FOXTROT/ALFA: Urgent SMBv3 Patch, Necurs Botnet Nuked, IBM Sues Airbnb

Welcome to FOXTROT/ALFA #88 for Thursday, 12 March 2020, the only guaranteed panic-free newsletter left on the planet. Let’s look at what’s going on in the tech world today.

An Extra Patch from Microsoft

Microsoft shipped over a hundred patches on Patch Tuesday but neglected to release a security update for a wormable flaw in SMBv3, the network file sharing protocol in Windows. The company has rectified this now.

On Thursday morning, Redmond emitted the update to Server Message Block 3.1.1 to kill off a critical flaw word of which leaked out inadvertently this week. Designated CVE-2020-0796, the bug can be exploited by an unauthenticated attacker to execute malicious code, at administrator level, on an un-patched system simply by sending the targeted system specially crafted compressed data packets. A hacker thus just needs to reach a vulnerable machine on the internet or network to fully compromise it.

Windows 10 32 and 64-bit systems running Windows 10 v1903, Windows 10 v1909, Windows Server v1903, and Windows Server v1909 need to get patched right now. This flaw is wormable, in that once a box has been hijacked, it can automatically seek out more victims to infect and spread across the globe. “While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to your affected devices with priority,” Microsoft says of the update.

Microsoft Blows the Necurs Botnet Off the Net

Microsoft has also disabled an email spam botnet of 9 million systems by figuring out the algorithm that generates the throwaway domains for its command-and-control servers.

The Necurs botnet, responsible over the years for quite a considerable volume of spam – as well as being hired out to crims pushing malware payloads such as the infamous Locky ransomware and Dridex malware – was downed by Microsoft and its industry chums following a US court order allowing the private sector companies to go in hard and heavy on the botnet.

Redmond’s Tom Burt said in a blog post: “Necurs is believed to be operated by criminals based in Russia and has also been used for a wide range of crimes including pump-and-dump stock scams, fake pharmaceutical spam email and ‘Russian dating’ scams.”

Microsoft researchers figured out how an algorithm that generated new, unique domains for Necurs' infrastructure operated and was able to correctly guess six million domain names that would be generated over a 25-month period, it said. These domains were then reported to registrars so they could be promptly blocked. “By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet,” beamed Burt.

Patent Lawsuit: IBM Sues Airbnb

IBM is suing Airbnb over a number of e-commerce patents.

IBM is suing Airbnb over four patents linked to e-commerce. And the suit could be timed to tie in with Airbnb’s expected IPO offering that’s expected sometime this year. The companies have been negotiating over the patents for six years, says a report from Bloomberg News. IBM noted that “enough is enough” and sued, citing failed negotiations.

“IBM’s timing is unlikely to be a coincidence, argued University of California Hastings law professor Robin Feldman,” noted The Financial Times.

Heh. Apparently IBM won a similar case against Groupon in the past. I wonder how Red Hat employees feel about such aggressive patent litigation by their parent company.

New The Witcher Game announced

CD Projekt has announced it will start development of a fourth game in The Witcher series once Cyberpunk 2077 is released.

Work is set to begin on a new Witcher game once Cyberpunk 2077 launches, CD Projekt president Adam Kiciński has revealed. Kiciński told a group of journalists that a “relatively clear concept” has already been staked down for the next entry in the Witcher series, but that full production would kick off “immediately” after Cyberpunk 2077 hits the shelves. Cyberpunk 2077 was recently delayed until September, so it sounds like we can expect the next Witcher game to enter development around the same time.

Apparently, the new Witcher game won’t be a direct sequel to 2015’s The Witcher 3: Wild Hunt, and won’t be called The Witcher 4. Kiciński also said every game the Polish studio currently has planned will be based in either the Witcher or Cyberpunk universe.

Firefox 74 Suggests You Quarantine Facebook with a Browser Extension

This is interesting. If you update to Firefox 74, the newest version of the browser, it prompts you to install an extension that puts Facebook in its own privacy container, aimed at disabling their ability to track you all over the web. The prompt reads:

It’s okay to like Facebook

If you still kinda like Facebook but don’t trust them, then try the Facebook Container extension by Firefox and make it harder for them to track you around the web.

It’s not a new extension, though.

The Facebook Container add-on is not new, but has been enhanced in its latest version, 2.1.0, with the ability to add custom sites to the container so that you can “login with Facebook wherever you need to”.

When you visit Facebook and log in, the cookies it plants are isolated to the container. This prevents Facebook Like buttons and embedded comments from working on other sites. There is also an issue with sites that require or offer a Facebook login, which you can now overcome by adding those sites to the container. Sites are added by clicking a fence icon and selecting “Allow site in Facebook container.” The effect is like having two web browsers, one in which you are logged into Facebook and subject to potential tracking on any site which has Facebook content, and another where Facebook has no knowledge of you.

The Register raises a valid point about this, though.

What is Mozilla doing about Google, another data-hoover? It may be a trickier topic than Facebook, given that the nonprofit is part-financed by the search giant.

Also Noteworthy

Some other stories I found that might interest you:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.