Thunderbird 2.0.0.4 Released

Written by on June 14, 2007

Mozilla has released Thunderbird 2.0.0.4 which is primarily a security update. One security vulnerability was fixed along with one crash bug that had the potential to be a security vulnerability. In addition, support for Korean was added. A list of 21 changes is available at The Rumbling Edge.

The update is available through Thunderbird’s auto update feature. Both the OS X and Windows versions required Thunderbird to be restarted after the update.

The full version for Windows, OS X or Linux for all supported languages (included the just added Korean version) can be downloaded from Mozilla.

Categories: Spam Chronicles 1.0 - Tags:

Microsoft Patch Tuesday for June 2007

Written by on June 12, 2007

Microsoft released six security patches today. Four of them were rated critical, one important and one moderate. There are patches for all supported desktop OS platforms, Internet Explorer, a couple mail apps and for a couple versions of Visio. There aren’t any Office patches.

The four critical desktop patches are:

MS07-031 for Windows XP SP2, Windows XP x64 and Windows XP x64 SP2. It’s rated as “important” for Windows 2000 SP4. Earlier versions of Windows 2000 and XP may be affected but aren’t supported by Microsoft. On Windows XP this vulnerability can allow remote code execution. On other OS’s the vulnerability results in a denial of service attack (such as a system crash). The user must visit a malicious website to be exploited.

MS07-033 is the cumulative patch for all versions of Internet Explorer and is critical on all desktop OS’s that run it. Since this is a cumulative update it carries forward any baggage of earlier issues (like changes in ActiveX control handling). As usual, the most serious vulnerability impact is remote code execution. Six new vulnerabilities are identified in the bulletin some of which allow remote code execution.

MS07-034 is for Windows Mail on Vista (including Vista x64). It is rated “important” for Outlook Express 6 on all versions of Windows XP. There are five different vulnerabilities identified. On XP they may disclose information, on Vista they allow remote code execution.

MS07-035 is for all desktop OS’s except Vista. It’s not needed on Vista. This allows remote code execution.

The patches are released through Windows Update and are available for individual download.

Categories: Spam Chronicles 1.0 - Tags: , ,

Rootkit Revealer

Written by on June 12, 2007

Rootkit Revealer was created by the guys at SysInternals and since Microsoft bought SysInternals it calls Microsoft home. The current version is v1.71 and is available as a free download from Microsoft.

I ran the Rootkit Revealer on my Windows XP SP2 PC. It found two registry keys that were suspect but a quick search showed they were normal with the latest version of Rootkit Revealer. On a second run, immediately after a reboot, it found some additional files all dated post-reboot. The only old files it flagged were from Microsoft Defender and also appeared to be temporary files that were deleted during normal operations and are an indication of disk/file problems rather than spyware.

The scan also found several files in my Windows\temp directory. Rather than being spyware they all seemed to be temp files that were deleted. The timestamp on all of them was today and since the last boot. The discrepancy is probably due to a disk/file system problem rather than spyware. The message was “Visible in directory index, but not Windows API or MFT”.

I also scanned using Microsoft Defender and AVG Anti-Rootkit (both are available from my links page under Free Security Software). Neither found any spyware or rootkits.

Rootkit Revealer looks for rootkit type activity at a much lower level than the more user friendly scan tools which seem to look for specific rootkits. It’s then up to you to research it and see if it’s a rootkit. Rootkit Revealer also doesn’t include any rootkit removal tools. The SysInternal forums are still around and can be used to help decipher the scan results.

Categories: Spam Chronicles 1.0 - Tags: ,

Spam Counts for Week Ending June 10, 2007

Written by on June 10, 2007

My GMail 30-day spam count sits at 298 which is down 14 from last weeks 312 which is a 4% drop. The second GMail account, the one that’s only received phishing emails, didn’t receive anything in the past week.

None of my other email addresses received any spam.

Comment spam and trackback spam continues to increase at The OS Quest. Comment/Trackback spam for the week grew by 21%. There were 2,458 spam attempts during the week which is a increase of 422 from the week before. This was an average of 351/day. The lifetime total now stands at 9,484 attempted spam comments/trackbacks.

Comment/trackback spam attempts at the Spam Chronicles dropped by 56% as there were only 7 attempts. The total now stands at 204 in its lifetime.

Spam Karma 2 did it’s job and nothing made it through although one was thown into the moderation queue.

Categories: Spam Chronicles 1.0 - Tags:

Yahoo Messenger Critical Security Update

Written by on June 10, 2007

Yahoo has released a new version of Messenger, their instant messaging client. Yahoo’s bulletin lists the impact as:

Some impacts of a buffer overflow might include the introduction of executable code, being involuntarily logged out of a Chat and/or Instant Messaging session, and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page.

The vulnerability exists in any Windows version of Messenger that was downloaded before June 8th. The vulnerability exists in the Windows version only. Mac, Mobile and Unix versions of Messenger are not affected. To update you need to download and run the full Messenger installation.

Categories: Spam Chronicles 1.0 - Tags: ,

« Previous Page
Next Page »