SoSecure.Org

 
It encrypts your files and asks you for ransom to decrypt your personal files.

Stay vigilant, and do not click on unsolicited links or unknown attachments.

Keep your system up-to-date and make sure you have an antivirus (eg. Trend Micro Titanium).

If you have any questions or need further assistance, email us at info@sosecure.org.
 

 
A new Zero-Day Vulnerability is currently being exploited heavily!
An attack on this vulnerability will allow unauthorized remote code execution with a drive-by download or a phishing email. And a Proof-of-Concept is already available publicly.
 
Here are your options to prevent damages:

• For corporate users, few detections are available from different AV vendors, but Trend Micro’s Virtual Patching solution has full protection since 2012/09/17
• If you are a home user, and have Trend Micro Titanium, upgrade it to the 2013 Edition
• Do not open web sites, files or emails from untrusted sources
• If your computer is acting abnormal, get our tools (i.e. RescueCD, FakeAV Remover)
• Apply a Fix It Tool from Microsoft (do not forget to remove the “Fix It Tool” when a patch is released from Microsoft)

 
UPDATE (2012/09/24): Microsoft has released a patch to fix the issue. Make sure you apply it as soon as possible (MS12-063).
 

SmartPhones are being used heavily these days, brands using mainly Android, iOS or Blackberry operating systems are popular, thus, being targets of criminals.
 
To summarize the issue, here is a great info-graphic:
 

 

• 1971: Creeper (First virus in the ARPANET)
• 1982: Elk Cloner (First external media virus targeting Apple II)
• 1987: Jerusalem (Hebrew University of Jerusalem)
• 1992: Michelangelo (First dormant malware, awakens at Michelangelo’s Birthday)
• 1999: Melissa (First Ransomeware)
• 2000: I Love You (First Super Spammer)
• 2001: Code Red & Nimda (First vulnerability-based propagating malware)
• 2004: Sasser (Extremely damaging vulnerability-based propagating malware)
• 2005: Mytob (aka Zotob) (First Bot/Spammer malware)
• 2007: Storm BotNet (First peer-to-peer BotNet)
• 2008: Koobface (First SocialNetwork-based BotNet)
• 2009: Conficker (First Worm/BotNet with Bleeding-Edge defensive techniques)
• 2010: Stuxnet (First worldwide cyberwar malware)
• 20XX: Watch out for your Smart Phone 😉

 
A new Zero-Day Vulnerability just poped-up as a gift for everyone this Xmas!
An attack on this vulnerability will allow unauthorized remote code execution inside the “iexplore.exe” application. The vulnerability resides in a memory corruption within Microsoft’s HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. And a Proof-of-Concept is already available publicly.
 
Here is what you can do to prevent damages:

• If you want to fix the issue temporarily, use EMET from Microsoft
• Do not open web sites, files or emails from untrusted sources
• If your computer is acting abnormal, get our tools (i.e. RescueCD, FakeAV Remover)
• Apply Microsoft’s Patch when it becomes available

 
UPDATE (2011/02/09): Microsoft has released a patch to fix the issue. Make sure you apply it as soon as possible (MS11-003).
 

 
An old discovery of a Zero-Day Vulnerability in the way Windows hands a “DLL” to an application has been disclosed publicly for a large number of applications (Theoretically, any application running on Windows is affected). The way Windows is PreLoading DLLs is extremely unsafe, here is an example:

• A colleague sends you a PowerPoint presentation (\\FileServer\MyPresentation.ppt)
• You open the file from that network share
• Windows will load the required PowerPoint DLLs from that share first, if they exist

Now, this is your colleague, but an attacker will have a malicious DLL in the same location, with the exact name of the DLL required by PowerPoint to execute unauthorized code remotely!
 
As per Microsoft, the vulnerability is applicable only to applications which do not load DLLs securely.
 
Scareware criminals are already taking advantage of the vulnerability to earn profit by installing unauthorized software on user machines (i.e. Fake Antivirus).
 
Here is what you can do to prevent damages:

• If you want to fix the issue temporarily, use this Fix It Tool from Microsoft
• Do not open files or emails from untrusted sources.
• If your computer is acting abnormal, get our tools (i.e. RescueCD, FakeAV Remover)
• Apply Microsoft’s Patch when it becomes available (Do not forget to disable the Fix)

 
A recent discovery of a Zero-Day Vulnerability in the “Windows Help Centre” HCP Protocol Handler, which does not handle correctly malformed “Escape Sequences”. Hence, executing code remotely without the authorization of the user.
 
As per Microsoft, the vulnerability is applicable only to Windows XP and Windows Server 2003.
 
Scareware criminals are already taking advantage of the vulnerability to earn profit by installing unauthorized software on user machines (i.e. Fake Antivirus).
 
Here is what you can do to prevent damages:

• If you want to fix the issue temporarily, use this Fix It Tool from Microsoft
• If you visit a website, and the Help Centre opens, shutdown your machine
• If your computer is acting abnormal, get our tools (i.e. RescueCD, FakeAV Remover)
• Apply Microsoft’s Patch when it becomes available (Do not forget to disable the Fix)

Try the following harmless Proof-of-Concept (at your own risk):

• OSVDB-65264 – PoC (Remote Execution of a simple PING)

 
UPDATE (2010/07/13): Microsoft has released a patch for this issue (MS10-042). Please update as soon as possible.