September 07, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Update Adobe Reader Immediately!!! | Main | Critical Patches Issued for Excel, Outlook and Windows »

January 08, 2007
Microsoft Office Helping Spread Bot-Nets

The MS Office programs Excel, Outlook, PowerPoint, and Word are proving to be one of the main beachheads hackers use to gain control over computers and add to the growing bot-net problem. As reported by Brian Krebs on his Security Fix blog, an attack last month against a US based public utility came as a PowerPoint document of heartwarming reflections intended for the holiday.

Apparently, this much forwarded greeting, which had already been making the email forwarding rounds, was picked-up by what is believed to be a China based hacker syndicate, and the greeting was left totally intact, but the file was encoded with malware that would give control over the machine to anyone who opened the file. What’s most worrying, the PowerPoint files was not picked up as bad by the utility's anti-virus filter.

The attack is just another example of what is developing into one of the biggest problems for Microsoft. Microsoft patched a total of 41 critical vulnerabilities in Office products last year, accounting for 1/3 of all of Microsoft’s patches. Even more worrisome, none of the patches last year corrected three remaining vulnerabilities in Word, two of which Microsoft has noted hackers continue to actively exploit.

Therefore, this warning from Microsoft should be closely adhered to: "Do not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources."

On another MS note, Microsoft’s unwillingness to acknowledge widespread weaknesses in any of their software, as well as their continuance to adhere to a somewhat outmoded monthly patch schedule, means that for 2006, Brian Kreb calculated that Internet Explorer was unsafe for 284 days last year, which means MS Explorer was only safe 22 percent of the time spent surfing the internet.

I guess that means you can surf the internet anytime you want, but you can only do it safely 22 percent of the time. That, then, is a computer catch-22.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1152

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
The Future of Application Servers in the Enterprise & IBM WebSphere Application Server V7
Date: Sep 10, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
How to Get a BPM Initiative off the Ground
Date: Sep 16, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map

Live Chat