Posts Tagged: Microsoft Word


10
Jun 14

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft today each released updates to fix critical security vulnerabilities in their software. Adobe issued patches for Flash Player and AIR, while Microsoft’s Patch Tuesday batch includes seven update bundles to address a whopping 66 distinct security holes in Windows and related products.

winiconThe vast majority of the vulnerabilities addressed by Microsoft today are in Internet Explorer, the default browser on Windows machines. A single patch for IE this month (MS14-035) shores up at least 59 separate security issues scattered across virtually every supported version of IE. Other patches fix flaws in Microsoft Word, as well as other components of the Windows operating system itself.

Most of the vulnerabilities Microsoft fixed today earned its “critical” rating, meaning malware or bad guys could exploit the flaws to seize control over vulnerable systems without any help from users, save perhaps for having the Windows or IE user visit a hacked or booby-trapped Web site. For more details on the individual patches, see this roundup at the Microsoft Technet blog.

Adobe’s update for Flash Player fixes at least a half-dozen bugs in the widely-used browser plugin. The Flash update brings the media player to v. 14.0.0.125 on Windows and Mac systems, and v. 11.2.202.378 for Linux users. To see which version of Flash you have installed, check this link.

Continue reading →


31
Jul 12

Email-Based Malware Attacks, July 2012

Last month’s post examining the top email-based malware attacks received so much attention and provocative feedback that I thought it was worth revisiting. I assembled it because victims of cyberheists rarely discover or disclose how they got infected with the Trojan that helped thieves siphon their money, and I wanted to test conventional wisdom about the source of these attacks.

Top malware attacks and their antivirus detection rates, past 30 days. Source: UAB

While the data from the past month again shows why that wisdom remains conventional, I believe the subject is worth periodically revisiting because it serves as a reminder that these attacks can be stealthier than they appear at first glance.

The threat data draws from daily reports compiled by the computer forensics and security management students at the University of Alabama at Birmingham. The UAB reports track the top email-based threats from each day, and include information about the spoofed brand or lure, the method of delivering the malware, and links to Virustotal.com, which show the number of antivirus products that detected the malware as hostile (virustotal.com scans any submitted file or link using about 40 different antivirus and security tools, and then provides a report showing each tool’s opinion).

As the chart I compiled above indicates, attackers are switching the lure or spoofed brand quite often, but popular choices include such household names as American Airlines, Ameritrade, Craigslist, Facebook, FedEx, Hewlett-Packard (HP), Kraft, UPS and Xerox. In most of the emails, the senders spoofed the brand name in the “from:” field, and used embedded images stolen from the brands being spoofed.

The one detail most readers will probably focus on most this report is the atrociously low detection rate for these spammed malware samples. On average, antivirus software detected these threats about 22 percent of the time on the first day they were sent and scanned at virustotal.com. If we take the median score, the detection rate falls to just 17 percent. That’s actually down from last month’s average and median detection rates, 24.47 percent and 19 percent, respectively.

Continue reading →


2
Jun 11

Spotting Web-Based Email Attacks

Google warned on Wednesday that hackers were launching targeted phishing attacks against hundreds of Gmail account users, including senior U.S. government officials, Chinese political activists, military personnel and journalists. That story, as related in a post on the Official Google Blog, was retold in hundreds of media outlets today as the latest example of Chinese cyber espionage: The lead story in the print edition of The Wall Street Journal today was, “Google: China Hacked Email.”

The fact that hackers are launching extremely sophisticated email attacks that appear to trace back to China makes for great headlines, but it isn’t exactly news. I’m surprised by how few media outlets took the time to explain the mechanics behind these targeted attacks, because they offer valuable insight into why people who really ought to know better keep falling for them. A more complete accounting of the attacks may give regular Internet users a better sense of the caliber of scams that are likely to target them somewhere down the road.

Google said “the goal of this effort seems to have been to monitor the contents of targeted users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)”

This statement freaked me out a little bit. When was the last time you checked whether your email forwarding settings had been modified? If you’re like me, probably never. This might be the most useful aspect of the Google disclosure, and it contains a few helpful pointers about how to check those settings in Gmail. Google also took this opportunity to remind users about the value of enabling 2-step verification, a security precaution I highlighted in a February blog post.

To my mind, the most valuable content in the Google Blog entry is a footnote that points to the Contagio Malware Dump blog, an incredibly detailed and insightful (if slightly dangerous) resource for information on targeted attacks. It’s worth noting that Google relied on Contagio to reconstruct how the attacks took place, and the author –blogger Mila Parkour — first wrote about these attacks almost four months ago.

Most of targeted email attacks chronicled on Parkour’s blog involve poisoned file attachments that exploit zero-day software flaws in programs like Adobe Flash or Microsoft Word.  This campaign also encouraged people to click a link to download a file, but the file was instead an HTML page that mimicked Gmail’s login page. The scam page also was custom-coded to fill in the target’s Gmail username. Contagiodump has a proof-of-concept page available at this link that shows the exact attack, except populated with “JDoe” in the username field.

Parkour also published an informative graphic highlighting the differences between the fake Google login page and the legitimate page at https://mail.google.com.

Continue reading →


13
May 11

Critical Flash Player Update Plugs 11 Holes

Adobe has released another batch of security updates for its ubiquitous Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks.

In the advisory that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.”

The vulnerabilities exist in Flash versions 10.2.159.1 and earlier for Windows, Mac, Linux and Solaris. To learn which version of Flash you have, visit this link. The new version for most platforms is 10.3.181.14; Android users should upgrade to Flash Player 10.3.185.21 available by browsing to the Android Marketplace on an Android phone; Google appears to have updated Chrome users automatically with this version of Flash back on May 6 (Chrome versions 11.0.696.68 and later have the newest Flash version).

Continue reading →