RealPlayer Alert and "Pay Up or I'll Kill You..."
First off, if you use Microsoft's Internet Explorer browser and you have RealPlayer installed on your computer beware. There is a vulnerability being actively exploited in RealPlayer that has no patch available [yet].
The solutions:
1. Go into IE's Internet Options and disable ActiveX.
2. Set the 'Kill-Bit' for the affected CLSIDs (see the list and instructions here).
3. Use a browser that doesn't use ActiveX (like Firefox).
Note: Setting the 'Kill-Bits' for RealPlayer will affect or break the functionality of RealPlayer. And disabling ActiveX in Internet Explorer will prohibit anything on a web site that requires ActiveX to work. Of course that's better than having your PC infected, isn't it?
My suggestion is to use the Firefox browser* as your everyday browser, but if you do use Internet Explorer, download and install something like SpywareBlaster for it's extra IE protection.
*And install the NoScript [add-on]!
References:
----------------------------------------------------------------
Second, there are some Hoaxes you should be aware of, and a great web site for you to bookmark/favorite called "Hoax-Slayer.com".
The first one ("Postcard Image Virus Hoax") is sneaky because "it includes a link to information about a genuine but totally unrelated virus." (on a legitimate site [snopes.com]). Here's a snippet from the Hoax-Slayer page:
Summary:
Warning message claims that an email with an attachment entitled "POSTCARD" will destroy the hard drive of the infected computer and has been classified as the most destructive virus ever...
Others (in the current issue of Hoax-Slayer) include:
Pay Up or I'll Kill You Scam Email
Fake Microsoft Critical Update
PayPal New Security Message Phishing Scam
Barack Obama Endorsed by the Ku Klux Klan Hoax
I recommend subscribing to their Monthly Newsletter or one of the other subscription options.
-------------------------------------------------------------------------------
I hope that everyone (with a PC) got the monthly Microsoft Update(s). They all involve Microsoft Office vulnerabilities and are rated Critical! Here's a SANS page that details them.
-------------------------------------------------------------------------------
I almost forgot to mention a nasty program called G-Archiver. I posted details about it the other day here. If you're already using it you need to change your Gmail password IMMEDIATELY! If not, stay away and be thankful. It sends your Gmail Username and Password to the guy who developed the program (to his Gmail account).
'till next time, stay safe, and think before you click!
