Sunday, December 31, 2006

New Years Resolutions

happy new year


This is the time of year when we decide to make ourselves a few promises. In this technological age, our computers and the data we keep on them are becoming more and more important to us in our daily lives. So it makes sense to review how you use your computer and how you look after it and now is as good a time as any!

Update, Update, Update

The makers of the software you use work very hard to keep it up to date so that you are as
protected as you can be from the latest security threats, it is up to you to make sure that you keep your software updated.

  • Windows Update - you can set your computer to automatically download and install updates when they become available. If you don’t like that idea then you can change your settings in the security centre to notify you when updates are available.

  • AntiVirus – Your AntiVirus should be set to automatically update, check your settings. If you use a paid for application then check your subscription renewal date too. If you use AVG Free AntiVirus then make sure you have installed version 7.5 as version 7.1 will no longer be supported after 15th January.

  • Other Stuff – I’m sure it is a pain going through all your software to check whether updates are needed, SecuniaSoftware Inspector will do that job for you, bookmark that site and run a scan about once a month.

Check Your Security Software

Now would be a good time to review your software, I’ve already mentioned Antivirus, do you have a firewall? Do you have some anti Malware software? Do you have a temp file cleaner? If you want some suggestions then I have some freely available software listed here.

Secure your Wireless Network

More and more of us are going wireless, which is great!
But, a wireless router is unsecured by default, so please check out your router’s manual and secure that network. If you don’t then your computer is wide open for anyone to get in and have a good rummage about and your bandwidth is open for anyone to steal. There are lots of articles available on this subject here is one to get you started. Top 10 Tips for Wireless Home Network Security by Bradley Mitchell.

Use Strong Passwords

If you have to use a password for something then make it a Strong Password. What’s a Strong Password? Click here

Backup

Now would be a good time to get a backup routine started. However careful we are, disasters will happen. Some tips;

  • Never store your backups on the same partition as your operating system, even better, invest in a separate hard drive and burn your backups to disk regularly.

  • Invest in some good imaging software and take the time to learn how it works, restoring an image after disaster has struck is quick and painless.

  • Keep your backups secure, remember, they contain all your information. I wouldn’t recommend that you store them on line.

  • If possible, keep more than one backup and store them in different locations.

Maintenance

You wouldn’t run your car without checking it’s oil and water, keeping it clean and sending it for a service now and then would you? The same goes for your computer. Look after your baby, some tips;

  • Run a full anti virus and anti malware scan at least once a week, on all your hard drives.

  • Run a temp file cleaner once a week, CCleaner is good for this.

  • Defragment your hard drives about once a month.

  • Uninstall programs that you no longer use

  • Clean your hardware about once every six months, if your fans are really clogged up with dust then replace them, I find a can of compressed air, a soft real bristle paintbrush and a vacuum hose (held at a safe distance) ideal for cleaning out the inside of my case, don’t forget your keyboard.

Be careful what you install

We all love a freebie, and there are plenty of useful and safe applications that are available for download out there… there are also quite a few that will give you a nasty surprise!! If you can, then try the software out in a safe environment first, you can get Microsoft’s Virtual PC for free now. At the very least, check out the EULA before you install, if you find that hard going then Javacool has a program that will help you with this called EULAlyzer™. If you do find some free software that you like, then consider donating to the author if you have a few pennies spare at the end of a month.

Be careful where you surf

The internet is a wonderful place, but it is full of dark corners so do watch your step. Ultimately, it is your choice where you go, but McAfee’s Site Advisor, Firetrust’s Sitehound and the MVPS Hosts File will all help to keep you away from the bad guys.

Finally…………. Have a Wonderful New Year!!!



Saturday, December 30, 2006

Spybot Search and Destroy December 29th

Adware
+ NSIS Media Extension
Hijacker
++ PartyPoker
Malware
+ ErrorSafe + PSW.WOW + Smitfraud-C. (3) + SystemDoctor2006
+ VirtuMonde
PUPS
+ AntiverminsPro ++ CyberDefender
Trojan
+ AnotherBOT + BPS Spyware Remover ++ CIOLE.Media.Extension
+ Dumaru (2) ++ GoldenRivieraCasinoLoader + LZIO.Small + QQRob (5) ++ War3z + WarezP2P (2) ++ Win32.Agent.At + Win32.Agent.uj
+ Win32.Bancos.zm + Win32.Banker.anv ++ Win32.Delf.acc
++ Win32.SdBot.azc ++ Win32.VB.atz (2) + Zlob.GoldCodec (3)
+ Zlob.KeyGenerator + Zlob.PornMagPass (2) + Zlob.PornPassManager ++ Zlob.SoftCodec + Zlob.VideoAccess (4)
+ Zlob.VideoActiveXObject (3)
Total: 346147 in fingerprints in 57026 rules for 2586 products.

http://www.safer-networking.org/en/home/index.html

AD AWare SE1R141 27.12.2006

SE1R141 27.12.2006 is now available, new definition file for Ad-Aware SE.

New definitions:
====================
Adware.Mirar+2
Adware.PluginDL +6
Adware.TrafficSol +3
BraveSentry +7
Win32.Hacktool.WinSpy +3
Win32.TrojanDownloader.Banload +19

Updated definitions:
====================
Adware.180Solutions.SeekmoSearchAssistant
Adware.BHO(generic) +2
Adware.NewWeb +3
Adware.Searchcolours
Adware.WebRebates +6
AntiVermins +2
Backdoor.Prorat.16 +2
BargainBuddy +4
ErrorSafe
PestCapture +2
PestTrap
PurityScan +2
Softomate Toolbar +3
SpywareSheriff +2
TopSearch +2
Virtumonde +3
VirusBurst
WebHancer
Win32.Backdoor.Agent +5
Win32.Backdoor.Agobot
Win32.Backdoor.PcClient +3
Win32.Backdoor.RBot +2
Win32.Bagle.B +3
Win32.Dialer.Trojan
Win32.Generic.PWS +13
Win32.Trojan.Agent +13
Win32.Trojan.Delf +2
Win32.Trojan.Downloader +37
Win32.Trojan.Klone +2
Win32.Trojan.MatrixHasYou +6
Win32.Trojan.Mirc +3
Win32.Trojan.Small
Win32.Trojan.Spy +11
Win32.TrojanClicker +4
Win32.TrojanDownloader.Adload +2
Win32.TrojanDownloader.Agent +11
Win32.TrojanDownloader.Delf +7
Win32.TrojanDownloader.Small +14
Win32.Trojandownloader.Zlob +4
Win32.TrojanDropper +3
Win32.TrojanProxy.Agent.dl +3
Win32.TrojanProxy.Small
Win32.Trojan-PSW.Lineage +9
Win32.TrojanSpy.Banker +76
Win32.Worm.Agobot.E +5
Win32.Worm.MSNMaker
Win32.Worm.Viking +6
Win32.Worm.Warezov +15
WinPopup +3

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

Spyware Doctor 3.0635 1

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0635 1
Intelli-Signatures: 178,711

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0635 1 - Backdoor.DHCPCom, Backdoor.Sdbot.AZS, Common Components for Worm.Warezov, Exploit.MSWord.MS06-027, Trojan.Dropper.Agent.NCR, Trojan.Spy.Banker.ABS, Trojan.Spy.Banker.ACQ, Trojan.Spy.Banker.AEM, Worm.Padobot, Worm.Warezov.ET, Worm.Warezov.FH

3.0634 0 - Backdoor.Badrat.E, Backdoor.MoonPie, Hacktool.HIDD, Trojan.Agent.DPY, Trojan.Spy.Banpaes

3.0633 0 - Backdoor.VB.JV, Firehole, Trojan.Agent.AZV, Trojan.PSW.Tmp636

3.0632 1 - Christmas Blessing-4

Extended Intelli-Signatures:
3.0635 1 - Backdoor.Poison, Backdoor.Rbot, Backdoor.Sdbot.AAD, Common Components for Trojans, CWS, Known Bad Sites, SexVideoPro Dialer, Suspicious File, Trojan.Banbra, Trojan.Banker.AEM, Trojan.Banker, Trojan.Dluca, Trojan.Downloader.Banload.MS, Trojan.Proxy.Lager.f, Trojan.Spy.Banker.AEZ, Trojan.Win32.Agent.ZQ, Worm.Warezov

3.0634 0 - ActiveX Objects, Maxifiles, PurityScan, Trojan.Banker, Trojan.Goldun, VSToolbar, Worm.Licat

3.0633 0 - AntiVermins, Backdoor.AimBot, Backdoor.IRCBot, Borlander, CleverIEHooker, Common Components Unrelated, InstaFinder, Keylog-sters, MemoryMeter, Trojan.Banbra, Trojan.Bancos.JZ, Trojan.Banker.FZ, Trojan.Downloader.Ruins, Trojan.Pakes, Trojan.Popuper.Downloader, Trojan.Popuper, Trojan.Spy.Banpaes.J, TV Media Display

3.0632 1 - Common Components for Trojans, Trojan.Clagger.H


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Friday, December 22, 2006

SpywareBlaster Updated, 23 New Items

Updated: December 19th, 2006
New: 32 Items
Total: 7030 Items

SpywareBlaster is free and available from Javacool's SpywareBlaster page.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

Spybot Search & Destroy Dec 22nd

22nd, December 2006
Dialer
+ StarnetItalia
Keylogger
+ Smitfraud-C.Keylogger
Malware
+ Backdoor.Win32.SdBot.gen + CarpeDiem Vars + Cimuz + PestTrap + PWS.WOW (2) + Smitfraud-C. (2) + VirtuMonde + WinClean + Winsoftware.WinAntiVirusPro2006 ++ Backdoor.Win32.MsnLog ++ Win32.Bancos.zm
PUPS
+ MalwareWipe
Spyware
+ TargetMarketingAgency
Trojan
+ Cassava + FakeBill + LZIO.Small + QQRob (3) + SeachToolbarCorp.ToolbarVision + VistaActivation.Trojan + Win32.Bifrose.aci + Win32.Delf + Zlob.DigiPassword + Zlob.PornMagPass (2) + Zlob.Wave ++ Zlob.VideoActiveXObject
Total: 343132 fingerprints in 56039 rules for 2557 products.
http://www.safer-networking.org/en/home/index.html

Spyware Doctor 3.0630 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0630 0
Intelli-Signatures: 176,841

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0630 0 - Trojan.PSW.Trillian, Trojan.Spy.Banker.ADS, Trojan.Spy.Banker.AHE, Trojan.Spy.Banpaes.X

3.0629 0 - AntiVermins, Trojan.PSW.TRBM, Trojan.Spy.Banker.CAW, Trojan.Spy.Banpaes.AS, Trojan.Spy.Banpaes.J

3.0628 0 - Adwin, Backdoor.Novadoor, Trojan.Banbra.HK, Trojan.PSW.TVGame

Extended Intelli-Signatures:
3.0630 0 - AdUrl, Adware.NewWeb, Ardamax Keylogger, Backdoor.Agobot, Backdoor.AimBot, Backdoor.Assasin, Backdoor.Beastdoor, Backdoor.Bifrose, Backdoor.BO2K, Backdoor.CIADoor.13, Backdoor.CIADoor, Backdoor.Ginwui, Backdoor.Gobot, Backdoor.Graybird.GEN, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.InfecDoor, Backdoor.IRC.Flood, Backdoor.MoSucker, Backdoor.Optix, Backdoor.PCclient, Backdoor.ProRAT.K, Backdoor.ProRat, Backdoor.Radmin, Backdoor.Rbot.ADF, Backdoor.Rbot.YH, Backdoor.SdBot, Common Components for 180Solutions items, Common Components for Keyloggers, Common Components for Trojans, Common Components Unrelated, Common Components used by Gator, 7Fasst and 0Cat Yellowpages, Email.Worm.Bagle, Email.Worm.NetSky, Spector Pro Keylogger, Trojan.Downloader.Tiny.BM, Trojan.FakeAlert, Trojan.LdPinch, Trojan.Pakes, Trojan.Proxy.Lager.f, Trojan.PWS.Tanspy, Trojan.Spy.Banker.ABG, Trojan.Spy.Banker.ADD, Trojan.Spy.Banpaes.J, Trojan.Spy.Banpaes.W, Worm.Warezov, Zestyfind

3.0629 0 - Adware.Sogou, Backdoor.Rbot.AEU, Drive Cleaner, Keylog-sters, PurityScan, SubSeven, Suspicious File, SystemDoctor, Trojan.Banbra, Trojan.Banker, Trojan.Popuper, Trojan.Spy.Banker.ABG, Trojan.Spy.Banker.AHO, VirusBurst

3.0628 0 - Backdoor.Agent, Backdoor.Bifrose, Backdoor.EggDrop, Backdoor.Hupigon.GEN, Backdoor.IRCBot.AZ, Backdoor.MoSucker, Backdoor.Rbot.ADF, Backdoor.Rbot.BEC, Backdoor.Rbot.C, Backdoor.Rbot.Gen, Backdoor.Rbot.WI, Backdoor.Sdbot.AAD, Bestoffers, Common Components for Backdoors, Common Components Unrelated, Dollarrevenue, ILookup.Begin2Search, SpyAxe, Trojan.Banbra.DF, Trojan.Bancos.JZ, Trojan.Bancos.LX, Trojan.Bancos.WN, Trojan.Bancos, Trojan.Banker.AJ, Trojan.Downloader.Adload, Trojan.PWSteal.Lemir.AEH, Trojan.Spy.Banker.ADD, Trojan.Spy.Banker.AEC, Trojan.Traffloads


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Christmas is Coming

It's getting near to that time of year again, no doubt you will know of family members or friends who will be treating themselves or their children to a nice new bit of kit or an online connection.

As the person in their lives who knows a bit about computers, no doubt you will be asked to help set it up and you will be asked for a little expert advice, which will go in one ear and out of the other because they just can't wait to get started!! rolleyes.gif

May I suggest that you leave them with a few sites to visit... perhaps even make a HTML file with some handy links and leave it on their desktop. Here are a few suggestions for you.

Get Safe Online: A site sponsored by the UK Government and leading businesses to help you protect yourself against internet threats. And excellent site and well worth spending some time browsing around it. My only gripe is that they don't really have a comprehensive list of freely available software but I have a few listed on my Favourites page.

Bank Safe online; Provides advice on steps to take to bank safely online, plus a whole lot more. Make sure you check out the Helpful Sites page.

Stay Safe Online - A US site similar to Get Safe Online, well worth a visit.

Think U Know - Teenagers know it all.. and this is an excellent site aimed at them to make sure that they do know it all when it comes to staying safe and having fun on the internet.

Chatdanger - It's an exciting world out there and our kids are going to chat whether we like it or not. This site has been produced by the charity Childnet International. Another great site for teaching kids about online safety.

Microsoft Security at Home - This is Microsoft's security site and is another great place to start to get information about how to keep yourself, your computer and your children safe and secure online, it will also keep you up to date with all the Windows XP related news.

Finally... our kids love to talk and they love Messenger and they will love Messenger Plus Live, because all their friends have it. Please make sure you check that they install this program without the sponsor program, Lop infections seem to make a dramatic increase over the Christmas period for some reason or other!!!! Sandi Hardmeier has a nice write up on the latest version of MessengerPlus on her blog

Merry Christmas to you all and please have a safe and secure 2007

Monday, December 18, 2006

Mr Clean in the Spyware Business now?

The latest fake antispyware program, Mr Antispy, looks familiar. It seems the spyware makers ran out of ideas and ripped off Mr Clean, the household cleaner. The only thing that will get cleaned by Mr Antispy will be your wallet if you buy it. Comparison picture included in link.

It should go without saying that you shouldn't buy this program. It's made by the same people who brought us SpyAxe, SpyFalcon, SpywareStrike, MalwareWipe, Pest Trap, and many other rogue programs. The registration for mrantispy.com is done by ESTDOMAINS who is associated with all of those fake programs. If any Proctor & Gamble lawyers come across this, why not give them a call at 1.3027224217

Digg it

Ad Aware SE1R140 18.12.2006

Ad Aware has been updated, the new definition is SE1R140 18.12.2006


Updated definitions:
====================
Adware.Agent +5
Adware.Allsum +2
Adware.BHO(generic) +8
Adware.CasClient +2
Adware.Eztracks +4
Adware.Henbang +2
Adware.Suggestor +3
Dialer
ErrorSafe +2
EzuLa +3
FakeAlert
Purityscan +3
Virtumonde +2
Win32.Backdoor.Agent +6
Win32.Generic.PWS +20
Win32.Trojan.Agent +2
Win32.Trojan.Delf +2
Win32.Trojan.Downloader +20
Win32.Trojan.Klone
Win32.Trojan.Spy
Win32.TrojanDownloader.Agent +2
Win32.TrojanDownloader.Delf +3
Win32.TrojanDownloader.Small
Win32.Trojandownloader.Zlob +5
Win32.TrojanDropper +5
Win32.Trojan-PSW.Lineage +4
Win32.TrojanSpy.Banker +24
Win32.TrojanSpy.Goldun +3
Win32.Worm.MSNMaker +2
Win32.Worm.Warezov +9

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

Sunday, December 17, 2006

World of Warcraft Patch 2.0.1 issue down to WareOut?

My friends at Security Central have had a few gamers asking for help just recently. Some players of the World of Warcraft game have been unable to log into thier accounts since downloading a patch, there is a big long thread on the WoW forums about it.

Now whether the patch was infected or the server it was downloaded from was infected or it's just a bad co-incidence, I don't know, but the team at Security Central have noticed that every log from a WoW gamer asking for help so far has been infected with WareOut.

Little Eagle has put together a self help thread using FixWareOut, developed and maintained by fellow Microsoft MVP LonnyJones. If you are a Wow gamer and are still having problems after running this fix then please ask for help on the forums.

Thursday, December 14, 2006

Spyware Doctor 3.0622 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0622 0
Intelli-Signatures: 142,527

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0622 0 - Backdoor.GrayBird.X, Backdoor.IRCBot.YH, Backdoor.Mechbot, Backdoor.Medbot, Backdoor.Nark, Backdoor.Neodurk, Backdoor.Netcrack, Backdoor.Netshadow, Backdoor.Netsnake, Backdoor.Nightmare, Backdoor.Noknok, Backdoor.Nuclear, Backdoor.Nucledor, Backdoor.Nucleroot, Backdoor.Oblivion, Backdoor.Outbreak, Backdoor.Packbot, Backdoor.Peepviewer, Backdoor.Pestdoor, Backdoor.Plunix, Backdoor.Poebot, Backdoor.Poison, Backdoor.PPDoor, Backdoor.Ptakks, Backdoor.Reload, Backdoor.Revenge, Backdoor.Rukap, Backdoor.Runar, Backdoor.Sbot, Backdoor.Schoolbus, Backdoor.Sensode, Backdoor.Servidor, Backdoor.Shadow, Backdoor.Shbot, Backdoor.Silentspy, Backdoor.Singu, Backdoor.SkSocket, Backdoor.Slackbot, Backdoor.Snowcap, Backdoor.Spartadoor, Backdoor.Spookdoor, Backdoor.Subot, Backdoor.Subroot, Backdoor.Tsunami, Backdoor.Ullysee, Backdoor.Vanbot, Backdoor.VBBot, Backdoor.Wardoor, Backdoor.Webex, Backdoor.WinterLove, Backdoor.Wisdoor, Backdoor.Wollf, Backdoor.Xdoor, Backdoor.Y3KRat, Backdoor.Yurist, Backdoor.Zalivator, Backdoor.Zemac, Trojan.Agent.AD, Trojan.Banbra.DQ, Trojan.Bancos.PX, Trojan.Bancos.QW, Trojan.Downloader.Hanlo, Trojan.Downloader.Lopin, Trojan.Downloader.Nurech, Trojan.Downloader.Obfuscated, Trojan.Lodear, Trojan.Mitglieder, Trojan.Proxy.Lager, Trojan.PSW.Vingrad, Trojan.PWSteal.Gamec, Trojan.Rebooter, Trojan.Spy.Agent, Trojan.Spy.Banker.AHO


3.0621 0 - Backdoor.Amitis, Backdoor.Bandok, Backdoor.Berbew, Backdoor.Blackhole, Backdoor.Bladerunner, Backdoor.Brabot, Backdoor.Cakl, Backdoor.Death, Backdoor.Deepthroat, Backdoor.Dragonbot, Backdoor.Evilbot, Backdoor.Firefly, Backdoor.Flux, Backdoor.Frenzy, Backdoor.G_Door, Backdoor.GGDoor, Backdoor.Ghost, Backdoor.Hacarmy, Backdoor.Hacktack, Backdoor.Helios, Backdoor.Igloo, Backdoor.Isen, Backdoor.Justjoke, Backdoor.Kokodoor, Backdoor.Lanfiltrator, Backdoor.Lecna, Backdoor.LittleWitch, Backdoor.MasterParadise, Trojan.Banbra.EJ, Trojan.Banbra.GI, Trojan.PWSteal.Lemir.ACN, Trojan.Spy.Banker.BFK, Trojan.Spy.Banker.BLF, Trojan.Spy.Banker.BUG


Extended Intelli-Signatures:

3.0622 0 - Backdoor.Agent, Backdoor.Agobot, Backdoor.GrayBird.Q, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.IRCBot.AZ, Backdoor.Rbot.ADF, Backdoor.Rbot, Bestoffers, ClkOptimizer, Common Components for Trojans, Common Components Unrelated, Fearless KeySpy, InternetOptimizer, Lop.com, MSNMaker, QQFace, SC Keylogger, Trojan.AVKillers, Trojan.Bancos.JL, Trojan.Bancos.KL, Trojan.Bancos, Trojan.Banker, Trojan.Downloader.Banload.AM, Trojan.Downloader.Banload.CU, Trojan.Downloader.Delf, Trojan.Dropper.Agent.AWB, Trojan.Dropper.Small.AEK, Trojan.Dumaru, Trojan.FakeAlert, Trojan.FakeAOL, Trojan.FakeGina, Trojan.FakeMSN, Trojan.Favadd, Trojan.Fearless.Spy, Trojan.Fivesec.A, Trojan.Goldun, Trojan.HacDef, Trojan.Horst, Trojan.Jakposh, Trojan.Kapod, Trojan.KillFiles, Trojan.LdPinch, Trojan.LipGame, Trojan.LowZones, Trojan.Mailbot, Trojan.Notifier, Trojan.NSAnti, Trojan.Pakes, Trojan.Popuper.Downloader, Trojan.Popuper, Trojan.Proxy.Ranky, Trojan.Proxy.Xorpix, Trojan.PSW.Agent.CK, Trojan.PSW.Hangame, Trojan.PSW.Mifeng, Trojan.PSW.Nilage, Trojan.PSW.Platan, Trojan.PSW.QQDragon, Trojan.PSW.QQGame, Trojan.PSW.QQRob, Trojan.PSW.Wowcraft, Trojan.PSW.Yahoo, Trojan.PWS.Hukle, Trojan.PWS.Tanspy, Trojan.PWS.Tibia, Trojan.PWSteal.Bancos, Trojan.PWSteal.Gadu, Trojan.PWSteal.Gamania, Trojan.PWSteal.Kuang, Trojan.PWSteal.Lemir, Trojan.PWSteal.Lineage, Trojan.PWSteal.Lmir.GEN, Trojan.PWSteal.QQPass, Trojan.Qhosts, Trojan.Repsamo, Trojan.Rux, Trojan.SpaBot, Trojan.SpamBot, Trojan.Spy.Banker.AEC, Trojan.Spy.Banker.BFN, Trojan.Spy.GWGhost, Trojan.Spy.Iespy, Trojan.Spy.Ransom.A, Trojan.Startpage, Trojan.Surila, Trojan.Tooso, Trojan.TroySpy, Trojan.Vipgsm, Trojan.Wayphisher, Ultimate Cleaner, Virtumonde, Worm.Mytob, Worm.Opnis


3.0621 0 - Adware.DM, Backdoor.Bionet.404, Backdoor.Blueang, Backdoor.BO2K, Backdoor.Cheeser, Backdoor.Chupa, Backdoor.CIADoor, Backdoor.Codbot.Gen, Backdoor.CommInet, Backdoor.Darkmoon, Backdoor.DonaldDick, Backdoor.DSNX, Backdoor.EggDrop, Backdoor.Fadedoor, Backdoor.Feardoor, Backdoor.Ginwui, Backdoor.Gobot.GEN, Backdoor.Graybird.GEN, Backdoor.Hackdoor, Backdoor.Harvester, Backdoor.Hupigon.GEN, Backdoor.InfecDoor, Backdoor.IRC.Flood, Backdoor.IRC.Mimic, Backdoor.IRC.Zapchast, Backdoor.IRCBot.ET, Backdoor.IRCBot, Backdoor.IrcContact, Backdoor.Lithium, Backdoor.Litmus, Backdoor.Lixy, Backdoor.MoSucker, Backdoor.Netdevil, Backdoor.NetThief, Backdoor.Optix, Backdoor.Optixpro, Backdoor.Pahador, Backdoor.PCclient, Backdoor.PowerSpider, Backdoor.ProRat, Backdoor.Radmin, Backdoor.Rbot.AEU, Backdoor.Rbot, Backdoor.Redkod, Backdoor.Robobot, Backdoor.Sdbot.AAD, Backdoor.SDBot.XD, Backdoor.SdBot, Backdoor.SkRat, Backdoor.SpyBoter, Backdoor.Theef, Backdoor.UltimateRAT, Backdoor.Virkel, Backdoor.Webdor, Backdoor.Winshell, Backdoor.Wootbot.Gen, Bestoffers, Breplibot, Common Components for Trojan.PWStealers, Common Components for Trojans, Common Components Unrelated, CouponAge, Desktop Hijacker, Dollarrevenue, EliteBar, HideWindows, ICQ Password Spy, Iroffer, ISTbar, Keylogger.Cone.Trojan, LinkOptimizer, NetBus, NetSpy, Power Spy, PurityScan, Rootkit.Vanti, SubSeven, Trojan.Adclicker, Trojan.Agent, Trojan.AVKillers, Trojan.Banbra.CC, Trojan.Banbra, Trojan.Bancos.CR, Trojan.Bancos.HA, Trojan.Bancos.JZ, Trojan.Bancos, Trojan.Bankem, Trojan.Banker.ANV, Trojan.Busky, Trojan.Clicker.Aditer, Trojan.Conycspa, Trojan.Crypt.D, Trojan.Crypt.E, Trojan.Crypt.I, Trojan.Crypt.T, Trojan.Dadobra, Trojan.Daemonize, Trojan.Danmec, Trojan.Delsha, Trojan.Dluca, Trojan.DNS Changer, Trojan.Downloader.Adload, Trojan.Downloader.Apher.GEN, Trojan.Downloader.CashDeluxe, Trojan.Downloader.Centim, Trojan.Downloader.ConHook, Trojan.Downloader.Femad, Trojan.Downloader.Fuetel, Trojan.Downloader.Harnig, Trojan.Downloader.Iciko, Trojan.Downloader.Mediket, Trojan.Downloader.Monurl, Trojan.Downloader.Murlo, Trojan.Downloader.MyPay, Trojan.Downloader.PassAlert, Trojan.Downloader.TIBS, Trojan.Dropper.Agent.AMR, Trojan.Dropper.Agent.AXO, Trojan.Dropper.ExeBinder, Trojan.Dumaru, Trojan.Pakes, Trojan.Popuper, Trojan.Proxy.Small.BO, Trojan.PSW.Yap Variant, Trojan.PWSteal.Lineage, Trojan.Spy.Banker.AEC, Virtumonde


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Phishing Scams on the Increase in the UK

I came across this article in the Register today, it makes scary reading.

UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to the government's financial watchdog authority. Although losses remain modest compared to other forms of financial fraud, banking security experts speaking before the House of Lords science and technology committee are concerned about the growing prevalence of scams designed to trick consumers into handing over online banking credentials.

Rob Gruppetta, of the Financial Services Authority (FSA) financial crime team, told the parliamentary committee, "We are very concerned about the rate of increase. It has gone up by 8,000 per cent in the past two years. But in the grand scheme of total fraud it is still quite small," he added.

Between January and June 2005, 312 phishing incidents were recorded, a figure that shot up to 5,059 for the first half of 2006, according to figures from UK banking payment organisation Apacs. Improved detection rates are partly behind the increase but even so the growing sophistication of scammers is leading to heavy losses from UK banks.

Apacs security chief Philip Whitaker told peers that scammers had transformed phishing scams from a cottage industry into an industrial process.

An estimated £23.2m was stolen from UK online bank accounts using email scams in the first half of 2006, with a slight decreases in losses to £22.5m for the second half of the year, the BBC reports. In the year prior to October 2004, Apacs estimated phishing cost UK banks £4.5m, which compares to a £45.7m estimated loss for 2006. Despite growing losses, security experts testified that online banking was essentially safe.


There are some simple precautions you can take to make sure you don't become a victim;

1. Never click on a link in an email to take you to a secure site, if you need to log into your internet banking or ebay account then use the link in your favourites
2. Never, give out your password or login details either on line or over the phone.

If you think you have had a phishing email then you can report it to the PIRT squad at CastleCops, they will investigate it and actively work to get the site taken down. There is more information about phishing and staying safe online at Bank Safe Online

Tuesday, December 12, 2006

MalwareWiped a New Rogue Program

While looking at some web sites, I came across a new rogue antispyware program, Malwarewiped. If that sounds familiar, then that's because it's a renamed copy of MalwareWipe. The website name is Malwarewiped.com, which is not much different than the old one, malwarewipe.com.

This program is advertised by trojans and other malware to try to trick you into buying it. My copy got downloaded by clicking a fake warning from updatestate.com. Avoid this program, it's not worth paying for. Especially when most people will have it installed on their computer by spyware and trojans.





McAfee Antivirus detects it as a potentially unwanted program. Other security programs will add it to their detections soon I'm sure.

New Scam Sites

Several new scam websites found by Sunbelt Software and posted on their blog. These sites use different tricks to get people to install software. Don't download or install anything from them or anything else advertised this way.

Details and screen shots at Sunbelt Blog.

IP: 85.255.117.196
activexmediaobject.com

IP: 85.255.117.194
multimediaobject.com

IP: 85.255.116.210
iesafetywarning.com

IP: 85.255.116.210
uptodateprotect.com

IP: 85.255.116.212
allsecuritysite.com

Monday, December 11, 2006

MS Security Bulletin Advance Notification for December

I'm late with this notification this month as it is patch day tomorrow.. but here goes anyway.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 12 December 2006 Microsoft is planning to release:

Security Updates

  • Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
  • One Microsoft Security Bulletins affecting Microsoft Visual Studio. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
  • Microsoft will release four NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release 10 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Bulletin Advance Notification

Microsoft will also be hosting a webcast on Wednesday December 13th, for attendees to ask questions about the bulletins and get answers from the security experts.

Sunday, December 10, 2006

Ad Aware SE1R137 06.12.2006

SE1R137 06.12.2006 is now available, new definition file for Ad-Aware SE.



Updated definitions:
====================
Win32.Trojandownloader.Zlob +16

MD5 checksum is a390eef6adabc65574a9dbc6ad12d212

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

CounterSpy 1.5 Update 461

CounterSpy 1.5 latest update definition is 461

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

Download free 15 day trial

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database
Adware.51115, Adware.AdultLinks, Adware.ILookup, Adware.Statblaster.A, Blubster Toolbar, Clickspring/PuritySCAN, Cookie: msnwm.com, Cookie: my-content.net, Cookie: x69x.net, DomainHelper, OpenCash, Plugin369, Porn-Dialer.Win32.GBDialer.i, Spyware.KBGuardian, ToolBar.Ppack, Trojan-PSW.Win32.QQPass.w, Trojan.AntiSpySoldier.A, Trojan.Ardamax.49978424


Threats that have been updated
3721 Chinese Keywords (CNSMin), AdultLinks.QBar, Adware.Cinmus, Adware.LoopAd, Adware.NCast, Altnet/Topsearch, Application.TrojanSimulator, AproposMedia.ContextPlus, Ardamax Keylogger, Back Orifice, BaiduBar, BraveSentry, BrowserAid, C2.Lop, CarpeDiem, CasinoOnNet, ClickSpring.PuritySCAN, ComforestDial, Constructor.Win32.GoboTools, CoolWebSearch.CameUp, Cure, DesktopScam, Dimpy.Win32VBsy, ErrorSafe, eZula.CommonElements, FakeAlert, Family KeyLogger, FavoriteMan, Gigatech Superbar, Goldun.Fam, Hacker Defender, Hacktool.Rootkit, Haxdoor.Fam, HungryHands, IBIS.WebSearch Toolbar, iLookup, Infostealer, iOpus STARR, IRC Trojan, IRC-Worm.IRC.generic, IRC.Backdoor.Trojan, iSearch.Toolbar, IShowBao, JS.Cardsteal.Trojan, KeenValue.IncrediFind, Kuaiso Toolbar,
Maxifiles, MediaTickets CDT, Navihelper, Neoturk, Netbus, NSIS Media, Optix, P2P-Worm.Win32.SpyBot.gen, P2P-Worm.Win32.SpyBot.gl, Packed.Win32.NSAnti.b, Perfect Keylogger, PWS-Win32/Cimuz.gen, PWS-Win32/Wowsteal.gen!A, RainbowCrack, Remacc.RAServer, SafeSearch, SC-KeyLog, SearchWords.Toolbar, Slagent/Navipromo, SpamTool.Win32.Agent, SpySheriff, SpywareStormer, StatBlaster, SystemDoctor, Toolbar.CommonElements, Trojan-BAT.Zapchast, WatchDog, WebMail Spy, WildMedia.OverPro, Win32.Doombot.K@mm, Win32.ExplorerHijack, Win32.Worm.SQL.Slammer.B, Win32/Alureon.gen, WinAntiSpyware, Winshow

Spybot Search and Destroy December 8th

Adware
+ AdMoke (2) + AdSponsor + NCast (10)
Dialer
+ Prisparky
Hijacker
+ HappyToFind.Toolbar + MediaTickets
Malware
+ Ad-Protect + AV-Gold + CMFibula + CrawlwsToolbar + Fake.xpRecovery + FotosScreenSaver + MediaMotor (2) + PSCastor + Smitfraud-C. + SystemDoctor2006 + VirusBurst + VirusRescue + Warezov ++ Smitfraud-C.Toolbar888
PUPS
+ YazzleSudoku
Trojan
+ AnotherBOT + AstaKiller + Fraud.ProtectionBar + Hupigon + Kolweb.B ++ Papinha (2) + TagASaurus + VirtuMonde + Win32.Agent.baf + Win32.Banker.anv + Win32.Bzub.e + Win32.NLC + Win32.Small.lr + XPreload (3) + Zlob.EliteCodec + Zlob.FreeVideo.DVDCodec (2) + Zlob.GoldCodec (3) + Zlob.HQCodec + Zlob.HQvideo + Zlob.iCodecPack + Zlob.iMediaCodec + Zlob.IVideoCodec (3) + Zlob.JPEG-Encoder (2) + Zlob.KeyCodec + Zlob.MediaCodec + Zlob.MMediaCodec + Zlob.MPVideoCodec + Zlob.MyPassGenerator + Zlob.PerfectCodec (2) + Zlob.PornMagPass (2) + Zlob.PornPassManager + Zlob.PowerCodec (2) + Zlob.QualityCodec (2) + Zlob.SilverCodec (3) + Zlob.StrCodec (3) + Zlob.SuperCodec + Zlob.TrueCodec (2) ++ Zlob.Vcodec + Zlob.VidCodec (2) + Zlob.VideoAccess + Zlob.VideoCompressionCodec + Zlob.VideoKeyCodec (2) + Zlob.WinMediaCodec + Zlob.XpassGenerator + Zlob.XPasswordManager + Zlob.ZCodec
Total: 340797 fingerprints in 55352 rules for 2515 products.
http://www.safer-networking.org/en/home/index.html

SpywareBlaster Updated December 8th

Updated: December 8th, 2006
New: 51 Items
Total: 6998 Items

SpywareBlaster is free and available from Javacool's SpywareBlaster page.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

Monday, December 04, 2006

Spyware Doctor 3.0615 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0615 0
Intelli-Signatures: 92,405

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0615 0 - Adware.CurePCSolutions, Adware.DomainHelper, Backdoor.VB.AAF, Trojan.Bancos.MF, Trojan.Downloader.Agent.AIC, Trojan.PWSteal.ZombSmallTrojan.01, Trojan.Spy.Banker.BSU, Trojan.Spy.Banker.BSY, Trojan.Spy.Banker.BT, Trojan.Spy.Banker.BTG, Trojan.Spy.Banker.BUH

3.0614 1 - Suspicious File, Trojan.Bancos.GX, Trojan.Bancos.HQ, Trojan.PSW.QQDragon.T, Trojan.PWSteal.Lemir

3.0614 0 - Suspicious File, Trojan.Bancos.GX, Trojan.Bancos.HQ, Trojan.PSW.QQDragon.T, Trojan.PWSteal.Lemir

3.0613 0 - Trojan.PWSteal.Zaba.b, Trojan.PWSteal.ZRM
Extended Intelli-Signatures:
3.0615 0 - AdRotator, Adware.NewWeb, Backdoor.Agobot, Backdoor.AimBot, Backdoor.Bifrose, Backdoor.Radmin.J, Backdoor.Rbot, Backdoor.Sdbot.AAD, Backdoor.SdBot.GEN, BookedSpace, eZula, Maxifiles, Trojan.Downloader.Agent.AFL, Trojan.Downloader.ConHook, Trojan.Downloader.Ruins, Trojan.FakeAlert, Trojan.LdPinch, Trojan.Pakes, Trojan.PWSteal.Lemir, Trojan.PWSteal.QQPass.AC, Trojan.Qhosts, Trojan.Spy.Banker.ABG, Zeno Search Assistant

3.0614 1 - Backdoor.Agobot.AGZ, Backdoor.IRC.Zapchast, Backdoor.IRCBot.FP, Backdoor.Rbot.AJK, Backdoor.Rbot.Gen, Backdoor.Rbot, Backdoor.Robobot, Backdoor.Sdbot.AAD, Backdoor.Sdbot.AFX, Backdoor.SdBot.AJH, Backdoor.SdBot.GEN, Backdoor.SDBot.XD, Backdoor.Tixanbot, Backdoor.VBbot.I, Borlander, Common Components for Trojans, Common Components Unrelated, CWS.XPlugin, CWS.XPSystem, FU Rootkit, ILookup.Begin2Search, Known Bad Sites, MediaMotor, Recipe Rewards Toolbar, Slagent, Specific911 Hijack, Surf Speak, SurfSideKick, TIBS Premium Rate Dialer, Trojan.Agent.HS, Trojan.Agent.HT, Trojan.Agent.QW, Trojan.AntiMcAfee.B, Trojan.AVKillers, Trojan.Banbra.FB, Trojan.Bancos.JL, Trojan.Bancos.JZ, Trojan.Bancos, Trojan.Banker, Trojan.BeastPWS.C, Trojan.Bumerang, Trojan.Clicker.Aditer, Trojan.Clicker.Promo.A, Trojan.Clicker.VB.LX, Trojan.Crypt.D, Trojan.Delf.BZ, Trojan.Delf.PX, Trojan.Downloader.AEU, Trojan.LowZones, Trojan.PSW.QQRob.U, Trojan.Small.AH, Trojan.Spy.Banker.BBH, Trojan.StartPage.HT, Worm.Mytob.BI, XTS Keylogger, ZToolbar

3.0614 0 - Backdoor.Agobot.AGZ, Backdoor.IRC.Zapchast, Backdoor.IRCBot.FP, Backdoor.Rbot.AJK, Backdoor.Rbot.Gen, Backdoor.Rbot, Backdoor.Robobot, Backdoor.Sdbot.AAD, Backdoor.Sdbot.AFX, Backdoor.SdBot.AJH, Backdoor.SdBot.GEN, Backdoor.SDBot.XD, Backdoor.Tixanbot, Backdoor.VBbot.I, Borlander, Common Components for Trojans, Common Components Unrelated, CWS.XPlugin, CWS.XPSystem, FU Rootkit, ILookup.Begin2Search, Known Bad Sites, MediaMotor, Recipe Rewards Toolbar, Slagent, Specific911 Hijack, Surf Speak, SurfSideKick, TIBS Premium Rate Dialer, Trojan.Agent.HS, Trojan.Agent.HT, Trojan.Agent.QW, Trojan.AVKillers, Trojan.Banbra.FB, Trojan.Bancos.JL, Trojan.Bancos.JZ, Trojan.Bancos, Trojan.Banker, Trojan.BeastPWS.C, Trojan.Bumerang, Trojan.Clicker.Aditer, Trojan.Clicker.Promo.A, Trojan.Clicker.VB.LX, Trojan.Crypt.D, Trojan.Delf.BZ, Trojan.Delf.PX, Trojan.Downloader.AEU, Trojan.LowZones, Trojan.PSW.QQRob.U, Trojan.Small.AH, Trojan.Spy.Banker.BBH, Trojan.StartPage.HT, Worm.Mytob.BI, XTS Keylogger, ZToolbar

3.0613 0 - Backdoor.Agobot, Backdoor.AimBot, Backdoor.Bifrose, Backdoor.Delf.TZ, Backdoor.Hackdoor, Backdoor.Rbot, Backdoor.Sdbot.AAD, Backdoor.SdBot.GEN, Backdoor.Theef, Borlander, CnsMin, Common Components for About Blank, Common Components for Backdoors, Common Components Unrelated, Cram Toolbar, CWS.SvcHost, CWS.VDOMP, IO Brisa, Lineage.MN, Lop.com, Maxifiles, Maya Password Stealer, MediaGateway, MediaMotor, MSConnect, PSGuard Desktop Hijacker, RPCC Spammer, SpyAxe, Trojan.Bancos.GU, Trojan.Downloader.Agent.AAE, Trojan.Downloader.Agent.ACM, Trojan.Downloader.Agent.AEF, Trojan.Downloader.Agent.NR, Trojan.Downloader.Delf.XG, Trojan.Downloader.JW, Trojan.Downloader.NL, Trojan.Downloader.Small.ATL, Trojan.Downloader.VB, Trojan.Emspy, Trojan.LdPinch, Trojan.Pakes, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Proxy.Xorpix, Trojan.PWSteal.Lmir.AAI, Trojan.SpamThru, Trojan.Spy.Banker.ABG, Trojan.Spy.Gepost, Trojan.Spy.MSN.B, Trojan.StartPage.AV, Trojan.Startpage.GE, Trojan.StartPage.GEN, Trojan.StartPage.Y, Trojan.VB.ADD, Trojan.Win32.Alureon.B, Trustin Toolbar, Virtumonde, VirusBurst, WebSearch Toolbar, WinAntiVirus, Wink, WinSpy Stealth Monitor, Worm.Mytob.CK, Worm.Opnis, Worm.Padobot.Z, Worm.Viking, Worm.WGAVN, Worm.Zotob.B

Renamed Intelli-Signatures:

3.0615 0 - Trojan.Popuper.Downloader

3.0614 1 - Trojan.Bancos.HA

3.0614 0 - Trojan.Bancos.HA

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Friday, December 01, 2006

Ad Aware SE1R135 27.11.2006

The latest update for Ad Aware is SE1R135 27.11.2006

Updated definitions:
AdBlaster +2
Adware.Adhelper +5
Adware.BHO(generic) +3
Adware.NewWeb +2
Adware.Searchcolours +2
Lop +4
PurityScan +3
SpyAgent +2
TVMedia
Win32.Backdoor.Agent +6
Win32.Backdoor.PcClient
Win32.Backdoor.SDBot
Win32.Bagle.B
Win32.Dialer.Trojan +3
Win32.Generic.PWS +31
Win32.Trojan.Agent +9
Win32.Trojan.Downloader +25
Win32.Trojan.Klone
Win32.Trojan.MatrixHasYou +11
Win32.Trojan.Qhost +3
Win32.Trojan.SDBot
Win32.Trojan.Small +2
Win32.Trojan.Spambot +7
Win32.Trojan.Spy +2
Win32.Trojan.StartPage
Win32.TrojanClicker
Win32.TrojanDownloader.Agent +9
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Small +2
Win32.TrojanDownloader.VB +3
Win32.Trojandownloader.Zlob +1578
Win32.TrojanDropper +3
Win32.TrojanProxy.Agent.dl +3
Win32.Trojan-PSW.Lineage +18
Win32.TrojanSpy.Banker +25
Win32.Worm.Warezov +5
Win32.Worm.Viking +7
Virtumonde +4
Zango

MD5 checksum is c0f5033fa432381818476a7b39a15684

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

SpywareBlaster Update 294 New Items

Updated: Novemebr 20th, 2006
New: 294 Items
Total: 6937 Items

SpywareBlaster is free and available from Javacool's SpywareBlaster page.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

Spyware Doctor 3.0612 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0612 0
Intelli-Signatures: 92,404

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0612 0 - Adware.Ncast, Trojan.Bancos.KD, Trojan.Spy.Banker.ABG, Trojan.Spy.Banker.BBH

Extended Intelli-Signatures:
3.0612 0 - Adware.Henbang, Backdoor.AimBot, Backdoor.IRC.Zapchast, Backdoor.IRCBot, Backdoor.Rbot, Backdoor.Sdbot.AAD, Borlander, Common Components for Backdoors, CWS.XPSystem, Trojan.Banker, Trojan.Downloader.ConHook, Trojan.Dropper.Agent.AXO, Trojan.Killav.AU, Trojan.LowZones, Trojan.Proxy.Small.BO, Trojan.Proxy.Xorpix, Trojan.PSW.Agent.CK, Virtumonde, VX2.Look2Me

3.0611 0 - Backdoor.Delf.TZ, Backdoor.Sdbot.AAD, Exploit.ANI, Flingstone Infamous Downloader, Maxifiles, Trojan.Bancos, Trojan.Banker, Trojan.Busky, Trojan.Conycspa, Trojan.Downloader.Small.DTC, Trojan.Downloader.Sohanad, Trojan.FakeAlert, Trojan.Luzia.M, Trojan.Mailbot, Trojan.Proxy.Agent.Df, Trojan.SpamThru, Trojan.Win32.SecondThought.l


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Spybot Search and Destroy December 1st

2006-12-01
Hijacker
++ Absolutee.PornoHome
Malware
+ Aest + ISearchTech.YSB ++ NavBHO ++ SearchEnhancer ++ Smitfraud-C. (4) ++ Smitfraud-C.Toolbar888 (3) + SpyHeal ++ VirtuMonde (2)
PUPS
+ VirusBurst + Zango
Trojan
+ Bancos + Cimuz + Krepper-G + Lineage.DN ++ MSNservice ++ Smitfraud-C. ++ Stration.C ++ Tibs.id ++ Win32.Adload.fu ++ Win32.Clicker + Win32.Delf.aml + Win32.Limar ++ Win32.Pakes + Win32.SdBot.aad ++ Win32.Small.na + Zlob.Downloader ++ Zlob.EliteCodec + Zlob.HQvideo + Zlob.IVideoCodec ++ Zlob.PerfectCodec (2) + Zlob.PornPassManager + Zlob.MediaCodec ++ Zlob.SuperCodec ++ Zlob.TrueCodec ++ Zlob.VideoCompressionCodec
Total: 336820 fingerprints in 53970 rules for 2500 products.


http://www.spybot.info/en/home/index.html

Sunday, November 12, 2006

MS Security Bulletin Advance Notification for November

Microsoft have released an advance notification for the updates that are due to be released next Tuesday.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 14 November 2006 Microsoft is planning to release:

Security Updates

  • One Microsoft Security Bulletin affecting Microsoft XML Core Services. The highest Maximum Severity rating for this is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates will require a restart.
  • Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
Microsoft Windows Malicious Software Removal Tool
  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
  • Microsoft will release No NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Bulletin Advance Notification

Microsoft will also be hosting a webcast on Wednesday November 15th 11:00 AM Pacific Time (US & Canada), for attendees to ask questions about the bulletins and get answers from the security experts.

Friday, November 10, 2006

Security vendor hit by spite attack: Gromozon vs. Marco Giuliani

There's a spyware called the Gromozon rootkit. The people who make this spyware are trying to trick people into thinking that Prevx made the spyware. Prevx actually makes the only tool that can remove the rootkit.

read more | digg story

Monday, November 06, 2006

Interview with Merijn Bellekom

TeMerc of TIC's and Cexx.org has just brought to my attention, this article at Suite 101

In it, Merijn Bellekom, the maker of Hijackthis, tells us how his program came into being and what is coming up with regards to Vista. In fact, Merijn could do with your help

As it turns out, Merijn needs our help. He needs people who are beta testing Vista RC1 to let him know what kind of errors you are receiving when running HJT. To that end, he asks that you email the errors you get along with the system configuration you are running to hjt.vista.beta@gmail.com

Check out the full interview at Suite101

Saturday, November 04, 2006

YOU'RE BEING TRACKED in Firefox 2.0 - how to disable 3rd party cookies

Issue was raised in latest Security Now. Firefox always blocked 3rd party cookies, now in 2.0 it removed the option. To fix: about:config in your address bar, change network.cookie.cookieBehavior from 0 to 1. I did this immediately. Also in the mozilla forum thread, link to extension that blocks 3rd party cookies.

read more | digg story

Sunday, October 29, 2006

Time Magazine: Why Two Browsers are Better than One

By now you may have heard that the makers of the two leading web browsers launched their latest totally free editions, Microsoft's Internet Explorer 7 and Mozilla's Firefox 2, within a week of each other. Feature-wise, most news reports have already declared a winner: the long-awaited IE7 may be a vast improvement over its predecessors, but the new Firefox leaves it in the dust. While that's mainly true, here's what you need to know about each one, and why you should have them both on your Windows PC. (Firefox 2 is available for Mac users, although Internet Explorer is not.)

read more | digg story

Wednesday, October 25, 2006

Microsoft Ships Windows Defender At Last

Microsoft released the final version of its freeware Windows Defender anti-malware product yesterday. The software was designated beta since Microsoft relaunched it as Windows AntiSpyware nearly two years ago after acquiring it from GIANT Company Software.


Langa Blog: Microsoft Ships Windows Defender At Last

Saturday, October 21, 2006

Free Antivirus Programs Compared

A review on the 3 main free antivirus programs out there. I've tried them all myself and agree that AntiVir is the best of the three. All are better than having no antivirus, and some are better than paid antivirus programs.

AntiVir is easy on system resources, easy to use, and detects a large number of spyware programs as well. It's very good at detecting and removing the zlob trojans, aka SpywareQuake, SpyFalcon, Pest Trap, and all those other programs that have that balloon that that says you are infected.

AVG and Avast are good, too. Avast does annoy me because it talks to you. Yes, it will say things like virus definitions update or virus detected. A warning window and maybe a quick sound would be fine. You can turn it off, but it still silly.

read more | digg story

Thursday, October 19, 2006

Internet Explorer 7 Is Now Available

Internet Explorer 7 is finally out of testing and ready for anyone to use. It's been years since IE 6 came out. I think this is the longest time between new IE versions since it came out. Internet Explorer 7 finally brings tabbed browsing to the world of IE. Every other browser has had this for years, and it's one of the reasons I used Firefox. For those who haven't used tabbed browsing, it may not seem like a big deal, but once you start using tabs, you don't know how you manged before tabs. There's many other new features to IE that have been in other browsers also. RSS, built in search tool, and many other features Internet Explorer has been sorely lacking. It also has many security improvements. Time will tell on whether they help.

Check out IE 7 and download it here.

Wednesday, October 18, 2006

Careful where you download IE7 from

The Register is reporting that hackers are luring unsuspecting users to a fake download site for IE7 by an email that purports to be from support@microsoft.com. Trouble is, when they get there they aren't getting IE7 but a site loaded with trojan downloader codes. Full story here.

Whilst I'm on the subject of IE7, Yahoo have released their own version of IE7 today, even ahead of Microsoft. Great if you like the Yahoo toolbar etc. Personally I think I will wait for the clean version from Microsoft. You can check this site out for more information from Microsoft.

Internet Explorer 7 will be delivered through Automatic Updates - customers should complete preparations by November 1

Monday, October 16, 2006

Free Smileys From Ask.com Not so Free After all

Spyware researcher Ben Edleman takes a look at how Ask.com uses bait and switch tactics to get their toolbar installed. He even compares Ask's tactics to encyclopedia salesman trying to get their foot in your door.

While some may like having the cute smileys, the real reason is to get an Ask toolbar installed on your computer. Ben says that the toolbar moves the address bar (where you type in a web address) and puts their toolbar in the same place. That way,you may use the toolbar thinking you are just typing the url of where you want to go. After using the toolbar by mistake, you end up on an Ask search page full of advertisements.

Ask used to be called Ask Jeeves, but they retired that name and the butler mascot and go by Ask now.

read more | digg story

Saturday, October 14, 2006

Top Five Phish Brands for September

Paul Laudanski of Castle Cops has been very busy just recently, jetting all over the place giving presentations on Phishing Incident and Termination (PIRT). Because of this he hasn't yet had time to publish his top 20 list for September

However I do have a top 5 list so I hope that will do you for now. If you want to have a look at Paul's presentation then you can download it here. As always, the PIRT Squad are working very hard on our behalf, so don't forget to report your phishing emails.

  1. PayPal => 168

  2. eBay => 112

  3. Wachovia => 32

  4. Nationwide => 16

  5. BOA => 13
Anti phishing volunteers are always welcome, if you want to join the fight then Click Here to become part of PIRT


Wednesday, October 11, 2006

Sunbelt Counterspy Update 427

CounterSpy 1.5 latest update definition is 427

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Ewido Is Now AVG Antispyware

Grisoft bought the Ewido program back in late April, so it's not a surprise to me that the name has now been changed. Grisoft also makes the popular AVG Anti-Virus program as well. For now, the program remains just like Ewido. I'm sure as time goes by, it will change.



AVG Antispyware
Date of Update: October 11th, 2006
Known threats in database: 463,940

AVG Antispyware scans your computer to clean any spyware that may have gotten on your computer. AVG Antispyware also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: AVG Anti-Spyware

Spy Sweeper Update 780

Spy Sweeper latest update.

Program Version 5.0.7. (Build 1608)
Spyware definition: version 780
Updated October 11th,2006
Protection against 153,022 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 150,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spyware Doctor 3.0577 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0577 0
Intelli-Signatures: 87,184

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0577 0 - VSToolbar

3.0576 0 - Trojan.PWSteal.Lineage.HC

Extended Intelli-Signatures:

3.0577 0 - Backdoor.Rbot.AYL, Backdoor.Rbot.Gen, Backdoor.Wootbot.Gen, CWS, Deskwizz, PurityScan, SpywareNo, SpywareQuake, Trojan.Banker, Trojan.Popuper, Trojan.Proxy.Ranky, Trojan.StartPage.GEN, Webhancer, WinFixer, Yazzle Cowabanga, YourEnhancement

3.0576 0 - Ultimate Defender, YourEnhancement

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

IE Spyad List Updated

IE Spyad has been updated. You can download all of these new versions at:

http://www.spywarewarrior.com/uiuc/resource.htm

What is IE Spyad? It is a free list of bad sites that are added to Internet Explorer's restricted zone. By putting those sites in the restricted zone, it limits the harm they can do your computer. Here is an excerpt from the author describing it:

IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.

Here is an explanation on how to use it, including screen shots.
Many rogue Internet sites have been added to IE Spyad's protection list. A few that are of note include some of the fake Windows security sites that are from SmitFraud, better known as SpyAxe, SpyFalcon, and SpywareQuake.

Tuesday, October 10, 2006

It's Patch Tuesday For Windows.

It's the second Tuesday of October and that means it's time to update Windows. There are 6 critical updates this time, along with several other ones to protect your computer. Details of what's in this month's updates can be read at the Microsoft Security Bulletin for October.

Go to Windowsupdate.com to get them and protect your computer.

Monday, October 09, 2006

Google to buy YouTube in $1.65 billion stock deal

Google has laid speculation to rest — it is buying YouTube for US$1.65 billion in a stock transaction. YouTube operates a wildly popular Web site showing original videos in a range from amateurish to professional. It will continue to operate independently after the Google acquisition “to preserve its successful brand and passionate community,”

From Macworld.

Sunday, October 08, 2006

Unlocking the Mysteries of 'Svchost.exe'

Svchost.exe can, and usually does, run several instances of itself at any given time, each instance running several associated services. How do you find out what these "services" are?

Posted on the Langa Blog. I've been so busy, I didn't notice Fred Langa has a blog now. Anyways, a good and brief explanation on why you see svchost.exe more than once in your process list on XP and Windows 2000.

read more | digg story

Friday, October 06, 2006

MS Security Bulletin Advance Notification for October

Microsoft have released an advance notification for the updates that are due to be released next Tuesday.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 10 October 2006 Microsoft is planning to release:

Security Updates

  • Six Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
  • Four Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
  • One Microsoft Security Bulletin affecting Microsoft .NET Framework. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
  • Microsoft will release No NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Bulletin Advance Notification

Thursday, October 05, 2006

Microsoft give MVP Award to Adware Pusher

Microsoft's MVP program supposedly rewards "outstanding members of Microsoft's peer-to-peer communities, and is based on the past year's contributions those members make in those communities online and offline." So why have they given the creator of Messenger Plus an MVP Award, when he bundles the notorious LOP Adware in with his creation?

read more | digg story

Tuesday, September 26, 2006

Spyware Doctor 3.0567 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0567 0
Intelli-Signatures: 71,240

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0567 0 - Backdoor.Antilam.GEN, Trojan.Clicker.Aditer, Worm.Womble

3.0566 0 - Trojan.PSW.QQDragon

3.0565 1 - Backdoor.Augodor.GEN, Drive Cleaner, Popupwithcast, Worm.Licat

Extended Intelli-Signatures:

3.0567 0 - Backdoor.Delf.EE, Backdoor.Tilebot.AF, Mirar, Regifast, SpyAxe, Trojan.Banker, Trojan.Downloader.Small.CML, Trojan.Dropper.Small.AEK, Trojan.FavAdd.AE, Trojan.Popuper, Trojan.PSW.Hangame, Trojan.PWSteal.Lineage, YourEnhancement

3.0566 0 - Advertising, Backdoor.Tilebot.AF, Block-Checker, CasinoClient, Drive Cleaner, EliteBar, Known Bad Sites, PurityScan, Trojan.Busky, Trojan.Dialer.BY, Trojan.Goldun, Trojan.Proxy.Small.BO, YourEnhancement

3.0565 1 - Backdoor.Assasin, HideWindows, Known Bad Sites, Mirar, SpyAxe, Trojan.Downloader.Agent.XQ, Trojan.Downloader.Zlob.PJ, Trojan.PSW.QQRob.U, VX2.Look2Me

Tool Update releases:

Popup Blocker 3.6.0.2083

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Urgent Update For Windows Now Available

Microsoft has a patch or fix for a critical problem in the way Windows handles the so called VML Exploit. Without getting this patch, spyware, trojans, and viruses can be automatically installed on your computer from web pages and spam emails. The update is small and does not need to restart your computer to take effect. I strongly recommend everyone go to Windows Update now to get this patch. Normally, Microsoft only releases patches on the second Tuesday of the month. By releasing this fix early, this shows how serious this problem is.

The VML Exploit ( for Vector Markup Language) is described briefly in the update:

Typical download size: 250 KB , less than 1 minute
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Keeping your computer up to date is important, but this update is really important. Here is a rather technical explanation of what the VML Exploit is and what it does. An example of what you might get in a spam email that uses this exploit from the Sunbelt Blog.

Monday, September 25, 2006

IE7 is immune to VML exploit

First of all.. what is the VML exploit?

First discovered by Sunbelt, the VML exploit allows a malicious website to install software without your knowledge or permission. The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode. Microsoft has been informed and we are hoping for a patch to be released in the October security update release.

Until then, the only way to protect your self from this exploit is to unregister the VML.dll or upgrade to IE7

Yes you did read correctly, IE7 is immune to this vulnerability. Fellow MVP, Sandi Hardmeier has written about this in her blog Spyware Sucks, not only are there some great screen shots but also links to further information.

If you are unable or unwilling to upgrade to IE7 then Bleeping Computer have recently posted an excellent tutorial on how to disable and unregister this dll.

Update:

Microsoft have released a security update today to address this issue..

Security Update for Windows XP (KB925486)
Date last published: 9/26/2006
Typical download size: 250 KB
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.


Saturday, September 23, 2006

Sunbelt Counterspy Update 414

CounterSpy 1.5 latest update definition is 414

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

BadJoke.Win32.Delf.ak, BadJoke.Win32.Finger.b, Exploit.Levem.C, Trojan-Downloader.Win32.Zlob.akl, Trojan-Downloader.Win32.Zlob.akm, Trojan-Downloader.Win32.Agent.awy, Trojan-PSW.Win32.WOW.io, Trojan-Spy.Win32.Dolan, Zenotecnico.Think-Adz, SGOOPE, Trojan-Proxy.Win32.Lager.di, Trojan.PWStealer.09ED7DF4, Trojan.BE!dld.03CB7D33, Backdoor.Irc.Sdbot.EG, Backdoor.Hackarmy.AA, Trojan.PWStealer.B3E81E21, Backdoor.HackDef.Gen, Backdoor.Hupigon.CAF, Trojan.Banker.Delf.745CEDCB, Trojan-Downloader.Zlob.0CFA45AB, Trojan-Downloader.Dowdec.B

Threats that have been updated

VirusBurst, Backdoor.Ciadoor, IST.ISTbar, Look2Me, ClickSpring.PuritySCAN, SC-KeyLog, Trojan.StartPage, Backdoor.Win32.Rbot.gen, WindUpdates.WinTaskAd, SearchWords.Toolbar, Clickspring, HalfLemon, KGB Keylogger, Zango.Toolbar, DropSpam, FakeAlert, P2P-Worm.Win32.SpyBot.gl, Trojan-Proxy.Win32.Lager, Backdoor.Win32.IRCBot.qc, Infostealer.Banpaes, Backdoor.Graybird, Infostealer, Backdoor.Trojan, W32.HLLW.Gaobot, Hacktool.Rootkit, Trojan.Alemod, Backdoor.Graybird.K, Backdoor.Formador, Infostealer.QQRob.A, Infostealer.Lineage, W32.Beagle.X@mm, Trojan.Flush.A, W32.SillyFDC, W32.Looked.I, Trojan-Spy.Win32.Ardamax.b, Trojan-Downloader.JS.Psyme.br, Trojan-Proxy.Win32.Delf.t, Infostealer.JiangHu, Trojan.Popper, W32.Looked.P, Trojan-Downloader.Win32.Adload.cz, Rootkit.Win32.Agent.cf, Dialer.TrafficAdvance, Spyware.Ardakey, Backdoor.Win32.Hupigon.buw, Trojan-Downloader.Win32.Zlob.yt, Trojan-Dropper.VBS.GoboTools, Trojan-Spy.Win32.Banker.bgw, Trojan-Dropper.Win32.VB.mg, Backdoor.HackDefender, Trojan-Downloader.BAT.Ftp.cn, Trojan-Spy.Win32.Banker.buv, Trojan-Dropper.Win32.Pakes, Trojan-Downloader.Win32.Small.dnv, Email-Worm.Win32.Mydoom.m.log, Backdoor.Win32.Rbot.be, Trojan.Wimad, Backdoor.Win32.Iroffer.13b11, Trojan.BAT.KillFiles.eg, W32.Stration.A@mm, Trojan.Remote Desktop, WUPC (Web is Under Parental Control), Backdoor.Win32.Cakl.a, Trojan-Dropper.Win32.Small.apg, Trojan-PSW.Win32.QQPass.hb, Trojan-PSW.Win32.PdPinch.gen, Trojan-Spy.Win32.Spav, Backdoor.Win32.Hupigon.bzn, Trojan-PSW.Win32.QQPass.kx, Trojan-Downloader.Win32.Agent.aut, Trojan.Win32.DNSChanger.en, Backdoor.Sdbot.AU, Trojan.Schoeberl.D, Trojan-Downloader.Win32.Small.dtq, Trojan-Downloader.Win32.Tibs.ic, Email-Worm.Win32.Warezov.aa, Trojan-Spy.Win32.Banker.bzf, Backdoor.Win32.IRCBot.vj, Trojan-Spy.Win32.Banker.bxm, Trojan-Clicker.Win32.Agent.hz, Trojan-Downloader.Win32.Zlob.ail, Trojan-Downloader.Win32.Delf.avu, Trojan-Downloader.Win32.Zlob.aja, Dialer.iDialer, Backdoor.Win32.Hupigon, Trojan-Downloader.Win32.Zlob.ajk, Hotbar, Hyperlinker/LinkMaker, Perfect Keylogger, Trojan-Downloader.Psyme, Slagent/Navipromo, Unclassified.Trojan.G, Deskwizz/ZQuest, VX2.Buddy, Trojan-Downloader.Qoologic, Zenotecnico, WinAntiSpyware, Yazzle Sudoku, C2.Lop.dldr, PigSearch, SpamTool.Win32.Agent.h, Trojan.Win32.Dialer.hz, Trojan-Spy.Win32.Banker.bdn, Trojan Horse, W32.IRCBot, Backdoor.Bifrose, Infostealer.Wowcraft, W32.Feebs, W32.Linkbot, Trojan.Dermon.A, VBS.Inor, Adware.Zhong, Backdoor.IRC.Flood, Bat.Delsys.Trojan, Trojan-PSW.Win32.WOW.da, Trojan-Spy.Win32.Banbra.gl, Backdoor.Subot, Backdoor.Win32.SdBot.aad, Backdoor.Win32.Aimbot.ae, Backdoor.Win32.SdBot.gen, Trojan.Ducky.B, Bloodhound.Exploit.64, DialupPwd, W32.Randex.GEL, Trojan-Downloader.Win32.Zlob.afq, Backdoor.Win32.FireFly.i, Trojan-Downloader.Win32.Zlob.afr, Trojan.Win32.Qhost.hs, Trojan-Downloader.Win32.Delf.amn, Trojan-Dropper.Win32.Delf, Trojan-Proxy.Win32.Horst.hl, Ultimate Cleaner, DialXS, Backdoor.SDBot.gen, Zango.SearchAssistant, TargetSaver, Radmin, UniversalSearchToolbar, PurityScan.VirtueScope, DollarRevenue, Ultimate Defender, Advertismen, IRC Trojan, Trojan.Emcodec, W32.HLLW.Antinny.G, Trojan.Gobrena, Dialer.Trojan, Constructor.Win32.MicroJoiner.17, SpamTool.Win32.Gadina.d, Trojan.LinkOptimizer, Trojan-Spy.Win32.Banbra.he, Trojan-Dropper.Multi.Gen, Backdoor.Sdbot, Trojan-Spy.Win32.Banbra.hb, W32.Looked.O, Trojan.Win32.LipGame.ab, Trojan.Emcodec.G, W32.Wargbot, Backdoor.Mulim, Trojan.Logger, Trojan-Downloader.Win32.Zlob.in, Trojan-PSW.Win32.Lineage.ahe, Trojan-Downloader.Win32.Agent.alw, Trojan.Win32.DNSChanger.eq, Trojan.Downloader.Small.DFB, W32.Stration.AC@mm, Netbus, C2.Lop, Mirar, DialerPlatform, W32.Spybot.Worm, Marketscore.RelevantKnowledge, Virtumonde, Trojan.Abwiz, EnergyPlugin, SpySheriff, Desktop Weather, Trojan.LowZones, Maxifiles, DesktopMedia, Goldun.Fam, Haxdoor.Fam, Trojan.KillAV, Henbang, Trojan-Downloader.Zlob.Media-Codec, Trojan-Proxy.Win32.Small.bo, Yazzle.Cowabanga, Trojan-Downloader.Win32.Agent.uj, Trojan.Anserin, Trojan.Adclicker, Backdoor.Prorat, Dialer.Target, Trojan.Zlob, Backdoor.Mosuck, Trojan.Emcodec.B, Trojan.Hachilem, Dialer.Generic, BAT.Trojan, W32.Buchon.A@mm, Backdoor.Win32.Delf.api, Trojan-Spy.Win32.Banker.awa, Trojan-Spy.Win32.Banbra.gf, Adware.Roogoo, Trojan-Dropper.Win32.MultiJoiner.13.h, Trojan.Win32.Dialer.qi, Trojan-Dropper.Win32.Small.apz, Infostealer.Wabber, Trojan.Vxgame.z, Trojan-Downloader.Win32.Delf.acc, W32.Bugbear.B.Dam, Backdoor.Win32.Hupigon.rc, Backdoor.Win32.Small.ls, Trojan-Downloader.Win32.Zlob.aec, Trojan-Downloader.Win32.Zlob.aee, Trojan-Dropper.Win32.Agent.ati, Trojan-Proxy.Win32.Lager.aq, Backdoor.EggDrop, Dropped:Trojan.Spy.Agent.NZ, Trojan-Proxy.Win32.Horst.hr, Trojan-Downloader.Win32.Banload.aon, Trojan-Spy.Win32.Perfloger.w, Backdoor.Evilbot.C, MediaMotor.Popupwithcast, IM-Flooder.Win32.RoomDestroyer, Trojan-PSW.Win32.IcqSmiley.c, Trojan-Downloader.Win32.Banload.bfo, Trojan-Spy.Win32.Delf.ta, Backdoor.Win32.VB.axj, Trojan.Galapoper.A, Backdoor.Win32.Webdor.af, Trojan-Downloader.Win32.Agent.awm, Trojan-Clicker.Win32.VB.dn, Backdoor.Win32.Sbot.10, Trojan.Win32.BHO.e

Spyware Doctor Update 3.0565 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0565 0
Intelli-Signatures: 71,110

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0565 0 - Backdoor.Augodor.GEN, Drive Cleaner, Popupwithcast, Worm.Licat

3.0564 0 - Backdoor.Bancodor.GEN, Trojan.Clicker.VB.FQ

3.0563 0 - Trojan.Busky, VirusBurst

Extended Intelli-Signatures:

3.0565 0 - Backdoor.Assasin, HideWindows, Known Bad Sites, Mirar, SpyAxe, Trojan.Downloader.Agent.XQ, Trojan.Downloader.Zlob.PJ, Trojan.PSW.QQRob.U, VX2.Look2Me

3.0564 0 - Backdoor.Graybird.GEN, Backdoor.LegMir.BZ, Common Components Unrelated, I-Search Desktop Search Toolbar, Maxifiles, MediaTickets, PurityScan, Trojan.Agent.HT, Trojan.Downloader.Agent.AWM, Trojan.Downloader.Banload.M, Trojan.Downloader.Small.CYH, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.MultiJoiner, Trojan.Mailbot, Trojan.Popuper, Trojan.PSW.Hangame, Worm.Spybot, Zeno Search Assistant

3.0563 0 - Backdoor.Berbew.N, Backdoor.Robobot, BookedSpace, Common Components for Trojans, Enbrowser, Maxifiles, PurityScan, TargetSavers, Trojan.Downloader.Zlob.GEN, Trojan.Popuper, Trojan.Proxy.Webber.O

Deleted Intelli-Signatures:

3.0564 0 - WhenU.Search

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Ad Aware SE1R124 19.09.2006

The latest update for Ad Aware is SE1R124 19.09.2006

New Definitions:
========================
Adware.Agent +3
Adware.Baidubar +5
Adware.LetsCool +6
Adware.LoopAd
Adware.MyToolbar +4
Adware.Podcast +5
Adware.Soso +8
Adware.WeirWeb +2
Win32.Hacktool.Craagle
Win32.Trojan.IZD

Updated Definitions:
========================
Adware.180Solutions.SeekmoSearchAssistant +3
Adware.Adhelper
Adware.CasClient +9
Adware.DesktopMedia +9
Adware.MMSAssist
Adware.Sidesearch +2
Dogpile Toolbar +3
Elitum.ElitebarBHO +3
MegaSearch Toolbar
NetPal
RedSwoosh +4
SahAgent +3
Win32.Trojan.Downloader +15
Win32.Trojandownloader.Zlob +5
Win32.Trojan-PSW.Lineage
Winfixer +2
Virtumonde +9
VirusBurst +4
Zango +9
ZSearch +11

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

Spy Sweeper & Ewido Antispyware Latests Updates

Spy Sweeper latest update

Program Version 5.0.7. (Build 1608)
Spyware definition: version 766
Updated September 22nd,2006
Protection against 150,734 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/


Ewido Antispyware

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: September 23rd, 2006
Known threats in database: 440,074

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Sitemeter