Millions hit by computer virus

TIM UTTON, Daily Mail

The internet was under attack last night by the fastest-growing computer virus in history.   Worldwide systems were buckling after the 'Sobig.F' spread to 134 countries in just 96 hours, generating tens of millions of e-mails.   Experts fear it could increase the volume of electronic traffic by a staggering 60per cent, slowing the internet to a crawl.   It is believed to have cost British businesses alone hundreds of millions in lost orders and system crashes. The global cost will be immense.   Individual companies have been bombarded with millions of copies of the virus, while home users have seen their machines "jammed" by up to 6,000.   The PC World chain said tens of thousands of customers had brought in computers to be "cleaned" by technicians.   Experts say Sobig appears to have been written by senders of "spam" - unwanted junk e-mail - trying to find ways past internet filters which block their messages.   The new digital onslaught comes hard on the heels of two other major viruses, Blaster and Nachi. "This is the worst barrage of viruses in the history of computing," said Graham Cluley of Sophos Anti-Virus.   "Even companies who are properly protected are feeling a slowdown. "Sobig. F is the fastest-spreading virus of all time and if it carries on at this pace for a few more days it will become the most prevalent too."   MessageLabs, a British-based Internet security firm, said it had intercepted more than a million copies of Sobig.F in 24 hours, more than for any other virus.   One in 17 of all e-mails sent since Monday was infected. By comparison the 'LoveBug' virus, which hit the headlines three years ago, was found in one in every 28 e-mails at its height.   Sobig.F spreads when unsuspecting users open attachments in e-mails that contain such headings as "Thank you", "Re: Details" or "Re: Wicked Screensaver".   It sends multiple copies of itself to every name in a person's address book - so each infected machine can spawn hundreds of e-mails.   Sobig.F also tries to implant a background program which turns computers into a relay for any messages sent by the virus's creators - greatly increasing their earnings.   Experts advise users to keep anti-virus software up to date, never open an e-mail attachment unless they know what it is and delete uninvited e-mail - particularly from an unknown sender.   Mr Cluley said even e-mails which seem to come from friends or colleagues should be treated with caution.   For anyone whose computer has been infected, the advice is to go to the website of an internet security company like Symantec, FSecure, Sophos, Message Labs or McAfee. Fixing programs are also available from Microsoft. Read more: http://www.dailymail.co.uk/news/article-193396/Millions-hit-virus.html#ixzz3JdawxTy5 Follow us: @MailOnline on Twitter | DailyMail on Facebook

Microsoft Updates for November 2014

TechTarget has leased an article outlining the Windows updates along with the benefits of installing them. We strongly recommend installing them as soon as possible. Microsoft's monthly Patch Tuesday releases had been unremarkable for most of 2014. A busy October iteration saw activity pick up though as four zero-day vulnerabilities were addressed, and now the November Patch Tuesday batch has delivered the heftiest patch haul of the year, with four critical fixes and 14 total bulletins. The most pressing bulletin in this month's release, MS14-064, features a fix for CVE-2014-6352, which describes a vulnerability in the Windows Object Linking and Embedding (OLE) packager that Microsoft said has been used in limited attacks. If exploited, the flaw can be utilized by attackers to take complete control of a system remotely. Amol Sarwate, director of engineering for Qualys Inc., based in Redwood City, Calif., said that attackers have been spotted using malicious PowerPoint presentations to exploit the issue described in CVE-2014-6352, though users could also be tricked into visiting websites hosting exploit code. If that vulnerability sounds familiar, Sarwate said it's because the flaw originally stemmed from weaknesses related to MS14-060, a bulletin issued in October that was meant to mitigate CVE 2014-4114 -- the so-called "Sandworm" OLE vulnerability. According to an October blog post by researchers with Intel Corp.'s McAfee business unit, those who had installed the MS14-060 fix were inadvertently put at risk. After realizing that the bulletin was incomplete, Microsoft provided a "Fix it" tool to temporarily mitigate the issue as part of Security Advisory 3010060, though the new patch should fully address any lingering issues. "Whenever an exploit is used in targeted attacks, it's pretty easy for other exploit writers to reverse it and writer their own exploits," said Sarwate, adding that implementing MS14-064 should be the chief priority for administrators this month. "Who knows, someone may have already reversed it and is already targeting some other person of interest." Craig Young, security researcher for Tripwire Inc., based in Portland, Oregon, said that the next most important patch this month is MS14-066, which addressed a privately reported vulnerability in Microsoft's Secure Channel (Schannel) security package -- essentially the company's internal version of SSL/TLS. The Microsoft bulletin stated that the Schannel flaw, CVE-2014-6321, was the result of "improper processing of specially crafted packets." If successfully exploited, Young said the flaw could allow unauthenticated attackers to execute arbitrary code on desktop systems with RDP-enabled Web applications using IIS for HTTPS, and many other Microsoft products. Between Heartbleed and Shellshock, Young noted that 2014 has already been a banner year for SSL vulnerabilities, but CVE-2014-6321 may yet be the worst of the bunch because of the large number of systems potentially affected. As a result, Young said that some admins should consider MS14-066 a higher priority than this month's cumulative Internet Explorer patch. "Heartbleed was less powerful because it was 'just' an information disclosure bug and Shellshock was remotely exploitable only in a subset of affected systems," said Young. "Fortunately, Microsoft's assessment is that reliable exploitation of this bug will be tricky. Hopefully, this will give admins enough time to patch their systems before we see exploits." Out of the two remaining critical bulletins this month, Sarwate said that MS14-065, the cumulative IE patch, should be the priority for most organizations. The bulletin addresses a total of 17 unique vulnerabilities across all supported versions of Microsoft's Web browser, the most severe of which could allow attackers to gain the same privileges as a current user and to remotely execute code. This month's final critical bulletin, MS14-067, addressed a private vulnerabilities across several supported versions of Windows and Windows Server that could allow arbitrary code to be executed. The flaw is the result of Microsoft's XML Core Services (MSXML) improperly parsing XML content, and can be triggered by attackers tricking IE users to visit malicious websites. Though the November Patch Tuesday is the largest of 2014, Microsoft's original release plan actually included two more bulletins -- MS14-068 and MS14-075 – that didn't make the cut. MS14-068 was meant to be a critical bulletin that addressed an undisclosed flaw in Microsoft Exchange. Tyler Reguly, manager of security research and development at Tripwire, said that while Microsoft commonly pulls unfinished patches as part of its QA process, it is odd for the numbering used for the bulletins to remain unchanged. "This means that we'll likely see both of these bulletins released next month, and they will be out of order from the other bulletins," said Reguly. Out of the remaining 10 bulletins in the November 2014 Patch Tuesday release, eight were rated as important and two as moderate. The vulnerabilities included in those bulletins spanned the range of Microsoft's products, including Windows, Office, .NET Framework and Windows Server.

Microsoft ends retail sales of Windows 8

As reported on ZDNET.com Microsoft has reached the point where they are preparing to end sales of Windows 8. While computers will continue to be sold and supported with Windows 8 Microsoft will begin the process of showcasing the next operating system. Below is the link and entire article from Steve Ranger. http://www.zdnet.com/going-so-soon-microsoft-ends-retail-sales-of-windows-8-7000035347/ Windows 8 has passed the first milestone on its way to retirement after Microsoft ended retail sales of the operating system. As of 31 October, retailers will no longer be able to order more Windows 8 to sell beyond their existing stock, although it can still be bought installed on a new PC. The operating system went on sale just over two years ago on 26 October 2012, and Microsoft is already shifting emphasis to Windows 10, expected in the middle of next year. Also as of Halloween, Windows 7 Home Basic, Home Premium, and Ultimate are no longer be available to buy installed on PCs, according to Microsoft. In reality, as manufacturers and retailers still have large stocks of Windows 7 PCs, it will be some time before they become scarce. Sales of Windows 7 Professional will continue and Microsoft has said it will give a year's notice of the end of sale date. As the end of mainstream support for Windows 7 is due in January next year, it may mean, as Larry Seltzer argues elsewhere on ZDNet, that Microsoft will end up extending mainstream support for Windows 7. Also, it's worth noting that enterprise customers with volume licensing deals can still 'downgrade' to previous versions of the operating system they have licensed. No date has yet been set for when sales of Windows 8 via manufacturers will end — and Microsoft has said it will continue to support the operating system until January 2023. Windows 8.1 is still available at retail and no date has been set for the end of sales yet. Windows 8 was a significant departure from the classic Windows look and feel, bringing in a new tiled start screen that met with considerable opposition from businesses worried about having to retrain staff to use the new interface. As such, probably of more significance to business users is the news that some versions of Windows 7 are now no longer available to buy installed on new PCs from manufacturers. And of course, although Microsoft would be very happy to see customers moving to the latest versions of its operating system, users tend to move at a much slower pace. According to figures from NetMarketShare, Windows 8 and 8.1 together account for 16.8 percent of PCs connecting to the web, while Windows 7 has 53 percent of the market. The antique Windows XP still holds onto 17.2 percent market share.