Technical Tidbits™

It’s the first time researchers – Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company – have seen the malware overwrite rather than mask itself as an update program.

This is very scary especially since most of our readers can’t tell the difference!

But don’t panic! Here’s how you get the malware according to the NetworkWorld article (see link below):

Users can inadvertently install malware on computers if they open malicious e-mail attachments or visit Web sites that target specific software vulnerabilities. Adobe’s products are one of the most targeted by hackers due to their wide installation base.

So, if you stay away from known harmful sites – in which your security software should be protecting you from anyway – and you don’t open links or mail attachments from strangers, you should be okay.

And I can tell you that my TrendMicro Internet Security Pro does protect me even when I don’t want them too! (SMILE)

To read the full article visit:  New malware overwrites software updaters.

I am shocked, nay appalled, that I’ve been out doing repairs, maintenance, and just overall visiting with friends and I see that they have NOT updated their JAVA and ADOBE Acrobat or Reader!

It’s not like I don’t have a Weekly Security Digest that tells you to update your Adobe. And it’s not like Java doesn’t pop up with its “Update Available” icon and reminder. But are you updating? NO!

And the two updates are related as there are public exploits available to take advantage of these flaws!

For those of you who are newer to the whole security thing, let me explain what I’m saying to you.

In layman’s terms, a vulnerability is a flaw or hole in a software.

An exploit is a way (method) to use that flaw or hole to gain access to a persons computer.

A public exploit means that a bunch of bad guys posted the way or method (exploit) on a public website where any hacker (bad guy) can see it and use it!

Now, put this all together and if you do not update your Java and Adobe products, you are subject to being a victim to these bad guys who learned how to get into your computer using a method they’ve gotten off a website and using it to access the flaw or hole in your software.

You maybe wondering how they do this?

They are doing it through a specially written (crafted) Adobe PDF. You may download it from a website that you think is legitimate. You might get it in an e-mail. You might even pay for it from a site that’s selling ebooks!

I can hear some of those more advanced readers saying, “WHAT?”

That’s right! Many of these Internet Marketer’s and fly-by-night affiliate marketer’s are using very unsecured sites and web hosts to host their make-on-the-fly websites! It is very easy for someone to hack the site and replace the e-book with a bad one! Think about that!

And if you’re in doubt, and want to see some of the more recent vulnerable (has a hole or flaw) scripts that are out there right now, visit our archive of the most recent Security Digest and view the “Other Vulnerabilities” section! Trust me when I say that this was a very mild week for web applications!

And while you’re looking it over, click the Join Our Mailing List button in the left sidebar toward the top, and sign up for the free month’s trial of the Digest! (There’s other FREE newsletters available there too!)

There is absolutely no reason why you should fall victim to these morons out there! We let you know what you need to do in our Security Digest and we even provide the link to the upgrades, patches, or fixes!

And for those of you who are more technical, or are the guru in your office or family, you’ll find the majority of the information very valuable because we put all the vulnerabilities in one place!

Did I also mention there is a section on current technical recalls?

Sales pitch done.

SIGN UP NOW and Update your JAVA and ADOBE READER NOW!

You can do this yourself!