Bardissi Enterprises Blog

Severity: Medium

4 April, 2008

Summary:

• These vulnerabilities affect: Symantec’s Internet Security Suite, and other Norton products (see Exposure section for details)
• How an attacker exploits them: By enticing one of your users into visiting a malicious web site
• Impact: An attacker can execute code on your user’s computer, with your user’s privileges
• What to do: Force a LiveUpdate immediately to ensure that you have the latest versions of Norton software

Exposure:

In posts [ 1 / 2 ] to the Full-Disclosure mailing list, iDefense describes two security vulnerabilities that affect an ActiveX control which ships with Norton Internet Security Suite. The flaws also affect Norton 360, Norton AntiVirus, and Norton SystemWorks.

If you have purchased a Maxtor Basics Personal Storage 3200 product since August 2007 the product may be infected with a virus.  Kaspersky Labs, a maker of anti-virus software, has alerted Seagate to the existence of a virus found on at least one Maxtor Basics Personal Storage 3200 product. Seagate has traced this issue to a small number of units produced by a Maxtor sub-contract manufacturer located in China.  Seagate quickly put a stop ship to units leaving the facility as soon as the company learned of the probable infection. All units now leaving the facility in question have been cleared of the virus and units in inventory are being reworked before being released for sale.  However, some affected units may have been sold to the public before the problem was detected. Seagate apologizes for the inconvenience that has been caused as a result of this incident.

To determine if the Maxtor Basics Personal Storage 3200 drive you have may be infected, or if you have any questions about this virus, please call Seagate customer support. Please have the serial number of your Maxtor Basics Personal Storage 3200 drive ready when you call. See link at the bottom of this page for a list of Seagate customer support phone numbers. 

The effects of this virus are minimal.  According to Kaspersky the virus is the Virus.Win32.AutoRun.ah, a molar virus that searches for passwords to online games and sends them to a server located in China. It also deletes other molar viruses and can disable virus detection software. All of the known games affected are Chinese with the exception of World of Warcraft.  The following games are affected.

I’d like to announce the start of a special month-long event at TechSoup to help you address one of the top concerns we hear from nonprofits — it’s our 5th annual Stop Spam Today campaign!

The campaign culminates in a free giveaway of Mailshell’s Anti-Spam Desktop software on December 5. Read more about Stop Spam Today below.

If your organization’s subscription to popular Symantec products is about to expire, renew them through TechSoup Stock — read on for details. Also, I’d like to announce the addition of new product donations from Microsoft: Microsoft Communicator 2007 and access licenses for Microsoft Communications Server 2007.

Finally, learn how Blancco’s disk erasure tools can help you reuse or donate a computer with the peace of mind that your sensitive data has been securely removed.

============================================

“STOP SPAM TODAY” WITH FREE RESOURCES & SOFTWARE ============================================

TechSoup Stock and Mailshell are pleased to announce the start of our 5th annual Stop Spam Today campaign, a month-long event that features helpful articles, resources, and online discussions about fighting spam at your nonprofit or public library. This unique campaign culminates in a free giveaway of Mailshell anti-spam software donations for eligible U.S. and Canadian organizations.

While surfing the web, a pop-up appears, warning you that your computer is infected, and demanding that you clean up your PC. Supposedly, all you must do to fix the problem is buy a certain security program.

Sound familiar? You may have been one of the many that have downloaded an anti-spyware or anti-virus program, only to find out later that you have been duped. As malware writers inundate the web with rogue programs, this kind of trickery is becoming more and more common.

Today, there are many genuine anti-spyware and anti-virus programs to choose from, but users must be cautious to avoid the ‘rogue’ programs that exploit and prey on the insecurities and lack of education among computer users.

Rogue security software comes in different varieties. Some products defined as “rogue” simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying their products. The application may mimic trusted products like Ad-Aware, scare the user with false scan results, or even infect the user’s computer with spyware and adware.

As cyber scammers make money from unsuspecting PC users, they continue to sell their bogus applications. There has been a sharp rise in the number of malware infections caused by rogue security software. Industry experts have reported a five-fold year-on-year increase in the use of these programs.

Another related trick that online surfers need to be on the lookout for is rogue websites – sites that are intended to look legitimate in order to spread online scams. In mid October, researchers at McAfee broke the news of a fake Microsoft “anti-spyware center” website, promoting a rogue anti-spyware program called AntiSpyStorm. Along with that, there are also dozens of rogue websites that are popping up with pirated software, bundling it together and selling it as legitimate.