Do remain alert for a Trojan pretending to be an updated Windows Genuine Advantage Notification that runs as a service titled ‘wgavn’. The Trojan disables your Windows Firewall and adds a backdoor for further exploitation. If you decided to stop the Trojan, you get an on-screen message that doing so will cause system instability! The Trojan is being distributed via an AIM (AOL Instant Messenger) message with an embedded hyper link. I assume that it will break free soon to be distributed ‘in the wild’.
Another Trojan targets Microsoft PowerPoint by taking advantage of an hitherto undocumented vulnerability to open a backdoor. Trojan.PPDropper.B is, as of this column going to press, being distributed through an email with Chinese characters with a Chinese named .PPT file attachment originating from a GMail address.
Opening the PPT file causes the PPDropper to execute Backdoor.Bifrose.E, a keystroke logger that records keystrokes and transmits them to a remote server. PPDropper also injects a malicious routine into the EXPLORER.EXE process to overwrites the infected PowerPoint file with clean copy and erase infection traces. The flaw affects Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows Server 2003 and Windows XP. Microsoft will shortly be releasing a PowerPoint update to close the vulnerability.
I forget to include in the previous column information about a Microsoft Private Folders for XP add-in. This allowed Windows XP users to setup a private, encrypted folder on their hard drives or server disk profiles. This Private Folder required a user-password to reveal its contents. And would also add a Desktop shortcut for easy access. If left unused for a while, the Folder would backup changed contents then close automatically.
The Private Folder concept is available in Microsoft’s Windows 2000/2003 Server operating system. And at one level this was a great concept as the Private Folder approach ensures that file contents can’t be harmed by the many Windows virus variants. But from a system administrator’s perspective it’s difficult to monitor file being stored in the enterprise. The afore-mentioned server version allows the defined system administrator super-user access.
Unfortunately Microsoft’s very powerful Corporate user lobby cried foul and demanded the software be withdrawn. The company “received feedback about concerns around manage ability, data recovery and encryption, and based on that feedback, we are removing the application today. This change will take effect shortly.” Still you might want to try and download the utility before it’s lost forever.
So Notebook users this next utility while its H-O-T. A recent Windows XP SP2 USB update helps extend your battery life. But shutting off power to USB ports that have noting plugged into them. The update will prompt for a system restart.
Have you often encountered those annoying Thumbs.db files in file folders with images? Thumbs.db is a Windows 2000 SP4 and Windows XP feature that caches image thumbnails. I recently read the Riot Act to my company’s developers after these files were being uploaded to client web servers (from our predominantly Windows systems). Not that the files in question are a security risk (at least not yet). But they sure add up to lots of wasted bandwidth and consume server space (no matter how infinitesimal). The feature was a boon when most user computers were 300 MHz Pentium IIIs with less than 128 MB RAM installed. But doesn’t make that much of a difference on today’s RAM-rich, 1.5 GHz and higher processors. You can disable the function from Control Panel > Folder Options > View > check the option ‘Do not cache thumbnails’.
New Software this week includes yet another Opera weekly release build. Opera for Windows (Beta) 9.01 Build 8533 resolves a bug in the included M2 mail and news client so that the Empty spam command moves messages into the trash folder. M2’s IMPA component that has never been very strong, has been updated once again. And now images in email will open in a new tab when clicked. The build also resolves a Java Applet bug that caused a loading failure if the applet’s width and height were set to zero. The Search field now shows drop downs when you press the down arrow key.
There are also two Firefox builds available. The first is Firefox 2 Beta 1. And if you use the Portable Firefox 2 Beta 1 version, I recommend visiting the developer’s web site to download an update released on July 12, 2006. Do be careful when synchronizing data. I accidentally managed to over-write my Bookmarks folder. Not such a loss as I have a backup. But it’s still an annoyance.
The second is the definitely-in-Beta Firefox 3 code named Minefield. And believe me the name is apt. While this Beta introduces several new features its really unstable and not recommended for an early run. On both Windows and Linux it ran fine for a few moments but then would crash without warning. And would then fail to reinitialize until you deleted all its files including system settings. Meanwhile checkout a sneak preview of planned Firefox 2 Beta 2 features (many of which are available in the Minefield build too).
That’s it for this week. Next time I’m going to review Firefox 2 Beta 1 in detail. Until then Stay Safe!