Microsoft Security Bulletin Advance Notification for April 2009
Revision Note: Advance Notification published.Summary: This advance notification lists security bulletins to be released for April 2009.
Conficker.E
By MSRCTEAM
We’ve seen some activity in the Conficker space in the past two days and this has caused some questions from customers. Specifically, there have been reports of two possible new variants of Conficker. Our colleagues over at the Microsoft Malware Protection Center (MMPC) have done a thorough analysis of both of these and have determined that there’s really only one new variant, which they’re calling Conficker.E. Most importantly, the signatures that protect against Conficker.A are also effective at protecting against Conficker.E. The other possible new variant is only a slightly modified version of Conficker.D and our Conficker.D signatures protect against it. Also, our virus encylopedia entry for Conficker.D has been updated to include information about this slightly modified version.
There’s more detailed information on Conficker.E on the MMPC blog and in the encyclopedia entry. But at a high level, this has similar propagation methods to Conficker.B (attempting to exploit MS08-067, attacking weak passwords on administrative shares and spreading via removable media like
drives). However, it also has instructions so that it will also delete itself on
The important thing is that our guidance for protecting yourself remains the same. If your systems and security software are fully updated, you don’t need to be concerned about Conficker.
As always, we’re continuing our work with the Conficker Working Group and will update you as we have new, important information.
Thanks.
Christopher
April 2009 Advanced Notification
By MSRCTEAM
Hello, Bill here.
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, April 14, 2009 around 10 a.m. Pacific Daylight Time. This should help you plan for your deployment process for next week and address these vulnerabilities to protect your computing environments.
As part of this month’s security bulletin release process, we will issue eightsecurity bulletins – five rated ‘Critical,’ two rated ‘Important,’ and one rated ‘Moderate.’ These bulletins address vulnerabilities in Microsoft Windows, Microsoft Excel, Internet Explorer, and Microsoft ISA Server. Depending on the bulletin, a restart may be required. The updates will be detectable using the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the “Other Information” section of the Advanced Notification.
As always, we’ll be holding the April edition of the monthly security bulletin webcast on Wednesday, April 15, 2009 at 11 a.m., Pacific Daylight Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand, as well at the same URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032395126&EventCategory=4&culture=en-US&CountryCode=US. Furthermore, we’ll also be posting the text of the questions and answers as well as a video synopsis on this page.
You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032395126&Culture=en-US
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Instant knowledge, free of charge
By vmtn@vmware.com (VMTN) on Technical Information
Chad Sakac(EMC), aka Virtual Geek, published some excellent articles over the last couple of weeks. Chad's articles have a common theme, storage + VMware. Don't think it's a marketing blog for EMC, there is in-depth information to be found in...
A Guide to Encrypted Storage Incident Handling
Category: Incident Handling
Paper Added: April 9, 2009
Firefox 3 updates now in Seamonkey, (Fri, Apr 10th)
For those of you who use Seamonkey's all in one environment as a Web, Mail, newsgroup client, HTML e ...(more)...
Something for the holiday? Nessus 4 is out, (Fri, Apr 10th)
The people over at Tenable have released Nessus version 4 just in time to give us all something ...(more)...
Cisco security advisory , (Thu, Apr 9th)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA and PIX appliances. http://www ...(more)...
Conficker Working Group site down, (Thu, Apr 9th)
Yes, we've noticed it too. The Conficker Working Group website appears to be down at the momen ...(more)...
Wireshark 1.0.7 released, (Thu, Apr 9th)
In case you hadn't noticed yet, they've updated one of our favorite tools, Wireshark. The new ...(more)...
Conficker update with payload, (Thu, Apr 9th)
Various sources report that some conficker infected systems are receiving updates now. The update ma ...(more)...
China Denies Cyberattacks on U.S. Power Grid (PC World) (Yahoo Security)
Updated Conficker Ropes Victims into Rogue Antivirus Scam (E-Week Security)
Check Point Slashing ZoneAlarm Price for 24 Hours (PC Magazine) (Yahoo Security) Electric Power Grid Hack Lights-Up Cyber Security Infrastructure Experts (E-Week Security)Conficker, the Internet's No. 1 Threat, Gets an Update (PC World) (Yahoo Security)
Many Enterprises Still Don't Recognize Insider Threat, Studies Say
Many companies lag in deploying data leak protection technology to mitigate insider threats, studies say
Conficker Finally Awakes & Dumps Payload
By Darknet on worms
So it seems something big was brewing with Conficker, they just didn’t want to do what everyone expected and unleash it on April 1st when all eyes were on them. Smart move really, they kept quiet and waited a week or so after before dropping some fairly serious and complex payloads (encrypted rootkits). It seems like they [...]
Eight others also got training in wireless hacking: Peerbhoy
Posted by InfoSec News on Apr 10
http://timesofindia.indiatimes.com/India/Eight-others-also-got-training-in-wireless-hacking-Peerbhoy-/articleshow/4381802.cms
[Backround: http://www.infosecnews.org/hypermail/0903/16060.html - WK]
The Times of India
9 April 2009
MUMBAI: Mansoor Peerbhoy, the whiz kid of terror outfit Indian...
Re: Electrical grids operator tries to stay ahead of hackers
Posted by InfoSec News on Apr 10
Forwarded from: Richard Forno <rforno (at) infowarrior.org>
Jeebus. Everyone in the world needs to take a deep breath and calm the
hell down here. They're screaming bloody murder about hackers and the
power grids and ZMFGTHESKYISFALLING. How quickly they forget that this
kind of...
Taking a Lesson in Federal Compliance from the Chemical Industry
Posted by InfoSec News on Apr 10
http://www.csoonline.com/article/488249/Taking_a_Lesson_in_Federal_Compliance_from_the_Chemical_Industry
By Jon Harmon
Honeywell Process Solutions
CSO
April 09, 2009
In many ways, the role of the CSO is directly tied to business
profitability. By creating and enforcing policies that...
- Keep New:
- Posted on: Fri, Apr 10 2009 6:22 AM
- Email This
- Clip/Blog This
Secunia Weekly Summary - Issue: 2009-15
Posted by InfoSec News on Apr 10
============================================= The Secunia Weekly Advisory Summary
=============================================
China denies cyberattacks on U.S. power grid
Posted by InfoSec News on Apr 10
http://www.networkworld.com/news/2009/041009-china-denies-cyberattacks-on-us.html
By Owen Fletcher
IDG News Service
04/10/2009
Malware attacks from China and Russia designed to shut down the U.S.
electrical grid in a time of war did not occur, China said Thursday.
"The incident of...
USENIX EVTWOTE 09 CFP Submissions Deadline Approaching
Posted by InfoSec News on Apr 10
Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
The submissions deadline for the 2009 Electronic Voting Technology
Workshop/ Workshop on Trustworthy Elections (EVT/WOTE '09) is
approaching.
Please submit all papers by April 17, 2009:
http://www.usenix.org/evtwote09/cfpb
Sabotage attacks knock out phone service
Posted by InfoSec News on Apr 10
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/04/10/MNP816VTE6.DTL
By Nanette Asimov,
Ryan Kim,
Kevin Fagan
Chronicle Staff Writers
April 10, 2009
Police are hunting for vandals who chopped fiber-optic cables and killed
landlines, cell phones and Internet service for tens of...
Company Caught in Texas Data Center Raid Loses Suit Against FBI
Posted by InfoSec News on Apr 9
http://blog.wired.com/27bstroke6/2009/04/company-caught.html
By Kim Zetter
Threat Level
Wired.com
April 08, 2009
A company whose servers were seized in a recent FBI raid on Texas data
centers applied for a temporary restraining order to force the bureau to
return its servers, but was...
Top U.K. Police Official Resigns After Security Gaffe
Posted by InfoSec News on Apr 9
http://online.wsj.com/article/SB123926842112704625.html
By CARRICK MOLLENKAMP and ALISTAIR MACDONALD
Wall Street Journal
April 9, 2009
A top British counterterrorism official resigned Thursday after an
operation targeting a group with suspected ties to al Qaeda was
accelerated following...
International Hacking Competition Held in Korea
Posted by InfoSec News on Apr 9
http://english.chosun.com/w21data/html/news/200904/200904090035.html
Arirang News
April 9,2009
Some of the world's top computer coders gathered in Korea this week for
the Hacking Protection Competition as a part of Codegate 2009, an
international hacking event. The hackers were given 24...
Electrical grids operator tries to stay ahead of hackers
Posted by InfoSec News on Apr 9
http://www.chron.com/disp/story.mpl/business/6365514.html
By TOM FOWLER
Houston Chronicle
April 8, 2009
Texas̢۪ electric grid operator constantly upgrades its computer security
to protect against intrusion by hackers, its chairman said Wednesday
following published reports that foreign...
Cyber Warfare Conference: Agenda Cooperative Cyber Defence Centre of Excellence Conference on Cyber Warfare June 17-19, 2009 Tallinn, Estonia www.ccdcoe.org
Posted by InfoSec News on Apr 9
Forwarded from: k g <kgconference (at) gmail.com>
Jaak Aaviksoo, Estonian Defence Minister
Opening Remarks
KEYNOTE
The Information Warfare Monitor
Tracking GhostNet: Investigating a Cyber Espionage Network
KEYNOTE
Mikko Hypponen, Chief Research Officer, F-Secure
Evolution of the...
Power Grid Hack Highlights Where Government Cyber-security Efforts Fall Short
Posted by InfoSec News on Apr 9
http://www.eweek.com/c/a/Security/Power-Grid-Hack-Highlights-Where-Government-Cyber-Security-Efforts-Fall-Short218464/
By Brian Prince
eWEEK.com
2009-04-08
Reports that the U.S. electric grid was penetrated by foreign spies may
on the surface seem shocking. But as Brightfly Managing...
Conficker wakes up, updates via P2P, drops payload
Posted by InfoSec News on Apr 9
http://news.cnet.com/8301-1009_3-10215678-83.html
By Elinor Mills
Security
CNews News
April 8, 2009
The Conficker worm is finally doing something--updating via peer-to-peer
between infected computers and dropping a mystery payload on infected
computers, Trend Micro said on Wednesday....
UK police bust lottery scam centre in Somerset
Scammers told: 'Get orf moi laaand!'
Police have busted a bogus lottery winner scam, following a raid on a cheque processing and clearing house in Somerset.…
UK.gov delays new data breach powers
ICO still waiting for teeth
The government has failed to meet its own deadlines to bring in new powers for the Information Commissioner's Office (ICO) to fine companies who lose personal data.…
New e-crime units nabs nine banking Trojan suspects
e-busted
Nine suspects in a banking Trojan case have been arrested by specialist cybercops from the UK's new Police Central E-Crime Unit (PCeU).…
Conficker botnet stirs to distribute update payload
It's alive!
The Conficker superworm is stirring, with the spread of a new variant that spreads across P2P and drops a payload. It is thought to update machines infected by earlier strains of the worm.…
Tool: GreenSQL-FW 1.0.0 released
By Romain Gaucher on Tools
"GreenSQL team is ready to present new version of GreenSQL - SQL Database Firewall. GreenSQL intercept SQL commands being sent to MySQL, checks them, and then either halts the query or passes it on to MySQL proper. Then it returns the query results to the calling application. Currently only MySQL database...
Improving Security with URL Rewriting
By Robert A. on Research
"Most web application security experts frown on the practice of passing session or authentication tokens in a URL through the use of URL rewriting. Usually these tokens are passed between the server and the browser through HTTP cookies, but in cases where users configure their browsers to not accept cookies, this...
W32/Winemmem - Know Your Enemy
By Vitaly Zaytsev on Malware Research
Do you remember what the first goal of file infector distribution is? It is demand. Without demand, infected files may never be downloaded by end users. What is the second goal? To stay undetected by most AV products. A week ago we found a new file infector that fits the bill. Nowadays, instead of relying on mass mailing, malware [...]
Windows Kernel Again Found Vulnerable
By Xing Su on Zero-Day
Recently, our APAC threat intelligence team discovered a couple of Windows kernel zero-day vulnerabilities in the field, which could be potentially used for malicious purposes. These were discovered in some discussion forums in China. One of these issues exists in Windows NT/2000/XP according to the description provided. The issue arises due to insecure win32 syscalls, the [...]
Drive-by-Download Du Jour
By Karthik Raman on Web and Internet Safety
LuckySploit is an exploit framework that’s been in the news recently. As drive-by-downloads go, it lurks behind iframes and foists malware upon unsuspecting users. One LuckySploit attack we analyzed downloaded the FakeAlert-BY Trojan. So if you visited a Web site today then saw this… … then you are, unfortunately, infected with FakeAlert-BY, and possibly thanks to LuckySploit. We detect [...]
Artemis in Action
By Anil Ramabhatta on Malware Research
“Artemis” is a McAfee’s new cloud-computing technology that is capable of detecting new malware threats in real time. In the last 48 hours our Artemis Technology detected some malware that it was targeted to certain regions of the world. In North America, one particular sample was queried by Artemis more than 80 times by more than [...]
New Conficker Variant
By Lokesh Kumar on Zero-Day
McAfee Avert Labs has received a new variant of the infamous Conficker worm. Like the previous variants, this one also spreads using the MS08-067 vulnerability in Microsoft Windows Server Service. But unlike the previous variants, which arrived as a Windows DLL file, this variant seems to arrive as an .EXE file. Detection for this variant of [...]
Brief: Conficker gang updates worm via peer-to-peer
Conficker gang updates worm via peer-to-peer
New Conficker variant has ties to Storm botnet
By SearchSecurity.com staff
Conficker.E drops the malicious Waledac worm giving it the ability to spread to other vulnerable machines, and ultimately send spam.
Conficker, the Internet's No. 1 threat, gets an update
Security researchers say a worm that has infected millions of computers worldwide has been reprogrammed to strengthen its defenses while also trying to attack more machines.
Users warned of virtualization's 'dark side'
Users are paying little attention to some of the downsides of virtualization in their haste to reap the benefits that the technology can bring.
The state of spam 2009, Part 1
Spam - not SPAM the luncheon meat (and you have GOT to visit the official SPAM Web site, which plays like a parody the Monty Python crew might have dreamed up) - is a dreadful nuisance, with estimates that 95% of all e-mail in the world now consists of rubbish. Periodically I look into the state of the spam to see how the war is going.
What is a cloud?
The term cloud comes from the old WAN diagrams that show the service provider's network as a puffy cloud that all the access lines run into. The point of the metaphor is that you plug into an entity whose inner workings are obscure, but you believe it will do what you want it to do. (The leap of faith for a transport service provider was scary enough, but with cloud computing, it's even scarier. Your data isn't just passing through, it lives there.)
Microsoft loses anti-piracy patent case
A jury in Rhode Island found Microsoft guilty of patent infringement, ordering it to pay US$38 million to Uniloc, the patent holder.
Researcher: Power grid hackers likely got inside by attacking PCs
The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said Wednesday.
Malware Infections Lurk in US Electricity Grid, WSJ reports
The U.S. electricity grid is infected with malware from China and Russia, according to a report from the Wall Street Journal.
Why the channel should get into the DLP space
During these tough economic times, it's essential that businesses secure their confidential information using data loss prevention (DLP) solutions to help prevent data loss or data ending up in the wrong hands, Symantec executives say. What this translates into on the channel side is a wealth of market and customer opportunities, adds one analyst.
4 Steps Security Can Take to Prevent Kidnapping
As the economic crisis continues to heat up, Chris Falkenberg believes the potential for kidnapping will, too.
Cable Sabotage Cripples Internet for Parts of Silicon Valley
By Kevin Poulsen
Midnight cable cuts in two locations take out phone and internet service for thousands.
Conficker Doomsday Worm Sells Out for $49.95
By Kevin Poulsen
Warning! Warning! The Conficker worm has revealed its deadly purpose: hawking a phony anti-virus product and sending spam.
Conficker self-updates, launches false infection alert
By jhruska@arstechnica.com (Joel Hruska) on Waledec
April 1 may not have turned into the D-day that some feared Conficker might create, but the newest version of the worm (Conficker.C) is still out in the wild with mischief on its mind. The malware's creators released a new patch on April 7; the group obviously intends to continue its active war against security researchers. Such tenacity has been a trait of Conficker since the parasite first appeared on the 'Net near the end of 2008. Each version of Conficker has delivered new "features" or tricks intended to bypass security patches; the April 7 update is no exception.
China Denies Cyberattacks on U.S. Power Grid
A government spokeswoman denies reported attacks from China and Russia ever occurred.
Fiber Cuts Slash Silicon Valley's Internet Arteries
Apparent vandalism cut off wired and wireless service to thousands and shut two IBM facilities.
Conficker Worm Reveals Its Business Model
Newly downloaded Conficker files show how worm's handlers intend to profit from compromised computers.
Conficker Causes Rise in Hoax Security Software
Criminals capitalize on user fears about the much-hyped worm.
How serious is threat to power grid? Depends who you ask.
Expert opinion differs widely over a report that the U.S. electric power-grid has been compromised by cyberspies, perhaps from Russia and China, who have installed malware so they can disrupt industrial control systems for electricity distribution in the event of a conflict.
A Lesson in Compliance from the Chemical Industry
In many ways, the role of the CSO is directly tied to business profitability. By creating and enforcing policies that protect human, physical and intellectual assets, the CSO ensures the very integrity of the organization. This link to the bottom line, though, is about to become much stronger--and quite possibly much sooner than anticipated.
After attacks, Excel update due from Microsoft
Corporate IT staffers will get a double whammy next week, as both Microsoft and Oracle are set to release critical security updates on the same day, including a likely fix for an Excel bug that has been used by cybercriminals.
What I'll be looking for in cybersecurity report
The big talk in Washington's cybersecurity world is Melissa Hathaway's magical 60-day review, which is supposed to recommend how U.S. government cybersecurity efforts should be pursued. The technical press and lobbyists are all abuzz over whether or not there will be a cybersecurity coordinator who reports to the president. In certain circles, this is even more gossiped about than what Michelle Obama is wearing, but frankly the discussion is even less useful.
Conficker cashes in, installs spam bots and scareware
The makers of Conficker, the worm that has infected millions of PCs, have begun to do what all botnet owners do -- make money -- security researchers said Thursday as they started analyzing the malware's newest variant.
Posts
No comments:
Post a Comment