Evilgrade Exploit Toolkit infecting computers that update software online.

We can all agree that software updates are essential for keeping our computer safe and running to the best of its abilities right? What if the software update service was insecure to begin with, where do you go from there?

A malware kit called Evilgrade is currently attacking software update services rendering the update unsafe. According the ZDNet blog, the infection of the systems happen through a man-in-the-middle (DNS, DHCP and ARP spoofing) type of attack where it infects systems through the update process. This allows the attack to happen to a wide range of applications. Below is a list of product updates that may have been attacked.

1. DAP [Download Accelerator]
2. iTunes
3. Java plugin
4. Linkedin Toolbar
5. MacOS
6. notepad++
7. OpenOffices
8. speedbit
9. Winamp
10. Winzip

How would this happen to me?

If you ever use public Wi-Fi access and the DNS cache has been compromised and you choose to update your software then you risk becoming infected. From the reports that we have researched, this is only happening to the software update services listed above. Some reports have stated that Apple has updated their update service to ward off this type of attack. Other companies remain off

…

Applying the patches and service packs issues by Microsoft Operating Systems are usually seen to be solutions to improve and safeguard Windows users but apparently there are issues surrounding the type of processor that is in use. If you use an Intel based processors, chances are you will not be having much trouble installing and rebooting your system. The real problem really exists when AMD processors are being used and much of this lies in the configuration.

Apparently, to be able to adhere towards the proper specifications, some tweaks have to be done to the main processor of AMD based units to accept the new add-ons and patches offered periodically. Normally, you will have issue after applying the updated patches and this becomes a cause for consideration on whether people should install the service packs or not.

Ideally, installing these patches is a good way to be able to safeguard your computer from threats around the web. But in some cases like this AMD issue, it would be best to be open to proper installation and compatibility issues. In short, as a user you should be able to research and find proper troubleshooting tips so that you can avoid messing

Description: This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Update type: Critical

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/942615

Download link: 32-bit | 64-bit

Comments: The four vulnerabilities are:

• Uninitialized Memory Corruption Vulnerability - CVE-2007-3902
• Uninitialized Memory Corruption Vulnerability - CVE-2007-3903
• Uninitialized Memory Corruption Vulnerability - CVE-2007-5344
• DHTML Object Memory Corruption Vulnerability - CVE-2007-5347

Description: This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Update type: Critical

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/941569

Download link: 32-bit | 64-bit

Comments:

Description: A security issue has been identified in ALPC that could allow an attacker to compromise your Windows-based system and gain control over it. This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Update type: Important

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/943078

Download link: 32-bit | 64-bit

Comments:

Description: This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Update type: Critical

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/941568

Download link: 32-bit | 64-bit

Comments: