Yet another "password reset" scam has been hitting the inboxes of Facebook users lately, warns McAfee. 

Sophos is intercepting a large number of malicious emails that have been spammed out around the world, posing as a new settings files for internet users' email systems. However, attached to the emails is a Trojan horse.

SOFTWARE HOUSE Microsoft has updated users of its Internet Explorer browser concerned about its latest vulnerability, and the advice is remarkably simple.

Security expert and researcher Aviv Raff has discovered a serious security vulnerability in Adobe’s Download Manager, which is capable of being exploited by hackers wanting to install and execute malicious content on the PC of a user. 

The Adobe Download Manager is used to install updates for the Reader and Flash software using Internet Explorer web browser and the vulnerability poses a serious threat to the PCs of the millions of users that use Adobe’s popular applications.

Adobe has released security updates for critical vulnerabilities in Adobe Illustrator CS4 (14.0.0) and Adobe Illustrator CS3 (13.0.3 and earlier versions) for Windows and Mac OS X.

Adobe has also announced that it will release security updates for Adobe Reader and Adobe Acrobat on 12 January to resolve a critical vulnerability that is being exploited.

The affected versions of the software are Adobe Reader 9.2 and Acrobat 9.2, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh, and Adobe Reader 9.2 for Unix.

Windows 7 must be kept updated

Mon, 21 Dec 2009

Windows 7 users should protect themselves with the latest security updates as hackers are quick to take advantage of any vulnerability, it has been claimed.

According to Panda Security, malware developers are set to switch their attention to the operating system over the next two years due to its popularity.

The firm says that practically every new computer comes loaded with Windows 7 64-bit, meaning criminals will be busy adapting malware to the new environment.

Tom Royal, deputy editor at home computing magazine Computeractive, said keeping Windows up to date with the latest security releases will be "absolutely vital."

He added: "No software or operating system is perfect and there are loads of people out there looking to exploit any possible weakness that's discovered.

"The bad guys move quickly to capitalise on any flaws, so it's vital to keep up to date with the latest patches and security updates".

Mr Royal noted that some security tools are now able to check for software vulnerabilities as well as virus attacks, something which "can be very helpful."

"Fortunately Windows can look after this for you and update automatically so it's not time consuming," he added.

Last week, security firm Imperva claimed that hacking activity will only increase over the next ten years, heightening the importance of data security provisions.

Full Article: Microsoft Small Business

Cybercriminals love to use social engineering techniques to trick users into installing their malware. One of the latest fake-alert variants attempts to trick users into believing the software is related to or hosted by McAfee: mcafeevirusremover.com.

I'm sure we've all had them, messages like 'Microsoft are going to stop free MSN messenger if you don't e-mail your support to this e-mail address' or 'You've received a private message on your ******** account from a secret admirer, forward me on xx times to find out who'.  Hoax messages like these can be malicious to the recipient, normally it is ways to find active e-mail addresses for spam lists or to aid in the spamming of a single company network.  This isn't always the case.

Trojan.Win32.Chydoilk is currently under investigation.

(Updates to follow when available)

Just a quick note - the sudden death of Hollywood celebrity Brittany Murphy last Sunday (BBC report here) has prompted a spike in searches on the subject - and of course, an SEO attack.

Users who click on a poisoned search result link will be redirected to a website that will display a scare message trying to panic users into downloading rogue AV software: