Investigators have found that it is likely that the fatal crash of Spanair Flight 5022 in 2008 was caused by a malware infection. It was determined that central computer system that monitors the aircraft systems for malfunctions was infected by a Trojan Horse. This infection evidently interfered with the ability of the computer system to flag an unsafe takeoff configuration, and the aircraft crashed seconds after becoming airborn.

The exact source of the infection has not been determined, but the investigation continues, and hopefully it will be pinpointed.   Investigators believe that the infection may have entered through a USB port or a VPN connection.

Aircraft rely more and more on computers and these critical systems need to be hardened against infection, and procedures need to be established and followed to insure that malware never has a chance to infect any such system.

Source: http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security

FaceBook is very popular and there are about 400 million FaceBook users around the world.  Experts believe millions of users will fall for this attack and get infected.  Yes, that’s right – millions of FaceBook users will be infected by this targeted attack.

Unfortunately, 400 million users makes for a big opportunity for delivering malicious software.  Hence, Inboxes all over the world are being flooded with SPAM that is trying to induce FaceBook users to click on an attachment.  This attachment installs Trojans and other malware that is very dangerous to the computer user.   And unless their security software catches it, they will have no idea it is on their computer.

Our advice:

• Never clink on any link or open any attachment in any email that warns of dire consequences – be it about FaceBook or your bank, or anything else.
• Keep your anti-virus software up-to-date.
• Periodical scan your computer with a tool specially made for finding and eliminating malware.  One of the best is MalwareBytes Anti-Malware freeware version, which can be downloaded from http://www.malwarebytes.org/

Microsoft is working furiously to fix a deep vulnerability in Windows. This vulnerability has affected lots of third party software vendors, and has hit Adobe Reader particularly hard. 

This vulnerability is being very actively exploited in the wild, both through infected email and through infected web sites.  It is propagated via infected .pdf files.   Therefore it is very important to download and install the latest patch to Adobe reader.  We advise all readers to check to see if they have Reader version 8.1.1, and if they don’t, to install it immediately.

Also, look for a patch from Microsoft in the near future.    We predict Microsoft will issue a patch ASAP, and not wait for their normal second Tuesday update cycle because this vulnerability is so important to get plugged.

For more information:

http://www.theregister.co.uk/2007/10/26/microsoft_scrambles_to_fix_windows/

Computers that have been compromised and turned into remote control attack machines, otherwise known as Zombies, are becoming a significant problem.

These compromised computers are being used to attack a variety of Internet servers in a number of countries. These attacks can shut down web sites by overloading their servers with traffic.

For more information:

CypherTrust.com is a good source of information about Zombies and other security threats.

Your Mama always told you, “Don’t accept candy from strangers”.

Well, don’t accept e-cards from strangers, either.

And your Mama would tell you the same about e-cards, if she knew what was in them.

You see, they are likely to make your computer sick.

Sick as in virus infection. Way bad.

An new round of malicious e-greeting card spam is landing in in-boxes. It usually has the subject line “You’ve received a postcard from a family member!”

Whatever you do, do not open these spam emails, and do not click on the links.

If you do, you will be taken to a malicious web site that will attempt to install a variant of the Storm Trojan horse.

“Today’s greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed “the Hail Mary” by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.”

Source: ComputerWorld

This demonstrates the importance of updating all software to the latest versions. In this case, QuickTime WinZip and Windows are the targets. Users who have updated to the latest versions are protected.

And of course, it demonstrates the importance of being suspicious of all email that lands in your inbox.

One of the benefits of “virtual machine” software, such as Sandboxie and Greenborder and others, is that they purport to protect a Internet user form malware infection by containing the infection to the “virtual machine”.

We do recommend the use of such software, but users should be aware that virtual machine software is not invulnerable to exploitation, just as is any complex piece of software. Users should be careful to update these programs whenever updates are offered, as they may fix security vulnerabilities.

Source:
http://googleonlinesecurity.blogspot.com/2007/05/on-virtualisation.html

Google researchers have found malware lurking in 450,000 web sites, out of 4.5 million sites studied…. An amazingly large percentage.

Correction: Google researchers have clarified and revised their statements and it turns out that out of the Internet as a whole, they estimate less than 0.1% of web sites attempt to infect visitors with malware. Their original statements were speaking of a “subset” of risky sites that contained the much higher percentage of malware.
Source: http://news.com.com/8301-10784_3-9721866-7.html

Many of the attacks focused on security defects in various programs that have Internet access. This is why updating those programs is critical to maintaining a secure computer or computer network.

Besides the obvious programs. such as Internet Browsers, don’t forget to update programs such as QuckTime, Flash, Real Media, Microsoft Office, Outlook Express, Adobe Reader and all your anti-virus and anti-spyware programs, etc.

Many users don’t even know they have QuckTime and Flash and many of these other programs on their computers.

For more information:
http://news.com.com/8301-10784_3-9719590-7.html?tag=head

A new Trojan horse attack has been identified in the wild, named Trojan.Kardphisher by Symantec. This Trojan horse uses *very* clever social engineering to steal the credit card numbers from users.

If infected, you will be presented with a very realistic looking warning that your copy of Windows has been activated by another user, and you will be asked to enter personal data including a credit card number, in order to re-activate your Windows license. It tells you that your credit card is basically for identification purposes only and will not be charged. (Rest assured, it will be charged.)

This Trojan takes full control of your computer and renders it unusable. It blocks the Task Manager, so you cannot end it’s process. If you do not enter your credit card number, your computer will shut down immediately.

For more information:

http://www.symantec.com/security_response/writeup.jsp?docid=2007-042705-0108-99&tabid=1
or
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018645&source=NLT_PM&nlid=8

The storm worm remains very dangerous and is the most prolific SPAM in recent history.

It’s success is undoubtedly related to the clever social engineering that it uses to entice people to open the attached .zip file.

It warns the user that their computer is infected and their email will be cut off if they don’t install the attached “patch”.

Ironically, the “patch” actually installed the Storm Worm Trojan, and the user will indeed be infected.

For more info please refer to the Computer World article.