Eye on Microsoft: Ransomware, Botnets, Critical Flaws, and Insecure Microsoft File Types
- Dr. Roy Schestowitz
- 2009-07-28 07:18:43 UTC
- Modified: 2009-07-28 07:18:43 UTC
●
Smut page ransomware Trojan ransacks browsers
Russian cybercrooks have come up with a variant of ransomware scams, which works by displaying an invasive advert for online smut in users' browsers that victims are extorted to pay to remove.
●
The Business of Botnets
Kaspersky Lab released some interesting statistics recently in a technical whitepaper. As part of its research into the cyber-underground, the company took a look at how botmasters are pricing the networks under their control.
●
Microsoft to fix critical hole in IE
In a rare move, Microsoft on Friday said it would be releasing security updates on Tuesday--outside of its monthly patch cycle--for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.
●
Microsoft to Issue Emergency Patches Next Week
The advance notification advisory that Microsoft released about these upcoming patches doesn't say so explicitly, but a spokesperson for the company confirmed that the updates will address a critical security flaw in collection of code that Microsoft uses in a number of places in Windows. Having a vulnerability in this so-called "code library" is especially dangerous because Microsoft also provides this library to third-party software makers to help them build programs that can leverage certain built-in features of Windows.
●
Insecure by design: MS Office formats
You see, when you're opening an Office document today, you're not just opening static words, images, or numbers. You're actually starting a program that uses Microsoft Office as its interpreter. And, no matter whether you're using Word 2,0 formats or the 2008's 7,000+ pages mis-mash of 'standard' ECMA-376 Office Open XML file formats, there is no built-in network security layer. Instead, there is a mis-mash of fixes for one problem or the other.
Also see:
Emergency, Botnets, and No Remedy
Recent Techrights' Posts
- Links 15/02/2025: University Price Hikes and Copyright Action Against Slop Companies
- Links for the day
- Slopwatch: All Those New 'Articles' Are Fake and Crafted by Chatbots (LLM Slop)
- Google News is promoting these as "Linux" news; they're not even made by humans
- They Will Never Leave Linus Torvalds Alone, Rust is Just Another Way to Cause Instability and Infighting in Linux
- We already identified the Rust "community" as troublemakers more than 5 years ago and we wrote about the evidence
-
- Not Only Windows, Surface, and "Hey Hi" PCs; Microsoft's Hardware Ventures Are a Dumpster Fire; HoloLens Mixed Reality Hardware Now Axed Altogether and Staff is Miserable
- Microsoft is in a terrible state
- Certificate Authority (CA) Let's Encrypt Now Down to TEN (0.3% of the Whole) in Geminispace
- The number of capsules that use Let's Encrypt is, according to Lupa, about to fall to single-digit figures
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, February 14, 2025
- IRC logs for Friday, February 14, 2025
- Gemini Links 14/02/2025: Mysterious Friend and "Eight by Eight"
- Links for the day
- Apple: Social Justice or Social Nationalism?
- Remember to buy Apple, folks
- Links 14/02/2025: Mass Layoffs at Sophos, Chatbots Failing Very Badly, "DOGE as a National Cyberattack"
- Links for the day
- Moving Away From Certificate Authorities (CAs) Like Let's Encrypt Means Taking Away From the US Government the Power to 'Censor' Sites by Revoking Certificates
- Gemini capsule is cheap to run and easy (easier than a Web site) to maintain. More people disillusioned and frustrated with social control media flock to it.
- BetaNews' Managing Editor Wayne William Took Charge of GNU/Linux Articles and His Articles Are Real (He Actually Wrote Them)
- We are frankly relieved to see that Wayne William recognised the problem and did something about it
- Links 14/02/2025: Publicity Rights Violated (ByteDance), Bribes to Trump Passed via Social Control Media 'Settlements' Again
- Links for the day
- Gemini Links 14/02/2025: Constitution, Cosmic DE, and More
- Links for the day
- Slopwatch: Anti-Linux Articles Published by Bots, Dominating Google News
- So a lot of the Web is Microsoft chatbot-generated anti-Linux FUD
- Links 14/02/2025: Measles Outbreak in Texas, Zelensky Warns Russia Will Attack a NATO Country
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, February 13, 2025
- IRC logs for Thursday, February 13, 2025
- Gemini Links 13/02/2025: gwit and Restart
- Links for the day
- Links 13/02/2025: Algorithm Bots and 'Teleport' Breakthrough
- Links for the day
- EPO Staff Representatives Confront the President Who Says 'F--king' in Front of Female Workers Over Measurable Discrimination Against Female Colleagues
- Central Staff Committee versus Lukashenko's sponsor
- IBM Layoffs in 'RTO' Clothing Reported by Thomas Claburn
- This "hey hi" (AI) nonsense is just a go-to excuse that IBM and GAFAM (and many others) use
- Still Waiting for the EU to Abolish the Illegal and Unconstitutional Court Linked to EPO Corruption and Lobbyism by the Patent Litigation Industry
- Sadly, all the blogs that used to talk about those issues have been infiltrated and then completely hijacked by the very perpetrators of the illegality
- Social Engineering of the Free Software Movement is a Corporate Takeover With Code of Conduct (CoC) to Drive Out or Expel Dissent
- Richard Stallman (RMS) covered "cancel culture"
- Links 13/02/2025: Mass Layoffs at Google (Disguised as "Buyouts"), Telecoms Price Hikes as Collusion/Price-Fixing
- Links for the day
- [Video] Richard Stallman Questions and Answers Session in Google's YouTube or Invidious
- From last night
- Gemini Links 13/02/2025: Broken Watches and Naming Types
- Links for the day
- Corrupt Bill Gates Worming His Way Into Richard Stallman Videos in Google's YouTube
- Reputation laundering riding other people's names?
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, February 12, 2025
- IRC logs for Wednesday, February 12, 2025