EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.12.09

Latest Security Dangers Are Windows Only

Posted in Microsoft, Security, Servers, Windows at 8:26 am by Dr. Roy Schestowitz

More than a million PCs turned to zombies

NOT A WEEK goes by without new dangers to users of Windows, and it’s only fair to list the latest examples since it falls within our scope.

USB drives continue to be a risk to Windows because of the way the operating system handles devices insertion (namely execution) and the privileges it hands over to untrusted code.

Businesses who may not have applied a Microsoft patch issued last year are now being attacked by a worm targeting the vulnerability.

Multiple security organizations have issued warnings about the worm, deemed Downadup, which attacks the vulnerability outlined in the Windows Server service flaw, MS09-067, that was patched last October, Zdnet.com reports. The worm uses a dictionary attack in an attempt to crack user passwords, as well as using “server-side polymorphism and modification to the Access Control Lists.”

According to this report from The Register, the Major League Baseball (MLB) Web site is serving malware which is only Windows compatible. The click-to-install or drive-by-install (ActiveX) paradigm takes its toll.

Once again, Major League Baseball’s website has been caught serving ads designed to infect its considerable base of visitors with malware that trashes their machines.

With so much malware afloat, it’s hardly surprising that almost 1 in 2 PCs is a zombie PC and it keeps getting worse. (emphasis below is ours)

The Storm Worm has been causing havoc for over two years now, transforming more than a billion computers into drones. Following a surprisingly unsuccessful mission by Microsoft’s Malicious Software Removal Tool around 100,000 drones still remain.

This fight is being taken to the Web as well. NATO’s Web site has just been cracked, as well as Web sites of the United States military.

The attacks on Thursday took down the Web sites for The United States Army Military District of Washington and the NATO Parliamentary Assembly, according to Zone-H, a Web site that tracks defacement activity.

The IRS, which is most likely operating in a Windows-based environment, may suffer a similar fate.

Auditor: IRS Still Vulnerable to Cyber Breaches

“These deficiencies represent a material weakness in IRS’s internal controls over its financial and tax processing systems,” the GAO report said. “Until IRS takes these steps, financial and taxpayer information are at increased risk of unauthorized disclosure, modification, or destruction, and the agency’s management decisions may be based on unreliable or inaccurate financial information.”

Well, at least no lives at risk this time around… ‘just’ people’s finances. How reassuring.

breaking the bank
Cracking the bank

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 12/11/2019: Plasma 5.17.3, More Intel Defects, Bytecode Alliance

    Links for the day



  2. You've Gotta Go When You've Gotta Go

    How most staff of the European Patent Office (EPO) feels these days



  3. Teaser: Thierry Breton and His Disquieting Past

    "The company attracted notoriety and loathing in the UK for its role in assessing disability benefit eligibility."



  4. EPO and EU: People Behind the Faces

    It’s no secret that the EPO breaks the law and European officials have taken no concrete steps to intervene; to make matters worse, potentially new EPO allies may soon be put in charge of the EU Commission



  5. Maintaining the 'Delete Github' page

    "This list really is a starting point, which can hopefully increase awareness about the issue of concern."



  6. Linux Foundation Picking Money

    The dating standards of the Linux Foundation



  7. Microsoft 'Borrows' the Linux Brand

    With help from the likes of the Linux Foundation Microsoft continues to misuse and ‘dilute’ the Linux brand (and registered trademark)



  8. EPO Corruption Compared to Cocaine Scandals in Antwerp

    Days after the Dutch protest discussion is sort of 'uncorked' regarding EPO corruption (published, as usual, in the form of anonymous comments)



  9. SUEPO Showed That the Media Won't Cover EPO Corruption Until Half the Workers March in the Streets

    What ought to have been a central (if not 'the' central) issue of debate in Europe is still being treated as borderline irrelevant or marginal



  10. Meanwhile in California

    News from California is being spun by Microsoft this week, owing to weak journalism that's more like PR than journalism



  11. Privacy-Centric Services and Even Drupal/Acquia Defect to the Camp of Mass Surveillance

    In search of money [pun intended] companies and services that are supposed to respect their customers and users turn out to be doing the opposite; this merits research and public discussions



  12. IRC Proceedings: Monday, November 11, 2019

    IRC logs for Monday, November 11, 2019



  13. Links 12/11/2019: Sparky 2019.11 Special Editions and Twisted 19.10.0 Released

    Links for the day



  14. Microsoft's Abduction of the Voice of Its Opposition Highlights the Urgency of the Movement/Campaign to Delete GitHub

    Microsoft understands that by entrapping FOSS and GNU/Linux inside proprietary software platforms like GitHub and Azure it can utilise the false perception that it somehow speaks on behalf of both (whilst attacking both)



  15. IRC Proceedings: Sunday, November 10, 2019

    IRC logs for Sunday, November 10, 2019



  16. SUEPO Protests Against Management of the European Patent Office Brought Back Discussions About Corruption

    The atmosphere at the second-largest institution in Europe has long been toxic; now it is becoming a lot more visible again and comments highlight the reasons for the cover-up (gross misuse of billions of euros)



  17. Links 11/11/2019: Linux 5.4 RC7, HandBrake 1.3.0 and Analysis of XFCE

    Links for the day



  18. Links 10/11/2019: digiKam 6.4.0, OpenMandriva Lx 4.1 Alpha and OpenZFS Plans

    Links for the day



  19. Video: Dutch Media on EPO Protest

    The new video added by SUEPO on Saturday in order to show Dutch media coverage of last week's protest in The Hague



  20. Politics in the Workplace Are Not Paradoxical and Outside the Workplace They Are Free Speech

    The safest space is one in which no other human (or creature) exists, but in reality we must make compromises and accept that not everyone will agree with us 100% of the time (so we must learn to live with that)



  21. IRC Proceedings: Saturday, November 09, 2019

    IRC logs for Saturday, November 09, 2019



  22. Thick Skin Makes Strong Communities

    Learning to coexist with people who don't agree on everything is a strength and successful societies encourage that (the alternative is blind conformity on all matters)



  23. Training (Proprietary Software) Versus Teaching (Free Software)

    Education necessitates software freedom — a fact that companies like Adobe, Apple and Microsoft try hard to distract from



  24. The Linux Foundation Brought as Keynote Speakers People Vastly Worse Than Those Whom It Now 'Cancels' for Purely Political Reasons

    A lot of people are very upset about the Linux Foundation's alleged 'witch-hunt' and even press coverage has caught up with the outrage; but our position is that it distracts from vastly bigger Linux Foundation scandals



  25. An Open Letter to Richard Stallman

    "It's past the time for the official cornerstones of the Free software movement to return to their full operational capacity, and to take the gear out of neutral."



  26. Links 9/11/2019: Linux Journal Goes Dark (Offline), KStars 3.3.7, OpenSUSE Name Change Aborted

    Links for the day



  27. Think Tanks, Bristows, 'Simmons' and 'Birds' Can Only Ever Lie to Us About the Dead Unified Patent Court (UPC)

    The UPC is a dead bird, but lobbyists of the litigation giants would have us believe otherwise, in “In-depth Analysis” which is anything but (it's just propaganda with the veneer of officialism)



  28. The EPO's Management is Trying Really Hard to Distract the Media From EPO Unrest (and It Has Been Partly Successful)

    We take a look at the profoundly bad situation at the EPO (examiners unable to do their job properly because of rogue leadership); we also reexamine how media covered — or rather refused to cover — this urgent issue



  29. Microsoft's 'Safe Spaces'

    The 'new' and 'ethical' Microsoft that offers us all a 'safe space'



  30. 'Artificial Intelligence' (AI) Will Only Doom Patent Offices If It's Used to Stamp Millions of Invalid Patents (IPs)

    The Artificial Intelligence (AI) craze is being used as an excuse or as a pretext for granting loads of patents on mathematics and statistics (maths and stats aren't permissible or eligible for patent coverage); by calling just about everything "Artificial Intelligence" (or AI, or "hey hi!") they hope to mislead examiners, who are also being presented with new guidelines full of these buzzwords


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts