EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.30.08

Eye on Microsoft: Another Messy Week for Security

Posted in Microsoft, Security, Windows at 5:25 pm by Dr. Roy Schestowitz

The state of the botnet is a reality that can’t be immediately escaped unless there is a large-scale disconnection of Windows-running PCs. However, rather than making steps in the right direction, the situation appears to be worsening.

This post is a quick roundup (due to time constraints) of the past week’s developments, with special emphasis on complete comprise that brings the world SPAM, DDOS attacks, espionage, ransom, and wasted productivity.

Rise of the Zombies

Halloween is far behind, but the zombies are back.

Most of Srizbi’s new command and control servers were located in Estonia and all of its domains were registered in Russia. For about 13 hours, some 100,000 or so infected machines had the ability to connect to those servers, though it’s not clear exactly how many of them did so, since many of them were likely not powered on, Lanstein said.

IDG covered this too.

The zombie computers used to send spam are coming back to life.

Security vendors say spammers are reconnecting with hacked PCs used for sending spam as evidenced by a rising number of spam messages circulating on the Internet the last few days. Spam levels suddenly dropped two weeks ago after the shutdown of McColo, a rogue ISP (Internet Service Provider) based in San Jose, California, whose connectivity was used to control networks of hundreds of thousands of computers to send spam, known as botnets.

According to the following report, these botnets can easily increase their size by recruiting more nodes.

A new analysis of botnets has come up with a possible reason for their prodigious ability to infect PCs — many anti-virus programs are near to useless in blocking the binaries used to spread them.

SPAM on the Rise Again

A recent statistic suggested that over 150 billion SPAM messages are sent per day. Biblical proportions by all means! Some of this can be intercepted at server level, but it increases load on the servers (and thus everyone’s connection fees), not to mention the severe issue of false positives (especially affecting businesses that rely on E-mail).

With increase in botnet activity comes increase in SPAM that threatens small businesses.

The fight against spam rages on after a spike in spam levels following the shut-down of hosting service McColo. SMBs are particularly vulnerable to malware and spam; ensuring secure, spam-free email should be a prominent security interest.

This was also covered by the BBC.

Spam on rise after brief reprieve

Some 450,000 infected computers have been spotted trying to connect to the largest of the networks McColo hosted.

Worms Warming Up

More worm problems emerge:

1. Vulnerable Windows Machines Sitting Ducks for the Conficker Worm

First Microsoft, and now McAfee is warning Windows users to expedite the process of applying a patch for a Critical vulnerability in Server Service affecting both client and server versions of the operating system.

According to the Redmond company, all supported platforms are vulnerable, including Windows 2000, Windows XP (even SP3), Windows Vista RTM/SP1, Windows Server 2003, Windows Server 2008 and Windows 7. McAfee has indicated that users not deploying the patch are vulnerable, while Microsoft has already informed that it had detected active attacks and infections in the wild, following a period when exploits were just targeted.

2. Windows worm infection accelerates

Microsoft is currently observing an increase in the spread of a new Windows worm that exploits the known vulnerability in the RPC functions of the Server service to penetrate systems. The infection rate of Conficker.A worm is reported to be accelerating over company networks in particular. The Microsoft Malware Protection Center says most reports are coming from the USA, but customers in Europe, Asia and South America too are affected, and reports have also been received from several hundred home users.

3. Microsoft Warns of Worm Attack on Windows

Security researchers at Microsoft Corp. last week warned of a significant climb in exploits of a Windows bug it patched with an emergency fix last month, confirming earlier reports by Symantec Corp.

Microsoft again urged users to apply the MS08-067 patch if they have not already done so.

4. Microsoft Warns Of Attack Exploiting Windows Vulnerability

Specifically, the worm deletes any use-created System Restore points, and attempts to contact numerous sites, including those of Google, Yahoo, MSN and ask.com, to obtain the current date, according to researchers at the SANS Institute. The worm then uses the date information to generate a list of domain names, which it then contacts in an attempt to download additional malicious files onto a user’s affected computer.

5. Microsoft warns of new Windows attacks

The new attacks, which Microsoft’s Malware Protection Center said began over the weekend but spiked during the past two days, use the same worm that Symantec first spotted last Friday.

6. Microsoft: Worm Exploiting Networked Computers via HTTP

Microsoft informed in its most recent security bulletin that a worm dubbed Win32/Conficker.gen!A is messing around with computers across a network by exploiting a vulnerability in the Windows Server service, allowing remote code execution to take place while file sharing is enabled.

How did computing fall into this mess? Well, the following article magically vanished (we did try to find it again, to no avail), but its headline was (is) “Microsoft Not Rushing To Fix Vista Kernel Vulnerability.” The disappearance of this article might be innocent, but it still raises a brow.

We covered this last week. Even when severe flaws are found, Microsoft will leave them unpatched unless or until there is an attack exploiting them, i.e. when it’s too late. It is not only vain but it’s also irresponsible. It also enables Microsoft to ‘massage’ and lie about security using meaningless figures [1, 2, 3].

Once infected, nothing on a machine can be trusted, as proven by this new report.

A DANGEROUS new variant of malware is attacking PCs in the UK, the INQ has discovered. It hijacks the victim’s browser and directs them to a fake site masquerading as AVG’s own front page.

Needless to say, without radical change, things are bound to get worse before they get better. It’s time for consideration of secure platforms.

Fire alarm

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. oiaohm said,

    November 30, 2008 at 6:17 pm

    Gravatar

    Problem is a lot deeper. Look at MS so call security systems.

    If the core security system of the OS does not work all it takes is a exploit to see the complete OS fail.

    Reports have been in for years that the DAC on windows needs work. Even the new MIC from Microsoft is not up to scratch.

  2. advocatus said,

    December 1, 2008 at 2:28 am

    Gravatar

    Missing article’s still in Google cache:
    http://74.125.77.132/search?q=cache:U-koBaBSiNAJ:blogs.pcmag.com/securitywatch/2008/11/microsoft_not_rushing_to_fix_v.php+http://blogs.pcmag.com/securitywatch/2008/11/microsoft_not_rushing_to_fix_v.php&hl=en&ct=clnk&cd=1

    ‘Monday November 24, 2008
    Microsoft Not Rushing To Fix Vista Kernel Vulnerability
    Categories:

    Software Patches, Vulnerabilities, Windows Vista
    Tags:

    TCP/IP, vista, vulnerabilities, windows xp

    A vulnerability in the Windows Vista Kernel hasn’t generated much panic from either researchers or Microsoft several days after its public release.

    The vulnerability occurs in adding a route entry to the IPv4 routing table through the CreateIpForwardEntry2 API. It can be exploited through the route command line tool, which is included with Vista. The disclosure claims there are no workarounds. According to this article, Microsoft says that they will fix the bug in the next Vista service pack.

    The vulnerability requires that the user be a member of either the Administrator group or the Network Configuration Operators group, and this explains the lack of concern. In Windows XP this would not be much of a barrier for a vulnerability, as so many users run as Administrators, but in Vista this is much less common.

    To exploit the vulnerability, the attacker would have to convince the user to execute a malicious program on the PC. This might be as simple as a batch file which ran the route command, or a specially-crafted executable. The vulnerability is a stack overflow in the TCP/IP code, and a successful exploit would give the attacker full control over the PC,

    But since the exploit is a buffer overflow, it also has to get past the Vista barriers of DEP and ASLR. As I have discussed recently, these are formidable barriers to invoking an exploit on Vista. The lack of interest in what would be a top-tier vulnerability in XP is yet another sign of how far Vista has gone to block such exploits.’

What Else is New


  1. Raw: Battistelli's Control/Domination Over the Boards of Appeal

    An old EPO document internally voicing concerns about the lack of independence at the Boards of Appeal



  2. Raw: Conflicts of Interest of EPO Vice-President

    An old EPO concern regarding structural collisions and mixed loyalties



  3. Microsoft-Connected Patent Trolls Are Increasingly Active and Microsoft is Selling 'Protection' (Azure Subscriptions)

    There are several indications that Microsoft-connected shells, which produce no products and are threatening a large number of companies, are inadvertently if not intentionally helping Microsoft sell "indemnification" ("Azure IP Advantage," which echoes the Microsoft/Novell strategy for collecting what they called "patent royalties" one decade ago)



  4. Yes, RPost is Definitely a Patent Troll and Its Software Patents Are at Risk Thanks to Alice

    The latest whitewashing (or reputation-laundering) pieces from Watchtroll, which tries to justify patent-trolling activities with software patents, typically in the Eastern District of Texas



  5. The Latest Scams in the Patent World

    Examples of 'dirty laundry' of the patent microcosm, which it understandably does not like covering (as it harms confidence in their services/advice)



  6. Patents Are Becoming a Welfare System for the Rich and Powerful

    A culture of litigation and more recently the patenting of broad industry standards may mean that multi-billion dollar corporations are cashing in without lifting a finger



  7. Unlike the Mobile Domain, When it Comes to Cars Patent Lawsuits Remain Rare

    An optimistic note regarding the relatively low-temperature legal landscape surrounding advanced automobiles, even though patents are being amassed on software in that domain



  8. The Federal Circuit Rules (Again) in Favour of Section 101/Alice, Koch-Funded CPIP Tries to Overturn Alice at the Supreme Court

    The US Supreme Court's decision on Alice continues to have a profoundly positive impact (except for trolls) and Koch-funded academics try hard to compel the US Supreme Court to reverse/override Alice (so far to no avail)



  9. Next Director of the USPTO Parrots Talking Points of Patent Extremists and Their Lobbyists

    The next USPTO boss (still subject to official confirmation) may be little more than a power grab by the litigation and patenting 'industry', which prioritises not science and technology but its own bottom line



  10. Raw: Three Years for 'Justice' (to be Disregarded by Benoît Battistelli) at ILO and Over a Decade at the EPO

    The delays associated with ‘justice’ at the EPO (usually neither justice nor compliance with rulings) have become so extraordinary that immunity should long ago have been stripped off and Battistelli et al been held accountable



  11. Raw: Scuttling of the General Advisory Committee and Battistelli Stacking the Deck to Have 'Yes Men' as Representatives

    How the EPO broke down resistance to Battistelli’s oppressive policies not only at the Council, disciplinary committees and auditory divisions but also staff representation (symptomatic of Battistelli’s notion of justice)



  12. The Patent Trial and Appeal Board Will Endure Supreme Court Test and Overcome the Tribal Immunity “Scam”

    The Patent Trial and Appeal Board (PTAB), based on the latest news, is still winning the argument and justifying its existence/importance



  13. Phones/Mobility (Trillion-Dollar Market) May Have Become Infested and Encumbered by Aggressive, Dying Companies

    The tough reality that new entrants/entrepreneurs are facing now that a few dying giants look to "monetise" their patents rather than create anything



  14. Links 9/12/2017: Mesa 17.3, Wine 3.0 RC1, New Debian Builds

    Links for the day



  15. Like the EPO, Taiwan/China (SIPO) Harm SMEs With a Policy of Patent Maximalism Which Fosters Litigation, Not Innovation

    A culture of patent maximalism breeds plenty of lawsuits in China (good for the legal ‘industry’), but small companies that are innovative lose focus and resources, just like in Europe where SMEs are discriminated against



  16. Bristows Continues to Lie About Unitary Patent (UPC) in Britain Only to Get Rebutted in Comments, As Usual (Criticism Not Deleted Yet)

    The latest wave of posts (typically from Bristows) which herald an arrival of UPC in Britain are not just delusional but also constitute terrible legal advice



  17. The European Union Now Repeats Paid Propaganda From the EPO (Regarding the Unitary Patent)

    The EPO's push for UPC, which has already involved payments to media and academia, is spreading to the EU, which unfortunately fails to uphold the Rule of Law and the spirit of the EPC



  18. European Media Covers the Latest EPO Scandal and the EPO's Refusal to Obey Orders of a Court

    European media is starting to catch up with the latest from ILO and the great importance not only of the rulings but also the EPO's response to these



  19. Antonius Tangena From the European Patent Institute (EPI) 'Aids' Željko Topić's Appointment at the European Patent Office (EPO)

    An E-mail from Antonius (Tony) Tangena reveals a degree of coordination between the EPI and the EPO -- a potentially inappropriate action that can be seen as a cover-up attempt



  20. SUEPO Announces Protest, EPO Distracts From the Scandal, and Readers Spill the Beans

    Readers have sent some additional details regarding the EPO "backstory" that we wrote about this morning



  21. EPO Scandal Spills Over to Irish Media, So It's Time for the Backstory

    A lot more is being revealed by the media this week (regarding the EPO's "war on judges") and now that it's a more 'mainstream' subject we can shed light on the background to it



  22. Battistelli's EPO is Once Again Caught in Very Gross Violation of the European Patent Convention (EPC)

    The tyranny of the EPO is made abundantly clear for all to see -- ILO included -- but will there be consequences for repeated violations by Team Battistelli?



  23. Links 7/12/2017: Qt 5.10, ReactOS 0.4.7, Guix and GuixSD 0.14.0

    Links for the day



  24. Less Than 24 Hours Later the EPO Already Refuses to Obey Court Orders From ILO (Updated)

    As expected by realists (or pessimists), the EPO continues to act as though it's above the law and even judges suffer miscarriage of justice against them



  25. ILO Said Give the Judge His Job Back, But Christoph Ernst's Administrative Council Will Likely Let Him Go (Unemployed)

    Another potential EPO scandal in the making, as after waiting for 3 years the illegally-suspended judge might get his job back for only 3 weeks



  26. Watchtroll, AIPPI, Bristows and Others Keep Pushing Software Patents Agenda (in Spite of the Ban)

    Pressure groups and front groups of the patent microcosm (e.g. AIPPI) -- sometimes even the patent microcosm acting directly -- are still trying to make software patents legitimate, usually behind closed doors, e.g. in private events where only the patent microcosm can debate the subject (no software developers allowed)



  27. Meanwhile in Eponia, Tyrant Battistelli Must be Seeking Advice on How to Refuse to Obey Court's Orders (Again)

    People already speculate about how Battistelli will attempt to come up with excuses for noncompliance (and ongoing violation of the EPC as well as ILO code)



  28. Battistelli's 'Mole' Lucy Neville-Rolfe is Still Trying to Push Unitary Patent (UPC) Through in the United Kingdom

    Lucy Neville-Rolfe is back only to tell a bunch of lies about the UPC in British Parliament and Team UPC -- the prosecution 'industry' which has been driving this entire monster -- could not be happier



  29. ILO is 'Forcing' Team Battistelli to Compensate the Banned Judge and Give Him Back His Job

    ILO has, for a change, done some justice, but it comes three years too late and the compensation level (after salary got halved) is laughable, especially considering costs associated with legal fees and moral/reputational damage



  30. International Labour Organisation/ILOAT for UPC Yet Another Problem for Unitary Patent-Style Regime

    Seeing systematic misuse and abuse of justice at the EPO, people come to realise that Europe cannot afford to create a structure like the Unified Patent Court (UPC)


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts