Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Perimeter Scan>A bad month for Microsoft products

A bad month for Microsoft products
Tweet
Ryan russell By Ryan Russell

This is, of course, a Windows-centric newsletter. That means that sometimes it can be difficult writing about security issues without picking on Microsoft.

Drive-by downloads still mostly affect Internet Explorer, not other browsers, and Microsoft Office products are showing cracks in the foundation.I’ll explain below.

The ‘Million Malware March’ for MySpace

Here at Windows Secrets, we’ve many times discussed browser bugs, drive-by installs, and the resulting malware. Yet another example hit MySpace.com recently. (For patches, see Susan Bradley’s column, above.) This is an extremely interesting case because of the volume of affected users and the method of infection. It appears that as many as a million MySpace visitors may have been infected with spyware served up via MySpace’s banner-ad mechanism.

Brian Krebs does his usual excellent reporting on the topic in his Washington Post Security Fix blog. In it, he reports that iDefense analyst Michael La Pilla was offered a suspicious exp.wmf file when visiting the site.

It turned out to be a file trying to take advantage of the WMF hole that was patched by Microsoft in January. Since Michael was using a Linux machine to browse, the infected file was offered as a do

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

Related posts:

  1. Phenomenal update info on 32 Microsoft products
  2. Microsoft security patches
  3. Twenty six malware products on each PC
  4. Avoid This Fake Microsoft Security Patch
  5. Office 2003 update
= Paid content

All Windows Secrets articles posted on 2006-07-27:

  • Top Story Should you use Windows Live Messenger?
  • Over the Horizon IE bugs not fun for users
  • Patch Watch Patching isn’t just about Microsoft
  • Hot Tips Readers review alternatives to Windows Update
  • Perimeter Scan A bad month for Microsoft products
  •  Show all articles on a single page
Ryan Russell

About Ryan Russell

Ryan Russell is a quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias "Blue Boar." He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.
View all posts by Ryan Russell →
E-books

We’ve pored through years of back issues, picking the best tips, to create these ebooks:

E-book series
  • PC Maintenance Guide
  • PC Security Guide
  • Windows 7 Guide Vol 1
  • Windows 7 Guide Vol 2
  • Win XP Survival Guide
See the e-book series
Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.21
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Don’t pay for software you don’t need — Part 2 4.10
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb