---

Tip #3609 - Vulnerabilities for March 2007

Printer Friendly Version | E-Mail This Tip

Like These Tips? Get 'Em Free In Your E-mail Everyday! E-mail Address:

Vulnerabilities for March 2007

Vista Mail Bug

This article shouldn’t be a surprise. Microsoft’s predecessor to Outlook Express, called Vista Mail, might have one of its first exploits. A vulnerability in the way the mail client handles specially crafted links in e-mails could allow the running of arbitrary codes from a remote user. Microsoft has said that they have not seen any attacks specifically taking advantage of the security hole and a resolution should be out on the next “Patch Tuesday.”

We’ll see what happens, but until then, if you are one of the Vista Mail pioneers, I’m going to recommend the same advice I always give in this situation. Don’t link out of your e-mails unless you're absolutely sure the link and source are trustworthy. You may want to make sure that you are using a Limited User Account when checking your mail, so in case things do go bad, the attack is contained, due to your user's lack of permissions.

Skype Trojan

Skype, the popular peer to peer telephony networking service is experiencing a Trojan within their walls. Using the Skype instant messenger client, attackers are sending out messages with the subject line of “Check on this” and an attachment with the file name of file_01.exe. The attachment, if successfully executed, infects your system and immediately attempts to propagate by finding the user's contacts and sending out several different and updated versions of itself to them. The virus payload on the local PC allows the attacker to execute arbitrary code, in essence turning your machine into their bot.

Skype doesn’t really hide the fact that their messenger service has been seeing this Trojan attack and infecting users in their community. In fact, representatives said that they have always tried to warn their users of the potential risks of blindly opening files from unsolicited users. A company representative also stated that Skype has also been looking into a partnership or contract with a security company to help protect against these types of attacks, while using strategies, such as link filtering.

Star Office Vulnerability

StarOffice, a popular suite from Sun Microsystems and very similar to MS Office, has a vulnerability that could allow a remote user the ability to execute remote code on a user's PC, by using a specially crafted file. The StarCalc file, with the file extension of .sdc, would grant the same rights to the local user as to the hidden attacker. This, once again, could allow attackers to execute commands and execute code at their discretion, ultimately turning your system into a bot.

The vulnerability affects StarOffice versions six through eight and as of yet, there are no patches or fixes for the problem. But, do keep in mind that this was only discovered this past Monday. As of now, Sun Microsystems has not seen any exploits taking advantage of the security hole and they hope they can get things patched before something does come down the pike.

Although Sun hasn’t listed any available work arounds as of yet, I would recommend staying away from any .sdc files coming from outside sources, unless you are expecting one. I would also get used to running StarOffice with a Limited User Account, so if there is an infection, it is mitigated by your lack of rights.

In all actuality, I believe these three security holes (bug, vulnerabilities and the Trojan) are all pretty easily avoided by utilizing some common sense. Stay away from links and attachments from unknown sources or even unsuspecting, odd looking e-mails with attachments from intensities that appear to be one of your contacts. You may really want to run your system as a Limited User as well. This can really lessen the damage done if you happen to get infected. And last, but not least, update, update, update! They’re simple, but effective rules to remember and following them should help your system to stay secure.

I will keep you all posted on any and all updates that fix these exploits, so you won’t have to worry about them anymore. Until then, just try to help yourself by paying close attentions to what you're clicking on.

Until next week, stay safe out there!

~ Chad Stelnicki

Want To Comment On This Tip? Click Here! We'd love to hear from you :-)

---

Like These Tips? Get 'Em Free In Your E-mail

Computer & MS Office Tips

Computer Tips & MS Office Tips Daily - Run your Windows PC like a pro! No matter what your skill level, beginner or advanced, you'll find tons of valuable tips, tricks, and ideas in every issue (plus great software deals). Become the computer guru you've always wanted to be! The tip you've just read was in this newsletter!

Computer Tips & MS Office Tips Weekly - If you don't want our Computer Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays

Our Other Great Newsletters

Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week

Life's Adventures - Each issue features a short story. Some of these are of the warm and fuzzy variety, some are sad, some are a little of both, but they all deliver powerful messages. Sent every Tuesday and Thursday.

Software Deals - Every week, we send out great deals in our Software Deals newsletter. Many of these deals are exclusively for our Software Deals newsletter subscribers and can't be found with our regular specials.

Enter Email address:

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love 'em :-), unsubscribing is fast and easy.

Click Here to find out why we have over 400,000 readers who enjoy our newsletters every week! (And growing fast!)

  (Computer Tips Daily)