We are a bunch of tech geeks, coders and designers. Perform Your Automatic Windows Update »
0
If we had a nickel for every time we see the Windows Update Shield icon in the system tray of a client’s computer, we would be retired by now. That little icon means you must take action to protect your computer with the latest updates from Windows.
Microsoft releases security patches on the second Tuesday of each month (called Patch Tuesday) so make sure you are performing Windows updates at that time. A good indication that you need to apply a patch is the little, yellow icon you see in the lower right corner of your screen. If you see that, click it and follow the prompts.
This month’s patch Tuesday sees Microsoft releasing a Security Update addressing 12 vulnerabilities and one of which is a patch for a Zero-Day issue in Internet Explorer. Check it out and if you see the little yellow icon, click it! It is there for a reason 
Another step you can take is telling Windows to apply the security updates automatically. Then, you will not even see the Update icon in the system tray. The updates will be applied and you will not even know, which is handy if you have ever said, “Hmm. What does that little Yellow Shield mean? Oh well. It is probably nothing important.”
So, if you are a Microsoft Vista user and want to setup Automatic Updates, here is the information to get you going with that. If you are still on Windows XP, here is the information for checking your Update status.
Fake Firefox Adobe Flash Player »
0
File this under the ‘Yikes’ category: According to a post on Sophos website, there is a Firefox plugin masquerading as a legitimate Adobe Flash Player add on.
Recently, Sophos analysts have discovered a piece of malware masquerading itself as a flash player plugin for the Firefox browser (detected by Sophos as Troj/FFSpy-A).
When the file runs, it pretends to install the adobe flash player for your browser.
However, instead of giving you a Flash Player, you get a piece of malware that spies on your Google searches, sends that data to a remote server and then displays ads into what you are viewing based on the keywords you entered.
According to the post on Sophos’ website, this malware seems to be spreading via Internet forums. You probably won’t have to worry about things like this if you download any plugins directly from Mozilla’s website (but you should still be cautious).
On Sophos’ website, there are some screenshots that illustrate the difficulty you would have trying to determine whether or not you were installing a legit plugin versus one containing some type of malware.
If you want to test your installed version of Flash, you can visit the test page setup on Adobe’s website and you can download the current version of Flash from Adobe’s website as well.
Google Malware Warning System Glitch? »
0
Ok, maybe it was just me, but earlier today any search through Google displayed the malware warning below the returned result.
First, my wife and I were searching for Petsmart and my wife noticed this warning:
I thought that was odd, but large sites have been hacked before. So maybe they were having some problems. However, as we searched for other things, we saw that same warning below every listing in Google, no matter what the search phrase was. We even searched for “google maps” through Google’s search and here is what we got:
If we attempted to click on any of the returned search results, including the one that would take us to google.com, we got this warning:
In the process of doing more troubleshooting, it seems that the glitch worked itself out. I wonder if anyone else noticed these issues. Shout back if you have a second.
I am guessing that the errors we saw were a result of one of these situations:
1 – Google Malware Reporting was experiencing some type of glitch and was erroneously flagging every site as potentially dangerous.
2 – I have gotten some type of virus that is somehow playing around with something hidden in someplace I have yet to discover.
3 – Every site on the Internet (including google.com) was briefly infected with some type of malware and Google was dutifully warning everyone.
Hmm. Thinking. Thinking.
I am hoping it was #1
Koobface Virus Shows Up on Facebook »
0
Facebook has quickly become one of the most popular Social Networking websites around and that is something that virus writers, hackers and other bad guys have certainly noticed.
There have been reports of those wacky Nigerians hacking into Facebook accounts and impersonating the user to try to scam money from their friends and reports of a Facebook javascript bug.
Now, there are reports of a virus called Koobface in circulation on Facebook. Here is how it works:
- A hacker infects a Facebook user’s PC
- The hacker then sends messages to the user’s Facebook friends. The messages say something like “You look just awesome in this new movie” or something seemingly innocent like that.
- A link contained in the message sends the recipient to a website where they are prompted to download a supposed update of Adobe’s Flash Player, so they can “view the video”.
- If the recipient clicks the link, their PC is infected and the cycle continues.
The hackers are taking advantage of the climate of trust the exists on Facebook. Friends feel that any message they receive from one of their friends on Facebook should be trusted because of the privacy features in place. We tend to let our guard down and not think that our friend’s account could have been hacked or that a message we receive could contain a malicous virus like Koobface.
Adobe Flash Player Clickjacking Vulnerability »
0
The recently reported clickjacking vulnerability affecting Adobe Flash Player could also allow a hacker to remotely activate a computer’s microphone and webcam (meaning they could see and hear what you were doing).
The Adobe Security Blog is reporting that a Flash Player patch should be available by the end of October and until it is released, they are encouraging users to change their browser’s Flash Player settings by following these steps as a temporary workaround:
- Access the Flash Player’s Global Privacy Settings panel at the following URL: http://www.adobe.com/support/documentation/en/flashplayer/help/settings_manager02.html
- Click “Always deny”
- Click ‘Confirm’
Completing those steps will keep the bad guys from remotely accessing your computer’s webcam and microphone – although I am not sure why that ability was even an option in the first place with Flash Player. Why would someone, good guy or bad, even need the ability to remotely access and control another person’s microphone?
Since YouTube and other online video sites use Flash to display the videos, users that frequent those types of sites could be particularly vulnerable, I would think.
UPDATE: Adobe has released Flash Player 10.0.12.36 which fixes the potential clickjacking issue that still exists in previous versions. Adobe’s security bulletin recommends downloading and installing the latest version. If you cannot download it, you should follow the steps above and they hope to have a patch ready in November.
