Spyware, Viruses, & Security forum

General discussion

NEWS - January 12, 2007

Exploit Released for Critical PC Hijack Flaw

Published 01:10:14 12.01.2007

A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts. A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts.

More info can be found at :



Discussion is locked
You are posting a reply to: NEWS - January 12, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 12, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
YaY popup

In reply to: NEWS - January 12, 2007

Published: 2007-01-12,
Last Updated: 2007-01-12 04:36:44 UTC
by Swa Frantzen (Version: 2)
We're seeing an outbreak of some malware causing pop-ups. It's possibly caused by a file USB.EXE, we're not sure if this is the only name used.

This new beastie is rather obnoxious: it seems to overwrite system binaries such as system tray tools, anti-virus software, instant messaging software, ... It also seems to hijack Internet Explorer and might be calling home that way.

More: http://isc.sans.org/

Collapse -
Oracle Borrows Security Notice Method from Microsoft

In reply to: NEWS - January 12, 2007

Borrowing a page directly from Microsoft's playbook, Oracle has implemented an advance notice mechanism for its quarterly release of security patches.

Beginning with the first CPU (Critical Patch Update) for 2007, due on Jan. 16, the database server giant is implementing a CPU Pre-Release Announcement that includes the name of version numbers of Oracle products affected by patches, a total count of vulnerabilities being fixed and a severity score for the most serious product flaws.

Microsoft started offering advance notice on its monthly security bulletins in late 2003, but when word leaked out it was only available for premium customers, the company expanded the mechanism to provide the pre-patch overview to everyone.


Collapse -
Month of Apple Bugs projects reveals highly critical Mac OS

In reply to: NEWS - January 12, 2007

Ericka Chickowski Jan 12 2007 07:06
A highly-critical vulnerability in Mac OS X that can be exploited to compromise users' systems was disclosed on Thursday.

The flaw is part of the Month of Apple Bugs (MoAB) project, the brainchild of Kevin Finisterre and a researcher with the handle of LMH.

LMH reported this current vulnerability, which is caused due to an integer overflow error in a function when handling UFS filesystem disc images.

Read more: http://www.scmagazine.com/us/news/article/625796/month-apple-bugs-projects-reveals-highly-critical-mac-os-x-flaw/

Collapse -
Firefox 3 Plans and IE8 Speculation

In reply to: NEWS - January 12, 2007

Posted by Zonk on Friday January 12, 2007

ReadWriteWeb writes

"Information about the next versions of Firefox and Internet Explorer suggest that the two biggest browsers are heading in different directions. Mozilla has published a wiki page detailing its plans for the next version of Firefox, codenamed 'Gran Paradiso'. Among the mandatory requirements listed for FF3 are improving the add-on experience, providing an extensible bookmarks back-end platform, adding more support for web services "to act as content handlers" ? all of which show that Firefox wants to be an independent information broker rather than a simple HTML renderer in its next version. Also in the works is Microsoft's IE8. According to ActiveWin.com, a Microsoft official at CES told them that work has already begun for IE 8 and it may be released as a final product 'within 18-24 months'. Looking ahead, it's obvious that IE will continue to hook into the advanced functionality that Vista offers."


Collapse -
New Java exploits brewing

In reply to: NEWS - January 12, 2007

Malicious code targets runtime software and development kits

Shaun Nichols in California, vnunet.com 12 Jan 2007

Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK).

The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December.

The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix.

Read more:


Collapse -
AOL Scraps Music Now in Favor of Napster

In reply to: NEWS - January 12, 2007

Existing customers will continue to pay the same fees and retain their login and payment details.
Peter Sayer, IDG News Service
Friday, January 12, 2007 07:00 AM PST

AOL has named Napster exclusive supplier of subscription music for its AOL Music site, and plans to migrate all 350,000 paid accounts away from the existing service, AOL Music Now, over the next 60 days.

Unless they opt out of the move, existing Music Now customers will be able to use the Napster service for the same fee they pay now, and their existing login and payment details and any prepaid credits will be retained, AOL said.

Read more: http://www.pcworld.com/article/128520-1/article.html?tk=nl_dnxnws

Collapse -
New Phisher Tactic: Pay Me Or I'll Kill You

In reply to: NEWS - January 12, 2007

The message claims to come from a professional hit man who supposedly has orders to murder the recipient, but will drop the contract if he is paid $80,000.

By Gregg Keizer

Jan 12, 2007 02:08 PM

A new scam arriving in e-mail inboxes contains a death threat, a security company said Friday, and marks a new low in fraudster tactics.

The spammed message claims to come from a professional hit man who supposedly has orders to murder the recipient, but will drop the contract if he is paid $80,000. The "killer" says he has been shadowing the recipient for 10 days, and will produce taped evidence of the planned killing for a down payment of $20,000.

"Do not contact the police or FBI or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do, beside [sic], this is the first time I turned out to be a betrayer in my job," the e-mail reads.

Read more: http://www.informationweek.com/story/showArticle.jhtml?articleID=196900571&cid=RSSfeed_IWK_Security

Collapse -
New MySpace Phish using CSS.

In reply to: NEWS - January 12, 2007

Jan 12 2007 4:11PM

This afternoon we discovered another attack on Myspace. MySpace users receive a message in their profile from someone called "Arnelle" with the following text:

"this chick is using like almost all of ur pix and part of ur profile.. people have no lives, i swear. heres the URL if u want to check it out"

Followed by a link to their Myspace page. The page itself is hosted within the Myspace.com domain and is a users profile page. Upon accessing the site the user is presented with their login credentials.

Read more: http://www.websense.com/securitylabs/blog/blog.php?BlogID=104

Collapse -
The verdict on Vista

In reply to: NEWS - January 12, 2007

Ever the punching bag for hackers and security professionals, Microsoft is hoping to polish its tarnished security track record with the final release of its long-awaited Windows Vista operating system this month. The company is touting the operating system (OS) as its most secure platform to date, and with its release expects to gain more confidence from both consumers and enterprise users.


Collapse -
Like it or not, social networking sites hit corporate firewa

In reply to: NEWS - January 12, 2007

It's been a week since Akhil Mishra, 25, a marketing and branding executive in a leading multinational company in Gurgaon has been fired. The reason for firing him has become an issue of debate in almost all companies across the city and the NCR. Akhil's crime: he was caught accessing Orkut and Hi5 through proxy sites while the company had already blocked and restricted access to all social networking websites at work. Akhil who had been working in the company for the last three years is disappointed with the way the company has reacted. "Chatting for an hour or two in the midst of a 12-hour schedule is reasonable and justified," he said. Though all 20-something colleagues are also of the same opinion. The 40-plus IT administrators of the company have monitored and recorded several hours of chatting and thousands of hits on Orkut everyday. But the latest buzz is that IT software and large corporation all over the country have started imposing restrictions on Internet usage in general and social networking sites like Orkut, Youtube, Fropper and MySpace in particular. The HR teams of these companies have accused these sites of being a major distraction, hampering productivity and efficiency of employees, increasing broadband costs and contributing to frequent job shifts.


Collapse -
Group nets $1 million in piracy settlements in December

In reply to: NEWS - January 12, 2007

The Software & Information Industry Association (SIIA) received more than $1 million for software piracy settlements in December, the group announced Friday.

SIIA, a trade group representing software vendors and digital information providers, reached settlements in 11 cases last month, the group said in a press release. The $1 million in settlements represents one of the five highest monthly totals for the trade group, an SIIA spokesman said.


Collapse -
Court orders Movieland.com to limit pop-ups

In reply to: NEWS - January 12, 2007


"A U.S. District Court in California has ordered a movie download service to stop barraging users with pop-up advertisements.

The court, through an interim agreement that settles an FTC lawsuit, has ordered Digital Enterprises, which does business as Movieland.com, to limit pop-ups and seek consent from users before offering any ads that might seek payment from customers.

The FTC suit claimed customers of Movieland.com downloaded software that enabled pop-up windows that bombarded customers and could not be minimized or closed. The ads, which claimed the customers never canceled their membership after a free three-day trial period, demanded $29.95 to end the pop-ups."

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.