Friday, December 28, 2007

New Rogue - MalwareCrush

They don’t stop trying do they? I’ve just had a report about another new rogue that goes by the name of MalwareCrush.

MalwareCrush is a rogue anti-spyware program that uses aggressive advertising and is installed onto your computer through the use of Trojans and other malware. This software is typically installed on your computer when you download programs masquerading as a video codecs required to view a video on a web page. In reality, though, when you install these Trojans, they will instead show fake security alerts in your Windows taskbar and install MalwareCrush onto your computer without your consent.

Once MalwareCrush is installed, it will automatically start and scan your computer. When the scan is finished it will have found the malware that actually installed it in the first place, but will require you to purchase the software before you can attempt to remove it. This is obviously a scam and you should not purchase the software under any circumstances.

Removal guide and screenshots at Bleeping Computer

Monday, December 10, 2007

Microsoft Security Bulletin Advance Notification for December 2007

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

The following updates are planned for release on Tuesday December 11th.

Critical (3)

Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, DirectX, DirectShow...

Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Windows Media Format Runtime...

Microsoft Security Bulletin 7
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Important (4)

Microsoft Security Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin 3
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows...

Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows...
---

Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -six- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -one- non-security, high-priority update for Windows on Windows Update (WU).
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."

Saturday, November 24, 2007

MSN Messenger Trojan

An MSN trojan is infecting thousands of PC’s worldwide via an IRC botnet. The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known contacts.

So you get a message saying ‘Hey, this is your pic’ or ‘Hey this is your pic on this site’ with a link to a picture rating site. Click on the link and you will find that your computer has been recruited into the botnet!

From e-Week

The Trojan is an IRC bot that’s spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word “pics” as a double extension executable—a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name “images” as a .pif executable—for example, IMG34814.pif.

The files are infiltrating new systems by using either known contacts from which the Trojan has harvested instant messaging names, as well as from the systems of unknown users.

The infection vector—an IM program—isn’t new. But the Trojan is the first that eSafe has tracked that has tried to scan for VNC (Virtual Network Computing) instances, likely in order to multiply the botnet’s number of connections.

Use your common sense when chatting with friends, don’t click on links or open files sent from friends or otherwise unless you are 100% sure that your friend intended to send you the link. They won’t be offended if you decline to click…. !

Here is some good advice from Get Safe Online about using Instant Messaging Safely

Wednesday, November 14, 2007

NutnWorks.com (formerly Security Central)

For various reasons my friends at Security Central (or http://security-central.us/forums/) have felt it necessary to change name and move domain.

You can find the team at Nutnworks.com or if you want a direct link to the forums then click here.

Nothing else has changed.. you will still get great security news and support there… although the nice green skin has been disabled for the time being as there is still a little bit of work that needs to be done on that.

Please update your bookmarks and give Larry and Paul some support by paying them a visit now and then.

Tuesday, November 13, 2007

Zangcodec and Virus Protect 3.8

A codec is a little piece of software that is needed so that you can play or stream some video files.  Personally I’ve never had to install a codec.. but then I don’t do a lot with that medium.

One of the biggest problems around on the internet at the moment is the Zlob trojan (and variants of it), people get stung because they are told they need a codec to run certain adult material.   Once installed the victim is plagued with pop ups from some fake antispyware program or other and the computer becomes more or less unusable.

Recently the stakes have been upped a little and the Apple Mac platform has been targeted along with Windows.  The latest malicious codec site is  Zangocodec as reported by Sunbelt.

The latest rogue program seems to be Virus Protect 3.8 which was put on the Smitfraud list by S!Ri yesterday.  S!Ri is the author of Smitfraudfix and has been keeping this essential tool updated for the last three years or so.  Thank you S!Ri.

If you want a bit more information about zangcodec then click here.   If you need to know how to use the Smitfraudfix tool then click here.  But I do suggest that you ask for assistance at one of the fantastic anti malware sites that will not only help to get you clean but will give you some good technical advice on how to avoid these sort of infections in the future.   You can find a list of anti malware sites here.

Monday, November 12, 2007

Get Safe Online Awareness Week

Get Safe Online is a cracking site full of useful information in language that we can all understand, it’s the site I recommend to friends and colleagues who aren’t exactly computer nuts like me. The site is sponsored by the UK Government and various industry partners including Microsoft.

Unfortunately it also seems to be one of the best kept secrets on the internet. I very rarely see links to the site in my travels and certainly see very little about it in other types of media.

Hopefully this will change soon. The BBC ran a story today about the risks of identity theft and fraud when using social networking sites and Get Safe Online was heavily featured in the article.

This week is Get Safe Online Awareness week and the Get Safe Online campaign will be travelling around the country offering independent, expert advice on how you can stay safe and secure when using the internet.

  • Tuesday 13th November - Bristol & Edinburgh
  • Wednesday 14th November - Cardiff & Newcastle
  • Thursday 15th November - Birmingham & Manchester

If you have a web site or a blog then why not share a link?  The site will provide banners and script snippets in their supporters kit and they will also link to your site.. and as we all know… Google loves links!!! Get Safe Online Link information here.

Thursday, November 08, 2007

Microsoft Security Bulletin Advance Notification for November 2007

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 13 November 2007 Microsoft is planning to release:

Security Updates

One Critical Bulletin.

  • One Microsoft Security Bulletin affecting Microsoft Windows with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

One Important Bulletin.

  • One Microsoft Security Bulletin affecting Windows with a Maximum Severity rating of Important. This update may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Centre.

Non-security High Priority updates on MU, WU,WSUS and SUS

  • Microsoft will release zero NON-SECURITY High-Priority Updates for Windows on Windows Update (WU)
  • Microsoft will release three NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for "security update".
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086

Saturday, November 03, 2007

Firefox Update to v2.0.0.9

I've had a bad cold which finally got the better of me yesterday, so I didn't get to tell you about the latest update to Firefox.  If you use Firefox and it hasn't already prompted you to download and intsall the update then you can do it manually by opening Firefox and going to Help > Check For Updates.

This is a stability update that corrects several issues that were found in the previous version of Firefox.

Thursday, November 01, 2007

October's Top Twenty

Want to know what was doing the rounds last month?

Online Scanner Top Twenty for October

Summary:-

  • New: Packed.Win32.NSAnti.r, Trojan-Downloader.VBS.Psyme.ga, Trojan.Win32.VB.atg, Trojan-Downloader.Win32.AutoIt.q, not-a-virus:Porn-Dialer.Win32.AdultBrowser.
  • Moved up: not-a-virus:AdWare.Win32.BHO.cc, Email-Worm.Win32.Rays, IM-Worm.Win32.Sohanad.t, IM-Worm.Win32.Sohanad.as, Worm.Win32.AutoIt.c
  • Moved down: Trojan.Win32.Dialer.qn, Trojan-Downloader.Win32.Small.ddp, not-a-virus:Monitor.Win32.Perflogger.ca, not-a-virus:PSWTool.Win32.RAS.a, not-a-virus:Monitor.Win32.Perflogger.ad, Trojan-Spy.Win32.Perfloger.ab
  • No change: Email-Worm.Win32.Brontok.q, Virus.VBS.Small.a, Trojan.Win32.Obfuscated.en

Virus Top Twenty for October

Summary:-

  • New: Trojan-Spy.HTML.Fraud.ay, Exploit.Win32.PDF-URI.k, Virus.Win32.Virut.a
  • Went up: Worm.Win32.Feebs.gen, Email-Worm.Win32.NetSky.t, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.Mytob.u
  • Went down: Email-Worm.Win32.NetSky.aa, Email-Worm.Win32.Mydoom.l, Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.Nyxem.e, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.NetSky.b, Net-Worm.Win32.Mytob.dam, Exploit.Win32.IMG-WMF.y, Trojan-Spy.HTML.Paylap.bg
  • Re-entry: Email-Worm.Win32.LovGate.w

OSX Has It's Own Zlob DNSChanger OSX.RSPlug.A

Right before going to bed, I saw that there is a new variant of the all too familiar Zlob DNSChanger that has been infecting Windows computers for some 2 years now. The big change is it targeting Mac OS X instead of Windows. It does the same thing as the Windows versions that change your DNS to hijack your computer. It will redirect you to web sites you didn't mean to go to and your search results will also get sent to ones that the bad guys want you to see. That way,they can bombard you with ads and other garbage to try and get money out of you.

DNS is like a phone book. Your computer looks up what IP address a site like Google.com has. Since you are now using the fake phone book, when you click on a link or enter a web address, they send you to a similar web site. Usually, it has a lot of ads and links to other crappy websites. My experience with the Windows variants tends to be only a few redirects and then you are left alone for awhile. Also, unlike the zlob variant that tries to sell a fake antispyware program, you do not get pop ups and warning balloons that your system is infected.

The OS X version uses the same tactics to get you to install the trojan. A video gives you a warning that you need t install a codec or plug-in for Quicktime to view it. When you download the fake codec and try to install it, OS X will ask you for your admin password. This is one advantage that OS X has that most Windows users do not have. If you do not enter your password, then nothing bad happens. If you do enter your password, then you get hijacked.

Macworld has more details on this and how it can be removed. One of the first to report this trojan was Intego, who makes security software for MacIntosh computers.

Check in your Library folder (not the System/Library or your user Library) for a file called plugins.settings. The path to the file is:

/Library/Internet Plug-Ins/plugins.settings

Removing that file by itself won't fix the trojan. You need to do a little work in Terminal to remove OSX.RSPlug.A

1. In the Finder, navigate to /Library -> Internet Plug-Ins, and delete the file named plugins.settings. Empty the trash. This deletes the tool that sets the rogue DNS Server information.

2. In Terminal, type sudo crontab -r and provide your admin password when asked. This deletes the root cron job that checks the DNS Server settings. You can prove it worked by typing sudo crontab -l; you should see the message crontab: no crontab for root.

3. Open your Network System Preferences panel, go to the DNS Server box, and copy the entries you can see to a Stickies note, TextEdit document, or memorize them. Now retype those same values in the box, then click Apply.

4. Reboot your Mac.


For the most part, this is more of an annoyance. The main danger comes if you go to a website and enter personal information that the crooks want. They could redirect you to a website that isn't really your bank or Pay Pal and steal your login information. Although it seems now that it is mainly to send you to websites to peddle programs and display ads for you to click on.

Monday, October 29, 2007

ESET Smart Security and ESET NOD32 Antivirus V3.0 Launched

I’m not a big fan of Security Suites… for my own reasons, they may suit some people but they don’t really suit me.

However I was excited to learn that ESET has launched ESET Smart Security and ESET Nod32 Antivirus v3.0 today.

Bournemouth, UK (29th October 2007) – ESET, the leader in proactive threat protection, today announced ESET Smart Security, a new, integrated security solution for consumers and SMEs, built on ESET’s award-winning advanced heuristic ThreatSense® detection system and the ESET NOD32 scanning engine. Unlike security suites that combine standalone products, ESET Smart Security tightly integrates the antispyware, antispam and firewall features, with the new version of ESET’s flagship ESET NOD32 Antivirus scanning engine. This tight integration allows each module to share information with the other to evaluate and classify every threat appropriately.

“Threats no longer appear in the form of pure viruses or spam or phishing. They now come as ‘blended’ threats which require an integration and intelligence among individual security features. Smart computer users are looking for the best level of integrated protection with the minimal amount of inconvenience,” said Phil Hochmuth, senior analyst at the Yankee Group. “This drives users to look for malware solutions that provide great protection, are easy to install, don’t slow down their computers, and work completely behind the scenes.”

Full blurb here

If you are interested in some of the issues that came up as it was being tested then check out the official support forums at Wilders

Saturday, October 27, 2007

Winpatrol Update - Will Now Warn of Changed to Windows Update

Winpatrol v12.2.2007 was made available for download on Friday. This new version will now alert you if changes are made to your Automatic Update settings. Like most features, the intention is to protect users from changes made by malicious programs. As a side however, it will also detect if Microsoft or one of their applications decide to change these settings without your knowledge.

My personal preference for Automatic Updates, like Bill P of Winpatrol is to ‘Check for Updates, but let me choose whether to download and install them‘.

See Bills blog, Bits From Bill for the full lowdown

Wednesday, October 24, 2007

Direct Revenue is Dead

Take it away Paperghost!

I’ll just have a little dance about whilst everyone involved in this great result enjoys the feeling of a good job jobbed as my mum used to say! Photo Sharing and Video Hosting at Photobucket

Friday, October 19, 2007

Firefox 2.0.0.8 Released

Firefox 2.0.0.8 was released today, there are a few security fixes and support for Mac OX x 10.5 and updated language support.

Your browser should ask you to update automatically… however, having said that, my Firefox hasn’t asked to update yet. In which case all you need to do is go to Help > Check For Updates. You will then be prompted to download the update and run it.

Happy Surfing! surfing.gif

Thursday, October 18, 2007

Windows Live OneCare - Contact Help Center

After an install or an upgrade of Windows Live OneCare, the antivirus and spyware component may not start properly. Users are shown a red action item entitled: “Urgent, Contact Help Center - OneCare virus and spyware protection encountered a problem and cannot start”.
This tool will attempt to repair the virus and spyware protection component of OneCare on this computer.

You MUST save this file to your computer and then run it. Do NOT select ‘Run’ from the download dialogue.

Download and installation instructions

Saturday, October 13, 2007

Bad Kitty

Websense® Security Labs™ are warning of a new website that is being spammed out by those behind the Storm Worm attacks.

This site poses as a free Ecard Web site. Users with unpatched computers are automatically exploited. Users with patched computers are prompted to download and run a file called “SuperLaugh.exe.” This file contains the Storm payload code.

Sample email text:

View your Kitty Card now! (URL REMOVED)

Go to Websense to see a screenshot of the website.

I haven’t had one of these yet… but I suppose it’s only a matter of time.

Tuesday, October 09, 2007

SpySweeper Now Bundling Toolbars

When you are fighting malware you sometimes need to be able to direct users to tools that they can download and use without worrying about cost or unexpected surprises. There are a lot of dedicated developers who donate a heck of a lot of time and expertise in providing us with a powerful arsenal. But a lot of those tools are for a specific type of infection and/or may cause problems if not used properly. So we try not to use them if possible.

Having a fully functional trial version of a commercial spyware scanner and cleaner that will scan, provide a log and clean up a machine is a boon… and quite often the user who has been directed to use it will decide to purchase that product.

One of the products that we used to use was Spysweeper.. but unfortunately the trial version will no longer clean the machine.. it just scans and identifies problems… and even worse, it comes with bundled software where the option to install is on by default!! :(

Spysweeper install

I don’t like toolbars, but if I want one then I will decide for myself whether to download and install it or not.

I must stress that you do have the option to opt out of the installation of this extra software… but personally I think it should be the other way around… you have the option to opt in.

If you ask me.. it’s a real shame. An example of marketing gone mad.

Friday, October 05, 2007

Microsoft Security Bulletin Advance Notification for October 2007

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don?t forget to prepare for the updates as I?ve outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 09 October 2007 Microsoft is planning to release:

Security Updates

Four Critical Bulletins in total.

  • Three Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Outlook Express and Windows Mail with a Maximum Severity rating of Critical. The update will not require a restart, except in certain situations and for Windows Vista and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Update Scan Tool.
  • One Microsoft Security Bulletin affecting Internet Explorer with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Office with a Maximum Severity rating of Critical. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Three Important Bulletins in total.

  • Three Microsoft Security Bulletins affecting Windows with a Maximum Severity rating of Important. This update may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Office with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Non-security High Priority updates on MU, WU,WSUS and SUS

  • Microsoft will release one NON-SECURITY High-Priority Updates for Windows on Windows Update (WU)
  • Microsoft will release three NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for ?security_patch?.
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086

Internet Explorer 7 Update

IE7 was re-released yesterday for Windows XP users.

Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users. If you are not already running IE7, you can get it now from the Internet Explorer home page on Microsoft.com, get a customized version from a third-party site, or, if you haven’t already received it via Automatic Updates, this version will be delivered to you as we described previously. If you are already running IE7, you will not be offered IE7 again by Automatic Updates.

Additionally, we’ve made minor changes to IE7 for Windows XP based on customer feedback:

  • The menu bar is now visible by default.
  • The Internet Explorer 7 online tour has updated how-to’s. Also, the “first-run” experience includes a new overview.
  • We’ve included a new MSI installer that simplifies deployment for IT administrators in enterprises. Learn more about it here.

Please see IE Blog for full details

Tuesday, October 02, 2007

Botmasters Take Heed – You Are Being Put On Notice

As an active member of the security community I am painfully aware of the constant attack that our servers suffer. Most of the time this can be managed, but sometimes it gets just a little too much.

Back in February of this year, my friends at Castlecops suffered a massive DDoS attack, but even though it spoiled Paul and Robin’s valentines day celebrations.. they kept the site going.

Today, Greg King of Fairfield in California was arrested and charged with being responsible for the DDoS against CastleCops last February.

Read what Robin has to say in her announcement here.

Good guys = 1 Bad guys = 0

Update - Excellent write up at The Register

Monday, October 01, 2007

Media Motor Gets Slammed by FTC

The Federal Trade Commission slammed Media Motor with a $330,000 fine and a possible forfeiture of $3,595,925 in money that was "ill-gotten" according to the FTC. While the whole amount should be turned over, it is good to see that another malware maker has been slammed for ripping people off.

Back in November, the FTC charged ERG Ventures, LLC with tricking people into downloading Media Motor by hiding it in free downloads. Screen savers and video files were two of the most common types of files. Even today, many spyware programs use free videos to get their crap onto your computer. The Zlob trojan, responsible for the likes of SpyAxe, SpyFalcon and VirusRescue, used videos and a fake codec to get on your computer. Anyways, once Media Motor got on your computer, it would your home page, track you, try to disable your antispyware programs and generally be a pain to get rid of.

Here's an excerpt from the FTC report describing the penalties that Media Motor is subject to:

The order will permanently bar the defendants from distributing software that interferes with consumers’ computers, including software that tracks consumers’ Internet activity or collects other personal information; generates disruptive pop-up advertising; tampers with or disables other installed programs; or installs other advertising software onto consumers’ computers. The defendants will also be required to fully disclose the name and function of all software they install on consumers’ computers in the future, and to provide consumers with the option to cancel the installation after viewing the disclosure.


You can read the full report on the FTC media Motor press release here.

The Federal Trade Commission is the branch of the US Federal Government that handles fraudulent Internet web sites and programs. You can file a complaint against any web site or computer program by visiting the FTC complaint page and filing a complaint. You can also call 1 877 382 4357 to complain as well.

Thursday, September 27, 2007

Mailwasher Pro Updated

 

One of my favourite programs has been updated and version 6.0 is now available for download.

Mailwasher helps you to identify and deal with spam and dangerous emails before they ever get a chance to be downloaded to your email client on your computer.

What’s new in version 6?

Easier to use
Many of you didn’t know how to train MailWasher to block spam, so this has been made easier with the Action column. The Action column lets you specify whether an email is ‘GOOD’ or ‘SPAM’ and from this, MailWasher will quickly and automatically learn which of your email is spam and which is good, saving you time.
All the settings for options, email accounts and spam tools are now able to be changed in one area. All accessible via the ‘Settings’ button on the front of MailWasher.
Additionally, there are many small tweaks to improve your experience of using MailWasher Pro.

Recycle Bin
Many of you never knew you could rescue accidentally deleted email. So a button called the ‘Recycle Bin’ has been placed on the front of MailWasher and this allows you to restore any email you have lost.

A new look
MailWasher is now a bit brighter and shinier. It was looking a bit scruffy, so hopefully you like the subtle changes.

Updated spam algorithms
We’ve updated the spam algorithms so you should see a big difference in the spam catching ability of MailWasher if you’re using FirstAlert.

Vista Compatible
Yes, this version is fully compatible with Windows Vista. Finally.

There is also a natty little video showing you some of Mailwashers new features when you first start the program. See below,

mailw.jpg
Mailwasher is an excellent product and one I would thoroughly recommend.

Note: I think everyone must have gotten their update notifications at the same time I did as the Firetrust server seems to be having some problems, if you can’t get to the site then just bookmark the page and pop back later.

Monday, September 24, 2007

NOD32 Update 2548 (20070924)

NOD32 Antivirus detection database has been updated to version 2548 (20070924)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

Win32/Agent.BJT, Win32/Agent.BTQ, Win32/Agent.NGX (3), Win32/AutoRun.AO (3), Win32/Hupigon.MXV, Win32/PSW.LdPinch.NCB, Win32/PSW.OnLineGames.NCU, Win32/PSW.OnLineGames.NEP, Win32/Rustock.NCS, Win32/Spy.Banker.NRG, Win32/Spy.Banker.OKB (2), Win32/Spy.Goldun.NBY, Win32/Spy.VB.QJ, Win32/TrojanDownloader.QQHelper.AET, Win32/TrojanDownloader.QQHelper.NDQ (3), Win32/TrojanDownloader.Small.FTW (2), Win32/TrojanDownloader.Zlob.BEP (2), Win32/TrojanDownloader.Zlob.BEQ (11), Win32/TrojanDropper.VB.NBW, Win32/Virut, Win32/Virut.Q

CounterSpy 2.5 Update 637

CounterSpy 2.5 latest update definition is 637

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Here is a partial list of selected threats in this update. For a full list of the updates, see Spyware Definitions on the Sunbelt site.

This uppdate has many updates, but mostly with names like trojan dropper and password stealer. I did find this one's name interesting: Zenotecnico. Also know as Adware.ZenoSearch, Adware.Zenosearch.B.

Winfixer, SpySheriff, AdwareSpy and the ubiquitous Storm Worm get updated definitions as well.

RogueRemover and a Short History of Rogues

RogueRemover has been around for awhile, but I like to be thorough and wait till I know a program is good. There's lots of talk here and around the Net about rogue antispyware programs, but what are they?

In short, it is a program that is supposed to be helpful but really is useless or even has been put on your computer to try to sell itself. The most famous of these are the ones from the Smitfraud group from the Russian mob scam artists. Names like SpyAxe, SpyFalcon and WinAntivirus are just a few of them. Back in 2005, the first one, SpyAxe, hit the Internet and ticked off alot of people. I posted removal instructions on my old blog on how to remove it. Most of the 200,000+ page views for that one post came in the first 3 months. By then, SpyAxe was out and a new rogue SpywareStrike was screwing up people's computers. Many people found out it was easier to use trojans to infect people's computers and then offer a solution. Now there are many of these rogue programs.

SmitFraudFix targets the actual trojan, usual called zlob, to rid your computer of these pests. RougeRemover targets the fake programs that get installed. So here i'll start giving updates for RougeRemover, since it is a good tool to remove the fake antispyware programs we call rogue programs.

RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers.

You can download RogueRemove from Malwarebytes.org and a few other sites like MajorGeeks. You can read more about it at Malwarebytes.

Here are the recent programs it removes, plus selected older rogues.

Current Version is 151

Added: AntiVirGear, CryptDrive, OSBodyGuard, PCSleep Error Cleaner, SafeStrip, SpywareLocker, SystemDefender

Updated: Rogue.Infector

Previous additions: virusProtectPro, VideoAccessCodec, Spyware-Sweeper, SpyHeal, VirusHeal, BPS Spyware Remover, SpyLocked, Ultimate Cleaner, MalwareWiped, SpyCrush, SpyDawn, VirusRescue and oldies like SpyAxe and SpyFalcon

Sunday, September 23, 2007

CounterSpy 2.5 Update 636

CounterSpy 2.5 latest update definition is 636

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Here is a partial list of selected threats in this update. For a full list of the updates, see Spyware Definitions.

Added:
AdWare.Win32.BHO.ge, AdwareRemover2007, Backdoor.Hupigon.FNT, Backdoor.Lecna.AC, Backdoor.Mailbot.R, Backdoor.T.TR, Backdoor.Win32.Agent.bqz, Backdoor.Win32.Haxdoor.gh, Backdoor.Win32.Rbot.dyx, Email-Worm.Win32.Nulprot.e, Exploit.JS.Agent.ar, Spy-Agent.ba, Trojan-Clicker.HTML.IFrame.as, Trojan-Clicker.HTML.IFrame.au, Trojan-Downloader.JS.Agent.hv, Trojan-Downloader.JS.Agent.qk, Trojan-Downloader.S.TR, Trojan-Downloader.Win32.Agent(many variants), Trojan-Downloader.Win32.AutoIt.v, Trojan-Downloader.Win32.BHO.bf, Trojan-Downloader.Win32.Mediket.dw, Trojan-Downloader.Win32.Small.fox, Trojan-Downloader.Win32.Tiny.lq, Trojan-Downloader.Win32.VB.bia, Trojan-Dropper.Agent.BOX, Trojan-Dropper.Win32.Agent.bvb, Trojan-Dropper.Win32.Agent.bwh, Trojan-Dropper.Win32.Killav.e, Trojan-Proxy.Win32.Delf.db, Trojan-PSW.Win32.Agent.pl, Trojan-PSW.Win32.Delf.aas, Trojan-PSW.Win32.LdPinch.cub, Trojan-PSW.Win32.OnLineGames (many variants), Trojan-PSW.Win32.WOW.wk, Trojan-PSW.Win32.WOW.wz, Trojan-Spy.HTML.Bankfraud.pu, Trojan-Spy.Win32.Banker.dkb, Trojan-Spy.Win32.Delf.agk, Trojan-Spy.Win32.Delf.ago, Trojan-Spy.Win32.Delf.bax, Trojan-Spy.Win32.Webmoner.ch, Trojan-Spy.Win32.Zbot.n, Trojan.Adw.SaveNow, Trojan.Duntek.A, Trojan.Horse.Downloader3.RUR, Trojan.Kobcka.M, Trojan.Win32.Agent(many variants), Trojan.Win32.Obfuscated.hq, Trojan.Win32.Obfuscated.ic, Trojan.Win32.Obfuscated.id, Trojan.Win32.VB.bfu, Trojan.Zayan.B, win32/Madangel.remnants, Worm.Win32.Viking.mc

Updated:
Adware.Cinmus, Adware.SecToolbar, Adware.Webprefix, Adware.Win32.Agent.am, Ardamax Keylogger, CarpeDiem, CasinoOnNet, ClickSpring.PuritySCAN, Dialer.Maxd, Dialer.Target, Dialer.Win32.GBDialer.j, DialerPlatform, DrAntispy, Email-Worm.Win32.NetSky.r, Goldun.Fam, Hacktool.Spammer, Hyperlinks Rotator, MagicAntiSpy, NetPumper, PC Tattletale, Perfect Keylogger, PWS-Banker.gen.aa, PWS-Pinch, Rabio, Rootkit.Win32.Agent.ea, Rootkit.Win32.Agent.ii, SC-KeyLog, SpySheriff, SpywareLocker, SpywareSoftStop, Storm.Worm, Virtumonde, Web Buying, Win32.ExplorerHijack, Win32.Worm.IM.Sohanat.B, Win32.Worm.Nuj.A, Win32.Worm.Winko.I, Worm-Win32/Allaple.gen!dam, Worm-Win32/Emerleox.gen!C

Saturday, September 22, 2007

MVPS HOSTS File Updated September 21

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? … because in certain cases “Ad Servers” like Doubleclick (and many others) will try to open a separate connection on the webpage you are viewing.

Lots more information and download links and installation instructions at Blocking Unwanted Parasites with a Hosts File

smallvista.gif Vista users make sure you read the special instructions here



Download: hosts.zip (144 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource
for determining possible culprits ... (626 kb)
http://www.mvps.org/winhelp2002/hosts.txt

Spyware Doctor 5.08170

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 5.08170
Intelli-Signatures: 648676

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

5.08170- P2P-Worm.Kingdom, P2P-Worm.Poopoo, Email-Worm.Scano, P2P-Worm.Druagz, Email-Worm.Monikey.H, Trojan.Agent.HM, PSWTool.IpdBrute, P2P-Worm.Smeagol, Backdoor.SdBot.BXR


5.08160 - Trojan-Spy.VB.NB, Trojan-Downloader.Konix, Trojan-Downloader.Tiner, Trojan-Downloader.Wirefall, Trojan-Downloader.Small.AYP, Trojan.Enfal, Trojan-Downloader.Small.CUL, Trojan.Klone

Extended Intelli-Signatures:

5.08170- Spyware.SpywareNuker, Trojan.RPCC_Spammer, Trojan-Downloader.Small.GEN, Application.MailPass_Viewer, Adware.WSearch.O, Application.MessenPass, Spyware.JimmyHelp, Application.Ardamax_Keylogger, RogueAntiSpyware.SpyAxe, Adware.MediaGateway, Trojan.PurityScan, Adware.Security_Toolbar, Trojan.Clagger.H, Trojan.Smartallyes, Trojan-Downloader.VB, Adware.Aureate, Trojan-Proxy.Xorpix, Adware.CoolWebSearch_OLE_Automation_Server, Trojan-Proxy.Wopla, ActiveX Objects


5.08160 - Trojan-Downloader.NTWorkStan, Trojan.Danmec, Adware.Agent.BN, Spyware.BaiDu, Trojan-Downloader.Small.GEN, Trojan-Dropper.Agent.AMR, Dialer.Dialupass, Rootkit.Agent.EX, Trojan-Downloader.Obfuscated, Trojan-Spy.Flux, Worm.Mytob, RogueAntiSpyware.SpyAxe, Application.MailPass_Viewer, Trojan-Downloader.QQHelper


Deleted Intelli-Signatures: Trojan.Agent.MultiDrop

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Update 2544 (20070923)

NOD32 Antivirus detection database has been updated to version 2544 (20070923)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Free fully functional trial is available.

Threats added in this update include the following:

INF/Autorun, Win32/Black.A, Win32/Delf.ABR, Win32/Nuwar.Gen, Win32/Obfuscated.GY, Win32/Qhost (2), Win32/Qhost.NBW, Win32/Qhost.NBX, Win32/Rbot (2), Win32/Sohanad.AP, Win32/TrojanDownloader.Agent.NPQ (2), Win32/TrojanDownloader.Agent.NQP, Win32/TrojanDownloader.Agent.NQQ, Win32/TrojanDownloader.Small.NXC (2)

Added in earlier updates:

Win32/Bagle.JU, Win32/Brocat.G, Win32/Diazom, Win32/IRCBot.ZH, Win32/Rbot (2), Win32/TrojanDownloader.Agent.NQX, Win32/TrojanDownloader.Agent.NQY, Win32/DNSChanger.NAD, Win32/Hoax.Renos.NDC (2), Win32/PSW.LdPinch.NEL, Win32/TrojanDownloader.Zlob.BAX, Win32/TrojanDownloader.Zlob.BEL (12), Win32/Agent.AVM (2), Win32/Grum.D, Win32/Small.QI

Thursday, September 20, 2007

More E-mails (Spam)

Some botnet somewhere has been busy.. I’ve had about a gazillion spammy emails today.

So… just for the record!

No.. I haven’t won the lottery.. I’m sure my email must be a very lucky address because it’s been winning all sorts of lotteries about 10 times a day just recently.

Nat West Bank/Western Union/Mastercard/Amazon etc etc etc all want me to log into my account. Hmmm… well I might just check out my account if I had an account with them!!

Some girl (with a blokey sounding email address) keeps sending me emails telling me she wants a chat. Strange, it’s the same message only coming from different email addresses.

I get loads of emails telling me that I’ll be able to satisfy the girls if I click here to get enhanced.. I’m a girl by the way! :o

I also get loads of emails telling me that I can buy all sorts of medicines if I wish.. I trust my doctor to know what I need though thank you very much.

Then there is the postcard from a friend/family member……… oh Joy!!

Well, it keeps me entertained! :D

Wednesday, September 19, 2007

Office 2003 Service Pack 3 Released

Microsoft has release Service Pack 3 for Office 2003. Being a service pack, there are many updates, fixes and improvements. To see all of the issues fixed and more information, you can read knowledgebase article 923618. Just like the Windows OS, the Office products are subject to security threats that can be used to attack your computer. This update fixes many potential problems that the bad guys can use to harm your computer.

Supported Operating Systems: Windows 2000 Service Pack 3; Windows Server 2003 Service Pack 1; Windows Vista; Windows XP Service Pack 2

This update applies to the following programs:

  • Office Basic Edition 2003
  • Office Professional Edition 2003
  • Office Small Business Edition 2003
  • Office Standard Edition 2003
  • Office Student and Teacher Edition 2003
  • Office Access 2003
  • Office Access 2003 Runtime
  • Office Excel 2003
  • Office FrontPage 2003
  • Office InfoPath 2003
  • Office Outlook 2003
  • Office PowerPoint 2003
  • Office Publisher 2003
  • Office Word 2003
  • Office 2003 Web Components
  • Office XP Web Components
The download page is here. This is a large download, over 100 MB, so allow yourself some time to download and install this. There will be a CD available soon with the update if you are on dial up or want a hard copy of the update.

Firefox Update 2.0.0.7

My favorite web browser Firefox release a small but important update today. This update fixes a security issue with Quicktime Media link files. Since Quicktime is all over the Net, I would update as soon as you can. This update is for Firefox Windows, Mac OS X and Linux.

Firefox 2.0.0.7 download

Speaking of Quicktime, there have been some important security updates for it as well recently. You can download it with or without iTunes on the Quicktime download page. You don't have to put in an email address to download.

NOD32 Update 2539 (20070918)

NOD32 Antivirus detection database has been updated to version 2539 (20070918)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

IRC/SdBot (4), Win32/Banwor.NAC (3), Win32/Hupigon, Win32/IRCBot, Win32/KeyLogger.Ardamax (3), Win32/KeyLogger.Ardamax.E (2), Win32/Nuwar.AQ, Win32/Nuwar.AR, Win32/TrojanClicker.VB.NDG, Win32/TrojanDownloader.Agent.NQP, Win32/TrojanDownloader.Banload.DPS (2), Win32/TrojanDownloader.Dadobra.IA, Win32/TrojanDownloader.VB.BBQ, Win32/TrojanDropper.Agent.NGF

Updates earlier in the day:

IRC/SdBot (2), Win32/Adware.Cinmus (5), Win32/Adware.Virtumonde (2), Win32/Adware.Virtumonde.FP, Win32/Agent.QT (2), Win32/AutoRun.AN (2), Win32/Bifrose.ACI, Win32/IRCBot.ZG, Win32/Mytob.VY (2), Win32/Neshta, Win32/Persky.K, Win32/Rbot, Win32/Rustock.NCR (2), Win32/Small.CJT (4), Win32/Small.NCG (4), Win32/TrojanClicker.Agent.LL (2), Win32/TrojanDownloader.Agent.NPQ, Win32/TrojanDownloader.Agent.NQV (2), Win32/TrojanDownloader.Delf.NYZ, Win32/TrojanDownloader.QQHelper.UV, Win32/TrojanDownloader.VB.BJQ (2), Win32/TrojanDownloader.VB.NMT, Win32/TrojanDownloader.Zlob.BED, Win32/TrojanDownloader.Zlob.BEJ, Win32/TrojanDropper.Delf.NFO (2), Win32/VB.NNA (2) W97M/TrojanDropper.Agent.NAB, W97M/TrojanDropper.Agent.NAC, W97M/TrojanDropper.Agent.NAD, W97M/TrojanDropper.Agent.NAE, Win32/Agent.BUL, Win32/Agent.CI (2), Win32/Agent.NEJ (2), Win32/Autoit.AK (2), Win32/AutoRun.AM (3), Win32/Bagle.JT (4), Win32/Dialer.HO, Win32/Dialer.NDQ (2), Win32/IRCBot.WO (2), Win32/Nuwar.Gen, Win32/PSW.Agent.NDP, Win32/PSW.LdPinch.NCB, Win32/PSW.Legendmir.NFC, Win32/PSW.OnLineGames.NEG (3), Win32/PSW.OnLineGames.NFF (4), Win32/PSW.WOW.NCD, Win32/Spy.Agent.M (2), Win32/TrojanDownloader.Zlob.BEH (12), Win32/TrojanDownloader.Zlob.BEI (6), Win32/TrojanDropper.Agent.BVR, HTML/TrojanDownloader.Agent.FS, IRC/SdBot (2), JS/TrojanDownloader.Agent.NW, Win32/Adware.NaviPromo, Win32/PcClient.NAW (3), Win32/Rootkit.Agent.HU, Win32/Rootkit.Agent.II (2), Win32/Spy.Banker.OGZ, Win32/TrojanDownloader.Agent.DJT (2), Win32/TrojanDownloader.Murlo.NAG, Win32/TrojanDropper.Agent.NGE, Win32/TrojanDropper.Decept.30.D (2), Win32/VB.NMZ (2)

Tuesday, September 18, 2007

Spybot Search & Destroy Now at Version 1.5

Spybot Search and Destroy is now at version 1.5 with new features and improvements to the program. Updating and the Immunization feature are the best improvements in my opinion. Support for Firefox Immunization has been added. Of course the scanning and spyware removal has been improved as well, but that works in the background where you won't notice as much. Windows Vista is fully supported now, and Windows 95 support has returned. Not sure who is still using 95 but Spybot is probably the only option you have for antispyware on that old OS.

Here is a list of some of the changes:

  • Restored Win95 compatibility
  • New Immunization for Firefox & Mozilla
  • Fixed HyperThreading issues
  • Improved 64 bit immunization
  • Support for multi-line bookmarks (IE 7 / Vista)
  • Improved Immunization for Opera
  • New warnings about missing admin rights on Windows Vista
  • Improved SDHelper dialogs and block/allow choices
  • New confirmation dialog for system restore points
  • Added support for renaming services before stopping/killing/deleting them
  • Improved hosts file location algo
There are many more. You can see them and screen shots of the program on the Spybot 1.5 info page.

One thing that I would change is that Tea Timer is enable by default when installing. In the older Spybot 1.4 install, it was not checked. Now it is checked and will be enabled after the install is complete. While Tea Timer is a good resident protection program, it can be a bit overwhelming for some people.

Another recommendation is to undo the Immunization in 1.4 and uninstall it before installing the 1.5 version. While not required, Immunize adds alot of entries to the registry and the newer version may handle them differently. Also, if 1.4 hasn't been updated to the latest Immunize data, there could be entries left on your system that should have been removed already that 1.5 will not. While I am not aware of any entries that would do this, better safe than sorry.

Overall, this is a good update to Spybot and everyone should update to version 1.5. You can download it from Spybot's download page as well as major download sites like Download.com.

Friday, September 14, 2007

CounterSpy 2 Update 631

CounterSpy 2.0 latest update definition is 631

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Here is a partial list of selected threats in this update. For a full list of the updates, see Spyware Definitions 547

Added

Email-Worm.Win32.Nulprot.d, Rootkit.Win32.Agent.io, Trojan-Downloader.JS.Psyme.mf, trojan-Downloader.Win32.Agent.djt, Trojan-Downloader.Win32.Agent.dju, Trojan-Downloader.Win32.Small.fqe, Trojan-Downloader.Win32.Small.fsc, Trojan-Downloader.Win32.Small.fsf, Trojan-Dropper.Win32.Small.bae, Trojan-Proxy.Win32.Pixoliz.c, Trojan-Proxy.Win32.Slaper.bd, Trojan-Spy.Win32.Agent.aah, Trojan.Bdld, Trojan.GMWX, Trojan.Win32.Inject.ev, Trojan.Win32.Small.qh

Updated

Backdoor.Rustock, Backdoor.Unidentified.gen, Backdoor.Win32.Small.lu, Dialer.Maxd, Email-Worm.Win32.Locksky.be, Exploit-VBS/Phel.E, Infostealer.Metafisher, Infostealer.Nuklus, IRC/Sensi.11, JS/Exploit_based.A, JS/Exploit_based.B, mIRC/Gen_COM, Packed.Win32.PolyCrypt.d, Rootkit.Win32.Agent.ea, Rootkit.Win32.Agent.ey, SpamTool.Win32.Agent.u, SpywareSoftStop, Storm.Worm, Trojan-Clicker.HTML.IFrame.al, Trojan-DOS/CryptMBR.A, Trojan-Downloader.Gen, Trojan-Downloader.Matcash, Trojan-Downloader.Monurl.I, Trojan-Downloader.Trojan, Trojan-Downloader.Vxgame.z, Trojan-Downloader.Win32.Agent.azg, Trojan-Downloader.Win32.Small.evh, Trojan-Downloader.Win32.Small.ex, Trojan-Dropper.Win32.Small.gen, Trojan-JS/Alogo, Trojan-Proxy.Win32.Agent.sw, Trojan-Proxy.Win32.Xorpix.Fam, Trojan-PSW.Win32.Hooker.24.c, Trojan-Spy.Win32.Banker.dko, Trojan-Spy.Win32.Banker.dvn, Trojan.Autorun.EU, Trojan.DNSChanger, Trojan.DNSChanger.Gen, Trojan.FakeAlert, Trojan.LowZones, Trojan.Pandex, Trojan.Qhosts, Trojan.Vxgame.z, Trojan.Win32.BHO.dm, Trojan.Win32.DNSChanger.jf, Trojan.Win32.DNSChanger.ka, Trojan.Win32.Patched.ah, Trojan.Win32.Qhost.it, Trojan.Win32/Anomaly.gen!A, Trojan.XPL.ADODB, VBS/Generic2, webHancer

Tom Coyote Is Now What the Tech

One of my favorite security and help sites, Tomcoyote.org, has changed names to What the Tech. The old Tom Coyote url will be redirected to the new site, but it is still a good idea to update your bookmarks.

Site: http://whatthetech.com
Forum: http://forums.whatthetech.com/forums.html

Spyware Doctor 5.08150

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 5.08150
Intelli-Signatures: 648,460

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

5.08150 - Constructor.FakeMSN, P2P-Worm.Blaxe, P2P-Worm.Zaka, Trojan.Decept, Trojan-Clicker.Agent.EL, Trojan-Downloader.Small.CQG, Trojan-Downloader.Small.CQO, Trojan-Downloader.Small.W, Trojan-PWS.FakeAIM.A, Trojan-PWS.FakeMSN.A, Trojan-PWS.Mima, Trojan-Spy.Banker.YG, Trojan-Spy.DiabloII.G, Trojan-Spy.Gologger, Trojan-Spy.KeyLogger.AO, Worm.Collo, Worm.Donk.C, Worm.Skipi.A


5.08140 - P2P-Worm.Cake, P2P-Worm.Cozit, Trojan-Clicker.Agent.EQ, Trojan-Downloader.Zlob.FS, Trojan-Spy.DiabloII.D, Trojan-Spy.SpyAnyTime.C, Worm.Bymer, Worm.Donk.B


5.08130 - P2P-Worm.Benjamin.A, Trojan.Banker.D, Trojan-Clicker.Agent.DW, Trojan-Downloader.Agent.CRY, Trojan-Downloader.Delf.MOP, Trojan-Downloader.Small.BSN, Trojan-Downloader.Small.CPW, Trojan-Downloader.Tiny.GX, Trojan-PWS.Gamania.AD, Trojan-PWS.Gamania.AL, Trojan-Spy.Godmoney


Extended Intelli-Signatures:

5.08150 - Adware.Agent.BN, Adware.CDN, Adware.WSearch.O, Backdoor.Delf.GEN, Email-Worm.Zhelatin, Rootkit.Agent.EY, Trojan.Agent.AOY, Trojan.Banker, Trojan.CWS, Trojan.Desktop_Hijacker, Trojan.Mailbot, Trojan.Popuper, Trojan.PurityScan, Trojan.Virtumonde, Trojan-Dropper.Agent.BE, Trojan-PWS.Delf, Trojan-PWS.Hazif, Trojan-Spy.Banker.CMB


5.08140 - Application.Logitech_Inc., Dialer.Dialupass, Trojan.AVKillers, Trojan.Nuklus, Trojan-Downloader.Banload.ACK, Trojan-Downloader.Small.GEN, Trojan-PWS.Hangame, Trojan-Spy.Banker.AHY, Trojan-Spy.Bankject, Trojan-Spy.Tofger


5.08130 - Adware.Agent.BN, Adware.Zeno_Search_Assistant, Application.Logitech_Inc., Rootkit.Agent.EY, Trojan.DNS_Changer, Trojan.PurityScan, Trojan.Virtumonde, Trojan-Downloader.Alphabet.GEN, Trojan-Dropper.Agent.BE, Trojan-PWS.Magania, Trojan-PWS.Sincom, Trojan-Spy.Agent.EW, Trojan-Spy.Bankject


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

AntiVirGear New Rogue to Remove

AntiVirGear is the newest fake antispyware program connected with the zlob trojan. It's been awhile since there has been a new one, but this program is garbage just like the rest. It will find spyware on your computer and then offer to remove it after you pay.

Bleeping Computer has a guide on how to remove AntiVirGear until most reputable antispyware programs are able to fix it.

Files and information related to AntiVirGear:

Hijackthis entry:

O4 - HKLM\..\Run: [AntiVirGear 3.7] "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe" /h

Files:

C:\Windows\System32\wqzdtjg.dll
C:\Windows\System32\ddllup.dll
C:\ProgramFiles\AntiVirGear 3.7

Wednesday, September 12, 2007

Are You A Security Wizard?

I found this neat quiz over at Agnitum. Are you a Security Wizard?








Are you an Internet Security Wizard?
Are You an Internet
Security Wizard?

Monday, September 10, 2007

New Skype Worm

Whether you want to call it w32/Ramex.A or Bubbles, I couldn’t explain it any better than Chris Boyd (aka Paperghost) does.  So trolly on over to Spywareguide.com to see what he has to say with some pretty pictures too.

Saturday, September 08, 2007

Winpatrol Updated

When Winpatrol 2007 was released I thought it was fab and I absolutely adore Scotty in his blue Vista bubble. But not everyone agrees with me.

Winpatrol has listened to customer feedback and have today released a minor update that among other things will enable users to have the original black Scotty icon back in your system tray.

If you like Scotty as he is and you aren't having any problems with Winpatrol Plus features then there is no rush to download the update.

Check out Bits from Bill for all the latest Winpatrol News and more.

Friday, September 07, 2007

Microsoft Security Bulletin Advance Notification for September 2007

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don’t forget to prepare for the updates as I’ve outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 11 September 2007 Microsoft is planning to release:
Security Updates

One Critical Bulletin in total.

  • One Microsoft Security Bulletin affecting Microsoft Windows 2000 Service Pack 4 with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Four Important Bulletins in total.

  • One Microsoft Security Bulletin affecting Visual Studio with a Maximum Severity rating of Important. This update may require a restart and will be detectable using the Enterprise Update Scan Tool and Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Windows Services for UNIX, Subsystem for UNIX-based Applications, with a Maximum Severity rating of Important. This update will require a restart and will be detectable using the Enterprise Update Scan Tool and the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting MSN Messenger, Windows Live Messenger, with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the built-in mechanisms for automatic detection and deployment of updates for this software.
  • One Microsoft Security Bulletin affecting Windows SharePoint Server, with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Note that this tool will NOT be distributed using Software Update Services

Non-security High Priority updates on MU, WU,WSUS and SUS

  • Microsoft will release zero NON-SECURITY High-Priority Updates for Windows on Windows Update (WU)
  • Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for “security_patch”.
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086

Microsoft will host a Webcast to address customer questions on these bulletins on Wednesday, September 12, 2007, at 11:00 AM Pacific Time (US & Canada),for attendees to ask questions about the bulletins and get answers from the security experts.

Monday, September 03, 2007

Parental Controls For Windows Live Messenger And More

Windows Live Family Safety (Beta)

As a parent, do you worry about your children’s safety on the internet? Of course you do. Microsoft have a product that may be able to help. Windows Live Family Safety is still in beta, but in my opinion it is worth trying out. Microsoft can only make it a better product with your feedback.

It’s available for free, you need either Windows XP (sp2) or Vista and a Windows Live ID. Here is some blurb for you.

Safer browsing with guidance you personalise
Help protect your kids from the online content you don’t want them to see with filters you can customise to fit your children’s ages and your own values. Get guidance from the American Academy of Pediatrics and other trusted sources such as the NSPCC. Activity reports show you which sites your kids are visiting.

Safer Instant Messaging and blogging
Family Safety Beta’s new built-in contact approval helps you know exactly who your kids are talking to on IM or their blogs. You approve or disapprove each new contact for their Windows Live Messenger and Windows Live Spaces.

Safer searching, safer learning
Family Safety Beta works with Live Search to help block inappropriate search results, and with MSN Encarta to help deliver only information that’s age-appropriate.

Stay informed, from any PC, anywhere
Your child can easily ask you for permission to see a blocked site or to add a new Messenger or Spaces contact—right from the Web. Whether you’re at work or on the road, you can review and approve or block their requests from almost any Web-connected PC.

Windows Live Family Safety

Friday, August 31, 2007

Bank of India Website Now Clean

The Bank of India website has been cleaned of the malware it was infected with finally. After testing and reviewing what happened, it looks like you were only in danger if you were not up to date on your Windows security updates. In particular, this update from Microsoft that was just released earlier this month.

When I visited bankofindia.com with a fully patched Windows XP machine, none of the reported malware was loaded. There was a significant delay for the page to finish loadding while mymoonsite.net was trying to download something, but nothing harmful was. There were some harmless html and picture files in the temporary Internet files folder, but nothing to cause any problems. Internet Explorer 7 did warn about an Active X control that wanted to download. Normally you would want to deny this on a web page with malware, but I allowed it to download. Once again, nothing malicious was installed.

The lesson here is to keep up to date with Windows updates. The lesson for Bank of India and their website administration is to keep their system patched and up to date. It's not clear yet exactly how the site was compromised, but I'm sure they will now take security seriously.

Here is an updated list of malware that was found by Sunbelt that could have been downloaded to your computer:


Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz
Trojan-Proxy.Win32.Xorpix.Fam
Trojan-Downloader.Win32.Agent.ceo
Trojan-Downloader.Win32.Tibs.mt
Trojan-Downloader.Win32.Agent.boy
Trojan-Proxy.Win32.Wopla.ah
Trojan-Proxy.Win32.Wopla.ag
Rootkit.Win32.Agent.ea
Trojan.Pandex
Trojan-Proxy.Win32.Cimuz.G
TSPY_AGENT.AAVG (Trend Micro)
Trojan.Netview

Thursday, August 30, 2007

Bank of India Website Hacked

Sunbelt Blog reported that the Bank of India website has been seriously compromised. That was about 8 hours ago. I just checked and it is still compromised. It still has a hidden iframe loading something from goodtraff.biz. I also noticed a lengthy connection to mymoonsite.net, which is listed on Sunbelt researcher Webhelper's CWS list. Mymoonsite is registered by the infamous ESTDOMAINS. They register many malware websites, like ones that have the zlob trojan.

I haven't had time to take a good look at what happened by loading Bank of India's site. I do not recommend going to bankofindia.com until it is fixed. More later, but so far Sunbelt reported the following malware being served:

Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz

Wednesday, August 29, 2007

Windows Vista SP1 Announced

Microsoft have announced the release of Windows Vista Service Pack One for the first quarter of 2008. Whilst SP1 will contain valuable updates to Windows, you don’t need to wait until it has been released to enjoy Windows Vista today.

If you are thinking of upgrading your current PC then you can check whether your hardware is up to it using the Upgrade Advisor although I would encourage a fresh install rather than over the top of XP.

There is a whole load of information about what Windows Vista SP1 will include, I could post it here but it’s probably better if you get it direct from the horses mouth as it were at the Windows Vista Blog and the Vista Service Pack 1 White Paper.

There will also be a service pack released for Windows XP in the first half of 2008, it won’t include any new features apart from Network Access Protection, but it will roll up all the hotfixes and patches that have been released since SP2.

By the way, as a recipient of the Microsoft MVP award I am in no way obligated to push or even like Microsoft products. In fact I am positively encouraged to be as critical as I feel the need to be. But apart from the UK pricing issues, I do believe that Windows Vista is a better, more secure, family friendly operating system.

Tuesday, August 28, 2007

BlackICE Discontinued

IBM Internet Security Systems announced recently, the End of Life for BlackICE PC Protection. BlackICE will no longer be sold after September 19, 2007 and will not be supported after September 29, 2008.

All is not lost however, the good guys at Sunbelt have offered a free one years subscription to the full version of the famous Sunbelt Personal Firewall. Visit saveblackice.com for more details and a small online form to complete to take advantage of this offer.

Sunday, August 26, 2007

Secure Against MPack Threat

There was quite a bit written earlier in the year about the Mpack threat, I even managed a little piece myself! Symantec recently added an update to their analysis of Mpack. It’s not really good news I’m afraid.

They have listed the exploits that are targeted by Mpack, and Eric Larkin of PC world went one further and asked Symantec what we need to do to make sure that we are not vulnerable.

See his article at the PCWorld Blog for a list of Must Close Holes, and remember to keep all your software up to date. If you aren’t too sure how to check your software then Secunia Software Inspector is a great tool that will help you out here.

Zango Ticks Off Chris Pirillo

Chris Pirillo was looking at search results for one of his videos and noticed that Zango was leeching off of him at number 2 in Google results. As a result, he ranted about it on his site. Digg has picked up on it as well, so go Digg it up and Digg down the Zango promoters.

Tuesday, August 21, 2007

Microsoft Update Catalogue

Posted on the MU technet blog last week

I am excited to announce that we have released version 1.0 of the Microsoft Update Catalog! With the new Catalog, you can search for updates available through the Microsoft Update service and download them to your machine (regardless of whether the update is applicable to your machine). You can also import updates from the Catalog directly into WSUS 3.0, System Center Essentials 2007, or System Center Configuration Manager 2007.

Some key features of the MU Catalog include:

  • Full-text search: You can search using a keyword, KB article, MSRC bulletin, driver manufacturer, driver model, driver version, product, and/or classification.
  • RSS: Save your searches in RSS and get notified when new updates match your criteria.
  • Download with BITS: We use BITS to make the download experience robust and efficient.
  • “Shopping basket”: You can select multiple updates (and multiple languages) and download them together.
  • Integration with WSUS: You can import updates from your basket into Windows Server Update Services 3.0, System Center Essentials 2007 or System Center Configuration Manager 2007.
  • Localization: The Catalog is localized in all core Windows Vista languages.

We hope you enjoy this new offering! Please give us your feedback. There are feedback options on the help page on the MU Catalog site.

Nice one, I’m sure that will come in very handy.

Sunday, August 19, 2007

MVPS Hosts File Update

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? … because in certain cases “Ad Servers” like Doubleclick (and many others) will try to open a separate connection on the webpage you are viewing.

Lots more information and download links and installation instructions at Blocking Unwanted Parasites with a Hosts File

smallvista.gif Vista users make sure you read the special instructions here

Tuesday, August 14, 2007

Another Firefox Vulnerability

A vulnerability has been discovered in Firefox that could allow criminals to remotely scan all variables in your Firefox plugins and use an Ajax script to log that information on to a server.

In non techy terms this means that information stored in your plugins, like whitelists, passwords, user names, email addresses, ftp information etc etc could be stolen and seriously compromise your online privacy and security. According to the 0×000000 blog, this isn’t something that can be easily fixed either.

For now, your best form of defence is to run with the NoScript plugin enabled.

Sources | The Register and 0×000000

Sunday, August 12, 2007

FDF Spam

The last wave of spam was a PDF file attached to an email…. now it’s a FDF file which can be opened in a PDF reader just as easily. What’s an FDF file? Well here is the techy bit if you really are interested.

This sort of spam fest is known as stock spam. spam.gif

Friday, August 10, 2007

Critical Symantec Flaw

An input validation error in two ActiveX controls used by Norton AntiVirus, Norton Internet Security, and Norton System Works could allow an attacker to execute code on the target system.

Affected Products

  • Norton Antivirus 2006
  • Norton Internet Security 2006
  • Norton Internet Security, Anti-Spyware Edition 2005
  • Norton System Works 2006

Details
Symantec was notified that two ActiveX controls supplied by NAVCOMUI.DLL contain an input validation error for two properties of the controls. This error could allow an attacker to crash Internet Explorer, or possibly run arbitrary code with the rights of the logged in user.

How to Obtain the Update
Symantec Norton product users who regularly launch and run LiveUpdate should already have received an updated (non-vulnerable) version of NAVCOMUI.DLL.
However, to ensure all available updates have been applied, users can manually launch and run LiveUpdate in Interactive mode as follows:

  • Open any installed Norton product
  • Click on LiveUpdate in the GUI
  • Run LiveUpdate until all available product updates are downloaded and installed

Best Practices
Symantec recommends any affected customers update their product immediately to protect against potential attempts to exploit this vulnerability. As part of normal best practices, Symantec recommends the following:

  • Run under the principle of least privilege to limit the impact of exploits.
  • Keep all operating systems and applications updated with the latest vendor patches.
  • Follow a multi-layered approach to security. Run both firewall and antivirus software to provide multiple points of detection and protection from inbound and outbound threats.
  • Keep anti-virus definitions and IPS (firewall) signatures up to date.

Symantec Security Advisory

Microsoft Security Bulletin Advance Notification for August 2007

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday. Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 14 August 2007 Microsoft is planning to release:
Security Updates

  • Five Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Microsoft Office with a Maximum Severity rating of Critical. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer
  • Two Microsoft Security Bulletins affecting Internet Explorer with a Maximum Severity rating of Critical. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Visual Basic and Office for Mac with a Maximum Severity rating of Critical. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Six Critical Bulletins in total.

  • One Microsoft Security Bulletin affecting Windows with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Windows Vista with a Maximum Severity rating of Important. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Virtual PC and Virtual Server with a Maximum Severity rating of Important. This update will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Three Important Bulletins in total.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Note that this tool will NOT be distributed using Software Update Services

Non-security High Priority updates on MU, WU,WSUS and SUS

  • Microsoft will release two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release four NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
    Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for "security_patch".
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086

Microsoft will host a webcast to address customer questions on these bulletins on Wednesday, August 15, 2007, at 11:00 AM Pacific Time (US & Canada),for attendees to ask questions about the bulletins and get answers from the security experts.

Wednesday, August 08, 2007

Protect your Email Address from Harvesters

If you have a website of any description then you probably have a contact ‘mail me’ link somewhere on it. Trouble is, spambots love these links as they are easy pickings and they can get your contact email address and spam you with all sorts of stuff.

I came across a method of encrypting your email address on your web page, all you need is a little bit of javascript and a little bit of HTML know how. Email Protector has everything you need to make your Javascript snippet and will provide you with the necessary decryption script too. All for free.

Sunday, August 05, 2007

Spyware Quiz

I told you a little while ago about the McAfee Phishing Quiz which was fun to do and thought provoking. (Although it seems to be offline at the moment which is a shame.)

If you have a few spare moments, why not have a go at their Spyware Quiz or the Spam Quiz

There were some interesting stats gathered from the Spyware Quiz.

Friday, August 03, 2007

WinPatrol 2007(Version 12) Goes Live

Well it didn’t take long to get the bugs ironed out of Winpatrol 2007 version 12  (if there were any) and today I’m happy to announce the the new version is available for download.

So what’s new?

i) Scotty has a lovely new icon

ii) HijackPatrol log - The new HijackPatrol Log button on the options screen will create and display a style of output familiar to many online helpers. HiJackPatrol.logs aren’t exact duplicates of the popular HijackThis log or meant to replace them but the format should be familiar. HijackPatrol logs will also contain additional information which is routinely monitored by WinPatrol.

iii) SpreadSheet Log - Important details will be output in a CSV(Comma Separated Value) format popular with spreadsheets and many database programs. WinPatrol users will be able to sort all their system data in any format they want.

iv) Easy Access to PLUS Info - Program properties and PLUS Info have been combined into a single page of information from our extensive online library. Instead of multiple steps, you can now just double click on any filename to access the new improved PLUS format. Free WinPatrol users will also see improved information to help them decide if a program is worthy.

v) PLUS Requests updated for future expansion - This change also allows us to expand our PLUS Info response and provide more specific and helpful information based on more than just a filename. You’ll see some additions immediately when using WinPatrol 2007 version 12. Scotty

What’s New and Download Link

Why Winpatrol Plus

Tuesday, July 31, 2007

Firefox v2.0.0.6 Released

Mozilla has released Firefox v2.0.0.6 today to address two critical security vulnerabilities.  Users should update as soon as possible.

Advisories 

To update Firefox go to Help > Check for Updates

Monday, July 30, 2007

Winpatrol 2007 v12 Beta Available

I mentioned in a previous post that Scotty of Winpatrol fame will soon get his bark back.  The new version of Winpatrol is almost ready for release but if you are feeling adventurous then you can download and test the Beta version here.

There are a couple of interesting and exciting additions to this great program and Scotty has a new icon and of course he woofs again on Vista.

This is a beta version of the program so do follow the advice given by Winpatrol and back up your system before installing it and please do feedback to them if you find any bugs.

Sunday, July 29, 2007

Another Messenger Worm

F-Secure reports of another Messenger worm, it sends messages to other Messenger contacts that are along the lines of:

Psssssst …. just between me and you, please accept
Looking for hot summer pictures ? well here they are !!

…and includes a link to a file hosted on chatamis.net.

Friday, July 27, 2007

Spammer Banned From MySpace

Technorati Tags: , ,

US District Judge Audrey B. Collins has forbidden Sanford Wallace and his associates from creating or maintaining MySpace profiles, using the site to send private messages or post public comments or to suggest in commercial emails or other electronic communications that that they are affiliated with the social network.

The preliminary injunction came in a lawsuit MySpace filed in March. It claims Wallace created more than 11,000 MySpace profiles that churned out private messages, comments and bulletins that directed users to spoofed MySpace pages seeking their login information.

The ruse allowed him to hijack at least 320,000 accounts, which he used to send 400,000 private messages and post 890,000 comments, both of which redirected MySpace users to the sites freevegasclubs.com and realvegas-sins.com. The sites are owned by Feeble Minded Productions, an aptly-titled firm affiliated with Wallace.

See the full story at The Register.

Thursday, July 26, 2007

Password Vulnerability in Firefox and Safari

The latest versions of Firefox and Safari contain a password management security flaw that could allow certain websites to access stored usernames and passwords.A message on the Full Disclosure mailing list warned that users who have either browser configured to remember passwords, and have JavaScript enabled, are at risk.

Mozilla fixed a similar reverse cross-site scripting flaw in Firefox last November, but this was a lot more serious as it did not require JavaScript to be enabled.

Heise Security has a demonstration of the vulnerability on its website to allow users to determine whether they are vulnerable to the attack.

However, some developers and commentators have questioned whether this constitutes a vulnerability in the browser, as it requires the attacker to place malicious code on the web server.

If an attacker can place script code on a server, they would be able to manipulate the pages anyway, and would have other ways to steal user access data.

Until a fix is released, users are urged to disable JavaScript in their browser or avoid the use of the password manager on sites where users are allowed to post JavaScript pages.

Source | vnunet.com

To disable Java Script in Firefox, go to Tools > Options > Content and untick the Enable Javascript checkbox

To disable Java Script in Safari, go to Preferences > Security > and untick the Enable Javascript checkbox

Sitemeter