We don't see that many Internet worms these days. It's mostly just bots and trojans. But we just found a new Internet worm, and it's spreading in the wild. The worm is called Morto and it infects Windows workstations and servers. It uses a new spreading vector that we haven't seen before: RDP.

RDP stands for Remote Desktop Protocol. Windows has built-in support for this protocol via Windows Remote Desktop Connection. Once you enable a computer for remote use, you can use any other computer to access it.

Let's compare the major computer operating systems at the moment. We have Windows XP, Windows Vista and Windows 7. We have various Linux distributions. And we have Mac OS X.

Of these, obviously Windows XP has the weakest security, by far.

And Windows XP has the biggest market share, too. Globally close to half of all computers still run XP.

And today, Windows XP is ten years old.

According to our friends at Commtouch, malware using Right to Left Override (RLO) Unicode tricks have "resurfaced extensively in the past week". Unicode character (U+202E) "reverses" text for languages that are traditionally read from right to left, and it's a feature that can be used to obfuscate file names.

We examined a sample a few days ago.

Here's the archive file viewed in Windows:

Hello Microsoft,

A partner of ours is feeling some pain. He's located in Central Europe and some of his customers have limited hardware budgets, and so… he ends up doing a lot of Windows XP SP3 installations. (Yes, we know, Windows 7 is cool, but the customer is always right, and you have to give them what they want.)

And here's where the pain comes in — Windows/Microsoft Updates.

There's a ton of post-SP3 updates and it takes a great deal of time to install them. It cuts into his productivity, i.e., his profit.

This month's Microsoft Patch Tuesday release set a new record. Microsoft released a total of 17 bulletins covering 64 CVEs, the largest number of patches in one month to date. While some users may have configured Windows to automatically apply updates in the background, many organizations must stage and test all patch deployments, which may seem daunting this month.

While doing some spam research a couple of years ago, we did a series of test purchases from spam e-mails.

We bought pills, software, cigarettes, et cetera. We were a bit surprised that almost all of the orders went through and actually delivered goods. Sure, the Windows CD we got was a poor clone and the Rolex was obviously fake, but at least they sent us something.

We were carefully watching the credit card accounts we created for our tests but we never saw any fraudulent use of them.

Author: Nick Blievers
TrustDefender Labs has just released its latest report for subscribers, distinguishing the myths and realities of Apple’s approach to defeating malware attacks to its Mac OS X operating system.

We now have confirmation for what we wrote in our previous blog post: Samsung is not shipping keyloggers on their laptops.

The whole saga was caused by a false alarm of the VIPRE Antivirus product. Apparently VIPRE detects the StarLogger keylogger by searching for the existence of a directory called "SL" in the root of the Windows directory. This is a bad idea.

Network World has published an article claiming that Samsung Electronics installs Windows keyloggers on their laptops by default. This caused an uproar, as even Samsung support appeared to confirm this, saying that the commercial StarLogger keylogger is installed by default to "monitor the performance of the machine and to find out how it is being used".

Yesterday, Adobe issued Security Advisory APSA11-02. The advisory states that:

"A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems."