Today we released the Update EU2 for all Avira AntiVir 9 products. The developers fixed a bunch of small bugs which some users occasionally ran into. The update is being distributed via automatic update function, so there is no need for users to do anything.

To name a few of the bugs fixed: Our developers further improved the IMAP support of the MailGuard. For example, in rare circumstances an application error in Thunderbird occurred when using 1&1 IMAP accounts.

Some issues with the firewall of Avira Premium Security Suite have been solved as well. These mostly are of cosmetic nature like firewall dialogs did not fit on the 800×480 pixels display of the EeePC. Some trusted publishers weren’t always properly detected in applications, resulting in more firewall prompts for user action. For the server versions the update corrects some errors, too.

Additionally we’re planning to release more international versions of AntiVir 9 tomorrow. We’re going to publish the software versions Avira AntiVir Premium, Avira Premium Security Suite and Avira AntiVir Professional in Italian, Spanish, French and Russian. The free Avira AntiVir Personal will be available in Italian and French then as well!

Dirk Knop
Technical Editor

The Mozilla Foundation has closed several security holes in its products which allow attackers to inject malicious code for example via manipulated web pages. Affected are Firefox, Thunderbird and the Seamonkey browser suite.

An overview of the vulnerabilities is available at the Mozilla website. As the Mozilla based web browsers are highly popular, the cybercriminals develop malware for them as well. So update your Firefox to the current version 3.0.9, Thunderbird to 2.0.0.22 and Seamonkey to 1.1.17 or newer as soon as possible!

Dirk Knop
Technical Editor

The last week has been quite busy even though it was Easter holiday season. Microsoft released 8 security bulletins with Updates for the affected software last Tuesday. 5 of them are rated critical and concern Wordpad and the Office Text converters, Windows HTTP services, DirectShow, Internet Explorer and Excel. The security hole in PowerPoint is still unpatched though. Apply those patches immediately if you haven’t done so yet as exploit code for those vulnerabilities is publicly available.

The conficker worm started downloading updates. Interestingly it doesn’t use some of those 50.000 domains it generates on daily basis, but a Peer-to-Peer-network which it has functionality built-in for. Users of Avira security solutions are safe from the threat as the new variants spread this way got generically detected as TR/Crypt.XPACK.gen. Additionally, our Virus Lab added the detection Worm/Conficker.D so the malware can be better identified.

The media got hit by reports about a juvenile bored programmer who wrote and released 5 Twitter worms in short time. As excuse he told the media, he got no answer or reaction from Twitter  when contacting them. After that, some web design company found his skills to be impressing and hired him. I wouldn’t want my web page be programmed by someone writing malware though.

Dirk Knop
Technical Editor

As we are monitoring the web for malware, spam and phishing, we often have to report “bad” URLs to the providers. We found some spam and phishing sites hosted by Microsofts live.com service; among other services Microsoft offers blog hosting there.

When we tried to report the abuse, this turned out to be close to impossible. See for yourself:

When trying to report an abuse, you have to fill out an online form.

Microsoft needs to know which site we want to report. Oh, and a CAPTCHA to solve to divide us from Spam-Bots.

Of course they need to know what is offensive - images, the messages...

...and we're still not done yet. Now we need to classify which kind of abuse we detected.

Finally! We can send the report. We also get a ticket-number from the support.

That is quite a torture for reporting spammers and phishers. For sure not too many people are willing to go through such a long form. On the other hand, we wanted to report a spammer’s site two weeks ago and did it this way. Until now we didn’t receive an answer.

This example shows that companies tend to make abuse-reports really complicated. It could be as easy as adding a permanent link on each live-com site which is labeled “Report Abuse” – just like the usual “Contact”-links.

Dirk Knop
Technical Editor

Sorin Mustaca
Manager International Software Development

Microsoft warns of a new unpatched security vulnerability in PowerPoint. According to their security advisory, PowerPoint 2000, 2002 and 2003 up to Service Pack 3 are affected; so is PowerPoint 2004 for Macs. Currently cyber criminals are abusing specially prepared documents to infect computers in companies. This is how the so-called GhostNet started a few years ago as well.

Good news is that PowerPoint Viewer 2003 and 2007 as well as Office 2007 seem to be unaffected. If you get PowerPoint presentations by mail, only open them with these versions. Anyhow it seems a good idea to first check whether you expected that presentation from exactly that sender and if in doubt, contact the sender to verify it was really him sending the document.

As administrator of a company network you might want to setup a MOICE filter for incoming documents to sanitize them so they can’t lead to dangerous actions on the client PCs.

Dirk Knop
Technical Editor