If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.
The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."
For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.
To the surprise of many (including ourselves), Symantec shed its old bloaty ways with the release of Norton Internet Security Suite 2009, a svelte security suite that earned a 9 verdict and KickAss award in our Antivirus Software Roundup. Now Symantec says its ready to do it again with a revamped version of its Norton 360 software. Has the world turned topsy-turvy?
"Norton 360 has become one of Symantec’s most popular consumer offerings in just two years due to the all-in-one convenience it delivers and the solutions value we have built directly into the suite,” said Janice Chaffin, group president of Symantec’s Consumer Business Unit. “With version 3.0, we are combining the unmatched performance of our 2009 security products with Norton Safe Web to create even more convenience and value for our customers."
Just like NIS 2009, Symantec says its new Norton 360 version 3.0 takes about a minute to install and consumes less than 10MB of system memory. Not only that, but the company claims users will see faster boot times once 360 turns off "unnecessary" startup programs. Other new features shipping with version 3.0 include pulse updates, idle backup routine, botnet protection, and a web rating service called Norton Safe Web.
Coinciding with the 360 v3.0 release, Symantec also announced the official launch of the Norton Users Discussion Forum. Prior to the launch, the forum had been in beta since April 2008 and currently boasts 1,200 new users and 7,000 posts every month.
Norton 360 is available now with an MRRP of $100 (includes 25GB of secured online storage) for the Premier Edition, $130 for the Small Business Edition 5 User Pack (plus 10GB), and $250 for the Small Business Edition 10 User Pack (plus 25GB).
Adobe’s PDF reader and creator software continues to be under a seemingly endless attack, and a new vulnerability has the security community very worried. A critical flaw in all editions of its PDF reader and creator software will allow attackers to crash the application and gain control of a person’s computer. This vulnerability has been acknowledged by Adobe, but a fix is still rumored to be 2-3 week away. Initially the company will be working to patch version 9, but will eventually include fixes for version’s 7 & 8 as well.
According to the McAfee security blog, malicious PDF documents are already in the wild, and have been appearing across the web since early January. PDF exploits are of significant concern to the security community since the reader software interfaces very closely with web browsers. In many cases PDF documents are opened within a new browser tab, and displayed even with a user’s consent. According to Symantec this attack has primarily been directed towards government agencies and large corporations, it is not widespread as of yet.
While fears of a recession are the on the minds of those looking to make an honest living, unscrupulous hackers are thriving in an underground economy worth billions of dollars. The revelation comes as part of new report released today by Symantec titled "Report on the Underground Economy."
The eye-opening report reflects activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. During that time, Symantec claims to have witnessed 44,752 unique samples of sensitive information publicly posted on various servers. These samples, which represent 10 percent of the total distinct messages, serve as proof that the seller in question has the information they claim to have, as well as to show potential buyers the quality of goods they can expect to receive.
According to Symantec, credit card information reigns supreme and accounts for nearly a third of the total. Credit cards were seen selling for as little as $.10 to $25 per card, despite an average advertised limit of $4,000. When added up, Symantec calculated the total potential worth to be in the neighborhood of $5.3 billion.
But that number doesn't take into account stolen financial accounts, which makes up 20 percent of the total. Stolen bank accounts were seen seling for between $10 and $1,000 with the average balance hovering at nearly $40,000. By Symantec's math, that puts the total worth at $1.7 billion, or around $7 billion for credit cards and bank accounts combined.
Business executives will soon be able to view porn without fear of mucking up their system with malware, and they'll have HP, Mozilla, and Symantec to thank for it. The three-pronged team has set out to create what HP calls the Firefox Virtual Browser, which will appear on the upcoming HP Compaq dc7900 business desktop.
If the concept of a virtual browser sounds familiar, it's because these solutions already exist outside of the OEM realm, some of which have been covered in your favorite computer magazine (assuming Maximum PC is your favorite rag). Like Trustware's BufferZone, the Firefox Virtual Browser consists of a virtual layer independent from the operating system. This sandbox approach means that any downloaded cruft that manages to spread its contaminates stays contained and can easily be undone by simply emptying the virtual environment..
"What we have created is a virtual layer where your browser runs and all the downloads, all the clicks, all the cookies and everything is placed within...a virtualized run-time environment," explains Kirk Godkin, HP senior product manager for business PCs. "With the browser, the user only has to click the mouse and it will reset the browser to its original state and all their favorites will remain the same."
Godkin went on to say that the virtual browser will eventually spread to all of HP's corporate desktops by the end of November, but didn't say whether not HP is also working with Microsoft on a similar option for Internet Explorer.
Symantec has issued yet another warning related to a vulnerability in MS Access that was acknowledged by Microsoft last month. Symantec has warned that Internet Explorer 6 is more vulnerable to this threat than subsequent versions. It had earlier unearthed an update to the diabolical Neosploit kit that has made it easier for even neophyte hackers to exploit the chink in the MS Access armor.
There is still no news of a patch to fix the Snapshot Viewer ActiveX control that comes bundled with MS Access. This ActiveX control is being exploited by cyber interlopers to wrest control of computers. Symantec has advised users to set three kill bits for the Snapshot Viewer ActiveX control to prevent it from being activated.
MySpace and Facebook users now have bigger worries than whether Wordscraper will stay online: two new worms, known as the Koobface family, are attacking Windows users of these popular social networking (or "Notworking" sites, as our friends at The Inquirer call them). These new worms pose a threat to the peace of mind of people like Zac Koobface (a real Facebook user, by the way).
Kapersky Labs was the first to detect these worms: Net-Worm.Win32.Koobface.a (targets MySpace) and Net-Worm.Win32.Koobface.b (targets Facebook). McAfee refers to both worms as W32/Koobface.worm, while Symantec uses the terms W32.Koobface.A and W32.Koobface.B.
Both worms send comments or messages to other users of the service. The messages or comments contain alleged links to humorous YouTube files (such as "Paris Hilton Tosses Dwarf On The Street"). When the user clicks on the link, the link redirects to a website that displays an error message claiming the user needs an updated codec to enable the Adobe Flash player to play the video. The alleged Flash player update (codecsetup.exe) contain the worm.
When the Koobface.A worm runs, it configures itself to run automatically when the system starts, checks for MySpace cookies, and if it finds them, modifies the user's profile by adding links to malicious sites that contain the worm. To learn more about Koobface.A and Koobface.B, check the McAfee and Symantec links earlier in this article.
If you use Kapersky, McAfee, or Symantec antivirus, the latest virus definitions will detect and stop these worms. If you use other antivirus or anti-malware programs, check for updates daily - and don't click on funny video links from other MySpace or Facebook users. The results just aren't very funny.
Been bugged by these or other social-networking worms? Tell us your story after the jump!
I was a victim of the Symantec triple-license AV software whose timer started ticking with the first installation (March 2008). I called Symantec’s customer service number and complained, and the company fixed it for me by resetting the timer to start with the third installation. This rectified the situation to my satisfaction, and I learned a lesson.
Fast forward a year to a similar three-pack from Computer Associates. Being careful, I installed all three licenses on the same day to make sure there wouldn’t be any issues with the expiration date. As soon as the software ran an update cycle with the home server, it took three weeks off my license! I called CA and the company fixed the problem. The culprit? It seems the clock started ticking when I bought the package (or so I was told). But how did they know when I bought it?
Customer service didn’t say, but I bet it’s from the rebate form I sent in after buying the software. I had purchased the software locally prior to the expiration date of the current antivirus software on the systems I was using and waited a few weeks until the current licenses expired before installing the new copy—a perfectly reasonable thing to do.
This strikes me as an extremely deceptive practice. I wonder if anyone else has been bitten by this?
Answers for Louis (and the rest of us) after the jump.
Attackers are exploiting the threat using specially designed websites that hideously download malicious code. Since the ActiveX control bears Microsoft's digital signature, those users who have rated MS to be a trustworthy software publisher in their IE settings might very quietly have their systems compromised
Microsoft hasn’t come up with a fix for this bug yet. Though Microsoft says that attacks are targeted and not widespread, you are advised to breeze through the terse list of suggested actions posted by Microsoft and mitigate the risk.