Autorun Update

March 3, 2011

Microsoft is now pushing out Autorun Update from their Automatic Updates repository. This means that home and SOHO users who are patching their machines from Microsoft, without benefit of WSUS or other management platforms, will have their Autoplay restricted to CDs and DVDs. Since the autoplay of USB keys and other volumes was being badly abused by malware, this is a good thing – just keep it in mind for when your less computer savvy friends call to ask why they aren’t getting that neat popup menu any more when they put in the SD card from their camera.

This update affects WinXP and newer systems.

Windows 7 SP1 Issues

February 24, 2011

Windows 7 Service Pack 1 has been released. And, as with every Service Pack, issues have been reported.

The short version: make sure that you are running the latest version of any security software, including HIDS and antivirus, to make sure that it can accommodate the new version of the OS. And if you’re in a large network environment, a gradual rollout with lots of testing might not be a bad idea. This SP doesn’t actually contain anything urgent, so it’s not necessary to rush the deployment.

Fake AV

January 20, 2011

One of the more common malware scams these days is fake antivirus popups – these are browser windows dolled up to look like Windows Vista or Windows 7 and designed to trick the unwary user into thinking that his or her computer is infested with something malicious. According to the Internet Storm Center, there is another outbreak of these on Twitter today.

Generally, there are two different attacks going on here. The first is that the browser is generally downloading and attempting to execute some malware payload while the fake AV is distracting the user. Some go even farther, prompting the user to enter credit card details to buy the “full version” of the software. The full version does nothing, of course, but by the time the victim realizes that, he or she is already out the money and has turned the credit card number over to a pack of criminals.

This is bad.

If you get an antivirus popup, be absolutely certain that it is from a legitimate piece of software running on your computer. As you can see from the screen shot above, these false ones often fail to obscure the location bar and the other browser controls; some are more sophisticated than others, of course, but most of them are fairly obvious fakes like the one above. And remember that no legitimate antivirus vendor will accost you for additional payment to remove a virus. That’s another sign that you’re being duped.