RUNDLL32.ORG

Summary    We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.

Microsoft today issued 10 security updates that patched a record 31 vulnerabilities in Windows, Internet Explorer, Excel, Word, Windows Search and other programs, including 18 bugs marked 'critical.' Of the 10 bulletins, six patched some part of Windows, while three patched an Office application or component, and one fixed a flaw in IE. The total bug count was the most patched by Microsoft in a single month since the company began regularly scheduled updates in 2003. The previous record of 26 vulnerabilities patched occurred in both August 2008 and August 2006. 'This is a very broad bunch,' said Wolfgang Kandek, CTO at Qualys, 'compared to last month, which was really all about PowerPoint. You've got to work everywhere, servers and workstations, and even Macs if you have them. It's not getting any better, the number of vulnerabilities [Microsoft discloses] continues to grow.

When you open Task Manager, you may see Rundll32.exe entry in the Processes tab. Or, you may also encounter a rundll32.exe error at shutdown. Rundll32.exe is a valid system file which executes a DLL. The actual command may be Rundll32.exe filename.xxx, <function>, whereas Task Manager reports only the command name and not it's parameter.

How Rundll Works

Rundll performs the following steps:

1. It parses the command line.
2. It loads the specified DLL via LoadLibrary().
...

The Windows XP tool Tasklist can be used to determine what program modules are currently being executed by rundll32.exe. (For discussion of Tasklist, go to this page.) To create a list of running tasks, open a Command Prompt window and enter the following command:

Build numbers have been flying around like crazy as usual but Windows 7 Build 7105 has had many fans scratching their heads over. According to Neowin, Build 7105 is an RC build. The build string is  6.1.7105.0.090404-1235_x86fre_client_en-us_Retail_Ultimate-GB1CULFRER_EN_DVD and the build was compiled on April 4th. According to some screenshots Faikee found, this may very well be the case. The following screenshot was found by Faikee from our forums:

Conficker virus could be deadly threat – or April Fool's joke

Virus that has infected 10m computers leaves experts baffled.It could be the biggest April Fool's joke ever played on the internet, or it could be one of the worst days ever for computers connected to the network. Security experts can't work out whether the Conficker virus – which has infected more than 10m Windows PCs worldwide – will wreak havoc on Wednesday , or just let the day pass quietly.

Rundll vs. Rundll32

Rundll loads and runs 16-bit DLLs, whereas Rundll32 loads and runs 32-bit DLLs. If you pass the wrong type of DLL to Rundll or Rundll32, it may fail to run without indicating any error messages.

Mimivirus is one of the largest and most complex viruses known. The virus was first isolated in 1992 from amoebae growing in a water tower in Bradford. La Scola, B. et al. (2003) A giant virus in amoebae. Science 299: 2033.