This USB battery charger from Eveready has been sold in the US and Europe since 2007. The software that comes with it includes a trojan that stays active, listening for commands on port 7777, even when the device is not connected. I aways found that cute bunny with the sunglasses to be a little suspicious.
We trust Mr. Google to find us what we are looking for, but even the venerable Mr. Google gets attacked by the bad guys. It is called search engine poisoning, and it can trap the unwary. Think before you click, and don’t always assume Mr. Google is right.
Anyone can digitally sign a file. The question is whether the digital signature traces back to a trusted Certificate Authority. Virus writers are becoming more sophisticated all the time, and some are now digitally signing their poison, making it look more official to those who are not careful about examining the signature. Fake signatures are easy to spot – IF you take the time to look. Your browser / OS will usually warn you as well, IF you pay attention. Education and awareness are still the best defense. More information can be found here.
Patching is a real pain – that is no secret to any of you. I have recommended Secunia PSI on numerous occasions for keeping third-party applications up to date. Secunia is working on an update that will make these updates automatic. Easy is good.
Endpoint Security – clients need to gain control over all those portable devices (USB drives, smart phones, MP3 players, etc.) that come and go from the work place. Along with them, malware can come and sensitive data can go. Here is an article that offers more information. The GOOD NEWS is that Nerds On Site will soon be able to offer endpoint protection as part of NerdCare.
This last one is not security-related, but it is worth noting. Microsoft is pulling the plug on the Windows Essentials Business Server product.
Dennis H in West Virginia, US
March 8, 2010