A free security tool is slaughtering the Zbot botnet, having cleaned the malware responsible for harvesting zombie computers from almost 280,000 machines.
In just a few days, MSRT has delivered a heavy blow to the network of zombie computers, with a few hundred thousand PCs having been cleaned.
MSRT was refreshed and offered to all Windows users via Windows Update on October 12, as a part of the company’s monthly release of security bulletins.
“Since the release of MSRT on Tuesday we have removed Zbot 281,491 times from 274,873 computers and is the #1 family of malware removed (which is not uncommon the month a family is added),” revealed Microsoft’s Jeff Williams. More »
Microsoft has released an advisory confirming a previously unknown vulnerability in the way Windows processes shortcut files. The critical bug is trivial to exploit, affects all versions of Windows and allows for arbitrary code execution.
The vulnerability (CVE-2010-2568) came to Microsoft’s attention after Belarusian antivirus vendor VirusBlokAda discovered a new piece of USB malware that was actively exploiting it in the wild. The bug allows an attacker to create a special shortcut file (.lnk), that will execute an executable, when the folder containing it is opened in Windows Explorer, or another file manager able to process shortcut icons.
The Microsoft advisory is a bit confusing, the “Executive Summary” section stating that “malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. More »
It is nothing short of ironic that game password stealing malware is being associated with an exploit designed to target a vulnerability in DirectX. But Microsoft officially confirmed that malicious code designed to harvest account credentials for online games had been detected bundled with exploits targeting the DirectShow vulnerability impacting Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003.
The flaw is Critical, the company warned in May 2009, when it revealed that users executing malicious QuickTime media files were at risk of remote code execution.
“Users, upon visiting a specially constructed web page that invokes the vulnerable media plug-in, will encounter exploit shellcode, which further execute and download additional malware to the infected machines. Intending to bypass antimalware protection, malware binaries are encrypted in the download data stream. New dog, same old tricks. To wrap up the attack scene, under the cover of the new exploits are the old long-lived online-game password stealers: PWS:Win32/Wowsteal.AP (drops PWS:Win32/Wowsteal.AP.dll); TrojanDropper:Win32/Dozmot.C (drops PWS:Win32/Dozmot.C and VirTool:WinNT/Dozmot.A); and TrojanSpy:Win32/Lydra.AE,” revealed Microsoft’s Lena Lin, Cristian Craioveanu, Josh Phillips and Patrick Nolan. More »
Contrary to some of the stories circulating in the more excitable sections of the media millions of PCs didn’t suddenly blow up following the much-anticipated reactivation of the Conflicker C virus on April 1st. In fact, at the time of writing nothing much seemed to have happened and the world moved on to more important matters. Nevertheless, this virus, and its ilk do present an ongoing threat, especially for PC owners who do not keep their security software and Windows Updates current. By the way, if you have any concerns about Conflicker C and malware in general and you think your PC may be infected I wouldn’t ask Google. I typed in ‘Conflicker C Removal’ a couple of days ago and the first three hits all led to websites carrying the virus!
If you have been lax with your security updates then your best bet is to download the free Microsoft Malicious Software Removal Tool, which scans your PC for Conflicker and a raft of other nasties, but in the end the best way to avoid becoming infected is to install a decent anti-virus program and regularly sweep your PC with cleaners like AdAware, A-Squared and Spybot.