Free Republic

Worm lures victims with 'Naked World Cup'- World Cup malware targets English speakers By Robert McMillan, IDG News Service June 20, 2006 Soccer purists can breathe a sigh of relief. There is no Naked World Cup. IT professionals, on the other hand, may want to be a little more vigilant, as a new e-mail worm is on the loose that preys on the intense worldwide interest in the international sporting event. Called Sixem-A, the worm began circulating earlier this week, and has just recently been blocked by antivirus vendors. So far, the worm has been detected at only a handful...

Excerpt - LAKE BUENA VISTA, Fla. — In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at...

A dangerous new exploit in Internet Explorer could put PCs and data at risk, Microsoft has admitted. The flaw, for which code has already been published on the internet, could be exploited to set an email-borne virus free on the unsuspecting public. Potential viruses could come as an attachment that conceals the code, or could possibly redirect users to a site that will unleash the code on the user's machine, leaving the computer open to remote attack. Once the PC is being controlled by a malicious user, it can then be used to launch attacks on other PCs. Even supposedly...

Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us." I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.

Excerpt - NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain. "Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence." "It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team. SANS Institute, via its Internet Storm Center, has taken the unusual...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...

This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

I have been receiving an email since mid-afternoon. I guess its really huge and I tried to get the program to quit, but it won't. How do I stop this? PLEASE HELP!

Just days after announcing that it planned to halt development on Outlook Express, Microsoft has been forced to change its position following internal confusion and an outcry from customers. As reported earlier this week on silicon.com Microsoft had planned to stop product development on Outlook Express, which forms part of the Internet Explorer code bundled with consumer versions of Windows. At the time Dan Leach, Office product manager, said: "The technology doesn't go away, but no new work is being done." Under that vision, consumers would have been directed towards the company's MSN software, while businesses would be encouraged...

It might be the world's most widely distributed e-mail client, but Microsoft has confirmed that it has no intention of further developing Outlook Express. "[Outlook Express] just sits where it is," said Dan Leach, lead product manager for Microsoft's information worker product management group. "The technology doesn't go away, but no new work is being done. It is consumer e-mail in an early iteration, and our investment in the consumer space is now focused around Hotmail and MSN. That's where we're putting the emphasis in terms of new investment and new development work." While Outlook Express has always been...

<p>Microsoft Corp. on Friday said that a patch it released Thursday for an Outlook Express vulnerability erroneously tells users they need a different version of Internet Explorer in order to install the fix. In fact, the patch requires IE 6, but users who have installed Service Pack 1 for the browser are already protected against the new flaw. Thus when these users try to install the new patch, they receive an error message.</p>

Outlook Express flaw speeds hacking By Robert Lemos Staff Writer, CNET News.com October 11, 2002, 10:40 AM PT Microsoft warned Outlook Express users late Thursday that a software flaw could allow an online vandal to control their computers. A critical vulnerability in the e-mail reader could allow an attacker to send a specially formatted message that would crash the software and potentially take control of the recipient's computer. The flaw occurs in how the software handles messages that include components using secure MIME (multipurpose Internet mail extensions), a standard that allows e-mail messages to contain encrypted data and digital signatures....

My system: Dell Dimension 8100 with windows ME which I have since upgraded to 2000 I cannot utilize Outlook Express. Everything is read-only, if I attempt to forward, reply or even open, I get the following message: msimn.exe has generated errors and will be closed by windows. You will need to restart the programs.Couple weeks ago had a major break down, lost files, computer wasnt working properly, and while on phone to Dell support, system died. Dell sent me a new mother board which I have since installed. Downloaded IE 6.0, and have since uninstalled it and loaded 5.5. Still ...

Several vulnerabilities were reported in Outlook Express (OE). A remote user can send malicious e-mail with an attachment that will bypass OE's malicious file type filter and misrepresent the name and size of the file. http://securitytracker.com/alerts/2002/Jul/1004805.html

Bank customers know to shield their ATM passwords from prying eyes. But with the rise of online banking, computer users may not realize electronic snoops might be peeking over their shoulder every time they type. In a twist on online fraud, hackers and identity thieves are infecting computers with increasingly sophisticated programs that record bank passwords and other key financial data and send them to crooks over the Internet. That's what happened to Tim Brown, who had account information swiped out of the PC at his Simi Valley store. "It's scary they could see my keystrokes," said Brown, owner of...

Computer users are being urged to be on guard for a bogus e-mail that pretends to offer news updates about Hurricane Katrina as a means to infect their PCs. The malicious e-mail gives a brief news bulletin on the disaster before urging people to click "read more" and be taken to the full story on a website. Yet once directed to the website, a virus is sent to the user's computer. People are also being told to watch out for fraudulent e-mail scams pretending to raise cash for Katrina victims. It's sickening to think that hackers are prepared to exploit...

Microsoft Corp. warned users of its Windows operating system on Tuesday of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer. Computer security experts urged users to download and install the patches, which are available at www.microsoft.com/security. "Users (should) apply the updates as quickly as possible," said Oliver Friedrichs, senior manager of Symantec Security Response, part of security software company Symantec Corp. SYMC.O. Microsoft said that vulnerabilities exist in its Internet Explorer Web browser, the most severe of which could allow an attacker to take complete control...

Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer. Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user. One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack,...

Nova Scotia July 19, 2005 -- SpyCop today announced that the use of commercial monitoring spy software is on the rise in Internet phishing schemes, the latest scam used to steal personal information and even entire identities. The Anti-Phishing Working Group, web site at www.antiphishing.org, explains: "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials... Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware." The commercial spy software market has made available over 525 payware spy programs which include URL recorders, keyloggers, chat...