jump to navigation

More Updates… March 6, 2009

Posted by Mike in End User Computing.
Tags: , , ,
comments closed

It’s becoming so common it may get overlooked, but keep an eye out for another update for your operating system. In this case, Microsoft will be releasing three patches, one of which is critical.

Thanks to The Channel Web for blogging about it. The full article can be found here: http://www.crn.com/security/215800860

Microsoft plans to release a total of three security updates for Windows Tuesday, repairing at least one critical vulnerability that enables remote hackers to execute malicious code on users’ PCs.
One of the patches included in Microsoft’s March security bulletin, set for release Tuesday, addresses a critical Windows error that allows attackers to execute arbitrary code, usually without any user intervention, according to the software company’s advanced notification posting.

Microsoft Smartphone?? February 6, 2009

Posted by Mike in End User Computing.
Tags: , , ,
comments closed

Be careful of the Downadup virus January 22, 2009

Posted by Mike in End User Computing.
Tags: , , , , , , ,
comments closed

Yes, there’s another virus out there. 

January 21, 2009 (Computerworld) The computer worm responsible for the biggest attack in years has infected at least one out of every 16 PCs worldwide, a security company said today, and it may have managed to compromise as many as nearly one in three.

According to Panda Security, almost 6% of the Windows systems scanned with its antivirus technology were found to be infected with “Downadup,” a worm that began aggressive attacks just over a week ago.

 

Some quick facts about the virus:

A computer can be infected by possible three means:
1) if not patched with the latest security updates (in this case if MS08-67 vulnerability is not patched), by an already infected computer in the local network
2) if the administrator account of the computer has a weak password (brute force dictionary attack against administrator password is used)
3) if the computer has the Autoplay feature enabled and an infected mapped/removable drive stick is attached.

Once gained execution this worm does the following actions:
* hooks NtQueryInformationProcess from ntdll.dll inside the running process
* creates a named Mutex based on the computer name
* injects intself into one of the following processes:
          * explorer.exe
          * svchost.exe

Here’s the full story from http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126482&intsrc=hm_list