Malicious Microsoft E-mail Scam In The Wild

Websense Security Labs (TM) has issued an alert regarding an email that is making the rounds purporting to be a security bulletin and download from Microsoft. It should always be remembered, that Microsoft never releases a security patch via email.

According to Websense, users will receive an email message which urges the immediate installation of a cumulative security patch for the "plug and play" vulnerability. Upon visiting the site and running the code the user is infected with a password stealing Trojan Horse. The email heading appears as follows:

Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

For more details including a screenshot of the email visit Websense Security Labs(TM)

Today's Computing Tip

Courtesy of SmartComputing.com

What's A Zombie?

Zombie-making Trojans infect systems most often when users open infected email attachments or documents. Examples include the SubSeven Trojan, Tribal Flood Net, Trin00, and Mstream. Firewalls, antivirus, and filtering programs go a long way toward minimizing the risk of becoming a zombie, but some people persist in opening unscanned files. Likewise, some administrators fail to take proper precautions to safeguard their networks. Installing security patches to applications and operating systems is paramount for effective network security against zombie infiltration. It can be difficult to tell if a system is a zombie-in-waiting because most infections don’t make themselves readily apparent. The bug lies dormant until the hacker issues a command to wake up his undead digital army and have them start their attack simultaneously. The only good news about zombie infections is that, unlike traditional viruses, they don’t destroy data on the host or target systems. A zombie’s sole purpose is to create network congestion.

You are invited to read the entire SmartComputing.com article and other informative articles TEXT
to their spectacuraly informative email HERE....

CC Cleaner Releases New Updated Version

One of the best free and most powerful PC cleaners available has just released it's newest version, 1.32.345.

For those of you not familiar with this program, let me bring you up to date

CCleaner (Crap Cleaner) is a freeware system optimization and privacy tool. That removes unused and temporary files from your system - allowing Windows to run faster, more efficiently and giving you more hard disk space. The best part is that it's fast! (normally taking less that a second to run) and Free.

Cleans the following:
*Internet Explorer Cache, History, Cookies, Index.dat.
*Recycle Bin, Temporary files and Log files.
*Recently opened URLs and files.
*Third-party application temp files and recent file lists (MRUs).
Including: Firefox, Opera, Media Player, eMule, Kazaa, Google Toolbar, Netscape, Office XP, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and more...
*Advanced Registry scanner and cleaner to remove unused and old entries. Including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... Backup for registry clean.
*Windows Startup tool.

I have been using this app for my PC cleanup for years now, and believe me when I tell you it is an awesome way to get rid of and that crap (thus the moniker Crap Cleaner) that remains behind and sometimes slows your computer to a crawl. I have personally see a marked increase in speed after running CC Cleaner.

Go ahead, and give it a try. You won't be disappointed, and it's FREE

Download link is available here.

Today's Computing Tip

Your daily tip from SmartComputing

Avoid Phishing Scams

The most important part of the URL as far as detecting a phishing site is concerned is the domain name, which is the text to the left of the top-level domain (such as "smartcomputing" in our example). All content at the Smart Computing Web site is accessible via the "smartcomputing.com" domain name, so any additional text between the domain name and the top-level domain name should raise a red flag. For example, a Web page located at "http://www.smartcomputing.scammer.com" is located at the domain name "scammer.com," and a page at "http://www.ebay .customerservice.com" is actually located at the domain name "customerservice.com," not at "ebay.com." Any text that appears to the left of the domain name is a subdomain associated with the main domain. In the examples we just provided, "smartcomputing" is a subdomain of "scammer.com," and "ebay" is a subdomain of "customerservice.com." Ignore subdomains and focus on the domain name when determining whether a link or URL is legitimate. Hyphens and symbols such as @ also are used to make a phish site's URL look more legitimate, so watch for those, too.

Virus Alert For MS06-040 Exploit Worm Released

As was reported HERE yesterday, there was some serious concern by internet security companies that an expoit of the MS06-040 vulnerability would strike this weekend.

McAfee Avert Labs has released a threat advisory regarding the exploit. Although this is still classified in the "low" category, the damage and distribution potential of the worm is rated as high. McAfee has therefore added extra protection to their AV program.

IRC-Mocbot!MS06-040, which exploits the recently-patched MS06-040 Server Service vulnerability, was discovered late Saturday night.

Further information on the Risk Assessment and Avert Labs Recommended Actions are available HERE.

Today's Computing Tip

Your daily tip from SmartComputing

Smartphone Carriers

Before you sign with any carrier, examine its coverage maps closely and find out how, or if, the company can provide service to you in areas not covered by its towers. Carriers operate under reciprocal agreements with other providers to give you total nationwide coverage. Unfortunately, your reception while roaming (operating in an area covered by another carrier) may not be as good as coverage in your carrier’s primary coverage area. If you are in the middle of a call when your smartphone jumps from one provider to another, you may lose reception for a few seconds, which means a dropped connection.

Major Internet Attack In The Offing?

The Department of Homeland Security issued a statement this week urging internet users to update their computers in the wake of information regarding a possibly imminent attck by hackers. Via ABC Tech News

"The Department of Homeland Security is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible," the statement read. "This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system."

Microsoft's security bulletin MS6-040, Microsoft noted "Microsoft has verified the published exploit code to work on Windows 2000 and Windows XP Service Pack 1," it said. However, independent security researchers seem to have verified that it can bring Windows XP SP2 and Windows Server 2003 to their knees with a denial-of-service (DoS) attack.

Mike Murray, director of vulnerability research at nCircle says "A worm on the scale of MSBlaster will hit in the next two weeks, and could hit in the next several hours". He added that "This threat is eminently wormable".

TechWeb.com published the following precautions for protection:

---- Identify PCs vulnerable to attack by running the free scanning tool offered by eEye Digital Security. The tool, which comes in two versions -- one capable of scanning 16 machines simultaneously, the other up to 256 computers -- can be downloaded free of charge from the eEye site.

---- Patch all vulnerable systems using Microsoft-based mechanisms -- including Windows Update and Windows Server Update Services (WSUS) -- or third-party patch managers such as Shavlik's HFNetChkPro, Patchlink's PatchLink Update, and BigFix Enterprise Suite Patch Management. Those manually downloading the patch will find it here.

---- If administrators or users are unable to patch, Microsoft recommended that they block TCP ports 139 and 445 at the firewall.

---- Additionally, Microsoft told users that they could defend unpatched systems by barring any unsolicited inbound traffic, or blocking the affected ports by applying Internet Protocol security (IPsec).

Ken Dunham, director of VeriSign iDefense's rapid response team, in an e-mail to TechWeb Friday afternoon, states "Hacker activity has been light for the MS06-040 exploitation to date,but will likely increase with the advent of this coming weekend. Networks should be diligent to patch all Internet facing computers for MS06-040 ASAP."

As always, this and other security updates can be downloaded and installed using Windows Update, or from the Microsoft Security Homepage.