* Microsoft addresses record 49 flaws in its software

* Affects Windows, Internet Explorer, Office

* Fixes vulnerability exploited by Stuxnet virus (Adds details on Stuxnet virus, comments from researcher)

By Jim Finkle

BOSTON, Oct 12 (Reuters) – Microsoft Corp (MSFT.O) issued its biggest-ever security fix on Tuesday, including repairs to its ubiquitous Windows operating system and Internet browser for flaws that could let hackers take control of a PC.

The new patches aim to fix a number of vulnerabilities including the notorious Stuxnet virus that attacked an Iranian nuclear power plant and other industrial control systems around the world.

Microsoft said four of the new patches — software updates that write over glitches — were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.

Microsoft said it also repaired other less serious security weaknesses in Windows, along with security problems in its widely used Office software for PCs and Microsoft Server software for business computers.

Microsoft released 16 security patches to address 49 problems in its products, many of which were discovered by outside researchers who seek out such vulnerabilities to win cash bounties as well as notoriety for their technical prowess.

“This is a huge jump,” said Amol Sarwate, a research manager with computer security provider Qualys Inc. “I think the reason for it is that more and more people are out there looking for vulnerabilities.”

The geeks who report such vulnerabilities to software makers are known as “white hat” hackers. Sarwate warned that there are also plenty of “black hats,” or criminal hackers who look for vulnerabilities in software that they can exploit to launch attacks on computer systems.

Indeed, the world’s biggest software maker said that the patches released on Tuesday include software to fix a vulnerability exploited by the Stuxnet virus — a malicious program that attacks PCs used to run power plants and other infrastructure running Siemens (SIEGn.DE) industrial control systems.

The virus, which infected computers at Iran’s Bushehr nuclear power plant, was discovered over the summer. Security research Symantec said that it detected the highest concentration of the virus on computer systems in Iran, though it was also spotted in Indonesia, India, the United States, Australia, Britain, Malaysia and Pakistan.

So far Microsoft has patched three of the four vulnerabilities exploited by Stuxnet’s unknown creators.

The total of 49 vulnerabilities exceeds the previous record of 34, which was set in October 2009 and matched in June and August of this year.

The constant patching of PCs is a time-consuming process for corporate users, who need to test the fixes before they deploy them to make sure they do not cause machines to crash because of compatibility problems with existing software. (Reporting by Jim Finkle. Editing by Robert MacMillan, Gary Hill)

http://www.reuters.com/article/idUSN1220677620101012

Computer Clarity

This week’s PandaLabs report looks at two fake antiviruses: PcLiveGuard and GreatDefender.

This type of malware passes itself off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats on their computers.  Panda Security has published a report on fake antiviruses, available at:

http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf

Similarly, the PandaLabs Annual Report also provides information about the situation of this malware at:http://www.pandasecurity.com/img/enc/Annual_Report_PandaLabs_2009.pdf

PcLiveGuard’s icon resembles a legitimate antivirus icon. When run, a typical screen is displayed, asking users if they want to scan their PCs. See pic at: http://www.flickr.com/photos/panda_security/4255539533/

Regardless of whether users accept or not, it will indicate their computer is infected. Here is the image that will be displayed if users scan their PC (http://www.flickr.com/photos/panda_security/4256301498/).

If users do not scan their PC with the fake antivirus, infection warnings are displayed to scare them into purchasing the product.

GreatDefender is a fake antivirus which informs about potentially dangerous software on the computer, due to it not being correctly protected. It tries to get users to pay with their credit cards in order to install the solution.  The objective of the antivirus is to collect personal and bank details provided by users on purchasing it. As this type of malware cannot reproduce itself, it requires user interaction to infect the PC. To do so, it uses its own websites on which it is advertised as one of the best anti-spyware solutions in the market.

Picture available at: http://www.flickr.com/photos/panda_security/4256301526/

When users access the website, they are given the option to download the antivirus, but when they try, the trial version is unavailable and they are redirected to the pay version.  The installation process is similar to that of any antivirus, allowing users to select the language and location of the files. Once the installation ends, the fake antivirus carries out a full system scan.  It then falsely ensures users that their computers are free from any infections.  To make users believe they are protected, an icon is displayed in the Windows desktop, the quick taskbar and the Windows start menu, to make it look as authentic as possible.

Computer Clarity

A brief, general overview of the Microsoft Windows Vista Operating System from the new users point of view.

Computer Clarity

PandaLabs, the anti-malware laboratory of Panda Security, has released its forecast of computer threat trends for the coming year.

More clouds on the security horizon

Welcome to the cloud. In 2007, we launched our first product which took advantage of the cloud, now in 2009 all our products use it and we have launched the first 100% cloud-based antivirus: Panda Cloud Antivirus. We have also seen this year how other major security vendors have followed our steps and taken to the cloud. 2010 will be the year in which all anti-malware companies wanting to offer real-time protection will have to follow suit. And those that don’t will be out of the game.

An avalanche of malware

The amount of malware in circulation will continue to grow exponentially. The greater speed delivered by cloud-based technologies, such as Panda’s Collective Intelligence, will force malware creators to generate even more threats in order to evade detection and elimination. Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antiviruses (rogueware), bots and banker Trojans.

Social engineering

Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc. It is always a good idea to take a suspicious view of any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter, Facebook, etc. Malware creators will continue to be drawn to these types of platforms used by so many people.

Windows 7

Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new OS, and as practically all new computers are coming with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Cell phones

Will 2010 be the year of malware for cell phones? Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90% of the world’s computers running Windows on Intel, meaning that any new Trojan, worm, etc. has a potential victim pool of 90% of the world’s computers. The cell phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications are sometimes not even compatible from one OS version to another. So it is once again unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone –first phone sold directly by Google without tying users to specific operators-; the increasing popularity of Android, not to forget the success of the iPhone. If in some years there are only two or three popular platforms, and if people begin to operate financial transactions from their cell phones, then maybe we could talk about a potential breeding ground for cyber-crime.

Mac

Mac: has the danger arrived? Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive. Mac is used just as PCs are to access social networks, email, the Internet… and these are the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware. These criminals can easily distinguish whether a system is Mac, and they have malware designed especially to target this OS. In 2009 we have already seen numerous attacks, and there are more to come in 2010.

The Cloud

Cloud-based services are not just used for security. We are all using more services delivered from the cloud, often without realizing. Who doesn’t use Hotmail or Gmail as their email service, or Flickr to store photos? But cloud-based services are not limited solely to storage, they are also used for processing data. The cloud is a tool that can help save considerable costs for companies, and as such is rapidly growing in popularity. This makes attacks on cloud-based infrastructure/services far more likely.

Cyber war

Although this term is more associated with science fiction than the real-world, it’s a phrase we are about to start hearing more often. Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion –as yet unapproved- pointing at North Korea. In 2010 we can expect to see similar politically-motivated attacks.

Computer Clarity

Facebook is a favorite hunting ground for hackers. The vast pool of users offered by this popular social network and the ease with which accounts can be hacked make it a highly attractive channel for spreading malware. Such is the case with the latest variant of a well-known worm: Koobface.GK. The bait consists of a Christmas greetings video hosted on a YouTube page. On playing the video, or clicking a link on the page, users will download and install the worm. Image available here

When the virus is installed on a computer, the following image appears and if users fail to enter the corresponding ‘captcha’ (Completely Automated Public Turing test to tell Computers and Humans Apart), it threatens to reboot the computer within three minutes. When the three minutes are up, nothing happens, but the computer is rendered unusable. Every time the captcha text is entered, the worm registers a new domain where the video will be hosted in order to continue being distributed.

According to Luis Corrons, Technical Director of PandaLabs, “social networks have become one of the methods most frequently used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks. Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels”.

Christmas: hackers’ favorite time of year

Internet users often send Christmas greetings to their family and friends over the Web. Infection figures are always high at this time of the year, as new viruses emerge that take advantage of this increased user activity.

Every Christmas we see new malware designed specifically for the festive season:

- MerryX.A appeared in 2005. It reached users’ computers in a Christmas greetings email with an attachment. It was really a Trojan designed to capture keystrokes and steal information. It managed to infect over 50,000 Internet users in only a week. More information

- Zafi.D. Although this worm appeared in 2002, it is still distributed through emails that use Christmas greetings as bait. It opens a port on the infected computer without users’ knowledge and downloads another Trojan.

- The Navidad (Christmas in Spanish) malware family has numerous variants. These astute worms appeared in 2007. They are difficult to detect because they reach computers as a reply to an email which has previously been sent to another (infected) recipient. The message includes the Navidad.exe file which infects computers when run.

Here are a few security tips from PandaLabs when using social networks:

1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Facebook, and through other social networks and even via email.

2) If you click on the links, check the target page. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC starts to launch messages, there is probably malware on your computer.

5) As a general rule, make sure your computer is well protected, to ensure that you are not exposed to the risk of infection from any malicious code.

Computer Clarity