A Blast from the Past

September 9, 2010

Today, the world of PC malware seems to have taken a step back in time, back to the days of viruses and worms distributed by E-mail.  A new variant of this time-worn attack seems to be making the rounds; it comes in an E-mail with a Subject: line like “Here you have” or “Just for You”. It contains a link which, to a casual glance, looks like it points to a PDF document  — it may have a name like PDF_Document21_025542010_pdf.scr. However, the file is actually an executable. If clicked, it will attempt to download some additional software, and install itself to the \Windows directory under the name CSRSS.EXE. (There is a legitimate file by this name in the \Windows\System directory.)   It also tries to disable anti-virus software, and to send itself to everyone in the victim’s Outlook address book.

Given this attack, and the outstanding security flaw in Adobe’s Acrobat and Reader, it is a Very Bad Idea to open anything in E-mail that appears to be a PDF document, unless you are sure you know what it is and where it came from.

There is an article at Kaspersky’s ThreatPost blog on this worm, and another at the McAfee Labs anti-virus blog.

Update Friday, 10 September, 11:50 EDT

Microsoft’s Malware Protection Center blog also has an article on this worm/virus, which has now been named Visal.B.

Microsoft Patch Tuesday Preview, September 2010

September 9, 2010

Today Microsoft published its usual preview of the security updates it plans to release next Tuesday, September 14.  The Security Bulletin Advanced Notification lists nine updates to be released this month.  Four of these have a maximum severity rating of Critical, and five are rated Important.   All supported versions of Microsoft Windows are affected; the breakdown by version and severity is given in the table below.

Windows Version Critical Important
Windows XP+SP3 3 5
Windows Vista 2 2
Windows Server 2003 2 6
Windows Server 2008 2 3
Windows 7 3
Windows Server 2008 R2 3

There is also one bulletin that affects Microsoft Office, with an Important rating, and one that affects Outlook, rated Critical.

Most of these updates will probably require a system reboot.  As usual, the details are subject to change between now and the official release on Tuesday.   I will post an update here when the final bulletin and patches are released.

Opera Releases 10.62

September 9, 2010

Opera Software has released a new version of its Opera browser, version 10.62, for Windows, Linux, FreeBSD, and Mac OS X.   This release incorporates bug fixes to the user interface, scripting, and the mail/news/chat function.  It also incorporates a fix for the Windows “DLL Hijacking” vulnerability.  Further information is in the Change Logs; there are separate pages for Windows, Linux/UNIX, and Mac OS X.

I recommend installing this update; you can get the new version via the built-in update mechanism (Main menu: Help / Check for Updates), or you can download versions for all platforms here.

%d bloggers like this: