Saturday, July 29, 2006

Proof of Zango Tageting Myspace With Malware

I mentioned earlier this month about how adware company Zango was trying to get Myspace users to add Zango to their profiles. Now, Paperghost has updated how Zango has been targeting Myspace users. In his latest post on his blog, he offers proof, including an email from a Zango representative giving examples of how to push Zango on Myspace. Just the day before, a representative from Zango said that they were not targeting Myspace. However, the content of the email says otherwise.

...more profitably, *go to a bunch of your friends* who have popular profiles and pay them (it's up to you so much. One of my partners said 5$..maybe offer to split the money with them?) to put a zango video into their profile through your site. This will give you hundreds of extra installs a day (this probably works even better than having them on your actual site).


Several other examples can be found on Vitalsecurity, including the entire contents of the email. Additional coverage at ZDnet, and Slashdot.

Sunbelt CounterSpy 383

CounterSpy 1.5 latest update definition is 383

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

FormSpy
Trojan-Downloader.JS.Agent.z
Exploit.CHM.z
Exploit.WMF.z
Trojan.Vxgame.z
Trojan-Downloader.Vxgame.z
Trojan-Downloader.Win32.Harnig.z
Trojan-Proxy.Win32.GoldDigger
Trojan-Downloader.Win32.gd
Backdoor.Win32.Aimbot.ei
Trojan-Clicker.Win32.VB.on
Trojan-Downloader.Win32.Agent.AQO
Win32.Morphine-Crypted
Trojan-Spy.Win32.Small.gg
Backdoor.Win32.Prorat.s
YourReminder
Backdoor.Rbot.BEE

Threats that have been updated

Backage, Cero, 3721 Chinese Keywords (CNSMin), DotComToolbar, Firehotcker, Hacker , Defender, Noknok, Fastfind, W32.Spybot.Worm, Backdoor.Win32.Rbot.gen, Sars Notifier, WebDir, Command Service, BigBlue.01, Atentator, DollarRevenue, Exploit.WMF, Backdoor.Win32.ServU-based, Backdoor.IRC.Zapchast, FiveSec.Spam.Agent.vx, Goldun.Fam,
Trojan-Downloader.Win32.Small.awa, Haxdoor.Fam, QuickLinks/Forethought, Backdoor.Win32.SdBot.xd, Trojan-Downloader.Win32.Harnig, , Trojan-Proxy.Win32.Xorpix.Fam, Trojan.Win32.Dialer.pw, Backdoor.Win32.Rbot.aeu, Backdoor.IRC.Bot, Backdoor.Trojan, IRC.Backdoor.Trojan, Backdoor.Rustock, , Email-Worm.Win32.Anker.s, Email-Worm.Win32.VB.ar, Trojan-Clicker.Win32.Small.cc, Trojan-Downloader.Win32.Small.ctk, Exploit.ANI-MS05-002.z, Trojan.BankAsh, Trojan.Win32.Agent.pk, Backdoor.Win32.SubSeven.21.a, Trojan-Downloader.Small.CYZ,
Backdoor.Win32.Rbot.pac, Backdoor.Win32.SdBot.aad, Backdoor.Win32.Small.iz, Backdoor.Win32.TDS.SE.23, Constructor.Win32.Agent.k, Trojan-Downloader.Win32.Small.cwq

Spybot Search & Destroy, July 28th

Spybot Search and Destroy has an update for July 1st, 2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:

Hijacker
++ Related-Search-Defender + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Malware
+ Smitfraud-C. (3) ++ True Sword ++ X-Con-Spyware-Destroyer ++ X-Spyware - SpywareDetector + Zeno + UnSpyPC + WinFixer + Virtumonde ++ SpyHeal ++ 180Solutions.Iyus-M + Smitfraud-C.Toolbar888 + DyFuCA.InternetOptimizer + Web-Nexus + MediaMotor
Trojan
+ Zlob.PornMagPass (3) + Zlob.Downloader (3) ++ KillAV.HostsMgr ++ Zlob.AudioCat ++ Zlob.Foro ++ SeachToolbarCorp.ToolbarVision + SpyQuake2 ++ Win32.Qoologic ++ AstaKiller

Total: 345832 fingerprints in 46987 rules for 2143 products.

Ewido Anti-Spyware For July 28th

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Date of Update: July 28th, 2006
Known threats in database: 379,119

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spy Sweeper update 729

Spy Sweeper latest update.

Spyware definition: version 729

Updated July 28th, 2006
Protection against 145,019 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spyware Doctor 3.0525

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0525
Intelli-Signatures: 65,294

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0525 0 - Adware.Sqwire, Dialer.CQ, Trojan.Downloader.Tiny.AP, Trojan.Yangin

3.0524 0 - Backdoor.Goweh, Nurvel, TeenXXX Dialer, Trojan.Liduan.A, Trojan.Spy.Banker.ATY, Virus Blast

3.0523 0 - Backdoor.PowerSpider, Dialer.BL, Trojan.Downloader.Banload.MG, Trojan.Downloader.Banload.MS, Trojan.Downloader.Banload.N, Trojan.Downloader.Small.AFI

Extended Intelli-Signatures:

3.0525 0 - 2Search, Adware.Henbang, Anti-Phishing, Backdoor.Agent.ADR, Backdoor.Agent.PX, Backdoor.Delf.AEO, Backdoor.Hackdoor, Backdoor.IRCBot.FP, Backdoor.NetSnake.H, BoCai Toolbar, ClearSearch, ClickSpring, ClkOptimizer, CnsMin, CWS, DeskAdTop, DownloadWare, EasyMessenger, Energy Plugin, HotBar, ISTbar, Known Bad Sites, Lop.com, Maxifiles, MD - Dialer, Neo Toolbar, Possible Website Hijack, RelatedLinks, Search Toolbar, Trojan.Downloader.Banload.AM, Trojan.Downloader.Delf.AI, Trojan.Downloader.Small.CCA, Trojan.Favadd, Trojan.Popuper, Trojan.Spy.Banker.ATY, Trojan.SRRS, Virtumonde, WebSearch Toolbar, WhenU.Search, Xupiter

3.0524 0 - 180search Assistant, Adware.NewWeb, Ardamax Keylogger, Backdoor.Agent.XU, Backdoor.Agobot, Backdoor.Lixy, Backdoor.Rbot.Gen, Borlander, Common Components for Dialers, Common Components for Rogue Anti-Spyware, Deskwizz, Dialer.CJ, Dialer.Coder, Dollarrevenue, KillAndClean, LinkMaker Hijacker, Lycos SideSearch, Marketscore Netsetter, Maxifiles, MrFindALot, MSConnect, Trojan.Dropper.MultiJoiner, Trojan.Dropper.Small.AEK, Trojan.Dumaru, Trojan.FakeMSN, Trojan.Fald, Trojan.FavAdd.AE, Trojan.LowZones.CQ, Trojan.Popuper, Trojan.Qhosts, Virtumonde, Wareout, Web--Search, WhenU.SaveNow, WinAntiSpyware, WinTools

3.0523 0 - AdBlaster, AsianRaw, Backdoor.Agobot, Backdoor.BackConstructor, Backdoor.Feardoor, Backdoor.Hackdoor, Backdoor.Lixy, Backdoor.Optix, Backdoor.Padodor, Backdoor.Rbot.Gen, Backdoor.SdBot, Bargain Buddy, Common Components for Trojans, EliteBar, Email-Worm.Win32.Prox.B, HotBar, Instant Access, ISTbar, Keenvalue, Known Bad Sites, LinkMaker Hijacker, MediaTickets, Powersearch Toolbar, PurityScan, Transponder.MXTarget, Trojan.Bancban, Trojan.Banker.CV, Trojan.Banker, Trojan.Clicker.Agent.AP, Trojan.DNS Changer, Trojan.Downloader.Agent.UM, Trojan.Downloader.Banload.BC,
Trojan.Downloader.ConHook, Trojan.Downloader.Delf.AAI, Trojan.Downloader.PV, Trojan.Downloader.Zlob.GEN, Trojan.Fald, Trojan.Proxy.Ranky, Trojan.Proxy.Small.BO, Trojan.Qhosts, Virtumonde, WebSearch Toolbar, Worm.WGAVN, Zango Search Assistant

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Wednesday, July 26, 2006

Spyware For Firefox

There's a new spyware threat called Formspy that affects the alternative web browser. Generally, Firefox has been spyware free, but as it has become more popular, the malware makers are setting their sites on it.

What Formspy does is to pose as a legitimate extension called NumberedLinks 0.9. Once installed, it will log and steal any information you enter on web sites, such as passwords, credit card numbers, and anything else you enter. It appears that Formspy is downloaded by another trojan, Downloader AXM.

The following file are added by Formspy:

Windows\System32\138762763.exe

There are a few more added to the Firefox folder, but they are modified versions of the legitimate files that are found there.

McAfee detects and removes this threat, but I don't know what else does at the moment.

Tuesday, July 25, 2006

SmitFraudFix Updates

SmitFraudFix is the program I have people use to remove a certain type of spyware. If you get an alert or some kind of warning by the clock saying you have spyware, then you have this particular spyware. I have an earlier post called Easy Fix For Spyware and Virus Alert that goes through the entire removal procedure.

Here are some new files and other trojans added to SmitFraudFix's detections yesterday:

DESKTOP\Online Shopping.url
DESKTOP\Remove Adware.url
DESKTOP\Sex Personals.url
DESKTOP\Video Slots.url
WINDOWS\ads.js
WINDOWS\local.html
WINDOWS\mxd.exe
WINDOWS\onlineshopping.ico
WINDOWS\removeadware.ico
WINDOWS\sexpersonals.ico
WINDOWS\tctool.exe
WINDOWS\url.exe
WINDOWS\videoslots.ico

TEMP\_uninst35.exe

WINDOWS\inetloader.dll
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll

WINDOWS\trustinbar.exe
PROGRAMFILES\TrustIn BarO2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll

O3 - Toolbar: TrustIn Bar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\Program Files\trustin bar\trustin.dll

WINDOWS\tse.exe
WINDOWS\se_spoof.dll
O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINDOWS\se_spoof.dll

O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\.dll

WINDOWS%\ticads.exe
PROGRAMFILES\TrustIn ContextualO2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll

WINDOWS\tpopup.exe
PROGRAMFILES%\TrustIn Popups

SYSTEM\977efcdb.exe

Spy Sweeper Update 726

Spy Sweeper latest update.

Program Version 5.0.5 (Build 1286)
Spyware definition: version 726

Updated July 25th, 2006
Protection against 144,789 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spyware Doctor 3.05220

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.05220
Intelli-Signatures: 64,822

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.05220 - CashSpace, Trojan.Downloader.Small.DDH

3.05210 - Backdoor.NetThief, Trojan.Downloader.Banload.MB, Trojan.Downloader.Banload.MC, Trojan.PSW.Delta, Worm.Viking

Extended Intelli-Signatures:

3.05220 - Backdoor.Agent.ADR, Backdoor.Harvester, Backdoor.IrcContact, Backdoor.NetSnake.H, Backdoor.Rbot.AEU, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, Carpe Diem, ClkOptimizer, Common Components for Claria, Common Components Unrelated, Dollarrevenue, LinkMaker Hijacker, Maxifiles, MrFindALot, Netvision Dialer, Recipe Rewards Toolbar, SpyAxe, Trojan.Agent.FG, Trojan.DNS Changer, Trojan.Downloader.Agent.AEZ, Trojan.Downloader.Small.CML, Trojan.Dropper.Agent.HL, Trojan.LowZones, Trojan.Popuper, Trojan.StartPage.ACW, Virtumonde, WinAntiSpyware

3.05210 - Adware.Henbang, Adware.Sa, Backdoor.Banito, Backdoor.PCclient, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, DeskAdTop, eZula, Instant Access, Mirar, SpyHeal, Starware, Surf Accuracy, Trojan.Banker, Trojan.Dropper.MultiJoiner, Trojan.Dropper.Small.AEK, Trojan.Killav.FV, Trojan.Popuper, Trojan.PWSteal.Lineage, Trojan.Spy.Banker.AEW, Trojan.Zapchast, Virtumonde, WebSearch Toolbar, WhenU.SaveNow, WinAntiSpyware

Tool Update releases:

Smart Update 2.6.0.2034

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Ewido Anti-Spyware

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Date of Update: July 25th, 2006
Known threats in database: 377,448

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Ad Aware SE1R116 24.07.2006

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:

SE1R116 24.07.2006

New Definitions:
========================
Virusblast +5

Updated Definitions:
========================
Adware.DuDu +7
Adware.Freeprod toolbar
begin2search
BlazingTools Perfect Keylogger
Hijacker.Qyule +14
Lop +8
Marketscore(Netsetter)
SystemDoctor
TargetSaver
Win32.Backdoor.Agent +2
WIn32.Backdoor.Agobot +2
Win32.Backdoor.Bifrose +2
Win32.Backdoor.Dumador
Win32.Backdoor.RBot
Win32.Backdoor.SdBot
Win32.Trojan.Agent
Win32.Trojan.Delf
Win32.Trojan.Downloader +6
Win32.Trojan.StartPage
Win32.Trojandownloader.Zlob +5
Win32.TrojanPSW.Sinowal
Win32.TrojanSpy.Goldun +3
Virtumonde +13

Friday, July 21, 2006

Malicious Email

We all suffer from spam, and I suppose it gets to the point where you can get a bit blasé about the unwanted emails that land in our inbox every day. But I got one today that I decided to investigate a little further.

First of all it told me that I had purchased a product with my Visa Card... hmmm, well I don't have a Visa Card and the email came into an email account that I never use for online purchases, so I was ready to just bin the email.. but then it said that my invoice was in the attachment.... Well I had to have a look at that.

I fired up a Virtual Machine and did my best to open the attachment. Windows actually blocked it, told me it was an unsafe file!!! Well done Windows XP, as you can see, straight away there are major advantages to running a fully patched system. However in the interest of research I got around the block and opened the file.. then activated the attachment. I ended up with a password stealing trojan lurking on my test machine!!

It goes without saying that spam or malicious email should never be treated lightly. There is some good advice at Get Safe Online on how to avoid spam and secure your computer against unwanted email.

Another good site that has come to my attention recently is Michael Horowitz's Example of Bad Email Messages.

Thursday, July 20, 2006

Spyware Doctor 3.05170

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.05170


Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

Backdoor.Delf.EE, Backdoor.Priority, Trojan.Downloader.Agent.AHS, Trojan.Downloader.Delf.ADY, Trojan.PSW.Wowcraft

Extended Intelli-Signatures:

2nd-thought.com, Backdoor.Badrat.C, Backdoor.CIADoor, Backdoor.CXH, Backdoor.Hackdoor, Backdoor.Maximus, Backdoor.Optixpro, Backdoor.Rbot.ADV, Backdoor.Rbot.Gen, Backdoor.VB.AFU, BookedSpace, Brilliant Digital, ClkOptimizer, Common Components for Keyloggers, Crystalysmedia Assistant, CWS, Derbiz, E2.Give, Elite Keylogger, EyeSpy, HmToobar, ISTbar, Known Bad Sites, Kuho, Malware Wipe, MediaGateway, MediaMotor, MediaMotor, Perfect Keylogger, PurityScan, SpyAxe, Trojan.Agent.FG, Trojan.Banker, Trojan.Delf.IT, Trojan.Downloader.Agent.FN, Trojan.Downloader.Agent.VH, Trojan.Downloader.Small.ATL, Trojan.Downloader.VB, Trojan.Downloader.Zlob.GEN, Trojan.Fald, Trojan.LowZones, Trojan.Popuper, Trojan.Spy.MSNLogThief, WebSearch Toolbar, WinAntiSpyware


Updates are installed by running Spyware Doctors' Smart Update feature.

CounterSpy Update 377

CounterSpy 1.5 latest update definition is 377

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Alibaba Toolbar, Kidda Toolbar, Backdoor.Agobot.aij, Bloodhound.Exploit.34, Backdoor.Win32.Agent.ad, Trojan.Small-GN, Chaxun.EyeOnBrowser, Trojan.BHO.31G, Trojan.BHO.URLComm, Turck MultiBrowser Bar, SponsorAdulto, Trojan.Agent-GG, Trojan.Agent.AMV, Adware.Sweetbar, Trojan-Spy.Win32.Agent.hh, Adware.DirectIP, Adware.MoneyGainer, Adware.IEhlpr, Adware.Webmisc, Trojan-Downloader.Delf.VS, Adware.FriendXms.A, Trojan-Spy.Banker.atw, 8848 Page Revisor, Leopard Search, CouponVault, Infostealer.Eyoni, Trojan.Heoms, Backdoor.Win32.Agent.vc, Trojan-Downloader.Win32.Delf.arb, Trojan-PSW.Win32.QQRob.fu, Trojan-PSW.Win32.WOW.de, Trojan.BAT.KillAV.cr, Trojan-Downloader.Win32.VB.afo, Exploit.Java.ClassLoader.k, Exploit.Java, Trojan.Win32.Qhost.hf, Trojan.Win32.Qhost.df, IM-Worm.Win32.Sumom.C, Trojan.PoopiePants, Trojan.Win32.Puper.bx, Trojan-Downloader.Win32.Tibs.fj, Trojan-Spy.Win32.Agent.nf, Bl4cksploit, Backdoor.Win32.Ulrbot.i, Bingo.SearchHijacker, Jcash.biz Dialer, FastSearch, Clickpix CursorBar, Adware.Yuupsearch, Trojan.ba3bho.BHO, Win32.Troj.YDT, Trojan.Retinimy.A, Trojan.PWS-CU, Trojan.AdClicker-BE, Falkag.URLHooker, TTJJ.CNav, Trojan.Myapop.A, EffectiveBrand.NeoAddict, Trojan.Iespy-A, EZ-Greets Toolbar, Supergames Toolbar, LoveFreeGames, Music of Faith, SurfAssistant, TickerBar, Trojan-Spy.Win32.Banker.bpf, Backdoor.Win32.Bifrose.ve, MyToolbar, Eyetide, Console Devil, Backdoor.Agent.aef, Trojan-Downloader.Win32.Small.cwq, Backdoor.Agent.DLE, Trojan-Clicker.Win32.Small.ja,
Trojan-Downloader.Win32.Small.cyb, Trustin.URLChanger, Dialer.Creazione, Trojan.Agent.NJ, Trojan-Downloader.Small.BAW, W32.Looked.P, Trojan.Win32.Zapchast.bp, Trojan-Downloader.Win32.Adload.cz, Trojan-Downloader.Win32.Small.cnc, Trojan-Downloader.Win32.Small.cyd, Trojan-Downloader.Win32.Small.dem, Trojan-PSW.Win32.Delf.nx, Trojan-PSW.Win32.Lmir.all, Trojan-PSW.Win32.Lmir.axm, Trojan-PSW.Win32.Lmir.axy, Trojan-PSW.Win32.QQGame.n, Trojan-PSW.Win32.WOW.dj, Trojan-Spy.Win32.Banker.axc, Trojan-Spy.Win32.Banker.em, Trojan-Spy.Win32.Banker.vr, Trojan.KillAV.E, Backdoor.Win32.Rbot.bcv, Trojan.Mcollect.A, Trojan.Win32.Dialer.pl

Threats that have been updated

AdLogix, SearchForIt.AdShooter, Backdoor.Ciadoor, BookedSpace, CoolWebSearch.CameUp, DownSeek Search, Hacker Defender, Hotbar, IStartHere, Look2Me, NewDotNet, PC Spy, KeenValue.PowerSearch, Search ToolBar, Spector, ToolbarCC, Cydoor.TOPicks, 2020Search, Krepper, Trojan.Delf, EasySearchBar, Grip Toolbar, DialerPlatform, MegaSearch Toolbar, HDTBar, Deskwizz/ZQuest, Netwebsearch/Adblaster, Virtumonde, Tubby.MakeMeSearch, AzeSearch.MWSearch, Trojan.Favadd, Trojan.Vxgame, Adware.CommanderNET, Trojan-Downloader.Small, My Way Speedbar, Trojan.BHO.NameShifter.A, Dialer.Maxd, Freeprod/Toolbar888, enBrowser Snack Man, SpecificMedia.GoGoTools, Cram Toolbar, WebDir, EZ-Tracks Toolbar, PWS-Banker, AFX Windows Rootkit 2003, Command Service, ActiveShopper.DealBar, Desktop Links, CashDeluxe.Dwc, Dimpy.Win32VBsy, StartPage.TimesSquare, DollarRevenue, Exploit.WMF, Trojan-Downloader.Gen, Crystalys Media, DesktopScam, FakeAlert, 180solutions.Seekmo Search Assistant, Nuclear RAT, Borlan.MMsAssist, BestOffersNetworks, Trojan-Spy.Win32.Banker.ark, Goldun.Fam, Trojan-Downloader.Win32.Small.awa, Exploit.CHM, Haxdoor.Fam, Trojan.Win32.Agent.oh, QuickLinks/Forethought, Trojan-Downloader.Agent.UQ, BaiduBar, Trojan-Clicker.Win32.VB.ij, SpywareQuake, Trojan-Proxy.Win32.Lager, WinAntiVirus Pro, Trojan-Downloader.Win32.Harnig, Trojan-Downloader.Small.CKM, TrustinBar, Henbang, SystemDoctor, Trojan-Dropper.Win32.Agent.hl, Zlob.Media-Codec, Trojan-Downloader.Fald, Trust Cleaner, Trojan-Proxy.Win32.Small.bo, Trojan.Win32.Pakes, PornMag Pass, Trojan.Win32.Dialer.pw, Exploit.Smitfraud, Trojan-Downloader.Win32.Agent.uj, Backdoor.Win32.Rbot.aeu, Bobic.l, Infostealer.Banpaes, Infostealer.Bancos, Trojan.PWS.QQPass, Trojan Horse, Infostealer, Infostealer.Lemir, Backdoor.Trojan, Infostealer.Ldpinch, Infostealer.Wowcraft, Trojan.Bomka, W32.Bobax, Bat.QuickFormat.Trojan, Tclock, SpyMail, Trojan.Win32.Agent.vp, Trojan.Win32.Agent.ut, Packed.Win32.PePatch.cp, Trojan-Downloader.Win32.Small.bgc, Trojan-Downloader.Win32.Small.crd, Trojan-Spy.Win32.Banker.aww,
Trojan.Galapoper.A, Exploit.ANI-MS05-002, Trojan-Downloader.Hanlo.R, Trojan.LinkOptimizer, Trojan-Clicker.Redir.D, AdMedia, ContextuAd, TargetAd, Backdoor.Rbot.zi, Trojan.Win32.Agent.wf, Trojan.Win32.DNSChanger.ef, Trojan-Downloader.PSK, Trojan-Downloader.Small.CYZ, Trojan-Downloader.Win32.Adload.ca, Trojan-Spy.Win32.Banbra.hb, Trojan-Downloader.Win32.Delf.gen, Trojan.Stwoyle, Scam.MySpaceBar, Backdoor.Win32.Agent.adr, Backdoor.Win32.SdBot.aad

Wednesday, July 19, 2006

Ad Aware SE1R115 17.07.2006

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:

SE1R115 17.07.2006

New Definitions:
========================
Adware.BocaiToolbar +4
Adware.CashDeluxe +6
Adware.Cygo +2
Adware.DigitalNames +9
Adware.DiyBar +3
Adware.EShopee +2
Adware.EyeWeb
Adware.Eztracks
Adware.FCHelp +2
Adware.FindSpy
Adware.FunWeb +2
Adware.Iebar +2
Adware.IEHlpr
Adware.Infocrawler
Adware.Interkey
Adware.MasterBar
Adware.NewWeb +2
Adware.Pop +4
Adware.PremiumSearch +2
Adware.RaxSearch
Adware.SideStep
Adware.SinaBar
Adware.SnuffBar
Adware.Suggestor +3
BirdSpy
BPS SpywareRemover +4
FakeAlert +8
Win32.Trojan.Bacteria +2

Updated Definitions:
========================
Adware.DesktopMedia +3
Adware.DollarRevenue +13
Adware.Henbang
Adware.LinkMaker +2
Adware.Look2Me
Adware.Maxifiles +2
Adware.MMSAssist +2
Adware.Yazzle +6
Adware.ZenoSearch
AdwareSheriff +7
BargainBuddy +20
Dialer +30
ErrorSafe
IROffer +2
Lop
Malware.Azesearch
MalwareWipe +2
Navihelper.BHO
PurityScan +13
SoftomateToolbar +2
SpyFalcon +2
SpywareNo +4
SpywareQuake +4
SurfSideKick +3
SystemDoctor +2
Ultimate Defender +2
Win32.Backdoor.Agent
Win32.Backdoor.RBot
Win32.Dialer.E-nrgyPlus
Win32.Harnig.Trojan +2
win32.Trojan.Dnschanger
Win32.Trojan.Mirc +6
Win32.Trojan.PWS +72
Win32.Trojan.StartPage +2
Win32.TrojanClicker +8
Win32.TrojanDownloader.ConHook +3
Win32.TrojanDownloader.Swizzor.br
Win32.TrojanDownloader.Wintrim
Win32.Trojandownloader.Zlob +22
WinAD
WinAntiVirusPro +7
Virtumonde +21
ZToolbar

Tuesday, July 18, 2006

SmitFraudFix Updates

SmitFraudFix is the program I have people use to remove a certain type of spyware. If you get an alert or some kind of warning by the clock saying you have spyware, then you have this particular spyware. I have an earlier post called Easy Fix For Spyware and Virus Alert that goes through the entire removal procedure.

Here are some new files and other trojans added to SmitFraudFix's detections yesterday:

O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\Media-Codec\isaddon.dll

C:\Program Files\Media-Codec\isamonitor.exe

C:\Program Files\Media-Codec\pmsngr.exe

Spy Sweeper Update 720

Spy Sweeper has some new spyware definitions. Also, remember the main Spy Sweeper program was updated last week to version 5.

Spyware definition: version 720

Updated July 17th, 2006
Protection against 144,170 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spyware Doctor 3.05160

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.05160

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
Backdoor.Agent.ADR, Backdoor.Maximus

Extended Intelli-Signatures:
Adware.Defender, Alexa, Backdoor.Hackdoor, Backdoor.IK, Backdoor.Rbot.Gen, Carpe Diem, Coupons, CWS.XPSystem, Hotoffers Hijacker, IBIS Toolbar, I-Search Desktop Search Toolbar, PurityScan, SexVideoPro Dialer, Trojan.Adclicker, Trojan.Bancos.JL, Trojan.Bancos.JZ, Trojan.Clicker.GEN, Trojan.Downloader.Apher.GEN, Trojan.Downloader.Delf.VT, Trojan.Downloader.Obscux, Trojan.Downloader.Small.BSU, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.HL, Trojan.Dumaru, Trojan.Fald, Trojan.Fivesec.A, Trojan.Goldun, Trojan.Popuper, Virtumonde, WebDir, WebSearch Toolbar

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Ewido Anti-Spyware Update July 18th

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Date of Update: July 18th, 2006
Known threats in database: 373,663

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

SpywareBlaster Update July 18th

Database items = 6421
15 are new
Updated , July 18th 2006

SpywareBlaster is free and available from here.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

Microsoft Buys Sysinternals

Microsoft announced today that it has aquired Sysinternals and Winternals. If you go to Winternals.com, you can see it has already been changed to show Microsoft has taken over. Sysinternals is still the same, but it slow right now. This is the home site for Mark Russinovich, who discovered that SonyBMG was using a rootkit on some of it's music discs last year.

Sysinternals offers many free tools and programs for Windows like Process Explorer, Regmon, and Autoruns. These programs have been used by many security people to provide better alternatives to Windows built in tools. Process Explorer for example provides far more information and options than the built in task manager of Windows. Autoruns was used as part of a way to disable the daily phoning home of Windows WGA tool in this example.

As of right now, all of the programs can still be downloaded, but whether they can be in the future is uncertain.

Sunday, July 16, 2006

Update on the ImageShack Problem

I said I'd give you an update if and when I heard from ImageShack, see my post here. Well I heard back from them today.

Some advertisements contain a X that looks like it can close the window. However, this is not the case. In order to close advertisements (anywhere, not just on ImageShack), you must click the X in the VERY UPPER RIGHT of the image advertisement. If you do that, you should have no problems with popups or popunders anywhere on the internet.

ImageShack strives to prevent deceptive advertisements from appearing, but we cannot always control our advertising networks, although we follow up on every issue that we encounter.

Let me know if you have any questions.

Hmmm... well first of all I will say thank you to ImageShack for getting back to me. However, I'm a little worried by the statement that they cannot always control their advertising networks.... why on earth not?? In my opinion, any business that serves up this type of advertising should know exactly who is advertising with them and the methods that they use to procure interest in their product. Or perhaps it is just the dollars that they are interested in, you know, rake in the revenue and wait until someone complains!

Incidentally, when you are hit by a rogue advertisement or site, clicking the X in the upper right hand corner of the image doesn't do any good (I do know how to close windows you know!!) and I'm sure there are plenty of people out there on the internet who will confirm that. A safer and more effective way of closing a window when you are in this situation is to press Alt + F4 this will close the active window without a mouse click.

Finally, I've been back to the images that were serving up the WinAntivirus download and they now seem to be clear. I don't know whether ImageShack have actually got rid of these ads or not. As they didn't confirm or deny this particular problem in their reply to me. I don't think I will be recommending their service to my friends though, I can't take the chance that this sort of thing won't happen again in the future.

Friday, July 14, 2006

Myspace Spyware?

Myspace has become the most popular website in the US, passing Yahoo! as the most visited site. It shouldn't be a suprise that the adware and spyware makers are targetting it now. Right now, there's two adware makers who are trying to get their products promoted through Myspace, Zango from 180Solutions and Dollarrevenue through Regifast.com. The Zango one adds adware to a Myspace page. The Dollarrevenue one actually asks for your Myspace name and password. Exactly what is done with your log in information is not disclosed.

The first case with Zango has been reported at many news sites already, including Slashdot. A bref description is that free videos could be added to a Myspace profile, but to watch the video, you had to install Zango. This has a few problems because the terms of use for Myspace doesn't allow you to add content that is "commercial activity". By putting the supposedly free videos on a Myspace page, it is promoting a commercial product, Zango. To watch the video, you have to install Zango, a commercial product. Check out this screen shot. Lots more info at Vital Security about this.

Another recent discovery has an adware group called Regifast.com using DollarRevenue as part of their adware bundle. When installing this, you are prompted for your Myspace account info, your name and password! There's no indication of what is done with your log in information. There are several notes in the fine print that they are not affiliated with Myspace, yet the impression given is that they are. More details are at Webhelper's site.

Thursday, July 13, 2006

Latest Rogue Spyware Products

There are many programs that claim to clean spyware from your computer available. Unfortunately, many of them are not worth the price and some even add spyware to your computer. These programs are called rogue programs because they don't do what they advertise. In a few cases, some are outright scams. The best place to see if a program is a rogue is to look it up on the Rogue/Suspect Antispyware page at Spyware Warrior.

The page has gotten long, so the easiest way to look for one program is to use the find feature in your web browser. In the menu at the top left of your browser, click edit and then find on this page. Then, put in the name of the program you want to find. Many of the programs have several places on the page where they are mentioned, so be sure to find next until you are done.

Here's some of the latest programs or web pages that have been added:

AdwareFinder
SpyHeal
Xmembytes AntiSpyware
TitanShield AntiSpyware
Trust Cleaner
KillAndClean
RemoveIT Pro
SpywareBot
SpyOnThis
Spyware Sheriff
Spyware Scrapper
Spyware Soft Stop
Ultimate-Spyware Adware Remover
InternetShield
X-Con Spyware Destroyer
Spyware Quake
PestWiper
Brave Sentry
Spy-Shield

Some of these like SpywareQuake and SpyHeal are actually spyware or trojans themselves. If you are prompted to buy any of these, beware.

Spybot Search & Destroy Updates

Spybot Search & Destroy
7th July 2006


Hijacker
+ CoolWWWSearch.Compstuic + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Keylogger
+ SnapFiles-SoftForYouLogger
Malware
+ Vcodec.eMedia (2) + Command Service (3) + AdStatus Service + Web-Nexus + Smitfraud-C. (3) + Win32.Rbot.gen + Zeno (2)
PUPS
+ Bearshare
Spyware
+ Banker-AJD + Axfibula + PurityScan
Trojan
+ TeamTaylor.Screensaver (2) + Zlob.Downloader + Small.cxl + BPS Spyware Remover + KillAndCleanScanner (2) + ConHook (2) + Slogger + Tibs.vq + Cimuz
Total: 336547 fingerprints in 44407 rules for 2075 products.

Spybot is available from
Safer-Networking.org.

IE Spyad Updated July 10th

IE Spyad has been updated. You can download all of these new versions at:

http://www.spywarewarrior.com/uiuc/resource.htm

What is IE Spyad? It is a free list of bad sites that are added to Internet Explorer's restricted zone. By putting those sites in the restricted zone, it limits the harm they can do your computer. Here is an excerpt from the author describing it:

IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.

Here is an explanation on how to use it, including screen shots.
Many rogue Internet sites have been added to IE Spyad's protection list. A few that are of note include some of the fake Windows security sites that are from SmitFraud, better known as SpyAxe, SpyFalcon, and SpywareQuake.

bestsecurityguide.com
bestsecuritysites.com
boostservice.com
securitybulletin.net
systemsecurityindex.com
theguardservices.com
urgentwindowsupdate.biz

New Spy Sweeper Program Available

Webroot's released a new version of their Spy Sweeper program. Spy Sweeper is now at version 5.0. This updated version adds several new features to protect your computer from spyware. Here's a short description of the new features:

  • Simple sweeps -Detecting spyware and removing unwanted programs found on your computer in three effortless steps
  • Easy management - Quickly and simply configure program, sweep and upgrade options
  • Fast home - Use the home screen to access the most commonly used functions of Spy Sweeper
  • Shields summary - A redesigned shields summary page makes it simple to see at a glance which shields are on or off
  • Action alerts - Receive clear, easy–to–understand notifications when new spyware threats are detected
More info is available on Spy Sweeper 5 update page. To get the latest protection offered by Spy Sweeper, be sure to update to version 5.

Program Version 5.0.5 (Build 1286)
Spyware definition: version 718

Updated July 16th, 2006
Protection against 143,985 spyware traces.

Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Ewido Anti-Spyware Update July 13th

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: July 13th, 2006
Known threats in database: 369,678

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

CounterSpy Update 373

CounterSpy 1.5 latest update definition is 373

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Joke.WindowCloser, Rootkit.Agent.BK, Trojan-Dropper.Delf.VA, Email-Worm.Looksky.AN, Trojan-Downloader.Small.AYL, Trojan-Downloader.Tibs.DT, Trojan-Downloader.Agent.AIO, Trojan.DNSChanger.CO, Trojan-Spy.BZub.J, Trojan.DNSChanger.CT, Backdoor.Dumador.FZ, Trojan-Dropper.Agent.AIB, Trojan-Downloader.Zlob.LV, Trojan-Downloader.Small.CNH, Backdoor.SdBot.XD, Trojan-Downloader.Small.CTT, Trojan-Downloader.Win32.Delf.cb, Dialer.Win32.PlayGames.l, W32.Maldal.C@mm, W32.Hostidel.Trojan, BackOrifice.Trojan, Backdoor.Beasty.Family, Backdoor.IRC.Aladinz.B, Backdoor.Trojan.Client, PWS.Hooker.Trojan, Backdoor.SubSeven2gld, Backdoor.Daemonize, Backdoor.Lithium.B, JV.BrownOrifice.Class, Backdoor.Berbew, VBS.Mcon.B, JS.Exception.Exploit, ProMail.Trojan, Backdoor.BO2K.cfg, Backdoor.Rtkit, Trojan-Downloader.Dluca, Backdoor.IRC.Cirebot, Trojan.CGSi, VBS.Seeker.Family, Dialer.Stardial, Trojan.Boa, Backdoor.NetSpy.20, W32.Supova.Worm, Backdoor.ICQ.Trojan, Backdoor.Lax, Trojan-Downloader.BO.B.dr, Backdoor.Slackbot.B, Backdoor.Lixy, Backdoor.IrcContact, Trojan-Downloader.Dluca.B, Backdoor.Y3KRat.16, Infostealer.Hukle, Backdoor.NetDevil, Trojan-Downloader.Inor, Trojan-Downloader.PSK, Trojan-Downloader.Mimail.B, Backdoor.GWGirl, Trojan.AntiUpdater, Backdoor.IRC.Yoink.A, Trojan.Platan.A, Backdoor.SubSeven.21b, Bat.Deltree.Trojan, Backdoor.Migmaf, W32.HLLW.Bymer, Backdoor.SysReg, W32.FamMovie.Worm, W32.LastScene@mm, VBS.WTVSig, Netbus.170.W95.Trojan, Backdoor.Ketch, Backdoor.InCommander, Trojan.Diagcfg, ICQ.Revenge.Trojan, Trojan Generator, Backdoor.BladeRunner, Backdoor.Sdbot, Backdoor.IRC.Flood, Trojan.Digits, AOL.Trojan, Trojan-Downloader.Berbew, Trojan.Xtratank, Backdoor.Sinit, W32.Tkbot.Worm, PrettyPark.Worm, Backdoor.SubSeven22, Trojan-Downloader.BO.B, Backdoor.IRC.Aladinz.F, Dialer.TeleBizz, Subseven.22.plugin, Trojan.Pet, W32.Blaster.Worm, PM Trojan (OCX), XM.LMV.C:Tw(trojan), Trojan.Crabox, Trojan.Naldem, Trojan.IrcBounce, VBS.Destroyer.Trojan, XM.Format.A(joke), Trojan-Downloader.Aduent, Backdoor.Senna, Backdoor.Lala, BackOrifice2K.Trojan, Infostealer.Tarno.B, Download.Trojan.B, W32.Friendgreet.worm, Backdoor.WebDl, Backdoor.GWGhost, VBS.StartPage, Backdoor.Coreflood, Trojan.Sinkin, VBS.Solved.B, Backdoor.Blarul, Adware.Ulubione, Backdoor.Subseven.22.a, HTA.Xoom.Trojan, Backdoor.Thunker, Keylogger.Stawin, PhaseServer.Trojan, Backdoor.Nerte, Backdoor.GDoor, Backdoor.Breach.2001, W32.Tzet.Worm, XM.LMV.A:Tw(trojan), Netsphere.Trojan, Backdoor.Sumtax, Trojan.Bookmarker.C, WM.RegBomb.A.Trojan, W32.LXD.Mirc, Trojan-Downloader.Magicon, Kill98.Trojan, RingZero.Trojan, W32.Mypics.Worm (bat), Trojan.EraseHDD.f, Backdoor.Roxy, Login Thief Trojan, VBS.Solved, Bat.FakeAV.B.Trojan, QScare.cascade, Jeru.1808.Trojan (1), Trojan.Bookmarker.D, Adware.SearchCounter, Trojan.Bookmarker.B, Backdoor.Zinx, W32.Nimda.A@mm (dr), W32.Navidad, MSN.Flooder, VBS.GMW.gen, Bat.FakeAV.A.Trojan, Adware.iPend, Backdoor.Assasin, Backdoor.Slackbot.10, Trojan.Zasil, W32.Hopalong@mm, W32.HLLW.Yoohoo.C, Dialer.OneOnOne, Netbus.160.W95.Trojan, W32.Zoek.E@mm, Dialer.ExDialer, Trojan-Downloader.BO, Bat.Rude.Trojan, Backdoor.Cybspy, Backdoor.Hacarmy, Catman Trojan, Backdoor.SchoolBus.A, W32.HLLW.Donk, W32.Protoride.Worm, Trojan.Xombe, W32.MyLife.H@mm, VBS.Downloader.Trojan, W32.DoS.funtime, W97M.Scharf.A.trojan, Mkworm, Infostealer.Coced240b, Backdoor.Fluxay, Backdoor.Taskmon, Trojan.Boxer, W32.HLLP.Zomby.17920, BackOrifice2K.Inst, Backdoor.Asylum, Dialer.MoneyTree, Backdoor.Netdex, Dialer.SwitchDialer, Calculus Trojan, IRC.Companion, WM.Balu.A.trojan, Trojan.Mumuboy, Backdoor.Ptakks, Trojan.Priv, W32.MyLife.G@mm, Trojan.Bookmarker.E, W32.Vote.gen@mm, SPing.Trojan(1), DonaldD.Trojan, W32.Cholera.C.Worm, Backdoor.Doly.11.Cli, Trojan.Chico, Adware.Conspy, Yahoo.Flooder, Backdoor.Optix, VBS.Without.C@mm, VBS.WMVG.Gen, Dialer.Crosskirk, Backdoor.Beasty.Kit, Backdoor.NetThief, Trojan-Downloader.BO.dr, XM.LMV.D Trojan, Trojan.ANSI.Error, Backdoor.Danton, Backdoor.Coreflood.dr, SoftWar.Trojan, Trojan.Stealther, Trojan-Downloader.Berbew.dam, Trojan-Downloader.Tooncom, Dialer.Montil, W32.Cbomb, W32.Redesi@mm, Adware.SearchSpace,stealer.SSFS, W32.Cholera, Bat.HDFill.Trojan

Threats that have been updated

Too many to list, but includes the following plus many more

eXact.BargainBuddy, BonziBuddy, CoolWebSearch, Hacker Defender, IBIS.WebSearch Toolbar, C2.Lop, Xupiter, webHancer, ABetterInternet, DealHelper, 180solutions.SearchAssistant, Virtumonde, SpySheriff, DollarRevenue, SpywareQuake, Zlob.Media-Codec

Spyware Doctor 3.05120

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.05120

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
Backdoor.Grobodor, Trojan.Proxy.Agent.DD, Trojan.PSW.Yahoo.VB, Trojan.QQHook.A

Extended Intelli-Signatures:
Backdoor.Agobot, Backdoor.Hackdoor, Backdoor.Haxdoor.AM, Backdoor.Netdevil, Backdoor.Oscar, Backdoor.Poebot.B, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, CasinoClient, Dollarrevenue, Family Keylogger, Known Bad Sites, MediaGateway, MediaTickets, My Daily Horoscope, ToonComics Hijacker, Trojan.Bancos, Trojan.Bankos.HA, Trojan.Downloader.Vivia, Trojan.Dropper.Agent.AMR, Trojan.Dropper.Small.AEK, Trojan.Goldun, Trojan.Killav.AU, Trojan.Mailbot, Trojan.Surila, Trojan.Vxgame, Virtumonde, WurldMedia

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Wednesday, July 12, 2006

End of Support for Windows 98 and Windows ME

Nick has already posted his concerns about how the End of Support for Windows 98 will leave it open to attack. Well now it has finally happened, as of yesterday (July 11th 2006) Microsoft will no longer provide technical support or security updates for Windows 98 or Windows ME.

The reason for this is as Microsoft states here is as follows;

Microsoft is retiring support for these products because they are outdated and can expose customers to security risks. We recommend that customers who are still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft operating system, such as Windows XP, as soon as possible.

All is not completely lost however as Microsoft will continue to host a pleathora of How To articles and tips and troubleshooting content here

RIP W98...... I have fond memories (I think) of those BSOD's and trying to defrag without the process stopping halfway through and system file checker was my best friend!!!

Monday, July 10, 2006

What's up with ImageShack

Free image hosting is becoming more and more popular, the ordinary user on the internet finds it handy and useful, after all you only need to upload your image to the host and you can then post the link on a forum so that everyone can see the full image or a thumbnail of the image, this is great if you want to share some photos or post a screenshot of a computer problem that you may be having.

One of the favourite and easy to use hosts is ImageShack. Of course they have to make their money somehow or they wouldn't be able to provide a free hosting service, but seeing a few ads on the site that is serving the image is a small price to pay and something that I can cope with.

It's all getting a little more sinister than that now I'm afraid, a good friend and moderator at Computer Trouble reported that, after clicking on a thumbnail from ImageShack that had been posted at the forum, he got a pop up that he couldn't close and was subsequently infected with a couple of trojans. He wasn't the only one either, four other forum members reported problems too.

So I had a go at clicking on one of the thumbnail images and here is what happened. First of all the image opened, then this popped up!

That was worrying, but I didn't click on the OK button I closed the window using the red X... then this popped up!

Oh dear, I tried to close that page and then this popped up.

I tried to close that one and the WinAntivirus page popped up again along with a download request. Needless to say I denied the request and then went through my computer with a fine tooth comb to clear out all vestiges of the infection that was trying to install itself.

Little Eagle of Security Central also investigated these Image Shack thumbnails and you can see his results here.

So what's going on? I tried to contact ImageShack but I just could not get their contact page to load even though I tried numerous times.
I'm not saying that the ImageShack site itself is compromised, but it doesn't look like they are too bothered about their advertising affiliates and until they clean up their act I strongly suggest that you stay away from ImageShack.

Edit: The problems I was having with the contact page for ImageShack seem to be specific to me. A friend has contacted them for me on my behalf and given them my contact details, I'll post any updates as I get them.

Update posted here

Sunday, July 09, 2006

Sunbelt Counter Spy 371

CounterSpy 1.5 latest update definition is 371

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Trojan-Downloader.Zlob.WO, Trojan-Proxy.Dlena.D, Trojan.Win32.Agent.pk, Trojan-Downloader.Win32.Agent.aox, 404Killer, Trojan.Nebuler, Kword.InterKey, SearchVivor, Trojan.Win32.Agent.wf, Trojan-Clicker.Win32.Small.lf, Trojan-Downloader.Small.AWM, Trojan-Dropper.Win32.MultiJoiner.13.h, Trojan-Downloader.Win32.Agent.aov, Trojan-Downloader.Win32.Agent.aou, Scumware-Remover, Porn-Dialer.Win32.Salc, Trojan-Downloader.WMA.Wimad.b, Trojan-Downloader.Win32.Small.wk, Trojan-Dropper.Win32.Small.pv, Trojan-Downloader.Win32.Delf.dg, Trojan-Downloader.Win32.Monurl.gen, Trojan-Dropper.Multi.Gen, Backdoor.Win32.Cakl.b,
Backdoor.Win32.Thunk.e, Trojan-Downloader.Win32.Agent.eb, Trojan.Win32.StartPage.qr, Trojan.Win32.StartPage.po, CouponAge, Trojan-Proxy.Dlena.E, Trojan.DNSChanger.ef, Trojan.Win32.Dialer.qi, Dialer.Mitrafa, Backdoor.Win32.Prorat.do, Trojan-Downloader.Win32.Agent.aly, Trojan-Clicker.Win32.Small.bt, EZUrl, Trojan-Downloader.Win32.Delf.eb, Trojan.Win32.Dialer.bk, Trojan-Clicker.Win32.Agent.af, Trojan-Clicker.Win32.Agent.v, Backdoor.Win32.Agent.ac, Trojan-Dropper.Win32.Small.nt, SpyHeal

Threats that have been updated

eXact.BargainBuddy, DotComToolbar, Hotbar, IST.ISTbar, Konik, Look2Me, C2.Lop, Praize, ClickSpring.PuritySCAN, Russian Searchbar, WhenU.Save, SearchIt Toolbar, TIBS Premium Rate Dialer, Trail Of Destruction, TV Media Display, WinCom Trojan, Searchpage, LookingFor, Trojan-Downloader.iinstall, Freeprod Toolbar, Desktop Weather, Trojan.Lowzones, Dimpy.Win32VBsy, DollarRevenue, Exploit.WMF, DesktopScam, HotWebFinder.Winbrume, Goldun.Fam, Haxdoor.Fam, Trojan-Downloader.Agent.Afl, SpywareSoftStop, Trojan-Clicker.Win32.VB.ij, Trojan-Proxy.Win32.Lager, PWS.Order, Baigoo, Caishow, Trojan-Downloader.Win32.Harnig, UpToFind.RelatedSearch, Trojan-PSW.Win32.Sinowal, Zlob.Media-Codec, Trojan-Downloader.Win32.Small.bsq, PornMag Pass, Trojan-Downloader.Win32.ConHook.aa, Trojan-Spy.Win32.Agent.ch, Exploit.HTML.Mht, Trojan-Downloader.Win32.Small.amb, FullContext.PSHope, Trojan.Dialer.AY, Trojan-Downloader.Win32.Agent.aoc, Backdoor.Rbot.zi

Ad Aware SE1R114 08.07.2006

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:

SE1R114 08.07.2006

New Definitions:
========================
Adware.Metastop Toolbar
Adware.Qyule
Adware.WSearch +5
Backdoor.ColdFusion +9
Ultimate Defender +2
Win32.Trojan.Pakes
WinAntiVirusPro +4

Updated Definitions:
========================
AdRotator
Adware.DesktopMedia +6
Adware.Henbang
Adware.HuaCiSou +2
Adware.LinkMaker +4
Adware.Maxifiles
Adware.MMSAssist
Adware.Yazzle
CnsMin
EzSearchbar
Golden Eye
Malware.SpyGuard
MalwareWipe
OurXin
PurityScan
SpywareQuake
WebHancer
Win32.Trojan.Spambot +3
Win32.TrojanClicker
Win32.TrojanDownloader.ConHook +3
Win32.TrojanDownloader.Small
Win32.Trojandownloader.Zlob +4
Win32.TrojanSpy.Goldun
Yok Toolbar

Saturday, July 08, 2006

Nearly Update Time Again

As always, Microsoft have released an advance notification for the updates that are due to be released next Tuesday.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 11 July 2006 Microsoft is planning to release:

Security Updates

Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.

Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft Security Bulletin Advance Notification

Thursday, July 06, 2006

Ewido Anti-Spyware For July 6th

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Date of Update: July 6th, 2006
Known threats in database: 365,653

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spy Sweeper Update 713

Spy Sweeper latest update.

Spyware definition: version 713

Updated June 16th, 2006
Protection against 141,376 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spybot Search & Destroy

Spybot Search and Destroy has an update for July 1st, 2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:


Hijacker

+ SearchCentrix + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Malware
+ ABetterInternet + Smitfraud-C. + Swizzor + SpywareDetector + Browsezilla + Web-Nexus + DyFuCa.InternetOptimizer + MediaMotor + Vcodec.eMedia
Spyware
+ SilentSpy + Axfibula + 180Solutions.Zango
Trojan
+ Perlink + Tibs.ao + BraveSentry + Small.cxl + UpToFind.RelatedSearch + Win32.Lager.aq + Win32.Small.em + Zlob.PornMagPass + VirtuMonde (2) + Dialer.GlobalAccess + YazzleSnowball_Wars + SearchNet + TeamTaylor.Screensaver
Total: 334484 fingerprints in 43927 rules for 2064 products.

CounterSpy Update 369

CounterSpy 1.5 latest update definition is 369

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

GoDOTless.SecureServicePack, SexxxPassport, Trojan-Proxy.Win32.Agent.hs, Multi.TVSK, Trojan-Proxy.Small.EI, Trojan-Downloader.Small.CKT, Trojan-Downloader.Tiny.CE, Trojan-Downloader.Banload.AEN, Trojan-Spy.Banker.BEB, Trojan.Dialer.AY, Trojan-Spy.Agent.IR, Trojan-Downloader.Tiny.BH, Trojan-Downloader.HTML.Agent.AE, Trojan-Clicker.Redir.D, Trojan.Diamin.I, Trojan.Dialer.LA, Trojan.Diamin.V, Backdoor.VB.ARQ, Kuaiso Toolbar, Backdoor.Win32.Hackarmy.gen, Backdoor.Win32.Agent.yr, Worm.Win32.Viking.j, Trojan.WinREG.LowZones.a, Trojan.Win32.Dialer.gh, Trojan.Win32.Dialer.co, Adware.Roogoo, Trojan.BankAsh, Trojan-Downloader.RouterVideo, Yayad.AdCore, Trojan.Agent-BTX, Adware.Zhong, Adware.NewWeb, AskYaya, AdMedia, IEPlus, Globosearch, Trojan-Clicker.Win32.VB.ji, Trojan-Downloader.Win32.Delf.elh, TrendySearch, MKG SearchAssistant, SEO ToolBar, Adware.U88, Trojan.Agent-BDE, Trojan.Singu-AK, Trojan.Singu-AJ, Trojan.Smartallyes, GlobalSearch, ContextuAd, TargetAd, Trojan.StartPage.J, iBar, Adware.Cacb, Trojan.Win32.Delf.cf, Adware.AllSum, Trojan.Rulad, Trojan.Wayphisher, Trojan.StartPage-JC, Trojan-Downloader.Obfuscated.N, Trojan-Downloader.Small.DDK, Trojan-Downloader.Small.DDJ, Trojan-Downloader.Small.DDL, Trojan-Proxy.Agent.KQ, Backdoor.Agent.ACT, Trojan-Downloader.Win32.WinShow.as, Backdoor.SdBot.ASY, Trojan-Downloader.Small.DDP, Worm.Banwarum.G, Trojan-Downloader.Win32.Zdesnado, Trojan-Dropper.Win32.Agent.afj, Trojan.Qhost.GO, Trojan-Downloader.Win32.Tibs.bs, Trojan-Downloader.PassAlert.O, Trojan-Downloader.Banload.AJW, Worm.MSIL.Letum.C, Trojan-PSW.Lmir.ATP, Trojan-Dropper.Agent.AKH, Trojan-Downloader.Small.AWS, Backdoor.Win32.Akbot.g, Backdoor.Win32.Hupigon.bpx, Trojan.Banker.Delf.F9B68043, Trojan.Banker.Delf.64C5D0E7, Trojan.Banker.Delf.18F84B82, Trojan.Downloader.Smallie.A, Trojan.Banker.Delf.D73BFDBC, Trojan.Downloader.Huge.E, Trojan.Agent.RI, Trojan.Banker.Delf.A10D702F, Trojan-Downloader.Zlob.OL, Backdoor.Hupigon.JG, Trojan.Banker.Delf.E95B490C, Trojan.Banker.Delf.392F6D34, Trojan.Banker.Delf.4EF13FBA, Trojan-PSW.Win32.WOW.ck, Trojan-Spy.Win32.Banbra.he, Trojan-Spy.Win32.Banker.bjk, Backdoor.Win32.GrayBird.jj, Backdoor.Win32.Hupigon.bno, Trojan-Proxy.Win32.Agent.kq, Trojan-Downloader.Win32.Banload.ark, Trojan-Downloader.Win32.Small.ddj, Trojan-Spy.Win32.Banbra.hf, Trojan-Downloader.Win32.Small.cxn, Trojan.Win32.Dbit.e, Trojan-Clicker.Win32.Small.le, Trojan-Downloader.Win32.Agent.aoc, Trojan-Downloader.Win32.Small.dcj, Backdoor.Win32.Prorat.ef, Bobic.m, SpamAgent.kb, Bobic.o, Bobic.p, Trojan.GreatMemo, Trojan-Downloader.Win32.Zlob.vv, Trojan.Win32.Diamin.br, Trojan-Downloader.Win32.Small.dbx, Backdoor.Rbot.zi

Threats that have been updated

Trojan.Ciadoor, 3721 Chinese Keywords (CNSMin), Hacker Defender, Hotbar, Annotate NetRadar, Backdoor.SDBot.gen, WurldMedia, Grip Toolbar, Begin2Search, Backdoor.Win32.Rbot.gen, DigitalNames, Virtumonde, Tubby, AzeSearch.MWSearch, Quick! Searchbar, SurfSideKick, EZ-Toolbar, SpyGraphica Professional, El Espia, Exploit Child Watchdog 2, NEWT Pro, Trojan.Vxgame, Trojan.DesktopHijack, Trojan-Downloader.Small.DP, Trojan-Downloader.Small, Freeprod Toolbar, Trojan.Lowzones, Trojan.Agent, PWS-Banker, CashDeluxe.Dwc, Dimpy.Win32VBsy, DollarRevenue, Trojan-Downloader.Gen, Parents CyberAlert, Trojan-Clicker.Win32.Delf.j, DesktopScam, FakeAlert, Trojan-Proxy.Win32.Wopla.s, HotWebFinder.Winbrume, Goldun.Fam, Wab-Stealer, Trojan.Win32.Agent.kz, Trojan-Downloader.Win32.Agent.aef, Desktop Snooper, Trojan-Spy.Win32.Banbra.df, Haxdoor.Fam, Jupites.dr, Inor-Fam, Trojan-Downloader.Win32.CWS.s, QuickLinks/Forethought, Trojan-Downloader.Zlob.IL, Backdoor.Rbot.adf, Trojan-Proxy.Win32.Wopla.u, Trojan-Downloader.Win32.Small.ctb, Fengc, Yazzle.SnowBallWars, Trojan-Proxy.Win32.Lager, Trojan-Downloader.Win32.Small.csn, PWS.Order, Baigoo, Caishow, Murlo.a, SpamTool.Win32.Agent.h, Yok, Trojan-Downloader.Win32.Harnig, TrustinBar, Trojan-Proxy.Win32.Xorpix.Fam, RemoteAdmin.CommonLibrary, Trojan-PSW.Win32.Sinowal, Zlob.Media-Codec, Trojan-Downloader.Small.Cux, Trojan-Downloader.Win32.Small.ctf, Backdoor.Win32.Agent.uu, Backdoor.SdBot.aov, DiyBar, Trojan-Downloader.Small.CQF, Exploit.Smitfraud, Trojan-Downloader.Agent.ALI, Trojan-Proxy.Win32.Small.du, Backdoor.Win32.SdBot.lt, Backdoor.Win32.SdBot.xd, Bobic.n, Infostealer.Bancos, Trojan.Anserin, Infostealer.Bancos!gen, Infostealer, Backdoor.Trojan, Infostealer.Wowcraft, Trojan.Zlob, Bloodhound.Morphine, Trojan.Bomka, Infostealer.Lineage, Dialer.PlayGames, Bloodhound.NsAnti, Trojan.Emcodec, Trojan-Downloader.Agent.ALZ, HateStupid, Trojan.PWS.QQPass.GZ, Trojan.Win32.BKClient, Trojan-Downloader.Win32.ConHook.aa, Trojan-Downloader.Win32.Banload.gc, Trojan-Downloader.Win32.Dadobra.af, Trojan-Spy.Win32.B, Trojan-Spy.Win32.Banker.bht, Trojan.Win32.Regger.s, Trojan-Downloader.Win32.Small.cqf, Trojan-Downloader.Win32.Delf.aeo, Trojan-Downloader.Win32.Small.crd, Trojan-Downloader.Win32.Small.ctk, Trojan-Downloader.Win32.Zlob.gen, Trojan-PSW.Win32.Lmir.auj, Trojan-Proxy.Agent.GX, Trojan-Downloader.Win32.Small.cqs, Email-Worm.Win32.Locksky.af, Trojan.Agent-CCR, W32.Looked.J, Trojan.Galapoper.A, Worm.Win32.Viking.k, Trojan.Opnis.K, Trojan.Opnis.F, Trojan-Downloader.Small.BEK, Trojan.LinkOptimizer, Trojan-Downloader.Win32.Agent.alp, Trojan-Dropper.Agent.AKO, Backdoor.Win32.Bancodor.ab, Backdoor.Win32.Bifrose.rr

Spyware Doctor Update

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0506 0
Intelli-Signatures: 62,784

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0506 0 - Backdoor.Feardoor, Backdoor.Infra, Trojan.Downloader.Moonri, Trojan.Dropper.MultiJoiner
3.0505 0 - Child Watchdog, Worm.P2P.Krepper

Extended Intelli-Signatures:
3.0506 0 -Backdoor.Agobot, Backdoor.GrayBird.Q, Backdoor.MoSucker, Backdoor.Rbot.Gen, Bargain Buddy, Brilliant Digital, CWS.Your-Search, DownloadWare, ErrorSafeFree, Media Access, MediaGateway, MediaMotor, Mirar, MyFreeCursors, NaviSearch, Pugi.SearchExplorer, Roings Search Enhancement, Rootkit.Order, SahAgent, Transponder.MXTarget, Trojan.Adclicker, Trojan.Clicker.Small.CC, Trojan.Dropper.Small.AEK, Trojan.Popuper, Trojan.Proxy.Small.BT, Trojan.StartPage.GEN, Windows AdService, Windows AdStatus, Wonderland.33107, XDialer.XDial, Zeno Search Assistant
3.0505 0 -Andlotsmore.com dialer, Backdoor.Agobot, Backdoor.CIADoor.13, Bulla, CWS.SvcHost, PurityScan, Slagent, SpyAxe, Stealth Keylogger, TargetSavers, TIBS Premium Rate Dialer, Transponder.TPS108, Trojan.Downloader.Zlob.GEN, Trojan.Spy.WinFlux, Trojan.SRRS, WorldAntiSpy, Worm.Sality, XPCSpy, YourSiteBar

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Monday, July 03, 2006

Fight the Phish


The Castle Cops Phishing Incident and Termination (PIRT) Squad have been having a busy time. This volunteer based force of phish chasers are really begining to make a difference and are actively working on taking down phishing sites.

Paul and Robin Laudanski, the owners of CastleCops have compiled a list of the top twenty brands targeted by phishers.

May 2006 confirmed phish (brand plus total count for May):

  1. PayPal - 520
  2. eBay - 309
  3. Bank of America - 37
  4. Barclays - 36
  5. Wells Fargo - 36
  6. Chase - 33
  7. WAMU - 28
  8. HSBC - 20
  9. MasterCard - 18
  10. e-gold - 17
  11. Nationwide - 17
  12. Citi - 16
  13. BancorpSouth - 14
  14. Postbank.de - 12
  15. Halifax - 11
  16. NetBank - 11
  17. Laredo Nat'l Bank - 10
  18. Nat'l Australia Bank - 10

  1. Western Union - 10
  2. National Credit Union - 9
Anti phishing volunteers are always welcome, if you want to join the fight then Click Here to become part of PIRT

Ewido Anti-spyware Update

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Date of Update: July 3rd, 2006
Known threats in database: 363,444

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Sunday, July 02, 2006

MVP Award for Nick

Looks like Nick is being shy... so I will tell you.

Nick has been awarded Microsoft's MVP Award for Windows Security 2006.

Overview

Letter From MVP Program

Well done Nick and well deserved.

Sitemeter