09.01.09

Eye on Microsoft: More Security Catastrophes

Posted in Microsoft, Security, Windows at 3:41 am by Dr. Roy Schestowitz

Summary: Security-related items from the news (highlights in red are ours)

• Conficker, back with a vengeance as top worm

The infamous Conficker worm first spread its malicious infection across the Internet more than eight years ago and just last month it shot back into prominence, infecting 43 percent of machines in use worldwide in the space of four weeks and, for good measure, it now installs rogue security software on compromised machines.

• Skype snooping trojan detected

“What this threat is doing is actually grabbing the sound coming from the audio devices plugged into the computer,” Selvaraj wrote. “It does this by hooking various Windows API calls that are used in audio input and output.”

• Skype Trojan can log VoIP conversations

Symantec claims to have found the public release of source code for a Trojan that targets Skype users..

Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users.

• Microsoft ATL/MFC ActiveX Type Confusion Vulnerability

Remote exploitation of a type confusion vulnerability in Microsoft Corp.’s ATL/MFC ActiveX code as included in various vendors’ ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). Microsoft’s Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming dilemmas involved in object oriented programming, distributed transactions, and inter-language communications. Microsoft’s Active Template Library (ATL) is a set of C++ templates that simplify developing COM objects.

Related posts:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

Links 25/10/2020: GNU Taler's IETF Milestone, RISC OS 5.28 and New Ubuntu Community Council

Links for the day
IRC Proceedings: Saturday, October 24, 2020

IRC logs for Saturday, October 24, 2020
Links 24/10/2020: GDB 10.1, Kodachi 7.4, Wine 5.20

Links for the day
Celebrating Code of Conduct Violations

Reprinted with permission from Daniel Pocock
The Militarised Elephant in the Room Still Commands a Lot of Free Software Development

We take a difficult (albeit in-depth and perfectly factual) look at IBM's past and present; considering this is the company that controls Red Hat (which in turn controls many key projects in GNU/Linux) we need a better understanding of the real context, not PR fluff and marketing
Juve Patent's Love of Patent Trolls and Their Misinformation

The press 'gutter' known as Juve (basically propaganda disguised as 'news' since years ago) has gotten to the point where the publisher is just an extension of lawyers and liars
IRC Proceedings: Friday, October 23, 2020

IRC logs for Friday, October 23, 2020
Look How Many Tux I Give!

"Long live rms, long live (Hyperbola) GNU/BSD, and happy hacking."
Embrace, Extend, and Extensions: Two New Reasons to Delete GitHub, Which Microsoft Ruined for Everyone (Except the Copyright Cartel and Other Censors)

GitHub is being turned into a garbage dump with malicious masters (or monsters, or mobsters); many people are denied access for using the 'wrong' browser and developers/projects are being censored (not for doing anything wrong or illegal, either)
[Meme] When EPO Staff Claims to be 'Ill' or 'Sick'... During a Pandemic's European Peak

Gotta check and verify that those 'lazy' EPO examiners aren't just faking being ill (in order to not meet "production" targets)
The EPO Has Relegated or Lowered Itself to Extremely Poor Standards

Today's EPO continues to reaffirm the image of global weakness; having failed to improve the working conditions and quality of the work (its actions did the exact opposite), it's nowadays begging China to send over lots of workload irrespective of quality or merit and it is outsourcing the functions of the Office to the United States
Links 23/10/2020: Turing Pi 2, GNU Parallel 20201022

Links for the day
IRC Proceedings: Thursday, October 22, 2020

IRC logs for Thursday, October 22, 2020
Links 23/10/2020: 'Groovy Gorilla' Everywhere in the News

Links for the day
For Better 'Tech Rights' in the United States (and the World at Large) the 'Orange Man' Needs to Go

With less than a fortnight before election day we explain our stance from a purely tech-related rationale
[Meme] Microsoft Never 'Brought' Skype to GNU/Linux (It Just Bought Skype) and It Never 'Brought' Edge to GNU/Linux Either (Google Did)

Foolish media or gullible 'journalists' are giving Microsoft credit for other people's work; this isn't the first time either, but it helps perpetuate lies such as "Microsoft loves Linux" (so who cares about facts anyway?)
It's Going to be a Long, Long Winter

Today we revert back to lock-down mode; we're reflecting and pondering what comes next
TechRadar is an Irresponsible Clickbait and Misinformation Site Disguised as 'News'

TechRadar is no tech and no radar, either. It's just an opportunistic click-harvesting machine, disguised as a source of "news"; today we deal with the latest example (among many).
Links 22/10/2020: LibreOffice 6.4.7, Septor 2020.5, Ubuntu 20.10 Released, FreeBSD Quarterly Status Report

Links for the day
IRC Proceedings: Wednesday, October 21, 2020

IRC logs for Wednesday, October 21, 2020
Living Humbly (With Older Technology or None) is More Compatible With Privacy- and Freedom-Respecting Technological Lifestyle

Simplicity sometimes trumps so-called 'novelty', especially when it comes to human rights and users' freedom
Reasons Why You (and Everybody Else) Should Join the Fight for Software Freedom

Society is being closely watched and controlled (more so during/after the latest pandemic) and people must carefully consider the true importance of resisting proprietary technology (controlled remotely by state actors)
Ways and Means to Reduce One's Dependency on Google's Various Monopolies and Near-Monopolies

Getting rid of Google means a lot more than embracing DumbDumbGo (DDG) or some other sites that spy just like Google; we're taking stock of some options
The European Commission is Still M.I.A. Regarding EPO Corruption (and the EPO's Management Plays Dirty, as Always)

There's no change in the EU; the EUIPO and EPO enjoy complete and total immunity/impunity, with the Commission being manned by those who are deeply complicit
10 Reasons Why All This 'Edge for Linux' Coverage is a Total Farce

The fake hype surrounding "Edge" is an inauthentic hype/buzz campaign made to coincide with anti-Google sentiments spread by Microsoft front/pressure groups
Microsoft's IIS Has Collapsed Again This Past Month (and IIS Will Not and Cannot Survive This Way)

Netcraft shows that Microsoft's decline further accelerates in the Web servers space; IIS is becoming financially unviable
Links 21/10/2020: Alpine 3.12.1, Tor Browser 10.0.2

Links for the day
[Meme] US Department of Justice Should Have Taken on Microsoft Again, Not Google

When lobbying, connections and political sway determine the actions of the American government it's hardly surprising that Bill Gates gets the Trump administration to fight for him (to make him even richer)
[Meme] Banning Words, Gaslighting Volunteers

What happens when institutions are themselves in violation of a CoC (institutional violation) and massive corporations that fund such institutional violations are defending demonisation of the individual (squashing ‘uncomfortable’ voices, even volunteers’)
IRC Proceedings: Tuesday, October 20, 2020

IRC logs for Tuesday, October 20, 2020