Microsoft has been busy issuing security patches (also known as security bulletins) in a fast and furious way over the last few days, with security patches also coming from Adobe and Apple.

Microsoft sent out ten alerts which covered 34 separate vulnerabilities and these came together with a number of other updates and additional fixes. Only three of these security patches were ‘critical’ and they affected media decompression, ActiveX and their web browser, Internet Explorer.

Adobe has recently had to fix a long line of weaknesses with security patches in their product line-up and the latest was uncovered in the Flash Player. This effects multiple platforms and will also create impacts on the Adobe Reader and version Nine of the Acrobat. Although a fix has been issued, not all elements are covered and some platforms will have to wait for help.

Security patch experts say that the older versions of the PDF handling software are safe from the problems. Those users of Reader and Acrobat are being told they can work around the problem, but they have to make inoperative, delete, or rename the component called ‘authplay.dll.’ This provides the Flash function within the PDF documents.

As well as Microsoft and Adobe, Apple has also had its fair share of security patch problem fixing. They have had some problems with their latest version of the Safari browser which is said to have numerous issues inherited from older versions. Not least is a long-discovered weakness which enables malicious sites to harvest history data from the Safari browser.

Computer security officials are again warning computer users to accept security patches sent by the creator of the software in order to protect themselves against all manner of malware programmes.

And they stress that only those security patches from reputable, known companies should be downloaded. A common tactic is to trick computer users into thinking that they need a patch, only to find that it is in effect a malicious programme.

Guest Article by Neil Camp

Security outfit Kaspersky reports that it has discovered a fresh version of the malicious virus Sinowal which represents a very sophisticated threat and computer users should be on their guard. It’s also employs a new method which is being used for the first time by cyber criminals.

Sinowal, also known as Torpig, has the ability to hide itself by contaminating the master boot record (MBR), which is part of a computer’s hard drive. The MBR is the lowest level of the operating system and by sitting here, it effectively by-passes the anti-virus software.

Sinowal is a botnet forming virus which is designed to exploit weaknesses in websites. One of its most recent victims has been the security hole in the Adobe Acrobat Reader of PDF software.

Sinowal is particularly sophisticated on one level, yet quite simple on another, turning it into a long term enemy of the security experts for many years.

Kaspersky admitted that for many computer users, being infiltrated by Sinowal and its variants was inevitable. Sinowal was adept at creating botnets which would later allow trojans onto the infected computers.

The security firm recommended that anti-virus software be kept stringently up-to-date and that should Sinowal be discovered, special instructions had to be followed in order to remove it.

Guest Article by Neil Camp

If you get an email with an attached PDF promising to explain all you need to know about the swine flu epidemic, don’t open it.

Computer security company Symantec is warning computer users that whereas the spammers were first to exploit public concerns about the possible swine flu pandemic, now the cyber criminals behind malware infestations are taking their turn.

An email with a PDF attachment called swine influenza frequently asked questions.pdf is currently doing the rounds and should not be opened.

It is a real PDF file and when opened, it will have a couple of swine flu related headings and a list of questions and answers. But if you get to the stage of reading it, then you will have already been infected.

It cynically plays on people’s fears to learn more about the disease and it’s implications for various countries.

Symantec say the good news is that if you are running up-to-date anti-virus software, it will have been picked up before it does any damage. The company technicians say the malicious PDF file is known as bloodhound.exploit6 and the dropped malicious file contained in the PDF as InfoStealer.

Adobe already have a patch for the vulnerability in their application and Symantec recommend that it is downloaded as soon as possible. Check the Adobe site for more information.

Guest Article by Neil Camp