[IS&T Security-FYI] SFYI Newsletter, April 17, 2009

Monique Yeaton myeaton at MIT.EDU
Fri Apr 17 13:56:35 EDT 2009 

In this issue:

1. April 2009 Security Updates
2. What Happened to Conficker?
3. "Scareware:" False Security


--------------------------------------
1. April 2009 Security Updates
--------------------------------------

---- Microsoft ----

Microsoft has released updates in the Security Bulletin Summary for  
April 2009 that address eight vulnerabilities in Windows, Office,  
Windows Server, and ISA Server, five of which are critical. Windows  
operating systems affected include Windows 2003, XP, Vista and Windows  
Server 2003 and 2008. Computers running Microsoft Office suites or  
components are also affected.

Read the update in full here:
<http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx>


---- Oracle ----

The Oracle Critical Patch Update Advisory from April 2009 addresses 43  
vulnerabilities in various Oracle products and components. The update  
provides information about affected components, access and  
authorization required for successful exploitation, and the impact  
from the vulnerabilities on data confidentiality, integrity, and  
availability.

Read the update in full here:
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html 
 >


-----------------------------------------
2. What Happened to Conficker?
-----------------------------------------

Security experts predicted that on April 1st the Conficker worm would  
change the way it was doing its dirty work. Just because April 1 came  
and went doesn't mean the threat is gone.

Security researchers are now reporting they are seeing a new payload  
being delivered to PC's compromised with Conficker. The payload,  
apparently being delivered via the peer-to-peer (P2P) networking  
component of the worm, is still being researched but appears to at  
least have a keystroke logging component that can capture sensitive  
information such as usernames, passwords, credit card numbers, and more.

That story can be read here: <http://blogs.zdnet.com/BTL/?p=16082>

Check out the Conficker Eye Chart site created by the Conficker  
Working Group for a quick visual test to determine whether or not your  
PC might be compromised with some variant of the Conficker worm.

Conficker Working Group: <http://www.confickerworkinggroup.org/wiki/>
Conficker Eye Chart site: <http://www.confickerworkinggroup.org/infection_test/cfeyechart.html 
 >


Brian Krebs of the Washington Post has two pertinent articles that  
give credence to the fact that the botnet created by Conficker is  
going to be a money maker. Krebs mentions that the early variants of  
Conficker were making six figure monthly incomes in his article  
"Massive Profits Fueling Rogue Antivirus Market."
Full article here: <http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html 
 >

In his article "Conficker Worm Awakens, Downloads Rogue Antivirus  
Software" Krebs points out that the latest version of Conficker is  
doing something similar by attempting to convince people they need  
SpywareProtect2009, a fake antivirus program. I included more about  
this type of attack in the article below on Scareware.
Full article here: <http://voices.washingtonpost.com/securityfix/2009/04/conficker_worm_awakens_downloa.html?wprss=securityfix 
 >

IMPORTANT!! If you haven't already, make sure you apply the MS08-067  
patch:
<http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx>


---------------------------------------
3. "Scareware:" False Security
---------------------------------------

Beware of pop-up ads alerting you to a virus infection! These ads are  
examples of scareware tactics.

Scareware is a term for software that scares computer users to buy it  
because of a claimed threat (like a computer infection). Scareware in  
the form of Rogue AntiVirus software, such as XPAntiVirus2009, has  
been a way for hackers to make money off infected computers.

Ransomware does something similar, but has a different tactic. It  
holds computer users' files or computer hostage (making it impossible  
to access certain files or applications on the computer) until they  
give in and purchase the software.

The worst part about the scareware software users are "coerced into"  
buying, is this: rather than this being a product that cleans the  
computer of the infection, it is often malware itself, doing even more  
damage to the computer after it has been purchased and downloaded.  
Requested refunds usually go unanswered.

Stories can be found here:
<http://online.wsj.com/article/SB123976230407519659.html>
<http://blog.fireeye.com/research/2009/03/a-new-method-to-monetize-scareware.html 
 >


=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090417/c5213af8/attachment.htm

More information about the ist-security-fyi mailing list