Posts filed under 'Microsoft'
March 6th, 2008 by Bernadette Irinco (Technical Communications)
The critical role that mobile phones play in our lives today make them a favorable target for malware authors. Mobile phones contain a lot of users’ vital information in the same way as their PCs. This is why it is not surprising to see mobile malware enter the threat landscape.
Recently, a malware targeting Windows Mobile PocketPC was found and analyzed by Trend Micro researchers. Detected as WINCE_INFOJACK.A, this worm specifically runs on Windows CE environment, leaves the mobile phone open to other malware and installs unsigned applications without the user’s consent. It also steals information like Mobile IMEI or serial number, OS version, model and platform and hosts name among others to which it sends back to the malware author/s. Aside from this, WINCE_INFOJACK.A also changes the security settings of the affected phone.
Users can get infected once they insert an infected memory card on the mobile device or through SMS. Just last January, Trend Micro also discovered SYMBOS_BESELO.A, a Symbian malware that disguises as a multimedia file and infects phones running Symbian/S60 2nd edition OS.
“These gadgets are running faster and better,” Trend Micro Research Manager Jamz Yaneza says in a news article last February 27.”Because it’s running like a regular PC, you should treat it like a regular PC.” Clearly this shows that mobile malware is already cementing itself as a security threat that we should also watch out for.
January 17th, 2008 by Jasper Pimentel (Advanced Threats Researcher)
On January 15, Microsoft released Security Advisory (947563), which reports of a newly discovered vulnerability in Microsoft Excel. This vulnerability allows a remote user to execute code on the affected system once the victim opens a specially crafted Excel file with malformed headers.
This vulnerability affects the following software:
- Microsoft Office Excel 2003 Service Pack 2
- Microsoft Office Excel Viewer 2003
- Microsoft Office Excel 2002
- Microsoft Office Excel 2000
- Microsoft Excel 2004 for Mac
According to Microsoft, “At this time, we are aware only of targeted attacks that attempt to use this vulnerability.” Note that this vulnerability is still under investigation. Although the risk at this time seems to be limited, it is highly probable that malicious authors are already trying to exploit this vulnerability, knowing especially that Office documents can be effective vectors of infection for malicious attacks. Users should be extra vigilant of Office files that they receive from untrusted sources or that are received unexpectedly from trusted sources.
More information about this vulnerability can be found on this site:
January 12th, 2008 by Arman Capili (Technical Communications)
The online gaming industry suffered another security setback as Microsoft’s popular online gaming service, Xbox Live, was reported to have experienced a high-profile hacking incident.
On 29 December 2007, Halo 3 star gamer Colin Fogel found himself logged out of his Xbox Live account one minute, then completely barred from it the next. According to Fogel, this is the third time he fell victim to a hacking incident, considering his popularity in the gaming industry.
He rose to fame after showcasing how a Halo 3 player can shoot and kill himself using his own sniper rifle. He was awarded a special piece of in-game Recon armor by Bungie Studios, makers of Halo 3.
Very lucrative as it may seem, there’s more than Fogel’s prized Recon armor that can be hoarded from his account. Xbox Live accounts typically contain critical user information such as credit card numbers, MSN and Hotmail credentials, and home addresses. This is reminiscent of previous online game thefts usually targeted at avid gamers, looting precious gaming data that has an equivalent monetary value.
While other online games are plagued with malware and spyware info-stealers, Xbox Live seems to be more vulnerable to social engineering tactics of hackers—and they are taking pride by bragging it in online forums. These hackers take the guise of legitimate Xbox Live users and manage to solicit information from support employees. Now, that’s one gaping hole Microsoft has to plug soon.
Fresh from the frenzy of determining which gaming console topped the holiday sales, Microsoft and other manufacturers should start focusing on this kind of security issue. The multi-billion dollar gaming industry may soon find its followers losing it out not only in the virtual world, but being bled financially as well.
January 9th, 2008 by Jovi Umawing (Technical Communications)
As fresh as the New Year is the new round of Patch Tuesday releases for the year. For January, Microsoft released the following two (2) security bulletins:
Critical Bulletin
Important Bulletin
Windows users are advised to keep their systems up-to-date by applying the necessary patches supplied by Microsoft. You may refer here for the Windows Update Center.
January 6th, 2008 by Jovi Umawing (Technical Communications)
Microsoft seems to have started its 2008 on the wrong foot and drawing criticism just a day after the New Year. The Register is reporting Microsoft’s Office 2003 Service Pack 3 to be blocking old file formats that were defined to be less secure.
This includes legitimate file formats accessible to Microsoft’s own applications, such as MS Office Excel 2003, MS Office PowerPoint 2003, and MS Word 2003. This update also blocks file formats supported by Corel Draw, a graphics editing tool of software giant Corel.
Below is a list of some of the file formats blocked by the Office 2003 update, which was launched last December:
- .wk1
- .wk4
- .wj3
- .wks
- .wk3
- .wj2
- .wq1
- .fm3
- .wj1
- .ppt
- .pot
- .pps
- .ppa
Microsoft advises their users to enable access to such files in case the need to use them arises. More of Microsoft’s information workaround regarding blocked files types are found here.
David LeBlanc, Microsoft’s Senior Developer, prescribes a number of links where Office XP 2003 users can still use the blocked file formats.
Much speculation about this blocking plan has been circulating for quite some time now, but official word is that Microsoft had done it for security’s sake. Some may not completely agree with this train of thought. Nevertheless, LeBlanc assured Microsoft clients (and his blog readers) that “this (the blocking of old file formats) is the right thing to do.”
Previous Posts
