So You Want A Free Version Of Windows Vista?

There is a counterfit version of VISTA, Microsoft's latest Operation System making the rounds. If you really really believe in the fact you can always get something for free, then you are more naieve than I thought. Since I am a strong advocate of stopping counterfieting and illega downloading of apps, music, video or anything else, I am more than happy to see that playing with fire get's you burned. I do not tolerate for a minute the distribution of trojans, viril infections and other malware, I feel very little sympathy for anyone snagged up in a trap of some kind.

From The Register is reporting:

A week after Windows Vista's official launch hackers have devised their first attack, targeting pirates trying to install illegal copies of Microsoft's operating system.

A supposed Windows Vista crack called Windows Vista All Versions Activation 21.11.06 is reportedly doing the rounds, offering those tempted by the chance of sticking it to Microsoft the ability to install illegal versions of Windows Vista.

However, the software is not a Windows Vista crack and pirates get something they didn't expect - installation of a Trojan called PSW.Win32.LdPinch.aze - something with a "high" threat level. Read on....

The threat level for this trojan has been rated HIGH by Sunbelt's Counter Spy Research Center, and Low-Profiled by McAfee's AVERT Labs

So there you have it. If you wish to play russian roullette with your P.C. believing you can get something for nothing go for it and enjoy those consequences which means planting of a password stealing trojan designed to send the local passwords to the trojan author.you didn't expect.

This trojan goes by several aliases depending on the AV program you use:

* Infostealer.Ldpinch (Symantec)

* Trojan-PSW.Win32.LdPinch.aze ( Kaspersky )

* TSPY_LDPINCH.KI (Trend Micro)

Internet Explorer 7 Released

Microsoft has released its' new version of Internet Explorer, and is available for download at the Internet Explorer 7 website. I was considering not installing 7 for a few weeks, but since I have Firefox also installed, I decided to download and install it now so I could report to you instructions, reported bugs, and my general overall opinion of it.

Tech Web is reporting that the update will also be issued using automatic update if you have it enabled.

The most controversial aspect of IE 7 has been Microsoft's decision to push the update to all users who have Automatic Updates enabled. Although users can reject IE 7 -- and continue using their current edition of Internet Explorer -- Microsoft will begin rolling out the browser as a "High priority" update next month. In July, when Microsoft offered up a toolkit to indefinitely postpone IE 7's installation, it justified using Automatic Updates, a mechanism for providing patches to Windows, because of the new browser's security implications.

The IE 7 update will not be added to the monthly security patch delivery, scheduled for Nov. 14. Margaret Cobb, the IE7 group product manager for the browser, has promised "We won't do it on Patch Tuesday."

The first thing I would like to offer you are some tips to do before you decide to update. For that I will turn to my friend Corrine who is a Microsoft MVP. I would urge you to take advantage of the expert advice she offers on her blog Security Garden. She has also posted a release announcement HERE.

The only other point I wish to report to you now is that IE7 can be uninstalled through the Add/Remove in your control panel. Microsoft offers these instructions:

To uninstall Internet Explorer 7 to return to Internet Explorer 6 on Windows XP

1. Click "Start," and then click "Control Panel."
2. Click "Add or Remove Programs."
3. Check "Show Updates" at the top of the dialog box.
4. Scroll down the list and highlight the version of Internet Explorer 7 that you are running, and then click "Change/Remove." (If you are running Internet Explorer 7 Beta 2 Preview — March 20 or later, it is not necessary to check "Show Updates.")
5. Go here and select the appropriate version of Internet Explorer 7 for your operating system.

Enjoy your experience, and be sure to check back here for any future comments and/or advice.

Security Alert - OS X, Safari Browser & Adobe Flash Player

US-CERT has issued alert SA06-275A which has the following information:

Multiple Vulnerabilities in Apple and Adobe Products

Original release date: October 2, 2006
Last revised: --
Source: US-CERT

Systems Affected:

* Apple Mac OS X version 10.3.9 (Panther) and version 10.4.7 (Tiger)
* Safari web browser
* Adobe Flash Player

These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.

Overview:

Mac OS X, Safari, Adobe Flash Player, and other products are affected by multiple vulnerabilities. Apple has released Security Update 2006-006 to address these vulnerabilities, the most serious of which may allow a remote attacker to place and run malicious code on your computer.

Solution:

Install Apple Security Update 2006-006 through Apple Update.

Description:

Mac OS X, Safari, Adobe Flash Player, and other products are affected by multiple vulnerabilities. Some of these vulnerabilities could allow an attacker to run malicious programs on your computer.

For more technical information, see US-CERT Technical Alert TA06-275A.

Virus/Worm Warning

A new virus/worm is now in the wild and circulating via email, causing at least 3 security vendors to update their detection definitions and/or issue an alert.

Since the malware uses its' own Simple Mail Transfer Protocol (SMTP) engine, the user may not even realize they have been infected.

As usual there is not a common name so here is the breakdown as of this time:

TrendMicro: WORM_STRATION.WO

McAfee: W32/Stration@MM

PandaLabs: Spamta.CY

Even though the threat level of this worm is rated "low" by all three vendors, they have seen fit to update their AV signatures. If your AV software does not or has not been updated automatically, since the Damage and distribution potential is rated "high", you are urged to update manually ASAP.

MS Support Ending For Microsoft XP SP1 and SP1a

My dear friend and fellow blogger Corrine (Microsoft MVP) at Security Garden reminds everyone that the end of Microsoft support for these versions of XP is rapidly approaching. This is extremely important.

Please read her entire post HERE...

Security Alert Issued For Microsoft Internet Explorer

U.S. Cert has issued the following Security Alert for Internet Explorer which has yet to be addressed by a Microsoft Patch.

Vulnerability Note VU#416092

Microsoft IE version 5.0 and higher support the Vector Markup Language (VML), which is a set of XML tags for drawing vector graphics. IE fails to properly handle malformed VML tags allowing a stack buffer overflow to occur. If a remote attacker can persuade a user to access a specially crafted web page with IE, that attacker may be able to trigger the buffer overflow.

It should be noted that this exploit is actively being exploited and there is no readily available solution available. Until a patch is released, it is advisable to configure Microsoft Outlook and Outlook Express to render email messages in plain text format.

A statement from Microsoft says "A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs".

They do offer a workaround available at M.S. Security Advisory 925568.

Cyber Security Alert For Microsoft Word 2000

Alert SA06-250A from US-CERT

Microsoft Word Vulnerability
Original release date: September 7, 2006
Last revised: --
Source: US-CERT

Systems Affected: Microsoft Word 2000, however other versions of Word and other Microsoft Office programs may also be affected.

Overview: A vulnerability in Microsoft Word 2000 could allow an attacker to gain control of your computer.

Solution: Do not open untrusted documents. Microsoft has not yet released an update to address this vulnerability. Do not open unfamiliar or unexpected Word or other Office documents, including those received as email attachments or hosted on a web site.

Description: An attacker could exploit a vulnerability in Microsoft Word 2000 by convincing a user to open a specially crafted Word document. A Word document could be attached to an email message, hosted on a web site, or included in another Office document. This
vulnerability may affect other versions of Word and other Microsoft Office programs.

For further reference see Microsoft Security Advisory (925059)

It is also being reported by ZDNet, that Microsoft plans to release a "critical" security update for Office next week, one of three bulletins it will distribute as part of its monthly patch cycle.

The other two updates are for Windows and are rated as "important," its second-highest ranking, the software giant said in an advisory Thursday. Read on.....