Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3 and earlier for Linux)

To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link.

Severity rating:

Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.22.87.

Make sure you update TODAY!

Regards

Marc Liron – Microsoft MVP

.