Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Vulnerabilities for March 2007

Friday, March 30th, 2007 by | Filed Under: Security Help

Vulnerabilities for March 2007

Vista Mail Bug

This article shouldn’t be a surprise. Microsoft’s predecessor to Outlook Express, called Vista Mail, might have one of its first exploits. A vulnerability in the way the mail client handles specially crafted links in e-mails could allow the running of arbitrary codes from a remote user. Microsoft has said that they have not seen any attacks specifically taking advantage of the security hole and a resolution should be out on the next “Patch Tuesday.”

We’ll see what happens, but until then, if you are one of the Vista Mail pioneers, I’m going to recommend the same advice I always give in this situation. Don’t link out of your e-mails unless you’re absolutely sure the link and source are trustworthy. You may want to make sure that you are using a Limited User Account when checking your mail, so in case things do go bad, the attack is contained, due to your user’s lack of permissions.

Skype Trojan

Skype, the popular peer to peer telephony networking service is experiencing a Trojan within their walls. Using the Skype instant messenger client, attackers are sending out messages with the subject line of “Check on this” and an attachment with the file name of file_01.exe. The attachment, if successfully executed, infects your system and immediately attempts to propagate by finding the user’s contacts and sending out several different and updated versions of itself to them. The virus payload on the local PC allows the attacker to execute arbitrary code, in essence turning your machine into their bot.

Skype doesn’t really hide the fact that their messenger service has been seeing this Trojan attack and infecting users in their community. In fact, representatives said that they have always tried to warn their users of the potential risks of blindly opening files from unsolicited users. A company representative also stated that Skype has also been looking into a partnership or contract with a security company to help protect against these types of attacks, while using strategies, such as link filtering.

Star Office Vulnerability

StarOffice, a popular suite from Sun Microsystems and very similar to MS Office, has a vulnerability that could allow a remote user the ability to execute remote code on a user’s PC, by using a specially crafted file. The StarCalc file, with the file extension of .sdc, would grant the same rights to the local user as to the hidden attacker. This, once again, could allow attackers to execute commands and execute code at their discretion, ultimately turning your system into a bot.

The vulnerability affects StarOffice versions six through eight and as of yet, there are no patches or fixes for the problem. But, do keep in mind that this was only discovered this past Monday. As of now, Sun Microsystems has not seen any exploits taking advantage of the security hole and they hope they can get things patched before something does come down the pike.

Although Sun hasn’t listed any available work arounds as of yet, I would recommend staying away from any .sdc files coming from outside sources, unless you are expecting one. I would also get used to running StarOffice with a Limited User Account, so if there is an infection, it is mitigated by your lack of rights.

In all actuality, I believe these three security holes (bug, vulnerabilities and the Trojan) are all pretty easily avoided by utilizing some common sense. Stay away from links and attachments from unknown sources or even unsuspecting, odd looking e-mails with attachments from intensities that appear to be one of your contacts. You may really want to run your system as a Limited User as well. This can really lessen the damage done if you happen to get infected. And last, but not least, update, update, update! They’re simple, but effective rules to remember and following them should help your system to stay secure.

I will keep you all posted on any and all updates that fix these exploits, so you won’t have to worry about them anymore. Until then, just try to help yourself by paying close attentions to what you’re clicking on.

Until next week, stay safe out there!

~ Chad Stelnicki

Leave a Reply

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.

Enter Email Address:


Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup

Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive