createTextRange vulnerability in IE: Disable Active scripting or use another browser

The flaw is caused by how Internet Explorer handles createTextRange tags, and could let malicious software run and install itself. Microsoft has not yet offered a patch, though it should be on the April 11 updates. Numerous websites have been identified that exploit the vulnerability. In a recent article from CNet it is reported that e-mail spams containing excerpts of BBC stories are being sent out, and readers are redirected to forged BBC webpages. Once the infected site is visited, a keylogger is pushed into the system, and user information like usernames and passwords are captured and collected.

Until the patch is released, users of Internet Explorer could do the following:

Disable active scripting:

1. On the IE browser, click on Tools and select Internet Options
.
2. Click on the Security tab, click on Internet and then select Custom Level
3. On the Security settings look for Scripting. Set Active Scripting to either Disable or Prompt. Click OK.
4. Now back to the Internet Options, Click Local intranet, and then Custom Level. Repeat step no. 3.

Download and Use another browser :

Use Firefox or Opera as your browser.

Update:

Microsoft has released a cumulative patch for IE, which is found in the Microsoft Security Bulletin. Together with the April 11 IE updates are patches for MDAC, Outlook Express and Frontpage.

Stories and Reactions to the Windows Vista Delay

Microsoft's announcement of another delay in the release of Windows Vista definitely made it to the tech headlines, as many anticipated the appearance of a Windows XP replacement before the end of the year. The move makes Windows Vista available to businesses November of this year and to the general public come January 2007. Here are some of the news items centering on the Windows Vista delay:

1. What's Really Behind the Windows Vista Delay? (from Microsoft Watch)
2. Windows Vista delay: Good news for Apple? (from Computerworld)
3. Understanding Windows Vista's Delay (Yes, Another) (from Microsoft Monitor Blog)
4. Microsoft tumbles, but setback seen as temporary (from CNN Money)
5. Windows Vista delayed on quality, security concerns (from Security Focus)
6. 60% Of Windows Vista Code To Be Rewritten (from Smart House)
7. Microsoft: No Vista Code Changes (from Beta News)
8. Microsoft Shares Drop on Windows Delay (from Yahoo! News)
9. Vista Slip to Boost Linux Says Red Hat (from Computer Wire)

Truth be told, it is Writely Google!

Google just acquired Writely, the widely used web-based word processor, to the delight of both Writely and Google users. Why? Well it solidifies Writely as a web application and answers the question of until when they can offer the service for free. For Google fanatics, this gives validation for the GDrive "unlimited?" storage, and may progress into other services that provide web-based office productivity solutions. Of course they have e-mail and soon will be coming out with the calendar, but the killer suite would need to have a spreadsheet and a presentation program (like thinkfree?).

Resources:

1. GoogleBlog Article
2. Writeley Blog
3. Writely.com
4. Thinkfree Online Office

Disclaimer: Google and Writely logos where used only for the purpose of presenting the article.

Brontok e-mail worm

I recently had an encounter with an infected Windows XP Pro with SP2 machine which annoyingly restarted whenever a download was initiated and opened on the default browser the link about Brontok.A. The page that was appearing had the following text:

BRONTOK.A [ By: H[REMOVED]Community ]
-- Hentikan kebobrokan di negeri ini --
1. Adili Koruptor, Penyelundup, Tukang Suap, Penjudi, & Bandar NARKOBA
( Send to "NUSAKAMBANGAN")
2. Stop Free Sex, Absorsi, & Prostitusi
3. Stop (pencemaran laut & sungai), pembakaran hutan & perburuan liar.
4. SAY NO TO DRUGS !!!
-- KIAMAT SUDAH DEKAT --

This was my clue, so I searched for the brontok.a reference, and came up with the following aliases for the e-mail worm that had infected the system when the user opened a certain e-mail attachment.

A.K.A. : Email-Worm.Win32.Brontok.a (Kaspersky Lab) is also known as: W32/Rontokbro.gen@MM (McAfee), W32.Rontokbro@mm (Symantec), BackDoor.Generic.1138 (Doctor Web), W32/Korbo-B (Sophos), Worm/Brontok.a (H+BEDV), Win32.Brontok.A@mm (SOFTWIN), Worm.Mytob.GH (ClamAV), W32/Brontok.C.worm (Panda), Win32/Brontok.E (Eset)

An Anti-virus was present on the system, but was not updated (lesson no. 1 !!!), and scanning the system did not find anything. Apparently, upon infection the virus creates registry keys that enable it to run at startup, and edits and sets registry entries that disable the use of regedit, msconfig, folder options, etc. (More info from Sophos.)

On the Sophos website, there is an available removal tool, but running it did not remove the worm variant. Badly enough, there was no anti-spyware software on the system, and downloading was not an option as the system would restart at every attempt to download one. The Anti-virus software was also unable to do auto-update. I downloaded Spybot from a different machine, and was able to install it on the infected one. It found and reverted changes made to the registry by the virus. Now this allowed the Anti-virus software to update itself and on restart was able to clean the machine after scan.