Thursday, August 31, 2006
VirusBurst, Another Fake Spyware Program
Looking at the registration info for VirusBurst.com, I can see the usual suspect is involved with this site as well. Estdomains is the registration provider. They seem to always be near questionable programs and websites.
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: VIRUSBURST.COM
Registrant:
Burst Technology GesmbH
Judi Stewart ()
Davidgasse 87
Vienna
null,A-1100
AT
Tel. +431.3365073
Creation Date: 10-Aug-2006
Expiration Date: 10-Aug-2007
I'm sure the above info contains fake information. Most of the time when these rogue programs are registered, the info is not real.
Bleeping computer reports that the following file is responsible for installing this pest. When it gets on your system, it will download VirusBurst and download software without permission.
C:\Windows\System32\eowygj.dll
You will see a warning balloon above the clock on your coputer. Right now they spell balloon wrong, baloon. If they can't get that right, makes you wonder what else they did wrong. Here's what it says:
"System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software.”
This is not the same one, but it looks like this one:
Right now, you can use the VirusBurst removal instruction at Bleeping Computer to fix this pest. More details as they become available. Update, S!ri's SmitFraudfix will now remove VirusBurst as well.
Edit to update: Here's some more info on Virusburst.com
VIRUSBURST.COM = [ 195.225.177.121 ]
Domain servers in listed order:
ns4.tokiodrift.biz
ns3.tokiodrift.biz
ns2.tokiodrift.biz
ns1.tokiodrift.biz
Right now, tokiodrift.biz is a SpyAxe download page, which is also a Rogue program. Here are other sites on the same IP address as tokiodrift:
1. almanah.biz
2. spyaxe.biz
3. spyaxe.com
4. spyaxe.net
5. spywarestrike.com
So I would say that VirusBurst.com is no good and so is the program VirusBurst.
OK, one more update. Paperghost at Vitalsecurity noticed the EULA for VirusBurst is the same one for SpywareQuake. They changed the main title, but eveything in the long wordy part says SpywareQuake. Look at the end of his post for this.
SiteAdvisor Wrongly Lists Tomcoyote.org As Bad Website
This does bring up a point about the way SiteAdvisor looks at web sites. The bad links that were found were posted on the Tom Coyote message board. Anyone can post there and put any link they want. If it is a bad link, the moderators will remove it, but sometimes they slip through. I think that the McAfee robot should have noticed that the links to the downloads weren't actually hosted on Tom Coyote. They were on other sites on the Internet. There are many forums and message boards on the Internet where this could hapen. Someone posts a bad link and before it gets deleted, the robot sees it and lists the site as bad. Looking at the SiteAdvisor report, there were only two bad downloads and both were links. When spammers post on message boards, they usually post several times. So it looks like this could happen to any site on the Internet that allows people to post.
Earlier this month, we posted about how SiteAdvisor has given a green rating to porn sites. The purpose of SiteAdvisor is to give warnings about spyware and other badware on a web site. It's not to judge the site on the content. I find it ironic that sites that many people would gladly mark as red because of porn are greenlighted, but a clean family site like Tom Coyote gets a red rating because of some links to something not even on the site.
Edit to update: Looks like Bluetack, another good security site got wronly listed as well.
Another update: Quite a few sites got listed as well. Ad Aware's support forum, Cexx, Spamhuntress, a good php site called Puremango.
There has been a post on Tomcoyote.org and Bluetack saying the site has been reviewed and will be returned to green in the next few weeks. Let's hope it will be sooner than that.
Tuesday, August 29, 2006
CounterSpy Update 399
CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.
http://research.sunbelt-software.com/download.cfm
CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.
New Threats Added to Database
Net-Worm.Win32.Bozori, Net-Worm.Win32.Domwoot, Net-Worm.Win32.Lebreat, Net-Worm.Win32.Padobot, Net-Worm.Win32.Sasser, Packed.Win32.CryptExe (modification), Rootkit.Win32.Vanti.bx, Trojan.Win32.Delf.va, Trojan-Downloader.Win32.Small.dlq, Trojan-Downloader.Win32.Tiny.cc, Trojan-PSW.Win32.Lineage.zh, Trojan-Spy.Win32.Banker.akk, Trojan-Spy.Win32.Haxspy.ad, Trojan-Dropper.Win32.Agent.ata, Backdoor.Win32.Rbot.bgp, Trojan-Downloader.Win32.Botol.gen, Trojan.DDos.M, Adware.Duncan, Trojan-Downloader.Win32.Agent.atz, Win32.IRC.Kelebek, Trojan.Hidewindows.C, Trojan.Gload, Backdoor.Win32.Agobot.aiz, Trojan-Spy.Win32.BZub.bl, Trojan-Downloader.Win32.Small.ddz, Trojan-Downloader.Win32.Agent.atf, Topinstalls.HappyToFind, Backdoor.Win32.IRCBot.th, Backdoor.Win32.Shadow.a, Backdoor.Win32.Rukap.bs, Trojan.Win32.Small.jm, Trojan.IRC, Backdoor.Win32.SdBot, Backdoor.Win32.Rbot, Backdoor.Win32.IRCBot, Backdoor.Win32.Codbot, Backdoor.Win32.Aimbot, Backdoor.Win32.Agobot, Backdoor.Win32.Agent,
Threats that have been updated
Backdoor.Win32.Rbot, PAL KeyLog Pro. SSA-KeyLogger,Trojan.Lowzones, PWS-Banker, WebNexus, DollarRevenue, FakeAlert, FindTheWebsiteYouNeed, Backdoor.Win32.Delf.abc, Backdoor.IRC.Zapchast, Goldun.Fam, Backdoor.Win32.SdBot.aho, P2P-Worm.Win32.SpyBot, Backdoor.Win32.SdBot, Henbang, Trojan-Downloader.Zlob.Media-Codec, MediaPipe/MovieLand, Backdoor.Win32.Agobot, Backdoor.Win32.IRCBot, Trojan.Win32.Pakes, Trojan.Danmec, Trojan.Win32.Agent.vp, Net-Worm.Linux.Mare.g, Trojan.LinkOptimizer, Trojan-Downloader.Win32.Delf.gen, Email-Worm.Win32.Bagle.n, Exploit.WMF.z, Trojan-Clicker.AdLoad.ie, Trojan-Downloader.Win32.Obfuscated.n, Backdoor.Win32.Aimbot, Backdoor.Win32.Wootbot.gen, Trojan-Downloader.Win32.Adload.aj, Trojan-Downloader.Win32.Cryptic.b, Trojan-Dropper.Win32.Agent.ye, Trojan-Dropper.Win32.Delf.nk, Trojan-Dropper.Win32.Paradrop.a, Trojan.Win32.Inject.t, Trojan.Win32.Patched.b, Net-Worm.Win32.Bobic.k, Net-Worm.Win32.Dabber.c, Net-Worm.Win32.Doomjuice.b, Net-Worm.Win32.Lovesan.a, Net-Worm.Win32.Sasser, Net-Worm.Win32.Vesser, Backdoor.Win32.Mechbot.d, Trojan-Downloader.Win32.Small.dib, Trojan-Spy.Win32.Agent.cgi, Backdoor.Win32.IRCBot.ue, Trojan-Downloader.Win32.Small.ck, Trojan-Downloader.Agent.UF, Email-Worm.Win32.Bagle.p, Net-Worm.Win32.Padobot, Trojan-Dropper.Win32.Agent.abh, Zango.Fireworks_Extravaganza, Deskbar.GiantExplorer, Backdoor.Win32.IRCBot.uv
Spyware Doctor 3.05470
Latest Database Version: 3.0547 0
Intelli-Signatures: 69,771
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
3.0547 0 - AdMedia, NetMedia, Trojan.Downloader.Small.DNO
3.05460 - Inside Keylogger, NGNSSS Keylogger Spy, Trojan.Clicker.Small.KJ
Extended Intelli-Signatures:
3.0547 0 -Antispyware Soldier, Backdoor.Agobot, Backdoor.Bifrose.DC, Backdoor.Darkmoon, Backdoor.Delf.AEO, Backdoor.Graybird.GEN, Common Components for Trojans, Common Components for WinSoftware, Coulomb Dialer, CWS.Cassandra.A, DeskAdTop, Guardian Classic Monitor, InternetOptimizer, IntexusDial, Known Bad Sites, MediaPass, PurityScan, Slagent, SpywareQuake, Trojan.Bancban, Trojan.Conycspa, Trojan.Dialer.HC, Trojan.DNS Changer, Trojan.Downloader.Agent.UJ, Trojan.Downloader.CashDeluxe, Trojan.Downloader.Ruins, Trojan.Proxy.Ranky, Trojan.StartPage.VY, Trojan.Zapchast, WebSearch Toolbar, WinAntiVirus, WinFixer
3.0546 0 - 2Search, Backdoor.Badok, Backdoor.CIADoor.13, ClearSearch, Common Components for Trojan.PWStealers, CWS.Cassandra.A, eZula, InternetOptimizer, IST Unknown Variant, Keylog-sters, LZIO Websearch, Preview AdService, ProBot Activity Monitor, SC Keylogger, Spy Key Logger, Trojan.Agent.FG, Trojan.Downloader.Delf.AAF, Trojan.Downloader.Obscux, Trojan.Downloader.PassAlert, Trojan.Downloader.Small.ATL, Trojan.PSW.Hangame, Trojan.PWSteal.Lineage, Trojan.VisAgent, Ultimate Defender
Tool Update releases:
Spyware Doctor 4.0.0.2613
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Spy Sweeper Update 751
Program Version 5.0.7. (Build 1608)
Spyware definition: version 751
Updated August 29th, 2006
Protection against 148,923 spyware traces.
Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.
Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/
Ewido Antispyware - August 29th
Date of Update: August 29th, 2006
Known threats in database: 406,932
Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.
•Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
•Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
•Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
•Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.
Product Info & Download: Ewido Anti-Spyware
Saturday, August 26, 2006
SpywareBlaster Update August 26
New: 20 Items
Total: 6577 Items
SpywareBlaster is free and available from Javacool's SpywareBlaster page.
SpywareBlaster can:
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
- Restrict the actions of potentially unwanted sites in Internet Explorer
Enable all protections once downloaded.
Update For Ad Aware - Fixes False Positive
Definition file Notification - Lavasoft News
============================================
SE1R120 25.08.2006
This fixes a False Positive in BPS SpywareRemover
The MD5 checksum for the defs.ref file is 4ac6cc4c1ef1f87c63d415f56cd59685
Ad Aware available from http://www.lavasoftusa.com/software/adaware/
Thursday, August 24, 2006
Malware Removal
The summary page for the Malware Removal Blogs is a good place to catch the latest posts from other bloggers. It has other neat features like a search for all of the blogs, excerpts from posts, and stats on who has comments and the most page views. Sorry everyone, I win those :)
Anyways, back to writing for Security Ticker.
CounterSpy Update 397
CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.
http://research.sunbelt-software.com/download.cfm
CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.
New Threats Added to Database
Trojan.Emcodec.G, Trojan.Downloader.Small.BGI, Trojan.PWS.Agent.CE, W32.Allim!gen, MemScan:Trojan.Downloader.Small.AYI, Backdoor.Nibu.E, Trojan.Spy.HAKvip.A, Trojan.Downloader.Banload.BDO, Trojan.PWStealer.C7717044, Trojan.PWStealer.DC76CEC1, W32.Yellow.Worm, Trojan.Downloader.Banload.ABN3, W32.Explet.A@mm, BehavesLike:Trojan.ShellHook, Trojan.PWStealer.315D6387, Trojan.PWStealer.BD9771C2, Trojan.KillAV.C, Trojan.Downloader.Dynk.B, Trojan.Downloader.Small.BCJ, Trojan.PWS.QQRob.EH, Trojan.Spy.Sckeylog.J, Backdoor.Win32.Dumador.am, Backdoor.Win32.Dumador.cx, Backdoor.Win32.Optix.am, IM-Worm.Win32.Braban.e, Trojan-Downloader.Win32.Adload.ee, Trojan-Downloader.Win32.Banload.oa, Trojan-Downloader.Win32.Delf.act, Trojan-Downloader.Win32.Small.aps, Trojan-Downloader.Win32.Small.ayi, Trojan-Downloader.Win32.Small.bav, Trojan-Downloader.Win32.Small.fm, Trojan-Dropper.Win32.Small.arl, Trojan-Proxy.Win32.Mitglieder.eg, Trojan-Proxy.Win32.Small.x, Trojan-PSW.Win32.Agent.hv, Trojan-PSW.Win32.LdPinch.gen, Trojan-PSW.Win32. Lineage.afg, Trojan-PSW.Win32.Lineage.afu, Trojan-PSW.Win32.WOW.eu, Trojan-PSW.Win32.WOW.fc, Trojan-PSW.Win32.WOW.fs, Trojan-Spy.Win32.Agent.om, Trojan-Spy.Win32.Delf.kl, Trojan.Spy.Banker.XH, Trojan.Banker.Delf.066F6E0A, W32.Fijjy, Trojan.Banker.Delf.F9C4E89E, Trojan.BHO.Delf.A, Generic.Malware.dld!!.4B725385, Trojan.Banker.Delf.79C51A13, Backdoor.Win32.Agent.aex, Backdoor.Win32.Beastdoor.av, Trojan.Win32.StartPage.aks, Trojan-Downloader.Java.OpenConnection.an, Trojan-Downloader.JS.Small.cu, Trojan-Downloader.Win32.Agent.atb, Trojan-Downloader.Win32.Banload.aqp, Trojan-Downloader.Win32.Banload.beq, Trojan-Downloader.Win32.Small.bxa, Trojan-Downloader.Win32.Small.dnb, Trojan-Downloader.Win32.Tiny.bh, Trojan-Dropper.EvilThingy, Trojan-Dropper.Win32.Agent.asv, Trojan-PSW.Win32.Delf.mf, Trojan-Spy.Win32.Agent.nz, Trojan-Spy.Win32.Agent.ok, Trojan-Spy.Win32.Bancos.mi, Trojan-Spy.Win32.Bancos.wa, Trojan-Spy.Win32.Banker.bla, Trojan-Spy.Win32.Banker.bud, Backdoor.IRC.Darkirc.a, Backdoor.Win32.(many variants), Email-Worm.Win32 (many variants), Net-Worm.Win32 (many variants), Trojan.Win32.Dialer (many variants), Trojan-Spy.Win32.Banker (many variants), Zango.Fireworks_Extravaganza, Trojan-Downloader.Win32.Adload.ds, Deskbar.GiantExplorer
Threats that have been updated
AvenueMedia.InternetOptimizer, Hotbar, Look2Me, Trojan.StartPage, TightVNC, Trojan.Win32.Delf.aj, iSearch.Toolbar, SearchMiracle.EliteBar, Backdoor.Win32.Rbot.gen, Virtumonde, Trojan.BankerSpy, SurfSideKick, Beyond Remote, Trojan.Vxgame, Trojan-Downloader.Small, Dialer.Maxd, AntiVirus Gold, CWS.Hotoffers, WinFixer, CashDeluxe.Dwc, DollarRevenue, Jupites.B, Trojan-Downloader.Gen, Crystalys Media, DesktopScam, Trojan-Proxy.Win32.Agent.az, DesktopMedia, Backdoor.Win32.Agobot.afk, Backdoor.IRC.Zapchast, Trojan-Spy.Win32.Banker.ark, Goldun.Fam, Trojan-Spy.Win32.Bancos.ha, Trojan-Spy.Win32.Banker.ahy, TagASaurus, Trojan-Downloader.Win32.Small.awa, Net-Worm.Win32.Doomjuice.a, Backdoor.Win32.SdBot.aho, Trojan-Spy.Win32.Delf.dq, Trojan-PSW.Win32.Agent.eo, Trojan-Downloader.Win32.Apher.gen, Haxdoor.Fam, P2P-Worm.Win32.SpyBot.gl, Trojan-Downloader.NSIS.Agent.p, BaiduBar, PigSearch, Backdoor.Win32.SdBot.xd, Trojan-Spy.Win32.VB.eh, Backdoor.Win32.Rbot.adf, WinAntiVirus Pro, Baigoo, SpamTool.Win32.Agent.h, Backdoor.Win32.Delf.arc, Yok.SuperSearch, Trojan.Win32.Dialer.hz, Zango.CommonElements, Trojan-Downloader.Zlob.Media-Codec, Trojan-Spy.Win32.Banker.bdn, Trojan-Proxy.Win32.Small.bo, Trojan-Downloader.Win32.Small.bsq, Trojan.Win32.Dialer.hc, Trojan.Win32.Pakes, Trojan-Spy.Win32.KeyLogger.jl, Trojan.Win32.Dialer.pw, Backdoor.Win32.IRCBot.qc, Trojan-PSW.Win32.QQPass.ho, Trojan-Downloader.Win32.VB.aan, Trojan-Downloader.Win32.Agent.akq, Trojan-Dropper.Win32.Small.apv, Trojan-Downloader.Win32.Agent.uj, Infostealer.Banpaes, Infostealer.Bancos, Trojan.Anserin, Infostealer.Bancos!gen, Trojan.PWS.QQPass, Trojan Horse, Infostealer, Infostealer.Lemir, Trojan.Adclicker, Backdoor.Nibu.J, Infostealer.Wowcraft, Trojan-Downloader.Win32.Bagle.at, Backdoor.Win32.SdBot.asm, Trojan-Spy.Win32.Flux.ae, Trojan-Dropper.Win32.Small.apk, Trojan-Downloader.Win32.ConHook.aa, Trojan.Win32.Agent.vp, Backdoor.Win32.Delf.aqz, Trojan-Downloader.Win32.Dadobra.af, Trojan-Spy.Win32.Ardamax.b, Trojan-Spy.Win32.Banker.awa, Trojan-Spy.Win32.Banker.bht, Backdoor.Win32.Rbot.aem, Backdoor.Win32.Rbot.xe, Email-Worm.Win32.NetSky.q, Trojan.Win32.Regger.s, Trojan-Downloader.Win32.Agent.acd, Trojan-Downloader.Win32.Banload.amo, Backdoor.Win32.Bifrose.d, Backdoor.Win32.Small.iw, Net-Worm.Linux.Mare.g, Packed.Win32.Klone.b, Trojan.Win32.Agent.cs, Trojan.Win32.Agent.lv, Trojan.Win32.Crypt.o, Trojan.Win32.Small.ev, Trojan.Win32.VB.abf, Trojan-Clicker.Win32.Agent, Trojan-Downloader.NSIS.Agent.h, Trojan-Downloader.Win32 (many variants), Trojan-Dropper.Win32.Agent.mh, Trojan-PSW.Win32.Kapod.k, Trojan-Dropper.Win32.Agent.abu, Backdoor.Win32.Rbot.bcq, Trojan.Win32.Agent.wc, Trojan-Downloader.Win32.Delf.apz, Trojan-Downloader.Win32.WarSpy.d, Packed.Win32.Klone.g, Backdoor.Win32.IRCBot.ss, Trojan-Dropper.MSWord.Lafool.i, Backdoor.Win32.Hackarmy.gen, Adware.Roogoo, Adware.Zhong, Trojan.Smartallyes, Trojan-Spy.Win32.Banbra.he, W32.Blaster.Worm, Trojan-Dropper.Win32.Juntador.c, Trojan-Downloader.Win32.Small.bwy, Trojan-Clicker.Win32.Delf.ft, Backdoor.Win32.Rbot.are, Trojan-Downloader.Win32.Tibs.fe, Backdoor.Nibu, Backdoor.Win32.Rbot.pac, Backdoor.Win32.SdBot.aad, Trojan.Win32.StartPage.agp, Trojan-Downloader.Win32.Small.ayl, Trojan.BAT.KillAV.cr, Trojan.Win32.Qhost.hf, Trojan.Win32.Puper.bx, W32.Looked.P, Backdoor.Win32.SdBot.akc, Backdoor.Win32.SdBot.yx, Net-Worm.Win32.Mytob.bi, Trojan-Downloader.Win32.VB.ji, Trojan.Win32.Dialer.u, Trojan-Proxy.Win32.Ranky.fv, Trojan-Proxy.Win32.Delf.bh, Backdoor.Win32.Agent.acx, Email-Worm.Win32.Bagle.n, Trojan-Downloader.Win32.ConHook.ab, Trojan.Vxgame.z, Trojan-Downloader.Vxgame.z, Backdoor.Win32.Aimbot.ei, Trojan-Spy.Win32.Small.gg, Trojan-Clicker.Win32.Small.kj, Trojan-Downloader.Win32.Obfuscated.n, Trojan-Spy.Win32.Agent.nu, Backdoor.Win32 (many variants), Net-Worm.Win32(many variants), Packed.Win32.CryptExe, Downloader.Trojan, Backdoor.Win32.SdBot.atp, Backdoor.Win32.SdBot.att, Trojan.Win32.Agent.rd, Backdoor.Win32.Mechbot.d, Trojan-PSW.Win32.Lineage.acu, Trojan-Clicker.Win32.VB.lb, Backdoor.Win32.Rbot.xh, Trojan.Dropper, Trojan-Spy.Win32.Banbra.ht, Trojan-Downloader.Win32.Adload.j, Trojan-Downloader.Win32.VB.ff, Trojan.Spy.Delf.PD, Trojan.Banker.Delf.CX, Trojan-Clicker.Win32.Delf.fb, Trojan-Spy.Win32.Banker.bae, Trojan-Spy.Win32.Banker.btg, Trojan-Spy.Win32.Delf.ig, Shellbot , Trojan-Downloader.Zlob (many variants), Trojan.Galapoper.A, Downloader.Bancos!gen Trojan-Downloader.Win32.Zlob.ado
Spyware Doctor 3.05440
Latest Database Version: 3.05440
Intelli-Signatures: over 68,566
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
3.0544 0 - Backdoor.NetSnooper, Trojan.CableBoost
3.0543 0 - Backdoor.Penrox, Deskbar, Trojan.Conycspa, Trojan.Downloader.Banload, Trojan.Proxy.Agent.HS, Trojan.PWSteal.QQPass
3.0542 0 - Trojan.PSW.QQPass.AO, Trojan.PWSteal.QQPass.BM, Trojan.PWSteal.QQPass.BR, Trojan.PWSteal.QQPass.CE
3.0541 0 - Backdoor.IRC.Zapchast, Trojan.PWS.Tibia, Trojan.PWSteal.QQPass.BY
Extended Intelli-Signatures:
3.0544 0 - 180search Assistant, Adware.ProtectionBar, Backdoor.Agent.PX, Backdoor.Sdbot.AAD, Common Components for Trojans, Common Components for WinSoftware, Communicator Toolbar, Dollarrevenue, Golden Eye, Instant Access, ISTbar, MrFindALot, Netvision Dialer, PurityScan, Trojan.Downloader.Adload, Trojan.Downloader.Small.AVT, Trojan.Dumaru, Trojan.KillFiles, Trojan.Proxy.Agent.HS, Trojan.PWSteal.Lineage, Trojan.PWSteal.QQPass.CE, Trojan.Spy.Iespy, Windows SyncroAd
3.0543 0 - 180search Assistant, All In One Keylogger, Backdoor.Agent.EN, Backdoor.Agobot, Backdoor.Darkmoon, Backdoor.Hackdoor, Backdoor.Servu, Brilliant Digital, Common Components for Trojan.PWStealers, Common Components Unrelated, CWS.XPSystem, Dialer.U, EliteBar, Known Bad Sites, SC Keylogger, SearchCentrix, StoragePass Viewer, Trojan.Dialer.A, Trojan.Downloader.Obscux, Trojan.Gaslide.B, Trojan.Proxy.BK, Trojan.Proxy.Lager.f, Trojan.Proxy.Ranky, Trojan.PWSteal.Lineage, URLBlaze Adware Bundler, WhenU.Search, WinAntiVirus, WinFixer, WinTools
3.0542 0 - 180search Assistant, abcsearch4u, Anti-Phishing, Backdoor.ProRAT.K, Bargain Buddy, BullsEye Network, Common Components for Trojans, Common Components Unrelated, Dollarrevenue, InternetOptimizer, PigSearch, SC Keylogger, Trojan.Downloader.Banload.AL, Trojan.Downloader.Banload.AM, Trojan.Downloader.Banload.ON, Trojan.Dumaru, Trojan.Favadd, Trojan.Icekboy.F, Trojan.Mytob.AU, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Spy.Delf.MQ, Trojan.VB.TG, URLBlaze Adware Bundler, Virtumonde, WebSearch Toolbar, WhenU.SaveNow, WinAntiVirus
3.0541 0 - abcsearch4u, ABetterInternet, Adware.Defender, BackDoor.Agent.OO, Backdoor.Beastdoor, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.ProRAT.K, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, Common Components for Backdoors, Common Components for Trojans, Common Components Unrelated, CommonScripts.txt, CWS.SvcHost, Desktop Media, Dollarrevenue, EliteBar, Email Spy, Lop.com, PodcastbarMini, PornDialer.Agent.P, Trojan.Agent.HT, Trojan.AVKillers, Trojan.Downloader.Agent.UJ, Trojan.Downloader.Ruins, Trojan.LowZones, Trojan.Proxy.Small.BO, Virtumonde, VX2.Look2Me, WinTools
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Spy Sweeper and Ewido Antispyware Latest Updates
Program Version 5.0.7. (Build 1608)
Spy Sweeper
Spyware definition: version 747
Protection against 148,518 spyware traces.
Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.
Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/
Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.
Ewido Antispyware
Date of Update: August 24th, 2006
Known threats in database: 399,993
Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.
•Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
•Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
•Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
•Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.
Product Info & Download: Ewido Anti-Spyware
AD Aware SE1R120 24.08.2006
Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.
Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:
Please note that we have removed NoAdware from the definitions file as the mandatory probation period is over.
Please note that we have removed Adware.SideStep from the definitions file after re-evaluation.
New Definitions:
========================
Win32.Backdoor.Lanfiltrator +2
Win32.Generic.Annoyware
Win32.Generic.Worm +3
Win32.Hacktool.Brontok
Win32.Keylogger.SoftForYou +3
Win32.Malware.Jeefo +2
Win32.Spyware.Acoona +8
Win32.ToolEvID
Win32.Worm.Tibick
Updated Definitions:
========================
Adware.AdMedia +3
Adware.Agent +6
Adware.CashDeluxe +11
Adware.Dropper +6
Adware.MediaBack
Adware.Suggestor +4
AdWare.Win32.RXBar.e
Adware.Yazzle +2
BPS SpywareRemover +2
CnsMin +13
CoolWebSearch +5
Dialer
Fakealert
GAIN
IROffer
Malware.Hacktool +7
MalwareWipe
MoneyGainer.BHO
PurityScan +4
Scam.ScanSpyware +5
Spyagent +17
Spyware.Safesurfing
SpywareQuake
SurfSideKick
Trojan.Backdoor.Agent +7
Trojan.SearchSpy
TrojanBackdoor.Serv-U +8
Win32.Backdoor.spyboter
Win32.Generic.PWS +2
Win32.Spybot.worm
Win32.Trojan.Bacteria
Win32.Trojan.ComputerHijacker +2
Win32.Trojan.downloader +15
Win32.Trojan.Gamania
Win32.Trojan.Spambot +3
Win32.TrojanDownloader.Swizzor.br
Win32.TrojanProxy.Small
The MD5 checksum for the defs.ref file is 1e41ef3ea4ba038a84d9fa438330b3b1
SpywareBlaster Update August 14th
Updated: August 18th, 2006
New: 107 Items
Total: 6557 Items
SpywareBlaster is free and available from Javacool's SpywareBlaster page.
SpywareBlaster can:
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
- Restrict the actions of potentially unwanted sites in Internet Explorer
Enable all protections once downloaded.
Tuesday, August 22, 2006
Counterspy Update 395
CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.
http://research.sunbelt-software.com/download.cfm
CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.
New Threats Added to Database
Sality.n, Trojan-Downloader.Win32.VB.ff, Trojan.Banker.VB.F8745488, Trojan.Banker.Delf.B95D6631, Trojan.Banker.Delf.44FB9BF7, Trojan.Banker.Delf.8576E566, Trojan.Banker.Delf.658347F0, Backdoor.Agent.RI, Trojan.Banker.Delf.C9578540, W32.Looked.O, Generic.Malware.dld!!.723BA4E0, Backdoor.PoeBot.P, Adware.Rogue.CZ.b, Nocusnetworks Keyword Hijacker, NetMama, InstantAlbert, Trojan.Kukudro.C, Diaremover, Toolbar.CommonElements, Sality.q, PhaZeBar, Backdoor.Win32.Rbot.bgj, Worm.Win32.MsSqlNt, Trojan-Downloader.Win32.VB.akm, Trojan-Downloader.Win32.Tibs.hl, Trojan-Dropper.Win32.Delf.yz, Trojan-Downloader.Agent.UF, Trojan-Downloader.Win32.Small.dnc
Threats that have been updated
CoolWebSearch.CameUp, Hotbar, IST.ISTbar, Look2Me, KeenValue.PowerSearch, Memory Watcher, ZeroPopUpBar, Xupiter, Ardamax Keylogger, Zango.SearchAssistant, Hotbar.ShopperReports, Virtumonde, SurfSideKick, Trojan-Downloader.Small, Freeprod/Toolbar888, SpySheriff, PWS-Banker, Yadio.MediaPlayer, DollarRevenue, Yazzle Sudoku, Goldun.Fam, Haxdoor.Fam, Trojan-Clicker.Win32.VB.ij, Trojan-Proxy.Win32.Agent.ji, Trojan-Proxy.Win32.Xorpix.Fam, Trojan-PSW.Win32.Sinowal, Trojan-Downloader.Win32.Small.ctf, Trojan-Spy.Win32.Banker.r, Trojan.LinkOptimizer, d.Win32.Klone.g, Backdoor.Win32.IRCBot.BV, Trojan-Spy.Win32.Banbra.gl, Trojan-Downloader.Win32.Delf.gen, Backdoor.Win32.SdBot.aad, Trojan-Proxy.Win32.Ranky.fv, Backdoor.Win32.Agent.acx, Trojan-Downloader.Win32.Agent.ala, Trojan.Vxgame.z, Trojan-Clicker.Win32.Costrat.c, Trojan-Spy.Win32.Agent.zind, Trojan-Downloader.Win32.Tiny.bo, Trojan-Downloader.Win32.Tibs.hh, Trojan-Downloader.Win32.Skilin.c, Trojan-Downloader.Win32.Tiny.dx, Yuupsearch , Trojan-Downloader.max, FatPickle Toolbar, Trojan-Downloader.Comdlg66 , MocBot.a , Adware.AnyTraf
Spyware Doctor Update 3.05420
Latest Database Version: 3.0542 0
Intelli-Signatures: 68,566
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
3.0542 0 - Trojan.PSW.QQPass.AO, Trojan.PWSteal.QQPass.BM, Trojan.PWSteal.QQPass.BR, Trojan.PWSteal.QQPass.CE
3.0541 0 - Backdoor.IRC.Zapchast, Trojan.PWS.Tibia, Trojan.PWSteal.QQPass.BY
Extended Intelli-Signatures:
3.0542 0 - 180search Assistant, abcsearch4u, Anti-Phishing, Backdoor.ProRAT.K, Bargain Buddy, BullsEye Network, Common Components for Trojans, Common Components Unrelated, Dollarrevenue, InternetOptimizer, PigSearch, SC Keylogger, Trojan.Downloader.Banload.AL, Trojan.Downloader.Banload.AM, Trojan.Downloader.Banload.ON, Trojan.Dumaru, Trojan.Favadd, Trojan.Icekboy.F, Trojan.Mytob.AU, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Spy.Delf.MQ, Trojan.VB.TG, URLBlaze Adware Bundler, Virtumonde, WebSearch Toolbar, WhenU.SaveNow, WinAntiVirus
3.0541 0 - abcsearch4u, ABetterInternet, Adware.Defender, BackDoor.Agent.OO, Backdoor.Beastdoor, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.ProRAT.K, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, Common Components for Backdoors, Common Components for Trojans, Common Components Unrelated, CommonScripts.txt, CWS.SvcHost, Desktop Media, Dollarrevenue, EliteBar, Email Spy, Lop.com, PodcastbarMini, PornDialer.Agent.P, Trojan.Agent.HT, Trojan.AVKillers, Trojan.Downloader.Agent.UJ, Trojan.Downloader.Ruins, Trojan.LowZones, Trojan.Proxy.Small.BO, Virtumonde, VX2.Look2Me, WinTools
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Sunday, August 20, 2006
Gallery of Fake Desktop Warnings
Included are Spywareno, thespyguard, PSGuard, Razespyware, Slimshield, and PCSecurityshield.
Saturday, August 19, 2006
Ad Aware SE1R119 15.08.2006
Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.
Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:
New definitions:
====================
TrustCleaner.ref +10
Updated definitions:
====================
Adware.DuDu +19
Adware.Henbang +2
Clickspring
FakeAlert
Hijacker.Qyule +6
Win32.Backdoor.RBot +2
Win32.Trojan.KillAV
Win32.Trojan.Mirc
Win32.Trojan.SDBot +7
Win32.TrojanDownloader.ConHook +2
Win32.TrojanDownloader.Swizzor.br +12
Win32.Trojandownloader.Zlob +29
Win32.TrojanSpy.Goldun +3
Win32.Winshow +8
McAfee SiteAdvisor gives Green to Porn Domains
I must admit, I'm a little disappointed but it looks like McAfee's Site Advisor may need to check it's database, I think a couple of sites may have been put into the wrong category!
SiteAdvisor was recently voted as one of the Top 50 Coolest Websites by Time Magazine.. quite rightly they were chuffed to bits and posted in the SiteAdvisor blog about it
According to Time, McAfee SiteAdvisor:
...aims to keep you out of trouble — or, to be precise, stop you from clicking through to websites where spyware, worms, and other cyber threats lurk...Why would you need this? Because simply clicking through to a suspect site can wreak havoc on a PC, and risky sites comprise a growing portion of search returns.
However.. a friend went over to SiteAdvisor page and decided to check out a few domains and would you believe it, some porn sites were flagged as ok. Apart from the content being something you wouldn't want Auntie Doris to see, visiting a porn site is a sure fire way of getting infected with something. You can check out what Susan found out at Certifiedbugs.com
Wednesday, August 16, 2006
Spyware Doctor
Latest Database Version: 3.05370
Intelli-Signatures: 68,042
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
3.0537 0 - Backdoor.Agent.CH, Backdoor.IRCBot.ST, Email.Worm.Hotas, Trojan.Downloader.Banload.PT, Trojan.Downloader.VB.AJP, Trojan.Harnig.B, Trojan.Spy.Banker.BDN
3.05360 - Backdoor.IRC.LSA, Backdoor.SdBot.GL, Backdoor.WizBot, Trojan.Downloader.Agent.ARV, Trojan.Downloader.SpySoftCentral, UpToFind
Extended Intelli-Signatures:
3.0537 0 - AdRotator, Backdoor.Agent.ADR, Backdoor.Agent.EC, Backdoor.Darkmoon, Backdoor.Delf.ACH, Backdoor.Hupigon.GEN, Backdoor.IRCBot.GW, Backdoor.LegMir.BZ, Backdoor.mIRC, Backdoor.Rbot.WI, Backdoor.SdBot.GEN, Common Components for Trojans, Common Components Unrelated, CWS, Hotsearchbar, ILookup.Begin2Search, ISTbar, Maxifiles, MediaMotor, MokeAd, RPCC Spammer, SC Keylogger, Trojan.Banker, Trojan.Downloader.Agent.SY, Trojan.Downloader.Delf.ABK, Trojan.Downloader.Small.ATL, Trojan.Dumaru, Trojan.FakeAlert, Trojan.Fald, Trojan.Goldun, Trojan.Lazar.C, Trojan.Proxy.Lager.f, Trojan.PSW.Hangame, Trojan.Small.FH, Trojan.Spy.Delf.MQ, Trojan.Spy.Webmoner.AB, Trojan.Spywad.B, Worm.WGAVN
3.05360 - AdBreak, Anti-Phishing, Backdoor.Aimbot.AC, Backdoor.Banito, Backdoor.CIADoor, Backdoor.Codbot.Gen, Backdoor.CXH, Backdoor.Hackdoor, Backdoor.Sdbot.AAD, Backdoor.Sdbot.JG, Backdoor.Thunk.E, Bargain Buddy, Dollarrevenue, Email.Worm.Bagle, IAGold, Kassbot, Keylog-sters, Known Bad Sites, Maxifiles, nCASE, RPCC Spammer, SpyAxe, SpyHeal, Trojan.Crypt.I, Trojan.Downloader.Banload.ON, Trojan.Downloader.Crafted, Trojan.Downloader.Delf.ABD, Trojan.Downloader.Hanlo.A, Trojan.Downloader.Moonri, Trojan.Dropper.Small.VV, Trojan.Proxy.Lager.f, Trojan.Proxy.Small.DU, Virtumonde, WinAntiVirus
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
CounterSpy Update 393
I notice that VirusRescue has been added to this update.
CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.
http://research.sunbelt-software.com/download.cfm
CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.
New Threats Added to Database
Trojan-Downloader.Win32.hostv, Trojan.Banker.Delf.796BFE38, Trojan.Banker.Delf.3F6282E1, Trojan.Banker.Delf.5F96DC4D, Downloader.Bancos!gen, Trojan.Banker.Delf.35A6A866, Trojan.Win32.Explorm.a, Trojan-Downloader.Win32.Adload.j, Doctor Cleaner, DittoSideBar, Trojan.Click.1325, AdvancedTrafficNetwork, Backdoor.IRC.Flood.bd, Trojan.Spy.Banker.ALT, Trojan.Clicker.Small.LL, Trojan.PWS.Lmir.AZC, Trojan.Spy.Delf.PD, Trojan.Spy.Keylogger.AE, Trojan.Banker.Delf.CX, Trojan.Agent.TD, Trojan.Spy.Banker.BLF, Packed.Win32.Klone.e, Trojan.Win32.Qhost.hq, Trojan-Clicker.Win32.Delf.fb, Trojan-Downloader.Win32.Banload.bci, Trojan-Downloader.Win32.Delf.asl, Trojan-Downloader.Win32.Small.dlx,
Trojan-Spy.Win32.Bancos.sx, Trojan-Spy.Win32.Banker.bae, Trojan-Spy.Win32.Banker.brg, Trojan-Spy.Win32.Banker.brw, Trojan-Spy.Win32.Banker.btg, Trojan-Spy.Win32.Delf.ig, Trojan.Looksky, Worm.Viking.M, Trojan.Multwapi.G, Infostealer.Gashlio, Trojan.Riler, Trojan.Downloader.VB.RV, Trojan.Downloader.Agent.AFB, Trojan.Agent.Delf.F, Trojan.PWS.Delf.BN, Trojan.PWS.QQShou.HL, Trojan.Secup, Trojan.Downloader.Small.DJD, MemScan:Trojan.Dialer.DT, Win32.Worm.Delf.W, Trojan.Downloader.Delf.QC, Trojan.Wupi.H, Backdoor.Win32.Hupigon.cae, Backdoor.Win32.PoeBot.j, Backdoor.Win32.Small.mp, Email-Worm.Win32.Delf.z, Trojan.Win32.Delf.wn, Trojan.Win32.Dialer.qy, Trojan-Downloader.Win32.Adload.ea, Trojan-Downloader.Win32.Agent.ati, Trojan-Downloader.Win32.Delf.atc, Trojan-Downloader.Win32.Delf.atk, Trojan-Downloader.Win32.VB.ajw, Trojan-Downloader.Win32.Zlob.ado, Trojan-PSW.Win32.Delf.ob, Trojan-Spy.Win32.KeyLogger.jd, Worm.Win32.Viking.m, Trojan-Downloader.NSIS.Agent.u, Trojan-Downloader.Win32.Agent.bl, Trojan-Downloader.Win32.BHO.ao, Backdoor.Win32.Prexot.b, Backdoor.Win32.Surila.aw, Adware.SmartSearch, BackDoor.Generic.947, Trojan-Downloader.Win32.Skilin.c, Trojan-Downloader.Win32.Small.dkt, Trojan.Reboter, Trojan-PSW.Win32.QQPass.gs, Trojan-Downloader.Win32.Tiny.dx, Trojan.Win32.LipGame.ab, Trojan-Downloader.Win32.Small.bue, Backdoor.IRC.Mocbot, VirusRescue, Trojan.Mybot-6610, Trojan.Starter.N, Trojan.Optixkiller.A.Damaged.A, Trojan-Spy.Win32.Delf.pv, Trojan-Clicker.Win32.Small.lb
Threats that have been updated
Alexa Toolbar, Backdoor.Ciadoor, mIRC based, CasinoOnNet, CasinoRewards, CasinoXOSetup, SubSearch/HighTraffic, IBIS.WebSearch Toolbar, Look2Me, C2.Lop, Neoturk, NetPal, Trojan-Downloader.Psyme, MediaMotor, DialerPlatform, W32.Spybot.Worm, HDTBar, Virtumonde, iSearch.DesktopSearch, EnergyPlugin, BigBlue.01, Maxifiles.Director, Regfreeze, DollarRevenue, Exploit.WMF, Trojan-Downloader.Gen, DesktopScam, FakeAlert, 180solutions.Seekmo Search Assistant, Backdoor.IRC.Zapchast, EliteMediaGroup, Goldun.Fam, Trojan-Spy.Win32.Banbra.df, BraveSentry, Haxdoor.Fam, Exploit.JS-CVE-2005-1790.z, QuickLinks/Forethought, Trojan-Clicker.Win32.VB.ij, SpywareQuake, Caishow, SpamTool.Win32.Agent.h, Trojan-Downloader.Win32.Harnig, Trojan-PSW.Win32.Sinowal, Trojan-Spy.Win32.Agent.mn, Zlob.Media-Codec, Trojan-Dropper.Win32.VB.kk, Trojan-Proxy.Win32.Small.bo, MediaPipe/MovieLand, PornMag Pass, Trojan-Downloader.Win32.Agent.uj, Backdoor.Win32.Agobot.aaf, Infostealer.Bancos, Trojan.Anserin, Trojan.PWS.QQPass, Backdoor.Graybird, Infostealer, W32.IRCBot, Trojan.Zlob, W32.Linkbot.M, Backdoor.Ranky, W32.Beagle.gen, Backdoor.Rustock, Trojan.Win32.Agent.vp, Constructor.Win32.MicroJoiner.17, Trojan.Win32.Agent.ut, Trojan-Spy.Win32.Banker, Trojan-Dropper.Win32.VB.lh, Trojan-Clicker.Win32.Agent.ac, Trojan-PSW.Win32.Delf.mc, SpamTool.Win32.Gadina.d, Trojan.LinkOptimizer, Packed.Win32.Klone.g, Adware.Roogoo, Adware.Zhong, Scumware-Remover, Backdoor.IRC.Flood, Constructor.Win32.WishMaster.11, Trojan-Downloader.Win32.Small.bwy, Backdoor.Win32.SdBot.aad, Adware.IEhlpr, Dialer.Creazione, Trojan.Win32.Runner.j, Yazzle Components, Trojan-Proxy.Win32.Ranky.fv, Trojan-Downloader.Win32.Obfuscated.n, Backdoor.Win32.PoeBot.c, Trojan-Downloader.Win32.Small.dib, Trojan-Spy.Win32.Delf.pd, Trojan-Clicker.Win32.Costrat.c, Trojan-Spy.Win32.Agent, Trojan.Dropper, Trojan-Proxy.Win32.Agent.dd, Trojan-Spy.Win32.Banbra.ht, Trojan.Win32.Agent.xj, Trojan-Downloader.Win32.Tibs.hh, QuickSearch Toolbar , NewDotNet.QuickSearchBar
Thursday, August 10, 2006
VirusRescue Appears to be New Trojan
After installing the codec, the video file did play, but it was only 10 seconds or so. Not worth the trouble. A few minutes later, the first pop up appeared.
I was warned that I had a virus. I already know that I had no virus on my system and that the warning was fake. Looking at the programs offered, I recognized two of them as rogue antispyware programs that are no good. The first one on the list, VirusRescue, was new to me. So I decided to download that one.
While I was installing VirusRescue, I got the first warning from SpywareQuake. SpywareQuake came with the video codec I downloaded earlier. By now, many people know that SpywareQuake is a bad rogue program, but if not, now you do.
The install of VirusRescue goes pretty much like a normal program. As I would find out later, it also installed some extra and unwanted extras.
An interesting fact is that both SpywareQuake and VirusRescue report the media codec that I first installed as spyware. So even these fake programs admit the codec is no good.
A few minutes after VirusRescue was installed, I got a warning in the lower right corner of my desktop. Now I have two warnings telling me I have spyware on my computer. I took this screen shot while the one for SpywareQuake was not showing. If you look two places to the left of the yellow triangle for this alert, you see a circle with a question mark. That's the one for SpywareQuake.
A screen shot of the main VirusRescue (also called Virus Rescue) program is below. If you have this pest on your computer, then the best thing to do is to not buy it. It is a scam and a rip off. Follow my Easy Fix For Spyware and Virus Alert post from earlier to get rid of this trojan. A free fix that's alot better than paying $50 to the same people who put spyware on your computer.
Edit to add on Aug 21, Virusrescue or Virus Rescue has been added to Counterspy's spyware definitions.
The host for the virusrescue.com site is also used by the same people who are behind SpyFalcon, SpywareStrike, and other questionable security products. See a rather lengthy tracking of this at Bluetack.
Other places reporting on VirusRescue: Vitalsecurity, Realtechnews, Spywareguide.com, and even hardware site Hardocp.com.
On Security Cadets, someone actually posted a comment to defend VirusRescue but never replied back to answer questions.
Tuesday, August 08, 2006
Google to Warn on Unsafe Websites
Google is about to start warning users when they click on a link from a google search that will take them to an unsafe website.
Google are working closely with the Stopbadware.org coalition and will pop up a warning when users click on a link to a website that has been reported to, and investigated by Stopbadware.org as a site that distributes badware.
You can find more information about this initiative on the BBC News Technology page, and on the Stopbadware.org site.
This initiative is due to go live this Friday 11th August 2006.
Incidentally, McAfee's SiteAdvisor, which is free to download and use and comes in both IE and Firefox flavours, will also let you know if the site you are visiting is potentially unsafe or not.
Monday, August 07, 2006
Sunbelt CounterSpy Update 387
CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.
http://research.sunbelt-software.com/download.cfm
CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.
New Threats Added to Database
ScreenMates, GimmeWeb, O97M.Tristate.C, W32.HLLW.Flopcopy, W32.HLLP.Handy, VBS.Tam.A, W32.Maddis, Generic.Banker.Delf.259D5A0F, Backdoor.Redrival.A, Generic.Banker.Delf.15063022, Backdoor.W32.Gobot.A, Trojan.Win32.Agent.rd, VersaSearch, SiteHistory.Hijacker, AdURL.c, Trojan-Downloader.Win32.Agent.aqx, Adware.SaveStartDate, Tskmgr32.Hijacker, Porn-Dialer.Cutygirls, Adware.GatorCheat, Trojan-Downloader.Win32.Small.afi, Trojan-Downloader.NSIS.Agent.a, Trojan.Win32.Delf.rf, Trojan.Win32.Agent.nl, Trojan-Clicker.Win32.Spywad.o, Trojan.Lootseek.AV, Backdoor.Win32.SdBot.atu, Trojan.Win32.Kolweb.g, Backdoor.Win32.Mechbot.d, Adware.LoopAd, Trojan-Downloader.Win32.Small.djv, Trojan.YourDomain, Trojan-Downloader.Win32.Small.cyn
Threats that have been updated
Aureate/Radiate, CasinoOnNet, CoolWebSearch, Cydoor, GoHip Browserenh, Look2Me, Mirar, NowBox, ClickSpring.PuritySCAN, SearchExplorerBar, SurfPlus, MyWebSearch Toolbar, WurldMedia, Slagent/Navipromo, FunWebProducts, TargetSaver, Netwebsearch/Adblaster, Virtumonde, InternetOffers, Comet Cursor, The CoolBar, Freeprod/Toolbar888, ConsumerAlertSystem.CASClient, Trojan-Downloader.Qoologic, Trojan-Downloader.Winstall, SeekSeek, Smart Keystroke Recorder, Command Service, WinFixer, WinAntiSpyware, BigBlue.01, Dimpy.Win32VBsy, DollarRevenue, Exploit.WMF, DesktopScam, FakeAlert, Lineage.SK, Trojan-Downloader.Win32.Agent.aef, Trojan-Downloader.Win32.Small.awa, QuickLinks/Forethought, Trojan-Proxy.Win32.Lager, WeatherStudio, Trojan-Downloader.Win32.Harnig, Adware.Sogou, Trojan-Proxy.Win32.Xorpix.Fam, Trojan-Dropper.Win32.Agent.hl, Trojan-PSW.Win32.Sinowal, Zlob.Media-Codec, Trojan-Downloader.Win32.Small.ctp, PWS.VIP, Trojan-Downloader.Fald, Trojan-Downloader.Win32.Small.bsq, Trojan-Downloader.Small.ON, Trojan.Danmec, Trojan-Proxy.Win32.Agent.km, Trojan-Clicker.Win32.Small.jf, Trojan-Dropper.Agent.AKO, Trojan-Downloader.Delf.AEU, Trojan-Dropper.Delf.VA, Trojan-Dropper.Agent.AIB, Adware.U88, Trojan-Downloader.Obfuscated.N, Backdoor.Agent.ACT, Trojan-Downloader.Win32.Agent.aox, Backdoor.Win32.Agent.adr, Trojan-Downloader.Win32.Small.cyb, Trojan.PWS.Besq, LetsCool, Zwinky Toolbar
Spy Sweeper 735
Program Version 5.0.7. (Build 1608)
Spyware definition: version 735
Updated August 7th, 2006
Protection against 145,735 spyware traces.
Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.
Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/
Ewido Antispyware For August 7th
Date of Update: August 7th, 2006
Known threats in database: 386,423
Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.
•Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
•Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
•Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
•Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.
Product Info & Download: Ewido Anti-Spyware
Spyware Doctor 3.0530 0
Latest Database Version: 3.0530 0
Intelli-Signatures: 66,602
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
3.0530 0 - Backdoor.Small.LS, TClock, Trojan.PSW.Alerter, Trojan.Spy.Agent.S
3.05291 - Backdoor.Dados, Backdoor.Graybird.GEN, MokeAd, Trojan.Downloader.Banload.OA, Trojan.Downloader.Small.ACX, Trojan.Downloader.Tiny.DK, Trojan.Revop.A, Trojan.Spy.Banker.ALW
3.05280 - Adware.Baigoo, Trojan.Downloader.Delf.AQS, Trojan.Downloader.LameWeb, Trojan.Downloader.Pixar, Trojan.Hatu, Trojan.PWS.WMPatch
Extended Intelli-Signatures:
3.0530 0 - 123mania.com, Backdoor.Agent.CFC, Backdoor.Bifrose.D, Backdoor.GrayBird.K, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.Rbot.Gen, Backdoor.Sdbot.JG, Common Components Unrelated, MatrixDialer, SexVideoPro Dialer, Spy Lantern Keylogger, Trojan.Dialer.HC, Trojan.Downloader.Banload.MG, Trojan.Downloader.Druser, Trojan.Downloader.Small.ATL, Trojan.Icekboy.F, Trojan.Pakes, Trojan.PSW.Hangame, Virtual Bouncer, Virtumonde
3.05291 - Adware.Baigoo, Adware.Voghp, Backdoor.IRCBot.AZ, Backdoor.Rbot.ADZ, Backdoor.Rbot.AEU, Backdoor.Rbot.Gen, Backdoor.SdBot.GEN, Backdoor.Sdbot.JG, Common Components for Trojans, Coulomb Dialer, CWS.XPSystem, Dollarrevenue, LinkMaker Hijacker, RPCC Spammer, SexVideoPro Dialer, Spy Lantern Keylogger, SubSeven, TargetSavers, Trojan.Crypt.D, Trojan.Crypt.T, Trojan.Delf.IT, Trojan.Downloader.Agent.DK, Trojan.Downloader.Banload.AM, Trojan.Downloader.Small.AWA, Trojan.Downloader.VB.CA, Trojan.Downloader.Win32.VB, Trojan.Fivesec.A, Trojan.Hooker, Trojan.MakeCall, Trojan.Popuper, Trojan.Proxy.Small.DU, Trojan.Small.FH, Trustin Toolbar
3.05280 -Adware.Defender, AproposMedia, Backdoor.Beastdoor, Backdoor.Bifrose.D, Backdoor.CIADoor.13, Backdoor.Hackdoor, Backdoor.IRCBot.FP, Backdoor.Rbot.GEN, Backdoor.Sdbot.AAD, CasinoClient, Common Components for ClientMan and Trojan.Downloader.Delf.VT, Dialer.AY, Dollarrevenue, EliteBar, eZula, HotBar, Keylog-sters, LinkMaker Hijacker, Perfect Keylogger, PSGuard Desktop Hijacker, PSGuard, SpyHeal, Trojan.Agent.FG, Trojan.AOLPass.B, Trojan.Banker, Trojan.Dialer.HC, Trojan.Downloader.Delf.VT, Trojan.Downloader.Obscux, Trojan.Downloader.Small.ATL, Trojan.Downloader.Zlob.PJ, Trojan.Dumaru, Trojan.FavAdd.AE, Trojan.Goldun, Trojan.HacDef, Trojan.PWSteal.Lineage, Trojan.QQHook.A, Virtumonde
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Ad Aware SE1R118 07.08.2006
Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.
Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:
Adware.DesktopMedia +9
Adware.DuDu +11
Adware.Henbang +2
Adware.Suggestor +2
Adware.WSearch +3
CnsMin +12
Malware.SpyGuard +4
WinAntiVirusPro +19
Yok Toolbar
Sunday, August 06, 2006
Top Twenty Phish Brands for July 2006
The Castle Cops Phishing Incident and Termination (PIRT) Squad have issued it's top twenty brands targeted by phishers for the month of July.
As always, the PIRT Squad are working very hard on our behalf, so don't forget to report your phishing emails. The full list is found on the link below.
July 2006 confirmed phish (brand plus total count for July):
- PayPal - 202
- eBay - 188
- Bank of America - 34
- Wachovia - 33
- Chase - 22
- e-gold - 21
- Wells Fargo - 17
- Nationwide - 15
- Volksbank - 15
- BancaIntesa - 12
- HSBC - 12
- Lloyds TSB - 9
- Banamex - 8
- Santa Barbara Bank & Trust- 7
- Fifth Third Bank - 7
- NetBank - 6
- Citizens National Bank of Texas - 6
- AOL - 6
- Halifax - 6
- NAFCU - 6
Friday, August 04, 2006
Ewido AntiSpyware For August 4th
Date of Update: August 4th, 2006
Known threats in database: 385,090
Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.
•Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
•Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
•Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
•Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.
Product Info & Download: Ewido Anti-Spyware
Spy Sweeper Update 733
Program Version 5.0.5. (Build 1286)
Spyware definition: version 733
Program Version 5.0.5. (Build 1286)
Updated August 3rd, 2006
Protection against 145,529 spyware traces.
Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.
Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/
Spybot Search & Destroy Update August 4th
New and updated spyware detections for Spybot, which is available from Safer Networking.
Adware
++ IEHelper.e ++ Caishow ++ 91Cast ++ Boran.g ++ Win32.Nurvel.a ++ Win32.Agent.y + 2Search
Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL + CoolWWWSearch.Toolband
Keylogger
+ Elite Keylogger + EvilEye + LttLogger
Malware
+ Smitfraud-C. + VirusBlast + Look2Me ++ Aest ++ WB.Hider ++ EngeryPlugin + IMNames
PUPS
+ Hotbar ++ Baigoo.a ++ Tencent
Spyware
++ Trickle.Gator
Trojan
+ SpyQuake2 + Zlob.PornMagPass + Zlob.XPasswordManager ++ Amiboide + Amitis ++ AOLTrojan ++ Asassin ++ BackAge ++ Bandook ++ Beast ++ Win32.Agent.se ++ WinAntiVirusPro2006 ++ HB.RichMedia
McAfee Fixes Problem
Most McAfee products should update on their own, but to be sure, follow the instructions from the McAfee web site to make sure you have the updated software.
Here is the important part:
- Detailed Steps for installing the update:
- Make sure that are connected to the Internet
- Right click the McAfee SecurityCenter icon located in your system tray by your clock
- Click “Update”
- The “SecurityCenter Updates” window appears.
- Click “Check Now”
- If an update is available, click “Update”
- If prompted, enter your registered email address and password
- Click “Log In”
- Wait while the update downloads and installs
- Click “Finish”
- Detailed Steps for validating the update install:
- Right click on the McAfee icon located in your system tray by your clock
- Otherwise, Select “Open McAfee SecurityCenter”
- Double click on the McAfee SecurityCenter logo to view the “about” screen
- If the build number says 6.0.23 then everything is updated and the system is not vulnerable.
Spyware Doctor 3.0530
Latest Database Version: 3.0530
Intelli-Signatures: 66,602
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
3.0530 0 - Backdoor.Small.LS, TClock, Trojan.PSW.Alerter, Trojan.Spy.Agent.S
3.05291 - Backdoor.Dados, Backdoor.Graybird.GEN, MokeAd, Trojan.Downloader.Banload.OA, Trojan.Downloader.Small.ACX, Trojan.Downloader.Tiny.DK, Trojan.Revop.A, Trojan.Spy.Banker.ALW
3.05280 - Adware.Baigoo, Trojan.Downloader.Delf.AQS, Trojan.Downloader.LameWeb, Trojan.Downloader.Pixar, Trojan.Hatu, Trojan.PWS.WMPatch
Extended Intelli-Signatures:
3.0530 0 - 123mania.com, Backdoor.Agent.CFC, Backdoor.Bifrose.D, Backdoor.GrayBird.K, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.Rbot.Gen, Backdoor.Sdbot.JG, Common Components Unrelated, MatrixDialer, SexVideoPro Dialer, Spy Lantern Keylogger, Trojan.Dialer.HC, Trojan.Downloader.Banload.MG, Trojan.Downloader.Druser, Trojan.Downloader.Small.ATL, Trojan.Icekboy.F, Trojan.Pakes, Trojan.PSW.Hangame, Virtual Bouncer, Virtumonde
3.05291 - Adware.Baigoo, Adware.Voghp, Backdoor.IRCBot.AZ, Backdoor.Rbot.ADZ, Backdoor.Rbot.AEU, Backdoor.Rbot.Gen, Backdoor.SdBot.GEN, Backdoor.Sdbot.JG, Common Components for Trojans, Coulomb Dialer, CWS.XPSystem, Dollarrevenue, LinkMaker Hijacker, RPCC Spammer, SexVideoPro Dialer, Spy Lantern Keylogger, SubSeven, TargetSavers, Trojan.Crypt.D, Trojan.Crypt.T, Trojan.Delf.IT, Trojan.Downloader.Agent.DK, Trojan.Downloader.Banload.AM, Trojan.Downloader.Small.AWA, Trojan.Downloader.VB.CA, Trojan.Downloader.Win32.VB, Trojan.Fivesec.A, Trojan.Hooker, Trojan.MakeCall, Trojan.Popuper, Trojan.Proxy.Small.DU, Trojan.Small.FH, Trustin Toolbar
3.05280 -Adware.Defender, AproposMedia, Backdoor.Beastdoor, Backdoor.Bifrose.D, Backdoor.CIADoor.13, Backdoor.Hackdoor, Backdoor.IRCBot.FP, Backdoor.Rbot.GEN, Backdoor.Sdbot.AAD, CasinoClient, Common Components for ClientMan and Trojan.Downloader.Delf.VT, Dialer.AY, Dollarrevenue, EliteBar, eZula, HotBar, Keylog-sters, LinkMaker Hijacker, Perfect Keylogger, PSGuard Desktop Hijacker, PSGuard, SpyHeal, Trojan.Agent.FG, Trojan.AOLPass.B, Trojan.Banker, Trojan.Dialer.HC, Trojan.Downloader.Delf.VT, Trojan.Downloader.Obscux, Trojan.Downloader.Small.ATL, Trojan.Downloader.Zlob.PJ, Trojan.Dumaru, Trojan.FavAdd.AE, Trojan.Goldun, Trojan.HacDef, Trojan.PWSteal.Lineage, Trojan.QQHook.A, Virtumonde
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Thursday, August 03, 2006
AdAware SE1R117 03.08.2006
SE1R117 03.08.2006
This fixes a False Positive in Adware.Maxifiles and Win32.Trojan.Downloader
Microsoft Security Bulletin Advance Notification for August
As always, Microsoft have released an advance notification for the updates that are due to be released next Tuesday.
Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.
On 8 August 2006 Microsoft is planning to release:Microsoft Security Bulletin Advance Notification
Security Updates
Microsoft Windows Malicious Software Removal Tool
- Ten Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
- Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
- Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
- Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Wednesday, August 02, 2006
Ad Aware SE1R117 02.08.2006
Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.
Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:
SE1R117 02.08.2006
Updated Definitions:
========================
Adware.CasinoClient
Adware.Dollarrevenue +4
Adware.MMSAssist
Adware.Sidesearch
Malware.SpyGuard +2
MalwareWipe +2
Mediamotor
PurityScan.ref
SpyFerret
SpywareNo +3
SpywareQuake +2
TargetSaver
Win32.Generic.PWS +2
Win32.Trojan.Downloader +13
Win32.Trojan.Hexdoor +3
Win32.Trojan.Runner +4
Win32.TrojanDownloader.Agent
Spyware Doctor 3.05270
Latest Database Version: 3.05270
Intelli-Signatures: 65,649
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/
New Intelli-Signatures:
3.05270 - Adware.Fuel, Backdoor.IRCBot.DD, Backdoor.Quimera, Trojan.Downloader.Agent.AMF, Trojan.PWS.Bina, Trojan.Smartallyes, Trojan.Spy.MSN.B
3.0526 0 - Backdoor.Gargamel, Backdoor.Hupigon.GEN, Trojan.Downloader.Small.CYHm, Trojan.Firespy.A, Trojan.PSW.Delf.nv, Trojan.Spy.Offkey, Trojan.Spy.Satur
Extended Intelli-Signatures:
3.05270 - Adware.Sa, Adware.Sqwire, Adware.Voghp, Backdoor.Bifrose.D, Backdoor.Hackdoor, Backdoor.Hupigon.GEN, Backdoor.NetThief, Backdoor.Snowdoor, Coulomb Dialer, IGetNet, Instant Access, ISTbar, Marketscore Netsetter, MediaMotor, Rootkit.Order, TIBS Premium Rate Dialer, Trojan.Banker, Trojan.Downloader.Agent.AEZ, Trojan.Downloader.Agent.UJ, Trojan.Downloader.Banload.AM, Trojan.Spy.Delf.KF, Trustin Toolbar, VX2.Look2Me, WhenU.SaveNow
3.0526 0 -Backdoor.IRCBot.FP, Backdoor.Sdbot.AAD, BookedSpace, Dialer.BL, HotBar, Instant Access, Known Bad Sites, MediaTickets, Mirar, PurityScan, TargetSavers, Trojan.Downloader.Banload.AM, Trojan.Downloader.Banload.MG, Trojan.Downloader.Small.AGQ, Trojan.Downloader.Small.CAM, Trojan.Dumaru, Trojan.Popuper, Virtumonde
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Ewido Antispyware Update - 381,980 Threats
Date of Update: August 1st, 2006
Known threats in database: 381,980
Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.
•Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
•Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
•Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
•Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.
Product Info & Download: Ewido Anti-Spyware
Spy Sweeper Update 731
Spyware definition: version 731
Program Version 5.0.5. (Build 1286)
Updated August 1st, 2006
Protection against 145,273 spyware traces.
Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.
Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/
Tuesday, August 01, 2006
Serious Problem With McAfee Products
The exact details of the flaw hasn't been made available publicly, so there should be no one attacking you with it. The problem was discovered by Marc Maifrett of eEye Digital Security, a computer security company.
McAfee products affected include Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus. Note that the 2007 versions of McAfee products aren't affected.