Computer Support Network

Using major holidays as a means to infect consumer computers is nothing new but in recent years the practice has become more elaborate and invasive. With greater access to content creating applications such as Flash and Photoshop the malware created by cybercriminals often rivals legitimate content in visual quality. The first batch of this year’s holiday malware has already been unleashed, and with it, nine possible exploits for your systems.

This latest batch of malware targets major vulnerabilities in IE6, Firefox Embed, Adobe Reader 8.1.2, Microsoft Excel, and some versions of Adobe Flash Player. Ironically most of the vulnerabilities listed above have already been patched by their respective manufacturers. Despite this, early reports of infection rates indicate that the majority of computers users still are not updating their systems. The worst of the vulnerabilities is contained within Internet Explorer 6. With IE7 having been released two years ago and IE8 set for release next year there is really no reason to be using such an outdated web browser.

Beyond updating or patching your computer software the best defense is common sense. Most Cybercriminals use endearing or provocative material to encourage browser interactions. The best way to avoid complications is to not click on content contained on website of unknown ownership. The majority of malware applications are spread through email without the senders ever knowing there is a problem. Avoid becoming part of chain emails, don’t open attachments, and avoid following links in emails from people you do not know. Employers should especially discourage these practices from an office setting as viruses are often equipped to spread over Local Area Networks. A single system compromise could damage a whole office network. In short, make sure all of your computer assets are patched and browse intelligently this holiday season to ensure that you have a better New Year than the Cybercriminals.

- Richard Keene
IT Computer Support of New York
Design and Optimization Department

Back before the onset of Windows 95 Boot Viruses were all the rave for malware distributing hackers. Back then Microsoft saw the problem managed to solve the issue of the auto installing viruses. Now more then ten years later the same problem has again risen and it’s more dangerous than ever.

Portable USB storage devices are now as common as floppy diskettes were ten years. USB devices offer fast reusable storage capability that surpassed CD’s in size a couple years ago; but this infinitely useful resource is now being put to use for malicious purposes. Because the price of USB devices decreased significantly in the last year they are now easily distributed and because of this they are easy targets. Hackers and companies looking to install invasive spyware have now taken to including their launcher programs on the devices. The greatest risk of this comes from the way Windows interacts with USB devices.

By default Windows XP and newer operating systems have Autorun functionality on by default. Autorun was meant to be a conveyance feature, allowing any USB device to automatically start upon insertion. This feature is now working against users, however, as simply inserting a USB hard drive has the potential to infect your computer. Windows XP SP1 has the greatest vulnerability to this form of attack. Service Pack 2 took small steps to prevent this, and at least asks before the application auto executes, but there are still risks. Navigating to the drive in question will still result in Windows auto running device executable files by default.

While any computer system can be infected in this manner business computers are in the most danger. Business computers are often lacking in critical system updates, experience high amounts of data traffic, and are operated by users who understand little about the operation of their systems. While banning the use of USB storage devices from your office setting would be a drastic and heavy handed step it is not unreasonable to take other measures. The Autorun service can be turned off from the Windows settings manager which would prevent the greatest risk to systems. As an added precaution most Antivirus software can be set to scan USB devices when they are inserted. Until Microsoft takes steps to release an official fix these are two of the best precautions you can take.

- Richard Keene
IT Computer Support of New York
Design and Optimization Department