Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

VMware Security Updates VMSA-2010-0018

Published: 2010-12-03
Last Updated: 2010-12-03 07:45:37 UTC
by Mark Hofman (Version: 1)
0 comment(s)

VMware has released some security updates.

VMSA-2010-0018
http://lists.vmware.com/pipermail/security-announce/2010/000112.html

http://www.vmware.com/security/advisories/VMSA-2010-0018.html (link is not live yet, but should be soon.)

 

M

Keywords:
0 comment(s)

AVG Update Bricking windows 7 64 bit

Published: 2010-12-03
Last Updated: 2010-12-03 04:24:55 UTC
by Mark Hofman (Version: 1)
15 comment(s)

 We've had a few reports on AVG updates breaking things on Windows 7 64 bit  (thanks Bill, et all). 

The problem lies with the mandatory update. 

The AVG site has some info on how to deal with the issue here http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=94159

  • Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD).  In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I  guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else.  

M

Keywords: AVG Updates
15 comment(s)

T'is the season to be SPAMMY, trallalalaa la la la laaa

Published: 2010-12-03
Last Updated: 2010-12-03 04:15:53 UTC
by Mark Hofman (Version: 1)
0 comment(s)

As we count down towards the end of the year and the festive season for a considerable part of the planet, we've started seeing some small increases in SPAM on the system I look after.  The increases are smallish at the moment, but if the trend follows previous years General Mambuto has some extra cash to spend in your country, Sargent Jones has found some valuables which he is willing to share, Adobe has a new version out called 2011, likewise Skype apparently has a new version of their application also called 2011 (Thanks Dorothy for those last two).  In other words SPAMmers are getting ready for the festive season and have updated their SPAM to suit the season.

In the last week or so we've also started seeing some types of spam sneaking through what typically are very robust and accurate anti SPAM products. One of the reasons for this seems to be part of the various reputation filters used by a number of the products.  Reputation filters are used to determine what should be done with the message.  If the sender IP has a good reputation, then maybe there is no need to spend CPU cycles on anti SPAM or AV checks.  The problem with a few of the runs over the last week (and maybe this is just regional) is that all of them have been sent from systems that have very good reputations.  The products using reputation filters are delivering these messages because the score is high enough for the message to bypass the anti SPAM checks.   The messages I'm seeing are these pesky ones: 

I just earned $765 in three days doing simple tasks! I used - http://x.co/randslkdjs You will thank me for this! 

Sometimes it has a subject line. Sometimes not.  The link takes you to a tracker and then to a website for "home work" (read mule, I'm guessing).

The product update messages are typically along the lines of:

This is to notify/remind that a new version of 'insert product here' 2011
has new features. blah blah blah...
click here

The domain is typically something that has 2011 in the domain.  e.g. "official-skype-2011.com", or "adobe-2011-download.com", etc.

Over the next few weeks keep an eye on your SPAM filters and check what is getting through.  You may want to send your users a little reminder on what is going around this year.

If you have examples of things that are sneaking through your SPAM filters I'd appreciate the headers. 

Cheers

Mark H 

Keywords: SPAM
0 comment(s)
Diary Archives