Tuesday, September 26, 2006

Spyware Doctor 3.0567 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0567 0
Intelli-Signatures: 71,240

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0567 0 - Backdoor.Antilam.GEN, Trojan.Clicker.Aditer, Worm.Womble

3.0566 0 - Trojan.PSW.QQDragon

3.0565 1 - Backdoor.Augodor.GEN, Drive Cleaner, Popupwithcast, Worm.Licat

Extended Intelli-Signatures:

3.0567 0 - Backdoor.Delf.EE, Backdoor.Tilebot.AF, Mirar, Regifast, SpyAxe, Trojan.Banker, Trojan.Downloader.Small.CML, Trojan.Dropper.Small.AEK, Trojan.FavAdd.AE, Trojan.Popuper, Trojan.PSW.Hangame, Trojan.PWSteal.Lineage, YourEnhancement

3.0566 0 - Advertising, Backdoor.Tilebot.AF, Block-Checker, CasinoClient, Drive Cleaner, EliteBar, Known Bad Sites, PurityScan, Trojan.Busky, Trojan.Dialer.BY, Trojan.Goldun, Trojan.Proxy.Small.BO, YourEnhancement

3.0565 1 - Backdoor.Assasin, HideWindows, Known Bad Sites, Mirar, SpyAxe, Trojan.Downloader.Agent.XQ, Trojan.Downloader.Zlob.PJ, Trojan.PSW.QQRob.U, VX2.Look2Me

Tool Update releases:

Popup Blocker 3.6.0.2083

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Urgent Update For Windows Now Available

Microsoft has a patch or fix for a critical problem in the way Windows handles the so called VML Exploit. Without getting this patch, spyware, trojans, and viruses can be automatically installed on your computer from web pages and spam emails. The update is small and does not need to restart your computer to take effect. I strongly recommend everyone go to Windows Update now to get this patch. Normally, Microsoft only releases patches on the second Tuesday of the month. By releasing this fix early, this shows how serious this problem is.

The VML Exploit ( for Vector Markup Language) is described briefly in the update:

Typical download size: 250 KB , less than 1 minute
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Keeping your computer up to date is important, but this update is really important. Here is a rather technical explanation of what the VML Exploit is and what it does. An example of what you might get in a spam email that uses this exploit from the Sunbelt Blog.

Monday, September 25, 2006

IE7 is immune to VML exploit

First of all.. what is the VML exploit?

First discovered by Sunbelt, the VML exploit allows a malicious website to install software without your knowledge or permission. The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode. Microsoft has been informed and we are hoping for a patch to be released in the October security update release.

Until then, the only way to protect your self from this exploit is to unregister the VML.dll or upgrade to IE7

Yes you did read correctly, IE7 is immune to this vulnerability. Fellow MVP, Sandi Hardmeier has written about this in her blog Spyware Sucks, not only are there some great screen shots but also links to further information.

If you are unable or unwilling to upgrade to IE7 then Bleeping Computer have recently posted an excellent tutorial on how to disable and unregister this dll.

Update:

Microsoft have released a security update today to address this issue..

Security Update for Windows XP (KB925486)
Date last published: 9/26/2006
Typical download size: 250 KB
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.


Saturday, September 23, 2006

Sunbelt Counterspy Update 414

CounterSpy 1.5 latest update definition is 414

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

BadJoke.Win32.Delf.ak, BadJoke.Win32.Finger.b, Exploit.Levem.C, Trojan-Downloader.Win32.Zlob.akl, Trojan-Downloader.Win32.Zlob.akm, Trojan-Downloader.Win32.Agent.awy, Trojan-PSW.Win32.WOW.io, Trojan-Spy.Win32.Dolan, Zenotecnico.Think-Adz, SGOOPE, Trojan-Proxy.Win32.Lager.di, Trojan.PWStealer.09ED7DF4, Trojan.BE!dld.03CB7D33, Backdoor.Irc.Sdbot.EG, Backdoor.Hackarmy.AA, Trojan.PWStealer.B3E81E21, Backdoor.HackDef.Gen, Backdoor.Hupigon.CAF, Trojan.Banker.Delf.745CEDCB, Trojan-Downloader.Zlob.0CFA45AB, Trojan-Downloader.Dowdec.B

Threats that have been updated

VirusBurst, Backdoor.Ciadoor, IST.ISTbar, Look2Me, ClickSpring.PuritySCAN, SC-KeyLog, Trojan.StartPage, Backdoor.Win32.Rbot.gen, WindUpdates.WinTaskAd, SearchWords.Toolbar, Clickspring, HalfLemon, KGB Keylogger, Zango.Toolbar, DropSpam, FakeAlert, P2P-Worm.Win32.SpyBot.gl, Trojan-Proxy.Win32.Lager, Backdoor.Win32.IRCBot.qc, Infostealer.Banpaes, Backdoor.Graybird, Infostealer, Backdoor.Trojan, W32.HLLW.Gaobot, Hacktool.Rootkit, Trojan.Alemod, Backdoor.Graybird.K, Backdoor.Formador, Infostealer.QQRob.A, Infostealer.Lineage, W32.Beagle.X@mm, Trojan.Flush.A, W32.SillyFDC, W32.Looked.I, Trojan-Spy.Win32.Ardamax.b, Trojan-Downloader.JS.Psyme.br, Trojan-Proxy.Win32.Delf.t, Infostealer.JiangHu, Trojan.Popper, W32.Looked.P, Trojan-Downloader.Win32.Adload.cz, Rootkit.Win32.Agent.cf, Dialer.TrafficAdvance, Spyware.Ardakey, Backdoor.Win32.Hupigon.buw, Trojan-Downloader.Win32.Zlob.yt, Trojan-Dropper.VBS.GoboTools, Trojan-Spy.Win32.Banker.bgw, Trojan-Dropper.Win32.VB.mg, Backdoor.HackDefender, Trojan-Downloader.BAT.Ftp.cn, Trojan-Spy.Win32.Banker.buv, Trojan-Dropper.Win32.Pakes, Trojan-Downloader.Win32.Small.dnv, Email-Worm.Win32.Mydoom.m.log, Backdoor.Win32.Rbot.be, Trojan.Wimad, Backdoor.Win32.Iroffer.13b11, Trojan.BAT.KillFiles.eg, W32.Stration.A@mm, Trojan.Remote Desktop, WUPC (Web is Under Parental Control), Backdoor.Win32.Cakl.a, Trojan-Dropper.Win32.Small.apg, Trojan-PSW.Win32.QQPass.hb, Trojan-PSW.Win32.PdPinch.gen, Trojan-Spy.Win32.Spav, Backdoor.Win32.Hupigon.bzn, Trojan-PSW.Win32.QQPass.kx, Trojan-Downloader.Win32.Agent.aut, Trojan.Win32.DNSChanger.en, Backdoor.Sdbot.AU, Trojan.Schoeberl.D, Trojan-Downloader.Win32.Small.dtq, Trojan-Downloader.Win32.Tibs.ic, Email-Worm.Win32.Warezov.aa, Trojan-Spy.Win32.Banker.bzf, Backdoor.Win32.IRCBot.vj, Trojan-Spy.Win32.Banker.bxm, Trojan-Clicker.Win32.Agent.hz, Trojan-Downloader.Win32.Zlob.ail, Trojan-Downloader.Win32.Delf.avu, Trojan-Downloader.Win32.Zlob.aja, Dialer.iDialer, Backdoor.Win32.Hupigon, Trojan-Downloader.Win32.Zlob.ajk, Hotbar, Hyperlinker/LinkMaker, Perfect Keylogger, Trojan-Downloader.Psyme, Slagent/Navipromo, Unclassified.Trojan.G, Deskwizz/ZQuest, VX2.Buddy, Trojan-Downloader.Qoologic, Zenotecnico, WinAntiSpyware, Yazzle Sudoku, C2.Lop.dldr, PigSearch, SpamTool.Win32.Agent.h, Trojan.Win32.Dialer.hz, Trojan-Spy.Win32.Banker.bdn, Trojan Horse, W32.IRCBot, Backdoor.Bifrose, Infostealer.Wowcraft, W32.Feebs, W32.Linkbot, Trojan.Dermon.A, VBS.Inor, Adware.Zhong, Backdoor.IRC.Flood, Bat.Delsys.Trojan, Trojan-PSW.Win32.WOW.da, Trojan-Spy.Win32.Banbra.gl, Backdoor.Subot, Backdoor.Win32.SdBot.aad, Backdoor.Win32.Aimbot.ae, Backdoor.Win32.SdBot.gen, Trojan.Ducky.B, Bloodhound.Exploit.64, DialupPwd, W32.Randex.GEL, Trojan-Downloader.Win32.Zlob.afq, Backdoor.Win32.FireFly.i, Trojan-Downloader.Win32.Zlob.afr, Trojan.Win32.Qhost.hs, Trojan-Downloader.Win32.Delf.amn, Trojan-Dropper.Win32.Delf, Trojan-Proxy.Win32.Horst.hl, Ultimate Cleaner, DialXS, Backdoor.SDBot.gen, Zango.SearchAssistant, TargetSaver, Radmin, UniversalSearchToolbar, PurityScan.VirtueScope, DollarRevenue, Ultimate Defender, Advertismen, IRC Trojan, Trojan.Emcodec, W32.HLLW.Antinny.G, Trojan.Gobrena, Dialer.Trojan, Constructor.Win32.MicroJoiner.17, SpamTool.Win32.Gadina.d, Trojan.LinkOptimizer, Trojan-Spy.Win32.Banbra.he, Trojan-Dropper.Multi.Gen, Backdoor.Sdbot, Trojan-Spy.Win32.Banbra.hb, W32.Looked.O, Trojan.Win32.LipGame.ab, Trojan.Emcodec.G, W32.Wargbot, Backdoor.Mulim, Trojan.Logger, Trojan-Downloader.Win32.Zlob.in, Trojan-PSW.Win32.Lineage.ahe, Trojan-Downloader.Win32.Agent.alw, Trojan.Win32.DNSChanger.eq, Trojan.Downloader.Small.DFB, W32.Stration.AC@mm, Netbus, C2.Lop, Mirar, DialerPlatform, W32.Spybot.Worm, Marketscore.RelevantKnowledge, Virtumonde, Trojan.Abwiz, EnergyPlugin, SpySheriff, Desktop Weather, Trojan.LowZones, Maxifiles, DesktopMedia, Goldun.Fam, Haxdoor.Fam, Trojan.KillAV, Henbang, Trojan-Downloader.Zlob.Media-Codec, Trojan-Proxy.Win32.Small.bo, Yazzle.Cowabanga, Trojan-Downloader.Win32.Agent.uj, Trojan.Anserin, Trojan.Adclicker, Backdoor.Prorat, Dialer.Target, Trojan.Zlob, Backdoor.Mosuck, Trojan.Emcodec.B, Trojan.Hachilem, Dialer.Generic, BAT.Trojan, W32.Buchon.A@mm, Backdoor.Win32.Delf.api, Trojan-Spy.Win32.Banker.awa, Trojan-Spy.Win32.Banbra.gf, Adware.Roogoo, Trojan-Dropper.Win32.MultiJoiner.13.h, Trojan.Win32.Dialer.qi, Trojan-Dropper.Win32.Small.apz, Infostealer.Wabber, Trojan.Vxgame.z, Trojan-Downloader.Win32.Delf.acc, W32.Bugbear.B.Dam, Backdoor.Win32.Hupigon.rc, Backdoor.Win32.Small.ls, Trojan-Downloader.Win32.Zlob.aec, Trojan-Downloader.Win32.Zlob.aee, Trojan-Dropper.Win32.Agent.ati, Trojan-Proxy.Win32.Lager.aq, Backdoor.EggDrop, Dropped:Trojan.Spy.Agent.NZ, Trojan-Proxy.Win32.Horst.hr, Trojan-Downloader.Win32.Banload.aon, Trojan-Spy.Win32.Perfloger.w, Backdoor.Evilbot.C, MediaMotor.Popupwithcast, IM-Flooder.Win32.RoomDestroyer, Trojan-PSW.Win32.IcqSmiley.c, Trojan-Downloader.Win32.Banload.bfo, Trojan-Spy.Win32.Delf.ta, Backdoor.Win32.VB.axj, Trojan.Galapoper.A, Backdoor.Win32.Webdor.af, Trojan-Downloader.Win32.Agent.awm, Trojan-Clicker.Win32.VB.dn, Backdoor.Win32.Sbot.10, Trojan.Win32.BHO.e

Spyware Doctor Update 3.0565 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0565 0
Intelli-Signatures: 71,110

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0565 0 - Backdoor.Augodor.GEN, Drive Cleaner, Popupwithcast, Worm.Licat

3.0564 0 - Backdoor.Bancodor.GEN, Trojan.Clicker.VB.FQ

3.0563 0 - Trojan.Busky, VirusBurst

Extended Intelli-Signatures:

3.0565 0 - Backdoor.Assasin, HideWindows, Known Bad Sites, Mirar, SpyAxe, Trojan.Downloader.Agent.XQ, Trojan.Downloader.Zlob.PJ, Trojan.PSW.QQRob.U, VX2.Look2Me

3.0564 0 - Backdoor.Graybird.GEN, Backdoor.LegMir.BZ, Common Components Unrelated, I-Search Desktop Search Toolbar, Maxifiles, MediaTickets, PurityScan, Trojan.Agent.HT, Trojan.Downloader.Agent.AWM, Trojan.Downloader.Banload.M, Trojan.Downloader.Small.CYH, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.MultiJoiner, Trojan.Mailbot, Trojan.Popuper, Trojan.PSW.Hangame, Worm.Spybot, Zeno Search Assistant

3.0563 0 - Backdoor.Berbew.N, Backdoor.Robobot, BookedSpace, Common Components for Trojans, Enbrowser, Maxifiles, PurityScan, TargetSavers, Trojan.Downloader.Zlob.GEN, Trojan.Popuper, Trojan.Proxy.Webber.O

Deleted Intelli-Signatures:

3.0564 0 - WhenU.Search

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Ad Aware SE1R124 19.09.2006

The latest update for Ad Aware is SE1R124 19.09.2006

New Definitions:
========================
Adware.Agent +3
Adware.Baidubar +5
Adware.LetsCool +6
Adware.LoopAd
Adware.MyToolbar +4
Adware.Podcast +5
Adware.Soso +8
Adware.WeirWeb +2
Win32.Hacktool.Craagle
Win32.Trojan.IZD

Updated Definitions:
========================
Adware.180Solutions.SeekmoSearchAssistant +3
Adware.Adhelper
Adware.CasClient +9
Adware.DesktopMedia +9
Adware.MMSAssist
Adware.Sidesearch +2
Dogpile Toolbar +3
Elitum.ElitebarBHO +3
MegaSearch Toolbar
NetPal
RedSwoosh +4
SahAgent +3
Win32.Trojan.Downloader +15
Win32.Trojandownloader.Zlob +5
Win32.Trojan-PSW.Lineage
Winfixer +2
Virtumonde +9
VirusBurst +4
Zango +9
ZSearch +11

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

Spy Sweeper & Ewido Antispyware Latests Updates

Spy Sweeper latest update

Program Version 5.0.7. (Build 1608)
Spyware definition: version 766
Updated September 22nd,2006
Protection against 150,734 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/


Ewido Antispyware

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: September 23rd, 2006
Known threats in database: 440,074

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spybot Search & Destroy For September 22nd

Adware
+ Win32.LinkOptimizer (2)
Keylogger
+ SCKeylogger
Malware
+ Smitfraud-C. + Winsoftware.WinAntiVirusPro2006 + VirtuMonde + AdvancedSearchBar
Spyware
+ 180Solutions.Zango
Trojan
+ Win32.Banload.BHI + Win32.Small.doi + Win32.Agent.AGF + Haxdoor-H + Zlob.iCodecPack + Nous-Tech.UDefender + Zlob.HQCodec + Zlob.XPasswordManager + Win32.Avkiller + AccountMaker + Goldun (2) + MuKill + Win32.Small.asf + Win32.Agent.rk

Total: 321626 fingerprints in 49160 rules for 2248 products.

http://www.safer-networking.org/en/home/index.html

Wednesday, September 20, 2006

Spoof email - Anti virus from Microsoft

I received a disturbing email this evening. It looked, at first glance, like it was from Microsoft.

It was telling me that Microsoft recommended this particular anti virus and that I was to uninstal my resident antivirus and download and install the file that I was linked to.

Well I didn't... why?

Microsoft would never ever ever tell me to uninstall my resident anti virus.

If there was a program that they were releasing or recommending then they would announce it the usual way, through the media and on the official Microsoft sites.. they certainly would not email me personally.

As it turned out, the file that I was being prompted to download was a particularly nasty trojan.

Yes you have guessed it, the email wasn't from Microsoft. The address it came from was spoofed so that it looked like it was from Microsoft.

Please take care when you are going through your emails, if you are unsure about the content of an email then go to the senders website by using the link you have in your favourites or by typing the URL into your browser address bar manually. Don't click on any links in the email.

Remember, the world won't end tomorrow if you don't download this or install that. But your computer will probably be a lot happier! :)

Friday, September 15, 2006

SpywareBlaster Updated September 14th

Updated: Septemebr 14th, 2006
New: 11 Items
Total: 6598 Items

SpywareBlaster is free and available from Javacool's SpywareBlaster page.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

Spyware Doctor 3.0560 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0560 0
Intelli-Signatures: 70,852

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0559 0 - Trojan.Plustlnt

3.0558 0 - Trojan.Agent.EO, Trojan.Downloader.TIBS

Extended Intelli-Signatures:

3.0560 0 - Backdoor.Beastdoor, Backdoor.Graybird.GEN, Trojan.Banker, Trojan.Popuper, Trojan.Proxy.Small.BO, Trojan.PSW.Hangame, Trojan.PWSteal.QQPass, Trojan.VisAgent

3.0559 0 - Backdoor.Graybird.GEN, CasinoClient, Common Components for Backdoors, Common Components Unrelated, CWS.XPSystem, HotBar, Known Bad Sites, QQFace, SC Keylogger, SpyHeal, Trojan.DNS Changer, Trojan.Downloader.Banload, Trojan.Downloader.Femad, Trojan.Downloader.Obscux, Trojan.Downloader.Small.AWA, Trojan.Downloader.Small.BWS, Trojan.Fald, Trojan.Goldun, Trojan.LdPinch, Trojan.Proxy.Lager.f, Trojan.Proxy.Ranky.EK, Trojan.PWSteal.Agent.C

3.0558 0 - Backdoor.Hupigon.GEN, Known Bad Sites, Maxifiles, SpySpotter, Trojan.Banbra.FB, Trojan.Bancos, Trojan.Banker, Trojan.Downloader.Agent.AEA, Trojan.Downloader.Harnig, Trojan.Dropper.Agent.HL, Trojan.Spy.Agent.EW, Trojan.Spy.Banker.AEZ, Trojan.StartPage.GEN, Trojan.StartPage.XS

Deleted:

3.0559 0 - Trojan.Spy.Agent.BY


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Wednesday, September 13, 2006

AD Aware Update to Fix False Positives

SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

============================================
Definition file Notification - Lavasoft News
============================================
SE1R123 13.09.2006

This fixes a False Positive in Adware.AdMedia.
This fixes a False Positive in TrojanBackdoor.Serv-U.
This fixes a False Positive in BargainBuddy.
This fixes a False Positive in Win32.Trojan.Agent.
This fixes a False Positive in Win32.Trojan.Downloader.

Tuesday, September 12, 2006

Ad Aware SE1R123 12.09.2006

There's an update for Ad Aware today, SE1R123 12.09.2006

New Definitions:
========================
Adware.FunWeb +11
Adware.LinkOptimizer +4
Diaremover +7
Win32.Keylogger.Skin +5

Updated Definitions:
========================
ABetterInternet.Aurora +5
Admedia.AdMedia +14
Adware.AdMedia +8
Adware.Allsum +15
Adware.DesktopMedia
Adware.Dropper
Adware.Eztracks +10
Adware.Iebar +10
Adware.Look2Me +29
Adware.Maxifiles +6
Adware.NaviPromo +7
Adware.Suggestor +4
Adware.ZenoSearch +7
Ardamax Keylogger +5
Bargainbuddy +38
Lop +89
PurityScan
RXToolbar +9
Softomate Toolbar +3
TrojanBackdoor.Serv-U
Webhancer +8
Win32.Dialer.Trojan +10
Win32.Trojan.Agent +4
Win32.Trojan.DownLoader +14
Win32.Trojan.Keylogger +5
WinAntiVirusPro +12
VirusBlast +2

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

Monday, September 11, 2006

Sunbelt Counterspy Update 407

CounterSpy 1.5 latest update definition is 407

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Hack v1.0 Trojan, W32.Netsky.AD@mm, Trojan.Rootserv, W32.Beagle.FG@mm, W32.Bacterra.Worm, W32.Duksten.C@mm, Trojan.FakeLogin, Backdoor.Hitcap, W32.HLLW.Daboom@mm, Backdoor.BluanWeb, BAT.Cyseq.Worm, Backdoor.Rsbot, Backdoor.Helios.B, Trojan-Downloader.Win32.Mediket.cd, Trojan.Win32.Conycspa.i, Trojan-Downloader.Win32.Zlob.jl, Trojan-Downloader.JS.Gool.a, Trojan-Spy.Win32.Banker.ek, Sosoko, Wnavy.Toolbar, Trojan-Downloader.AML, FireHole, Trojan-Clicker.Win32.Costrat.l, Trojan-Dropper.Win32.Agent.fly, BAT.Rahiworm, Dialer.Lohan, Infostealer.Wowcraft.C, Infostealer.Netsnake, Backdoor.Beasty.Cli, Trojan.Dasmin, Netspy.Trojan, Trojan.Popdis, W32.Misodene@mm, Trojan.DnD.DoS, Linux.Slapper.Worm, Dialer.NewDial, Backdoor.Sdbot.AR!dr, Trojan-Downloader.Reitrec, Dialer.Volta, Backdoor.Armageddon.20, Backdoor.Homutex, Infostealer.Svcstor, W32.Areses.H@mm, Backdoor.SMBRelay, W32.Banwarum@mm, W32.Mimail.A@mm, Adware.LoadEWXD, Trojan.Agentdoc, W32.Beagle.AR@mm, PWLsteal.Trojan, W32.Mumu.B.Worm, Backdoor.Oblivion, Backdoor.Nodelm, Trojan.Slapew.C, DonaldD.Trojan (NT), Trojan.Checkraise, W32.Swen.A@mm, W32.HLLW.Lovgate.J@mm, Trojan.Wimad, W32.Bagz.E@mm, Infostealer.Kurofoo, Backdoor.G_Door.Client, Dialer.XLite, Backdoor.Mite, W32.Mytob.QA@mm, Backdoor.Delf.E, Backdoor.Gaobot, Backdoor.IRC.Loonbot, Trojan.Ourxin, Trojan-Downloader.Centim, Trojan.Benfgame, Trojan.Logger, Dialer.SouthBeachTel, Backdoor.Ginwui.B, Dialer.Global, W32.Fili.A@mm, Backdoor.Portless, W32.Mydoom.L@mm, PHP.RSTBackdoor, Backdoor.IRC.RPCBot.C, Backdoor.Domwis, Backdoor.IRC.Flood.E, Backdoor.Graybird.N, W32.Lovgate.X@mm, Backdoor.Beasty.dr, Backdoor.DMSpammer, Backdoor.Tabdim, Backdoor.Sinups, W32.Shufa@mm, Backdoor.Roxe, Backdoor.Amitis.B, W32.Luder@mm, W32.Kwbot.F.Worm, W32.HLLW.Fizzer@mm, W32.Femot.Worm, VBS.BinHex.Trojan, Backdoor.IRC.Ratsou.B, Trojan.Maocal, Trojan.LowZones!reg, Trojan.Awax, Trojan.Delsha.B, W32.Balick.Trojan, Backdoor.Laphex.Client, Backdoor.Iroffer.1303.F, Trojan.Webus.H, Backdoor.Rustock.A, W32.HLLW.Torvel.B@mm, Dialer.Dcon, Infostealer.Wowcraft.B, Backdoor.Sdbot.F, ICQpager.Trojan, Backdoor.Ciadoor.Cli, Backdoor.Iroffer.1210, Backdoor.Lixy.B


Threats that have been updated

Alexa Toolbar, Backdoor.Ciadoor, Backdoor.Win32.IRCBot.gen, Backdoor.IRC.ZCrew, Sheldor, eXact.BargainBuddy, BookedSpace, ClearSearch, CommonName, Conducent/Timesink, Desktop Scout, AvenueMedia.InternetOptimizer, eXact.SearchBar, Hotbar, IBIS.WebSearch Toolbar, IEPlugin, EGroup.InstantAccess, IST.ISTbar, Hyperlinker/LinkMaker, Look2Me, C2.Lop, Mini Key Log, Mirar, NetVizor, NewDotNet, Claria.GAIN.OfferCompanion, Perfect Keylogger, KeenValue.PowerSearch, ClickSpring.PuritySCAN, Roimoi.Roings Search, Memory Watcher, WhenU.Save, SC-KeyLog, Backdoor.SDBot.gen, SearchIt Toolbar, SpyAgent, Trojan.StartPage, ZeroPopUpBar, XPCSpy, Xupiter, Verticity.IEDriver, Virtual Bouncer, ny Keylogger, Trojan-Downloader.Psyme, JS.Seeker, 2020Search, W32.Klez.h@MM, W32.Sobig.B@mm, W32.Sobig.F@mm, webHancer, Bridge/WinFavorites, WurldMedia, TopRebates.WebRebates, iSearch.Toolbar, ABetterInternet, 180solutions.SearchAssistant, IST.SideFind, WindUpdates, SearchMiracle.EliteBar, MediaTickets CDT, eXact.BullseyeNetwork, Zango.SearchAssistant, AproposMedia.ContextPlus, Begin2Search, MediaMotor, DialerPlatform, W32.Spybot.Worm, Backdoor.Win32.Rbot.gen, RXToolbar, Virtumonde, SpySheriff, Begin2Search.BigTrafficNet, Trojan-Downloader.Qoologic, MegaSearch, SpecificMedia.GoGoTools, Trojan.Abwiz.B, SpywareStormer, WebDir, Trojan.Lowzones, PWS-Banker, KGB Keylogger, WinFixer, WinAntiSpyware, 2Search, BigBlue.01, Starware.Toolbar, Maxifiles.Director, ErrorSafe, Wfgtech.com, SpyAxe, DollarRevenue, MalwareWipe, FakeAlert, SniperSpy, Powered Keylogger, SystemDoctor, Browsezilla, Trojan.Smitfraud, Backdoor.Win32.Iroffer.b, Backdoor.Eterok, Backdoor.Win32.Rbot.aeu, Infostealer.Banpaes, Infostealer.Bancos, Trojan Horse, Infostealer, Trojan.Emcodec.B

Spyware Doctor 3.0555 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0555 0
Intelli-Signatures: 70,598

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0553 0 - Trojan.Downloader.Delf, YOK Toolbar
3.0554 0 - Trojan.Downloader.Iciko, Trojan.Downloader.Small.DOJ
3.0555 0 - Backdoor.Rbot.BGP, zCodec

Extended Intelli-Signatures:
3.0553 0 - Adware.Roogoo, Backdoor.Optix, Common Components for Trojans, CWS, DSSAgent, Known Bad Sites, LinkOptimizer, SpyHeal, Trojan.Crypt.T, Trojan.Downloader.Small.ATL, Trojan.Proxy.SRSHost, Trojan.Qhosts, Trojan.StartPage.GEN, Trojan.Startpage.VO
3.0554 0 - Adware.Roogoo, Backdoor.Agent.ADR, Backdoor.Delf.AGQ, Backdoor.Rbot.AEU, Dollarrevenue, MediaGateway, PurityScan, SpywareQuake, Trojan.Downloader.ConHook, Trojan.Downloader.Small.ATL, Trojan.Downloader.Small.BDT, Trojan.Downloader.Small.DNQ, Trojan.Proxy.Lager.f, Trojan.PSW.QQRob.U, Trojan.SmartAllYes, Trojan.Zapchast
3.0555 0 - Backdoor.Bifrose.D, BookedSpace, CWS.XPSystem, EliteBar, Trojan.Banker, Trojan.Clicker.GEN, Trojan.DNS Changer, Trojan.Downloader.HO, Trojan.Downloader.Ruins, Trojan.Downloader.Small.CTK, Trojan.Downloader.Small.DOJ, Trojan.Downloader.Zlob.GEN, Trojan.Downloader.Zlob.PJ, Trojan.Popuper, Trojan.Proxy.Agent.GT, Trojan.PSW.Delf.HI, Trojan.PSW.QQRob.U, Trojan.PWSteal.Lmir.QU, WebSearch Toolbar

Tool Update releases:
Popup Blocker 3.6.0.2284

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Saturday, September 09, 2006

MS Security Bulletin Advance Notification for September

Microsoft have released an advance notification for the updates that are due to be released next Tuesday.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 12 September 2006 Microsoft is planning to release:

Security Updates

  • Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
  • Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
  • Microsoft will release Two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release three NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Bulletin Advance Notification

Friday, September 08, 2006

Spybot Search & Destroy September 8th

Spybot Search and Destroy has an update today, September 8, 2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:

Adware
++ Suggestor
Dialer
+ Dialer.GlobalAccess
Hijacker
+ Naupoint + TV Media + ISearchTech.PowerScan ++ DotComToolbar
Malware
+ Megasearch + Smitfraud-C. + SurfSideKick ++ Deskbar + Command Service
PUPS
++ Spionfrei
Security
+ Windows.Security.InternetExplorer
Spyware
+ VX2.e.Favoriteman + Hyperlinker + Targetsaver
Trojan
+ Win32.VB.xj ++ Fake.Oleext + Media Tickets ++ Instafin ++ Smitfraud-C.MailBot ++ Smitfraud-C.FakeProxyUpdate + WMF Exploit.NewYear2006 ++ qqHacker.IE-Bar ++ typereg32.IE-Bar + UpToFind.RelatedSearch + DialerPlatform + Zlob.XPasswordManager + Vcodec.Intcodec + Hupigon

Total: 315796 fingerprints in 44255 rules for 2234 products.

Ad Aware SE1R122 08.09.2006

Haven't heard from Ad Aware in awhile. Good to see they are still out there

SE1R122 08.09.2006 Is Now Available, New Definition file for Ad-Aware SE

============================================
Definition file Notification - Lavasoft News
============================================
SE1R122 08.09.2006

New Definitions:
========================
Adware.AdwarefilterToolbar
Adware.Allsum
Adware.CasClient +3
Adware.Koolbar +2
AdWare.Safety Bar
Win32.Backdoor.Hackarmy
Win32.Backdoor.Sality +5

Updated Definitions:
========================
Adware.ADHelper
Adware.DollarRevenue
Adware.Maxifiles +2
Adware.ToolbarDeepDive +19
AdwareSheriff
CnsMin +8
Purityscan +6
Softomate Toolbar +2
SystemDoctor
Win32.Backdoor.Agent
Win32.Backdoor.Dumador +3
Win32.Backdoor.RBot +4
Win32.Generic.PWS +3
win32.Trojan.Dnschanger +2
Win32.Trojan.Downloader +2
Win32.Trojan.KillAV
Win32.Trojan.mIRC +10
Win32.Trojan.Pakes +6
Win32.Trojan.Spambot +2
Win32.Trojan.Starter +2
Win32.TrojanClicker +2
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Swizzor.bo +2
Win32.Trojandownloader.Zlob +31
WinAntiVirus Pro 2006 +4
WinFixer
WinPopup
Virtumonde +20
Virusblast

Ad Aware can be downloaded from the official Lavasoft Ad Aware page.

Bits from Bill: WinPatrol 10

Bits from Bill: WinPatrol 10

WinPatrol is a great program that watches your computer for changes. Sometimes they can be good, like when you add a new program that you want. Sometimes it can be bad, like when spyware tries to get onto your computer. With WinPatrol, you can allow or deny these new changes.

WinPatrol is one of the programs I use on my computer to keep it safe. Easy to use and it is free. Highly recommended.

More info on WinPatrol and where to download WinPatrol.

Thursday, September 07, 2006

Elitebar Forced To Give Up 2 Million Dollars

The Federal Trade Commission reached a settlement with Enternet Media, makers of the spyware called Elitebar. The FTC said that people were tricked into installing this spyware from pop up windows that looked like installation boxes. People were further duped by false promises of free wallpaper, song lyrics, and ring tones. Another way people were deceived was a false warning that their browser had a problem or needed a security patch. Instead, people found that their web browser was hijacked. The home page was changed, a toolbar was added, and search results were changed.

In addition to paying 2 million dollars, a suspended fine of 8.5 million dollars was issued. The defendants are also prohibited from making anything that changes people's browsers in the future.

The defendants in this case are Enternet Media Inc., Conspy & Co. Inc., Lida Rohbani, Nima Hakimi, and Baback (Babak) Hakimi, all based in California, whose software codes were “Search Miracle,” “Miracle Search,” “EM Toolbar,” “EliteBar,” and “Elite Toolbar.”

CounterSpy Update 406

CounterSpy 1.5 latest update definition is 406

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

VirusBurst, 7AdPower Dialer, Hot_be, ClientSniffer, Password Spyer 2k, wc30b2.zip, spy#, SSO Plus, Global Netcom, SGrunt Dialer, XP Logon Password Logger, evilFtp, Inferno Nuker, IGMP Nuker, Furax MSN, PasswordLogger, Maya PWS, Okiller, Access Password Thief, RainbowCrack, Crack-ftp, PWL Flash, PassBack AIM, Destripador 4, PWLHack, MailBombTrojan, Remotely Anywhere Server Edition, Haebu Coceda, Moscow Mail Trojan, iRcHaTaN-Ps, Naebi soseda, Toxic-Ps, S-H Yahoo Pass Sender, S-H Dialup Ps, Magic-PS, Bug's Msn Pass Stealer, Wyrvious's-Invisible-Mailer, Toxic-Ps 2.3, Yahoo Spy Final, PassTool 2, Haxior, AccPass, Tak-Ps, Mass PW Steal, Password Sender, SniffPass, Red ZONE, MSN Trojan, Sentinela, Spylab WebSpy, U.R.B Agent, Systemkey, Trojan.SpyOne, SilentKeylogger, Trojan.MofoTro, Online Keylogger, BackPort, Control Kids, Chaperone, Cool Admin Tool, MyNabyoo, BackLogger, Destruction Gate, Backdoor.MSN Password Logger / b, CyberRat, MG-Shadow, Remote Administration Tool (VNC), BackSpy Pro, Netintelligence Home Edition, Merlins Matrix, CNNSC, aSpy, WebSnitch, MING Chat Monitor, Hacker Brasil, Free Keylogger, PC Prowler, SpyUpload, LANVisor, GhostLog, EgySpy, Latias Backdoor, MiniKey Log, Trojan.Asdbiz, Remote Logger, Hidden Administrator, TeleDesktop, White Scorpion Keylogger, Remote Helpdesk, Trojan.YPS, PSPVKSIII, Free Key Logger (Virtuoza), Trojan.TroMessenger, Spy Software X, SIS-Downloader, RePass, Boss eye, CyberSieve, Black Matrix, Shalan, Mo4x's Keylogger, XploitLite, Backdoor.Genie, adh1_sexarea, HDE SpyGenerator, Absolu-trans, Mini-Ps, VirucKingX, Typeteller2006, sNaP D00r, Fatman Keylogger, Parent Tools for Yahoo! Messenger, MadameSalope_Sexe, Bomb's Keylogger, Trojan.Under Control, UltraSESSO, Trojan.Hiper Trojan, Trojan.Total Control, ParisMec, Dor Alon's Key Logger, Trojan.Epithalium, Trojan.The Sentry, Trojan.Redshots, ProKeylogger, Backdoor.MagPlayer, aSpy v2.11, Trojan.Snapdoor, KMremoteControl, 1-Spy Monitor, IO Brisa, Trojan.Xploit, ICQ Password Logger, IMInspector, Trojan.GCGKuakers, SpyArsenal Yahoo Logger, IntelliAdmin Remote Control, Backdoor.Falcon-Control, BaciamiStupido, Hidden Administrator 1.1, Deepshadow Keylogger, TypeAgent, Trojan.Robokop, Ares.Logger, Trojan.ProHok, KidiSafe, SpyKy v1.0, KeyBoardWindow, Mom Knows Best, Helpdesk VNC, AQIBs KEYlogger, QwikSpy, n-keylogger, Trojan.Yuri RAT, Control Parental 2006, K-logger, IMMonitor Yahoo Messenger Spy, IMMonitor MSN Spy, IMMonitor AIM Spy, BPWakeforest Hawk, IMMonitor ICQ Spy, Visual Predator Toolkit, Yahoo Messenger Monitor Sniffer, MSN Messenger Monitor Sniffer, AIM Monitor Sniffer, sinapse Keylogger, ICQ Monitor Sniffer, Trojan.PlugHackers, Trojan.TroyanoQuemero, Trojan.MarjinZ RAT, Total Spy 2.1, Backdoor.Spy Uploader, Free Spy Keylogger, Trojan.Remote Observation, Trojan.Zynber Remote, YEKPND.EyeCandy Computer Monitor, Trojan.PT, Backdoor.JooJoo, Key-PassLogger, Trojan.Dark-Avenged, Teen Minder, Backdoor.IE PS, Backdoor.Trojan, ChatChecker, Backdoor.LetDown, 1-ACT Computer Spy 2006, RCWS Remote Control, Family Cyber Alert, Trojan.Biorante, FWB Keylogger, PC-Keylogger, KeyCool, G3r4rd Keylog, Computer Monitor, Trojan.NetSpear 2006, AIM Monitor 1.2, SL-Message, Backdoor.Evel Passw, Trojan.Grey Pigeon, iSnake PRO, Backdoor.NightMare, Opton Monitor Pro, Legendary Hacker, PC eGuardian, My Remote Desktop, Trojan.Furier, Backdoor.Msn 6Ph, Personal Keylogger, MSN Monitor, 1-ACT Parental Advisor 2006, Trojan.MiLiRemote, Trojan.Grob, ICQ Monitor, Trojan.MsnControl, Trojan.Aim Hijack, ScreenViewer, EyeOnKeyboard, NetworkStreaming AccessDesk, Trojan.HooliGGan, GG-loGGer, Remote Screen Control, astRX keylogger LITE, Trojan.GhostFtp, Tianhao Simple Keylooger.TSK, Backdoor.Sharp Ps, Trojan.CRSStealth, Trojan.Reverse GG, QT Keylogger, Backdoor.APS, Peccaminosa, Trojan.PDL SpyNet, Sys_Keylog, Trojan.Cin-Sock, Trojan.Sheeta, Trojan.Bersek, Trojan.NCPH, Thinkertec SpyPal, Remote Office Manager, Kidsnapper, Backdoor.IMP-PS, Trojan Invader, Trojan.TROY LixKeU, Trojan.Explorador Remoto, iRemotePC, RWX Remote Control, Backdoor.Mahshid Ps, Trojan.Muou, Trojan.H_Client, Smart Pc Keylogger, Trojan.Crossbow, Trojan.Amped, Trojan.Arbiter, GenControl, z2 Remote2PC, IMP-Keylogger, Trojan.Mr Amir-ps, TakFanar Keylogger, WinShadow, SE Remote Control, Trojan.SnakeEater, Trojan.Admin, Trojan.SpyTrek, Backdoor.NancyAjram, Backdoor.Tiger-Passwords, JM Pager, Trojan.ControlFile, Trojan.BlackRaven, Backdoor.AYO Spy, AIM Keylogger, Bloodhound.Exploit.61, W32.Mular.A, Trojan-Downloader.Generic.31D55D28, Trojan-Downloader.Generic.B31661B0, Trojan-Downloader.Generic.6EFED66C, Joke.JepRuss, W32.Cellery, Backdoor.Agent.DFZ, W32.Opanki.BD, Trojan.PWStealer.B6F9A7E4, Backdoor.Win32.Small.mq, Trojan-Downloader.Generic.666C37F0, Trojan.PWStealer.4F2A7735, Trojan.PWStealer.4FC641BE, Trojan-Downloader.Generic.EB55E38A, Trojan.Banker.Delf.1C003601, Trojan-Downloader.Generic.5F7F2ACD, TopBrowsing, Trojan.Dowdec, Trojan.Small.CIU, Trojan-Downloader.Win32.Agent.xq, Trojan-Downloader.Win32.Small.dov, Trojan.ConstructKit, Trojan.Alemod.B, Backdoor.Bebshell, Trojan.Randsom.A, PHP.Backdoor.Trojan, Trojan.Sufiage, Infostealer.Tarno.T, Trojan-Downloader.Ject, Trojan-Downloader.VBS, W32.Miliam@mm, Password Theft Trojan, Backdoor.LittleWitch, Trojan.Yipid, Backdoor.Banito.G, W32.Rontokbro.Z@mm, Infostealer.Marlap, Trojan.Kaht, Trojan.Denutaro, Backdoor.Aphexdoor, TPworm, Backdoor.Singu, W32.Looksky.H@mm, Trojan.Adclicker.A, Trojan.Webus, Backdoor.Peeper, W32.Bonorm@mm, Trojan.Dazheb, Trojan-Downloader.Swif, W32.HLLW.Anarch@mm Backdoor.Litmus.Gen, Trojan.Drivus, Backdoor.OptixPro.13, Bloodhound.VBS.Worm, Trojan.Offiz, Adware.Redir, Trojan.Gpcoder, Infostealer.Souljet, Trojan.CrashIE, Trojan.Holax, W32.Kipis.B@mm, Backdoor.Spymon, W32.Beagle.AQ@mm, W32.Welchia.B.Worm, Backdoor.FTP_Ana.C, W32.Appflet.A@mm, Backdoor.SubSeven215, Trojan.Satiloler.F, Backdoor.Monator, Backdoor.EggDrop, Backdoor.Feardoor, Trojan.Sufiage.B, Infostealer.Salira, W32.Jalabed@mm, Backdoor.R3C.B, Trojan.Zlob.K, Infostealer.Refest, Backdoor.Beasty.J, W32.Chir.B@mm, Backdoor.Pahador, Trojan-Downloader.Cile, Dialer.Lusval, W32.Comdor.K@mm, W32.Beagle@mm!rar, VBS.Kitro@mm, Bat.NTHack.Trojan, Backdoor.Delf.Family, W32.Mytob.PE@mm, W32.Beagle.AA@mm, Trojan.Fantibag.B, Backdoor.Powerspider.B, W32.Mytob.AG@mm, W32.Thonic@mm, Trojan.Tooso.L, Infostealer.Kipper, W32.Calgary@mm, Backdoor.Winshell, IRC.Worm.gen, Backdoor.MLink, Adware.Replace, W32.Genrack@mm, Spyware.Keylogger, W32.Kedebe.I@mm, Trojan.Mdropper.C, Trojan.RealSearch, VBS Worm Generator, Trojan-Downloader.Chamber.Kit, W32.Dumaru@mm, MSIL.Letum.A@mm, VBS.Santen.A@mm, Backdoor.Hesive.dr, Infostealer.Gamanlock, Backdoor.Graybird.L, W95.Hybris.worm, Backdoor.Win32.Dragonbot.d, Backdoor.Win32.Iroffer.s, Backdoor.Win32.Prorat.17, Email-Worm.Win32.Gurong.a, Backdoor.Win32.VB.aos, Email-Worm.Win32.Mydoom.m.log, Exploit.JS.CVE-2006-1359.i, BadJoke.Win32.FakeDel.k, BadJoke.Win32.FakeDestruct.b, Trojan-PSW.Win32.Lineage.qi, Backdoor.ASP.Ace.bp, Backdoor.Win32.IRCBot.od, Backdoor.Win32.Iroffer.1310, Backdoor.Win32.Rbot.avy, Backdoor.Win32.RUX.Tick.40.b, Email-Worm.VBS.Santen.a, BadJoke.Win32.Trembler, Trojan-Spy.HTML.Bankfraud.od, Worm.Win32.Feebs.dw, Backdoor.Win32.Delf.apm, Backdoor.Win32.Iroffer.n, Backdoor.Win32.SubSeven.215, Email-Flooder.Win32.FormMail.10, Packed.Win32.PePatch.y, Trojan.JS.Small.e, Trojan.Win32.Delf.kh, Trojan.WinREG.LowZones.f, Worm.Win32.Feebs.ei, Trojan-Dropper.Win32.Delf.tq, Trojan-Dropper.Win32.DNet.b, Trojan-Dropper.Win32.Small.anr, Trojan-Notifier.Win32.OptixPager.SE.a, Trojan-Proxy.Win32.Agent.iu, Exploit.HTML.DragDrop, Exploit.Win32.MS05-020.d, Trojan.Win32.VB.abp, Trojan-Clicker.Win32.VB.is, Trojan-Downloader.HTML.Agent.ao, Trojan-Downloader.NSIS.Agent.s, Trojan-Downloader.Win32.Agent.ahy, Trojan-Downloader.Win32.VB.abb, Backdoor.Win32.Iroffer.1227, Exploit.JS.CVE-2006-1359.k, Rootkit.Win32.Agent.bk, Trojan.BAT.Agent.d, Trojan-Spy.HTML.Bankfraud.nm, Trojan-Spy.HTML.Bayfraud.in, Backdoor.Win32.Bifrose.fs, Exploit.JS.CVE-2006-1359.b, Trojan-Spy.Win32.Banker.auw, Backdoor.Win32.Iroffer.1228, Exploit.HTML.DialogArg, Exploit.Win32.AwStats.a, Trojan.Win32.KillReg.i, Trojan.Win32.VB.zp, Trojan-Downloader.Java.OpenStream.y, Trojan-Spy.Win32.Perfloger.ab, Backdoor.IRC.Botva.b, Backdoor.IRC.Kelebek.af, Backdoor.Win32.Rbot.be, Email-Flooder.Win32.Homicide, IM-Flooder.Win32.VB.ea, BadJoke.Win32.FakeFormat.105, Trojan.Win32.VB.aha, Trojan-Dropper.Win32.Agent.uo, Backdoor.Win32.Delf.ajg, IM-Flooder.Win32.KillBig.51, Hoax.Win32.CardGen.b, Nuker.Win32.Portfu, P2P-Worm.BAT.Skowor.a, Trojan.BAT.KillAV.cs, Trojan-Downloader.JS.Psyme.bv, Trojan-Downloader.Win32.Adload.a, Trojan-Downloader.Win32.Agent.rt, Email-Worm.Win32.Scano.b, Trojan-Dropper.Win32.VB.ks, Backdoor.Win32.Agent.xu, Email-Worm.VBS.HappyTime, Net-Worm.Win32.Kidala.a, Trojan.BAT.FormatC.z, Trojan-Downloader.Win32.Banload.ahp, Trojan-Downloader.Win32.Bomka.k, Trojan-Spy.Win32.Agent.jo, Backdoor.Win32.Delf.aph, IM-Worm.Win32.Kelvir.bp, Trojan-Dropper.Win32.Small.any, Trojan-PSW.Win32.Lineage.zk, Worm.Win32.Feebs.dt, Email-Worm.MSExcel.Skowor.b, Trojan.Win32.Delf.px, Trojan-Spy.Win32.VB.mq, Backdoor.Win32.Lemerul.20.d, Backdoor.Win32.Rohbot.a, Backdoor.Win32.ServU-based.am, Exploit.JS.CVE-2005-1790.v, Hoax.DOS.Omnitel.a, Trojan-Downloader.NSIS.Agent.q, Trojan.Win32.Agent.se, Trojan-Downloader.Win32.Agent.ahj, Trojan-Dropper.Win32.BindFile.c, Net-Worm.DOS.HLLP.Nover.8496.b, Worm.Win32.Feebs.bj, Hoax.Win32.Tbluguot.a, SpamTool.Win32.VB.o, Trojan-Spy.Win32.KeyLogger.go, Trojan-Spy.Win32.Perfloger.a, Backdoor.Win32.Delf.alj, Flooder.Win32.VB.cz, Trojan-Downloader.Win32.VB.aay, Trojan-Spy.HTML.Paylap.hp, Backdoor.Win32.Iroffer.z, Trojan-Downloader.Win32.Adload.ag, Backdoor.Win32.Rbot.bbm, Trojan-Proxy.Win32.Agent.ho, Trojan-PSW.Win32.Lineage.aao, Backdoor.Win32.ServU-based.ap, Exploit.JS.CVE-2006-1359.l, Trojan.Win32.Crypt.e, Trojan-Clicker.Win32.Delf.cn, Trojan-Downloader.Win32.Lopin.u, Trojan-Downloader.Win32.Small.cnp, Trojan-Dropper.Win32.VB.lk, Backdoor.IRC.Bronc.a, Backdoor.Win32.IRCBot.oj, Backdoor.Win32.Iroffer.1221, Backdoor.Win32.ServU-based.as, Email-Worm.Win32.Snapper, Exploit.VBS.CAN.2003-0344, Trojan-Downloader.Win32.Agent.ajl, Trojan-Downloader.JS.Small.d, Trojan-Downloader.JS.Small.i, Trojan-Downloader.Win32.Delf.agd, Trojan-Downloader.Win32.Lopin.v, Trojan-Dropper.VBS.Javad.a, Trojan-Dropper.Win32.Delf.vh, Worm.Win32.Feebs.fc, Backdoor.Win32.Bifrose.dg, Backdoor.Win32.Iroffer.1307, Backdoor.Win32.ServU-based.ax, Trojan-Dropper.Win32.Small.aob, IRC-Worm.IRC.Pucker.a, Backdoor.Win32.DarkMoon.cp, Backdoor.Win32.IRCBot.qz, Backdoor.Win32.LanFiltrator.3b, Backdoor.Win32.Pahador.r, Exploit.Perl.Zen.a, Trojan-ArcBomb.BZip, Trojan-Downloader.Win32.Agent.er, Hoax.Win32.ComputerSchock, P2P-Worm.Win32.SpyBot.eu, Trojan.WinREG.URLDel, Trojan-Downloader.Win32.Adload.ai, Trojan-Downloader.Win32.Agent.ue, Trojan-Downloader.Win32.Small.coq, Trojan-Downloader.Win32.VB.yg, P2P-Worm.Win32.Agent.j, Backdoor.Win32.Aimbot.by, Backdoor.Win32.Beastdoor.l, Email-Worm.Win32.Roron.497, Exploit.JS.CVE-2005-1790.a, Trojan.Win32.Autoit.l, Trojan-Downloader.Win32.Banload.aay, Trojan-Downloader.Win32.Small.cpe, Trojan-Downloader.Win32.Small.on, Backdoor.Win32.IRCBot, Wowbar

Threats that have been updated

Backdoor.Ciadoor, Intruder, Backdoor.Win32.IRCBot.gen, eXact.BargainBuddy, BookedSpace, CarpeDiem, ClearSearch, CoolWebSearch, Cydoor, Delfin.Media Viewer, Desktop Scout, E2Give, Family KeyLogger, Ghost Keylogger, Hotbar, IBIS.WebSearch Toolbar, IEPlugin, EGroup.InstantAccess, IST.ISTbar, Hyperlinker/LinkMaker, Look2Me, C2.Lop, MemoryMeter, Modem Spy, NetSource101, NetVizor, PasswordSpy, PC Activity Monitor (PC Acme), Perfect Keylogger, ClickSpring.PuritySCAN, Remote Keylogger, SafeSearch, Memory Watcher, WhenU.Save, SearchIt Toolbar, Sentinel.5402, ShopNav, Spector, Trojan.StartPage, XPCSpy, Virtual Bouncer, Tiny Keylogger, TopMoxie, Trojan-Downloader.Psyme, webHancer, WinAD Client, Bridge/WinFavorites, TopRebates.WebRebates, Mostrar Dialer, ABetterInternet, DealHelper, 180solutions.SearchAssistant, Slagent/Navipromo, MediaTickets CDT, eXact.BullseyeNetwork, Zango.SearchAssistant, FlashEnhancer, AproposMedia.ContextPlus, Begin2Search, DialerPlatform, MegaSearch Toolbar, W32.Spybot.Worm, Backdoor.Win32.Rbot.gen, TargetSaver, WindUpdates.WinTaskAd, Virtumonde, AzeSearch.MWSearch, WindUpdates.MediaAccess, IQSearch.Desktop.Hijacker, Dyfica.Holistyc, SurfSideKick, Comet Cursor, WinSpy, PAL Computer Surveillance, StealthLogger Pro Bot, ActMon Computer Monitoring, Trojan.Favadd, Trojan.Abwiz, Trojan.DesktopHijack, UCmore.XP.SearchAccelerator, CWS.Conyc, ABetterInternet.Aurora, EnergyPlugin, enBrowser Snack Man, SpySheriff, TrustyHound, Trojan-Downloader.Agent.AD, Trojan.Abwiz.B, Zenotecnico, Trojan.Lowzones, Trojan.KillReg, PWS-Banker, KGB Keylogger, WinFixer, ErrorGuard, 2Search, Delfin.WebBar, Webext, Dimpy.Win32VBsy, DollarRevenue, Exploit.WMF, Trojan-Downloader.Gen, Winlogger, 007Spy.Keylogger, Backdoor.Win32.ServU-based, Borlan.MMsAssist, DesktopMedia, Traff-Acc, Backdoor.IRC.Zapchast, Trojan-Spy.Win32.Banker.ark, Goldun.Fam, TagASaurus, Trojan-Downloader.Win32.Small.awa, Haxdoor.Fam, Trojan.KillAV, P2P-Worm.Win32.SpyBot.gl, QuickLinks/Forethought, BaiduBar, C2.Lop.dldr, PigSearch, Navihelper, TrustinBar, Adware.Sogou, Henbang, Trojan.IEMax, Trojan-Downloader.Zlob.Media-Codec, Advertismen, Trust Cleaner, Trojan.Win32.Pakes, PornMag Pass, Trojan.Win32.Dialer.pw, Trojan.Smitfraud, Backdoor.Win32.Iroffer.b, Backdoor.Win32.Rbot.aeu, Infostealer.Banpaes, Infostealer.Bancos, Trojan.Anserin, Trojan.PWS.QQPass, Backdoor.Graybird, Backdoor.Pcclient, Backdoor.Shellbot, Dialer.Sfonditalia, Trojan Horse, Infostealer, Trojan.Adclicker, Backdoor.Prorat, W32.IRCBot, Backdoor.Nibu.J, Infostealer.Metafisher, SecurityRisk.Downldr, Backdoor.IRC.Bot, W32.Areses.A@mm, Backdoor.Trojan, Dialer.Target, Infostealer.Ldpinch, Backdoor.Bifrose, W32.HLLW.Gaobot, Trojan.Renver, Infostealer.Wowcraft, W32.Mydoom!gen, Trojan.Zlob, W32.Mytob@mm, W32.Imav.A, W32.Beagle.DV, W32.SillyP2P, W32.Mytob.U@mm, Backdoor.Graybird.K, W32.Feebs, Trojan-Downloader.Bancos.gen, Backdoor.Beasty, W32.Linkbot.M, W32.Looksky.A@mm, Backdoor.Formador, Adware.Iefeats, W32.HLLW.Gaobot.gen, Trojan.Binjo, Backdoor.Botex, Trojan.Bomka, Trojan-Downloader.Dluca, Backdoor.Ranky, W32.Rontokbro.U@mm, W32.HLLW.Antinny, W32.Kelvir, IRC.Backdoor.Trojan, W32.Mytob.FI@mm, Backdoor.CVM,Trojan.Tannick.B, W32.Bobax, Backdoor.Tofger, W32.Rontokbro@mm, Trojan.Lodear, IRC Trojan, Infostealer.QQRob.A, Dialer.Archivio, Infostealer.Lineage, Trojan.Flush.A, W32.SillyIM, W32.Rontokbro.X@mm, Trojan.Mitglieder, W32.Beagle.EA@mm, Backdoor.Graybird.D, Trojan.Zlob.J, Trojan.Emcodec, Trojan.Bookmarker, Backdoor.Darkmoon, W32.Areses.F@mm, W32.SillyFDC, W32.Randex, Backdoor.Mosuck, Trojan.Emcodec.B, Trojan.Hachilem, Infostealer.Banker.B, W32.Allim, Trojan.Bankem, W32.Beagle.gen, W32.Falsu.A, W32.Linkbot, W32.Kassbot, Trojan.Repsamo, BAT.Trojan, Trojan.Spabot, Trojan.ByteVerify, Backdoor.Peerdoor, W32.Randex.gen, Trojan.Desktophijack, W32.IRCBot.Gen, Trojan.SuperSpider, Trojan.Phel, AntiCAD.3004, Trojan.Qhosts, Backdoor.Paproxy, Trojan.Jupillites, Backdoor.Hesive, W32.Mydoom.FS@mm, Backdoor.WinShell.50, Trojan-Downloader.Win32.ConHook.aa, Trojan.Win32.Agent.vp, Backdoor.Win32.Rbot.asn, Constructor.Win32.MicroJiner.17, Trojan-Downloader.Win32.Banload.gc, Trojan-Spy.Win32.Ardamax.b, Trojan.BAT.Zapchast, Backdoor.Win32.Delf.aka, Exploit.HTML.Mht, Trojan-Downloader.Win32.IstBar.gen, Trojan-Downloader.NSIS.QQHelper.a, Trojan-PSW.Win32.Lmir.auc, Trojan-Spy.Win32.Banker.bfv, Trojan-Downloader.Win32.Banload.ack, Trojan-PSW.Win32.VB.iq, Exploit.ANI-MS05-002.z, VBS.VBSWG.gen, VBS.SST@mm, W32.HLLW.Acebo, Trojan.Win32.Agent.wc, Trojan.Win32.Klone.g, Adware.NewWeb, Adware.AllSum, Trojan-Downloader.Small.DDP, Trojan.Nebuler, Trojan-Dropper.Win32.MultiJoiner.13.h, Backdoor.IRC.Aladinz.B, PWS.Hooker.Trojan, JS.Exception.Exploit, Backdoor.Slackbot.B, Backdoor.NetDevil, Backdoor.Sdbot, Backdoor.IRC.Flood, W32.Blaster.Worm, BO2K.Trojan Variant, Backdoor.Powerspider, Infostealer.Tarno.B, Backdoor.GWGhost, Backdoor.Coreflood, Backdoor.Thunker, Backdoor.Colfusion, Dialer.OneOnOne, Backdoor.Optix, Backdoor.NetThief, Backdoor.NetBus.svr, Adware.Batty, Trojan-Downloader.Win32.Delf.gen, Trojan.Popper, Backdoor.Nibu, Backdoor.Satancrew, Backdoor.Subot, Backdoor.Win32.SdBot.aad, Yazzle Components, Trojan-Proxy.Baber.A, Backdoor.Win32.Rbot.axe, Backdoor.Win32.SdBot.gen, Backdoor.Win32.Wootbot.u, Trojan.Win32.Inject.t, Trojan.Cmapp, Trojan.Vundo, Trojan.Win32.Agent.qg, Trojan-Downloader.Win32.Agent.aqx, Backdoor.Pcclient.B, Trojan.Littlog, Trojan-Spy.Win32.Agent.zind, Trojan-Downloader.Win32.Tiny.bo, Trojan.Dropper, Dialer.TrafficAdvance, Trojan.Riler, Trojan-Spy.Win32.Agent.nz, Backdoor.Win32.Hupigon.bns, Trojan-Downloader.Win32.Agent.zf, Trojan-Downloader.Win32.Small.cwj, Deskbar.GiantExplorer, Backdoor.Win32.SdBot.aql, Trojan-Spy.Win32.Banker.anv, Trojan.Abwiz.F, Infostealer.Bzup, Trojan.Galapoper.A, Trojan.Progent, W32.SillyWNSE, Backdoor.Hupigeon, W32.Bugbear.B.Dam, Bloodhound.Exploit.6, DialupPwd, Trojan.Jasbom, Backdoor.Hesive.C, MHTMLRedir.Exploit, Backdoor.Usirf, Spyware.Ardakey, Trojan.JS.Clid.gen, Backdoor.Win32.BlackHole.2005.a, Backdoor.Win32.Prorat.ae, Exploit.HTML.InjScript, Exploit.JS.JavaPrxy.a, Exploit.JS.Phel.ah, Exploit.Win32.MS05-013.gen, Trojan.Win32.Delf.cn, Trojan-Downloader.Win32.Small.dms, Trojan-Downloader.Win32.Zlob.afe, Trojan-Dropper.VBS.GoboTools, Trojan-Dropper.Win32.Agent.atp, Trojan-Dropper.Win32.Agent.b, Trojan-Dropper.Win32.Small.aoi, Trojan-Spy.HTML.Bankfraud.ot, Trojan-Spy.Win32.Agent.ol, Trojan-Spy.Win32.Perfloger.u, W32.Gaobot.SN, W32.Rahack, Backdoor.Ranky.X, Trojan-Downloader.Dluca.E, Trojan.Flush.G, W32.Feebs!dr, Trojan.Zlob.D, Backdoor.Win32.Delf.aml, Backdoor.Win32.RA-based.z, Email-Worm.Win32.Scano.e, Worm.Win32.Feebs.gen, Trojan-Downloader.Win32.Agent.aqr, Trojan-Downloader.Win32.Small.dlf, Trojan.Win32.Agent.NDG, Backdoor.Lyshell, Infostealer.Gamania, Adware.Webprefix, Trojan.Zlob.I, Trojan-Downloader.NSIS.Agent.k, Trojan-Spy.Win32.Perfloger.i, W32.Beagle.EC@mm, Backdoor.HackDefender, Trojan-PSW.Win32.Sinowal.aq, W32.Stration.D@mm, BackDoor.Hufer, AOL Password Stealer 1.0, AOL Password Stealing Trojan 43, Barrio, Win32.RemoteKeyLog.b , M$N Crack Store v3.0, EGroup.InstantAccess, Backdoor.Win32.Nightmare, SiteUpdateWatcher.Kaboom, Trojan-Downloader.Win32.Dluca, Trojan-Downloader.Inor, Download.Trojan.B, Adware.IEhlpr, Trojan.Agent.DTF, Backdoor.Delf, Trojan.Win32.Conycspa.i, Trojan-Spy.Win32.ProKeylogger.10, Trojan-Spy.Win32.WinSpy.l

Spy Sweeper & Ewido Updates Sept 7th

Spy Sweeper latest update.

Program Version 5.0.7. (Build 1608)
Spyware definition: version 755
Updated September 6th, 2006
Protection against 149,004 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/



Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: September 7th, 2006
Known threats in database: 419,105

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spyware Doctor 3.0552 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0552 0
Intelli-Signatures: 70,369

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0551 0 - Fingerprints, Trojan.Downloader.Agent.ALZ, Trojan.Startpage.VO
3.0552 0 - 7kb.126.com, Adware.Roogoo

Extended Intelli-Signatures:
3.0551 0 - Adware.NewWeb, All-In-One Telcom, Backdoor.Bifrose, Backdoor.EzKilla, Backdoor.F_Door, Backdoor.Graybird.GEN, Backdoor.Hupigon.GEN, Common Components Unrelated, Dollarrevenue, Fast Video Player Dialer, FU Rootkit, Infwin, Instant Access, QQFace, SurfSideKick, Trojan.Banker, Trojan.Downloader.Small.ATL, Trojan.Downloader.Small.BNK, Trojan.Dropper.Agent.PQ, Trojan.Proxy.Lager.f, Trojan.PSW.Wowcraft

3.0552 0 - Backdoor.Agent.JN, Backdoor.Agobot, Backdoor.Bifrose.D, Backdoor.Darkmoon, Backdoor.Hupigon.GEN, Backdoor.Sdbot.AAD, BookedSpace, BrowserAid, Common Components Unrelated, CWS, CWS.XPSystem, EasySearch, Known Bad Sites, Mega! Search Hijacker, MsUpdSrv, Trojan.Downloader.Small.ATL, Trojan.Downloader.Small.CML, Trojan.Downloader.Small.CYH, Trojan.PWSteal.QQPass, Trojan.Startpage.CF, Trojan.StartPage.GEN, Trojan.Startpage.VO

Tool Update releases:
Instant Messenger Guard 3.6.0.2005

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Top Twenty Phish Brands for August 2006

The Castle Cops Phishing Incident and Termination (PIRT) Squad have issued it's top twenty brands targeted by phishers for the month of August.

As always, the PIRT Squad are working very hard on our behalf, so don't forget to report your phishing emails. The full list is found on the link below.

August 2006 confirmed phish (brand plus total count for August):


  1. PayPal - 147

  2. eBay - 118

  3. Bank of America - 37

  4. Fifth Third Bank - 25

  5. Wachovia - 24

  6. Nationwide - 22

  7. Bank of Scotland (Halifax) - 15

  8. Volksbank - 14

  9. e-gold - 13

  10. Barclays - 10

  11. Halifax - 10

  12. Wells Fargo - 8

  13. CitiBank - 8

  14. National Credit Union Administration - 8

  15. NAFCU - 7

  16. Commonwealth - NetBank - 6

  17. Michigan Schools and Government Credit Union - 6

  18. Chase - 6

  19. Texas Dow Employees Credit Union - 5

  20. National Australia Bank - 5

Anti phishing volunteers are always welcome, if you want to join the fight then Click Here to become part of PIRT


Tuesday, September 05, 2006

New Trojan Disguised As Cutting Edge Video Codec

Users looking for the latest and greatest video software may not just be in danger from media lawyers. Security firm Panda Software last week warned that zCodec, which claims to offer "up to 40 percent better (video) quality", is in fact an adware program that can install Trojans, rootkits and other malicious software.
Zcodec.com is related to VirusRescue, SpywareQuake, and the other rogue programs I've blogged about recently. The trojan from Zcodec is a bit different. You won't get the warning ballon saying you have spyware. Instead, your search results will get redirected. If you go to Google and search for books, NY Times book review and Amazon.com are top results. Clicking on Amazon.com will be redirected to some other web site. Depending on what you are searching for, you might end up on a page that will put spyware on your computer.

Also, it seems that McAfee's SiteAdvisor hasn't figured out that zcodec.com is a bad site. Despite most people saying it is a bad site, it remains a green site.

read more | digg story

Monday, September 04, 2006

Spyware Pop Ups This Week

I was testing one of the newer codecs that installs spyware, and thought I would share some of the pop ups it will put on your system. One of the things I found out was that VirusRescue is still out there and is being promoted through pop ups.

I was at a web site and was offered a video to watch. I couldn't see it and was told that I needed a codec to properly watch it. I knew this was going to install something unwanted, so I prepared to get infected with spyware on my test computer.


After installing the fake codec, I received the pop up above after a few minutes. Knowing I had installed a trojan, it was no surprise that I had a trojan that the pop up was warning about. All of the info in the pop up is made up. Nothing was actual scanned or confirmed to make the report in it. They already knew the computer was infected since that is the way the scam is set up.

Clicking the update security button changed the to what is on the left. The only way to solve the problems that the computer has now is to download one of the programs listed. AntiVirusGold, System Doctor, and WinAntiVirus are all known rogue programs. For now, I decided to not download anything and see what other pop ups I might get.

I got some other pop ups and alerts while waiting for something new to come up. Some were similar to ones I posted about earlier in my fake warnings from spyware post. I commented in that post about the English used in some of the fake warnings. This trend continues with latest one, VirusBurst. The warning balloon mention that clicking the warning will help you. They misspelled balloon like this: baloon. You can see this at Bleeping Computer's report about VirusBurst.

After awhile, I saw a familiar one. This pop up is made to look like it is part of Microsoft's Live OneCare. It's a bit out of date now, since Microsoft changed the look of their site some. Still, it's trying to dupe people into thinking it is from Microsoft or at least affiliated with them.

People who have used or been to Live OneCare may remember that and just assume this one is part of that. Unfortunately, it is not and is probably why this pop up was made. I decided to click on this one and see what it would do.

Clicking on the fake live op up took me to the home page for VirusRescue. What a surprise I thought. Since I already tested this rogue earlier, I didn't bother to download it. You can see my report on VirusRescue in an earlier post. They did redo the home page to make it look different, but it's still a scam. It doesn't have anything to do with OneCare or Microsoft. It's just a trick to get people to buy it.

If you do have any of the pop ups, fake alerts, or programs mentioned in this post, try following the free virus and spyware removal instructions I posted about.

Saturday, September 02, 2006

SiteAdvisor Fixes Web Site Ranks

A few days ago, McAfee's SiteAdvisor started using a new way to crawl web sites. SiteAdvisor is a new toolbar and service that ranks a web site based on several factors to determine if it is safe. Unfortunately, some of the best antispyware and security sites got a red marking, which means the site is not safe to go to. Tomcoyote.org was one of them.

Tom Coyote is one of the best security and antispyware sits on the web. It seems the web crawler for Siteadvisor was seeing links in Hijackthis logs to bad downloads. For some reason, the crawler did not notice that the downloads were not on Tom Coyote and other security sites like Bluetack. Instead, SiteAdvisor saw the bad download on the security sites that linked to it. Thus, Tom Coyote, Bluetack, and others got a red marking because of bad downloads. You can see on the SiteAdvisor report page for Tom Coyote that it now has a green or safe rating. You can also see many feedback reviews from people complaining about the wrong rating that Coyote got.

It took less than 24 hours for McAfee to undo the error. They do apparently listen to feedback from users and act on it. There is a topic at Spyware Warrior where Ben Edleman, who is on the board of advisors for SiteAdvisor, responds to the problem. There's also some interesting discussion on what makes a site bad and whether SiteAdvisor should rank adult sites as bad.

Ewido Antispyware - September 2nd

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.


Date of Update: September 2nd, 2006
Known threats in database: 410,407

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

SpySweeper Update 753

Spy Sweeper latest update.

Program Version 5.0.7. (Build 1608)
Spyware definition: version 753
Updated September 2nd, 2006
Protection against 148,723 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Sunbelt CounterSpy Update 403

CounterSpy 1.5 latest update definition is 403

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

BO.Speakeasy.DLL, Trojan.Banker.Delf.71B59650, Trojan.SL!M!Ydhiddld.134BBDB0, Trojan.Win32.AV-Killer, Backdoor.Klone.H, Trojan.INF.Energon, W32.SillyWNSE, W32.Wargbot, Backdoor.Sdbot.GXH, Bloodhound.Exploit.64, Backdoor.Agent.ADN, W32.Bugbear.B.Dam, XMLid.Exploit, Bloodhound.Exploit.6, DialupPwd, Backdoor.Ircbot.OA, W32.Rahack.H, W32.Yawmo, MHTMLRedir.Exploit, Bloodhound.Exploit.13, W32.Small.gen, Spyware.Ardakey, Bloodhound.Exploit.58, Trackware.Rewardnet, Trackware.Top10, W32.Flassmag, BadJoke.Win32.Agent.d, W32.Gaobot.SN, W32.Narcha, W32.Rahack, Trojan-Downloader.Generic.25184666, W32.Passma, Trojan-Downloader.Dluca.E, W32.HLLW.Timese, Backdoor.Rbot.AUS, Backdoor.Dumador.GE, W32.Peerload.A, Backdoor.Masot.A, W32.HLLP.Sality, MSH.Cibyz!int, W32.Randex.GEL, W32.Feebs!dr, W32.Tufik, W32.Gaobot.ZX, Trojan-Downloader.Generic.BD6CAA88, Backdoor.SDBot.10246257, Backdoor.SDBot.56BE244E, Trojan-Dropper.Win32.Small.asf, Trojan.Win32.Agent.NDG, Trojan-Downloader.Agent.gen, Trojan.Win32.Gload.g, Trojan-Downloader.Win32.Agent.asx, Trojan.Win32.Obfuscated.a, P2P-Worm.Win32.PeerBot.i, Trojan-Downloader.Win32.Agent.asl, Trojan.Win32.VB.asa, Backdoor.Lyshell, Infostealer.Bancos.Y, Trojan.Mitglieder.P, Trojan-Downloader.Small.BXR, W32.Lorac, Backdoor.Dister, Trojan-Downloader.Zlob.VH, Trojan.Zlob.1DE7648F, Infostealer.Gamania, Trojan-Downloader.Win32.Small.dns, Trojan-Downloader.Win32.Zlob.aeh, Trojan-Downloader.Win32.Zlob.afq, Trojan-Dropper.Win32.Small.anp, Trojan-PSW.Win32.LdPinch.atu, Trojan.Win32.DNSChanger.er, Adware.Webprefix, W32.Beagle.CO@mm, Trojan.Zlob.I, Trojan-Downloader.NSIS.Agent.k, Email-Worm.Win32.Zwur.b, Trojan.Win32.Crypt.i, Trojan-Spy.HTML.Amazofraud.j, Trojan-Spy.Win32.Perfloger.i, Worm.Win32.Feebs.dx, Trojan.Win32.Opnis.v, Everest Poker, Trojan.RkDice.C, Generic.Dialer.2A2C3D1E, Trojan.Clicker.AL, Infostealer.Wowcraft.D, Trojan.Delsha, Trojan.Spy.Banker.YD, W32.Beagle.EC@mm, W32.Stration.B@mm, Backdoor.HackDefender, Dialer.Freeload, IM-Flooder.Win32.VB.dn, Trojan-Downloader.Win32.Zlob.aae, Trojan-Downloader.

Threats that have been updated

Backdoor.Ciadoor,BookedSpace, Claria.Gator.eWallet, ClearSearch, Coulomb Dialer, DownloadWare, Hacker Defender, IEPlugin, IGetNet, Invisible Keylogger, IST.ISTbar, Look2Me, C2.Lop, KeenValue.PowerSearch, ClickSpring.PuritySCAN, WhenU.Save, SC-KeyLog, ShopForGood, Virtual Bouncer, W32.Klez.h@MM, 180solutions.SearchAssistant, Slagent/Navipromo, Zango.SearchAssistant, AproposMedia.ContextPlus, MediaMotor, DialerPlatform, W32.Spybot.Worm, Hotbar.ShopperReports,Backdoor.Win32.Rbot.gen, Virtumonde, EnergyPlugin, UniversalSearchToolbar, ConsumerAlertSystem.CASClient, SpySheriff, PurityScan.VirtueScope, Zenotecnico, PWS-Banker, WinFixer, 2Search, Trojan-Downloader.Q, DollarRevenue, Exploit.WMF, Trojan-Downloader.Gen, DesktopScam, DesktopMedia, Backdoor.IRC.Zapchast, Goldun.Fam, Haxdoor.Fam, Trojan.KillAV, Inor-Fam, QuickLinks/Forethought, C2.Lop.dldr, PigSearch, SpywareQuake, Henbang, Trojan.IEMax, Trojan-Downloader.Zlob.Media-Codec, Trojan-Proxy.Win32.Small.bo, Trojan.Win32.Pakes, Trojan.Win32.KillAV.hd, Trojan-Downloader.Win32.Agent.uj, Trojan.Win32.Small.fb, Backdoor.Win32.SdBot.xm, Infostealer.Banpaes, Infostealer.Bancos, Trojan.Anserin, Infostealer.Bancos!gen, Trojan.PWS.QQPass, Backdoor.Graybird, Infostealer.Lemir.Gen, Dialer.Sfonditalia, Trojan Horse, Infostealer.Lemir, Backdoor.Prorat, W32.IRCBot, Infostealer.Metafisher, SecurityRisk.Downldr, Backdoor.IRC.Bot, Backdoor.Trojan, Dialer.Target, Infostealer.Ldpinch, Backdoor.Bifrose, W32.HLLW.Gaobot, Infostealer.Wowcraft, Trojan.Zlob, W32.Mytob@mm, Trojan.Alemod, W32.Feebs, Trojan-Downloader.Bancos.gen, Adware.Iefeats, IRC.Backdoor.Trojan, Backdoor.CVM, W32.Rontokbro@mm, IRC Trojan, W32.Nugache.A@mm, Infostealer.Lineage, Trojan.Zlob.J, W32.Randex, Infostealer.Banker.B, W32.Linkbot, Dialer.Generic, Infostealer.Bancos.M, W32.Buchon.A@mm, Trojan.StartPage.M, W32.Randex.gen, Trojan.Desktophijack.B, Trojan.Phel, Trojan.Jupillites, Trojan-Spy.Win32.Flux.ae, Trojan.Voxom, Trojan.Win32.Agent.vp, Constructor.Win32.MicroJoiner.17, Trojan-Spy.Win32.Ardamax.b, Trojan-Spy.Win32.Banbra.gi, Trojan-Spy.Win32.Banker.awa, Trojan-Spy.Win32.Banker.blf, Trojan.Win32.PePatch.cp, Trojan-PSW.Win32.Delf.mc, Trojan.Agent.UT, Trojan-Downloader.Win32.VB.zu, Trojan.Win32.Agent.wc, Trojan.LinkOptimizer, Backdoor.Win32.Bifrose.rr, Adware.NewWeb, Trojan.Nebuler, Trojan.Win32.Dialer.qi, Backdoor.Daemonize, Backdoor.IRC.Flood, JS.Seeker.B, Yahoo.Flooder, Backdoor.Optix, Backdoor.NetThief, Infostealer.JiangHu, Trojan-PSW.Win32.WOW.da, Trojan-Spy.Win32.Banbra.gl, Trojan-Downloader.Win32.Delf.gen, Trojan-Dropper.Win32.Small.apz, Backdoor.Win32.SdBot.aad, Trojan.Win32.Agent.ha, Adware.IEhlpr, Exploit.Java, Trojan-Spy.Win32.Banker.axc, W32.Blackmal.E@mm!enc, Trojan-Downloader.Win32.VB.ji, Trojan.Win32.Runner.j, Trojan-Downloader.Win32.VB.abt, Backdoor.Win32.PoeBot.c, Backdoor.Win32.SdBot.gen, BAT.Mumu.A.Worm, Trojan.Vundo, Trojan-Clicker.Win32.Spywad.o, Trojan.Lootseek.AV, Trojan-Downloader.Win32.Small, Trojan.Ducky.B, Trojan.Dropper, Dialer.TrafficAdvance, Trojan.Clicker.Small.LL, Trojan-Clicker.Win32.Delf.f, W32.Looked.O, Trojan-Downloader.Win32.VB.ajw, Diaremover, Backdoor.Tuimer, Trojan.Emcodec.G, Trojan-Downloader.Dynk.B, Trojan-Spy.Win32.Agent.om, Trojan-Downloader.Win32.Small.bxa, Backdoor.Win32.Delf.atg, Backdoor.Win32.Rbot.aus, Trojan.Win32.Tibs, Trojan-Clicker.Win32.Small.ls, Trojan-Spy.Win32.Agent.ct

Spyware Doctor 3.05500

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0550 0
Intelli-Signatures: 62,466

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0548 0 - Trojan.Clicker.Bukaw, Trojan.Spy.EgySpy, Trojan.Spy.Loper

3.05490 - Backdoor.Cazdoor, GURL Watcher, Trojan.Downloader.Agent.ATB, Trojan.Dropper.Vidro.B, Trojan.Spy.VB

3.0550 0 - Adware.Allsum, IamBigBrother, StartPage.AKS, Trojan.Agent.UT

Extended Intelli-Signatures:
3.0548 0 - 007 Keylogger, 2020search.com, AdMedia, Backdoor.Agent.CFC, Backdoor.Optixpro, Backdoor.Sdbot.AAD, CWS, EliteBar, Email Spy, Guardian Classic Monitor, Known Bad Sites, Lop.com, Regifast, Rogue Anti-Spyware Products, Trojan.Downloader.Ruins, Trojan.Dropper.Small.AEK, Trojan.Popuper, Trojan.PWSteal.QQPass, WinAntiVirus, XTS Keylogger

3.05490 - Adware Punisher, AproposMedia, Backdoor.Wootbot, Borlander, Diablo Keylogger, Lop.com, Malware Wipe, Rootkit.Vanti, RPCC Spammer, Trojan.Clicker.Promo.A, Trojan.Downloader.Delf.YB, Trojan.Downloader.Harnig, Trojan.Downloader.Small.CQB, Trojan.Downloader.Small.TM, Trojan.Dropper.MultiJoiner, Trojan.Dumaru, Trojan.Popuper, Trojan.PWSteal.Lmir.GEN, Virtual Bouncer, Virtumonde, WinTools

3.0550 0 - All In One Keylogger, Backdoor.Hackdoor, Backdoor.Sdbot.AAD, CasinoClient, CWS.XPSystem, DateBar, DeskAdTop, Known Bad Sites, PigSearch, QQFace, Trojan.Abox, Trojan.Downloader.Agent.AM, Trojan.Goldun.D, Trojan.Goldun, Trojan.Popuper, Trojan.PWSteal.QQPass.BY, Trojan.PWSteal.QQPass, WinAntiVirus

Tool Update releases:
Kernel Driver (ikhlayer) 3.6.1.2011
Network Guard 3.6.0.2031
Startup Guard 3.6.1.2118

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Sitemeter