Subscribe

The spy who loved me

This week, love gets ugly, PowerPoint sees a zero-day exploit, Microsoft releases fix ahead of patch, the US deploys e-passports, and lost laptops need to be declared.
By Ilva Pieterse, ITWeb contributor
Johannesburg, 29 Sept 2006

He loves me, he loves me not... PandaLabs` warning is to steer clear of e-mails declaring undying love in false virtual postcard messages.

Romeos and Juliets beware: e-mails proclaiming "I love you" carry the Dadobra.ND infection, a downloader Trojan and Banbra.CLQ, a banking Trojan designed to steal confidential data from online bank services.

Pointing power

But that`s not all. McAfee is warning of a new zero-day PowerPoint exploit that is being used in targeted attacks. It is also believed that Microsoft knew about this and quietly added protection for it in Microsoft`s anti-virus product a few days ago, but took no efforts to warn the rest of the security community or other anti-virus companies

Just in case, be sure not to open any .ppt attachments that were not expected.

Early patch Tuesday

Romeos and Juliets beware: e-mails proclaiming "I love you" carry the Dadobra.ND infection.

Ilva Pieterse, ITWeb journalist

Despite these miscreants, help is on the way. Microsoft has even released a fix ahead of its usual monthly patch to combat a serious Vector Markup Language (VML) flaw in Internet Explorer.

The number of Web sites hosting malicious exploits for the vulnerability grew multifold while scamsters sent out spoof e-cards leading users to many sites that dropped key loggers into user computers via the flaw.

The critical patch can be downloaded here.

US for e-passports

Despite the security issues surrounding this technology, the US is going ahead with the deployment of e-passport readers.

The Department of Homeland Security (DHS) has completed deployment of the first US e-passports at the San Francisco International Airport.

New US e-passports contain a 64-kilobit RFID chip with personal information about the passport holder. Both Black Hat and Defcon showed how simple it is to unlawfully "capture" this information, and it is also believed the readers can be cloned.

Less lost laptops

Finally, on a more positive note, steps are being taken to protect folks in the US against identity theft.

In an attempt to make the protection of citizen`s personal data a more serious issue, the legislation requiring all federal agencies to tell the public when they have data breaches of sensitive information has been re-introduced.

It is believed that government agencies have been careless with citizens` personal information, especially with regards to losing laptops and perpetuating privacy-compromising security breaches.

How long will it take for SA to follow this trend?

Sources used: PandaLabs, MicroWorld Technologies, SearchSecurity, The Register

Share