Windows Vista Upgrade Advisor

March 8, 2008 – 6:42 PM

Want to see if your Windows XP-based PC can run Windows Vista? Just download, install, and run the Windows Vista Upgrade Advisor.

This small software tool will scan your computer and create an easy-to-understand report of all known system, device, and program compatibility issues, and recommend ways to resolve them. Upgrade Advisor can also help you choose the edition of Windows Vista that best fits the way you want to use your computer.

http://www.microsoft.com/windowsvista/upgradeadvisor/

Firefox vulnerable to password-stealing

March 8, 2008 – 6:41 PM

Internet Explorer is also susceptible to the attack but is less likely to be tricked because it does a more thorough job in checking to see where a log-in form is coming from before it automatically submits password and user information.A flaw in Firefox allows you to steal user information on websites where users create their own pages, such as MySpace.

The flaw in the browser’s Password Manager software can be tricked into sending password information to a different website, said Robert Chapin, president of Chapin Information Services. But for it to work, attackers need to be able to create HTML forms on the site – something not allowed on blogging and social networking sites.

The attack was used in a MySpace phishing attack last month where a fake log-in page was use to exploit the flaw. The page then sent MySpace username and password information to another site, and MySpace users who visited the page using Firefox could have easily had their information compromised, said Chapin. Firefox developers rate the bug critical.

Password Manager currently does not check if password information is being sent to the server that requested it, Chapin said. “From a programming point of view, this is almost like a typo,” he said. “Ironically I think that’s why it hasn’t been discovered until now. It was just way too obvious.”

http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7417

How to Enable the My Computer Security Zone in Internet Options

March 8, 2008 – 6:40 PM

SUMMARY
The My Computer security zone contains settings for how Windows and Internet Explorer manage unsigned controls. This security zone is hidden by default on the Security tab in the Internet Options dialog box. This article describes how to to view and modify the settings for the My Computer security zone by modifying a registry key.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

The Flags value in the following registry key determines whether you can view the My Computer security zone on the Security tab in the Internet Options dialog box:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

The Flags value is a DWORD value. Setting the data value of the Flags value to 47 (in hexadecimal) causes the My Computer security zone to be displayed. Setting the data value of the Flags value to 21 (in hexadecimal) causes the My Computer security zone to be hidden.
http://support.microsoft.com/?kbid=315933

Tricky New Malware Challenges Security Vendor

March 8, 2008 – 6:39 PM

A tricky malicious program has become more prevalent in spam, but experts don’t know what its creators plan to do with it.Many vendors are rating the malware–called “Warezov,” “Stration,” and “Stratio”–as a low risk. But they also say that it is tricky to deal with.

New Code Every 30 MinutesThe malware is a mass-mailing worm that affects machines running Microsoft Windows. When the malware infects a computer–usually after the user has opened an attachment containing the worm in a spam e-mail–it sends itself out again to other e-mail addresses found on the computer. The code is then capable of downloading new versions of itself as frequently as every 30 minutes from a batch of Web sites, said Mikko Hypponen, chief research officer at F-Secure, a security company in Helsinki.

Those new versions are created by a program on a server controlled by the hacker, Hypponen said.

In the past, malware has been known to create variations of itself, but the code to create those variations was contained inside the malware. So when a sample was obtained, security analysts could study it and identify potential new versions, he said.

Now, the hacker’s program is compiling the code and rapidly churning out new versions, but analysts don’t know how the new code is generated.

Security Firms Struggle to Keep UpThat characteristic is a headache for security software firms that issue special updates to their software to detect the malware. F-Secure alone has issued at least 150 signatures for the malware.

“It gets very complex to detect an attack like that because the code keeps changing,” Hypponen said.

Security firm Sophos has detected some 300 versions of the malware. For October, the malware was one of the most common pieces of malicious code found in spam messages, said Carole Theriault, senior security consultant with Sophos.

Since infected computers look to other domains to receive updated code, F-Secure has worked with ISPs to shut down domains hosting the new variants. So far, nine of ten domains have been shut down, Hypponen said.

Hacker Setting Up NetworkOddly, the malware doesn’t appear to do anything yet on the victim’s computers. It’s estimated up to a few hundred thousand computers are infected, a sizable number but not quite on the scale of large malware problems from a few years ago, Hypponen said.

A hacker could be waiting to harness enough infected computers to start a denial-of-service attack or send spam or rent out the network to a spammer, Hypponen said.

“We hope to one day find out why they are doing this,” Hypponen said. “We hope it’s nothing too bad.”

http://www.pcworld.com/article/127711-1/article.html?tk=nl_dnxnws

The world’s most sophisticated Trojan uncovered

March 8, 2008 – 6:38 PM

Security experts have discovered new spambot software that installs its own anti-virus scanner to eliminate competition, alongside a number of other sophisticated features.

SecureWorks has described the Trojan, which it calls SpamThru, in detail. Others vendors have come up with different names for the software. One of the signs of its sophistication though is that few anti-virus scanners are aware of it, SecureWorks said.

“SpamThru is a money-making operation, and the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code,” said SecureWorks’ Joe Stewart in the company’s analysis.

SpamThru is a Trojan that turns a system into part of a network of bots designed to send out spam, a type of operation that’s been around for several years. While the Trojan’s network doesn’t seem especially large so far – at a couple of thousand of bots – SpamThru shows that criminals are now able to treat spam software development just like any other commercial development endeavour, Stewart said.

“The complexity and scope of the project rivals some commercial software,” he wrote. “Clearly the spammers have made quite an investment in infrastructure in order to maintain their level of income.” The company has come across previous Trojans that attempt to switch off other malware, in order to maximise system resources, but SpamThru installs a pirated version of Kaspersky AntiVirus for WinGate, customised to skip files known to be part of SpamThru itself, naturally.

“It patches the license signature check in-memory in the Kaspersky DLL in order to avoid having Kaspersky refuse to run due to an invalid or expired license,” Stewart wrote. It uses a custom peer-to-peer protocol to control communication with the network, which makes the bot network harder to kill. “Control is still maintained by a central server, but in case the control server is shut down, the spammer can update the rest of the peers with the location of a new control server, as long as he/she controls at least one peer,” Stewart wrote.

Each client has its own spam engine, creating spam from a template that’s transmitted usiung AES encryption to avoid giving access to competing spammers, SecureWorks said.

http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7175