Downandup worm is coded to exploit the recent vulnerability of Microsoft Windows operating system.

“The number of Downandup infections are skyrocketing based on our calculations,” F-Secure’s Toni Kovunen said in a blog post Friday. “From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That’s just amazing.”

“The situation with Downandup is not getting better,” he added. “It’s getting worse.”

Infected operating systems are Windows 2000, XP and Server 2003. Aside from acquiring the worm from malicius website, the worm also spread via flash and network drives.

In October, Microsoft took the unusual step of issuing an out-of-band Security Bulletin, MS08-067, for a vulnerability affecting its Server service.

“Because the vulnerability is potentially wormable on those older versions of Windows [XP and earlier], we’re encouraging customers to test and deploy the update as soon as possible,” said Christopher Budd, a Microsoft Security Response Center security program manager, in a blog post.

The Worm manages to evade security detection by incorporating lots of defensive steps such as disabling various Windows security, updating, and networking features. It blocks access to security-related domains on the Internet. And it modifies networking settings to speed up its ability to copy itself to other computers.

Microsoft encourages Windows users to periodically update their system through Windows own automatic update. Only few people update their system on time.

An e-mail arrived at my Windows Mail inbox coming from World of Warcraft’s billing informing me of my successful purchase of The Burning Crusade Patch. So I decided to check my WoW account at the official website to check my updated account and to download the Burning Crusade patch.

To my surprise, AVAST is blocking me! My antivirus told me that it blocked my access to World of Warcraft Account because it suspects it as a malicious site. I don’t have a clue as to who’s fault it is: World of Warcraft harboring malicious code? or AVAST having a false positive in WoW’s code?

AVAST forum is not helping me, the SMF forum software they used is having difficulty keeping my connection alive. “Connection Problems. Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.” Could this be coming from disgruntled WoW player’s complaining of the alert?

AVAST Home edition is a free antivirus distributed by ALWIL Software.

Microsoft issued a security patch released today to address the vulnerability found on its browser therefore Internet Explorer users are advised to immediately download the patch via auto-update or through Microsoft Download Center. A separate patch will be made available for those running IE8 Beta 2. ®

“We are actively investigating the vulnerability that these attacks attempt to exploit,” says Microsoft. “We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

The milicoius JavaScript code named “JS_DLOAD.MD” by Trend Micro stems from data binding bugs that allows hackers access to a computer’s memory space, allowing attackers to remotely execute malicious code as IE crashes, Microsoft has said. Once the JavaScript succeeds in its exploit, it then triggers a series of redirections to multiple URLs, then finally settling on one of several different domains. Supposedly, the toolkit associated with this evil JavaScript is rumored to being sold in the Chinese underground community. “This is quite logical, since TSPY_ONLINEG variants are notorious info-stealers — particularly stealing credentials related to online games, which in turn are very popular in China,” said Trend Micro in this blog.

First found at warez and *ahem* porn sites hosted by Chinese domains, the malicios JavaScript code has snice spread to even your trusted sites through SQL injection. The code targeted gamers’ password so far but experts say that it might steal other sensitive data soon.

Security fixes is the main reason for releasing this update therefore they are encouraging all users to download the update on Opera’s website to safeguard you from malicious code that lurk the web.

Issues fixed and changes by 9.63 are as follows:

• Manipulating text input contents can allow execution of arbitrary code.
• HTML parsing flaw can cause Opera to execute arbitrary code.
• Long hostnames in file: URLs can cause execution of arbitrary code.
• Script injection in feed preview can reveal contents of unrelated news feeds.
• Built-in XSLT templates can allow cross-site scripting.
• Fixed an issue that could reveal random data.
• SVG images embedded using <img> tags can no longer execute Java or plugin content.

Go download Opera 9.63 – and browse the web securely!

Bit9′s list named Firefox to be the most vulnerable application.  Top 12 consumer application are as follows:

1. Mozilla Firefox
2. Adobe Flash & Acrobat
3. EMC VMware Player, Workstation and other products
4. Sun Java Runtime Environment (JRE)
5. Apple QuickTime, Safari & iTunes
6. Symantec
7. Trend Micro
8. Citrix Products
9. Aurigma, Lycos
10. Skype
11. Yahoo! Assistant
12. Microsoft Windows Live (MSN) Messenger

The list draws lots of criticism and some say that Microsoft might have influenced in the publishing of this research.

Bit9 characterises the mentioned application by the following:

• Runs on Microsoft Windows.
• Is well-known in the consumer space and frequently downloaded by individuals.
• Is not classified as malicious by enterprise IT organizations or security vendors.
• Contains at least one critical vulnerability that was:
  • first reported in January 2008 or after,
  • registered in the U.S. National Institute of Standards and Technology’s (NIST) official vulnerability database at http://nvd.nist.gov, and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
• Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
• The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.

“Year after year, we see a growing number of applications within the enterprise creating security vulnerabilities that are easily prevented through better visibility across endpoints, and a more centralized patch-management process,” said Harry Sverdlove, chief technology officer, Bit9 Inc. “2008 has been no exception. This year, along with the widely reported huge increase in malware, the number of well-known applications causing security problems for companies has also increased. Our annual ranking now covers 12 applications, up from 10 last year.”

About Bit9, Inc.

Bit9 is the pioneer and leader in enterprise application whitelisting. The company’s patented application control solutions ensure only trusted and authorized applications are allowed to run, eliminating the risk caused by malicious, illegal and unauthorized software. Unlike traditional, reactive controls that try to scan and prevent the never-ending list of unauthorized software, Bit9 leverages the Bit9 Global Software Registry™ — the world’s largest database of software intelligence – to ensure only authorized applications can run, delivering the highest levels of desktop security, compliance, and manageability. Bit9 customers include companies in a wide variety of industries, such as retail, financial services, healthcare, e-commerce, telecommunications, as well as government agencies. Founded in 2002, Bit9 is privately held and based in Waltham, Massachusetts. For more information, visit http://www.bit9.com or call +1 617.393.7400.

Code-named “Morro,” this streamlined solution will provide comprehensive protection from malware including viruses, spyware, rootkits and trojans.

Windows first offered free firewall on Windows 95 OSR2 then later bundled Defender on Vista. With Morro, Microsoft expect that its current operating system Windows XP and Vista will be more secured. Microsoft is also planning to bundle Morro with Internet Explorer 8.

Microsoft will discontinue the OneCare subscription service June 30, 2009, but customers will still be able to download updates until their subscriptions end.

ALWIL introduces Avast Home Free Edition for users who want to protect their PC but have a limited budget to purchase a full-package antivirus. Avast offers a limited but not crippling set of features to protect your computer, may it be Microsoft Windows or Linux, against almost all known types of malicious codes that’s in the wild today. What’s more exciting is the fact that ALWIL is offering their home edition free of charge for non-commercial use so if your a parents refuse to give you an extra budget for a antivirus then AVAST Antivirus is for you.

Avast antivirus includs limited anti-spyware and anti-rootkit in the free edition making it a winner among other free antivirus solutions.

Spyware is software installed on a computer that is designed to collect information about the computer user, often without their knowledge or consent. This can result in so called identity theft, or theft of valuable information (e.g. bank or credit card details) or proprietary business data. Spyware is often developed by organized crime rings rather than lone individuals and may be installed by a virus.

Of course other standard features include the following:

• Anti-spyware built-in. You will have to avail ofthe professional edition to get the full protection though but if you have Vista then Windows Defender is already sufficient enough.
• Anti-rootkit built-in. Protection against hidden threats
• Strong self-protection. Some viruses may attempt to switch off a computer’s antvirus software. To help keep your protection working, even against the latest threats that may try to disable your security protection, avast! has best-in-class strong self-protection built in, to make sure, no matter what you face, avast! carries on protecting your valuable data and programs
• Antivirus kernel. The latest version of avast! antivirus kernel features outstanding detection abilities, together with high performance. You can expect 100% detection of In-the-Wild viruses (viruses already spreading between users) and excellent detection of Trojan horses.
• Simple User Interface. The appearance of the Simple User Interface is very flexible. It supports so-called skins, allowing users to change the appearance of the application interface.
• Resident protection. avast! Home Edition contains resident protection of the computer file system and a resident module for e-mails and news.
• P2P and IM Shields. Avast features a module for the protection of IM (Instant Messaging, “chat”) programs, and a module for the protection of P2P (peer-to-peer) programs. The list of supported IM and P2P programs is extensive with more than 30 programs currently supported.
• Network Shield.  A good feature if your computer is connected on a network. Best of course if you are maintaining an internet cafe as it blocks viruses that travel through your network.
• Web Shield. Web Shield is a unique feature of avast! that enables it to monitor and filter all HTTP traffic coming from the Web sites on the Internet.
• Automatic updates. The frequency of updating the virus definition determines the amount of protection it could offer. Both the virus database and the program itself can be updated automatically. The updates are incremental, with only new or missing data downloaded: thus reducing the transfer heavily. The typical size of a virus database update are tens of KB; program updates are typically in the hundreds of KB range.
• Virus Chest. The Virus Chest can be thought of as a folder on your disk drive, having special properties that make it a safe, isolated place suitable for storing certain files. You can work with the files in the Chest, though with some security restrictions.
• System integration. Avast can be started directly from windows explorer, screen saver and on boot-time scan..
• Integrated Virus Cleaner. A tool designed for a complete removal of most common infections from already-infected computers. Avast is capable even to reliably heal (not only detect) the most common malware.
• Support for 64-bit Windows. Avast! Home and Professional edition now fully supports the 64-bit Windows platform.
• Internationalization. You may not expect our language to be included here but if you have friend who is a chinese or living outside the Philippines then Avast has a language built-in for them to use.

Download FREE antivirus software – avast! Home Edition

avast! antivirus Home Edition is available free of charge for non-commercial home use ONLY.

First security issue which were marked Extreme Severe is related to history search which could be used to execute arbitrary code, as discovered by Aviv Raff.

When certain parameters are passed to Opera’s History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera’s configuration, allowing them to execute arbitrary code.

A highly severe security risk is also identified where the links panel can allow cross-site scripting.

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

Updating your Opera browser is a highly advised. You can update your browser by downloading the latest driver at Opera’s download page here.