http://www.pcworld.com/article/205220/here_you_have_virus_tries_to_delete_your_security_software.html

'Here you Have' Virus Tries to Delete Your Security Software

Sep 10, 2010 6:14 pm

On Thursday, a new worm hit the Internet, and it’s been spreading by emailing the address books of infected users, according to McAfee Labs. By masquerading as a benign PDF, the worm looks something like this when it shows up in your inbox:

Subject: Here you have (or “Just for you”)

Body: This is The Document I told you about, you can find it

Here. [link]

Please check it and reply as soon as possible.

Cheers,

As you may have guessed, the URL doesn’t actually take you to a PDF, but instead to an executable with the extension .scr. While the domain linked to in these infected e-mails is no longer live, infected computers can still be spreading virus messages. When the virus is run, it installs itself as CSRSS.EXE in the Windows directory, then e-mails the contents of your address book. It also spreads through mapped drives, remote machines, and removable media. The virus then attempts to download files and delete security software, including virus protection?

What can you do to prevent the spread of this virus? First off, don’t click suspicious links in email, even if you know the sender. Second, have you updated your virus definitions lately? McAfee, Norton, and other security software companies have updated their definitions file to handle the “Here you have” worm.

Microsoft also offers free Security Essentials for Windows users, which helps protect against viruses, malware, and worms such as “Here you have”. If you’ve been infected, disconnect your machine from the Internet, install the latest version of an antivirus program on a removable drive, then use it to disinfect your machine.

http://www.pcworld.com/businesscenter/article/205326/antius_hacker_takes_credit_for_here_you_have_worm.html

Business Center September 12, 2010 6:00 PM

Anti-US Hacker Takes Credit for 'Here You Have' Worm

A hacker who claims he was behind a fast-spreading e-mail worm that crippled corporate networks last week said that the worm was designed, in part, as a propaganda tool.

The hacker, known as Iraq Resistance, responded to inquiries sent to an e-mail address associated with the "Here you have" worm, which during a brief period early Thursday accounted for about 10 percent of the spam on the Internet. He (or she) revealed no details about his identity, but said, "The creation of this is just a tool to reach my voice to people maybe... or maybe other things."

He said he had not expected the worm to spread as broadly as it had, and noted that he could have done much more damage to victims. "I could smash all those infected but I wouldn't," said the hacker. "I hope all people understand that I am not negative person!" In other parts of the message, he was critical of the U.S. war in Iraq.

On Sunday, Iraq Resistance posted a video echoing these sentiments and complaining, through a computer-generated voice, that his actions were not as bad as those of Terry Jones. Jones is the pastor at a small Florida church who received worldwide attention this week for threatening to burn copies of the Koran.

Security experts agree that the worm could have caused more damage. However, it did include some very malicious components, such as password logging software and a backdoor program that could have been used to allow its creator to control infected machines. But because the software was not terribly sophisticated, it was quickly shut down as Web servers that it used to infect machines and issue new commands were taken offline last week.

"Here you have" spread when victims clicked on a Web link and then allowed a malicious script to run on their computer.It is the more-successful follow-up to an August worm that included the e-mail address that Iraq Resistance used to communicate with the IDG News Service.

According to Cisco, the worm accounted for between 6 percent and 14 percent of the world's spam for a few hours Thursday. It primarily gummed up corporate e-mail networks in the U.S.

It is the first worm in years to have such a widespread and noisy effect, hearkening back to the days of the Anna Kournikova worm. Nowadays, most malware writers don't want to draw attention to their activities, because they generally want to keep their malicious software hidden away on victims' computers as long as possible.

Disney, Proctor and Gamble, Wells Fargo and the U.S. National Aeronautics and Space Administration (NASA) are among the organizations reported to have been hit by the worm.

SecureWorks Researcher Joe Stewart believes that Iraq Defense is a Libyan hacker who is trying to gain followers for a cyber jihad hacking group called Brigades of Tariq ibn Ziyad.

Tariq ibn Ziyad was the eighth century commander who conquered much of Spain on behalf of the Umayyad Caliphate. Iraq Resistance's YouTube video has a Spanish theme too. It shows a map of Andalucia, and Iraq Resistance lists his location as "Spain" in his YouTube profile.

In his e-mails, Iraq Resistance did not answer questions about his identity, saying that he was worried about his safety. "I think this information is enough for you and having more looks like [an] investigation," he said. "I don't see myself that criminal."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

http://www.pcworld.com/businesscenter/article/205088/hackers_exploit_new_pdf_zeroday_bug_warns_adobe.html

Business Center September 08, 2010 4:01 PM

Hackers Exploit New PDF Zero-day Bug, Warns Adobe

By Gregg Keizer, Computerworld

Adobe today warned users that attacks have begun exploiting an unpatched bug in its popular Reader and Acrobat

The company issued an advisory on short notice today, saying that it had learned of in-the-wild attacks only on Tuesday.

"A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh," Adobe's warning read. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.

"Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability," the advisory added.

Other than to say that "at this point, [attacks] appear to be limited," Adobe offered little information on the bug today.

But Mila Parkour, the independent security researcher who reported the bug to Adobe on Tuesday, had plenty in a post to her Contagio Malware Dump blog.

Parkour uncovered a malicious e-mail message with a rogue PDF attachment that urged recipients to open the document. "Want to improve your score? In these golf tips, David Leadbetter shows you some important principles," the message read.

Leadbetter , a well-known golf coach and author on the game, operates more than two dozen golf academies in 13 countries, and claims the title of "master of the art of teaching the golf swing."

Symantec pegged the threat with a score of 8.5 out of possible 10, while Danish vulnerability tracker Secunia rated the vulnerability as "Extremely critical,"its highest-possible threat level.

According to a Symantec, the bug is in Reader's and Acrobat's parsing of PDF files that contain malformed TIFF image files. Specifically, said the company in an alert to customers, "the issue occurs due to a heap-memory corruption issue in 'cooltype.dll.'"

CoolType is an Adobe font-rendering technology, similar to Microsoft 's ClearType.

Adobe did not spell out a timetable for patching the Reader/Acrobat zero-day vulnerability, nor did it offer users any ad hoc defensive measures they could employ until a fix is ready.

The next regularly-scheduled patch date for Reader and Acrobat is Oct. 13, but Adobe has been known to issue so-called "out-of-band" emergency updates when active attacks spike.

An Adobe spokeswoman hinted that the latter could easily occur. "With exploit code publicly available, [the current limited-only attack] could change," she said, talking about the exploit that Parkour has posted online.

Parkour has not released the exploit publicly, however, but has password-protected the malicious PDF she discovered, and will release it only to people who e-mail her.

Symantec urged Reader and Acrobat users not to open PDFs from untrusted or unknown senders.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Topic Center.PDF viewing and creation software.

Saturday 25 September 2010

'Here you Have' Virus Tries to Delete Your Security Software

Anti-US Hacker Takes Credit for 'Here You Have' Worm

Hackers Exploit New PDF Zero-day Bug, Warns Adobe

Search This Blog.80,290 ARTICLES TO DATE

Donate using Paypal

Stat Counter

monthly visitors to site

Current Events and Weekly Recordings, Interviews, Conversations

Global Government Confirmed!

Connecting the Dots...E.U RULES, REGULATIONS, DIRECTIVES and Comments.

Global Government Confirmed!

THE ERA OF MADNESS. Occupied territory of the UK.THE PEOPLE WILL BE AT WAR WITH THE GOVERNMENT.

we want our referendum

Oppression of Christians World Wide.

Antisemitism-Incidences World Wide.

swine flu alerts and updates

Announcement on the future of Britannia Radio

About Britannia Radio

Welcome to our site. We bring you an alternative early warning service, joining the dots of Geo Politics - alerting you to what is in store for us all if we do not wake up and unite.

The site provides sourced, named articles, reported in the world wide press and the alternative media, presenting an overview of global events.We bring you:

Weekly News Review, Recordings, Interviews & Conversations.We have sections for:

Videos to Watch from the UK and across the world.

Also available:

Access to Links and Daily Newspapers.

Over 25,000 current and archive articles in our Search facilities.We have added new pages which include:

Ecological Matters, Chinese Blog, Religion, Health Watch, Larf out Loud and the seperate britanniaradio.blogspot.com

We are in the process of setting up a live internet radio station to come on line, when your demand -demands it.

Our goal is to provide live interviews, news alerts and phone-in facilities but we need your help to make this happen!

To go live, we must attract 4000-5000 visitors per day.

So, please recommend this site to as many people as possible, submit research material and make donations.Make it grow and make a difference!Contact us by email at info@britanniaradio.co.uk

Current Weekly News Reviews

Archive

Links

Videos to view

Current Health Watch

Current Ecological Matters

Current Larf Out Loud

Current Religion

Conversations to remember

Chris Everard. Controversial? Yes Definitely. Thought Provoking? Undoubtedly! Four weekly interviews1a: Secret Societies; Illuminati.click to listen1b: Spirit Worlds; Illuminati.click to listen2: Royalty,EU,Space Programmes.Very Revealing!click to listen3:Magicclick to listen

Subscribe To

The site provides sourced, named articles, reported in the world wide press and the alternative media, presenting an overview of global events.

We bring you:

Weekly News Review, Recordings, Interviews & Conversations.

We have sections for:

Over 25,000 current and archive articles in our Search facilities.

We have added new pages which include:

So, please recommend this site to as many people as possible, submit research material and make donations.

Make it grow and make a difference!

Contact us by email at info@britanniaradio.co.uk

Chris Everard. Controversial? Yes Definitely. Thought Provoking? Undoubtedly!
Four weekly interviews
1a: Secret Societies; Illuminati.
click to listen
1b: Spirit Worlds; Illuminati.
click to listen
2: Royalty,
EU,
Space Programmes.
Very Revealing!
click to listen
3:Magic
click to listen