April 15, 2010

Don’t Fool Around with the F1

Filed under: F1 Scam, Microsoft, Microsoft Security Essentials, Viruses, security advisory — Tags: computer, computer help, computer security, computer service technician, computer services, computer technician., computers, F1, F1 Scam, internet explorer, keep your computer safe, malicious web page, march Microsoft advisory, march Microsoft security advisory, March security advisory, Microsoft, Microsoft advisory, Microsoft Essentials, Microsoft Security, Microsoft Security Essentials, Microsoft virus, Microsoft viruses, security advisory, security services, security virus, security viruses, service technician, snopes, snopes.com, virus, Viruses — admin @ 12:59 pm

It sounds like it couldn’t possibly be true, but Microsoft itself confirms it: pressing F1 on a computer keyboard can actually activate malware for Internet Explorer users.

Microsoft released an advisory March 1, 2010 that warns of the F1 scam.

“Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time[…] Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.” By: Microsoft TechNet.

With this security issue, a dialog box is displayed by a malicious web page or other Internet site. Then a prompt occurs that urges users to press F1. The prompt often appears repeatedly. When users hit the F1 key, malware can cause malicious code to be run on the user’s computer.

Microsoft admits that there is not a patch for this vulnerability at this time.

If you are online and a site is trying to convince you to press F1, you are advised to simply log off the system. You could also use the Task Manager to kill the Internet Explorer process. Making sure that you have working security software such as Microsoft Essentials is most essential to keeping your computer and information safe.

The F1 scam is currently one of the Hot 25 on the scam-busting website Snopes.com.

Check back for updates on security advisories!  Should you suspect that your computer has been infected with a virus, contact your local computer service technician.