MS Word users warned of ongoing attacks exploiting unpatched bug

Microsoft warns Word users of ongoing attacks exploiting unpatched bug – Computerworld

Biggest worry, says expert, is that exploits are triggered just by previewing malicious messages in Outlook 2007, 2010 and 2013

Microsoft today warned users of Word 2010 that in-the-wild attacks are exploiting an unpatched vulnerability in the software.

The company also published an automated tool to protect customers until it issues a patch.

An attacker could cause remote code execution if someone was convinced to open a specially-crafted Rich Text Format (RTF) file or a specially-crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer,” said Dustin Childs, group manager and spokesman for Microsoft’s Trustworthy Computing group in a blog Monday.

BOLD in the quote is mine.

Microsoft put out a Security Advisory 2953095 as Corrine noted on her Security Garden Blog including Fix it buttons for enabling and disabling reading email messages in plain text format.

This is one of the things for which both Microsoft in Outlook and Apple in Mail have massively fallen down on the job. This would not be happening if you could easily toggle various view options such as HTML or Plain Text for reading emails, as well as allowing and disallowing images inline.

This is something that I am very thankful that Mozilla Thunderbird got right from the very beginning. Mozilla Thunderbird gives very granular control regarding the various ways to Display email messages such as in PLAIN TEXT, SIMPLE HTML (simple html with javascripting disabled), or ORIGINAL HTML.

You also have control over how images are displayed or not in several ways and differentiating between attached images and remote images.

You can also close to enable do not track in emails. There are Security Add-ons like Adblock PlusEnigmail (OpenPGP), more. As well as lots of specialized Add=ons. One of these that I like is QuickText and a few others. It works on Windows, Mac and Linux.

There is also a pay to play $9.95 I think, but also has a free trial. It was originally for Macs and now there is a Windows version as well. It was created by the original developers of Thunderbird called Postbox. It has some but not all the Add-ons that Thunderbird has.

/rant on

I am not saying everyone should move to Mozilla Thunderbird. What I am saying is that Microsoft Outlook and Apple Mail should give their users these types of granular control so people can choose how they wish emails to be viewed. Both do some things but they stop way short of what is really needed in this day and age with emails.

HTML is like a venetian blind. It hides what is behind it. You can’t see what is behind all that HTML. You can’t decide to see HTML only if you trust the email after viewing what is in that email. This makes it way too easy for phishing emails to look like your bank, PayPal, your credit card company, etc. It also allows companies to track you with web beacons, transparent gif images and other remotely loaded images so they know if and when you view their email.

Something needs to be done about all this. Mozilla Thunderbird makes it so easy for folks to be able to toggle images so they can’t track you, use SIMPLE HTML to keep the ‘form’ of an email message without the more dangerous javascripting. Or allows you to totally view the email in plain text so you can see that that link that appears to be going to your bank actually goes to some strange URL that has nothing to do with your bank or a store you may or may not do business with.

People need these tools. Some may or may not realize it, but they really do.

I have heard so many people say that the email look just like it was from their bank and they fell for it. Or a store they frequent and gave up their login credentials by clicking on the link rather than going to the website because it looked like it was the store’s promotion.

Sure, no one should click on links in email, but if it looks legit, many do. Sure, if you like something in a promotion for a store, it might be better to just go to the store’s website but some stores really don’t have a page on their website that is clickable to get you there, unless you click on the link in an email. Also, the links are often obfuscated by third party trackers and campaign tracking sites, etc. This all makes life very difficult for email users to know what’s good and what’s not.

OK, I will get off my soap box now.

/rant off

 

Advertisements

XP SP3 and Office 2003 Support Ends April 8, 2014

Windows XP has been around since August 24, 2001 – 12 years ago now. It is getting VERY long in the tooth.

Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Like many Operating System versions, Windows XP was not such a great OS in the beginning. BUT, like many Microsoft products, it got better after Service Pack 1 (SP1), but wasn’t the best it could be till after Service Pack 2 (SP2) and mildly better after Service Pack 3 (SP3). SP3 is the current version of Windows XP.

I loved Windows XP for a long time, even though it was getting long in the tooth. But I have come to love Windows 7 even more. Windows 8 … the jury is still out. For me I use several different operating systems. I also love and use Mac OS X or just OS X (as it is called now) and Debian Linux.

Windows XP has been on life support or Extended Support since April 8, 2009 when Mainstream Support ended. That was after two says of execution as it were since it was supposed to be ended earlier than 2009.

Windows XP has been the main stay for many folks for a long time in the Windows world — the last 12 years. That’s a long time for an Operating System version.

Windows XP still holds the #2 spot at 31.24% of computer users as shown below in the graph from NetMarketShare.com:

NetMarketShare.com Operating System Breakout - November 1, 2013

NetMarketShare.com Operating System Breakout – November 1, 2013

Windows 7 holds the #1 spot for a very good reason. It is still the best of the newer Operating Systems from Microsoft to date — in my opinion and nearly half of all Windows users to date. And Windows 7 is still good to go until January 14, 2020 (end of Extended Support – it is still in Mainstream Support until January 15, 2015). Here’s the break out of the Windows lifecycle fact sheet info:

Windows Life Cycles from the Windows Life Cycle Fact Sheet

Windows Life Cycles from the Windows Life Cycle Fact Sheet

I have said all this because we need to see where were are, and where we need to be as computer users, particularly as Windows users with April 8, 2014 looming over those of us still using Windows XP.

Especially in the light of the pervasive malware purveyors out there today.

We need to make sure we are all no longer using Windows XP of any kind before or at least by April 8, 2014 when Microsoft will no longer be providing ANY security updates for Windows XP.

A few years back they did the same thing with Windows 2000. It’s now Windows XP’s turn.

Please read the following articles to see why this will be very important:

Windows XP infection rate may jump 66% after patches end in April – Computerworld

Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.

Windows lifecycle fact sheet – Microsoft.com (image above)

New stats show Windows 8 usage up sharply as XP usage plummets – ZDNet (for curiosity though, look at the difference between the table on ZDNet’s article and the one today).

NetMarketShare (choose Operating Systems from the dropdown to see the chart above in real time)

Gartner Says Worldwide PC, Tablet and Mobile Phone Shipments to Grow 4.5 Percent in 2013 as Lower-Priced Devices Drive Growth – Gartner.com

Source: Gartner Oct 2013 - Worldwide Device Shipments by Segment

Source: Gartner Oct 2013 – Worldwide Device Shipments by Segment

It would appear, that, as predicted, many around the world are moving to other types of computers, in particular mobile devices. This was forecast and it would seem to be coming to pass rather dramatically now.

It is amazing to see the number of people who rarely if ever use their desktop computers these days, relying on their mobile devices for almost all, if not all, their computing and Internet needs. Some folks no longer even have a computer other than a tablet, like the iPad or Nexus Tablet, or Surface, etc., or just use their smartphones for their email, browsing, messaging, gaming, etc. which is the bulk of what people seem to do on the Internet these days. Unless of course if their work or business, or gaming bents, are important to them. Having said that, even gaming has very much gone mobile for many people.

I am hoping that folks will take a look at the overall picture and determine which direction they wish to go now that there are only a few months left before Windows XP will no longer be a viable Internet connected computer.

Will a Desktop or Laptop be the way to go, or will a Mobile device like a Tablet or maybe even just a smartphone be enough for many folks? Staying with Windows or moving to a Mac may also be a consideration.

No matter which way folks ultimately go, deciding will be important and thinking about this is really needed with Windows XP going away in just a short few months.

Over 31% of computer users will need to make this decision before April 8, 2014, if they wish to remain as safe as they can be on the Internet.

Even with Google Chrome continuing to support Windows XP SP3 a year after Microsoft (till 2015), if the Operating System itself has no updates, that will certainly not be enough.

Lots to think about and only a few months to decide … Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

New Twist to Online Tech Support Scam and more

This one has been going on for quite a while, but it is definitely spreading like a bad rash. Just to prove it, one of my clients got a call from one of these while I was actually at their home for an appointment to work on their computer. What’s the chance of that happening? It’s certainly never happened before. And they are definitely using some serious social engineering to fool people into allowing them to get into their computers to quote/unquote fix their computers.

Thanks to Windows Secrets and Fred Langa for the link:

Windows Secrets reader Scott Brande was recently on the receiving end of a typical tech-support con. Recognizing it for what it was, he carefully documented the attempted snow job, then sent in his notes as a service to all Windows Secrets readers.

Check out the rest of Fred Langa’s article for the fully documented story.

And from IC3.gov site:

New Twist to Online Tech Support Scam and more – IC3.gov Scam Alerts (Jan 7, 2013)

NEW TWIST TO ONLINE TECH SUPPORT SCAM

The IC3 continues to receive complaints reporting telephone calls from individuals claiming to be with Tech Support from a well-known software company. The callers have very strong accents and use common names such as “Adam” or “Bill.” Callers report the user’s computer is sending error messages, and a virus has been detected. In order to gain access to the user’s computer, the caller claims that only their company can resolve the issue.

The caller convinces the user to grant them the authority to run a program to scan their operating system. Users witness the caller going through their files as the caller claims they are showing how the virus has infected their computer.

Users are told the virus could be removed for a fee and are asked for their credit card details. Those who provide the caller remote access to their computers, whether they paid for the virus to be removed or not, report difficulties with their computer afterwards; either their computers would not turn on or certain programs/files were inaccessible.

Some report taking their computers to local technicians for repair and the technicians confirmed software had been installed. However, no other details were provided.

In a new twist to this scam, it was reported that a user’s computer screen turned blue, and eventually black, prior to receiving the call from Tech Support offering to fix their computer. At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems.

Unbelievable! MICROSOFT DOESN’T DO THAT!

Avoid tech support phone scams

Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

More here at Microsoft’s article: Avoid Phone Scams

Some more interesting things in the IC3 Scam Alerts:

You might also find the rest of the IC3 Scam Alerts interesting; including a list of the most popular passwords out there. If you are using any of them as passwords, you might just want to change it now!

Also some info on Java Exploit that is for sale for 5 digits! :

Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.

Might want to check out: How to Unplug Java from the Browser

Emails with Malware URLs

It is amazing to me how many malicious emails one can get!

Just today, I got one that purported to be from CNBC, however, the link was not any of the CNBC franchise websites. So I thought, well, maybe I missed one?

I searched Google for the root domain name in email link and it tried to give me real life news channel results which were of course all legitimate websites, not the dangerous one that was in the email.

However, it did give the ability to search on the exact domain again if I really meant it, which of course I did. The only links available — which I was very happy to see — for that domain name were several links to malwareURL.com – (The MalwareURL Team is a group of Internet security experts dedicated to fighting malware, Trojans and a multitude of other web-related threats) that exposed the website in the email as a malware site for a work at home scam:

This web site is a known security risk – Detailed web site security report

Security Category: Work-At-Home scam

The results on the link above about the website stated the following:

Domain matching reallivenewschannel.com were found in our database.

1348 other active domains were found on 707 IP(s) for AS30058 (FDCSERVERS)

Show the report for AS30058 (FDCSERVERS)

Malicious URLs on reallivenewschannel.com
/weeknews/lastnews.php
/weeknews/go.php

Blacklist
Google
Google Diagnostic Page

My WOT
WOT Score Card

hpHosts
hpHosts listing

MalwareDomainList
MDL listing

After the above information, there was information specific to the domain.

Interestingly, the domain appears to be registered in NY, USA.

The name servers are in .RU/Ukranian domain origins.

In addition, this malware link in the email had a prefix that looked like the following, except I changed the numbers in the link:

cf533cb444.reallivenewschannel.com

NOTE: Notice the above is not a live link as we don’t want to visit under any circumstances, unless you are a security researcher preferably using a throwaway Virtual Machine or live CD.

If I had looked at this email in full HTML as it was intended by the malware purveyors, it would have looked somewhat like the following in simple HTML except it would likely have had the look of a CNBC website rather than just the text as it does in simple HTML:

A CNBC Event – Work At Home Mom Makes Almost $10,000/Month, Part-Time

Patricia Feeney of , never thought she’d have a job working at home until she filled out a simple form online, one afternoon. Before she knew it, she had discovered her secret to beating the recession and no longer had worries about being able to provide for her family – and she did all of this by working from home. » Continue reading

CNBC
To unsubscribe to this email click here. If this e-mail was forwarded to you and you’d like to sign up for additional alerts from CNBC click here.

© 2012 CNBC, Inc. All Rights Reserved. 900 Sylvan Avenue, Englewood Cliffs, NJ 07632

See where the Continue reading is? That was the link, totally obfuscated from view to trick users into thinking it was a CNBC link when actually it was linked to the full malware URL I have been discussing in this posting.

Pretty convincing isn’t it? Looks like a legitimate email from CNBC.

If you looked at the email source, you would also have seen that the real Return path is not CNBC, but a user from a .pl domain.

Thankfully, SpamAssassin did give it a 6.5 Spam Status level (required was 5 so it was 1.5 beyond the level required to be considered Spam. X-Spam-Report says the following:

X-Spam-Report: 
*  2.3 FROM_STARTS_WITH_NUMS From: starts with many numbers
*  1.8 URI_HEX URI: URI hostname has long hexadecimal sequence
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  2.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.1 RDNS_NONE Delivered to trusted network by a host with no      rDNS

Sadly, many emails that look like they originate from legitimate sites come in every day and people are often fooled by them. Many times just because they look at emails in HTML.

These types of things would fall by the wayside if everyone was more wary and understood that when they send out millions of emails like this likely every day or every week, it only takes 1.5% of the people to respond to make it well worth while to the spam, malware, phishingspear phishing, or scam (or any combination together) purveyors.

Also check out the Anti-Phishing Workgroup website for more information.

There are many of us who have been using email clients that allow you to view emails as Plain Text such as; Thunderbird (opensource – free – accepts donations), Postbox ($9.95 – based on Thunderbird and by original Thunderbird developers), Pegasus (free but proprietary – accepts donations), and there are many others that allow plain text. Most Linux based email clients give this ability as well.

Oddly, however, although Apple Mail granularly allows you to choose (after already choosing the email message) to read in plain text on an email by email basis — Apple Mail DOES NOT have an option in Preferences that allows you to choose to view emails as Plain Text by default which would prevent many problems with these dangerous types of emails. This is very sad news for Apple users. Microsoft Outlook DOES NOT give users the ability to view emails in Plain Text either (on an email by email or by option in preferences). I would very much like to know why Microsoft and Apple do not give that option to people. These are the two most ubiquitous email clients used in OS X and Windows.

I have read emails in plain text from the very beginning. Intentionally. Simply because I don’t want to be accidentally fooled by this type of  spammalwarephishingspear phishing, or scam.

Email clients like Thunderbird (opensource – free – accepts donations), Postbox ($9.95 based on Thunderbird and by original Thunderbird developers), Pegasus (free but proprietary – accepts donations) give the ability to view in original HTML, simple (non-executable) HTML or Plain text. They also give you the ability to allow or disallow images inline! Very important if you wish not to be tracked by email senders with beacon ads, web beacons, web bugs. These email clients also give an easy way to view the source of an email so you can do your own investigation of information in the headers or body of the email, and to facilitate sending comprehensive email information about spammers, etc. to sites like PayPal, Google, eBay, your bank, etc.

Sadly even many website based email clients, like GMail, Yahoo Mail, Outlook.com, Hotmail, MSN Email, etc, go only half way in regard to these very necessary capabilities … if that.


			

Tis the season to be scammed….

Tis the season to be scammed …. yep it’s starting already!

Cybercriminals start spamvertising Xmas themed scams and malware campaigns – ZDNet – Zero Day

Dancho Danchev for Zero Day writes;

Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn’t it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt. Not only are the senders completely unknown by the recipients, but also, users are exposed to fraudulent E-shops for counterfreit shops, something that weren’t looking for to begin with.

Joy!

Just what people needed, right? More Spam and Malware!

Be wary of your inbox – don’t be duped! – and realize it will only get worse as time gets ever closer to the Holidays.

More from Symantec’s website article: You Have Received a Christmas Card

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the “Christmas Card.zip” attachment. After opening the attachment, the malicious code is downloaded on to the user’s system. Symantec detects the attachment as W32/AutoRun.BBC!worm.

Fake product offer Web page (Symantec article on Christmas card scam and malware)  - Click image to view the article at Symantec

Fake product offer Web page (Symantec article on Christmas card scam and malware) – Click image to view the article at Symantec

This is just one of likely a huge number of scams to get malware on your computer. Beware your email bearing cards and unwanted embedded malware (malicious software)!

I am also pretty sure they will not keep it to just email either. We should also be wary of ads on webpages with this type of scam too. So be very careful when surfing around the Internet as well!