08.10.10
Microsoft Leaves Windows XP SP2 Users Open to Attacks, ZeuS Exploits Windows Flaws, and 4Chan Becomes Unsafe to Windows Users
Summary: Grouping of security news from this week
“Has anybody seen the news about Microsoft not supporting the link vulnerability patch in XP SP2?”
That question was asked by Chips B Malroy earlier today. He cited the following two posts:
i. Registry hack used by gamers allows security for Windows XP SP2
If you use Windows XP SP2, then by now you are well aware that it has come to its end of life. This means no security updates, no software updates, no support. However, an interesting blog post from F-Secure explains how to install security updates on the aging operating system, if a user is willing to assume the risk.
ii. Windows XP SP2: Hack Allows ‘Shortcut Patch’ To Be Installed
PC users who are still using Windows XP SP2, even after the service pack was retired on July 13 can still receive security updates thanks to a trick found by editing the registry.
Had Windows been Free software, no “hack” around the Registry would be needed.
At the moment, all versions of Windows are still open for attacker to exploit. The press doesn’t call out Windows when it reports on the ZeuS Trojan:
Security vendor M86 Security says it’s discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.
More here:
A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers.
Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank’s online banking system. Researchers at the M86′s Security Labs came across the attack after discovering the botnet’s command & control centre, which is hosted in Moldova.
What about Microsoft and Windows? Here is another IDG article whose headline says “Malware Circulating on 4Chan Forums” (it does not say “Windows malware”).
The important point to take away from this is that HTA files are programs, just like EXEs and can do dangerous things.
Here is a funny one:
INSECURITY OUTFIT McAfee has decided it’s time to get tough on cybercrime.
We’re not sure how McAfee was tackling cybercrime before the publication of its report, “Security Takes the Offensive”. Whatever it was doing obviously wasn’t enough, given the malware threats out in the wilds of the Internet.
Security would be simplified if Windows was removed from this equation. Earlier today we posted several links to new articles that claim GNU/Linux/Android superiority over Apple when it comes to security. Apple — like Microsoft — is being negligent again.
Apple sits on a patch for a critical flaw
PEDDLER OF BROKEN DREAMS Apple has apparently come up with a patch for a critical flaw in the Iphone OS that gives a hacker so much control over the device that they might as well be Steve Jobs.
Just because this operating system is proprietary doesn’t mean it’s harder to decipher and thus more secure. Fast patching is key. █
