06/02/2017

When Antivirus Software Fails You: How to Stop (and Defeat!) a Real-World Trojan & Social Engineering Attack

 

It isn't every day you get to see what a real Trojan or Social Engineering attack looks like.

When you do, there's seldom time to even take screenshots: you just want to get the heck out of Dodge.

But, this time, in putting together material for our upcoming free workshop, Get Secure, when I came across a real attack I was able to record it.

If you've ever wondered what an attack looks like, here's your chance to see one.

Here's the best/worst part: nothing stopped it.

  • Not our Internet Security Software.
  • Not any of our browsers' built-in malware protection
  • Not even Windows 10 built-in security.

See for yourself how it happened and what you can do to stop it.

 

Click the >< icon above to go full screen ^

 

Be the first to know about
our upcoming free workshop!

 

You'll get...
  1. real-world problems like this solved
  2. quick and easy-to-do PC optimization tricks
  3. how to spot (and avoid) online fraud & fake news
  4. and..
  5. real confidence in your skills behind the keyboard. Fast.


I promise you, it'll be some of the
best, most useful stuff you'll ever see.


Put in your details here to be the first notified.

[Click here to download the printable step-by-step companion "recipe" file.]
This file opens in a new tab / Window for you.

 

04/04/2016

"400% Surge In Phishing Attacks This Tax Season" Says The IRS*

Tax-online

The bad guys are in full force this tax season. With so many people doing their taxes online this year, the phishing community is out to snag as many victims as possible.

Even if you don't do your taxes online, the phishers still trick lots of people into entering sensitive tax information that can lead to theft, ransomeware hijacks, identity theft, or worse.

What Is Phishing?

"Phishing" is when you get an email that looks legitimate, but asks you to click a link and enter sensitive information that the bad guys can use to steal information from you.

Typical phishing scams say something like, "Your bank account may have been compromised. Click here to verify your account, etc." The link will then take you to a page that looks exactly like your bank's website, but isn't. Many people are lured into entering their bank login information, and that's when the bad guys have you.

Have a look at this email:

BofA-phishing

Looks official, right? It's not.

Clicking that link would take you to a site that looks just like the real Bank of America site and ask you for your login. Now the bad guys have full access to your bank account.

During tax season, the range of phishing possibilities are even more vast than this, making it even harder for the average person to detect what's real and what isn't.

Here's a tricky one the folks at TurboTax are warning their customers about:

TT-phish

TurboTaxLegit1232015

Can you spot the fake one?

It's the first one. Don't worry, I couldn't either. And that's the point. Despite your best efforts, you still might be a target of phishing attacks this tax season.

How To Protect Yourself


Here are some good tips to avoid phishing scams:

  • Don't open any emails, or click on any links, from an email address you don't know.

  • If you get a message that looks official from your bank, don't click on the links within the email. Instead, go to your browser and login to your bank account the way you normally would. If your bank actually has something urgent for you to attend to, then there will be a notification waiting for you in your real bank account.
    • Still not sure? You can always call up your bank and ask them if they sent you an email.

  • If you've filed your taxes online, or used any kind of tax preparation software, and you get asked for any kind of "password recovery" or something along those lines, go and login to your tax account the way you normally would and check if things are OK. 
    • The most obvious thing to ask yourself is, "Did I request this information?" You probably didn't, so don't risk clicking it.

  • Same goes for anything "official" from he IRS. If the IRS really needs to contact you, they generally do it the old-fashioned way: with paper mail. So, if you get an email from the IRS, make sure it has some kind of information identifying you first. Plus, you can always call them to make sure they really need something from you. Chances are, if they do, they've already sent you something in the mail.

  • If you do accidentally click, all is not lost. At this point, you need to stop and pay close attention to the URL in your browser. The URL should be from whichever company/agency is trying to contact you.

    • Let's examine a few examples: www.password-reset.irs.gov.rq345.com/IRS-Tax. It almost looks legitimate, doesn't it? How do we know it's not really from the the IRS? An IRS URL looks like this: https://www.irs.gov/uac/IRS-Tax-Tips. "irs.gov" is the last part of the URL before a "/". In the fake example above, the URL ends in "irs.gov.rq345.com" before the "/". "rq345.com" is not the IRS website.

    • How about this one: https://myturbotax.axklomix.com/. I've never heard of "axklomix.com" have you? Here's what a real TurboTax URL looks like: https://myturbotax.intuit.com/. "intuit.com" are the people that make TurboTax, so that's where you would access TurboTax if that's how you're filing your taxes.

  • Your final line of defense comes in only one form: antiphishing protection. Antiphishing protection is built-in to some antivirus programs and most Internet Security suites. It works like this: if you do accidentally click a phishing link from your email, your antivirus software should kick in, identify the phishing link, then block you from viewing the site (to prevent you from accidentally giving them any sensitive information).


During our rounds of testing, the top three Internet Security suites that scored a perfect 100% in blocking every phishing site we threw at them where:

VIPRE Internet Security 2016

VIPRE

We particularly like that VIPRE completely blocks the site keeping you away from danger.

ESET Smart Security 9

ESET

While ESET scored a perfect 100% in our tests as well, we'd like to see them remove the "Ignore Threat" option to prevent accidental damage.

BitDefender Internet Security 2016

BitDefender

BitDefender scored a perfect 100% as well, but again, we'd like to see them completely block the page with no option to continue.

All other brands we tested scored 90% or below.

In the end, being diligent and alert when it comes to phishing attempts is your best line of defense. But despite your best diligence, there's always going to be that one that slips past you. That's when you need to make sure you've got the best Internet Security protection available with the best anti-phishing protection built-in.

Here are our top three recommendations for excellent protection against tax-season phishing this year:

VIPRE Internet Security 2016

ESET Smart Security 9

BitDefender Internet Security 2016

Even if you already have antivirus or Internet Security software installed, it might be time to make a change now. A few dollars spent could save you hundreds or even thousands from an accidental phishing click later on.

 *https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts

01/06/2015

Spam Filters & SSL: What Should I Do?


6

We got a great question in Ye Olde Mailbag today from Jean-Claude in Montreal, Canada.

He asks,

I installed Vipre. Their SPAM FILTERING does not support SSL connections.

"Here is a note from their text:

"NOTE: Spam filtering will only function for POP3 configurations set to port 110, by default, for incoming email. SSL connections are not supported and will cause mail to stop flowing.

"Is it a big thing?

"Thanks.

Here was my reply:

It’s definitely a trade off.

The reason why it can’t support SSL is because the SSL encrypts the messages as they traverse the wire between your PC’s email client (i.e. Outlook) and your email provider’s mail servers.

Thus, VIPRE would be looking at gobbletygook nonsense and couldn’t do its job.

This is what the transit path looks like for an email:

[ Outlook ] <===> [ VIPRE ] <===> [ Internet ] <===> [ Mail Servers ]


The problem is the encryption happens like this:

[ Outlook ] <======================================> [ Mail Servers ]

Thus, VIPRE is blind to what Outlook and the mail servers are doing when SSL is enabled.

So, the question is this:

Do you have a spam problem or does your ISP provide reasonably good spam prevention / filtering?

If you do have a spam problem, spam filters like the one in VIPRE (which is very effective) are a reasonable choice, but they do come at the cost of having an SSL encrypted connection.

If you don't, I’d suggest you leave the SSL enabled and disable the spam filter.

Here’s why: with SSL disabled your email sent in clear text to the mail servers, and, more importantly, so are your username and password.

You should always act as if your emails are plain to see anyway, but there’s no reason not to protect your email username and password if you can.

Oh, and be sure you’re using a COMPLETELY different password for each of your email account[s] than you do anywhere else, especially onilne banks, credit cards, etc.

12/13/2011

Ask the Experts: What's the difference between the VIPRE you review and the one on TV?



Got a call today from Steve who asked,
There's an offer for VIPRE antivirus I've been seeing on TV lately for a hundred bucks. It's for a "lifetime" license for 10 PCs. Is this the same thing that you reviewed on your site?
Here are my answers and the rest of our call... (His questions are in italics. My answers are indented.)

Yep. It's functionally the same thing.
I don't have 10 computers, I have 2. They're pretty new, so I'm planning to have them for a while, but I'll be honest, I'm asking myself what's the catch?
No catch. It's great software. It's the same software we review on our site. It's just the pricing and licensing that may not be be right for everyone.

The software on TV comes on a USB thumbdrive. You use it to install the software onto your system.

You buy it. You wait. It gets delivered.

You install it. You sock the USB drive away someplace safe. You're done.

That's about it, 'til you need to re-install it or put it onto another PC in your house. Better hope you've still got the USB key!
OK, that much makes sense.

How 'bout me though, since I've only got the two computers? Can I get it for less?
With the TV deal, no, through our site, yes.

With our site you're actually buying it straight from the manufacturer, GFI, so you only pay for the licenses you need. It's not a pre-packaged "made for TV" type deal.
I get it. I see on the order page there are three options, 1 PC, 2 PCs, or 3-10. I need the 2 PC option.
Exactly. With our coupons, it'll cost you less than what you'd pay for the TV deal, and you can also upgrade to VIPRE Internet Security, which you can't do with the TV deal?
I was just about to ask you about that. What's this VIPRE Internet Security I'm reading about on the site? What's that have in it?
It's exactly the same software as VIPRE Antivirus and the same thing that's on TV, but with a couple of important extra features. They're worth the price of admission.

The two biggies: a built-in software firewall and web browser filter. If you're not familiar with a firewall, it forms a virtual "moat" around your PC; the web browser filter stops you from accessing malicious web sites. It's pretty cool to see it work.
So if the version on TV comes on a USB thumbdrive, how does this version come?
It's downloaded. About 30 seconds after you order online, you'll get an email from GFI with a link and your license key.

You install it right from the link they send. From the time you order 'til the time you're installing software is less than five minutes.

If you want, you can get a CD shipped to you for about $9.
OK, so tell me about this lifetime license thing. How does that work?
It's great for people with newer PCs.

If you're going to have your computers for more than a couple of years, the Lifetime License is a good option. You buy the software once. As long as you own those PCs, you'll have antivirus software for it.

That's it.
What if I get another computer? Can I transfer it?
Nope. No transfers.

GFI is reasonable about hardware failures and whatnot. Have a disk crash or something like that, that's fine. You can move it onto the new disk. You just can't move it onto a whole new computer. I'm sure there are exceptions to this, but generally not.
OK. Wow. Thanks. You've been great. I'm looking at the two PC lifetime license of VIPRE Internet Security. I really appreciate you taking the time.
My pleasure. Drop us a note or give us a call back if you have other questions we can help with.


12/02/2011

Ask the Experts: How does your Antivirus Software Testing Compare with Other Sites?



Wes writes,
Do you read reviews on other websites? Can you comment on your review technique vs. some other sites?

"Some sites appear to be more thorough in their reviews than others. I'm having a hard time deciding, given the very different ratings between your site and others I'm looking at.

"For example, you rate Vipre #1, another site puts it at #12 and a third site doesn't even mention it!

Thanks,
Wes

Grandma taught me when it comes to speaking about others, if you don't have something nice to say, you don't have anything to say.

Kidding aside, I can't speak too much about the testing methodology that the other sites use; I can tell you ours is better.

We have a repository of 500,000+ viruses, worms, trojans, rootkits, bootkits, keyloggers, spyware, adware, and every other type of malware under the sun. We test the software from soup to nuts and run it on: workstations/desktops, laptops, netbooks, and virtual machines.

Whereas a lot of other sites (not naming names, just stating fact) might test on one, or maybe two machines and/or may use a handful of viruses, we test with a huge sub-set of the 500,000 (and growing) sample set. Then, thanks to some special insight we get from our own email honeypots, we even test with fresh phishing and malicious websites when conducting the realtime part of our tests.

Beyond that, the biggest difference I can say between "us" and "them" is that our approach starts with a basic premise: break the software.

The virus writers are trying to, so why shouldn't we?

In contrast, the other sites aren't really ever doing that. Look closely at the some of the other reviews. When there aren't any "cons" is a list of "cons," someone is getting conned.

I'll let you be the judge of whether or not reviews like these sound (even remotely) unbiased.

Now, have a look at our VIPRE and VIPRE Internet Security review.

We come out guns blazing with the downsides to VIPRE, and it's our Editor's Choice! The thing is: It's not perfect, no software is. And, we're honest about that in our review of it just like we are in all of our reviews.

Aside from that, the next thing I question in some other sites testings is the small sample size of the malware they use in testing.

Then, how easy is it to get relative comparative data from other sources about two products side-by-side?

In contrast, we have several ways, not the least of which are these two:


As for VIPRE being our top pick this year, if you read our reviews, aside from excellent detection and removal, you'll see the shining star of VIPRE is their tech support.

I've personally been back and forth with another company for a week now just to get them to honor Black Friday special pricing for some customers. First their links don't work. When the links work, they have a U.K. based sale support phone number on those web pages. When that's fixed, the coupons don't work. Oh, and that phone number is just for sales support, it's not actual tech support!

Now, don't misunderstand me, I'm not saying experiences like this are representative of support from this other company, I'm not. I'm just saying that in our various calls, chats, and emails to GFI for support with VIPRE Antivirus and VIPRE Internet Security, our experience is consistently good, and we don't get the runaround.

And the same goes for the (large) group of antivirus software users who we regularly survey. We ask them about their experience with their antivirus software and the companies behind them. Their answers give us the real scoop on what's happening between customers and each of the companies, and we take this into account in our reviews.

The bottom line?

We give assessments and ratings with candor. We're honest. We look at the big picture. We get real-world feedback from consumers. And we actually test the crap out of the software with real viruses, real worms, real trojans, and so on.

05/20/2010

What's with the "Earthquake" Exploit, KHOBE?

Earlier this month, security researchers at Matousec released details of research they've done that, they claim, bypasses 100% of antivirus software.

As you might imagine, there's quite a bit of concern about this, particularly among business users, particularly because mainstream media has started discussing the so-called, KHOBE attack.

Let's dig into this a bit and see what's behind the hype.

What is KHOBE

It's an acronym for:

Kernel
HOOK
Bypassing
Engine

Put another way, it's a way for attackers to trick antivirus software. ZDNet's writer, Adrian Kingsley-Hughes, does a great job describing how this works here,

The attack is a clever 'bait-and-switch' style move.

"Harmless code is passed to the security software for scanning, but as soon as it's given the green light, it's swapped for the malicious code.

"The attack works even more reliably on multi-core systems because one thread doesn't keep an eye on other threads that are running simultaneously, making the switch easier.

Kingsley-Hughes goes on to say, Oh, and don't think that just because you are running as a standard user that you're safe, you're not. This attack doesn't need admin rights.

OK, now this is starting to sound like a pretty big deal.

Mitigating Factors with KHOBE

Here's where things *do* start to become more positive though:

  Mitigating Factor What It Means
1. Requires a lot of code. Makes it less-than-ideal for most attacks to work.

Since this code has to somehow be transferred to your machine, its current size makes it more difficult to use as a mechanism to bypass security software.
2. The software has to already be on your computer.

Wha? Yes, that's right. From what the antivirus software vendors can tell thus far, the software doesn't actually bypass their software (at least the ones we've heard from) unless it's already there to begin with.

This could be because you're installing their software after you've been infected with this code or because you disabled your antivirus program.
3. There aren't any known exploits--or exploit kits--that rely on this technique.

(At least not yet.)
The chances of encountering this in the real world are still very, very minimal.
4. It only affects antivirus software that uses the System Service Descriptor Table (SSDT), which is being used less-and-less frequently than it once was. Antivirus companies are moving (or have already moved) away from the use of the SSDT since Windows Vista. Windows XP seems to be the last Microsoft Windows OS where the security vendors commonly relied on the SSDT for their antivirus software.

This means if you're running Windows Vista or 7, chances are your antivirus or Internet security software is already immune to this exploit.

Antivirus maker Sophos says, Sophos's on-access anti-virus scanner doesn't uses SSDT hooks, so it's fair for us to say that this isn't a vulnerabilty for us at all.

VIPRE Antivirus' maker, Sunbelt Software, says, ...it would affect antivirus programs that use SSDT. We don't use SSDT in VIPRE for Windows Server 2008, Vista and Windows 7. We do use it for older operating systems, like Windows XP.
5. It's difficult to make work. The code works, yes, but given the many things that are required for it to work, even if you were to encounter it "in the wild," there's still no guarantee your computer will be infected.

Antivirus Vendor Responses

Sophos and Sunbelt aren't the only antivirus companies refuting the claims, security company F-Secure says,

We believe our multi-layer approach will provide sufficient protection level even if malicious code were to attempt use of Matousec's technique.

"And if we would see such an attack, we would simply add signature detection for it, stopping it in its tracks. We haven't seen any attacks using this technique in the wild.

Our Take on KHOBE

This is true not just for F-Secure, but for all Internet security software vendors.

If there were real-world exploits using this attack that they'd encountered, adding signatures for those attacks should be able to defeat the attack pretty easily.

Regardless of the outcome of the debate about this particular exploit, there are still a couple of take-away points as far as we're concerned,

  1. Run the best antivirus software you can afford.
  2. Keep it updated--frequently.
  3. Even if you're updated and protected against known threats, it's critical to regularly backup your system so that if something does get by your defenses, at least you can restore your system to a point before the infection.

05/12/2010

Trojan in So-Called Windows 7 Compatibility Checker

Antivirus firms BitDefender and Sunbelt Software, among others, have identified new malware they're calling, "Trojan.Generic.3783603"

According to Sunbelt, The malware immediately creates a backdoor to the user's system, which then allows remote access for cyber-criminals to obtain confidential information or install more malicious software.

While the delivery vehicle isn't unique, it targets its victims randomly through spam emails, this appears to be the first one disguised as a so-called, "Windows 7 Compatibility Checker." Even though Windows 7 has been widely available since October 2009, here we are over six months later with unsuspecting users now being duped into installing this scumware.

BitDefender says in their notice,

The infection rates reflected by the BitDefender Real-Time Virus Reporting System indicate the beginning of a massive spreading of Tojan.Generic.3783603.

"Although this phenomenon has just started, it seems that it’s just a matter of time before the cybercriminals control a huge number of systems.

"Infection rates are also expected to boom because of the effective social engineering ingredient of this mechanism, namely the reference to the highly popular Microsoft® Windows® OS.

While security professionals shouldn't have to keep saying it, evidently it needs to be said:

  1. Never, ever open an attachment from unknown contacts
  2. Be wary of opening an attachment sent from someone you know when you're not expecting it first. (Many computers have been infected when one person's computer gets infected then the virus emails itself to everyone in the infected person's address book.)
  3. Install, run, and keep updated the best antivirus firewall software or Internet security suite you can afford.

08/17/2009

Antivirus Software: What's Real? What's Fake?

One of the growing concerns for many security and antivirus professionals is the dramatic growth of fake antivirus software.

The idea behind fake A/V software is to trick unsuspecting consumers into downloading and installing their fake software in an effort to get trojans, viruses, spyware, and other malware installed onto PCs in the process.

There's nothing real about the fake software, except the threat it poses.

The process works like this:

  1. Trick consumer with a real looking, real sounding ad on an (often unsuspecting) legitimate website
  2. Get consumer to install the phony (but very real looking) antivirus application
  3. Stuff any number of trojans, keyloggers, spyware, and other evil applications into the fake antivirus program
  4. Use the newly infected computer to do their bidding, including (among other things):
    1. identity theft
    2. credit card fraud
    3. bank theft
    4. infecting other computers
    5. spamming

Solution to the Fake Antivirus Software Problem

Word is filtering out today about a way to tell fake antivirus software from legitimate ones.

A new site from security and SSL vendor Comodo of a project they're backing called, "Common Computing Security Standards Forum," aims to help consumers figure out what's real and what's not.

In their list of all known legitimate antivirus software vendors, they hope to help put an end to the dummy antivirus programs out there and to help consumers stay clear of the crap.

In addition to thanking them for their efforts, here is a complete list of current antivirus vendors known to Comodo to be the real deal:

Legitimate Antivirus Software Vendors
  • AhnLab
  • Aladdin
  • ALWIL
  • Antiy
  • Authentium
  • AVG Technologies
  • Avira GmBH
  • BitDefender (BitDefender Antivirus & Internet Security)
  • BullGuard
  • CA Inc (CA Anti-Virus)
  • Checkpoint
  • Cisco
  • ClamAV
  • Comodo
  • CSIS Security Group
  • Drive Sentry
  • Dr.Web
  • Emsi software
  • ESET
  • F-Secure
  • Fortinet
  • Frisk Software
  • G Data Software
  • GFI/Sunbelt Software (VIPRE Antivirus & Internet Security)
  • Ikarus Software
  • Intego
  • iolo
  • IObit.com
  • Kaspersky Lab (Kaspersky Anti-Virus & Internet Security)
  • Kingsoft
  • Malwarebytes
  • McAfee McAfee VirusScan Plus & Internet Security)
  • Norman
  • Panda (Panda Antivirus Pro & Internet Security)
  • PC Tools
  • Prevx
  • Rising
  • Sophos
  • SuperAntispyware
  • Symantec (Norton AntiVirus & Internet Security)
  • Trend Micro (Trend Micro AntiVirus & Internet Security)


  • You'll note, every one of the programs (reviews linked above) are included in our antivirus reviews since day one of our site are included on the list.

    If you know of other legitimate A/V software not on the list, please contact us so that we can share your insight with the folks at Comodo.

    07/21/2009

    Sunbelt Software Joins Fight Against Malware

    We came across some great news today on darkREADING.com: Sunbelt Software, makers of VIPRE, our top-rated best antivirus program for 2012, is joining Trend Micro and others in contributing data to StopBadware.org. 

    StopBadware, which has its home at Harvard University's Berkman Center for Internet & Society, is described in the article on darkREADING's efforts to fight malware as a,

    "collaborative initiative to combat viruses, spyware, and other bad software...."

    The process StopBadware uses is perhaps the largest of its kind. The idea behind it is simple:

    "...[collect] the URLs of these badware websites, whether malicious or compromised, from its data partners.

    "It uses the information to support and encourage site owners and web hosting companies in cleaning up and protecting their sites.

    "The initiative also conducts analysis of infection trends, offers independent reviews of its partners' findings, and operates a community website, BadwareBusters.org, that provides help to people who have been victims-or wish to avoid becoming victims-of badware."

    Obviously, we're happy to see any collaborative effort to thwart and stop any viruses or other malware, but this one garners special attention for several reasons, including who's involved:

  • Trend Micro (maker's of Trend Micro AntiVirus)
  • GFI/Sunbelt Software (makers's of VIPRE antivirus)
  • Harvard's Berkman Center
  • Paypal
  • Mozilla (maker's of Firefox and Thunderbird)
  • AOL
  • ...and last and not least:
  • Google


  • As for Sunbelt's role in the project, they will be contributing,

    "...research data via ThreatTrackT, a comprehensive array of malicious url and malware data feeds.

    "The data in these feeds is derived from multiple sources including: research from Sunbelt Labs; ThreatNetT, Sunbelt's VIPRE user community that anonymously sends information on potential threats to Sunbelt Labs"

    What this means to users like you and me is that by sending malware and viruses that your Trend Micro AntiVirus and Sunbelt VIPRE catch to the respective companies, you're helping the project to ensure someone else doesn't get nailed with that same--or a similar--virus.

    In turn this means that when many people across the globe are sending in their samples to the project, too, they're helping you.

    07/15/2009

    Microsoft ActiveX Bug Targets Internet Explorer & Excel

    Sad to say, the bad guys are at it again.

    Computerworld brings news of a new, as yet unpatched ActiveX bug that's being exploited to compromise PCs.

    Already because of these attacks, threat conditions have been raised by several antivirus vendors including, Sunbelt, makers of VIPRE; Symantec, makers of Norton AntiVirus; and makers of McAfee VirusScan.

    Antivirus Vendor Threat Details Page
    Sunbelt Sunbelt Security Blog
    Symantec Symantec ThreatCon
    McAfee McAfee Avert Labs



    Additionally, SANS.org's ISC (Internet Storm Center), temporarily went to condition yellow, with the release of this ISC Diary Entry called, Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution.

    Here are some key highlights from ISC's Diary entry,

    • "The vulnerability is being actively exploited on web sites."
    • "One other obvious mitigation step is to use an alternate web browser (as in other than IE) that does not make use of ActiveX." [AVR Editor's Note: If you haven't already tried Mozilla Firefox, we recommend you download Firefox and give it a try.]
    • Attack vectors include,

      "A .cn [Chinese] domain using a heavily obfuscated version of the exploit." [AVR Editor's Note: The key word here is "obfuscated." You may not even know you're on a Chinese domain being infected with this virus when it happens.]
    • Another attack vector mentioned was, "A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML.

      "This one was particularly nasty, it was specifically crafted for the target - with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient.

      "Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim's domain/IP range would not reach with the server."

    Regrettably, as with many things, the bad guys beat Microsoft to the punch, and a patch for the security vulnerability hasn't yet been released.

    In the mean time, Microsoft has a manual Active X Vunlerability Workaround [AVR Editor's Note: Look for 'Enable workaround' beneath the 'Fix it for me' section'.]

    Here are further details of Microsoft Security Advisory on the MS Office ActiveX Vunerability.