Wednesday, May 31, 2006

The End Has Come For Windows 98

On July 11th, 2006, Microsoft will end it's support of Windows 98 and Windows ME. This means that no more security updates will be made for either of those operating systems, even if a new problem is found.

Back in 2004, Windows 98 was scheduled to have it's support stopped. However, there was enough outcry from people to have Microsoft extend it to July of 2006. Since July is just over a month away, that time has come again. I believe it is not likely that support for either of these operating systems to e extended. Windows ME was not popular to begin with, and Windows 98 has already had it's life extended by Microsoft two times already. With Windows Vista coming out soon, I believe they want to finish 98 for good this time.

What does this mean if you still use Windows 98 or ME? You can still use them, but if you ever need to reinstall or repair either operating system, you won't be able to download anything from Microsoft. I would follow the excellent steps from Fred Langa . Go download and save all the updates and security fixes now from Windows Update while you still can. If you do that, then you can do a complete reinstall by yourself.

Another option is to update to XP Home. The upgrade version of XP Home can be used to update Windows 98 and save you some money. Even if you pay full retail price, you can get XP Home for just $99. Usually, you can get it much less than that, online or even stores like Fry's and Best Buy.

Just be aware that if you want to keep using 98, you'll have to act now. Once July 11th comes, it will be too late.

Advance Notification of Microsoft Security Bulletin

How to Prepare for Patch Tuesday

Microsoft releases a monthly security bulletin on the 2nd Tuesday of every month. Prior to this release, Microsoft will notify users in advance of the number of the bulletins, the products affected, restart information and so on.

Advance Notification can be found here

Microsoft will release the advance notification 3 working days before Patch Tuesday. This means you will have 5 days in total to back up your system and ensure you have a fresh working restore point.

To check whether System Restore is enabled and actually running:

1. Click Start >> Run
2. Type services.msc
3. Click OK
4. Find System Restore Service in the list of services and verify that the status is “Started”.

It is advisable to manually create a restore point before applying the security update.

The next Security Bulletin Advance notification is due 8th June 2006






CounterSpy Update #348

CounterSpy 1.5 latest update definition is 348

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Trojan-Dropper.Win32.Agent.hl
Trojan-Downloader.Win32.Small.ajc
180solutions.Zango.CommonElements
Trojan-Clicker.Win32.Delf.fj
Trojan.Win32.Crypt
Trojan.Simtest
Trojan.Svchostsys
Trojan-Dropper.Win32.Agent.amn
Trojan-PSW.Win32.Sinowal
Trojan.Aepif
Trojan-Downloader.JS.Agent.af
Exploit.Gossip-Stars
Trojan.Sharp.Q
Trojan.IEMax
Backdoor.Win32.Agobot.aig
Trojan-Spy.Win32.Agent.mn
Elevated Hosting
Exploit.Vxgame
Zlob.pt
Trojan-Downloader.Win32.Small.ctp
Trojan-Dropper.Win32.VB.kk
Backdoor.Win32.Small.crd
SpyCleaner
Downloader.BA
Downloader.BB
Banker.TZ
Downloader.BC
Downloader.BD
PWS.VIP
Downloader.BE
Trojan-Spy.Win32.Agent.kf
Trojan-Downloader.Fald
Fearmusk.A
BeastPWS-C

Threats that have been updated

BookedSpace
3721.com Chinese Keywords
Claria.Gator.eWallet
Doly
AvenueMedia.InternetOptimizer
E2Give
IST.SlotchBar
Hotbar
IBIS.WebSearch Toolbar
IST.ISTbar
Look2Me
C2.Lop
IST.PowerScan
Radlight
WhenU.Save
Stop Popup Ads Now
WhenU.WeatherCast
webHancer
MyWebSearch Toolbar
WhenU.ClockSync
ABetterInternet
DealHelper
180solutions.SearchAssistant
WhenU.WhenUSearch
Zango.SearchAssistant
Looking-For.Home Search Assistant
Krepper
CallingHome.biz
MediaMotor
DialerPlatform
NetPumper
Netwebsearch Toolbar
Virtumonde
ABetterInternet.Transponder.Ceres
CoolWebSearch.MWSearch
SurfSideKick
PC-Watch
Secret Explorer v6.0
Radar Spy 1.0
Trojan.SvcProc
The PC Detective
Trojan.Vxgame
Java ByteVerify
ABetterInternet.Aurora
ABetterInternet.DrPMon
Trojan-Downloader.Small
ABetterInternet.Poller
Dialer.Maxd
New Dial
ConsumerAlertSystem.CASClient
Topnetsearch
SurfAccuracy
Trojan-Downloader.Qoologic
WindUpdates.MediaGateway
WatchDog
Zenotecnico
MindSoft Secret Agent
SSA-KeyLogger
Zango.Muncher
ICanNews.CasClient
PWS-Banker
Zad
Remote Performance Observer ver. 2.7
SafeSurfing
Starware.Toolbar
WebNexus
Dimpy.Win32VBsy
Chode.GM
DollarRevenue
Exploit.WMF
UserTracker
DesktopScam
FakeAlert
SupremeToolbar
EliteMediaGroup
Goldun.Fam
TagASaurus
Trojan-Downloader.Win32.Small.awa
PartyPoker
Exploit.CHM
Haxdoor.Fam
Exploit.CreateTextRange
Trojan-Downloader.Agent.Afl
FullContext.EQAdvice
Media-Codec
WhenU.VVSN
Virtumonde.BC
Trojan-Clicker.Win32.VB.ij
Trojan-Spy.Win32.VB.eh
Yazzle.SnowBallWars
Proxy-Lager
Trojan-Downloader.Win32.Small.csn
SpamTool.Win32.Agent.h
Trojan-Downloader.Harnig
Related Search
Trojan-Proxy.Win32.Xorpix.Fam
Ultimate Defender
Trojan.Win32.Agent.qt
Trojan-Proxy.Win32.Small.em
Trojan-Proxy.Win32.Agent.ke
Renchneg.B.DLL

Ad Aware Update SE1R110 31.05.2006

Ad Aware SE has a new update, SE1R110 31.05.2006

New Definitions:
========================
Adware.2Search +6
Adware.AdMedia +2
Adware.MMSAssist +11
AdwareSoft +2
InstantAlbert
NoAdware +3
SpywareNukerXT +10
SystemDoctor +3

Updated Definitions:
========================
180Solutions
Adlogix
Adware.Advertisemen
Adware.DollarRevenue +6
Adware.DuDu
Adware.HuaCiSou +2
Adware.Look2Me +3
Adware.ZenoSearch +6
BargainBuddy +2
BookedSpace +2
ClientMan
CommonName
CoolWebSearch
DailyToolbar
DealHelper
Dialer +2
DownloadWare
DyFuCA +8
EzuLa +7
GetMirar
GoGoTools
Gratisware
IGetNet
I-LookUp
MalwareWipe
MediaCharger
MediaMotor +2
MegaSearch Toolbar
Naupoint
OurXin
PowerStrip
SearchNav
ShopNav Hijacker
Softomate Toolbar +5
SpywareNo
Starware Toolbar
Surfaccuracy
SurfSideKick +11
Timesink
WebHancer +4
Win32.Backdoor.Agent +4
Win32.Generic.PWS +3
Win32.Trojan.Agent +2
win32.Trojan.Dnschanger
Win32.Trojan.Downloader +18
Win32.Trojan.Hexdoor +2
Win32.Trojan.KillAV.ref +2
Win32.Trojan.Spambot
Win32.Trojan.StartPage +2
Win32.TrojanClicker
Win32.TrojanProxy.Small
Win32.Trojan-PSW.Sinowal
Win32.TrojanSpy.Banker +3
Win32.TrojanSpy.Goldun
VirtualBouncer
WurldMedia
Xupiter
ZSearch


Ad Aware can be downloaded from Lavasoft

Ewido Antimalware Update 1898

Current database: #1898
Date of Update: May 31st, 2006
Known threats in database: 336,489

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Spy Sweeper Update 689

Spy Sweeper latest update.

Spyware definition: version 689

Updated May 31st, 2006
Protection against 138,515 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 138,515 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Tuesday, May 30, 2006

Spyware Doctor 3.048

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.048 0
Intelli-Signatures: 62,635

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0479 0 - Trojan.Downloader.Obscux, Trojan.Small.LG
3.0478 1 - Backdoor.Sdbot.AGP, Trojan.Bancos, Trojan.Downloader.VB.MZ, Trojan.Proxy.Agent.JS, Trojan.PSW.Cain, Worm.Feebs

Extended Intelli-Signatures:
3.0478 1 - AceSpy, Advanced Computer Monitor, Altnet Software, Anti-Phishing, Backdoor.Agent.PX, Backdoor.Forbot, Backdoor.Hackdoor, BookedSpace, CasinoClient, ClkOptimizer, Common Components for Claria, Common Components for Integrated Search Technologies (IST) Items, CZDialer, Dollarrevenue, Iebar, ISTbar, Lop.com, Mirar, PSGuard Desktop Hijacker, PurityScan, Rootkit.Order, SpyAgent, SurfSideKick, Trojan.Banker, Trojan.Downloader.Adload.I, Trojan.Downloader.Small.CKT, Trojan.Downloader.Small.CML, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Small.AEK, Trojan.FakeAlert, Trojan.Pakes, Trojan.Polymorph, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.PWSteal.Bancos, Virtumonde, WhenU.SaveNow, Windows TaskAd, WinFixer, WinSpy Stealth Monitor
3.0479 0 - ABetterInternet, Activity Monitor, Adware.Defender, Backdoor.Hackdoor, CasinoClient, ClkOptimizer, E2.Give.IEBHOs, EliteBar, eXact Advertising, eZula, ISTbar, Known Bad Sites, Maxifiles, MediaMotor, Pops Stop, Pru-tect, RPCC Spammer, SC Keylogger, SoftForYou Keylogger, SpyAxe, SpywareQuake, Trojan.Agent.FG, Trojan.Crypt.E, Trojan.Downloader.Harnig, Trojan.Downloader.Small.CRD, Trojan.Downloader.Traffbucks, Trojan.Downloader.Winmuse, Trojan.Downloader.Zlob.AS, Trojan.Dropper.Small.AEK, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.SpamBot, Trojan.Zapchast, Virtumonde
3.0480 0 - 2020search.com, Backdoor.Hackdoor, Backdoor.Rbot.AEU, Lop.com, Rootkit.Vanti, SearchWeb2 Toolbar, SpyAxe, SpyFalcon, Trojan.Agent.FG


Tool Update releases:
Site Guard 3.6.0.2069
Popup Blocker 3.6.0.2281

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

F-Secure Backlight

Version: 2.2.1037 Released: 30-May-2006


What is F-Secure BlackLight?

F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits. The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software.

What are the key benefits of F-Secure BlackLight Rootkit Elimination Technology?

  • F-Secure BlackLight can detect and eliminate active rootkits from the computer. Traditional antivirus scanners can't detect active rootkits.
  • On a normal system F-Secure BlackLight does not confront the user with a long list of suspected objects. This makes F-Secure BlackLight useful even for non-technical users.
  • F-Secure BlackLight Rootkit Elimination Technology can be used in the background during normal system operation. Other available scanners require a reboot during scan or may produce false positives if the system is used during scanning.

For whom is F-Secure BlackLight intended?

F-Secure BlackLight is intended for all computer users who want additional security by checking their system for rootkits. F-Secure BlackLight is suitable for use in both home and business environments.

How can I try F-Secure BlackLight Rootkit Elimination Technology?

NOTE: Stand-alone BlackLight expiration has been extended until 1st of May 2006. An integrated BlackLight engine has been included in the F-Secure Internet Security 2006 suite.

Ewido Antimalware Update 1896

Current database: #1896
Date of Update: May 24th, 2006
Known threats in database: 335,866

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Monday, May 29, 2006

What File Sharing Programs Have Spyware

Everyone knows Kazaa comes with adware and other unwanted extras, but what about some of the other P2P (file sharing) programs?

Spywareinfo has had a page that listed which ones were clean and which ones contained spyware, trojans, or adware. However, it hasn't been kept up to date and may not be completely accurate anymore. This is why a new clean/infected P2P program page has ben created at Malware Removal. So if you are not sure if eMule contains malware, you can look it up to find out.

It is up to you to not do anything illeagal with any of the programs, but at least you can be safe from malware by using a clean one.

Ewido Antimalware Update 1894

Current database: #1894
Date of Update: May 29th, 2006
Known threats in database: 335,433

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Zero Day Exploit in Word

A Zero Day Exploit is a vulnerability for which there is no patch.... yet! It seems that a new security hole has been discovered in Microsoft Word and as yet there is no patch for it, although Microsoft are hoping to issue a security update for Word in June.

The malicious software arrives as a Microsoft Word file attachment to an e-mail message. When the document is opened by the user, the vulnerability is triggered. In the case that was reported by Symantec, the Word document actually displayed some text related to a treaty with China, but while the text was displayed, a backdoor was installed on the system. Backdoor software allows intruders to enter computers surreptitiously.

The vulnerability was confirmed in Word 2003, Symantec said. The malicious file caused Word 2000 to crash, but did not run the malicious payload, it added.

Microsoft is advising users to run word in 'safe mode', this should block any attacks.

Enabling "safe mode" is a two-step process. The first part involves disabling the use of Word as an e-mail client, the second is appending "/safe" to the command line that starts Word.
For an attack to be carried out, a PC user must open a malicious Word document sent in an e-mail or otherwise provided by an attacker. Aside from changing the way Word runs, people can protect their systems by being careful in the opening of Word documents received as an unexpected e-mail attachment, Microsoft said.

Microsoft's advisory contains detailed advice on suggested workarounds and can be found here.

MVPS HOSTS File

What it does ...
The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems.

The MVPS HOSTS file was updated [05-29-06]
http://www.mvps.org/winhelp2002/hosts.htm

Download: hosts.zip (111 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource
for determining possible culprits ... (449 kb)
http://www.mvps.org/winhelp2002/hosts.txt

Sign up for HOSTS file update notices
http://www.mvps.org/winhelp2002/hosts.htm#contribute

Thanks to CoU for the update information

Saturday, May 27, 2006

SpywareBlaster Update May 25th

New SpywareBlaster updates available. This update adds 51 new entries to protect your computer.

Database 6345 items
Updated May 25th, 2006

SpywareBlaster is free and available from here.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer

Ewido Antimalware Update 1889

Current database: #1889
Date of Update: May 26th, 2006
Known threats in database: 333,479

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Sunbelt Counterspy Update 346

CounterSpy 1.5 latest update definition is 346

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Trojan.Downloader.Zlob.pp
Trojan.Downloader.Win32.Tiny.beef
Dialer.oy
Trojan.Win32.Agent.qt
Trojan-Proxy.Win32.Small.em
Trojan-Proxy.Win32.Agent.ke
Trojan.Downloader.Win32.Small.aom
Trojan.Downloader.Win32.Small.crv
Renchneg.B.DLL

Threats that have been updated

BookedSpace
ClearSearch
IStartHere
KaZaA
Look2Me
OnlineDialer
MediaTickets CDT
Rbot
Begin2Search
Trojan.BankerSpy
Unclassified.Spyware.47
AIM Log Manager 1.0
Imagekrew
SpySheriff
Trojan.Agent
WiSSH
Exploit.WMF
DesktopScam
SpyFalcon
Haxdoor.Fam
k3yl0g3r
Klogger
Retrieve
ShareAll
ShopAtHome
ShopAtHomeSelect.com
WebPI

Spybot Search and Destroy Update

Spybot Search and Destroy has an update today, May 2nd,2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:

Hijacker
+ Lagos + AproposMedia + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Keylogger
+ Desktop Snooper + SpyArsenal.Family Keylogger
Malware
+ Win32.Delf.KD + Smitfraud-C. + SysProtect + SpyOnThis + Vcodec.eMedia + SpywareSheriff + Win32.Rbot.gen + Spy Sheriff
PUPS
+ MalwareWipe
Security
+ Windows.RedirectedHosts
Spyware
+ SpyArsenal.AIM Logger + SpyArsenal.ICQ Logger + SpyArsenal.Yahoo Logger + SpyArsenal.IRC Logger + SpyArsenal.Personal Desktop Spy + SpyArsenal.Print Monitor Pro + SpyArsenal.Watcher + 180Solutions.SearchAssistant + Huntbar
Trojan
+ BraveSentry + SpywareSheriff.FakeAlert + SpywareQuake.FakeAlert + Zlob.Downloader + Win32.Agent.xv + Win32.Small.aoi + Win32.AdvertMen + SpyiBlock + Dloader.WL1934
Total: 324662 fingerprints in 41627 rules for 1973 http://www.safer-networking.org/en/home/index.html

a-squared release Anti-Malware 2.0 BETA

We are proud to present a first beta version of a-squared Anti-Malware 2.0!

To get the beta software, please download the setup file here: Download Link

Or if you are using a-squared Personal 1.6.5, please login at the Control Center and check the Beta updates box at the license manager and run the online update to upgrade to version 2.0 beta.

If you find bugs please report them only at the 2.0 beta support forum.

New and improved features in a-squared Anti-Malware 2.0:

Scanner:
- Added 4 predefined scan types: Quick Scan, Smart Scan, Deep Scan and Custom Scan.
- Added feature to save and load scan settings.
- Added scan of archive files (ZIP, RAR, CAB and their derived formats).
- Added scan of hidden Alternate Data Streams (ADS).
- Added whitelist feature to avoid detection of known wanted programs.
- Added quarantine feature to store found Malware for a later restore or final removal.
- Added scheduled scans.
- Added silent scan (no visible window while scanning).
- Added plain text format logfile.
- Improved memory scan.
- Improved Cookie scan to scan Internet Explorer and Firefox cookies.
- Improved scan result list that groups Malware by their names. Malware details can be requested with one click.
- Improved secure removal of Layered Service Providers (LSPs).


Background Guard:
- Improved core capabilities of the Malware-IDS
- Added false alert reduction to avoid alerts on regular programs.
- Added paranoid mode that alerts much more suspect actions.
- Added application rules to exclude specific applications from beeing alerted on specific behavior.
- Added trust mode for trusted applications which will be completely excluded from protection to save system resources.
- Added protection mode to protect third party applications from beeing modified by other processes.
- Added self protection for a-squared components to avoid beeing modified or shut down by malware.


HiJackFree:
- Complete redesign of a-squared HiJackFree 2.0.
- Displays online information of processes or autoruns within the program to give a quick overview if something unwanted is active on the PC.


General:
- Improved usability of the main application, now called a-squared Security Center.
- Added a Security Wizard to make it easier for novices to set up a-squared Anti-Malware with an optimal configuration step by step.
- a-squared accounts can be created from within the software now. No visit of the website needed.
- The password can be requested from within the software if it has been forgotten.
- The licenses can be selected from a list. No more need to remember the license number.
- Added proxy server support for online updates.
- Added update notify boxes that slide into the screen when an update has been installed.
- Added news notify boxes that slide into the screen and display the latest a-squared news.
- Improved Auto-Update feature to schedule online updates more detailed.
- Optimized performance and memory usage.
- Added support for asian codepages.
- Changed language file format.
- Bugfixes for several minor changes.

Source

Friday, May 26, 2006

Barclays buys it's customers Anti Virus

As reported on the BBC News Technology page today, Barclays Bank are going to provide all their on line banking customers with a license for F-Secure Anti Virus along with two years updates.

This is a fantastic step in the right direction as there are still an awful lot of people out there who don't have any anti virus protection on their machines. I find that incredibly scary.

Here is hoping that other banking institutions follow Barclays lead in being pro-active with regards to their customers on line safety.

Thursday, May 25, 2006

Spyware Doctor 3.0477

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0477 0
Intelli-Signatures: 62,466

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0475 0 - Trojan.Dropper.Small.RD
3.0476 0 - Backdoor.Agent.ZB, Trojan.Zerobe
3.0477 0 - Backdoor.Agent.XY, Key Thief, SysProtectFree, Trojan.Downloader.Agent.AIG, Trojan.Startpage.AEN

Extended Intelli-Signatures:
3.0475 0 - 2nd-thought.com, ABetterInternet, CashSaver, Common Components for Claria, Common Components for Trojans, Common Components Unrelated, Derbiz, IE Driver, Known Bad Sites, LinkMaker Hijacker, Pearl Echo, Trojan.Clicker.GEN, Trojan.Downloader.Agent.AAN, Trojan.Downloader.Harnig.BD, Trojan.Downloader.Small.CML, Trojan.Dropper.Small.AEK, Trojan.EmailSpy, Trojan.Popuper, WinFixer, WinSearchIE32
3.0476 0 - 2020search.com, ActiveX Dialers, Backdoor.Agent.PX, Backdoor.Rbot.AEU, CasinoClient, ClearSearch, ClickSpring, Common Components for Trojans, CrackSpider, CWS.XPSystem, Desktop Hijacker, Dollarrevenue, eZula, IE Driver, IEAccess.IEDial, ISTbar, MediaGateway, Perfect Keylogger, QQFace, ShopNav, Surf Accuracy, Trojan.Adclicker, Trojan.Downloader.ConHook, Trojan.Downloader.Harnig, Trojan.PWSteal.Bancos, Virtumonde, Webhancer, Windows AdStatus, WinTools
3.0477 0 - 180ad Solution, Backdoor.DonaldDick, Backdoor.Hackdoor, Backdoor.mIRC, Bargain Buddy, ClearSearch, Common Components for Claria, Desktop Scout, Known Bad Sites, LZIO Websearch, MediaTickets, MSLink32, PCAgent Keylogger, Perfect Keylogger, PurityScan, SideFind, SpywareSoftstop, TIBS Premium Rate Dialer, Trojan.Clicker.Small.KR, Trojan.Delf.IT, Trojan.Downloader.Agent.AKG, Trojan.Downloader.Harnig, Trojan.Downloader.Zlob.GEN, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.PWSteal.Bancos, Webhancer, WebRebates, WinAntiVirus, WinSpy Stealth Monitor

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Sun Java 5.0 Update 7

Sun Java 5.0 has been updated today to version 1.5.0_07-b03

Release notes here

You can download the updated version here

If you aren't sure which version you have then you can check your version here

It is important that old versions of Sun Java are removed

1. Close any open programs you may have running, especially your web browser.

2. Click Start > Control Panel
Depending on your OS or configuration, you may have to click Start > Settings > Control Panel

3. Open Add or Remove Programs.
If you have Windows 98 or Windows 2000, open Add/Remove Programs.

4. Click once on any item listing Java Runtime Environment in the name.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.

5. Click the Remove or Change/Remove button.

6. Follow steps 4 and 5 as many times as necessary to remove all versions of Java.

7. Also, search 'Programs' and 'Application Data' and remove old version files manually. Note; Do not delete the Java VM folder if found.
C:\Program FilesC:\Documents and Settings\USERNAME\Application Data\

8. Reboot your PC once all Java components have been removed.

9. Proceed with reinstalling Java:
Continue Step 9 by going to http://java.sun.com/j2se/1.5.0/download.jsp
and install the latest version from the website.

10. Then reboot your system a final time.

Wednesday, May 24, 2006

Sony Rootkit Settlement Finalized

I'm seeing many news stories today about a settlement reached between Sony BMG and the US Federal Government. This is the same settlement I wrote about back in March, but it is now finalized. If the CD you bought had the XCP rootkit on it, you can either get some cash and a free music download, or no money and 3 music downloads. If you have a CD with the MediaMax digital rights management software on it, then you only can get the free music downloads.

If you do not know what Sony BMG CDs qualify for this settlement, take a look at this page that lists the compact discs included in the settlement. An additional part of the settlement says that Sony BMG can not use either program on their music discs anymore. The Electronic Frontier Foundation has a web page to help people with the settlement process.

This all started back in November 2005 when Mark Russinovich discovered that Sony was using trojan like behavior, called a rootkit, to hide the anti piracy software. Eventually, Sony was forced to recall all of the CDs with the rootkit program on them.

There are still other lawsuits against Sony, however. The Texas Attorney General has brought enforcement action against Sony BMG for it's spyware like activities. The settlement between Sony BMG and the Federal Government has no effect on the Texas case. The Federal Trade Commision and several other US states are still investigating the matter.

Spy Sweeper Update 685

Spy Sweeper latest update.

Spyware definition: version 685

Updated May 24th, 2006
Protection against 138,162 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 138,162 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Ewido Antimalware Update 1884

Current database: #1884
Date of Update: May 24th, 2006
Known threats in database: 332,500

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Counterspy Update 344

CounterSpy 1.5 latest update definition is 344

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Oemji Bar
TryToFind
Trojan-Proxy.Win32.Wopla.r
Trojan-Proxy.Win32.Agent.kb
Trojan-Proxy.Win32.Agent.ji
Trojan-Downloader.Win32.Small.ctu
Trojan.Downloader.Harnig
Related Search
Trojan.Downloader.Small.CKM
Trojan.Downloader.ExtremeBiz
Stinx-V
Trojan.Downloader.Win32.VB.adp
TrustinBar
Sogou
Settec
IMNames
NielsenNetRatings
Henbang
Delf.RJ
MMSAssist
SystemDoctor
Trojan-Proxy.Win32.Xorpix.Fam
Ultimate Defender
Ginwui.A
Ginwui.B

Exploit.MSWord.1Table.bd
Backdoor.Win32.VB.ama
Safety Browser
RemoteAdmin.CommonLibrary

Threats that have been updated

Backdoor.VB.aj
Beast
BookedSpace
3721.com Chinese Keywords
ClearSearch
CnsMin
Doly
Hotbar
Actmon PC & Internet Monitoring
IStartHere
KeySpy
Look2Me
Morpheus
NewDotNet
PrizeSurfer
AdultLinks.QBar
SearchCentrix
TrojanClicker
Slagent
Backdoor.agent
Trojan.Delf
MediaMotor
HDTBar
Virtumonde
Trojan.BankerSpy
SpyGator Pro
Exploit Child Watchdog 2
TrueActive Monitor
Project KX 1.0
AdHelper
Trojan.PayTime
Trojan.SvcProc
Trojan.Vxgame
ABetterInternet.DrPMon
Trojan.Downloader.Small
My Way Speedbar
SpySheriff
DuDuAccelerator
SpecificMedia.GoGoTools
SearchNugget
Trojan.Downloader.Winstall
PurityScan.VirtueScope
Hidden Camera
WebPI v2.51
MDSA Sentinel X 3
SoftProbe Analyzer 2.8
Trojan.Agent
PWS-Banker
BackDoor.Galapop.A
PC Spy Keylogger
MoM v 1.3.J
RBot.Lynx
BigBlue.01
Vcodec
XP Keylogger 5.0
PC James Bond 007 v 4.0
VBpopper
IIPwr Package
XP Advanced Keylogger 2.5
ErrorSafe
Dimpy.Win32VBsy
Power Spy
DollarRevenue
Jupites.B
Exploit.WMF
Trojan.Downloader.Various
Danmec.B-dll
DesktopScam
BestOffersNetworks
SpyFalcon
Backdoor.IRC.Zapchast
Goldun.Fam
Spy-Guard v2.0
Virtual Screen Spy v1.0
Exploit.CHM
Haxdoor.Fam
SmartDove
FullContext.EQAdvice
Fengcent.Quicklink
SpywareQuake
Proxy-Lager
Trojan-Spy.Delf.ex

Monday, May 22, 2006

Spyware Doctor Update 3.0474

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0474 0
Intelli-Signatures: 62,170

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0473 1 - Backdoor.Olinger, PassDumper, Trojan.Downloader.FLK, Trojan.Downloader.Winmuse
3.0474 0 - Adware.Advertmen, Adware.Serpo, Backdoor.CommInet, Dialer.PlayGames, Trojan.Dialer.IB, Trojan.Downloader.Agent.WQ, Trojan.Downloader.Small.APT, Trojan.Dropper.Agent.EX, Trojan.Dropper.Agent.TA, Trojan.StartPage.ACZ

Extended Intelli-Signatures:
3.0472 1 - Spam Trojan-Downloader.Win32.Banload
3.0473 1 - AdultIt, Adware.Defender, Backdoor.CXH, Backdoor.Hackdoor, Common Components for WinSoftware, CWS.Cassandra.A, CWS.XPSystem, Dollarrevenue, eZula, Fast Video Player Dialer, Fearless KeySpy, ISTbar, Kassbot, Known Bad Sites, PSGuard Desktop Hijacker, PurityScan, QQFace, Seekmo Search Assistant, Surf Accuracy, Trojan.Banker.DX, Trojan.Downloader.Agent.AKG, Trojan.Downloader.Banload.FB, Trojan.Downloader.ConHook, Trojan.Downloader.Small.CML, Trojan.Downloader.Traffbucks, Trojan.Goldun, Trojan.LowZones, Trojan.Popuper, Trojan.Proxy.Agent.JL, Trojan.PWS.Tanspy, Trojan.Qhosts, Trojan.Vxgame, Trojan.Zapchast, Virtumonde, WebSearch Toolbar, WhenU.SaveNow, WinAntiVirus, WinFixer, WinTools, Yazzle Snowball Wars
3.0474 0 - AdultIt, Backdoor.ProRAT.K, Backdoor.Thunk.E, BookedSpace, Common Components Unrelated, CWS.XPSystem, DealBar, Hotoffers Hijacker, Instant Access, ISTbar, Keylog-sters, MediaMotor, MediaTickets, Mirar, PassDumper, PurityScan, Seekmo Search Assistant, SideFind, SpyAxe, StoragePass Viewer, SurfSideKick, Transponder.Bolger, Trojan.Agent.FC, Trojan.Downloader.Agent.AIF, Trojan.Downloader.Agent.AKG, Trojan.Downloader.Harnig, Trojan.Downloader.Mediket, Trojan.Downloader.Zlob.AS, Trojan.FakeAlert, Trojan.LdPinch, Trojan.Proxy.Lager.f, Trojan.Proxy.Small.BO, Trojan.PWSteal.QQPass.AK, WinAntiVirus, WinTools, Zeno Search Assistant

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Spy Sweeper Update 683

Spy Sweeper latest update.

Spyware definition: version 683

Updated May 22nd, 2006
Protection against 139,272 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 139,272 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Ewido Antimalware Update 1879

Current database: #1879
Date of Update: May 19th, 2006
Known threats in database: 331,531

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Sunbelrt CounterSpy Update 342

CounterSpy 1.5 latest update definition is 342

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Threats that have been updated

AIM Evil Doer
AIM Password Stealer
Alvgus
Delf.eq
Mtexer.10
SrvCmd.b
Back Streets
BadLuck Reloaded
BFGhost
BLHouse
BlueAngel
BrainSpy
Broomop
ChineseHack
ChkRootKit Worm
CMJSpy
CrackDown
Cyn
Destruction Deaths Corner
Depth Charge
DFch Grisch
Diablo Keys
Phone Dialer
Direct PopUp Advertiser
DSK-Lite
ExeBinder.c
Exploder Trojan
Faceless Fake Mailer
FeRAT
ForcedControl
GayOL
GetPassword
GFG
KeyLog GhostSpy
Grokster
Guangwai Girl
Hacker Defender
Heiying
Hellz little spy
HGZ
Hydroleak beta 1
Worm.Sheng
ICQ Pager
Invisible Evil
Invisible Activity Spy
Invisible Keylogger
JustJoke
Kavar
Khurak 1.0
Krippled
Kronical Fire
Kryptonic Ghost Command
KSLogger
Liveshows
MagicLink Backdoor
Microspy
MiniBackLash
MRA
M$N Crack Store
MSN Tools Trojan
Muska
Mutant Pager
Nerte
Netboy
NetBus Bac Hack
NetDown
Noknok
NoSecure KeyLogger
NScan
OICQsearch
Back Orifice
OwnedFTP
Password Devil
pcLog
PC Ghost
Phi Firewall Bypass
PrecisionPop
Protoss
PWS-Gao
QQPass
RAM Eater
rcmd
Real McCoy AIM Password Stealer
Remote Anything
Remote Commands
Remote Task Manager
SA Downloader Lite
ScreenCutter
Seven Eleven
SexMansion.com
Sigatarius Spy
Simple Mail Bomber
Sin4Cyn
SnakDos
Specrem
SpOOkeys Keylogger
Spysender
Stealth Eye
Stealth Keyboard Interceptor
SubSeven
Zdemon
ZDownloader
Zimenok
ZSpy II 0.99b
YSK KeyLog
Vagrnocker
Vio Logga
Ultors Trojan Port
Uploader 2.0b4
T-Cmd 1.0 beta
TAG Opt Trojan
TBT Nightmare
The Infector Trojan
The Prayer
TradeHack
Trail Of Destruction
Delf.am
Trojan.Win32.Killav
3X Backdoor
Waar Daat
WebDL Backdoor
Virus.EasyGet 2.2
HDBreaker
VB.AL
VB.j
Win32.Xilon IthCreator
WinEggDrop Online Keylogger
WinRat
Wollf
Keystroke Shortcut Recorder
EtherDetect
Passware Kit
Cybervizion
ABetterInternet.Aurora
ICQ Trogen
NetSpy 3.0
Keysend
Remotely Anywhere Server Edition
SilentNight IE Watcher
CobCat 1.0.1.13
BlackBox
HackerWacker
Intelliflag Content Monitor
PrivacyDefender

Nod32 update 1.1553

NOD32 Antivirus detection database has been updated to version 1.1553 (20060522)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

HTML/Phishing.gen, IRC/SdBot, Win32/Adware.SpySheriff, Win32/Agent.KA (3), Win32/Agent.OH (3), Win32/Aimbot.NAE, Win32/Delf.NBN (2), Win32/Delf.T (2), Win32/HackTool.Mydoomer.B, Win32/Haxdoor (7), Win32/Haxdoor.IT (2), Win32/Hoax.Renos, Win32/Hupigon (2), Win32/IRCBot.RX (2), Win32/Mytob.TJ, Win32/PSW.Agent.NAM (3), Win32/PSW.QQShou, Win32/PSW.Sinowal.D, Win32/PSW.Sinowal.P, Win32/PSW.VB.JA, Win32/Rbot (5), Win32/Scano.NAQ (2), Win32/Spabot.X (2), Win32/Spy.Agent.EO (4), Win32/Spy.Delf.IG (2), Win32/Spy.Delf.KL, Win32/Spy.Delf.NL, Win32/TrojanClicker.Small.KH, Win32/TrojanClicker.Small.KR (2), Win32/TrojanClicker.VB.KE, Win32/TrojanDownloader.Agent.AEA, Win32/TrojanDownloader.CWS (2), Win32/TrojanDownloader.Delf.NDQ, Win32/TrojanDownloader.Qoologic.BJ, Win32/TrojanDownloader.Small.AWA (3), Win32/TrojanDownloader.Small.CKJ (2), Win32/TrojanDownloader.Small.CWB (2), Win32/TrojanDownloader.VB.NBK, Win32/TrojanDownloader.Zlob (2), Win32/TrojanDownloader.Zlob.NV, Win32/TrojanDownl

Ad Aware SE1R109 22.05.2006

Lavasoft Ad Aware updated to SE1R109 22.05.2006

New Definitions:
========================
Adware.AdNow
Adware.DesktopMedia +4
Yok Toolbar +2

Updated Definitions:
========================
ABetterInternet.Aurora +4
ABetterInternet.Nail +2
Adintelligence.AproposToolbar
Adware.DollarRevenue +4
Adware.DuDu
Adware.Henbang +6
Adware.HuaCiSou +4
Adware.Look2Me +3
Adware.NaviPromo +21
Adware.Yazzle +4
AltnetBDE +2
Aureate
BlazeFind +2
BookedSpace
ClearSearch +9
CometSystems +24
Cydoor
Dialer +2
Elitum.ElitebarBHO +3
Gain +3
istbar +5
Malware.Azesearch +3
NavExcel +2
OurXin +5
PurityScan +21
Softomate Toolbar
SpywareNo +2
Starware Toolbar +3
UCmore
Win32.Generic.PWS
Win32.Harnig.Trojan
Win32.Trojan.downloader +9
Win32.Trojan.Hexdoor
Win32.TrojanClicker
Win32.Trojandownloader.Zlob +43
Win32.TrojanProxy.Agent.dl
WinAD +15
WinFixer
WinPopup
VX2


Ad Aware can be downloaded from Lavasoft

Sunday, May 21, 2006

NOD32 Antivirus Update 1.1551

NOD32 Antivirus detection database has been updated to version 1.1551 (20060521). This update does include detections for the Word document trojan that I talked about in my previous post about being careful when opening Word documents. I've marked the related detections in red below.

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

Win32/Exploit.MSWord.Smtag, Win32/Adware.MediaTickets, Win32/Exploit.MSWord.1Table (4), Win32/Ginwui.A (2), Win32/Ginwui.B (5), Win32/Small.KH, Win32/TrojanDownloader.Small.CKJ, Win32/TrojanProxy.Migmaf (2)

Be Careful Opening Word Documents

There is a new exploit in Microsoft Word that can harm your computer by opening Word Documents. It should go without saying, but do not open any Word documents from anyone you do not know. If you are not expecting one from someone you do know, it is a good idea to ask if they sent it. They may not have really sent it, but gotten infected themselves. The trojan sent it to everyone in their address book after it infected your friends computer.

Symantic, makers of Norton Antivirus, call this new threat Backdoor.Ginwui in their description of this trojan. F-Secure, NOD32, and other antivirus companies call it something similar, but Ginwui will be in the name.

From the Symantic details, the following files are created by this trojan.

  • Windows\Winguis.dll
  • Windows\drivers\IsPubDRV.sys
  • Windows\drivers\RVdPort.sys
  • Windows\drivers\DetPort.sys
This trojan will gather system information from your computer, take screenshots of your desktop, randomly restart your computer, connect to a remote web site to send your info to, and many other nasty actions.

Right now, this is considered a zero day exploit. That means until Microsoft fixes Windows, you can get infected even if you are up to date with patches. Having a good antivirus like Norton, F-Secure, or NOD32 can help protect your system for now.

More on Poker Rootkit, With Screenshots

I posted about RBCalc.exe yesterday and how it can steal your online poker winnings. There is some more information on the F-Secure blog about it along with some screen shots. In addition to partpoker.com and Empirepoker.com, there are many other sites affected as well.

PartyGaming.exe
mppoker.exe
poker.exe
gameclient.exe
ultimatebet.exe
absolutepoker.exe
mainclient.exe
pokerstars.exe
pokerstarsupdate.exe
partypoker.exe
fulltiltpoker.exe
pokernow.exe
multipoker.exe
empirepoker.exe
eurobetpoker.exe

F-Secure detects this trojan as Backdoor.Win32.Small.la although other security programs may call it something else.

Saturday, May 20, 2006

Poker Tool Turns You Into a Loser

An online tool billed as able to calculate the amount of money taken by poker sites is actually malware designed to steal online poker players' login details.

If you have downloaded a tool called rakeback calculator, then you have likely allowed someone a way to steal your online poker winnings. It has the file name RBCalc.exe and was available from Checkraised.com. The malware file has since been removed. If you have downloaded it or another program to "help" you calculate the amount of money you've taken by poker sites, then it would be wise to change the password you use on those sites. The RBCalc.exe trojan can steal your info from sites like Partypoker.com and Empirepoker.com .

More at Vnunet.com

Friday, May 19, 2006

Ewido Antimalware Update #1874

Current database: #1874
Date of Update: May 19th, 2006
Known threats in database: 329,960

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Spybot Search and Destroy Updated Spyware Definitions

Spybot Search and Destroy has an update today, May 2nd,2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:

Dialer
TIBS, Baciami, CoolWWWSearch.Feat2Installer, CoolWWWSearch.Service, CoolWWWSearch.Feat2DLL

Malware
Vcodec.eMedia, MITBand, SpywareSheriff

Trojan
FServices, Kazaa.Irc.DarkIrc11.LiteStalky (7), Win32.Dialer.jw, Win32.Lmir.atp, SpyBanker, SpywareScraper, Small.AID, Medbot, SpywareSheriff.FakeAlert

Total: 322104 fingerprints in 40909 rules for 1946 products.

Thursday, May 18, 2006

Sunbelt CounterSpy Update 340

CounterSpy 1.5 latest update definition is 340

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database
Too many to list here

Threats that have been updated
Too many to list here

This update has a massive amount of updates. Everything from spyware and keyloggers to dialers and trojans are in this update.

Spyware Doctor 3.0472

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0472 0
Intelli-Signatures: 61,789

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0470 0 - PCAgent Keylogger, Trojan.Clicker.VB.LB, Trojan.Downloader.Agent.AIF, Trojan.Downloader.Small.AHF, Trojan.Dropper.VB.MN, Trojan.Polymorph
3.0471 0 - Backdoor.Rbot.C, Trojan.Downloader.Agent.AKG, Trojan.Downloader.Small.CGU, Trojan.Mytob.QG, Yazzle Snowball Wars
3.0472 0 - Adware.Defender, Navihelper, Trojan.Dialer.A, Trojan.Downloader.Small.CDY, Trojan.EmailSpy, Trojan.Spy.Keylogger.BF, Worm.Kelvir.BG

Extended Intelli-Signatures:
3.0470 0 - 2Search, 7AdPower, Adroar, Advanced Keylogger, AproposMedia, CoolOnlineOffers, CWS, Cydoor, E2.Give, EasySearch, ISTbar, Known Bad Sites, LinkMaker Hijacker, MediaMotor, PurityScan, SpyAxe, Trojan.Agent.FG, Trojan.Desktopscam, Trojan.Downloader.Small.CAM, Trojan.Killav.FV, Trojan.Proxy.Bobax, Trojan.Proxy.Small.BT, Trojan.PWSteal.Bancos, Zeno Search Assistant
3.0471 0 - 180search Assistant, Adservice Scanner, AdUrl, Advanced Keylogger, Adware.Henbang, Adware.Voghp, Alibabar, Backdoor.Hackdoor, Bestoffers, Dialer.U, EliteBar, ErrorSafeFree, ezSearching, HotBar, Huntbar, Maxifiles, Mirar, PurityScan, SearchForIt Toolbar, Slagent, SurfSideKick, Trojan.Clicker.BHO, Trojan.Dialer.OY, Trojan.Downloader.Harnig.BD, Trojan.Downloader.Small.ATL, Trojan.Downloader.Small.CKT, Trojan.Downloader.Small.CML, Trojan.Downloader.Small.CRD, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Small.AEK, Trojan.FakeAlert, Trojan.HacDef, Trojan.PSW.Agent.FV, Trojan.PWS.Tanspy, VX2.Look2Me, Webhancer, WinFixer
3.0472 0 - 180ad Solution, Advanced Keylogger, Anti-Phishing, Ardamax Keylogger, Backdoor.Hupigon.MX, Bargain Buddy, ClkOptimizer, Common Components for About Blank, CWS.Home Search Assistant, CWS.Search For, CWS.SmartKiller, CWS, DateManager, Desktop Hijacker, Dollarrevenue, EliteBar, Family Keylogger, IE Driver, Instant Access, Known Bad Sites, Possible Website Hijack, Rootkit.Order, RXToolbar, SearchForIt Toolbar, StoragePass Viewer, TIBS Premium Rate Dialer, Trojan.Agent.FG, Trojan.Clagger.H, Trojan.Clicker.Small.HW, Trojan.Downloader.Delf.MM, Trojan.Downloader.Harnig, Trojan.Downloader.IN, Trojan.Downloader.Small.AVT, Trojan.Downloader.Small.CKQ, Trojan.Horst, Trojan.Kapod, Trojan.Qhosts, Trojan.StartPage.GEN, Trojan.VisAgent, VX2.Look2Me, WebDialer, WebRebates, WebSearch Toolbar, Yazzle Sudoku

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Spy Sweeper Update #680

Spy Sweeper latest update.

Spyware definition: version 680

Updated May 18th, 2006
Protection against 137,581 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 137,581 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Ewido Antimalware Update 1872

Current database: #1872
Date of Update: May 18th, 2006
Known threats in database: 329,566

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Wednesday, May 17, 2006

CounterSpy Update #338

CounterSpy 1.5 latest update definition is 338

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Threats that have been updated

AcidBattery
AcidShivers
Acid Trojan Horse
Activity Monitor
Advanced Stealth Email Redirector
AIMaster
Alvgus Trojan 2000
Amitis
AntiAureateSpy
AntiLamer Backdoor
AntiLamer Light
Anubis
Arturik
Asylum R.A.T.
Aureate Group Mail
Avoid
Backage
Delf.eq
Delf.gb
Net-Devil
Ptakks
Y3K
Backstabb Lite
Back Attack
Back Streets
BadLuck Reloaded
Barrio Trojan
BWG.gen.Batch
BWG.Kit.Batch
BearShare
Better Email Enable Everything
BioHazard
BLA
Black Angel
BlueAngel
Bluefire
Back Orafice Client
Bomb
Bowl
Breach
Bt.ow/btg
ClicknShow
Click Me
ClipGenie
CMJSpy
Codename Alvin
Cold Fusion
Conducent
Control it
CoolCat
Cool Remote Control
Copy Cursor
CQMA
Crazy Num Caps Scroll
CSJami Minicom
Cursor Fun
CoolWebSearch
CyberSpy
Cyrex msn trojan
Delfin.Media Viewer
Diablo Keys
Dirty Mouse
DKS
DKS KeySpy
Doly
Dope Wars
DownHoax
DRaT
Popup Prank
DuckToy
Dummy Lock 2.0
AvenueMedia.InternetOptimizer
Data Interception by Remote Transmission
FakeMailer2
Fake Back Orifice 0.41
Fake Delete
Fake Format
Fake Shutdown
Fake Studio '99
Family KeyLogger
Farsighter
Fast Internet Utility
Fearless Downloader
Fearless Lite
Fearless Web Downloader
FeRAT
Fictional Daemon
File Protector 1.60b
Firekiller 2000
Flasher
Flip It
Floppy Madness
Follow Me
Fun Factory
Fuck Lamers Backdoor
GSpot Bot
Gaban Bus
Claria.GAIN.CommonElements
Grokster
Nutbus
PasswordTool
HeadAche
Hellz Addiction
Help Virus/Worm 1.00
Trojan.PWS.Hooker
Host Control
Hotbar
IBIS.WebSearch Toolbar
Igloo
IK 97 1.2s
Institution
Internet Remote Control
Internet Spy
Intruzzo
Invisible Activity Spy
Actmon PC & Internet Monitoring
IRCrack 0.9
Logol2
Lohoboyshik
M2 trojan
Magic PS Yahoo! Messenger
MagicLink Backdoor
Masters Paradise
MC R-Desktop
Metal Trojan
Modem Monitor Trojan
MSN BigBot
MSN Cookie Trojan
180solutions.NCase
Neoturk
NetAmine
NetBus Offline Hunter Server
NetControle
NetCrack
Netrunner
NetTrash
NetVizor
Net Antrax
Net Devil
NeuroticKat
NewDotNet
NTRootKit
One of The last Trojans
Back Orifice
Open/Close CD
Optix
PasswordSpy
Password Prank
PC Activity Monitor
PC Remote Control
PeopleOnPage
Perfect Keylogger
Phantom of the Keyboard II
Phase Zero
Pirated Software
Power Key Logger
Printer Spitter .9
Print Me
ProBot
Projectx 2.0b
Project Next
ProRAT
Prosiak
Coced
PWS-Gao
QXRay b2
R0XR4T
Radlight
Random Burper
Random Wallpaper Changer
RapidBlaster
RedGhost 2.0
PWS-RedZone
Remote Home
RemoteNC
Remote Administrator
Remote Anything
Remote HAVOC
Remote Operations
Remote Task Manager
Reverse Trojan
Rotate
Runme2 Trojan
SAdoor
SatanzCrew Notifier
WhenU.Save
Screen Screw
Second Sight
Secret Agent
SEQRAT
Shakedown
Sigatarius Spy
Silent Spy
Skull DeBurrower
SmallBigBrother
Snowdoor
SpyAgent
SpyAnywhere
SpyCapture
SpyPC
Spy System 2.3
Stealth Recorder
StealthWatcher 2000
Stealth Email Redirector
SubSeven
Super Stealth Key Capturer
Syphillis
System33r Stealth Downloader
SystemMD
Zdemon
Y2K Joke
XLog
XtraAccess
VBS Encrypter .001
CommonSearch VCatch
Virtual Bouncer
Ulysses
Undetected
UpFucker Backdoor
URL 2 DWORD
T0rn Worm
TeleCommando
The Bommer
The Finger
TightVNC
Timbuktu Pro
Time Traveler
Titidoor Trojan
TLPilon
Tong Key Logger
Total Control
Tourniquet
Generic
TrojanMan 1.5
Looper.Batch
Winuck.Batch
Trojan Cow
Shater
CashDialer
Watch Right
Way
webHancer
Win-Spy
Virus.Aris
WinControl
WinCrash
Windows.Keylogger
WinEggDrop Online Keylogger
Winny
WinRat
Winvestigator
Wpkr10
TopRebates.WebRebates
iSearch.Toolbar
AceSpy
Real Spy Monitor
Chat Watch
EmailObserver
Desktop Spy Agent
ProjectLeviathan
Personal Inspector
The TIc.K 4.0
Idonate
GurlWatcher
Auto.Keylogger
YSKKeyLogger
PC Police
Actions Monitor
KoloSoft SE
Stealth Web Page Recorder v. 1.1
123 PC Spy
Advanced Email Monitoring
KeyLover 2.1
Advanced Office Password Breaker
PAL KeyLog Pro
NetScope
Wintective KeyLogger
CommView
Axife Mouse Recorder
Advanced NT Security Explorer
Track4Win
Find Password Protected Documents v3.0.192
Secret Explorer v6.0
MailPassword v3.5
eSpyNow 2.0
iOpus STARR
AM Remote Client 1.1
ScreenVirtuoso Pro 1.53
KeyCaptor Keylogger 1.0
Ajan 1.0
AOLTrojan
GateCrasher 1.1
PolyServer
The PC Detective
AntiVirus Gold
Freeprod Toolbar
SearchNugget.DNSCatcher
Bube
Anquiro Toolbar
SpySheriff
SearchNugget
PSGuard
SystemSoap Pro
GralicWrap
Marsfind.PopupBlockade
Zango.Shuffleboard
Zango.LibraryOfTheAges
Zango.JadeShadow
Zango.WindWords
Cram Toolbar
AdwareDelete
Backdoor 2.02
BackSocket v5.0
ICQ Trogen
Skull Burrow
Happy 99
IamBigBrother
Delfin.Media Viewer 2.11
Prayer v1.2
SennaSpy Trojan Generator 3.01
DialupRipper
Zango.DavidvsGoliath
HackTrack
AFX Windows Rootkit 2003
TrojanNotifier.Win32.EES.a
WinFixer
ActiveShopper.DealBar
FatPickle Toolbar
WorldAntiSpy
Illusion v1.0
ErrorSafe
Darkmoon
SearchRover.Toolbar
MyVideoDaily
SpyAxe
Acez.SiteError
007Spy.Keylogger
SpywareStrike
Yazzle Sudoku
Kidda Toolbar
Advanced Keylogger
Toolbar.Protezione
Eltima.AdvancedKeylogger
RiverBelleCasino
RiverBellePoker
BraveSentry
Haxdoor.Fam
CoolWebSearch.info

Ad Aware SE1R108 17.05.2006

Lavasoft Ad Aware has a new definition released today, SE1R108 17.05.2006

Here's what has been added to Ad Aware's spyware, adware, and trojan database.

New Definitions:
========================
Adware.Adhelper +20
Backdoor.HackDefender +2
SpywareSheriff +4

Updated Definitions:
========================
180Solutions +16
AB System Spy +3
ActivShopper +3
AdBlaster +6
Ad-Popper
Adware.Admess +2
Adware.Alibaba
Adware.DollarRevenue
Adware.Look2Me +13
Adware.P2PNetworking
Adware.Yazzle
AdwareSheriff +3
Alexa +4
BargainBuddy +3
ClickSpring
CnsMin
DailyToolbar
Dialer
Ezula +20
I-LookUp
Lop +53
Malware.Azesearch
Malware.SpyGuard
Netword Agent +5
PurityScan
SahAgent
SpyFalcon
SpyFighter +2
Spyware.E2Give +7
SpywareNo +3
SpywareQuake
Starware Toolbar
Win32.Trojan.Agent
Win32.Trojan.ComputerHijacker +2
Win32.Trojan.Delf +3
Win32.Trojan.Downloader +22
Win32.Trojan.KillAV
Win32.TrojanClicker +3
Win32.TrojanDownloader.Delf +2
Win32.TrojanDownloader.Swizzor.bo +2
Win32.Trojandownloader.Zlob
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Small +2
WinFavorites +3
Winfixer
Virtumonde +30
VX2
Zango +7

Ad Aware can be downloaded at Lavasoft's web page

Tuesday, May 16, 2006

Spy Sweeper Update 678

Spy Sweeper latest update.

Spyware definition: version 678

Updated May 15th, 2006
Protection against 137,204 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 137,204 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spyware Doctor 3.0469

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0469 0
Intelli-Signatures: 61,386

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0468 0 - Backdoor.SpyBoter.BY, Backdoor.Warin, One Toolbar
3.0469 0 - Backdoor.Darkmoon, Backdoor.Litmus.D, Trojan.Crypt.K

Extended Intelli-Signatures:

3.0468 0 - 180search Assistant, Ardamax Keylogger, Backdoor.Agent.PX, Backdoor.Beastdoor, Backdoor.Hackdoor, Backdoor.Hupigon.GT, ClkOptimizer, CWS.AnalyzeIE, CWS, DialerPlatform, EliteBar, Email.Worm.Bagle, ILookup.Begin2Search, ISTbar, Keylog-sters, Maxifiles, MediaMotor, Possible Website Hijack, PSGuard, PurityScan, SexVideoPro Dialer, SpyFalcon, TIBS Premium Rate Dialer, Trojan.Adclicker, Trojan.Downloader.Delf.KS, Trojan.Downloader.Harnig, Trojan.Downloader.Ruins, Trojan.Downloader.Small.BYM, Trojan.Downloader.Small.CSN, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.HL, Trojan.Dropper.Small.AEK, Trojan.Goldun, Trojan.Popuper, Trojan.Spy.Delf.MQ, Virtumonde, Webhancer
3.0469 0 - 180search Assistant, Alibabar, AproposMedia, Backdoor.Beastdoor, Backdoor.mIRC, Backdoor.Rbot.Gen, Backdoor.Virkel, Bargain Buddy, ClkOptimizer, CnsMin, Common Components for Trojans, Common Components for WinSoftware, Dialer.BT.d, Exploit.WMF, ILookup.Begin2Search, Known Bad Sites, Mediaback, MediaGateway, Pearl Echo, PurityScan, Rootkit.Order, Seekmo Search Assistant, SpyFalcon, Surf Speak, Trojan.Adclicker, Trojan.AVKillers, Trojan.Clicker.VB, Trojan.Crypt.I, Trojan.Downloader.ConHook, Trojan.Downloader.Femad, Trojan.Downloader.Harnig.BD, Trojan.Downloader.Small.ATL, Trojan.Downloader.Small.CRD, Trojan.Downloader.Zlob.GEN, Trojan.LdPinch, Virtumonde, WinFixer, Yazzle Sudoku

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Sunday, May 14, 2006

Rogue Antispyware Latest Additions

The Rogue/Suspect Antispyware page has been updated with 4 new antispyware products so far in May. The rogue page is a list of antispyware programs tested to see if the spyware, adware, or malware they find can be trusted. There are many programs that claim to find of remove spyware from your computer, but in reality are not worth buying or using even if they are free. Some like SpyFalcon are just outright fraud. Other programs are listed because the detection results are not reliable and can list items that are not actually bad. Another way that a program can be listed is by the advertising that is done to promote the product. Advertising through spam or other undesirable ways can also get a program listed. The most common way is by using a name that is similar to a well known product like Spybot Search & Destroy or Ad Aware.

The best advice is to avoid any of the products that are currently listed. They are not worth the money that they want to provide a fully functional program that will remove spyware found. In some cases, the product might remove files from your copy of Windows that should not be removed. In a few cases, you might get more spyware or trojans on your computer just by installing one of them.

Most recent additions: SpywareBot (5-14-06), SpyOnThis (5-7-06), Spyware Sheriff (5-7-06), Spyware Scrapper (5-7-06), Spyware Soft Stop (4-17-06), Ultimate-Spyware Adware Remover (4-17-06), InternetShield (4-12-06), X-Con Spyware Destroyer (4-2-06); 100 Pct.Anti-Spyware (3-31-06), Froggie Scan (3-29-06), Spyware Quake (3-25-06), BestGuardPlatinum (3-19-06), SpywareXP (3-18-06), Spyware Disinfector (3-10-06), SpyCut (3-10-06), PestWiper (3-10-06), MalwareScanner (3-10-06), Brave Sentry (3-9-06), Spy-Shield (3-6-06)

For a list of recommended products, see the Trustworthy Antispyware Products section on the Rogue page.

Ewido Antimalware Updated

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Current database: #1843
Date of Update: May 14th, 2006
Known threats in database: 326,590

Saturday, May 13, 2006

Mother's Day Spam

Moms will receive millions of greeting cards this weekend, but husbands, sons and daughters who send an electronic card should use a trusted source or they may see their own e-mailboxes jammed with spam. Mother's Day is the third largest card-sending occasion behind Christmas and Valentine's Day, with about 150 million paper cards sold each year, according to the Greeting Card Association in Washington.

According to McAfee SiteAdvisor, a unit of antivirus company McAfee Inc., at least 10 sites that offer greeting cards, silly poems or other light-hearted material can flood the sender's inbox with spam. SiteAdvisor created a list of ten eCard sites to avoid based on testing the site. At the least, your inbox will be filled with lots of spam by signing up at any of the following sites. In some cases, adware or spyware was installed on the computer. The following sites are not recommended:

  1. 2000greetings.com
  2. fun-e-cards.com
  3. freewebcards.com
  4. funsilly.com
  5. funnyreign.com
  6. fukkad.com
  7. celebwelove.com
  8. eforu.com
  9. ecard4all.com
  10. myfuncards.com
More details on these sites can be found at the SiteAdvisor blog.

There are also sites that have been tested and are safe to use.
  1. AmericanGreetings.com
  2. Hallmark.com
  3. 123greetings.com
  4. WorldWildlife.org
Have a great Mothers day!

Sunbelt Counterspy Update 337

CounterSpy 1.5 latest update definition is 337

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

This is another latge update. I have edited out some of the lesser known threats or ones that are similar to ones already listed.

New Threats Added to Database

Godwill1.06, Doly17se, Hack'a'Tack, AM Remote Client 1.1, Ajan 1.0, AOLTrojan, GateCrasher 1.1, Imagekrew, DRATER v1.0, T.H.U Zer0-Tolerance v1.9, Insider- Win32 Reverse Backdoor v 2.3.1, PolyServer, Insaim v2.0, Kryptonic Ghost 1.5, Thief v2.0, SAMB, SubSevencrk, Back Orifice Pinger, Silk Rope 2000, Admin Trojan, Executer2, Munga Bunga HTTP Brute Force, Trojan.Tooso, Rocket v1.0, Backdoor 2.02, SetupTrojan, BackSocket v5.0, ICQ Trogen, Noknok 7.2, Portal of Doom 3.0, SubSeven 2.2, A-Trojan 2.0, Barok Ver2.1, 97mm v.3.22 beta, Bandook, Z-Demon 1.26, Skull Burrow, Mini Oblivion, Whomp, Hacker v2, Black Angel 1.3, GregStar Trojan, Acebot, Roach1.0, Sars Notifier, Specrem 6.2, Ullysse, DSK Light, Erazer Lite, Rtb6661.6, LANfiltrator v1.1, Kaotan v2.0, Bobo v 1.0, Fuitcake v0.93, Infector 2.0, BackDoor 2.01, Turkojan, GateCrasher v.1.2, GG Control Tool v.1.2, Gift 2.1.1, Hatred Fiend 1.3, FeRal Bot v 1.1, R.A.S. 2002 1.0, NetShadow PublicBeta 1, Reversable, ToxiBackDoor V1.00, Up & Run Client, Exception v1.0, Fatal Network Error, FTH2004, Ai Trojan v4.0, Sockets v 2.5, Cabronator 3 Kill Beta, Blackcobra Uploader Beta 1.0, Fusion PublicBeta, control-trojan, NuclearUploader, Pack Abacab, Noob 3.01, Kliente KoKo 1.0, Psycho's NightMare, HDFill, Dripper v2.0, Isoaq v0.70, Strike Backdoor, AntiMks0.1, Wspomagacz, Ccobra v 1.1, Slawek Trojan, Zdziubus 0.1, Aresinvader 1.3, Lan Spy 1.0, cccp v 1.0, Hacktrack 2.1, Nishica, RMF-FM, Hacktrack 2.2, Robal v1.0, XHX v.1.74, Backdoor 1.X, 51d1b Trojan, Rufous Trojan, HackTrack 2.0 beta, Troya 1.3, ZXshell 2.0, DarkStorm 1.20, Gadu Ghost Trojan, lame Killer, Antylamus 0.2, AFX Windows Rootkit 2003, PaSzCzuS, Attacker 2.01, Konik 0.7b, Danton 4.2.4, Noesis, NetCar, Tojský kùò 65535 v3, WinEggDrop Shell Eternity 1.5, T-Cmd v1.0 beta, Phantoms Remote File Manager 1.0, Black curse 4.0, HackaTack 1.20, Mailtrojan, WinMX File Sharing Trojan 1.0, Trojan.Downloader.Win32.Hatcher.10.b, TrojanNotifier.Win32.EES.a, urax
Liciaa ++, CyberNetic, Webcam Trojan, Leviathan 1.0, X-Exe Joiner, IrcContact 3.0, FruitCake 0.9.3, Pinch V1.0, Remote Computer Control Center 1.45, Pinch Alpha 1.8, YAT, Kuang2pSender, Multiplicity 1.02, DeltaSource 0.7, NastyXP v 1.1 beta2, trojan.pacimedia.sav2, Retail_10, Penumbra, Web Serve CT 2.0, miniRAT v0.50 beta, Beast Reloaded v1.1, ProxIce 2.0, Shipo 2.0, Hoohah 1.0, MaCCaHack 1.0, Keyboard Wiretap Device 1.1, Blackhole 2005 Enterprise 0726, M2 trojan 1.4, EliteWrap 1.04, Mind Control 5.0, Czesia, FireFly, Trojan.Startup.NameShifter.IY, BlackIsDefeated 3.3, Transistor v1.1, Exercises statesmanship 1.0, Super Cheats 1.0, School Pledge Cold, Ash pigeon MiNi, Michal 5.0, The long-distance network maintains 5.0, The Trojan 2.0, Big Monster 1.0, Protg, T@sk-ER 1.0, Wlamywacz 0.80, Wredzioch Scorp, Hackers door v 1.1, X-rat 3.3, MyTrj, B-S Spy 1.9.1, XZ Trojan, Behzad Ps v1.8, Snake Trojan 1.0, Smart-PSv1.3, D.I.R.T 2.1, Nice Trojan 2.0, Ghost Spy 5.2, Backdoor.DonaldDick.1.55, Black Window1.0, HackTrack 2.1 beta2, Net Star v1.0, One 0.12beta, HamTaro the Trojan, Spirited v 2.0, Backdoor.3Gie, WinFire 1.2 Release 1.0.0.1, MyTrj v0.6, NinjaSpy Trojan, NinjaSpy Trojan Fix, VatosAjan Pro, CAB OF FILTH v1.2f, Backdoor Killer 1.1, NetThief, Clandestine v1.5.2, Task-X, Trojan Netclap, Netcly v1.0, Netrunner v2.5, Satanz BackDoor v1.0, Darkmoon, Mystic Trojan, Turkojan v 2.0, Net Metropolitan v1.04, Shark_hack, Force 1.60, Absturz 1.0, Absturz 2.0, MSN Dakait v1.0, F-BACKDooR 0.8, Khurak v1.0, Tronator v2.0, Bithood, Blackhole ttitan, KillikTrojan, Startup.NameShifter.OC, Skull v1.0, Evil Net, SuperBot Trojan 1.0, FAkEdOs v2.0, Helios v4.10-LE, mad max server, Rainb0w Trojan, KaKaRoTo, Overload v1.0 Beta, TurkSpy v1.8 Beta, KaMeL-CoNTRoL v1.0 BETA, MiniMO, Mystic Blader 1.0, Agent40421, parta v1.1, A-311 Death, MSN PassSender, Fake Client v0.2.5, Xinch 1.11, WinterLove v2.1, Proxy Trojan v1.0, WinROOT, HermanAgent 1.0, CD Key Harvester 2005 v0.6, Last Door v1.0, Toxic-cv, Kurtagent v1.0 Public Editon, M2 trojan 2.0a, WinFire v1.1 Beta, Recon 1.99, RaZoR Public Editon, CrazzyNet v5.2 Full, Fearless Trojan 1.5, Luzak v1.0, Tian Troj GG 0.2, Holzpferd 2.5, TelnetPro v1.0, Sanya 1.0, Keyboard Wiretap device 1.3, NetShadow 1.2, GunnSpy v0.52, Equilibrium 1.0, AntiLamer Backdoor 1.3, FrEaK v1.00, Gip 1.131, CAB OF FILTH (Portugese) v1.2g, Jodeitor, Nuclear RAT v1.0 Beta 7d, Netsys , NetWindow v1.13, New B v1.0.2 beta 3, WinROOT v1.40a, QQPass.H, Destruction Designs v1.3.0.3 Beta, Remote Shell v1.2, Netzeek v1.0, Gift 2.4, Redf1sh Trojan 1.0, Deception 4, WinterLove v2.1 Diy, Remote Dark Trojan 1.0, Ccobra v 1.0, Win32/Dnschanger.D, Win32/Dnschanger.E, Win32/Small.RW,
Trojan.Proxy.835, Murlo.a, Trojan-Downloader.Win32.Small.chk, SpamTool.Win32.Agent.h,
Ipwins

Threats that have been updated

SpyFalcon, Active Key Logger, Activity Monitor, Akosch Keylogger, CommonName, DotComToolbar, DownloadWare, e-Surveiller, eBlaster, eZula.TopText, Family KeyLogger, Farsighter, Fearless Key Spy, Ghost Keylogger, Hotbar, Invisible Keylogger, i-SpyNow, Modem Spy, MSN Kamuflao, NetSpy KeyLogger, NetVizor, NewDotNet, PC Spy, Surf Spy, System Spy, XPCSpy Pro, Virtual Bouncer, WebMail Spy, Win-Spy, Windows Keylogger, Ardamax Keylogger, PCspy, Zango.SearchAssistant, AproposMedia, Backdoor.Win32.Rbot.gen, Zoombar, IEHost, FKWP 1.5, AVKillah, Blue Eye IRC Bot V 2.0, FKWP 2.0, Spy Lantern Keylogger, PC Police, Email Spy, PAL Computer Surveillance, Elfrah PCSpy v1.40, I-Spy 1.5, Spyster 1.0.19, MSNRaptor v1.0.1, Trojan-Spy.Win32.Banker.ark, BraveSentry, Haxdoor.Fam, Backdoor.Win32.SdBot.xd, Surf Spy, XPCSpy Pro 2.21, Super WinSpy 3.02, Spytector 1.2.5, e-Surveiller 1.6, SpyBuddy 3.5, Spy Keylogger 1.31, Save Keys 6.0 - Gold Edition, TeeJayEm KeySpy 2.0fix

Sitemeter