F1 key can be exploited to download malware

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

F1 key can be exploited to download malware

Postby AlphaCentauri » Tue Mar 02, 2010 11:20 pm

http://www.microsoft.com/technet/securi ... 81169.mspx
via
http://www.krebsonsecurity.com/2010/03/ ... tion-keys/

If you get a pop up that tells you to hit the F1 key, don't do it, at least not if you're running Windows. It can be exploited to download malware.

Microsoft is peeved that the vulnerability was announced publicly instead of being reported to them privately. There has been controversy lately because some hackers are fed up with seeming lack of action on the security holes they find and report. They feel that they are doing the work the software companies should be doing for themselves. They also complain that when they do find vulnerabilities, so much time elapses after they report them that criminals have already found them and created exploits before the legitimate users are given any warning of the risk.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: F1 key can be exploited to download malware

Postby spamislame » Wed Mar 03, 2010 11:46 am

Honestly what does this tell us about Windows? :roll:

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies. I wonder what it will take to get corporate IT to stand up and say "Okay that's it. That's the last straw."

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: F1 key can be exploited to download malware

Postby Moike » Thu Mar 04, 2010 10:50 am

spamislame wrote:Honestly what does this tell us about Windows? :roll:

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies.


Do you think the Adobe heap of junk software is any more secure on Linux?

When was the last time you got Windows malware on your machine? It is now much more about application vulnerabilities (Adobe) and social engineering than exploiting holes in the OS.
Moike
Spam Observer
 
Posts: 79
Joined: Thu Aug 14, 2008 3:48 pm

Re: F1 key can be exploited to download malware

Postby spamislame » Thu Mar 04, 2010 11:52 am

I have a hard time calling Photoshop "A heap of junk." :) I actually can say with a clean conscience that I love that software. (I've been using it since v.2.0)

But I do agree with your point.

Why, by the way, does a PDF file require JavaScript to be enabled by default?

Adobe makes, I think, good software, but they appear to have had a hard time dotting their i's and crossing their t's from a security standpoint.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: F1 key can be exploited to download malware

Postby ahoier » Thu Mar 04, 2010 9:04 pm

Not really related....but some times people are beyond help :P Apparantly Windows blocked some "Secure Tool" fake antivirus download on my mother's computer, and she blindly "Accepted" / Allowed it, when Windows Defender blocked it.

My stepdad handed her Kaspersky (the price tag said 70$!) and I told him to return that crap lol. No antivirus can save you if you "allow" what was blocked :)


On a side-note, damn I can't even recall the last time I used "F1" for help lol. I wonder if there's a way to "hotkey" it to open Google.com....? :) Since..well, when/if I do have a problem, I tend to just go ask Google (jeeves died a horrible death years ago, or he usually had the answer too LOL)
ahoier
Spammer Killing Machine
 
Posts: 593
Joined: Thu Apr 03, 2008 4:33 pm
Location: Florida


Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron