Saturday, June 30, 2007

iPhone Scams Have Begun

The iPhone is out and the malware makers are already using it dupe people out of their money. Sunbelt reports that there is a new trojan that will offer pop ups to take you to a fake webpage. Normally redirects to the a page on for the iPhone, but on infected systems, a custom webpage replaces the legit one. A browser helper object is added to Internet Explorer to take you to the fake webpage:

BHO: H - {AA7F2000-EA05-489d-900C-3C7C0A5497A3} - C:\WINDOWS\system32\rwera21s1.dll

It's triggered when you go to or Some realistic looking pop ups appear and if clicked, you'll end up on the fake page. The fake page is hosted by Hostfresh, a dubious hosting company as reported by Sunbelt.

If you try to order an iPhone through these pop ups, all you'll get is an empty wallet. Check out the screenshots and other info posted at Sunbelt Blog.

Thursday, June 28, 2007


VirusHeal is the newest rogue program. Some say it's SpyHeal with a new name. Sunbelt reports it comes along with DVDacess, a fake codec that different web sites will trick you into installing. The whole thing is a scam. They trick you into installing the codec so you will get infected. Then they try to sell you the cure, this time called VirusHeal.

You should be able to remove this pest by using Smitfraudfix. Being new, you may have to manually uninstall Virusheal, but the zlob trojan that is making the pop ups and fake warnings should be removed.

Websites to avoid and to add to block lists:

Some of the files and registry entries that are added by VirusHeal:

%ProgramFiles%\VirusHeal 3.7\VirusHeal 3.7.exe
%ProgramFiles%\VirusHeal 3.7\msvcp71.dll
%ProgramFiles%\VirusHeal 3.7\msvcr71.dll
%ProgramFiles%\VirusHeal 3.7\antispy.vh
%UserProfile%\Start Menu\Programs\VirusHeal 3.7\VirusHeal 3.7.lnk
%UserProfile%\Start Menu\Programs\VirusHeal 3.7\VirusHeal 3.7 Website.lnk
%UserProfile%\Start Menu\Programs\VirusHeal 3.7\Uninstall VirusHeal 3.7.lnk


Wednesday, June 20, 2007

Youtube on Apple TV and iPhone

Apple announced two new ways to access Youtube from your Apple TV and iPhone.

Apple TV now has new menu choice for if you update it software version 1.1. While you don't view the actual Youtube website, you can access many of the features and videos through the Apple TV. You can view the most popular videos, most watched, search and do most f the things you could do if you if you were on a computer. You can even log in to your account save favorites and rate videos. Not every video will initially be available. All of the videos on Youtube need to be converted to the H.264 encoded mp4 format to play on Apple TV. It will take several months to convert them all but there are still quite alot that can be viewed now. There's a good article at iLounge that describes this and has screen shots of the Apple TV using Youtube. You can also check it out at

The iPhone has been confirmed to include the ability to stream videos from Youtube as well. There will be 10,000 available when the iPhone launches next week, with more added over time.

Tiger Updated to Mac OS 10.4.10

Leopard is on the horizon but a new update for Tiger came out today to address a security issue, improve reliability and add new functionality. Yahoo!Sync has been added in what appears to be to allow syncing contact info with your Yahoo ID and to your iPhone. Raw file support has been added to allow processing of files from various cameras. Bluetooth and USB have updates to improve reliability with certain devices connected to a Mac. The security update addresses a potential problem with the new IPv6 protocol.

Details of the security content of this update can be found here. More details on what's new in 10.4.10 is here. Use software update to get 10.4.10. How to use software update info here.

Firefox - Kid Friendly Browser

There is an extension for Firefox that will allow you to monitor and approve which sites your children visit.  There is a list of default safe sites that come with the extension and you can add more as you go along.

The extension is called Glubble, you can download it here.  There are screenshots and more information available at CyberNet.

If you are a Vista user then don't forget you have the advantage of built in Parental Controls, please take the time to find out how to configure them to suit your needs.

Thanks to Corrine for being on the ball once again.

Tuesday, June 19, 2007

Q & A with the Security MVP Experts

You are invited to attend an Q&A with the Microsoft Security MVPs. In this chat the MVP experts will answer your questions regarding online safety issues such as phishing, spyware, rootkits as well as server related topics. If you have questions on how to protect your PC, please bring them to this informative chat.

When:   Thursday June 21st
Time:    4pm PST and 7pm EST
Where:  TechNet Chat Room

No password required but you will need a Windows Live ID

NB; I doubt very much if I will be there as unfortunately, 7pm EST is about 1 in the morning for me.... and it's a work night :(

System Live Protect and SpyHazard

Two new rogue programs are out there on the Net trying to get you, System Live Protect and SpyHazard. Both should be avoided like the garbage they are.

System Live Protect is trying to pass itself off as a Microsoft program and playing off the name of the real Windows Live Onecare. I just finished testing Live Onecare and the screen shots of System Live Protect look too similar. They are definitely trying to trick people. Anyways, I don't have any copies of this joke to test, but you can look at Bleeping Computer's System Live Protect removal help. Hijackthis logs will show this if you have this rogue:

O4 - HKLM\..\Run: [LiveProtect] "C:\Program Files\LiveProtect\LiveProtect.exe" -h

SpyHazard is another rogue. This one looks pretty generic compared to it's fellow fake antispyware programs like SpyCrush and SpyLocked. You'll find the following line if you run Hijackthis:

O4 - HKLM\..\Run: [SpyHazard] C:\Program Files\SpyHazard\SpyHazard.exe /h

In add or remove programs you'll find SpyHazard 3.1 which you should uninstall. It will leave behind some other junk, so follow another Bleeping Computer removal guide to get rid of the rest.

Sunday, June 17, 2007

Zone Alarm For Vista

Check Point Software Technologies Ltd have announced the availability of ZoneAlarm Internet Security Suite 7.1 for the Microsoft Windows Vista operating system. ZoneAlarm Antivirus and the free ZoneAlarm firewall were also made available for Vista.

By utilizing Vista's new API and providing a deeper OS-layer firewall, ZoneAlarm can provide consumers with greater protection and stability on the Vista operating system, said Charles Kolodgy, research director at IDC. As hackers innovate, security vendors can not rely purely on old methods and old technologies - it's good to see ZoneAlarm lead the way.

With comprehensive multi-layer protection, including best-of-breed antivirus, anti-spyware, and the renowned ZoneAlarm firewall, ZoneAlarm Internet Security Suite 7.1 safeguards PC users against today's most complex online threats. Through its exclusive operating system firewall, ZoneAlarm Internet Security Suite employs the deepest levels of integration with the Vista operating system to proactively prevent threats that basic, traditional firewalls and signature-based systems miss.

See the ZoneAlarm press release for more information.

ZoneAlarm downloads, including the basic free version available here.

If you want to know what else is compatible with Vista, then Vista Bookmarks is the place to go.

Wednesday, June 13, 2007

FBI Take Down Botnet

As part of an ongoing CyberCrime initiative, the FBI have managed to disrupt and dismantle a botnet that had over one million IP addresses subscribed to it.

A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

The majority of victims will not even be aware that their computers have been compromised, their personal information stolen and thier computers controlled remotely and used for possible criminal activities.

The FBI are currently trying to contact the victim owners of these computers. However they stress that they will not try to contact anyone online or ask for personal information. So please be wary if you recieve any unsolicited emails.

See the full FBI press release here with contact details if you suspect you have recieved a fraudulent communication about this matter.

Monday, June 11, 2007

Spyware Doctor 3.0745 0

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0745 0
Intelli-Signatures: 195,630

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:

New Intelli-Signatures:
3.0745 0 - Trojan.Srchspy, Trojan.Downloader.Small.CZL, Trojan.PSW.Delf.QC

3.0744 0 - Trojan.Agent.SD, Email.Worm.Brontok.Q, Trojan.PSW.Delf.KT

Extended Intelli-Signatures:
3.0745 0 - CWS, Carpe Diem, DownloadWare, LockSky, ShowBehind, Trojan.PSW.QQPass.GE, Trojan.QQHook.A, Trojan.Downloader.Small.DTC, Trojan.Dropper.Small.AEK, Trojan.Proxy.Ranky, Trojan.Downloader.Small.CML, Worm.IM.Sohanad, Adware.Cinmus, Trojan.Tagasaurus,

3.0744 0 - Borlander, Backdoor.Sdbot.AAD, Trojan.Downloader.Small.ATL, SpywareNo, Trojan.Agent.ABF, Trojan.PWS.Onlinegames.BS, Known Bad Sites, Trojan.PSW.QQPass.GE, Trojan.PWSteal.QQPass, Dialer.AY

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Safari 3 Beta For Mac and Windows

Apple has released a public beta of it's Safari web browser. Until now, it's only been available on mac computers, so this is an interesting development. Safari version 3 will be the the one that comes with the next release of Mac OS 10.5 Leopard. It is currently beta, so that means it is still being tested and worked on. It may stil have bugs or not work as expected.

The free public beta of Safari 3 is available immediately as a download at, and is preview software licensed for use on a trial basis for a limited time. The final version of Safari 3 will be available as a feature in the upcoming Mac OS® X version 10.5 Leopard, and will be available as a free download to Mac OS X Tiger and Windows
users in October.

System requirements:
Safari 3 for Mac OS X requires Mac OS X Tiger 10.4.9 or later, a minimum of 256MB of memory and is designed to run on any Intel-based Mac or a Mac with a PowerPC G5, G4 or G3 processor and built-in FireWire®.
Safari 3 for Windows requires Windows XP or Windows Vista, a minimum of 256 MB of memory and a system with at least a 500 MHz Intel Pentium processor.

Sunday, June 10, 2007

Yahoo Messenger Needs Security Update

If you use Yahoo Messenger, then you need to update it to prevent the hackers and crackers from getting you. F-Secure says that there are already easy to obtain ways to use the 2 vulnerabilities to let hackers, script kiddies or whatever you want to call them take control of your computer:

Very accurate and script-kiddie-friendly exploits are publicly available for both vulnerablities. It is possible that crimeware distributors will start exploiting this for drive-by downloads.

Go to Yahoo's security update page for this problem if you want to see details about it. You can also go straight to the Yahoo Messenger download page to get the latest version to fix this problem.

NOD32 Update 2319 (20070608) SpyCrush

NOD32 Antivirus detection database has been updated to version 2319 (20070608). I notice SpyCrush and SpyLocked are listed in the update as threats detected.

Threats added in this update include the following:

IRC/SdBot, Win32/Adware.BHO.BU (2), Win32/Adware.ExpertAntivirus (3), Win32/Adware.MalwareWipe (2), Win32/Adware.SpyCrush, Win32/Adware.SpyLocked, Win32/Adware.Virtumonde, Win32/Agent.ALT, Win32/Agent.NEZ, Win32/BHO.G (2), Win32/Dialer.NAD, Win32/Dialer.NCY (2), Win32/DNSChanger (2), Win32/DNSChanger.NAD, Win32/Fuclip.AK (2), Win32/Hoax.Renos.NBI (3), Win32/Nuwar.Gen (2), Win32/PSW.Agent.NDP, Win32/PSW.Delf.NIG (4), Win32/PSW.LdPinch.NCB, Win32/PSW.Legendmir.NEW (3), Win32/PSW.OnLineGames.FQ, Win32/PSW.WOW.NCD, Win32/Rbot, Win32/Spy.Banker.COS (2), Win32/Spy.Banker.OAZ (2), Win32/Spy.Banker.OBA (2), Win32/Spy.BZub.JO, Win32/Stration.ZY (5), Win32/Stration.ZZ (8), Win32/TrojanDownloader.Agent.BSR (2), Win32/TrojanDownloader.Alphabet, Win32/TrojanDownloader.Banload.NPY (2), Win32/TrojanDownloader.Small.NUS, Win32/TrojanDownloader.Small.NVK, Win32/TrojanDownloader.Small.NVL, Win32/TrojanDownloader.Zlob, Win32/TrojanDownloader.Zlob.AXP (2), Win32/TrojanDownloader.Zlob.AXQ (2), Win32/VB.BCE (2), Win32/Viking.DE (3)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page. They offer a free, fully functional 30 Day trial of NOD32. Yes, it will remove what it finds if you are in the 30 day time limit.

Microsoft Security Bulletin - Advance Notification for June

Microsoft have released an advance notification for the updates that are due to be released next Tuesday.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 12 June 2007 Microsoft is planning to release:

Security Updates
  • Three Microsoft Security Bulletins affecting Microsoft Windows.
    The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

  • One Microsoft Security Bulletin affecting Microsoft Windows and Internet Explorer. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. This update will require a restart.

  • One Microsoft Security Bulletin affecting Microsoft Windows, Outlook Express and Windows Mail. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. This update will require a restart.

  • One Microsoft Security Bulletin affecting Microsoft Office and Visio. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer. This update may require a restart.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

  • Microsoft is not planning to release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

  • Microsoft will release 7 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

  • Microsoft Security Bulletin Advance Notification

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

Saturday, June 09, 2007

Ad Aware 2007 Program Updated to

I'm still testing the new Ad Aware 2007, so I haven't decided how good or bad it is yet. The one problem I did have was fixed by updating it to version The initial version released wouldn't allow me to scan and generated an error. After updating, the problem was gone. There's also an update to the part of Ad Aware 2007 that downloads updates. I definitely recommend updating to version if you are getting error messages or are having problems.

SpyCrush Updates Itself But Is Still a Rogue

SpyCrush came out back in February. It and SpyLocked were making the rounds as the latest fake antispyware programs that infected your computer and then tried to get you to buy them to remove the spyware that they put on your computer. SpyLocked seems to have gone away or turned into SpyLocked, which has been updated. No matter what, don't buy it or use it. It's a scam.

You'll see some or all of the following entries in Hijackthis:

O4 - HKLM\..\Run: [SpyCrush] C:\Program Files\SpyCrush\SpyCrush.exe /h

O4 - HKLM\..\Run: [SpyCrush 3.1] "C:\Program Files\SpyCrush 3.1\SpyCrush 3.1.exe" /h

O4 - HKLM\..\Run: [SpyCrush 3.2] "C:\Program Files\SpyCrush 3.2\SpyCrush 3.2.exe" /h

Take a look at Bleeping Computer's SpyCrush removal instructions on how to remove this threat

Friday, June 08, 2007

Ad-Aware 2007 Released

Yesterday, Lavasoft released the new version of their popular product, Ad-Aware.

Ad-Aware 2007 is now available for download from a number of sites like, PC World and Major Geeks. As always, Lavasoft have provided a free version of the product, Ad-Aware 2007 Free.

If you already have a license for Ad-Aware SE then you will be able to update through the LavaSoft support centre from June 18.

Vista users will need to wait until August for a Vista compatible release. I can't wait, I've missed Ad-Aware.