Security | ITexpress

Its rare to find a PC user who hasn’t suffered from a virus infection at one time or another. Although Windows is very resilient to viruses nowadays the growth of websites like Facebook have opened up a whole new bunch of threats, as some of the popular links can be hosts for various nasty pieces of software.

A story from Reuters today reports that virus infections from a gang of hackers operating on Facebook’s site have ceased, once the hackers were named. This from Reuters;

until the new disclosures, the Koobface gang had continued to target other social networks as a long-running FBI probe failed to result in arrests in Russia.

Koobface spread primarily through captured social networking accounts that prompted friends to install software to view a video. Initially content with small-scale advertising fraud, the group had also begun to distribute more pernicious software, including the Zeus trojans for bank-account theft, according to another researcher collaborating with Facebook, Gary Warner of the University of Alabama-Birmingham.

Remember, when clicking links on sites like Facebook and Twitter, they are not necessarily safe. It isn’t a case of keeping your security software up to date, because all these links will ask you for permission when doing anything to your PC, and most people will give that permission and allow the attack to happen.

Microsoft is preparing to release an out-of-band security fix for the ASP.NET flaw reported earlier this month.

The company admitted to the problem in a security advisory on 17 September, in which it suggested a workaround that companies should apply “immediately”.

Microsoft will now post an out-of-cycle patch for the vulnerability, given its critical nature.

The flaw exists in all versions of ASP.NET 2, and Microsoft recommends that customers apply the patch to prevent attackers compromising ASP.NET applications.

Wolfgang Kandek, chief technology officer at Qualys, echoed this advice, urging companies to install the patch as soon as it becomes available.

“IT administrators should first focus on web servers that do not have the workarounds implemented,” he added.

The flaw gives attackers access to information found in the web.config file, which could be sensitive, and allows for the interception of other material sent to any client machine.

Microsoft updated its reference pages about the flaw at the end of September, and said that it is aware of a number of “limited, active attacks”.

Affected software includes Windows XP, including SP3 and Professional, Windows Server 2003 and 2008, Windows Vista and Windows 7.

Microsoft’s Security Bulletin Advance Notification for September 2010 warned that the ASP.NET flaw can lead to information disclosure.

Category: Security

Virus infections stop after suspects named

Microsoft Readies New Patch to fix ASP.NET Vulnerability