Month: August 2010

Microsoft has posted an out-of-band patch for the .lnk vulnerability (CVE-2010-2568) that was widely exploited after it was made public two weeks ago. The company announced Friday that the patch would be forthcoming, saying that the Sality malware family, and specifically Sality.AT was actively exploiting the weakness.

Microsoft Security Bulletin MS10-046 here.

“This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

“This security update is rated Critical for all supported editions of Microsoft Windows.”

Microsoft did not provide patches for Windows 2000 and Windows XP SP2, since support has ended for them.

Tom Kelchner

Microsoft has posted an out-of-band patch for the .lnk vulnerability (CVE-2010-2568) that was widely exploited after it was made public two weeks ago. The company announced Friday that the patch would be forthcoming, saying that the Sality malware family, and specifically Sality.AT was actively exploiting the weakness.

Microsoft Security Bulletin MS10-046 here.

“This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

“This security update is rated Critical for all supported editions of Microsoft Windows.”

Microsoft did not provide patches for Windows 2000 and Windows XP SP2, since support has ended for them.

Tom Kelchner

This is the website for the Roman Catholic Diocese of Portland:

Click to Enlarge

It seems they had a bit of a website break in, because up until yesterday anyone visiting the above page on their website would find something peculiar happening after five seconds of inactivity. This was in the Source Code:

After five seconds, the end-user would be redirected to Athiests.org:

Click to Enlarge

Ouch.

It seems they’ve now cleaned up the tampered page.

Christopher Boyd

This is the website for the Roman Catholic Diocese of Portland:

Click to Enlarge

It seems they had a bit of a website break in, because up until yesterday anyone visiting the above page on their website would find something peculiar happening after five seconds of inactivity. This was in the Source Code:

After five seconds, the end-user would be redirected to Athiests.org:

Click to Enlarge

Ouch.

It seems they’ve now cleaned up the tampered page.

Christopher Boyd

Here’s a curious twist on the old “Install Zango to gain access to movies that don’t work” gag – you now install something called “ClickPotato” instead, which is operated by Pinball Corp (you can read about how Zango effectively became Pinball here). For all intents and purposes, it operates in much the same way as the old Zango installs.

1) You think you’re going to watch a new release online – in this case, Salt:

Click to Enlarge

2) A gateway install prompt appears, the only difference being it says “ClickPotato” instead of “Zango”:

Click to Enlarge

Note that it has ShopperReports and QuestDNS preticked, and the text blurb (which I’m assuming was put there by the affiliate operating movie-watching-site(dot)com) says “You must install the movie codec to play movie”. I’m pretty sure ClickPotato isn’t a movie codec.

3) You end up with the ClickPotato program installed on your PC. The About page says this: “In exchange for access to an endless array of popular videos, ClickPotato displays occasional promotional messages based on your Web search and browsing.”

An “endless array”. We’ll come back to that, but first a question: do you think the above website is actually going to show you Salt after having installed ClickPotato?

The answer, of course, is “no”. In case you were wondering – and I know you are – all of the supposed movies on that site display a similar error.

All in all, my first exposure to ClickPotato hasn’t gone as well as it could have.
Shall we take a look at the “endless array” of movies on the ClickPotato homepage, accessible from the ClickPotato application?

Click to Enlarge

There’s a list of programs from A to Z that you can watch. However, clicking into the various listings is a little surreal because almost everything I looked at was a link to material on sites such as Megavideo, Veoh and sina(dot)com(dot)cn that probably shouldn’t have been there.

For example, here’s a typical set of links from the South Park page:

This is what you see if you click the very first link:

Click to Enlarge

“This video has been removed due to infringement”.

Whoops.

Whenever you click on a program / movie link, they’ll present you with the following before sending you to Megavideo or wherever:

“on a site outside of ClickPotato”.

It seems they’re distancing themselves from the many instances of pirated content hosted elsewhere yet linked to from the main site, especially as the Terms of Use state they’re not responsible for “the quality, content, nature or reliability of Sites accessible by hyperlink from this Site”.

All in all, this isn’t a hot potato. Going by past experience with websites that want to install adware in return for “free movies”, I’d advise you not to bother – you’ll either end up watching camcorder footage shot in the local theatre, a blurry mess hosted in China or a thought provoking error message that the critics are calling “The feelbad movie of the year”!

Not coming soon to a cinema near you…

Christopher Boyd

Here’s a curious twist on the old “Install Zango to gain access to movies that don’t work” gag – you now install something called “ClickPotato” instead, which is operated by Pinball Corp (you can read about how Zango effectively became Pinball here). For all intents and purposes, it operates in much the same way as the old Zango installs.

1) You think you’re going to watch a new release online – in this case, Salt:

Click to Enlarge

2) A gateway install prompt appears, the only difference being it says “ClickPotato” instead of “Zango”:

Click to Enlarge

Note that it has ShopperReports and QuestDNS preticked, and the text blurb (which I’m assuming was put there by the affiliate operating movie-watching-site(dot)com) says “You must install the movie codec to play movie”. I’m pretty sure ClickPotato isn’t a movie codec.

3) You end up with the ClickPotato program installed on your PC. The About page says this: “In exchange for access to an endless array of popular videos, ClickPotato displays occasional promotional messages based on your Web search and browsing.”

An “endless array”. We’ll come back to that, but first a question: do you think the above website is actually going to show you Salt after having installed ClickPotato?

The answer, of course, is “no”. In case you were wondering – and I know you are – all of the supposed movies on that site display a similar error.

All in all, my first exposure to ClickPotato hasn’t gone as well as it could have.
Shall we take a look at the “endless array” of movies on the ClickPotato homepage, accessible from the ClickPotato application?

Click to Enlarge

There’s a list of programs from A to Z that you can watch. However, clicking into the various listings is a little surreal because almost everything I looked at was a link to material on sites such as Megavideo, Veoh and sina(dot)com(dot)cn that probably shouldn’t have been there.

For example, here’s a typical set of links from the South Park page:

This is what you see if you click the very first link:

Click to Enlarge

“This video has been removed due to infringement”.

Whoops.

Whenever you click on a program / movie link, they’ll present you with the following before sending you to Megavideo or wherever:

“on a site outside of ClickPotato”.

It seems they’re distancing themselves from the many instances of pirated content hosted elsewhere yet linked to from the main site, especially as the Terms of Use state they’re not responsible for “the quality, content, nature or reliability of Sites accessible by hyperlink from this Site”.

All in all, this isn’t a hot potato. Going by past experience with websites that want to install adware in return for “free movies”, I’d advise you not to bother – you’ll either end up watching camcorder footage shot in the local theatre, a blurry mess hosted in China or a thought provoking error message that the critics are calling “The feelbad movie of the year”!

Not coming soon to a cinema near you…

Christopher Boyd