Internet, Internet crime, Malware, Microsoft

Microsoft gets careless in its anti-malware efforts

Leave a comment

Up to now we’ve been happy to report on the successes of Microsoft’s work on hindering or shutting down botnets and other malware networks and sites. But their most recent actions in this area were heavy-handed, resulting in millions of legitimate domains going offline.

From Microsoft’s official blog post:

On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats.

Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.

We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware.

That all sounds fine, except for one thing: No-IP was also being used for millions of domains with perfectly legitimate purposes. Microsoft says they knew this, and took measures to protect non-malicious domains.

Backlash against Microsoft’s actions is ramping up. Microsoft’s PR people are now saying that this is all due to a technical error, but given their characterization of No-IP (see above), it seems more likely that this is just spin, and they really did mean to kill all domains using no-IPs services.

Brian Krebs has additional details, as does Ars Technica.

Update 2014Jul03: Microsoft has returned control of the No-IP domains to No-IP. There’s still some doubt as to whether Microsoft acted in good faith: No-IP claims they were never contacted by Microsoft prior to the domain seizure; Microsoft claims otherwise. Regardless, I imagine No-IP will quickly move to remove clients using No-IP for nefarious purposes.

Update 2014Jul13: The EFF has a useful followup of the debacle.

Microsoft, Windows 10, Windows 8.x

Windows 8.x unlikely to see return of Start menu after all

Leave a comment

Despite earlier indications that Microsoft would finally return the Start menu to Windows 8.x, it now looks like that may not ever happen.

Microsoft is now saying that the next update for Windows 8.1 (likely to be called ‘Update 2’) will not bring back the Start menu, and will only include small user interface adjustments.

Instead, Microsoft will wait for Windows 9 to bring back the Start menu. With Windows 9, Microsoft will apparently do what they should have done with Windows 8, making the touch-centric ‘Metro’ user interface optional, defaulting to a regular desktop on keyboard/mouse PCs and to the touch interface on touch devices.

Ars Technica has more, as does The Verge.

Security, WordPress and other CMS

Vulnerability in TimThumb

Leave a comment

TimThumb is a toolkit for cropping and resizing images that’s used in numerous WordPress themes and plugins. A serious flaw in TimThumb was widely exploited several years ago to hijack thousands of WordPress sites.

A new vulnerability in TimThumb was recently revealed. This new flaw allows attackers to execute malicious code on vulnerable WordPress sites. Thankfully, the vulnerability only exists when TimbThumb’s ‘webshot’ feature is enabled, and that feature is disabled by default.

If you administer any WordPress sites, you should check for the use of TimThumb and make sure webshot is disabled. Search your site’s files for ‘timthumb.php’ and if you find it, make sure webshot is not enabled. In other words, if you see this:

WEBSHOT_ENABLED == true

… either comment out that line or change ‘true’ to ‘false’ and save the file. There may be multiple copies of timthumb.php on any given site.

Microsoft, Patches and updates, Security, Windows

Vulnerability in Microsoft Malware Protection Engine

Leave a comment

A serious vulnerability in the software at the core of Microsoft’s anti-malware solutions (Microsoft Malware Protection Engine) could open the door for DDoS attacks.

An attacker could create a special file, which – when scanned by affected software – would make the anti-malware software ineffective against any and all malware. A new patch from Microsoft fixes the vulnerability.

Software that uses the Malware Protection Engine is typically configured to update itself automatically. That includes Microsoft Security Essentials, a free Windows-based anti-malware solution.

If you are using MSSE, you can determine whether the patch has been installed by opening MSSE, clicking the small arrow next to ‘Help’, then clicking ‘About’. You should see a line like this:

Engine Version: 1.1.10701.0

If your Engine Version is 1.1.10701.0 or higher, then the patch has been installed and you are protected against this vulnerability. If the version is 1.1.10600.0 or lower, go to the Update tab and click the Update button.

Microsoft Security Advisory 2974294 provides additional details.

Internet Explorer, Microsoft, Patches and updates, Windows 7

Required update for Internet Explorer 11

Leave a comment

Microsoft is apparently trying to reduce the amount of work they face when creating software updates.

The latest wrinkle is that anyone running Internet Explorer 11 on Windows 7 must install update KB2929437 in order to continue receiving updates for Internet Explorer.

In other words, if you fail to install KB2929437, you will stop seeing updates (including critical security updates) for Internet Explorer in Windows Update and Autoupdate.

Internet, Security

Twitter worm spread via TweetDeck

Leave a comment

If you use Twitter at all, you may have noticed a strange tweet showing up in your feeds yesterday. The tweet is actually a script that takes advantage of a bug in the popular desktop Twitter application TweetDeck.

The developers of TweetDeck took it offline briefly to deal with the problem, and the glitch was later confirmed to be fixed.

Anyone using TweetDeck is being told to log out and back in to make sure the fix takes effect.

Adobe, Patches and updates, Security, Shockwave

Shockwave 12.1.2.152

Leave a comment

The latest version of Adobe Shockwave Player is 12.1.2.152.

Unfortunately, the release notes for Shockwave on the Adobe site haven’t been updated since 2007, so it’s difficult to know for sure what’s different about this version. However, given Adobe’s reputation, it’s safe to assume that running an older version of Shockwave will make your computer less secure.

Then again, since Shockwave apparently includes an old, unsecure version of Flash, you might want to consider removing Shockwave from your computer completely, unless you absolutely require it. Another alternative is to configure your browser to prompt for activation whenever Shockwave media is encountered. See the instructions for doing this in Firefox elsewhere on this site.

Firefox, Patches and updates, Security

Firefox 30.0 released

Leave a comment

At least seven security issues were fixed in version Firefox 30.0, released yesterday.

The release notes for version 30.0 show several other changes in this release, but only one is worth mentioning. A new ‘Sidebars’ toolbar button was added, presumably based on complaints that version 29 made it more difficult to toggle the bookmark sidebar on and off. But toggling the sidebar still requires two clicks as opposed to the single click that was required before version 29. So that’s not exactly progress.

For those of you keeping score, the release notes pages for Firefox are still a mess.

Internet, Internet crime

Denial of Service attack against Feedly

Leave a comment

I’ve been using Feedly as my main RSS feed reader for several months now, having tried several other alternatives to the now-defunct Google Reader.

Unfortunately, as I write this, Feedly is down. A Denial of Service (DoS) attack began when the site’s operators refused to pay extortionists to avoid the attack.

Feedly staff are working with their Internet Service Provider to mitigate the attack and hope to have service restored soon.

Graham Cluely has more.

Update 2014Jun12: Feedly seems to be back up and running normally. Feedly: 1; Internet extortionists: 0.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.