[IS&T Security-FYI] SFYI Newsletter, November 9, 2009

Mon Nov 9 13:41:24 EST 2009

In this issue:

1. November 2009 Security Patches
2. Scareware/Rogueware Revisited
3. Nigerian Scams to Decrease?
4. Major SSL Flaw

----------------------------------------------
1. November 2009 Security Patches
----------------------------------------------

---- Microsoft ----

Systems affected:

Microsoft Windows (not including Windows 7)
Windows Server (not including Windows Server 2008 R2)
Microsoft Office (all versions)

According to its Security Bulletin Advance Notification for November  
2009, Microsoft plans to release six security bulletins on Tuesday,  
November 10 to address 15 separate vulnerabilities. Three of the  
bulletins are rated critical, three are rated important. The Microsoft  
Office patch will address vulnerabilities in Word and Excel. No  
updates have been released for Windows 7.

For details:
<http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx>

---- Apple ----

Apple released no security patches. The last security update was  
2009-005, released on September 10.

---- Firefox ----

On November 5, Firefox 3.5.5 was released to address one critical  
security bug. This update comes only a few weeks after the previous  
update. On October 27, Mozilla had updated Firefox to version 3.5.4 to  
address 16 security flaws, 11 of which were critical.  Mozilla also  
released Firefox 3.0.15, which contains nine fixes, four designated  
critical.  Mozilla plans to discontinue support for Firefox 3.0 in  
January 2010.

Firefox 3.5.4: <http://www.computerworld.com/s/article/9140008/Mozilla_fixes_16_flaws_with_Firefox_3.5.4 
 >
Firefox 3.5.5: <http://lifehacker.com/5398096/firefox-355-update-fixes-critical-security-bug 
 >

---------------------------------------------
2. Scareware/Rogueware Revisited
---------------------------------------------

Scareware has been a prominent part of the Internet since 2004, when a  
cybergang based in Russia launched the iframecash.biz website and  
began offering commissions to anyone who helped them spread the  
SpySheriff fake antivirus program. Hackers began to taint legitimate  
websites so that pop-up ads for SpySheriff would launch on the PC of  
anyone who visited a corrupted Web page.

By late last year, more than 9,200 different types of scareware  
programs were circulating on the Internet, up from 2,800 at midyear,  
according to The Anti-Phishing Working Group. A study by Symantec also  
found that between July 2008 and June 2009, it received reports of 43  
million attempts to install scareware on users PCs.

Typically the scareware attack, coupled with a rogueware attack, looks  
like this: A pop up ad or link on the Internet shows a warning to  
purchase the fake antivirus program. You can't cancel out of the  
request. You are inundated with exhortations to purchase phony  
antivirus software such as "Total Security 2009." You're also locked  
out of nearly all applications until you purchase the disreputable  
product.  Once your PC is infected with the malware, the only program  
you can open is Internet Explorer, so you can navigate to the site and  
make a purchase. Your PC is basically held ransom until you purchase  
the software. But even then, the software purchased often does nothing  
to resolve the problem, trapping you in a malware quagmire.

And now scareware purveyors are embedding triggers in places you  
wouldn't expect: on advertisements displayed at mainstream media  
websites; amid search results from Google, Yahoo Search and Windows  
Live search; alongside comments posted on YouTube videos; and, most  
recently, in "tweets" circulating on Twitter.

Stories can be found here:
<http://www.usatoday.com/tech/news/2009-06-09-cybergangs-scareware-hackers_N.htm 
 >
<http://blogs.usatoday.com/technologylive/2009/10/new-twist-on-scareware-locks-up-your-pc.html 
 >
<http://www.pcworld.com/article/173765/a_rogue_demands_a_ransom.html>
<http://lastwatchdog.com/scareware-purveyors-advance-blackmail-creating-botnets/ 
 >

-----------------------------------------
3. Nigerian Scams to Decrease?
-----------------------------------------

Operation Eagle Claw, a program developed by Nigeria's Economic and  
Financial Crimes Commission, is promising to push the country out of  
the top ten for fraudulent email. So far the program has seen members  
of 18 syndicates arrested and 800 scam website shut down. Nigerian  
police are working with Microsoft to fine tune the technology used to  
check the emails.

Read the full story here:
<http://www.theregister.co.uk/2009/10/23/nigeria_police_success/>

------------------------
4. Major SSL Flaw
------------------------

Vendors and the Internet Engineering Task Force (IETF), have been  
working on a fix since last month for a newly discovered vulnerability  
in the SSL protocol that spans browsers, servers, smart cards, and  
other products. "The bug results in a set of related attacks that  
allow a man-in-the-middle to do bad things to your SSL/TLS  
connection," according to Marsh Ray who first discovered the bug in  
August. The IETF will issue a new extension for the SSL/TLS protocol  
that fixes the bug.

Read the full story here:
<http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600523 
 >

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091109/23476d9e/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091109/23476d9e/attachment.bin