Security Alerts

Disclaimer: This information is provided as a courtesy to Carnes Group clients and other interested parties.   Carnes Group intends this communication as informational only and takes no responsibility for any actions you might take based upon this information.

Microsoft Internet Explorer 7.0, the latest version of the Microsoft browser, is now available for download today.  Some of the new features include tabbed browsing (much easier!), RSS news feeds, new security against "phishing" web sites, new parental controls, ability to select as many search engines as you want, advanced printing to one page, "fix my settings" feature, and much, much more. For a full list of features please visit the Internet Explorer information page at http://www.microsoft.com/windows/ie/ie7/about/features/default.mspx.

To download and install Internet Explorer 7.0

1. Make sure you have a fast internet connection and you are connected

2. Uninstall any Beta or RC copies you might have of Internet Explorer 7.0 and reboot your PC.

3. Run Microsoft Updates to make sure your PC is current with all updates:

    http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

4. Download the software and Save it your hard drive:

    http://www.microsoft.com/windows/ie/downloads/default.mspx

5. Close ALL running program and browser windows

6. Browse to the saved files and run the installation program.  When completed, you must reboot your PC.

7. Open internet Explorer and set your options and search engine.

8. Re-run Microsoft Updates to make sure your PC is current with all updates (see step 3)

Microsoft will no longer support Windows XP SP1 and SP1a with security updates after October 11, 2006.  Patches for SP1 and SP1a were issued on October 10th for 10 vulnerabilities - 2 “critical”, 3 “important," 2 "moderate," and 3 "low."  Windows XP SP2 is a free of charge update first issued in 2004 and can be downloaded at http://www.microsoft.com/windowsxp/sp2/default.mspx.  Carnes Group urges all Windows XP users to upgrade to SP2 as soon as possible.

Computer maker Dell Inc. will recall 4.1 million laptop computer batteries because of a potential fire hazard, the company announced Monday.  The lithium-ion batteries being recalled are installed in 4.1 million laptops sold between April 2004 and July 18 of this year.

According to Dell, the laptops with which the batteries were sold were the :
Latitude   D410, D500, D505, D510, D520, D600, D610, D620, D800 and D810;
Inspiron   6000, 8500, 8600, 9100, 9200, 9300, 500m, 510m, 600m, 6400, E1505, 700m, 710m, 9400 and E1705
Precision M20, M60, M70 and M90 mobile workstations
XPSTM , XPS Gen2, XPS M170 and XPS M1710.

If you have one of these models, please go to   https://www.dellbatteryprogram.com/Default.aspx
to see if your battery is affected, and if so, and follow the instructions from Dell.

FYI - this is why we stress to keep your PC's and servers up to date!  If you downloaded the patches from last Tuesday you should be safe.

August 14, 2006 (IDG News Service) -- Hackers are actively using exploit code to target a flaw in Microsoft Corp.'s software that generated a special warning from the U.S. government last week (see
"New Microsoft patch prompts DHS warning").

The problem involves a networking function called Windows Server services within the Windows operating system that is used for file sharing and printing.

Microsoft last week issued Patch MS06-040 for the problem, which affected several Microsoft operating systems.  Security experts warned then that exploit code had been detected and could be used more widely.

However, the latest exploit code affects only users running Windows 2000 who have not applied the patch, Microsoft said. The effect so far from the malware, which the company calls "Win32/Graweg," has been minimal, the company said.

"We are not currently aware of widespread customer impact," Microsoft said Sunday.

The SANS Institute reported yesterday other names given to the exploit code by security vendors. Symantec Corp. calls it "W32.Wargbot," and TrendMicro Inc. has named it "Worm.IRCBOT.JK and JL." McAfee Inc. goes by "IRC.Mocbot," and F-Secure Corp. refers to the malware as "IRCBOT-ST."

The malware is a "bot," a class of malicious code that allows a hacker to take remote control over a computer. It appears  to be a version of one called "Mocbot," which first appeared in late 2005, according to Lurhq Corp., a security company.  Both SANS and Lurhq said two similar versions of the bot are circulating.

Once on an infected machine, the bot contacts remote servers in China over Internet Relay Chat, Lurhq said.

"Historically, Chinese [Internet service providers] and government entities have been less than cooperative in taking action against malware hosted and controlled from within their networks," Lurhq said in an advisory.

The bot is capable of several malicious functions, Lurhq said. It can send messages through a user's AOL LLC Instant Messenger account, an activity that could be used to trick other users into downloading the bot. The bot can also be used to launch a distributed denial-of-service attack, Lurhq said.

In addition, the bot could spread itself to other computers on a network, giving it worm-like characteristics. However, Microsoft said the exploit code does not appear to be self-replicating at this point.

The U.S. Department of Homeland Security highlighted the MS06-040 vulnerability a day after Microsoft issued a patch, saying it "could impact government systems, private industry and critical infrastructure, as well as individual and home users."

Microsoft issued a total of 12 fixes this month on what's known as "Patch Tuesday."

FYI - For Carnes Group Remote Monitoring or Support Agreement customers, we will handle the updates for you (unless you have specified otherwise).  For our other customers, please make sure you apply these patches.

August 03, 2006 (IDG News Service) -- August will be another big patch month for Microsoft Corp., with the vendor releasing 12 security bulletins next Tuesday to fix holes in both its Windows OS and the Office productivity suite.

Ten of the patches will affect Windows, with at least one of those rated a critical update. The other two security updates, at least one of which is also rated critical, affect Office. Critical flaws are those that can be exploited by attackers to run unauthorized code on a PC without any user action.

The patches, some of which will require a restart, will be released Tuesday as part of Microsoft's regularly scheduled monthly security update, which security researchers call Patch Tuesday. Microsoft's advance note on the updates was posted on TechNet.

Also on Tuesday, Microsoft will release an updated version of its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. The company will also release two nonsecurity high-priority updates for Windows on Windows Update and Software Update Services.

Patch Tuesday has been keeping systems administrators busy lately as the company has been responding to hacker attacks on unpatched flaws in its software, particularly a series of attacks on its Excel spreadsheet software.

Microsoft released seven patches in July, some of which addressed the much-publicized Excel bugs that Microsoft confirmed in June. Systems administrators also were busy with regularly scheduled monthly patches that month as Microsoft released 12 security updates.

This threat, known as the Trojan.Mdropper.H virus, arrives as a Microsoft Word document. The subject line of the e-mails that carry the virus can vary. However, the following files have been confirmed to be associated with this virus:

final.doc (subject line of final agreement)
NO.060517.doc.doc (Symantec information)

It is important to know the only way to become infected with the virus is by opening an attachment that contains the virus. Therefore, delete any suspicious e-mail messages in your inbox, especially those with this file attachment.

JANUARY 23, 2006 (IDG NEWS SERVICE) - Antivirus vendors are warning of a rapidly
spreading worm that is carrying a potentially destructive set of instructions. The Nyxem worm --
also nicknamed the Kama Sutra worm -- is programmed to overwrite all of the files on computers
it infects on Feb. 3, said Mikko Hypponen, chief research officer at F-Secure Corp.
F-Secure researchers found the worm truncates files to 20 bytes and causes an error message
when one is opened, he said.

"We are expecting to see problems in two weeks' time," Hypponen said.

The worm appears to be programmed to overwrite all files on the third day of every month,
Hypponen said. So far, there's no indication where Nyxem originated.

While most antivirus vendors have issued updates for their software, Nyxem is spreading quickly,
and its creators have posted a counter on a Web site that records new infections. According to
F-Secure's security blog, the counter was showing around 510,000 infections as of Sunday night.

Nyxem infections may be rising because it is taking advantage of computers that have already
had their antivirus software disabled by some other virus such as Bagle, Hypponen said.

The worm, which is spread through e-mail, uses a dated technique to entice users by promising
pornography, said Graham Cluley, senior technology consultant, at Sophos PLC. Nyxem lacks
the sophistication of recent Trojan horse-style viruses that are more targeted and less prevalent
in order to evade detection, Cluley said.

Nonetheless, users appear to still be clicking, and the worm was accounting for about 35% of
virus traffic as of Monday morning, he said.

"It's a bit of a throwback to an old trick," Cluley said.

The worm harvests e-mail addresses and then sends itself out again. The e-mail subject
line may contain text that says "Miss Lebanon 2006" or "School girl fantasies gone bad," according to Sophos.

News reports that the SOBER worm and its many variants are triggered to send a massive attack tonight.

Please take extra care opening any email with an attachment from someone you do not know, or
from someone that has a suspicious looking attachment.  The Sober worm has many versions, all nasty,
and most are very hard to clean.  It is being said that many attacks will occur over the next few weeks,
so please be vigilant for this worm.  Please keep your anti-virus up to date and run your anti-spyware programs. Above all, be careful!