Spyware, Viruses, & Security forum

General discussion

NEWS - December 3, 2009

by Donna Buenaventura / December 2, 2009 4:42 PM PST
Botnet Behind H1N1 Malware Campaign

Tuesday, when the bogus CDC messages began hitting inboxes, several e-mail security firms said they were seeing an enormous number of messages hit their filters. Florida-based AppRiver, for example, said the campaign averaged about 18,000 messages per minute, or about 1.1 million per hour.

Today, AppRiver is seeing fewer messages -- about 9,500 a minute -- but still characterized the campaign as "very high volume" and the biggest malware-oriented run currently reaching its customers.

"It's slowed slightly," said Troy Gill, a security researcher with AppRiver today. "We've blocked approximately 13 million messages in the past 24 hours, but it's still the most predominant virus/phishing campaign right now."

The Zbot Trojan being distributed is a new variant that yesterday went undetected by 37 of 41 anti-virus detection engines, said Gill. "Today, 21 out of 41 are recognizing it," he said.

The fake CDC site also has a backup attack plan in place for those people cautious enough not to click on the link. The site includes an IFRAME -- a small invisible element on the page that contains attack code -- that exploits recent Adobe Software vulnerabilities, said Gill. "The hidden IFRAME has some references to Adobe [Reader] and Flash [Player] exploits," Gill said.

Adobe has patched Reader and Flash Player several times this year, as its popular applications have increasingly become targets for attackers frustrated by their inability to exploit Windows. The most recent Adobe Reader update, for instance, patched 29 vulnerabilities in the PDF viewer. The October update was the fourth this year that plugged a hole already being used by hackers.


See also earlier news on the above in yesterday's news thread: http://forums.cnet.com/5208-6132_102-0.html?messageID=3188154#3188154
Discussion is locked
You are posting a reply to: NEWS - December 3, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 3, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft and Consumers Take Action Against Global Software
by Donna Buenaventura / December 2, 2009 4:47 PM PST

Initiatives to protect consumers launched in more than 70 countries on Consumer Action Day.

Microsoft Corp. announced a surge of voluntary reports - more than 150,000 in the past two years - from people who unknowingly purchased counterfeit software that was often riddled with viruses or malware. This increase, more than double the amount of previous records, reflects growing concern for the harm caused by counterfeit software and Microsoft's efforts to give people a voice in the fight against software counterfeiting.

In addition, Microsoft today announced a surge of its own with Consumer Action Day, a simultaneous launch of education initiatives and enforcement actions in more than 70 countries to help protect consumers and increase awareness of the risks of counterfeit software.

"Consumers want action. The majority of our enforcement cases announced today resulted from tips and reports from consumers," said David Finn, associate general counsel for Worldwide Anti-Piracy and Anti-Counterfeiting at Microsoft. "Consumers who are duped by fraudulent software encounter viruses, lose personal information, risk having their identities stolen, and waste valuable time and money. Today's announcement demonstrates our commitment to working with others, including our partners, government agencies and nongovernmental organizations, to protect people from the ill effects of counterfeit software."

More in http://www.microsoft.com/presspass/press/2009/dec09/12-02globalpiracyactionpr.mspx

Collapse -
Malware messes up India's online test for business schools
by Donna Buenaventura / December 2, 2009 4:50 PM PST

The move by India's top business schools to take their CAT entrance test online turned embarrassing after malware-infected computers left a number of students unable to take the test.

Prometric, a Baltimore, Maryland, testing company hired to conduct the CAT (Common Admission Test), said this week that the testing labs faced technical difficulties mainly due to malware and viruses. It said on the CAT Web site that it has decided to reschedule the tests for the affected students.

Over 240,000 candidates registered for the CAT 2009, which was scheduled to run from Nov. 28 to Dec. 7. While the written test was held on a single day in previous years, the online test this year was spread over 10 days, giving candidates the option to choose a date and center for the test.

Prometric was to conduct the tests across labs in 32 cities in the country. The tests are continuing after the initial disruption.

But on the first day of the test, computer viruses and malware prevented 47 testing labs from delivering the test to candidates as scheduled.

Continue reading in http://www.thestandard.com/news/2009/12/03/malware-messes-indias-online-test-business-schools

Collapse -
Not every Christmas card wishes you well
by Donna Buenaventura / December 2, 2009 5:16 PM PST

From Avira TechBlog:

There are only 21 days left until Christmas and plenty people already started to prepare Christmas postcards for family, friends and business partners. Some of us send them in the classical way, some use electronic ways to send them. So it is no surprise that in December you see a lot of emails in you inbox announcing you that you received an electronic postcard from someone you may know.

See screenshots of Christmas malware spam in http://techblog.avira.com/2009/12/03/not-every-christmas-card-wishes-you-well/en/

Collapse -
Adobe Advanced Security Update Notification on Flash Player
by Donna Buenaventura / December 3, 2009 4:46 AM PST
Collapse -
Above Addressed: Security Bulletin & Update Information
by Carol~ Moderator / December 8, 2009 9:27 AM PST
Security updates for Adobe Flash Player

Release date: December 8, 2009
Vulnerability identifier: APSB09-19

Critical vulnerabilities have been identified in Adobe Flash Player version and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player and earlier versions update to Adobe Flash Player Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.

Affected software versions:
Adobe Flash Player and earlier versions
Adobe AIR 1.5.2 and earlier versions

To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Adobe Flash Player
Adobe recommends all users of Adobe Flash Player and earlier versions upgrade to the newest version by downloading it from the Flash Player Download Center or by using the auto-update mechanism within the product when prompted.

Adobe AIR
Adobe recommends all users of Adobe AIR version 1.5.2 and earlier update to the newest version 1.5.3 by downloading it from the Adobe AIR Download Center.

Severity rating:
Adobe categorizes these as critical issues and recommends affected users update their installations to the newest versions.

Collapse -
update Adobo Flash w/o their DownLoadManager?
by davidwholt / December 9, 2009 8:12 AM PST
Collapse -
Adobe's DLM
by Carol~ Moderator / December 10, 2009 1:10 AM PST


These were the direct downloads I used for the previous version of Flash Player. I believe they will install v10.0.42.34, but I can't tell you with 100% certainty.

For Firefox, Safari and Opera:
For Internet Explorer:

Additional links:

"How to uninstall the Adobe Flash Player plug-in and ActiveX control" - http://kb2.adobe.com/cps/141/tn_14157.html

"Test Version of Flash Player" - http://www.adobe.com/products/flash/about/

I don't remember what I clicked on, but I somehow managed to avoid the DLM. It may have been, "If it does not start, click here to download''. If you can't get around using the DLM, you're able to remove it via Add/Remove. The DLM is also "supposed to" uninstall itself from the system after a restart.

It's the best I know to tell you....

Collapse -
Yep, Worked For Me.. Installed On About 50 Comps So Far...
by Grif Thomas Forum moderator / December 10, 2009 1:39 AM PST
In reply to: Adobe's DLM

Clicking on the links you've provided simply started the browser's download dialogue box.. Of course, I've removed/uninstalled ALL download managers from our machines.

Hope this helps.


Collapse -
(NT) Thanks for the confirmation, Grif! It helped! :)
by Carol~ Moderator / December 10, 2009 1:45 AM PST
Collapse -
by Fish / December 10, 2009 3:24 AM PST
In reply to: Adobe's DLM

I have listed in my add remove panel
getplus(R) for adobe.Does this belong there or is it the mentioned DLM
that Grif removed? Fish

Collapse -
by Carol~ Moderator / December 10, 2009 4:06 AM PST
In reply to: Carol


The DLM is specified as such in Add/Remove. If what you're seeing is GetPlus(R)_ocx, you can safely remove it. Neither of the two are needed.


Collapse -
by Fish / December 10, 2009 4:30 AM PST
In reply to: <((()((><

the listing is exactly as follows
getplus (R) for Adobe

No -ocx or anything else.
I shall delete that ******. Thank you as always. X(((((*>

Collapse -
Introducing Google Public DNS
by Donna Buenaventura / December 3, 2009 4:57 AM PST

When you type www.wikipedia.org into your browser's address bar, you expect nothing less than to be taken to Wikipedia. Chances are you're not giving much thought to the work being done in the background by the Domain Name System, or DNS.

Today, as part of our ongoing effort to make the web faster, we're launching our own public DNS resolver called Google Public DNS, and we invite you to try it out.

Most of us aren't familiar with DNS because it's often handled automatically by our Internet Service Provider (ISP), but it provides an essential function for the web. You could think of it as the switchboard of the Internet, converting easy-to-remember domain names - e.g., www.google.com - into the unique Internet Protocol (IP) numbers - e.g., - that computers use to communicate with one another.

The average Internet user ends up performing hundreds of DNS lookups each day, and some complex pages require multiple DNS lookups before they start loading. This can slow down the browsing experience. Our research has shown that speed matters to Internet users, so over the past several months our engineers have been working to make improvements to our public DNS resolver to make users' web-surfing experiences faster, safer and more reliable. You can read about the specific technical improvements we've made in our product documentation and get installation instructions from our product website.


Collapse -
by MarkFlax Forum moderator / December 3, 2009 5:17 AM PST

Thanks for that Donna, very interesting, and it seems to me, a huge move by Google.

I will not be trying it out myself yet, (I'm too chicken), but reading their article on security I can see why they think this might be a good move.

But are there implications? I believe so.

1] I suspect we're going to see a number of posts from users who have tried this change, it doesn't work, and they don't know how to change back.

2] What will ISPs think of this? Will they object to Google trying to take over their administration of IP address allocations?

3] Is Google trying to take over the world? Devil


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?