Websites more and more under attack

Security company Sophos stated in new report that one web site is under attack every five seconds.

It counted that 15 000 web sites got infected daily from January to March. Last year daily average was 6 000 web sites so threats really are in the rise.

79 per cent of web sites infected this year are legal sites. But there is also good news. Amount of malware included in emails has been decreased. Now one email of 2500 contains malware and that is 40 per cent less than last year.

But not everything is so bright. 92 per cent of all emails were spam during Jan-Mar. Greatest spammer was USA and other great spammers were eg. Russia and China.

Source: Sophos

Crackers target to Beijing Olympics

Security company MessageLabs has recognized many trojan attacks which were related to Olympics theme.

- These attacks have been targeted to organizations which have very valuable and confidential information like army or goverment, says Alex Shipp from MessageLabs.

Different organizations have been approached by name of International Olympic Committee and email header has been related to eg. torch relay. Attackers have been identified to Asia and Pacific region.

Attacks have been usually targeted to only certain persons in organization, amount is limited and credibility is main thing there. Recently in USA was spread widely an email hoax targeted to big company leaders.

In these Olympic attacks have been used eg. Microsoft Office Database (mdb) files hidden in zip archive. After running of mdb file, it drops an infostealing exe file to computer.

Source: MessageLabs

Unpatched vulnerability in Windows

There has been found locally abusable vulnerability from Windows for which there is currently no fix. Microsoft is working on it but haven't found yet any attack related to that vulnerability.

This vulnerability gives users with NetworkService or LocalService accounts a possibility to raise their user rights to LocalSystem level. Microsoft Internet Information Services (IIS) and Microsoft SQL Server services might use those accounts. If attacker is able to execute malicious program code in eg, those services, there are chances to abuse that vulnerability. Microsoft may release a fix outside monthly updates or included to some of those.

Vulnerability is in XP/Server 2003/Server 2008/Vista. Here is a solution before update.

Comodo Firewall Pro 3.0.22.349 released

Comodo Firewall Pro has been 3.0.22.349 released.

See below release notes from Comodo site:

FIXED! BSOD SESSION_INITIALIZATION_FAILED after ChkDsk.
FIXED! BUG causing D+ to allow file modification attempts although it is blocked under some circumstances.
IMPROVED! Reduced false positives for D+ keyboard access alerts.
IMPROVED! Removed false positives for D+ service control manager access for XP computers.
IMPROVED! Increased D+ ability to protect itself from already installed rootkits

Download
Comodo Firewall Pro

Mozilla Firefox 2.0.0.14 released

Mozilla Firefox 2.0.0.14 has been released.

This update fixes 1 critical vulnerability.

For more info about fixed vulnerability, see here

See release notes and download Firefox 2.0.0.14 here

Java Runtime Environment (JRE) 6 Update 6 released

Java Runtime Environment (JRE) 6 Update 6 has been released.

See release notes here
and download update from here (select Java Runtime Environment (JRE) 6 Update 6 and Download).

Remember to uninstall after installation all older Java Runtime Environment versions as they have vulnerabilities which have been fixed in newest version.

Number of malware reached one million

Symantec has released it's semi-annual security report. According to that report, number of malware reached one million. Scary thing is that half of that amount has been created during the last year. Total raise was 136 per cent compared to year 2006.

Majority of malware are for Windows and they are just new versions of already existing malware, usually useful for criminals.

Now most popular malware are trojans which open access to computer and download other malware as well as keylogger which activates on certain web sites only (like banker trojans).

The raise of malware is because of criminals who pay for programmers that they will make new malware for them. New versions are needed that they can steal even bigger amount of money from victims.

Source: Symantec

April Microsoft Updates released

April Microsoft Updates have been released. There are in total 8 new updates. Five of them are classified as Critical and three as Important.

Microsoft Windows Malicious Software Removal Tool has also been updated.

Updates are for mainly Internet Explorer, Vista SP1 and Server 2008 (two updates are for other OSes as well) and MS Office.

Read more here

ERUNT - handy and free registry backup tool.

ERUNT comes from words Emergency Recovery Utility NT.
It is a free and easy-to-use tool for backupping registry.
Backupping will just take seconds and you can even schedule backup to happen upon every boot.

Here is a nice tutorial how to do that.

Read more about ERUNT and download it from here

Banker trojan strikes back

I wrote like a month ago about banker
spreading widely in Finland.

Now another hot Russian lady, Tatjana, seeks for love in Finnish-written email but has a dangerous link included.

Domain originates this time to China.

April Fool version of Storm Worm spreading.

Harry Waldron blogged lately about April Fool version of Storm Worm.

Scary thing is its low detection rate, only 18 % detection in VirusTotal.

So be careful what emails you open.