Tuesday, February 27, 2007
Who's Phishng Who?
More at Security Fix
Saturday, February 24, 2007
Despite Ddos Attack Castle Cops Celebrates Five Years
Digg it
Tuesday, February 20, 2007
Windows Live Messenger Serves Up Winfixer and ErrorSafe
"Microsoft was notified of malware that was being served through ads placed in Windows Live Messenger banners. As a result of this notification we immediately investigated the reports and removed the offending ads, as this is a violation of our ad serving policy. We can confirm that the ads are no longer being served by any Microsoft system. We apologize for the inconvenience and are reviewing our ad approval process to reduce the chance of an occurrence such as this happening again. To help customers protect their PCs from malware threats, Microsoft recommends customers follow our Protect your PC guidance at www.microsoft.com/protect." - Whitney Burk, Microsoft.
With internet advertising being the main source of revenue for a lot of sites these days, this sort of thing is becoming all to common. One of the best ways to protect yourself is to install a good hosts file which will block known bad sites.
Please make sure you read all of Sandi's report, as usual she has done a very thorough investigation and gives some sound advice about avoiding infection from rogue sites.
Tuesday, February 13, 2007
Valentines day is a day for us to have a bit of fun with those we love and those we like quite a lot!!! I'm sure my Valentine is out there somewhere... he is just very good at hiding :-)
On a serious note though, sending your intended one of those free electronic greeting cards is a sure fire way to pass on your email addresses to spamming lists!!
And don't forget, malware vendors have been sending out worms as email attachments to the unwary, Valentines day is a great day for them to try to take advantage of the unwary. So please, if you don't know who the email is from then dump it and do not open any attachments.
Read more about this at;
WebUser The Register SC Magazine
Monday, February 12, 2007
SpyDawn Rises As Newest Rogue Antispyware Program
Here is the spydawn.com domain information. IP location is in the Ukraine with Inhoster Hosting company. The domain is registered through Estdomains. Both bad signs.
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: SPYDAWN.COM
Registrant:
ODS ltd
Robyn Turner turnrobyn@gmail.com
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Creation Date: 12-Nov-2006
Expiration Date: 12-Nov-2007
Domain servers in listed order:
ns3.dragracers.biz
ns2.dragracers.biz
ns1.dragracers.biz
Administrative Contact:
ODS ltd
Robyn Turner turnrobyn@gmail.com
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Technical Contact:
ODS ltd
Robyn Turner
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Billing Contact:
ODS ltd
Robyn Turner
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Status:ACTIVE
SpyCrush Is Another Fake Antispyware Program
Besides the pop up warnings and other advertising trying to get you to buy it, you'll see this line in a Hijackthis log:
O4 - HKLM\..\Run: [SpyCrush] C:\Program Files\SpyCrush\SpyCrush.exe
Smitfraudfix has been updated to remove this pest, so you can use the removal instructions here. Alternative fix is posted at Bleeping Computer. Information about spycrush.com and how the program SpyCrush resembles and older rogue VirusBurst located at Security Cadets.
Sunday, February 11, 2007
Winpatrol 2007 for Vista
BillP Studios have been busy testing a new version of Winpatrol and the full and final version is due for release tomorrow. Winpatrol 2007 is fully Vista compatible and has a great new feature called Delayed Start.
You probably have programs which you do want running in the background but you
don’t need to launch immediately on boot up. WinPatrol’s Delayed Start allows
you to specify the time to wait before launching programs which may typically
try to load while other system initialization are happening.
If you use
Vista's UAC(User Access Control), you may find some startup programs require
your permission before they can begin. Moving these programs to our Delayed
Start list can prevent simultaneous annoying systems pop ups.
The free Winpatrol version is fully functional and will provide you with all the protection that the Plus version gives you, however I do recommend that you upgrade to the Plus version, see here for comparisons.
Keep up with Winpatrol happenings at Bits From Bill
Thursday, February 08, 2007
MS Security Bulletin, Advance Notification for February
Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.
On 13 February 2007 Microsoft is planning to release:Microsoft Security Bulletin Advance NotificationSecurity Updates
- Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
- Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
- One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Visual Studio. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates will require a restart.
- One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Office. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
- One Microsoft Security Bulletin affecting Step-by-Step Interactive Training. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.
- One Microsoft Security Bulletin affecting Microsoft Data Access Components. The highest Maximum Severity rating for this is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.
- One Microsoft Security Bulletin affecting Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, and Microsoft ForeFront. The highest Maximum Severity rating for these is Critical. These products provide built-in mechanisms for automatic detection and deployment of updates. Some of these updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
- Microsoft will release two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
- Microsoft will release eight NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft will also be hosting a webcast on Wednesday February 14th 11:00 AM Pacific Time (US & Canada), for attendees to ask questions about the bulletins and get answers from the security experts.
Tuesday, February 06, 2007
Safer Internet Day 2007
Today is Safer Internet Day.
Almost 40 countries will participate in the fourth edition of Safer Internet Day (SID) which this year takes place on 6 February. The event is organised by European Schoolnet, coordinator of Insafe, the European safer internet network (www.saferinternet.org). Viviane Reding, EU Commissioner for the Information Society and Media is once again patron of Safer Internet Day, as in the past two years.
The highlight of the day will once again be a worldwide blogathon, which will reach Australia on 6th February and progress westward through the day to finish up in the USA and Canada. Following the huge success encountered in 2006, this year's blogathon goes one step further to include the voices of hundreds of youngsters. In the framework of a competition launched in October 2006, more than 200 schools in 25 countries across the globe have been working in pairs, using technology to cross geographical borders, to create internet safety awareness material on one of three themes: e-privacy, netiquette, and power of image. On Safer Internet Day, all of the projects they have produced will be uploaded to the blogathon.
Links for more information and activities below;
Blogathon
Insafe Safer Internet Day 2007
EIS Safer Internet
BBC Technology Pages
EGov Monitor
The Register
Monday, February 05, 2007
Parental Controls in Vista
One of the exciting new features available in Windows Vista are the Parental Controls. These controls will help you, as a responsible parent, to allow your children to use the technology that is available for them in a safe and monitored environment.
Of course, as with anything that is new to us, getting our heads around how to actually use it can be a bit daunting. My friends at Bleeping Computer have just produced a great guide that will hopefully take a little of the head scratching out of setting up your Parental Controls.
With the launch of Windows Vista, Microsoft has introduced a new security feature called Windows Parental Controls. Windows Parental Controls allows a parent to configure, on a per user basis, various restrictions on what that user can do on the computer. These settings range from blocking websites to controlling what games they can play. Having access to these types of controls allows a parent to feel comfortable with their children using a computer and at the same time gives them the flexibility to customize these settings to their specific needs.
It is important to note that not all programs are compatible with Windows Parental Controls. In order for Windows Parental Controls to properly monitor and control certain activities on the computer, the application must be compatible with this new service. For the most part, most of the settings can be enforced across all applications, but it is important to test these controls using the applications that your users will be using. This way you know for sure that any restriction you put into place can be enforced. It is also important to note that Windows Parental Controls can only be assigned to a Standard User, which is a user with limited rights on the computer, and cannot be assigned to accounts that are configured as an Administrator. This is so a user cannot remove restrictions placed on them.
One of the more powerful features of this new service is that you will be able to view reports of the activity for each user that you have configured Parental Controls. The information you see will be determined by whether or not the user is using applications that are compatible with Windows Parental Controls. Assuming that all the applications are compatible you will be able to monitor the following activity.
- Most recent websites blocked.
- Attempts to visit sites that have been specifically blocked or allowed.
- What files were downloaded.
- What file downloads were blocked.
- When the user logged on.
- What programs they have run.
- Emails sent and received
- Instant Messages sent and received.
- What games were played.
- What media such as movies and videos were played.
For the full tutorial, please visit Setting up Windows Vista Parental Controls
Friday, February 02, 2007
Trojans Go to Superbowl XLI
The web sites that were affected are:
Dolphinsstadium.com
Dolphinstadium.com
Proplayerstadium.com
MiamiDolphins.com
You are vulnerable if you haven't installed these security updates MS06-014 and MS07-004 from Microsoft. If you are not sure if you are up to date, then visit Windows Update and select the express install to get your computer fully updated.
At the time of this post, the files that attack your computer are not detected well by most spyware and antivirus programs. Some of the files that attack your computer from this exploit are w1c.exe, msmsgs.exe, ADupdate.exe, 1.exe and 3.exe. These files and others have been submitted to the security companies, so they should be added to detection databases in the coming days.