Microsoft last week rolled out three prerequisite updates to prepare users computers for the first service pack for Windows Vista. Unfortunately, one of these update files has caused serious problems among some Windows Vista users and has caused their computers to crash or enter an endless cycle of boots and reboots.

This has prompted Microsoft to remove from its software update service a file that’s a prerequisite to installing the first major update to the Windows Vista operating system. Microsoft quickly suspended automatic installations of KB937287 after customers complained that their PCs wouldn’t boot up properly once the update has been applied.

Well, this is not the first time for Windows Vista SP1 to experience a glitch. If you can remember, Microsoft has delayed the widespread distribution of the service pack until it can resolve compatibility issues with some software drivers that control PC peripherals. 

Popularity: 1% [?]

Six years on from the first Linux virus, Sophos reminds users of the operating system to be aware of the risk of malicious software and makes detection software available.

IT security and control firm Sophos is warning Linux users of the importance of properly securing their systems, following findings from SophosLabs that the Linux/Rst-B virus, which is this week celebrating its sixth birthday, is still infecting computers and servers.

Analysis of malware in Sophos’s Linux honeypots has shown almost 70% of the infections are due to this six-year-old malicious program. Today, Sophos has made freely available a detection tool to help Linux users find out whether they are unwittingly infected with this virus.

According to SophosLabs experts, Linux servers are very valuable to hackers. By their nature, they are rarely turned off and are often found to be running no, or insufficient, protection against malware attacks. This makes Linux systems ideal candidates for the role of controller in a botnet - the central control point from which to create and manage an army of infected, usually Windows based computers.

‘The number of malware programs in existence is around 350,000, and while only a very small number of these target Linux, it seems as though hackers are taking advantage of this false sense of security,’ said Carole Theriault, senior security consultant at Sophos. ‘It’s surprising to see that a six-year-old virus is responsible for a large proportion of the malware collecting in our Linux honeypot, and we hope that Linux users who aren’t running security will at least run this tool to find out if they are infected with this granny virus.’

Information on the Linux/Rst-B detection tool is available on the SophosLabs blog. Sophos underlines that running this detection tool will only detect versions of Linux/Rst-B.

Sophos encourages all Linux users to consider running up-to-date anti-virus to ensure the integrity of their computers and servers is not compromised.

Popularity: 1% [?]

The website of an Indian AntiVirus vendor named AvSoft Technologies has been hacked and is being used to install malicious software on visitors’ computers.

AvSoft Technologies, based in New Delhi, sells an AntiVirus product called SmartCOP and has sold a second antivirus product called Smartdog. The company also specialises in recovering data lost due to virus attacks.

The download section of AvSoft’s S-cop Web site hosts the malicious code, according to Roger Thompson, Chief Research Officer with security vendor AVG. “They let one of their pages get hit by an iFrame injection,” he said. “It shows that anyone can be a victim…. It’s hard to protect Web servers properly.”

The malicious software is a variant of the Virut virus family.

Popularity: 1% [?]

A previously reported directory traversal vulnerability in Firefox which was rated as Low Severity has been upgraded to “Hig Severity”, but fix is on the way.

The issue is about the so-called ‘flat’ add-ons that store their components in multiple files instead of using a single .jar file. A flaw in the way the program handles the chrome protocol means a maliciously crafted web page is able to traverse directories in order to read data from known locations.

The problem will be resolved when Firefox 2.0.0.12 (which will be available shortly, according to the Mozilla Security Blog) becomes available.

Popularity: 1% [?]

Los Angeles based Panda Security has detected two new computer worms namely Nuwar.OL and Valentin.E which are designed to target Valentine’s Day.

“Year after year, we see the appearance of several malware strains that use Valentine’s Day as bait to attract users,” said Luis Corrons, technical director of PandaLabs. “This indicates that cyber-crooks are still reaping the benefits of this technique, and many people still fall into the trap.”

Nuwar.OL worm is delivered to the targeted victims’ emails with subjects like:

• I LoveYou So Much
• Inside My Heart
• You … In My Dreams

Once the worm has infected your computer, it spread by sending e-mails to the infected user’s contacts, which also creates a heavy load on networks and slows down the computer.

Valentin.E worm is delivered to the targeted victims’ emails with subjects like:

• Searching for True Love
• True Love

The e-mail has an attached file called “friends4u”.

If the targeted user opens the attached file, a copy of the worm will be downloaded. The malicious code installs on the computer as a file with the .scr extension. If the user runs it, Valentin.E shows a new desktop background to trick the user, while it makes several copies of itself on the computer. Finally, the worm sends out e-mails with copies of itself from the infected computer to spread and infect more users.

Panda Security mentioned some tips for computer users to avoid receiving these new worms this Valentine’s Day:

• Do not open any e-mails that come from unknown sources.
• Do not click on links in e-mail messages, even if they come from reliable sources. It is better to type them in the address bar.
• Do not open attached files that come from unknown sources. Be wary of files that claim to be Valentine’s greeting cards, romantic videos, etc.
• Protect your computer with security software capable of detecting both known and new malware strains.

Popularity: 3% [?]

Mozilla’s chief of security has confirmed a directory traversal vulnerability (bug) in Firefox that could expose private and confidential information inside the users’ computers. In other words, the flaw gives attackers unauthorized access to the data inside a victim’s computer.

The bug resides in Firefox’s chrome protocol scheme and allows directory traversal when certain types of extensions are installed. When a chrome package is “flat” rather than contained in a .jar the directory traversal allows escaping the extensions directory and reading files in a predictable location on the disk. This “may enable” malware authors to inject malicious code into the victim computer via crafted web pages to detect and exploit additional vulnerabilities inside it if not resolved quickly.

Hiredhacker.com blog posted a demonstration of the vulnerability, it shows how a particular web page can gain access to the saved settings in the Thunderbird e-mail client.

Mozilla cites Download Statusbar and Greasemonkey as examples of add-ons which permit exploitation of this vulnerability. The development team behind Download Statusbar has released a patch packed in a .jar. So if you are using these add-ons, better update them as quickly as you can.

Mozilla announced that the bug is a low risk and will be fixed in Render Engine version 1.8.1.12.

Popularity: 1% [?]