Archive for January 6th, 2008

MySpace, Excite, and Blick Serve Up Malicious Banner Ads

January 6th, 2008 by Jake Soriano (Technical Communications)

Here’s another case to illustrate the importance of installing security updates, installing them in a timely manner, and installing not just OS updates, but those for third-party software applications as well.

Taking advantage of system vulnerabilities — most often the result of missing, or uninstalled, patches — malware authors are continually taking advantage of websites that have significantly high traffic (and this everyone knows) to target unsuspecting users.

Social networking site MySpace is reportedly said to be laced with banner ads that install malicious programs and files. Trend Micro detects some of these files as employing encryption similar to known variants of RBot, SDBot, and SPYBot malware.

This would not be the first time that MySpace has been compromised.

In November last year, TrendLabs analysts found pages of the social networking site embedded with codes that redirect users to malicious sites.

Similar banner ads were found on the popular search portal Excite.com. Brian Krebs of the Washington Post wrote that there are ads on the Web site containing malicious code, which redirects users to a page that tries to install a malware informing users of a bogus system infection, and then urges them to purchase the software that can “clean” the supposed infections.

The German Web site Blick was reported to have these same malicious banner ads as well.

Social networking sites have been targets of malware authors for a while now because of the large number of people who use them. Users are always reminded to exercise caution in their social networking activities online. And again, everyone is reminded to install all the necessary patches once they are available.

MS Office 2003 SP3 Literally Leaves Past Behind

January 6th, 2008 by Jovi Umawing (Technical Communications)

Microsoft seems to have started its 2008 on the wrong foot and drawing criticism just a day after the New Year. The Register is reporting Microsoft’s Office 2003 Service Pack 3 to be blocking old file formats that were defined to be less secure.

This includes legitimate file formats accessible to Microsoft’s own applications, such as MS Office Excel 2003, MS Office PowerPoint 2003, and MS Word 2003. This update also blocks file formats supported by Corel Draw, a graphics editing tool of software giant Corel.

Below is a list of some of the file formats blocked by the Office 2003 update, which was launched last December:

  • .wk1
  • .wk4
  • .wj3
  • .wks
  • .wk3
  • .wj2
  • .wq1
  • .fm3
  • .wj1
  • .ppt
  • .pot
  • .pps
  • .ppa

Microsoft advises their users to enable access to such files in case the need to use them arises. More of Microsoft’s information workaround regarding blocked files types are found here.

David LeBlanc, Microsoft’s Senior Developer, prescribes a number of links where Office XP 2003 users can still use the blocked file formats.

Much speculation about this blocking plan has been circulating for quite some time now, but official word is that Microsoft had done it for security’s sake. Some may not completely agree with this train of thought. Nevertheless, LeBlanc assured Microsoft clients (and his blog readers) that “this (the blocking of old file formats) is the right thing to do.”

Subscribe in a reader

Most Recent Posts

Calendar

January 2008
M T W T F S S
« Dec   Feb »
 123456
78910111213
14151617181920
21222324252627
28293031  

Posts by Month


Scan for free!