F-Secure

Back Up and Share Your Holiday Memories

Aug 31, 2010:

The new version of F-Secure Online Backup makes it easier than ever to
keep precious photos and videos safe, and to share them with family and
friends.

Helsinki,
Finland – August 31, 2010: Whether it’s the trip of a lifetime, a fun
holiday spent with friends or the children’s first visit to the beach,
holiday photos and videos bring back precious memories for years to
come. With F-Secure Online Backup™ all the photos and videos collected
on your computer are backed up in a secure location on the Internet,
also making it easier than ever to share your memories with family and
friends.

Inter Engineering and F-Secure warns you for a Microsoft windows shell
shortcut parsing vulnerability

WHAT IS THE THREAT

A vulnerability has been reported in Windows, which can be exploited by
malicious people to compromise a user's system.

The vulnerability is caused due to an error in Windows Shell when parsing
shortcuts (.lnk or .pif) as certain parameters are not properly validated
when attempting to load the icon. This can be exploited to automatically
execute a program via a specially crafted shortcut.

Successful exploitation requires that a user is e.g. tricked into inserting
a removable media (when AutoPlay is enabled) or browse to the root folder of
the removable media (when AutoPlay is disabled) using Windows Explorer or a
similar file manager. Exploitation may also be possible via network shares
and WebDAV shares or via documents supporting embedded shortcuts.

NOTE: This is currently being actively exploited in the wild via infected
USB drives.

HOW TO BE PROTECTED

Inter Engineering recommends disabling the displaying of icons for shortcuts
(please see the Microsoft security advisory for details)

Operators can now offer world-leading F-Secure protection for mobile
phones on the Android, Symbian and Windows platforms. F-Secure Mobile
Security 6 protects against malware and safeguards confidential data on
consumer and business smartphones even if the phone is lost or stolen.

Helsinki, Finland – June 29, 2010: F-Secure announced today the
availability of F-Secure Mobile Security 6 on the Android platform. 
Operators can now offer consumers and businesses a full range of
F-Secure protection for smartphones on the Android, Symbian and Windows
platforms, as well as data security services for PCs and Macs.

Patrik Sallner, VP, F-Secure’s Mobile Business Unit, says, “F-Secure
Mobile Security is the world’s leading smartphone security solution and
we are very pleased to make it available for Android alongside other
popular mobile platforms. This means our operator partners can now
provide their customers with comprehensive IT security covering both
smartphones and computers.”

F-Secure Mobile Security 6 provides complete security for smartphones
against malicious software and also safeguards confidential data even
if the phone is lost or stolen. Its innovative Browsing Protection make
Internet use and mobile financial transactions safer than ever for
smartphone users.
 

Jul 20, 2010:

F-Secure advises companies to
establish a USB Device Policy and to migrate from Windows XP Service
Pack 2 as soon as possible.

Helsinki, Finland – July 20, 2010:
Microsoft published Security Advisory 2286198 on Friday of last week,
confirming the existence of a critical vulnerability in all supported
versions of Windows. The new zero-day vulnerability is easily
exploitable via USB storage devices, network shares or remote WebDAV
shares. All that is required for exploitation is for the contents of the
USB device to be viewed in Windows Explorer. Specially crafted shortcut
(.lnk) files are allowed to execute code when the shortcut's icon is
loaded to the GUI. An exploit targeting this vulnerability is currently
in limited use and additional exploits are very likely in the coming
weeks.

The shortcut vulnerability was discovered during investigation of the
Stuxnet rootkit which has been used in targeted attacks aimed at
Siemens SCADA systems. Such systems are used for supervisory control and
data acquisition in industrial facilities such as power plants. The
shortcut file used in this case is detected as Exploit:W32/WormLink.A.

Exploit.PDF-Dropper.Gen

Urgency:

May 19, 2010:

The F-Secure Share solution
already serves hundreds of thousands of users through operators like
Telefónica’s TerraGiga in Spain and is now available to Internet
operators globally.

Helsinki, Finland – May 19, 2010:
F-Secure Share is a fully hosted and secure service solution available
to Internet operators. It provides an easy to use online storage and
sharing solution for the operators’ end customers, ideal for sharing for
example personal photos, videos and office documents.

F-Secure Share is already used by Telefónica, one of the world’s
largest telecommunications companies. TerraGiga (http://giga.terra.es ), the F-Secure
Share online storage service of www.terra.es,
the leading Internet content portal in Spain owned by Telefónica, was
released almost a year ago.