[IS&T Security-FYI] SFYI Newsletter, November 9, 2009
Monique Yeaton
myeaton at MIT.EDU
Mon Nov 9 13:41:24 EST 2009
In this issue:
1. November 2009 Security Patches
2. Scareware/Rogueware Revisited
3. Nigerian Scams to Decrease?
4. Major SSL Flaw
----------------------------------------------
1. November 2009 Security Patches
----------------------------------------------
---- Microsoft ----
Systems affected:
Microsoft Windows (not including Windows 7)
Windows Server (not including Windows Server 2008 R2)
Microsoft Office (all versions)
According to its Security Bulletin Advance Notification for November
2009, Microsoft plans to release six security bulletins on Tuesday,
November 10 to address 15 separate vulnerabilities. Three of the
bulletins are rated critical, three are rated important. The Microsoft
Office patch will address vulnerabilities in Word and Excel. No
updates have been released for Windows 7.
For details:
<http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx>
---- Apple ----
Apple released no security patches. The last security update was
2009-005, released on September 10.
---- Firefox ----
On November 5, Firefox 3.5.5 was released to address one critical
security bug. This update comes only a few weeks after the previous
update. On October 27, Mozilla had updated Firefox to version 3.5.4 to
address 16 security flaws, 11 of which were critical. Mozilla also
released Firefox 3.0.15, which contains nine fixes, four designated
critical. Mozilla plans to discontinue support for Firefox 3.0 in
January 2010.
Firefox 3.5.4: <http://www.computerworld.com/s/article/9140008/Mozilla_fixes_16_flaws_with_Firefox_3.5.4
>
Firefox 3.5.5: <http://lifehacker.com/5398096/firefox-355-update-fixes-critical-security-bug
>
---------------------------------------------
2. Scareware/Rogueware Revisited
---------------------------------------------
Scareware has been a prominent part of the Internet since 2004, when a
cybergang based in Russia launched the iframecash.biz website and
began offering commissions to anyone who helped them spread the
SpySheriff fake antivirus program. Hackers began to taint legitimate
websites so that pop-up ads for SpySheriff would launch on the PC of
anyone who visited a corrupted Web page.
By late last year, more than 9,200 different types of scareware
programs were circulating on the Internet, up from 2,800 at midyear,
according to The Anti-Phishing Working Group. A study by Symantec also
found that between July 2008 and June 2009, it received reports of 43
million attempts to install scareware on users PCs.
Typically the scareware attack, coupled with a rogueware attack, looks
like this: A pop up ad or link on the Internet shows a warning to
purchase the fake antivirus program. You can't cancel out of the
request. You are inundated with exhortations to purchase phony
antivirus software such as "Total Security 2009." You're also locked
out of nearly all applications until you purchase the disreputable
product. Once your PC is infected with the malware, the only program
you can open is Internet Explorer, so you can navigate to the site and
make a purchase. Your PC is basically held ransom until you purchase
the software. But even then, the software purchased often does nothing
to resolve the problem, trapping you in a malware quagmire.
And now scareware purveyors are embedding triggers in places you
wouldn't expect: on advertisements displayed at mainstream media
websites; amid search results from Google, Yahoo Search and Windows
Live search; alongside comments posted on YouTube videos; and, most
recently, in "tweets" circulating on Twitter.
Stories can be found here:
<http://www.usatoday.com/tech/news/2009-06-09-cybergangs-scareware-hackers_N.htm
>
<http://blogs.usatoday.com/technologylive/2009/10/new-twist-on-scareware-locks-up-your-pc.html
>
<http://www.pcworld.com/article/173765/a_rogue_demands_a_ransom.html>
<http://lastwatchdog.com/scareware-purveyors-advance-blackmail-creating-botnets/
>
-----------------------------------------
3. Nigerian Scams to Decrease?
-----------------------------------------
Operation Eagle Claw, a program developed by Nigeria's Economic and
Financial Crimes Commission, is promising to push the country out of
the top ten for fraudulent email. So far the program has seen members
of 18 syndicates arrested and 800 scam website shut down. Nigerian
police are working with Microsoft to fine tune the technology used to
check the emails.
Read the full story here:
<http://www.theregister.co.uk/2009/10/23/nigeria_police_success/>
------------------------
4. Major SSL Flaw
------------------------
Vendors and the Internet Engineering Task Force (IETF), have been
working on a fix since last month for a newly discovered vulnerability
in the SSL protocol that spans browsers, servers, smart cards, and
other products. "The bug results in a set of related attacks that
allow a man-in-the-middle to do bad things to your SSL/TLS
connection," according to Marsh Ray who first discovered the bug in
August. The IETF will issue a new extension for the SSL/TLS protocol
that fixes the bug.
Read the full story here:
<http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600523
>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091109/23476d9e/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091109/23476d9e/attachment.bin
More information about the ist-security-fyi
mailing list