Security threats and program patches for 1st quarter of 2012
We are just 1/3 month into the second quarter of 2012 and we have had a lot of security vulnerabilities, threats attacking them and program patches released by major software companies. These patches include Windows Updates, Mac (Apple) Updates, Adobe Flash, Air and Reader, Oracle's Java Virtual Machine, Internet Explorer, Firefox, Safari and Chrome browsers, Real Player and iTunes.
All of the software updated by these companies, over the past three months has suffered from highly critical security vulnerabilities, many of which are now being actively exploited by cyber crime gangs who publish exploit attack kits. Java exploits are almost always the first types of exploits targeted by crimeware kits, like the Russian Blackhole kit.
Some of you may be wondering how these exploits are delivered to your computer in the first place. The most common method of luring potential victims to scripted exploit kits is via cleverly crafted, hostile email spam messages. These hostile spam messages differ from standard commercial spam in that they aren't trying to sell you counterfeit pills, watches, or pirated software. Rather, they use well constructed come-ons to con or panic recipients into either opening attached files containing Trojans or JavaScript codes redirecting your browser to a malware server, or clicking on obscured links to compromised websites.
After one clicks upon such a link, the scripts on the compromised landing page usually redirect you to other compromised websites and scripts, until you ultimately arrive at a distant server owned by cyber criminals, often in Eastern Europe. These servers use domains registered in places like Russia and the Ukraine to launch exploit kit attacks on your web browser and its add-ons and plug-ins, with Java plug-ins leading the pack. Adobe Reader (PDF files) and Flash are major secondary targets, followed by iTunes and Quicktime, Microsoft Word and just about any popular software that can be used to gain access to the operating system.
This is why reputable software companies release security updates on a more or less regular basis. Microsoft releases Windows Updates almost every month, on the second Tuesday of the month. Adobe has agreed to also release any critical patches on the same Tuesday. This has become known as Patch Tuesday. Make a note of this and if you have a Windows computer running XP with Service Pack 3, or Vista, or Windows 7, or Windows Server 2003 or newer, set your Automatic Windows Updates to check for updates at least every Tuesday, at the equivalent of 2 PM Eastern time for your time zone. Accept all updates rated Important or Critical. Reboot after all updates are installed and log back into an administrator level account to ensure that any further processing takes place, before logging into a less privileged account.
Note: There have now been four Patch Tuesdays so far in 2012, with the most recent being April 10, 2012. If you have not run Windows Updates this week, do so now. Two very serious vulnerabilities were patched this week. One is for Internet Explorer and the other for Microsoft Word. Exploits are now in the wild for both vulnerabilities.
What types of subjects are being used in hostile spam messages?
Hostile spam emails frequently pretend to be invoices from well known online businesses, like Intuit, NewEgg, Amazon, etc, or as account activity alerts spoofing PayPal, or your bank, NACHA, ACH, BBB, or fake Wire Transfer and transaction cancelled/pending notices, or fake Facebook Friend Requests, or spoofed LinkedIn updates. This week has seen a lot of fake Wire Transfer Transaction scams, several fake Facebook Friend Requests, a few fake Intuit invoices and a bunch of money mule scams disguised as Work At Home schemes.
The payload delivered by most of these email scams is the Zeus bank account stealing Trojan, plus a botnet backdoor remote control installer. Others download fake anti-virus alerts to your computer, holding it hostage until you either pay to "activate" the fake virus remover, or hire a computer troubleshooter to remove the infection, or disinfect it yourself. Some malware even encrypts all of your files until you pay a ransom to crooks in the Ukraine.
Most of this misery can be avoided by keeping up with when updates and patches are released for your operating system, plus any third party software that runs in a web browser as a plug-in, add-on or extension, or which opens another application when you click on a link in a web page (e.g. Adobe Reader for PDF files, Quicktime, iTunes, etc.). This used to be a monumental task, as until recently most companies producing such software and apps required users to manually check for updates.
Some 3rd party software, like old versions of Java issued by Sun (before they were acquired by Oracle), didn't even remove previously installed versions when you installed a newer version, in fear of breaking some feature being used in those versions. This "feature" caught the attention of the code writers employed by Russian malware companies. They began writing attack scripts that targeted old vulnerable versions of Java by the default installation locations on hard disks.
Nowadays, most reputable software companies have an automatic update checking module included when you update to a current version. Adobe Flash is the latest to join the big dogs with automatic updates. Still, every one of these applications makes the user decide what type of automatic updates they want to receive. This ranges from full automatic, to notify only. I prefer fully automatic updates, downloaded and installed. Let me know that an update occurred and tell me if it needs to close my browser or restart Windows, or Mac computers. Show me a signed certificate so I know its from the actual company, then finish the patching. My work can be saved and reopened after the computer reboots, or the browser closes and opens again.
Above all, make sure that if you have Java installed, you use the Java icon in Control Panel to set the automatic update checker for every day, at a time when the computer is normally on. They have no timetable or schedule for patches, so I have it check every single day. Next, if you have Adobe Reader (and/or Acrobat) installed, first go to Adobe.com and download the latest secure version. Then, open Reader, click on the "Edit" menu item, mouse down to "Preferences" and click on that. At the bottom of Preferences click on Updater. Select the top option: Automatically install updates and apply it. Close the preferences.
The latest version of Adobe Flash now offers automatic updating. I strongly recommend that you accept this option! Go through any other common third party software, like iTunes, Quicktime, Safari, or anything from Apple (like the Mac OS) and find an option to automatically check for and apply updates. You won't be sorry.
Sometimes, even when a third party software producer issues an update to plug a security vulnerability, other companies that use a custom version of that program may lag behind in issuing their updates. This applies to Google Chrome browsers and most irritatingly, to Mac computers. In February 2012, Oracle released their most recent patched version of Java. It took Apple until last week to issue a patch for only the most recent versions of OSX. They left 600,000 loyal Mac users out in the cold, as they became infected with the Flashback Trojan. Adobe has yet to issue a remover for this Trojan, which installed with or without user passwords. Fortunately, some security firms have stepped up and offer their own Mac Flashback Trojan removers. ARS Technica published a list of some of them this week.
I use two online scanning services to check computers for missing patches and updates to popular browser plug-ins and the operating system you use. One is from Secunia, which uses of all things, Java, to poll for what is installed and if an update is available and the other is from Qualys, which checks you browser plug-ins to see if they are current or need updating. I prefer the Qualys Browser Guard because it doesn't use Java at all, yet checks for it. Both provide links to the legitimate companies download pages for the out-dated software they detect.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.