In McGlure’s demo, he accessed his customized website using IE-6, which is vulnerable to the attack and showed how the exploit is downloaded to the machine, saved, decoded, and ran. Exploits like these make it really scary for everyone because it does not even require the end user to perform anything such as clicking or downloading something.

To make things worst, the downloaded file was a jpg (or could be gif, png). To some, it could be an image file. But it is actually an executable file. The process is automatic. The jpg file is downloaded, repackaged, and then the binary is executed. The payload could be anything as installing a backdoor Trojan that sits in your computer to steal information, or it could be a nasty virus that wipes out your entire data.

While I’ve been stressing enough to everyone to be very aware about clicking links from emails or visiting suspicious websites, sometimes at the end of the day, it boils down to your system protection. What are your protections, walls, or shields from this evildoers? Do you have your system locked down, or updated, or patched?

PATCH. One best thing really to do is to patch your system so you are not vulnerable. Today, Microsoft released an out-of-band security patch to addressed this 0-day vulnerability. I highly recommend you to install this patch as your first line of defense. Here is the link: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx. Again, do not install any third-party patches. Trust only the one that comes from Microsoft. Currently, I am attending the Microsfot’s Out-of-Band Security Release bulletin webcast, which they covered what is included in this patch.

BROWSE. It is also discovered that other versions of IE, not only IE-6 could be vulnerable to this attack. So, it is not a bad idea to use an alternate browser like Firefox, Opera, or Chrome. I might also include your favorite email clients such as Outlook can easily launch the attack too, since email is displayed in HTML. So be aware of all the doors where this attack can get in.

DEFENSE. For home users it is highly needed you have an antivirus software and an up-to-date virus definitions. Having host firewall or IPS also adds more layer of protection. In corporate world, taking advantage of the powerful features of your Firewall, Proxy, nIPS, hIPS, and your Antivirus is very crucial.

Inline proxies can block those file download that are suspicious or deemed infected, thereby, protecting the corporate users behind the proxies. With a good signature and inline IDS, you can also block or drop these attacks or traffic. And an updated Antivirus can catch this before it can wreak havoc. Multiple line of defense implemented correctly give you and your company a better protection.

So again, download and install the patch now, it is available from the link above; update your antivirus – protect yourself!

Haiti Earthquake Landslide

The recent earthquake disaster that struck Haiti is sometimes unbearable to watch. With an estimate of 80,000 death and rising or 200,000 according to Haitian government. The damages sum up to billion of dollars. It is indeed a disaster that melts your heart in pity.

More than 5 years ago, a colossal disaster hit Indonesia and other parts of the world with an earthquake in the Indian ocean that caused huge and deadly tsunamis in Indonesia, Sri Lanka, Africa, and other countries. All of these sad stories easily spread out the Internet, including heart-touching pictures.

These stories always touch the heart of many. And this is exactly what bad guys take advantage of. In a previous post about Phishing, we’ve uncovered how it works. This is what these scammers is going to use again to exploit vulnerable people. So again, BEWARE of these scam emails asking for donations to help Haiti Earthquake victims. They can appear legitimate but always ensure that you do not click on any link they provide.

Example below is a capture from McAfee’s blog of what could be a similar scam email to lure to donating money to them. This one is from a French origin.

Haiti Scam email

Last week the United States FBI released an immediate warning and reminder to Internet users to be very diligent and apply critical eyes in responding to emails asking for donations of the aftermath of the Haiti earthquake. I’ve outlined below with their guidelines:

“Before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the IC3 via www.ic3.gov.”

Protect yourself against scammers!