Thursday, August 31, 2006

VirusBurst, Another Fake Spyware Program

While I was posting about SiteAdvisor in my earlier posts today, Bleeping Computer announced they found yet another fake antispyware program, VirusBurst. While the name is different, it looks pretty much the same as SpywareQuake to me.

Looking at the registration info for VirusBurst.com, I can see the usual suspect is involved with this site as well. Estdomains is the registration provider. They seem to always be near questionable programs and websites.

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: VIRUSBURST.COM

Registrant:
Burst Technology GesmbH
Judi Stewart (Whois Privacy and Spam Prevention by Whois Source)
Davidgasse 87
Vienna
null,A-1100
AT
Tel. +431.3365073

Creation Date: 10-Aug-2006
Expiration Date: 10-Aug-2007

I'm sure the above info contains fake information. Most of the time when these rogue programs are registered, the info is not real.

Bleeping computer reports that the following file is responsible for installing this pest. When it gets on your system, it will download VirusBurst and download software without permission.

C:\Windows\System32\eowygj.dll

You will see a warning balloon above the clock on your coputer. Right now they spell balloon wrong, baloon. If they can't get that right, makes you wonder what else they did wrong. Here's what it says:

"System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software.”

This is not the same one, but it looks like this one:












Right now, you can use the VirusBurst removal instruction at Bleeping Computer to fix this pest. More details as they become available. Update, S!ri's SmitFraudfix will now remove VirusBurst as well.

Edit to update: Here's some more info on Virusburst.com

VIRUSBURST.COM = [ 195.225.177.121 ]

Domain servers in listed order:
ns4.tokiodrift.biz
ns3.tokiodrift.biz
ns2.tokiodrift.biz
ns1.tokiodrift.biz

Right now, tokiodrift.biz is a SpyAxe download page, which is also a Rogue program. Here are other sites on the same IP address as tokiodrift:

1. almanah.biz
2. spyaxe.biz
3. spyaxe.com
4. spyaxe.net
5. spywarestrike.com

So I would say that VirusBurst.com is no good and so is the program VirusBurst.

OK, one more update. Paperghost at Vitalsecurity noticed the EULA for VirusBurst is the same one for SpywareQuake. They changed the main title, but eveything in the long wordy part says SpywareQuake. Look at the end of his post for this.

SiteAdvisor Wrongly Lists Tomcoyote.org As Bad Website

Some one let me know that McAfee's SiteAdvisor had listed antispyware web site Tomcoyote.org as a red site. That means people should avoid it, except that SiteAdvisor is wrong. From what I can see from the SiteAdvisor results, the robot that looks at websites followed some links in a Hijackthis log that someone posted. People regularly post these logs to have the experts at Tom Coyote get rid of spyware on their computer. Hijackthis will show good and bad things on people's computers. This helps the experts get rid of the spyware, since they can see what is wrong. Too bad the SiteAdvisor robot couldn't tell the difference.

This does bring up a point about the way SiteAdvisor looks at web sites. The bad links that were found were posted on the Tom Coyote message board. Anyone can post there and put any link they want. If it is a bad link, the moderators will remove it, but sometimes they slip through. I think that the McAfee robot should have noticed that the links to the downloads weren't actually hosted on Tom Coyote. They were on other sites on the Internet. There are many forums and message boards on the Internet where this could hapen. Someone posts a bad link and before it gets deleted, the robot sees it and lists the site as bad. Looking at the SiteAdvisor report, there were only two bad downloads and both were links. When spammers post on message boards, they usually post several times. So it looks like this could happen to any site on the Internet that allows people to post.

Earlier this month, we posted about how SiteAdvisor has given a green rating to porn sites. The purpose of SiteAdvisor is to give warnings about spyware and other badware on a web site. It's not to judge the site on the content. I find it ironic that sites that many people would gladly mark as red because of porn are greenlighted, but a clean family site like Tom Coyote gets a red rating because of some links to something not even on the site.

Edit to update: Looks like Bluetack, another good security site got wronly listed as well.

Another update: Quite a few sites got listed as well. Ad Aware's support forum, Cexx, Spamhuntress, a good php site called Puremango.

There has been a post on Tomcoyote.org and Bluetack saying the site has been reviewed and will be returned to green in the next few weeks. Let's hope it will be sooner than that.

Tuesday, August 29, 2006

CounterSpy Update 399

CounterSpy 1.5 latest update definition is 399

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Net-Worm.Win32.Bozori, Net-Worm.Win32.Domwoot, Net-Worm.Win32.Lebreat, Net-Worm.Win32.Padobot, Net-Worm.Win32.Sasser, Packed.Win32.CryptExe (modification), Rootkit.Win32.Vanti.bx, Trojan.Win32.Delf.va, Trojan-Downloader.Win32.Small.dlq, Trojan-Downloader.Win32.Tiny.cc, Trojan-PSW.Win32.Lineage.zh, Trojan-Spy.Win32.Banker.akk, Trojan-Spy.Win32.Haxspy.ad, Trojan-Dropper.Win32.Agent.ata, Backdoor.Win32.Rbot.bgp, Trojan-Downloader.Win32.Botol.gen, Trojan.DDos.M, Adware.Duncan, Trojan-Downloader.Win32.Agent.atz, Win32.IRC.Kelebek, Trojan.Hidewindows.C, Trojan.Gload, Backdoor.Win32.Agobot.aiz, Trojan-Spy.Win32.BZub.bl, Trojan-Downloader.Win32.Small.ddz, Trojan-Downloader.Win32.Agent.atf, Topinstalls.HappyToFind, Backdoor.Win32.IRCBot.th, Backdoor.Win32.Shadow.a, Backdoor.Win32.Rukap.bs, Trojan.Win32.Small.jm, Trojan.IRC, Backdoor.Win32.SdBot, Backdoor.Win32.Rbot, Backdoor.Win32.IRCBot, Backdoor.Win32.Codbot, Backdoor.Win32.Aimbot, Backdoor.Win32.Agobot, Backdoor.Win32.Agent,

Threats that have been updated

Backdoor.Win32.Rbot, PAL KeyLog Pro. SSA-KeyLogger,Trojan.Lowzones, PWS-Banker, WebNexus, DollarRevenue, FakeAlert, FindTheWebsiteYouNeed, Backdoor.Win32.Delf.abc, Backdoor.IRC.Zapchast, Goldun.Fam, Backdoor.Win32.SdBot.aho, P2P-Worm.Win32.SpyBot, Backdoor.Win32.SdBot, Henbang, Trojan-Downloader.Zlob.Media-Codec, MediaPipe/MovieLand, Backdoor.Win32.Agobot, Backdoor.Win32.IRCBot, Trojan.Win32.Pakes, Trojan.Danmec, Trojan.Win32.Agent.vp, Net-Worm.Linux.Mare.g, Trojan.LinkOptimizer, Trojan-Downloader.Win32.Delf.gen, Email-Worm.Win32.Bagle.n, Exploit.WMF.z, Trojan-Clicker.AdLoad.ie, Trojan-Downloader.Win32.Obfuscated.n, Backdoor.Win32.Aimbot, Backdoor.Win32.Wootbot.gen, Trojan-Downloader.Win32.Adload.aj, Trojan-Downloader.Win32.Cryptic.b, Trojan-Dropper.Win32.Agent.ye, Trojan-Dropper.Win32.Delf.nk, Trojan-Dropper.Win32.Paradrop.a, Trojan.Win32.Inject.t, Trojan.Win32.Patched.b, Net-Worm.Win32.Bobic.k, Net-Worm.Win32.Dabber.c, Net-Worm.Win32.Doomjuice.b, Net-Worm.Win32.Lovesan.a, Net-Worm.Win32.Sasser, Net-Worm.Win32.Vesser, Backdoor.Win32.Mechbot.d, Trojan-Downloader.Win32.Small.dib, Trojan-Spy.Win32.Agent.cgi, Backdoor.Win32.IRCBot.ue, Trojan-Downloader.Win32.Small.ck, Trojan-Downloader.Agent.UF, Email-Worm.Win32.Bagle.p, Net-Worm.Win32.Padobot, Trojan-Dropper.Win32.Agent.abh, Zango.Fireworks_Extravaganza, Deskbar.GiantExplorer, Backdoor.Win32.IRCBot.uv

Spyware Doctor 3.05470

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0547 0
Intelli-Signatures: 69,771

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0547 0 - AdMedia, NetMedia, Trojan.Downloader.Small.DNO

3.05460 - Inside Keylogger, NGNSSS Keylogger Spy, Trojan.Clicker.Small.KJ

Extended Intelli-Signatures:
3.0547 0 -Antispyware Soldier, Backdoor.Agobot, Backdoor.Bifrose.DC, Backdoor.Darkmoon, Backdoor.Delf.AEO, Backdoor.Graybird.GEN, Common Components for Trojans, Common Components for WinSoftware, Coulomb Dialer, CWS.Cassandra.A, DeskAdTop, Guardian Classic Monitor, InternetOptimizer, IntexusDial, Known Bad Sites, MediaPass, PurityScan, Slagent, SpywareQuake, Trojan.Bancban, Trojan.Conycspa, Trojan.Dialer.HC, Trojan.DNS Changer, Trojan.Downloader.Agent.UJ, Trojan.Downloader.CashDeluxe, Trojan.Downloader.Ruins, Trojan.Proxy.Ranky, Trojan.StartPage.VY, Trojan.Zapchast, WebSearch Toolbar, WinAntiVirus, WinFixer

3.0546 0 - 2Search, Backdoor.Badok, Backdoor.CIADoor.13, ClearSearch, Common Components for Trojan.PWStealers, CWS.Cassandra.A, eZula, InternetOptimizer, IST Unknown Variant, Keylog-sters, LZIO Websearch, Preview AdService, ProBot Activity Monitor, SC Keylogger, Spy Key Logger, Trojan.Agent.FG, Trojan.Downloader.Delf.AAF, Trojan.Downloader.Obscux, Trojan.Downloader.PassAlert, Trojan.Downloader.Small.ATL, Trojan.PSW.Hangame, Trojan.PWSteal.Lineage, Trojan.VisAgent, Ultimate Defender

Tool Update releases:

Spyware Doctor 4.0.0.2613


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Spy Sweeper Update 751

Spy Sweeper latest update.

Program Version 5.0.7. (Build 1608)
Spyware definition: version 751
Updated August 29th, 2006
Protection against 148,923 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Ewido Antispyware - August 29th

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: August 29th, 2006
Known threats in database: 406,932

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Saturday, August 26, 2006

SpywareBlaster Update August 26

Updated: August 26th, 2006
New: 20 Items
Total: 6577 Items

SpywareBlaster is free and available from Javacool's SpywareBlaster page.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

Update For Ad Aware - Fixes False Positive

============================================
Definition file Notification - Lavasoft News
============================================
SE1R120 25.08.2006

This fixes a False Positive in BPS SpywareRemover

The MD5 checksum for the defs.ref file is 4ac6cc4c1ef1f87c63d415f56cd59685

Ad Aware available from http://www.lavasoftusa.com/software/adaware/

Thursday, August 24, 2006

Malware Removal

Every now and then, I have an off topic post. This one is kind of on topic, but Google has overlooked the summary page for the Malware Removal blogs. So take a look Google and index it please.

The summary page for the Malware Removal Blogs is a good place to catch the latest posts from other bloggers. It has other neat features like a search for all of the blogs, excerpts from posts, and stats on who has comments and the most page views. Sorry everyone, I win those :)

Anyways, back to writing for Security Ticker.

CounterSpy Update 397

CounterSpy 1.5 latest update definition is 397

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Trojan.Emcodec.G, Trojan.Downloader.Small.BGI, Trojan.PWS.Agent.CE, W32.Allim!gen, MemScan:Trojan.Downloader.Small.AYI, Backdoor.Nibu.E, Trojan.Spy.HAKvip.A, Trojan.Downloader.Banload.BDO, Trojan.PWStealer.C7717044, Trojan.PWStealer.DC76CEC1, W32.Yellow.Worm, Trojan.Downloader.Banload.ABN3, W32.Explet.A@mm, BehavesLike:Trojan.ShellHook, Trojan.PWStealer.315D6387, Trojan.PWStealer.BD9771C2, Trojan.KillAV.C, Trojan.Downloader.Dynk.B, Trojan.Downloader.Small.BCJ, Trojan.PWS.QQRob.EH, Trojan.Spy.Sckeylog.J, Backdoor.Win32.Dumador.am, Backdoor.Win32.Dumador.cx, Backdoor.Win32.Optix.am, IM-Worm.Win32.Braban.e, Trojan-Downloader.Win32.Adload.ee, Trojan-Downloader.Win32.Banload.oa, Trojan-Downloader.Win32.Delf.act, Trojan-Downloader.Win32.Small.aps, Trojan-Downloader.Win32.Small.ayi, Trojan-Downloader.Win32.Small.bav, Trojan-Downloader.Win32.Small.fm, Trojan-Dropper.Win32.Small.arl, Trojan-Proxy.Win32.Mitglieder.eg, Trojan-Proxy.Win32.Small.x, Trojan-PSW.Win32.Agent.hv, Trojan-PSW.Win32.LdPinch.gen, Trojan-PSW.Win32. Lineage.afg, Trojan-PSW.Win32.Lineage.afu, Trojan-PSW.Win32.WOW.eu, Trojan-PSW.Win32.WOW.fc, Trojan-PSW.Win32.WOW.fs, Trojan-Spy.Win32.Agent.om, Trojan-Spy.Win32.Delf.kl, Trojan.Spy.Banker.XH, Trojan.Banker.Delf.066F6E0A, W32.Fijjy, Trojan.Banker.Delf.F9C4E89E, Trojan.BHO.Delf.A, Generic.Malware.dld!!.4B725385, Trojan.Banker.Delf.79C51A13, Backdoor.Win32.Agent.aex, Backdoor.Win32.Beastdoor.av, Trojan.Win32.StartPage.aks, Trojan-Downloader.Java.OpenConnection.an, Trojan-Downloader.JS.Small.cu, Trojan-Downloader.Win32.Agent.atb, Trojan-Downloader.Win32.Banload.aqp, Trojan-Downloader.Win32.Banload.beq, Trojan-Downloader.Win32.Small.bxa, Trojan-Downloader.Win32.Small.dnb, Trojan-Downloader.Win32.Tiny.bh, Trojan-Dropper.EvilThingy, Trojan-Dropper.Win32.Agent.asv, Trojan-PSW.Win32.Delf.mf, Trojan-Spy.Win32.Agent.nz, Trojan-Spy.Win32.Agent.ok, Trojan-Spy.Win32.Bancos.mi, Trojan-Spy.Win32.Bancos.wa, Trojan-Spy.Win32.Banker.bla, Trojan-Spy.Win32.Banker.bud, Backdoor.IRC.Darkirc.a, Backdoor.Win32.(many variants), Email-Worm.Win32 (many variants), Net-Worm.Win32 (many variants), Trojan.Win32.Dialer (many variants), Trojan-Spy.Win32.Banker (many variants), Zango.Fireworks_Extravaganza, Trojan-Downloader.Win32.Adload.ds, Deskbar.GiantExplorer

Threats that have been updated

AvenueMedia.InternetOptimizer, Hotbar, Look2Me, Trojan.StartPage, TightVNC, Trojan.Win32.Delf.aj, iSearch.Toolbar, SearchMiracle.EliteBar, Backdoor.Win32.Rbot.gen, Virtumonde, Trojan.BankerSpy, SurfSideKick, Beyond Remote, Trojan.Vxgame, Trojan-Downloader.Small, Dialer.Maxd, AntiVirus Gold, CWS.Hotoffers, WinFixer, CashDeluxe.Dwc, DollarRevenue, Jupites.B, Trojan-Downloader.Gen, Crystalys Media, DesktopScam, Trojan-Proxy.Win32.Agent.az, DesktopMedia, Backdoor.Win32.Agobot.afk, Backdoor.IRC.Zapchast, Trojan-Spy.Win32.Banker.ark, Goldun.Fam, Trojan-Spy.Win32.Bancos.ha, Trojan-Spy.Win32.Banker.ahy, TagASaurus, Trojan-Downloader.Win32.Small.awa, Net-Worm.Win32.Doomjuice.a, Backdoor.Win32.SdBot.aho, Trojan-Spy.Win32.Delf.dq, Trojan-PSW.Win32.Agent.eo, Trojan-Downloader.Win32.Apher.gen, Haxdoor.Fam, P2P-Worm.Win32.SpyBot.gl, Trojan-Downloader.NSIS.Agent.p, BaiduBar, PigSearch, Backdoor.Win32.SdBot.xd, Trojan-Spy.Win32.VB.eh, Backdoor.Win32.Rbot.adf, WinAntiVirus Pro, Baigoo, SpamTool.Win32.Agent.h, Backdoor.Win32.Delf.arc, Yok.SuperSearch, Trojan.Win32.Dialer.hz, Zango.CommonElements, Trojan-Downloader.Zlob.Media-Codec, Trojan-Spy.Win32.Banker.bdn, Trojan-Proxy.Win32.Small.bo, Trojan-Downloader.Win32.Small.bsq, Trojan.Win32.Dialer.hc, Trojan.Win32.Pakes, Trojan-Spy.Win32.KeyLogger.jl, Trojan.Win32.Dialer.pw, Backdoor.Win32.IRCBot.qc, Trojan-PSW.Win32.QQPass.ho, Trojan-Downloader.Win32.VB.aan, Trojan-Downloader.Win32.Agent.akq, Trojan-Dropper.Win32.Small.apv, Trojan-Downloader.Win32.Agent.uj, Infostealer.Banpaes, Infostealer.Bancos, Trojan.Anserin, Infostealer.Bancos!gen, Trojan.PWS.QQPass, Trojan Horse, Infostealer, Infostealer.Lemir, Trojan.Adclicker, Backdoor.Nibu.J, Infostealer.Wowcraft, Trojan-Downloader.Win32.Bagle.at, Backdoor.Win32.SdBot.asm, Trojan-Spy.Win32.Flux.ae, Trojan-Dropper.Win32.Small.apk, Trojan-Downloader.Win32.ConHook.aa, Trojan.Win32.Agent.vp, Backdoor.Win32.Delf.aqz, Trojan-Downloader.Win32.Dadobra.af, Trojan-Spy.Win32.Ardamax.b, Trojan-Spy.Win32.Banker.awa, Trojan-Spy.Win32.Banker.bht, Backdoor.Win32.Rbot.aem, Backdoor.Win32.Rbot.xe, Email-Worm.Win32.NetSky.q, Trojan.Win32.Regger.s, Trojan-Downloader.Win32.Agent.acd, Trojan-Downloader.Win32.Banload.amo, Backdoor.Win32.Bifrose.d, Backdoor.Win32.Small.iw, Net-Worm.Linux.Mare.g, Packed.Win32.Klone.b, Trojan.Win32.Agent.cs, Trojan.Win32.Agent.lv, Trojan.Win32.Crypt.o, Trojan.Win32.Small.ev, Trojan.Win32.VB.abf, Trojan-Clicker.Win32.Agent, Trojan-Downloader.NSIS.Agent.h, Trojan-Downloader.Win32 (many variants), Trojan-Dropper.Win32.Agent.mh, Trojan-PSW.Win32.Kapod.k, Trojan-Dropper.Win32.Agent.abu, Backdoor.Win32.Rbot.bcq, Trojan.Win32.Agent.wc, Trojan-Downloader.Win32.Delf.apz, Trojan-Downloader.Win32.WarSpy.d, Packed.Win32.Klone.g, Backdoor.Win32.IRCBot.ss, Trojan-Dropper.MSWord.Lafool.i, Backdoor.Win32.Hackarmy.gen, Adware.Roogoo, Adware.Zhong, Trojan.Smartallyes, Trojan-Spy.Win32.Banbra.he, W32.Blaster.Worm, Trojan-Dropper.Win32.Juntador.c, Trojan-Downloader.Win32.Small.bwy, Trojan-Clicker.Win32.Delf.ft, Backdoor.Win32.Rbot.are, Trojan-Downloader.Win32.Tibs.fe, Backdoor.Nibu, Backdoor.Win32.Rbot.pac, Backdoor.Win32.SdBot.aad, Trojan.Win32.StartPage.agp, Trojan-Downloader.Win32.Small.ayl, Trojan.BAT.KillAV.cr, Trojan.Win32.Qhost.hf, Trojan.Win32.Puper.bx, W32.Looked.P, Backdoor.Win32.SdBot.akc, Backdoor.Win32.SdBot.yx, Net-Worm.Win32.Mytob.bi, Trojan-Downloader.Win32.VB.ji, Trojan.Win32.Dialer.u, Trojan-Proxy.Win32.Ranky.fv, Trojan-Proxy.Win32.Delf.bh, Backdoor.Win32.Agent.acx, Email-Worm.Win32.Bagle.n, Trojan-Downloader.Win32.ConHook.ab, Trojan.Vxgame.z, Trojan-Downloader.Vxgame.z, Backdoor.Win32.Aimbot.ei, Trojan-Spy.Win32.Small.gg, Trojan-Clicker.Win32.Small.kj, Trojan-Downloader.Win32.Obfuscated.n, Trojan-Spy.Win32.Agent.nu, Backdoor.Win32 (many variants), Net-Worm.Win32(many variants), Packed.Win32.CryptExe, Downloader.Trojan, Backdoor.Win32.SdBot.atp, Backdoor.Win32.SdBot.att, Trojan.Win32.Agent.rd, Backdoor.Win32.Mechbot.d, Trojan-PSW.Win32.Lineage.acu, Trojan-Clicker.Win32.VB.lb, Backdoor.Win32.Rbot.xh, Trojan.Dropper, Trojan-Spy.Win32.Banbra.ht, Trojan-Downloader.Win32.Adload.j, Trojan-Downloader.Win32.VB.ff, Trojan.Spy.Delf.PD, Trojan.Banker.Delf.CX, Trojan-Clicker.Win32.Delf.fb, Trojan-Spy.Win32.Banker.bae, Trojan-Spy.Win32.Banker.btg, Trojan-Spy.Win32.Delf.ig, Shellbot , Trojan-Downloader.Zlob (many variants), Trojan.Galapoper.A, Downloader.Bancos!gen Trojan-Downloader.Win32.Zlob.ado

Spyware Doctor 3.05440

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.05440
Intelli-Signatures: over 68,566

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0544 0 - Backdoor.NetSnooper, Trojan.CableBoost

3.0543 0 - Backdoor.Penrox, Deskbar, Trojan.Conycspa, Trojan.Downloader.Banload, Trojan.Proxy.Agent.HS, Trojan.PWSteal.QQPass

3.0542 0 - Trojan.PSW.QQPass.AO, Trojan.PWSteal.QQPass.BM, Trojan.PWSteal.QQPass.BR, Trojan.PWSteal.QQPass.CE

3.0541 0 - Backdoor.IRC.Zapchast, Trojan.PWS.Tibia, Trojan.PWSteal.QQPass.BY

Extended Intelli-Signatures:
3.0544 0 - 180search Assistant, Adware.ProtectionBar, Backdoor.Agent.PX, Backdoor.Sdbot.AAD, Common Components for Trojans, Common Components for WinSoftware, Communicator Toolbar, Dollarrevenue, Golden Eye, Instant Access, ISTbar, MrFindALot, Netvision Dialer, PurityScan, Trojan.Downloader.Adload, Trojan.Downloader.Small.AVT, Trojan.Dumaru, Trojan.KillFiles, Trojan.Proxy.Agent.HS, Trojan.PWSteal.Lineage, Trojan.PWSteal.QQPass.CE, Trojan.Spy.Iespy, Windows SyncroAd

3.0543 0 - 180search Assistant, All In One Keylogger, Backdoor.Agent.EN, Backdoor.Agobot, Backdoor.Darkmoon, Backdoor.Hackdoor, Backdoor.Servu, Brilliant Digital, Common Components for Trojan.PWStealers, Common Components Unrelated, CWS.XPSystem, Dialer.U, EliteBar, Known Bad Sites, SC Keylogger, SearchCentrix, StoragePass Viewer, Trojan.Dialer.A, Trojan.Downloader.Obscux, Trojan.Gaslide.B, Trojan.Proxy.BK, Trojan.Proxy.Lager.f, Trojan.Proxy.Ranky, Trojan.PWSteal.Lineage, URLBlaze Adware Bundler, WhenU.Search, WinAntiVirus, WinFixer, WinTools

3.0542 0 - 180search Assistant, abcsearch4u, Anti-Phishing, Backdoor.ProRAT.K, Bargain Buddy, BullsEye Network, Common Components for Trojans, Common Components Unrelated, Dollarrevenue, InternetOptimizer, PigSearch, SC Keylogger, Trojan.Downloader.Banload.AL, Trojan.Downloader.Banload.AM, Trojan.Downloader.Banload.ON, Trojan.Dumaru, Trojan.Favadd, Trojan.Icekboy.F, Trojan.Mytob.AU, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Spy.Delf.MQ, Trojan.VB.TG, URLBlaze Adware Bundler, Virtumonde, WebSearch Toolbar, WhenU.SaveNow, WinAntiVirus

3.0541 0 - abcsearch4u, ABetterInternet, Adware.Defender, BackDoor.Agent.OO, Backdoor.Beastdoor, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.ProRAT.K, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, Common Components for Backdoors, Common Components for Trojans, Common Components Unrelated, CommonScripts.txt, CWS.SvcHost, Desktop Media, Dollarrevenue, EliteBar, Email Spy, Lop.com, PodcastbarMini, PornDialer.Agent.P, Trojan.Agent.HT, Trojan.AVKillers, Trojan.Downloader.Agent.UJ, Trojan.Downloader.Ruins, Trojan.LowZones, Trojan.Proxy.Small.BO, Virtumonde, VX2.Look2Me, WinTools

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Spy Sweeper and Ewido Antispyware Latest Updates

Spy Sweeper latest update.

Program Version 5.0.7. (Build 1608)
Spy Sweeper

Spyware definition: version 747
Protection against 148,518 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/




Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Ewido Antispyware

Date of Update: August 24th, 2006
Known threats in database: 399,993

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

AD Aware SE1R120 24.08.2006

Ad Aware current update is SE1R120 24.08.2006. I see in the notes that Noadware and SideStep have been removed from the spyware definitions.

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:

Please note that we have removed NoAdware from the definitions file as the mandatory probation period is over.

Please note that we have removed Adware.SideStep from the definitions file after re-evaluation.

New Definitions:
========================
Win32.Backdoor.Lanfiltrator +2
Win32.Generic.Annoyware
Win32.Generic.Worm +3
Win32.Hacktool.Brontok
Win32.Keylogger.SoftForYou +3
Win32.Malware.Jeefo +2
Win32.Spyware.Acoona +8
Win32.ToolEvID
Win32.Worm.Tibick

Updated Definitions:
========================
Adware.AdMedia +3
Adware.Agent +6
Adware.CashDeluxe +11
Adware.Dropper +6
Adware.MediaBack
Adware.Suggestor +4
AdWare.Win32.RXBar.e
Adware.Yazzle +2
BPS SpywareRemover +2
CnsMin +13
CoolWebSearch +5
Dialer
Fakealert
GAIN
IROffer
Malware.Hacktool +7
MalwareWipe
MoneyGainer.BHO
PurityScan +4
Scam.ScanSpyware +5
Spyagent +17
Spyware.Safesurfing
SpywareQuake
SurfSideKick
Trojan.Backdoor.Agent +7
Trojan.SearchSpy
TrojanBackdoor.Serv-U +8
Win32.Backdoor.spyboter
Win32.Generic.PWS +2
Win32.Spybot.worm
Win32.Trojan.Bacteria
Win32.Trojan.ComputerHijacker +2
Win32.Trojan.downloader +15
Win32.Trojan.Gamania
Win32.Trojan.Spambot +3
Win32.TrojanDownloader.Swizzor.br
Win32.TrojanProxy.Small

The MD5 checksum for the defs.ref file is 1e41ef3ea4ba038a84d9fa438330b3b1

SpywareBlaster Update August 14th

Whoops, I missed this update.

Updated: August 18th, 2006
New: 107 Items
Total: 6557 Items

SpywareBlaster is free and available from Javacool's SpywareBlaster page.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

Tuesday, August 22, 2006

Counterspy Update 395

CounterSpy 1.5 latest update definition is 395

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Sality.n, Trojan-Downloader.Win32.VB.ff, Trojan.Banker.VB.F8745488, Trojan.Banker.Delf.B95D6631, Trojan.Banker.Delf.44FB9BF7, Trojan.Banker.Delf.8576E566, Trojan.Banker.Delf.658347F0, Backdoor.Agent.RI, Trojan.Banker.Delf.C9578540, W32.Looked.O, Generic.Malware.dld!!.723BA4E0, Backdoor.PoeBot.P, Adware.Rogue.CZ.b, Nocusnetworks Keyword Hijacker, NetMama, InstantAlbert, Trojan.Kukudro.C, Diaremover, Toolbar.CommonElements, Sality.q, PhaZeBar, Backdoor.Win32.Rbot.bgj, Worm.Win32.MsSqlNt, Trojan-Downloader.Win32.VB.akm, Trojan-Downloader.Win32.Tibs.hl, Trojan-Dropper.Win32.Delf.yz, Trojan-Downloader.Agent.UF, Trojan-Downloader.Win32.Small.dnc

Threats that have been updated

CoolWebSearch.CameUp, Hotbar, IST.ISTbar, Look2Me, KeenValue.PowerSearch, Memory Watcher, ZeroPopUpBar, Xupiter, Ardamax Keylogger, Zango.SearchAssistant, Hotbar.ShopperReports, Virtumonde, SurfSideKick, Trojan-Downloader.Small, Freeprod/Toolbar888, SpySheriff, PWS-Banker, Yadio.MediaPlayer, DollarRevenue, Yazzle Sudoku, Goldun.Fam, Haxdoor.Fam, Trojan-Clicker.Win32.VB.ij, Trojan-Proxy.Win32.Agent.ji, Trojan-Proxy.Win32.Xorpix.Fam, Trojan-PSW.Win32.Sinowal, Trojan-Downloader.Win32.Small.ctf, Trojan-Spy.Win32.Banker.r, Trojan.LinkOptimizer, d.Win32.Klone.g, Backdoor.Win32.IRCBot.BV, Trojan-Spy.Win32.Banbra.gl, Trojan-Downloader.Win32.Delf.gen, Backdoor.Win32.SdBot.aad, Trojan-Proxy.Win32.Ranky.fv, Backdoor.Win32.Agent.acx, Trojan-Downloader.Win32.Agent.ala, Trojan.Vxgame.z, Trojan-Clicker.Win32.Costrat.c, Trojan-Spy.Win32.Agent.zind, Trojan-Downloader.Win32.Tiny.bo, Trojan-Downloader.Win32.Tibs.hh, Trojan-Downloader.Win32.Skilin.c, Trojan-Downloader.Win32.Tiny.dx, Yuupsearch , Trojan-Downloader.max, FatPickle Toolbar, Trojan-Downloader.Comdlg66 , MocBot.a , Adware.AnyTraf

Spyware Doctor Update 3.05420

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0542 0
Intelli-Signatures: 68,566

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0542 0 - Trojan.PSW.QQPass.AO, Trojan.PWSteal.QQPass.BM, Trojan.PWSteal.QQPass.BR, Trojan.PWSteal.QQPass.CE

3.0541 0 - Backdoor.IRC.Zapchast, Trojan.PWS.Tibia, Trojan.PWSteal.QQPass.BY

Extended Intelli-Signatures:

3.0542 0 - 180search Assistant, abcsearch4u, Anti-Phishing, Backdoor.ProRAT.K, Bargain Buddy, BullsEye Network, Common Components for Trojans, Common Components Unrelated, Dollarrevenue, InternetOptimizer, PigSearch, SC Keylogger, Trojan.Downloader.Banload.AL, Trojan.Downloader.Banload.AM, Trojan.Downloader.Banload.ON, Trojan.Dumaru, Trojan.Favadd, Trojan.Icekboy.F, Trojan.Mytob.AU, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Spy.Delf.MQ, Trojan.VB.TG, URLBlaze Adware Bundler, Virtumonde, WebSearch Toolbar, WhenU.SaveNow, WinAntiVirus

3.0541 0 - abcsearch4u, ABetterInternet, Adware.Defender, BackDoor.Agent.OO, Backdoor.Beastdoor, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.ProRAT.K, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, Common Components for Backdoors, Common Components for Trojans, Common Components Unrelated, CommonScripts.txt, CWS.SvcHost, Desktop Media, Dollarrevenue, EliteBar, Email Spy, Lop.com, PodcastbarMini, PornDialer.Agent.P, Trojan.Agent.HT, Trojan.AVKillers, Trojan.Downloader.Agent.UJ, Trojan.Downloader.Ruins, Trojan.LowZones, Trojan.Proxy.Small.BO, Virtumonde, VX2.Look2Me, WinTools

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Sunday, August 20, 2006

Gallery of Fake Desktop Warnings

Webhelper has a new page that lists many of the fake warnings that spyware puts on your desktop. All of them are from rogue antispyware programs and websites to try to trick you into buying their rip off products.

Included are Spywareno, thespyguard, PSGuard, Razespyware, Slimshield, and PCSecurityshield.

Saturday, August 19, 2006

Ad Aware SE1R119 15.08.2006

I've been busy with the VirusRescue reports and testing and missed this update for Ad Aware.

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:


New definitions:
====================
TrustCleaner.ref +10

Updated definitions:
====================
Adware.DuDu +19
Adware.Henbang +2
Clickspring
FakeAlert
Hijacker.Qyule +6
Win32.Backdoor.RBot +2
Win32.Trojan.KillAV
Win32.Trojan.Mirc
Win32.Trojan.SDBot +7
Win32.TrojanDownloader.ConHook +2
Win32.TrojanDownloader.Swizzor.br +12
Win32.Trojandownloader.Zlob +29
Win32.TrojanSpy.Goldun +3
Win32.Winshow +8

McAfee SiteAdvisor gives Green to Porn Domains

I must admit, I'm a little disappointed but it looks like McAfee's Site Advisor may need to check it's database, I think a couple of sites may have been put into the wrong category!

SiteAdvisor was recently voted as one of the Top 50 Coolest Websites by Time Magazine.. quite rightly they were chuffed to bits and posted in the SiteAdvisor blog about it

According to Time, McAfee SiteAdvisor:

...aims to keep you out of trouble — or, to be precise, stop you from clicking through to websites where spyware, worms, and other cyber threats lurk...Why would you need this? Because simply clicking through to a suspect site can wreak havoc on a PC, and risky sites comprise a growing portion of search returns.

However.. a friend went over to SiteAdvisor page and decided to check out a few domains and would you believe it, some porn sites were flagged as ok. Apart from the content being something you wouldn't want Auntie Doris to see, visiting a porn site is a sure fire way of getting infected with something. You can check out what Susan found out at Certifiedbugs.com

Wednesday, August 16, 2006

Spyware Doctor

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.05370
Intelli-Signatures: 68,042

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0537 0 - Backdoor.Agent.CH, Backdoor.IRCBot.ST, Email.Worm.Hotas, Trojan.Downloader.Banload.PT, Trojan.Downloader.VB.AJP, Trojan.Harnig.B, Trojan.Spy.Banker.BDN

3.05360 - Backdoor.IRC.LSA, Backdoor.SdBot.GL, Backdoor.WizBot, Trojan.Downloader.Agent.ARV, Trojan.Downloader.SpySoftCentral, UpToFind


Extended Intelli-Signatures:

3.0537 0 - AdRotator, Backdoor.Agent.ADR, Backdoor.Agent.EC, Backdoor.Darkmoon, Backdoor.Delf.ACH, Backdoor.Hupigon.GEN, Backdoor.IRCBot.GW, Backdoor.LegMir.BZ, Backdoor.mIRC, Backdoor.Rbot.WI, Backdoor.SdBot.GEN, Common Components for Trojans, Common Components Unrelated, CWS, Hotsearchbar, ILookup.Begin2Search, ISTbar, Maxifiles, MediaMotor, MokeAd, RPCC Spammer, SC Keylogger, Trojan.Banker, Trojan.Downloader.Agent.SY, Trojan.Downloader.Delf.ABK, Trojan.Downloader.Small.ATL, Trojan.Dumaru, Trojan.FakeAlert, Trojan.Fald, Trojan.Goldun, Trojan.Lazar.C, Trojan.Proxy.Lager.f, Trojan.PSW.Hangame, Trojan.Small.FH, Trojan.Spy.Delf.MQ, Trojan.Spy.Webmoner.AB, Trojan.Spywad.B, Worm.WGAVN

3.05360 - AdBreak, Anti-Phishing, Backdoor.Aimbot.AC, Backdoor.Banito, Backdoor.CIADoor, Backdoor.Codbot.Gen, Backdoor.CXH, Backdoor.Hackdoor, Backdoor.Sdbot.AAD, Backdoor.Sdbot.JG, Backdoor.Thunk.E, Bargain Buddy, Dollarrevenue, Email.Worm.Bagle, IAGold, Kassbot, Keylog-sters, Known Bad Sites, Maxifiles, nCASE, RPCC Spammer, SpyAxe, SpyHeal, Trojan.Crypt.I, Trojan.Downloader.Banload.ON, Trojan.Downloader.Crafted, Trojan.Downloader.Delf.ABD, Trojan.Downloader.Hanlo.A, Trojan.Downloader.Moonri, Trojan.Dropper.Small.VV, Trojan.Proxy.Lager.f, Trojan.Proxy.Small.DU, Virtumonde, WinAntiVirus

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

CounterSpy Update 393

CounterSpy 1.5 latest update definition is 393

I notice that VirusRescue has been added to this update.

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Trojan-Downloader.Win32.hostv, Trojan.Banker.Delf.796BFE38, Trojan.Banker.Delf.3F6282E1, Trojan.Banker.Delf.5F96DC4D, Downloader.Bancos!gen, Trojan.Banker.Delf.35A6A866, Trojan.Win32.Explorm.a, Trojan-Downloader.Win32.Adload.j, Doctor Cleaner, DittoSideBar, Trojan.Click.1325, AdvancedTrafficNetwork, Backdoor.IRC.Flood.bd, Trojan.Spy.Banker.ALT, Trojan.Clicker.Small.LL, Trojan.PWS.Lmir.AZC, Trojan.Spy.Delf.PD, Trojan.Spy.Keylogger.AE, Trojan.Banker.Delf.CX, Trojan.Agent.TD, Trojan.Spy.Banker.BLF, Packed.Win32.Klone.e, Trojan.Win32.Qhost.hq, Trojan-Clicker.Win32.Delf.fb, Trojan-Downloader.Win32.Banload.bci, Trojan-Downloader.Win32.Delf.asl, Trojan-Downloader.Win32.Small.dlx,
Trojan-Spy.Win32.Bancos.sx, Trojan-Spy.Win32.Banker.bae, Trojan-Spy.Win32.Banker.brg, Trojan-Spy.Win32.Banker.brw, Trojan-Spy.Win32.Banker.btg, Trojan-Spy.Win32.Delf.ig, Trojan.Looksky, Worm.Viking.M, Trojan.Multwapi.G, Infostealer.Gashlio, Trojan.Riler, Trojan.Downloader.VB.RV, Trojan.Downloader.Agent.AFB, Trojan.Agent.Delf.F, Trojan.PWS.Delf.BN, Trojan.PWS.QQShou.HL, Trojan.Secup, Trojan.Downloader.Small.DJD, MemScan:Trojan.Dialer.DT, Win32.Worm.Delf.W, Trojan.Downloader.Delf.QC, Trojan.Wupi.H, Backdoor.Win32.Hupigon.cae, Backdoor.Win32.PoeBot.j, Backdoor.Win32.Small.mp, Email-Worm.Win32.Delf.z, Trojan.Win32.Delf.wn, Trojan.Win32.Dialer.qy, Trojan-Downloader.Win32.Adload.ea, Trojan-Downloader.Win32.Agent.ati, Trojan-Downloader.Win32.Delf.atc, Trojan-Downloader.Win32.Delf.atk, Trojan-Downloader.Win32.VB.ajw, Trojan-Downloader.Win32.Zlob.ado, Trojan-PSW.Win32.Delf.ob, Trojan-Spy.Win32.KeyLogger.jd, Worm.Win32.Viking.m, Trojan-Downloader.NSIS.Agent.u, Trojan-Downloader.Win32.Agent.bl, Trojan-Downloader.Win32.BHO.ao, Backdoor.Win32.Prexot.b, Backdoor.Win32.Surila.aw, Adware.SmartSearch, BackDoor.Generic.947, Trojan-Downloader.Win32.Skilin.c, Trojan-Downloader.Win32.Small.dkt, Trojan.Reboter, Trojan-PSW.Win32.QQPass.gs, Trojan-Downloader.Win32.Tiny.dx, Trojan.Win32.LipGame.ab, Trojan-Downloader.Win32.Small.bue, Backdoor.IRC.Mocbot, VirusRescue, Trojan.Mybot-6610, Trojan.Starter.N, Trojan.Optixkiller.A.Damaged.A, Trojan-Spy.Win32.Delf.pv, Trojan-Clicker.Win32.Small.lb

Threats that have been updated

Alexa Toolbar, Backdoor.Ciadoor, mIRC based, CasinoOnNet, CasinoRewards, CasinoXOSetup, SubSearch/HighTraffic, IBIS.WebSearch Toolbar, Look2Me, C2.Lop, Neoturk, NetPal, Trojan-Downloader.Psyme, MediaMotor, DialerPlatform, W32.Spybot.Worm, HDTBar, Virtumonde, iSearch.DesktopSearch, EnergyPlugin, BigBlue.01, Maxifiles.Director, Regfreeze, DollarRevenue, Exploit.WMF, Trojan-Downloader.Gen, DesktopScam, FakeAlert, 180solutions.Seekmo Search Assistant, Backdoor.IRC.Zapchast, EliteMediaGroup, Goldun.Fam, Trojan-Spy.Win32.Banbra.df, BraveSentry, Haxdoor.Fam, Exploit.JS-CVE-2005-1790.z, QuickLinks/Forethought, Trojan-Clicker.Win32.VB.ij, SpywareQuake, Caishow, SpamTool.Win32.Agent.h, Trojan-Downloader.Win32.Harnig, Trojan-PSW.Win32.Sinowal, Trojan-Spy.Win32.Agent.mn, Zlob.Media-Codec, Trojan-Dropper.Win32.VB.kk, Trojan-Proxy.Win32.Small.bo, MediaPipe/MovieLand, PornMag Pass, Trojan-Downloader.Win32.Agent.uj, Backdoor.Win32.Agobot.aaf, Infostealer.Bancos, Trojan.Anserin, Trojan.PWS.QQPass, Backdoor.Graybird, Infostealer, W32.IRCBot, Trojan.Zlob, W32.Linkbot.M, Backdoor.Ranky, W32.Beagle.gen, Backdoor.Rustock, Trojan.Win32.Agent.vp, Constructor.Win32.MicroJoiner.17, Trojan.Win32.Agent.ut, Trojan-Spy.Win32.Banker, Trojan-Dropper.Win32.VB.lh, Trojan-Clicker.Win32.Agent.ac, Trojan-PSW.Win32.Delf.mc, SpamTool.Win32.Gadina.d, Trojan.LinkOptimizer, Packed.Win32.Klone.g, Adware.Roogoo, Adware.Zhong, Scumware-Remover, Backdoor.IRC.Flood, Constructor.Win32.WishMaster.11, Trojan-Downloader.Win32.Small.bwy, Backdoor.Win32.SdBot.aad, Adware.IEhlpr, Dialer.Creazione, Trojan.Win32.Runner.j, Yazzle Components, Trojan-Proxy.Win32.Ranky.fv, Trojan-Downloader.Win32.Obfuscated.n, Backdoor.Win32.PoeBot.c, Trojan-Downloader.Win32.Small.dib, Trojan-Spy.Win32.Delf.pd, Trojan-Clicker.Win32.Costrat.c, Trojan-Spy.Win32.Agent, Trojan.Dropper, Trojan-Proxy.Win32.Agent.dd, Trojan-Spy.Win32.Banbra.ht, Trojan.Win32.Agent.xj, Trojan-Downloader.Win32.Tibs.hh, QuickSearch Toolbar , NewDotNet.QuickSearchBar

Thursday, August 10, 2006

VirusRescue Appears to be New Trojan

One of the ways that spyware gets onto your computer is by tricking you into installing a codec. Usually, a video file will be on a web page and you will be prompted to install a file to be able to view it. When a spammer posted a link to an adult site on one of the sites I visit, I took a look at it. The first thing on the site was a blank video and a message that I needed to download a codec to view the file. Installing the file brought spyware to my computer.

After installing the codec, the video file did play, but it was only 10 seconds or so. Not worth the trouble. A few minutes later, the first pop up appeared.

I was warned that I had a virus. I already know that I had no virus on my system and that the warning was fake. Looking at the programs offered, I recognized two of them as rogue antispyware programs that are no good. The first one on the list, VirusRescue, was new to me. So I decided to download that one.

While I was installing VirusRescue, I got the first warning from SpywareQuake. SpywareQuake came with the video codec I downloaded earlier. By now, many people know that SpywareQuake is a bad rogue program, but if not, now you do.


The install of VirusRescue goes pretty much like a normal program. As I would find out later, it also installed some extra and unwanted extras.

An interesting fact is that both SpywareQuake and VirusRescue report the media codec that I first installed as spyware. So even these fake programs admit the codec is no good.

A few minutes after VirusRescue was installed, I got a warning in the lower right corner of my desktop. Now I have two warnings telling me I have spyware on my computer. I took this screen shot while the one for SpywareQuake was not showing. If you look two places to the left of the yellow triangle for this alert, you see a circle with a question mark. That's the one for SpywareQuake.

A screen shot of the main VirusRescue (also called Virus Rescue) program is below. If you have this pest on your computer, then the best thing to do is to not buy it. It is a scam and a rip off. Follow my Easy Fix For Spyware and Virus Alert post from earlier to get rid of this trojan. A free fix that's alot better than paying $50 to the same people who put spyware on your computer.


Edit to add on Aug 21, Virusrescue or Virus Rescue has been added to Counterspy's spyware definitions.

The host for the virusrescue.com site is also used by the same people who are behind SpyFalcon, SpywareStrike, and other questionable security products. See a rather lengthy tracking of this at Bluetack.

Other places reporting on VirusRescue: Vitalsecurity, Realtechnews, Spywareguide.com, and even hardware site Hardocp.com.

On Security Cadets, someone actually posted a comment to defend VirusRescue but never replied back to answer questions.

Tuesday, August 08, 2006

Google to Warn on Unsafe Websites

Google is about to start warning users when they click on a link from a google search that will take them to an unsafe website.
Google are working closely with the Stopbadware.org coalition and will pop up a warning when users click on a link to a website that has been reported to, and investigated by Stopbadware.org as a site that distributes badware.

You can find more information about this initiative on the BBC News Technology page, and on the Stopbadware.org site.

This initiative is due to go live this Friday 11th August 2006.

Incidentally, McAfee's SiteAdvisor, which is free to download and use and comes in both IE and Firefox flavours, will also let you know if the site you are visiting is potentially unsafe or not.

Monday, August 07, 2006

Sunbelt CounterSpy Update 387

CounterSpy 1.5 latest update definition is 387

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

ScreenMates, GimmeWeb, O97M.Tristate.C, W32.HLLW.Flopcopy, W32.HLLP.Handy, VBS.Tam.A, W32.Maddis, Generic.Banker.Delf.259D5A0F, Backdoor.Redrival.A, Generic.Banker.Delf.15063022, Backdoor.W32.Gobot.A, Trojan.Win32.Agent.rd, VersaSearch, SiteHistory.Hijacker, AdURL.c, Trojan-Downloader.Win32.Agent.aqx, Adware.SaveStartDate, Tskmgr32.Hijacker, Porn-Dialer.Cutygirls, Adware.GatorCheat, Trojan-Downloader.Win32.Small.afi, Trojan-Downloader.NSIS.Agent.a, Trojan.Win32.Delf.rf, Trojan.Win32.Agent.nl, Trojan-Clicker.Win32.Spywad.o, Trojan.Lootseek.AV, Backdoor.Win32.SdBot.atu, Trojan.Win32.Kolweb.g, Backdoor.Win32.Mechbot.d, Adware.LoopAd, Trojan-Downloader.Win32.Small.djv, Trojan.YourDomain, Trojan-Downloader.Win32.Small.cyn

Threats that have been updated

Aureate/Radiate, CasinoOnNet, CoolWebSearch, Cydoor, GoHip Browserenh, Look2Me, Mirar, NowBox, ClickSpring.PuritySCAN, SearchExplorerBar, SurfPlus, MyWebSearch Toolbar, WurldMedia, Slagent/Navipromo, FunWebProducts, TargetSaver, Netwebsearch/Adblaster, Virtumonde, InternetOffers, Comet Cursor, The CoolBar, Freeprod/Toolbar888, ConsumerAlertSystem.CASClient, Trojan-Downloader.Qoologic, Trojan-Downloader.Winstall, SeekSeek, Smart Keystroke Recorder, Command Service, WinFixer, WinAntiSpyware, BigBlue.01, Dimpy.Win32VBsy, DollarRevenue, Exploit.WMF, DesktopScam, FakeAlert, Lineage.SK, Trojan-Downloader.Win32.Agent.aef, Trojan-Downloader.Win32.Small.awa, QuickLinks/Forethought, Trojan-Proxy.Win32.Lager, WeatherStudio, Trojan-Downloader.Win32.Harnig, Adware.Sogou, Trojan-Proxy.Win32.Xorpix.Fam, Trojan-Dropper.Win32.Agent.hl, Trojan-PSW.Win32.Sinowal, Zlob.Media-Codec, Trojan-Downloader.Win32.Small.ctp, PWS.VIP, Trojan-Downloader.Fald, Trojan-Downloader.Win32.Small.bsq, Trojan-Downloader.Small.ON, Trojan.Danmec, Trojan-Proxy.Win32.Agent.km, Trojan-Clicker.Win32.Small.jf, Trojan-Dropper.Agent.AKO, Trojan-Downloader.Delf.AEU, Trojan-Dropper.Delf.VA, Trojan-Dropper.Agent.AIB, Adware.U88, Trojan-Downloader.Obfuscated.N, Backdoor.Agent.ACT, Trojan-Downloader.Win32.Agent.aox, Backdoor.Win32.Agent.adr, Trojan-Downloader.Win32.Small.cyb, Trojan.PWS.Besq, LetsCool, Zwinky Toolbar

Spy Sweeper 735

Spy Sweeper latest update.

Program Version 5.0.7. (Build 1608)
Spyware definition: version 735
Updated August 7th, 2006
Protection against 145,735 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Ewido Antispyware For August 7th

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: August 7th, 2006
Known threats in database: 386,423

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spyware Doctor 3.0530 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0530 0
Intelli-Signatures: 66,602

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0530 0 - Backdoor.Small.LS, TClock, Trojan.PSW.Alerter, Trojan.Spy.Agent.S

3.05291 - Backdoor.Dados, Backdoor.Graybird.GEN, MokeAd, Trojan.Downloader.Banload.OA, Trojan.Downloader.Small.ACX, Trojan.Downloader.Tiny.DK, Trojan.Revop.A, Trojan.Spy.Banker.ALW

3.05280 - Adware.Baigoo, Trojan.Downloader.Delf.AQS, Trojan.Downloader.LameWeb, Trojan.Downloader.Pixar, Trojan.Hatu, Trojan.PWS.WMPatch

Extended Intelli-Signatures:

3.0530 0 - 123mania.com, Backdoor.Agent.CFC, Backdoor.Bifrose.D, Backdoor.GrayBird.K, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.Rbot.Gen, Backdoor.Sdbot.JG, Common Components Unrelated, MatrixDialer, SexVideoPro Dialer, Spy Lantern Keylogger, Trojan.Dialer.HC, Trojan.Downloader.Banload.MG, Trojan.Downloader.Druser, Trojan.Downloader.Small.ATL, Trojan.Icekboy.F, Trojan.Pakes, Trojan.PSW.Hangame, Virtual Bouncer, Virtumonde

3.05291 - Adware.Baigoo, Adware.Voghp, Backdoor.IRCBot.AZ, Backdoor.Rbot.ADZ, Backdoor.Rbot.AEU, Backdoor.Rbot.Gen, Backdoor.SdBot.GEN, Backdoor.Sdbot.JG, Common Components for Trojans, Coulomb Dialer, CWS.XPSystem, Dollarrevenue, LinkMaker Hijacker, RPCC Spammer, SexVideoPro Dialer, Spy Lantern Keylogger, SubSeven, TargetSavers, Trojan.Crypt.D, Trojan.Crypt.T, Trojan.Delf.IT, Trojan.Downloader.Agent.DK, Trojan.Downloader.Banload.AM, Trojan.Downloader.Small.AWA, Trojan.Downloader.VB.CA, Trojan.Downloader.Win32.VB, Trojan.Fivesec.A, Trojan.Hooker, Trojan.MakeCall, Trojan.Popuper, Trojan.Proxy.Small.DU, Trojan.Small.FH, Trustin Toolbar

3.05280 -Adware.Defender, AproposMedia, Backdoor.Beastdoor, Backdoor.Bifrose.D, Backdoor.CIADoor.13, Backdoor.Hackdoor, Backdoor.IRCBot.FP, Backdoor.Rbot.GEN, Backdoor.Sdbot.AAD, CasinoClient, Common Components for ClientMan and Trojan.Downloader.Delf.VT, Dialer.AY, Dollarrevenue, EliteBar, eZula, HotBar, Keylog-sters, LinkMaker Hijacker, Perfect Keylogger, PSGuard Desktop Hijacker, PSGuard, SpyHeal, Trojan.Agent.FG, Trojan.AOLPass.B, Trojan.Banker, Trojan.Dialer.HC, Trojan.Downloader.Delf.VT, Trojan.Downloader.Obscux, Trojan.Downloader.Small.ATL, Trojan.Downloader.Zlob.PJ, Trojan.Dumaru, Trojan.FavAdd.AE, Trojan.Goldun, Trojan.HacDef, Trojan.PWSteal.Lineage, Trojan.QQHook.A, Virtumonde

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Ad Aware SE1R118 07.08.2006

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:

Adware.DesktopMedia +9
Adware.DuDu +11
Adware.Henbang +2
Adware.Suggestor +2
Adware.WSearch +3
CnsMin +12
Malware.SpyGuard +4
WinAntiVirusPro +19
Yok Toolbar

Sunday, August 06, 2006

Top Twenty Phish Brands for July 2006

The Castle Cops Phishing Incident and Termination (PIRT) Squad have issued it's top twenty brands targeted by phishers for the month of July.

As always, the PIRT Squad are working very hard on our behalf, so don't forget to report your phishing emails. The full list is found on the link below.

July 2006 confirmed phish (brand plus total count for July):


  1. PayPal - 202

  2. eBay - 188

  3. Bank of America - 34

  4. Wachovia - 33

  5. Chase - 22

  6. e-gold - 21

  7. Wells Fargo - 17

  8. Nationwide - 15

  9. Volksbank - 15

  10. BancaIntesa - 12

  11. HSBC - 12

  12. Lloyds TSB - 9

  13. Banamex - 8

  14. Santa Barbara Bank & Trust- 7

  15. Fifth Third Bank - 7

  16. NetBank - 6

  17. Citizens National Bank of Texas - 6

  18. AOL - 6

  19. Halifax - 6

  20. NAFCU - 6
Anti phishing volunteers are always welcome, if you want to join the fight then Click Here to become part of PIRT

Friday, August 04, 2006

Ewido AntiSpyware For August 4th

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: August 4th, 2006
Known threats in database: 385,090

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spy Sweeper Update 733

Spy Sweeper latest update.

Program Version 5.0.5. (Build 1286)
Spyware definition: version 733
Program Version 5.0.5. (Build 1286)
Updated August 3rd, 2006
Protection against 145,529 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spybot Search & Destroy Update August 4th

August 4th, 2006

New and updated spyware detections for Spybot, which is available from Safer Networking.

Adware
++ IEHelper.e ++ Caishow ++ 91Cast ++ Boran.g ++ Win32.Nurvel.a ++ Win32.Agent.y + 2Search
Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL + CoolWWWSearch.Toolband
Keylogger
+ Elite Keylogger + EvilEye + LttLogger
Malware
+ Smitfraud-C. + VirusBlast + Look2Me ++ Aest ++ WB.Hider ++ EngeryPlugin + IMNames
PUPS
+ Hotbar ++ Baigoo.a ++ Tencent
Spyware
++ Trickle.Gator
Trojan
+ SpyQuake2 + Zlob.PornMagPass + Zlob.XPasswordManager ++ Amiboide + Amitis ++ AOLTrojan ++ Asassin ++ BackAge ++ Bandook ++ Beast ++ Win32.Agent.se ++ WinAntiVirusPro2006 ++ HB.RichMedia

McAfee Fixes Problem

The problem with many McAfee security products I mentioned a few days ago has been fixed. The short story is there was a way found that would allow hackers to bypass the security in McAfee products and run their own programs. After that, they could get your passwords, bank information, and other private data.

Most McAfee products should update on their own, but to be sure, follow the instructions from the McAfee web site to make sure you have the updated software.

Here is the important part:

  • Detailed Steps for installing the update:
    1. Make sure that are connected to the Internet
    2. Right click the McAfee SecurityCenter icon located in your system tray by your clock
    3. Click “Update”
    4. The “SecurityCenter Updates” window appears.
    5. Click “Check Now”
    6. If an update is available, click “Update”
    7. If prompted, enter your registered email address and password
    8. Click “Log In”
    9. Wait while the update downloads and installs
    10. Click “Finish”
  • Detailed Steps for validating the update install:
    1. Right click on the McAfee icon located in your system tray by your clock
    2. Otherwise, Select “Open McAfee SecurityCenter”
    3. Double click on the McAfee SecurityCenter logo to view the “about” screen
    4. If the build number says 6.0.23 then everything is updated and the system is not vulnerable.

Spyware Doctor 3.0530

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0530
Intelli-Signatures: 66,602

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0530 0 - Backdoor.Small.LS, TClock, Trojan.PSW.Alerter, Trojan.Spy.Agent.S

3.05291 - Backdoor.Dados, Backdoor.Graybird.GEN, MokeAd, Trojan.Downloader.Banload.OA, Trojan.Downloader.Small.ACX, Trojan.Downloader.Tiny.DK, Trojan.Revop.A, Trojan.Spy.Banker.ALW

3.05280 - Adware.Baigoo, Trojan.Downloader.Delf.AQS, Trojan.Downloader.LameWeb, Trojan.Downloader.Pixar, Trojan.Hatu, Trojan.PWS.WMPatch

Extended Intelli-Signatures:

3.0530 0 - 123mania.com, Backdoor.Agent.CFC, Backdoor.Bifrose.D, Backdoor.GrayBird.K, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.Rbot.Gen, Backdoor.Sdbot.JG, Common Components Unrelated, MatrixDialer, SexVideoPro Dialer, Spy Lantern Keylogger, Trojan.Dialer.HC, Trojan.Downloader.Banload.MG, Trojan.Downloader.Druser, Trojan.Downloader.Small.ATL, Trojan.Icekboy.F, Trojan.Pakes, Trojan.PSW.Hangame, Virtual Bouncer, Virtumonde

3.05291 - Adware.Baigoo, Adware.Voghp, Backdoor.IRCBot.AZ, Backdoor.Rbot.ADZ, Backdoor.Rbot.AEU, Backdoor.Rbot.Gen, Backdoor.SdBot.GEN, Backdoor.Sdbot.JG, Common Components for Trojans, Coulomb Dialer, CWS.XPSystem, Dollarrevenue, LinkMaker Hijacker, RPCC Spammer, SexVideoPro Dialer, Spy Lantern Keylogger, SubSeven, TargetSavers, Trojan.Crypt.D, Trojan.Crypt.T, Trojan.Delf.IT, Trojan.Downloader.Agent.DK, Trojan.Downloader.Banload.AM, Trojan.Downloader.Small.AWA, Trojan.Downloader.VB.CA, Trojan.Downloader.Win32.VB, Trojan.Fivesec.A, Trojan.Hooker, Trojan.MakeCall, Trojan.Popuper, Trojan.Proxy.Small.DU, Trojan.Small.FH, Trustin Toolbar

3.05280 -Adware.Defender, AproposMedia, Backdoor.Beastdoor, Backdoor.Bifrose.D, Backdoor.CIADoor.13, Backdoor.Hackdoor, Backdoor.IRCBot.FP, Backdoor.Rbot.GEN, Backdoor.Sdbot.AAD, CasinoClient, Common Components for ClientMan and Trojan.Downloader.Delf.VT, Dialer.AY, Dollarrevenue, EliteBar, eZula, HotBar, Keylog-sters, LinkMaker Hijacker, Perfect Keylogger, PSGuard Desktop Hijacker, PSGuard, SpyHeal, Trojan.Agent.FG, Trojan.AOLPass.B, Trojan.Banker, Trojan.Dialer.HC, Trojan.Downloader.Delf.VT, Trojan.Downloader.Obscux, Trojan.Downloader.Small.ATL, Trojan.Downloader.Zlob.PJ, Trojan.Dumaru, Trojan.FavAdd.AE, Trojan.Goldun, Trojan.HacDef, Trojan.PWSteal.Lineage, Trojan.QQHook.A, Virtumonde


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Thursday, August 03, 2006

AdAware SE1R117 03.08.2006

A small update for Ad Aware.

SE1R117 03.08.2006

This fixes a False Positive in Adware.Maxifiles and Win32.Trojan.Downloader

Microsoft Security Bulletin Advance Notification for August

As always, Microsoft have released an advance notification for the updates that are due to be released next Tuesday.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 8 August 2006 Microsoft is planning to release:

Security Updates

  • Ten Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
  • Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
  • Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Bulletin Advance Notification

Wednesday, August 02, 2006

Ad Aware SE1R117 02.08.2006

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:

SE1R117 02.08.2006



Updated Definitions:
========================
Adware.CasinoClient
Adware.Dollarrevenue +4
Adware.MMSAssist
Adware.Sidesearch
Malware.SpyGuard +2
MalwareWipe +2
Mediamotor
PurityScan.ref
SpyFerret
SpywareNo +3
SpywareQuake +2
TargetSaver
Win32.Generic.PWS +2
Win32.Trojan.Downloader +13
Win32.Trojan.Hexdoor +3
Win32.Trojan.Runner +4
Win32.TrojanDownloader.Agent

Spyware Doctor 3.05270

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.05270
Intelli-Signatures: 65,649

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.05270 - Adware.Fuel, Backdoor.IRCBot.DD, Backdoor.Quimera, Trojan.Downloader.Agent.AMF, Trojan.PWS.Bina, Trojan.Smartallyes, Trojan.Spy.MSN.B

3.0526 0 - Backdoor.Gargamel, Backdoor.Hupigon.GEN, Trojan.Downloader.Small.CYHm, Trojan.Firespy.A, Trojan.PSW.Delf.nv, Trojan.Spy.Offkey, Trojan.Spy.Satur

Extended Intelli-Signatures:
3.05270 - Adware.Sa, Adware.Sqwire, Adware.Voghp, Backdoor.Bifrose.D, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.NetThief, Backdoor.Snowdoor, Coulomb Dialer, IGetNet, Instant Access, ISTbar, Marketscore Netsetter, MediaMotor, Rootkit.Order, TIBS Premium Rate Dialer, Trojan.Banker, Trojan.Downloader.Agent.AEZ, Trojan.Downloader.Agent.UJ, Trojan.Downloader.Banload.AM, Trojan.Spy.Delf.KF, Trustin Toolbar, VX2.Look2Me, WhenU.SaveNow

3.0526 0 -Backdoor.IRCBot.FP, Backdoor.Sdbot.AAD, BookedSpace, Dialer.BL, HotBar, Instant Access, Known Bad Sites, MediaTickets, Mirar, PurityScan, TargetSavers, Trojan.Downloader.Banload.AM, Trojan.Downloader.Banload.MG, Trojan.Downloader.Small.AGQ, Trojan.Downloader.Small.CAM, Trojan.Dumaru, Trojan.Popuper, Virtumonde


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Ewido Antispyware Update - 381,980 Threats

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: August 1st, 2006
Known threats in database: 381,980

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spy Sweeper Update 731

Spy Sweeper latest update.

Spyware definition: version 731
Program Version 5.0.5. (Build 1286)
Updated August 1st, 2006
Protection against 145,273 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Tuesday, August 01, 2006

Serious Problem With McAfee Products

It has been reveiled that most of McAfee's security products contain a flaw that could allow hackers to get your passwords, banking information, and other personal information from your computer. There will be a patch for this problem available from McAfee on Wednesday, August 2nd. I would strongly suggest updating your McAfee products as soon as this fix is out.

The exact details of the flaw hasn't been made available publicly, so there should be no one attacking you with it. The problem was discovered by Marc Maifrett of eEye Digital Security, a computer security company.

McAfee products affected include Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus. Note that the 2007 versions of McAfee products aren't affected.

Sitemeter