Microsoft has issued an advisory regarding attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows.  This new vulnerability affects all versions of Windows including the latest - Windows 7.  Malicious code is executed when a specially crafted .LNK file (shortcut) is displayed.  This vulnerability can begin with a malicious USB drive, or remotely via network shares and WebDAV.  Certain documents supporting embedded shortcuts could also employ the vulnerability.

The code loads as a root kit infection.  It doesn’t require any user interaction or administrative privilege to infect the system.  A shortcut is used to point to a malicious file, and Windows Explorer will blindly execute the malicious file without even browsing to the location of the shortcut.  Microsoft is currently working on a patch; however, until it is released they have offered a few workarounds, such as disabling the Auto Run feature and the displaying of icons for shortcuts.

A word of advice, do not run the executable files (.exe) from the network shared drive or from external drives such as a USB key or portable hard drives.

A new version of the Koobface worm, which first started spreading in 2008, is spreading on Facebook .  The worm spreads by sending a message to a Facebook user, supposedly from a friend, inviting users to watch a video of them on You Tube and prompts them to download a Flash Player or video codec’s (updates for media players) when video is not displayed.  Clicking anywhere on the image prompts the download of a malicious executable which has been detected as WORM_KOOBFACE.IC.

Once downloaded, it begins to carry out its malicious attack by stealing user’s information and causing the PC to crash.  It continues to propagate itself after stealing login info by spamming the victim’s social networking friends.  Since the worm is targeting Facebook users by sending links to watch videos through other compromised users profiles, the message appears quite authentic, except for the poor spelling, which may be a giveaway for some and is the reason Facebook is having a difficult time filtering the malicious links.

The Koobface Worm is also spreading with a subject line “I will NEVER text again” and attracts users thru a video file.  If the user clicks on the video link to see a video about someone who died because of texting, the app asks for permission to access their basic information and post to their Wall, if granted, the video does not play, but the link is attached to the user’s Wall and is sent out in the news feed to their other friends and potentially added to their profiles.

At the moment, the only defense against this threat, which has evolved over time, is having up-to-date anti-virus and malware software, coupled with smart browsing!

On July 26th AT&T announced that Charlotte, NC, is their pick for the second city to become part of its pilot program offering free Wi-Fi to customers in their designated Wi-Fi hot zones.  New York City’s Times Square was designated as their first pick city back in May.  AT&T is setting up the hot zones in places having high 3G wireless usage with the idea to unload traffic from their cellular network.  Many customers have complained about dropped calls and poor speed when trying to access the internet.  AT&T is hoping to improve the demand for services on their network; they are examining new ways to combine their Wi-Fi and 3G networks to deliver the best mobile broadband service.  In a matter of weeks, Chicago is set to become the third AT&T Wi-Fi hot zone.

On July 20th the FCC redefined “broadband” as 4 Mbps up and 1 Mbps down at the minimum; previously defined in 1999 as 200 kbps upload and download.  Their report states that it is the minimum speed needed to “stream a high quality, even if not high-definition, video while leaving sufficient bandwidth for basic Web browsing and email.”  It was the minimum target speed proposed in the FCC’s National Broadband Plan.  The FCC also pointed out that half of all broadband customers buy service advertised to deliver download speeds of 7 Mbps, but only get about half of that speed from the broadband service providers.  Needless to say, broadband service providers are not happy with the report.