October Security Bulletin
Hey, it’s October and I have a ton of security issues to go over with you folks this week. First of all, Kaspersky’s Online Scanner for September 2006 has uncovered the truth behind social engineering and the spread of malware. Of course, I also have a few vulnerabilities and attacks to talk about, so let’s get the show on the road and take a look at October’s security landscape.
Kaspersky Online Scanner for September
August was the month of the worms, which is a little out of place according to Kaspersky laboratories, but the online scanner in September brought things back to normal with malware leading the assault on PCs. Trojan Droppers and Trojan Downloaders, in particular, seem to be gaining ground. One specifically, is even the new kid in town and it took home the “most popular” award for online threats in September. That was the .win32.Delf.awg threat. It was sent out under the disguise of a young woman wanting to share her summer vacation pictures with you. That is social engineering at its best. It is one of the most talked about topics in the Kaspersky monthly scanner. There are discussions about it and the success rate of its use all over the place. People can’t seem to stop themselves from opening these e-mails and all they end up doing is infecting their machines.
Microsoft PowerPoint Vulnerability
I don’t know how often you use Microsoft’s PowerPoint throughout your day, but keep your head up. The popular presentation software can leave your machine open to attacks.
This Trojan silently runs an .exe file, which installs two .DLL files that operate as backdoors. The backdoors then post information entered in Internet Explorer to an outside Web site, according to McAfee.
This exploit affects PCs and Macs running certain versions of Microsoft’s PowerPoint. Those are Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac and Microsoft PowerPoint 2004 v. X for Mac, according to a company spokesman.
Malicious E-mails Posing as Security Warnings are Infecting PCs
According to security analysts at MicroWorld Technologies , there is a worm going around using security warnings as bait and people are opening them up like crazy. This is just like the social engineering e-mail I was discussing earlier in this article. The attackers are using an enticing subject in order to trick the recipient into opening the infected e-mail. The “bait” is working well, because this mass mailing worm has been putting up some impressive numbers.
The virus has its own SMTP server, which means it can send out e-mail on its own and it needs this, because one of the first things it’s going to do in your system is harvest all the e-mail addresses it can from you and mail a copy of itself out to them. The second thing it’s going to do is log onto some malicious sites and try to bring more applications into your machine. Here’s an example of some of the message bodies you might find in an infected e-mail:
- Mail Transaction failed. Partial message is available.
- The message contains Unicode characters and has sent as a binary file. The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
These messages can be tempting, but that again, is social engineering. Hackers want you to open their e-mails and they don’t want you to just ignore them. Unfortunately, they are pretty good at it. Almost everything I talked about today revolves around social engineering and there is no software to protect you against that. You just have to have good sense. Stay away from all the e-mails out there that you are not 100 percent sure of or can verify. There is just too much going on and there are too many unpatched vulnerabilities in Windows to take any chances.
Until next week, stay safe out there.
~ Chad Stelnicki