Nasty "Trojan horse" exploit already out for high priority Microsoft fix
Microsoft yesterday took the non-typical step of issuing an update for most of their operating systems "out of band" - meaning not at the usual time of month. This particular exploit they are patching affects anything except Windows 95/8 it seems
If you don't have automatic update on - or have it on but only to download files, then I urge you to do the update now. It may take doing the update twice to get all the latest patches plus this one high-priority update, I know it did on the one and only Windows Server I look after for Hancock Wildlife.
http://isc.sans.org/diary.php?storyid=5227
http://security.blogs.techtarget.com/2008/10/24/worm-exploiting-ms08-067-rpc-vulnerability/
This exploit affects especially any machine that does not have a hardware firewall between it and the internet but having a firewall won't necessarily save all your machines if you take a laptop out and it gets infected - or if you open an e-mail that has the infection in it.
---------------
I'll also note that there is a huge number of spam messages coming in with ZIP file attachments purporting to be anything from courier waybills to "information you asked for about your account" - and since the messages are short they are not getting tagged as spam by many engines. Even if you are expecting something (as one of my customers was who opened one of these and has had to get a whole new operating system installed) check with the sender to verify that they did indeed send a zip file and it is what you expect before you open any message.
Attachments are always suspect, no matter what they are - but zip files can contain programs that are directly executed as soon as you view the contents of the zip in many e-mail programs.
---------------
It also appears that there are more greeting card messages coming out too - got a whole slew of them myself and none of them were genuine.
be careful out there!!!
richard
What's Related