Weddings, no doubt, are always special. It is celebrated in more ways than one, depending on the culture, country, religious affiliation and tradition a couple belongs or wish to adhere to. However it is practiced, one thing is certain: the preparations and plannings behind it have been grueling, stressful and time consuming.

Thanks to technology and human ingenuity, wedding preparation is more manageable and a lot quicker to pull off than before. For one thing, there are services available online that cater to the soon-to-be-wedded who opt for the modern way of sending out wedding invitations in the form of e-cards.

Our researchers in the AV Labs captured a malicious spam appearing to be a wedding invitation purportedly from White Wedding Agency, a business entity in Prague:

Malicious wedding invitation spam                                                               click to enlarge

From: {random email address}
Subject/s:

Wedding Invite
Wedding Invitation

Message body:
You are Cordially Invited to Celebrate

the Our Wedding

On Tuesday March the 29 at Four O’clock

Followed by a Reception

Get Full Invitation Text

Clicking the link at the bottom of the message downloads a ZIP-compressed file. The file looks like this once decompressed:

Postal-Receipt.exe                                                                                               click to enlarge

Notice that the file uses an icon that mimics the look of a Microsoft Word document file, an attempt to mask its true file type (which is an executable). As we have seen before, this method is most effective especially if the user did not set the option to view file extensions by default.

We also found out that the malicious file is hosted on legitimate but compromised websites. It has the following URL format:

{compromised domain}/components/.{random alphanumeric characters}.php?receipt=ss00_323

Below are the determinations of the malware as per our ThreatAnalyzer results:

Malware Determinations for “Postal-Receipt.exe”                              click to enlarge

If users execute the file, it drops and opens the text file, Postal-Receipt.txt, as a way to distract users from noticing activities being done by the malware in the background. Below is a screenshot of the said file:

Profile-Receipt.txt             click to enlarge

Apple has long touted security of its Mac operating system, contrasting it with what it portrays as security-hole-ridden Windows. Now Apple is finally admitting that Macs can get viruses, too…well, it doesn’t go quite that far, but almost admits it.

Apple has changed the marketing on its Web site touting the Mac’s virus invulnerability. Before the change, Apple boasted in part:

It doesn’t get PC viruses.
A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.

The text now reads:

It’s built to be safe.

Built-in defenses in OS X keep you safe from unknowingly downloading malicious software on your Mac.

That marketing change may not strike you as substantial, but coming from Apple, it’s a big deal. Apple has long denied any security problems with the Mac, detailed evidence to the contrary. The Flashback trojan attack shows that the Mac is vulnerable, even though Apple doesn’t like to admit it. And Eugene Kaspersky of the Kaspersky security company says that Apple is ten years behind Microsoft when it comes to security. Apple doesn’t take malware attacks seriously, he says, which will “mean disaster for Apple.”

Does the change in marketing mean that Apple is starting to take security more seriously? It’s too soon to tell. But clearly the company recognizes that it’s got to own up to at least some security vulnerabilities, and that’s a first step.

You know how it works. Your end users visit an infected site and inadvertently download the latest type of malware. If your antivirus software is up to snuff, it will prevent the download or, at the very least, locate and isolate the invading file on the user’s hard drive. But what if there is no file on the hard drive to detect? What if instead the malware resides only in memory, running under a trusted process that you, the antivirus software and the operating system itself assume cannot be breached?

That’s exactly what happened in Russia earlier this year, when more than 300,000 computers were infected with a unique type of malware — the fileless bot. After the bot ran unencumbered for several months, Kaspersky Lab announced that it had discovered a rare type of infection being propagated through Russian online information resources. Advertisements supplied to the sites by AdFox, a third-party ad network, contained Java malware that directed browsers to a download server run by cybercriminals.

Losing Microsoft’s Windows XP support at the end of life

After Microsoft ends support of Windows XP, it will no longer provide software updates for the operating system (OS). Of greatest concern are the security fixes that protect against malware such as viruses and worms. According to Microsoft’s Security Intelligence Report, Windows XP Service Pack 3 (SP3) — the only version still receiving security updates — is over twice as vulnerable to infections as the 32-bit version of Windows 7 SP1 and nearly three times as vulnerable as the 64-bit version. Without security updates, Windows XP will become increasingly vulnerable. Cybercriminals may step up their attacks after the Windows XP end of life.

And it’s not just the lack of security patches that causes IT to lose sleep. Operating system updates also improve reliability and keep hardware running properly. But after April 2014, those protections are gone, along with per-incident support services and hotfix agreement support. Windows XP might seem stable today, but in just over a year that stability might be little more than a memory

Best practices for Windows XP to Windows 7 migration stragglers

Nobody at Microsoft was prepared for the sheer level of devotion that users and organizations alike would show for Windows XP after its release. Here we are, 12 years after its debut, and Windows XP is still commanding 25% or so of the operating system market share. Granted, Windows 7 is in first place with a healthy 50% or more, but the mere facts that Windows XP still has such a devoted following and that its market share has dropped by only about 1% a month means many stragglers will still be migrating from Windows XP to Windows 7 in the months and years to come.

Migrating from Windows XP to Windows 7 isn’t a single-step process for a variety of reasons, most of them due to the architectural differences between the two OSes. Rather than provide a direct upgrade path, Microsoft created ways to allow user profiles and data to be migrated from an XP installation to a Windows 7 one. That still leaves open a great many questions about application support and other functions. Not all of these questions have easy answers, but I’ll attempt to address the major issues that come up when migrating from Windows XP to Windows 7, either on a single machine or in a whole site.