You ‘installed’ a work around? Or did you simply execute it?
I excuted the Fix it
Hi malware fighters,
Adobe should do something for security = disable javascript by default: http://www.sophos.com/blogs/gc/g/2010/06/30/adobe-disable-javascript-default/
polonus
Hi malware fighters,
How the MS help-and-support-hole is now actively being exploited: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx
polonus
Most dangerous sites for trojan, watch here regularly: http://blog.urlvoid.com/dangerous-websites-used-to-spread-trojans/
Also visit this site for this week’s top threats online: http://wam.dasient.com/wam/infection_library_index
polonus
I’m not convinced Microsoft Help and Support is altogether secure in any regard at the moment. For XP anyway.
I posted a while ago - ‘And partly because for the first time I am having update problems with IE (the kb979909 issue, which is .NET downloads), if I don’t solve soon and with easy method (no uninstall) then I will probably post the problem to the forum’.
Well still having a few problems on one of my systems. I have opened a new topic to outline the isuue.
Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885) convinces me the protocol isn’t secure. The protocol can be exploited by any malicious or hacked website.
If you’re using XP or Server 2003, enable the FixIt, NOW.
I am making some progress -
[b]Technical Information (Analysis)[/b] Trojan:Win32/Orsam!rts is a name used for trojan detections that have been added to our signatures after advanced automated analysis.The generic nature of this detection means that the malicious behaviors exhibited by files detected as Trojan:Win32/Orsam!rts are highly variable and may vary from once instance of this detection to the next.
No further information is currently available on this threat. However, should we receive a significant number of reports, then a specific detection will be added to our signatures and a detailed analysis will be added to the encyclopedia.
Thanks for all the replies.
I decided to install the FixIt!
Best wishes,
Avastfan1
Hi malware fighters,
Watch out for the most aggressive malware attackers: http://mtc.sri.com/live_data/attackers/
polonus
I seem to have solved my issue concerning updates to .NET Framework.
I’m sorry but I cannot inform whether had anything to do with ‘Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)’, despite my suspicion that something had gone amiss in Microsoft Update routine. Ultimately, I reinstall / upgrade Windows Installer using the following link -
Then I installed the remaining .NET downloads. The install process seemed labored but did complete with KB974417 being the final install. I was informed by Microsoft Update that I had hidden this install for the time being, something which I cannot recall doing, or in fact do not know how to do. (but in the heat of a moment I may have been presented with an option and followed the recommendation).
Now for Trojan:Win32/Orsam!rts -
figuring I had an MS issue and so could be solved by MS itself, I downloaded and ran Microsoft Security Essentials, which generated the orsam detection when I chose to run the Internet Explorer browser at one stage. As far as I can tell - but almost certainly - the orsam detection was a False Positive generated by having both MSE and avast!antivirus running as resident on the same system.
Mis-placed notice :
http://forum.avast.com/index.php?topic=50356.msg426510#msg426510
It had to happen sooner or later … and it has been later than I thought it would be.
These have always been insecure applications.
Hi malware fighters,
New 0-day in IE8: http://reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1
A design error in the browser: http://www.securityfocus.com/bid/41247/info
POC: http://reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1
pol
Hi malware fighters,
Microsoft to end security support for Windows XP Service Pack 2 · Hackers’ nirvana on horizon as Microsoft ends security fixes for XP SP2: http://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patching/
polonus
See this
Hundreds of millions of vulnerable PCshttp://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patchingA service pack is a collection of updates, feature enhancements and security fixes delivered in a single download. Microsoft released SP2 in August 2004 mainly to beef up security. Then in April 2008, the company released SP3 with less fanfare, recommending that all XP units be updated. Yet more than two years later, thousands of companies worldwide have not yet done so.
The USA is quite high on the most vulnerable list of infected systems. :o
Hi YoKenny,
Yep, and what if there is a console with “embedded Windows XP2”, and someone plays an encoding smart card
trick there; how irresponsible can admins and security staff be, “infantilisized” by society around them and brainwashed alike to accept such insecure systems and not upgrade,
polonus
I know
Insanity: doing the same thing over and over again and expecting different results.
Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning.
Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.
Albert Einstein
Hi Kenny & polonus,
nice info, nice map, nice quote…! 
I stumbled over admins with no knowledge at all, just doing the same what the ‘learned’ years before… :
asyn
Week in review: YouTube, iTunes, The Pirate bay hacked, Facebook scams and Twitter kits
Here's an overview of some of last week's most interesting news, interviews and articles
http://www.net-security.org/secworld.php?id=9558
nmb
Yeah, all the Jason Bieber videos were hacked through cross-scripting (XSS) vulnerability, replacing comments with big red words.