Tuesday, February 27, 2007

Who's Phishng Who?

When legitimate email arrives in your inbox looking like phish, would you trust it? As part of a court settlement, email was sent to the consumers involved in the settlement. A subsidiary of Experion, one of he 3 credit reporting agencies, was complying with the terms of the settlement. However, the email directed you to a website to enter personal information like birth date, Social Security number, and other details that shouldn't be be divulged to just anyone. When legitimate email from legitimate companies arrive looking like phish, then it becomes apparent why people fall for the email that is a scam.

More at Security Fix

Saturday, February 24, 2007

Despite Ddos Attack Castle Cops Celebrates Five Years

Castle Cops, one of the top PC help sites and resources for others that do HJT logs, celebrates 5 years. Recently they have had to move the site due to a major Ddos attack conveniently staged during their "birthday" week. As Paul says "We will not be silenced"!


Digg it

Tuesday, February 20, 2007

Windows Live Messenger Serves Up Winfixer and ErrorSafe

As reported by fellow MVP Sandi Hardmeier at Spyware Sucks (bookmark it), malware known as Winfixer or Errorsafe has been distributed via banner ads on MSN or Windows Live Messenger as it is now known. This has been reported to Microsoft who released the following statement.

"Microsoft was notified of malware that was being served through ads placed in Windows Live Messenger banners. As a result of this notification we immediately investigated the reports and removed the offending ads, as this is a violation of our ad serving policy. We can confirm that the ads are no longer being served by any Microsoft system. We apologize for the inconvenience and are reviewing our ad approval process to reduce the chance of an occurrence such as this happening again. To help customers protect their PCs from malware threats, Microsoft recommends customers follow our Protect your PC guidance at www.microsoft.com/protect." - Whitney Burk, Microsoft.


With internet advertising being the main source of revenue for a lot of sites these days, this sort of thing is becoming all to common. One of the best ways to protect yourself is to install a good hosts file which will block known bad sites.

Please make sure you read all of Sandi's report, as usual she has done a very thorough investigation and gives some sound advice about avoiding infection from rogue sites.

Tuesday, February 13, 2007

Valentines day is a day for us to have a bit of fun with those we love and those we like quite a lot!!! I'm sure my Valentine is out there somewhere... he is just very good at hiding :-)

On a serious note though, sending your intended one of those free electronic greeting cards is a sure fire way to pass on your email addresses to spamming lists!!

And don't forget, malware vendors have been sending out worms as email attachments to the unwary, Valentines day is a great day for them to try to take advantage of the unwary. So please, if you don't know who the email is from then dump it and do not open any attachments.

Read more about this at;heart


WebUser The Register SC Magazine


Monday, February 12, 2007

SpyDawn Rises As Newest Rogue Antispyware Program

SpyDawn has been reported by Bleeping computer as the newest fake antispyware program. Removal instructions have been posted as well as screen shots, including the pop up warning by the clock. The web page spydawn.com should be added to all the security black lists soon.

Here is the spydawn.com domain information. IP location is in the Ukraine with Inhoster Hosting company. The domain is registered through Estdomains. Both bad signs.

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: SPYDAWN.COM

Registrant:
ODS ltd
Robyn Turner turnrobyn@gmail.com
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200

Creation Date: 12-Nov-2006
Expiration Date: 12-Nov-2007

Domain servers in listed order:
ns3.dragracers.biz
ns2.dragracers.biz
ns1.dragracers.biz


Administrative Contact:
ODS ltd
Robyn Turner turnrobyn@gmail.com
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200

Technical Contact:
ODS ltd
Robyn Turner
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200

Billing Contact:
ODS ltd
Robyn Turner
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200

Status:ACTIVE

SpyCrush Is Another Fake Antispyware Program

I've been busy with real life and haven't posted much over the last few months, but the bad guys have been busy. SpyCrush is the latest in the line of fake spyware removal programs that try to trick you into buying it. The same people who make the program are the ones who put the spyware on your computer. Other programs like this include SpywareQuake, SpyFalcon, SpywareStrike, SpySheriff and many others.

Besides the pop up warnings and other advertising trying to get you to buy it, you'll see this line in a Hijackthis log:

O4 - HKLM\..\Run: [SpyCrush] C:\Program Files\SpyCrush\SpyCrush.exe

Smitfraudfix has been updated to remove this pest, so you can use the removal instructions here. Alternative fix is posted at Bleeping Computer. Information about spycrush.com and how the program SpyCrush resembles and older rogue VirusBurst located at Security Cadets.

Sunday, February 11, 2007

Winpatrol 2007 for Vista

I'm a big fan of Winpatrol and wouldn't even consider running my PC without Scotty sitting in my task bar, keeping an eye on things for me.

BillP Studios have been busy testing a new version of Winpatrol and the full and final version is due for release tomorrow. Winpatrol 2007 is fully Vista compatible and has a great new feature called Delayed Start.


You probably have programs which you do want running in the background but you
don’t need to launch immediately on boot up. WinPatrol’s Delayed Start allows
you to specify the time to wait before launching programs which may typically
try to load while other system initialization are happening.
If you use
Vista's UAC(User Access Control), you may find some startup programs require
your permission before they can begin. Moving these programs to our Delayed
Start list can prevent simultaneous annoying systems pop ups.

The free Winpatrol version is fully functional and will provide you with all the protection that the Plus version gives you, however I do recommend that you upgrade to the Plus version, see here for comparisons.

Keep up with Winpatrol happenings at Bits From Bill

Thursday, February 08, 2007

MS Security Bulletin, Advance Notification for February

Microsoft have released an advance notification for the updates that are due to be released next Tuesday.

Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 13 February 2007 Microsoft is planning to release:

Security Updates

  • Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
  • Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
  • One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Visual Studio. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates will require a restart.
  • One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Office. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
  • One Microsoft Security Bulletin affecting Step-by-Step Interactive Training. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.
  • One Microsoft Security Bulletin affecting Microsoft Data Access Components. The highest Maximum Severity rating for this is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.
  • One Microsoft Security Bulletin affecting Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, and Microsoft ForeFront. The highest Maximum Severity rating for these is Critical. These products provide built-in mechanisms for automatic detection and deployment of updates. Some of these updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
  • Microsoft will release two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release eight NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Bulletin Advance Notification

Microsoft will also be hosting a webcast on Wednesday February 14th 11:00 AM Pacific Time (US & Canada), for attendees to ask questions about the bulletins and get answers from the security experts.

Tuesday, February 06, 2007

Safer Internet Day 2007

Today is Safer Internet Day.

Almost 40 countries will participate in the fourth edition of Safer Internet Day (SID) which this year takes place on 6 February. The event is organised by European Schoolnet, coordinator of Insafe, the European safer internet network (www.saferinternet.org). Viviane Reding, EU Commissioner for the Information Society and Media is once again patron of Safer Internet Day, as in the past two years.

The highlight of the day will once again be a worldwide blogathon, which will reach Australia on 6th February and progress westward through the day to finish up in the USA and Canada. Following the huge success encountered in 2006, this year's blogathon goes one step further to include the voices of hundreds of youngsters. In the framework of a competition launched in October 2006, more than 200 schools in 25 countries across the globe have been working in pairs, using technology to cross geographical borders, to create internet safety awareness material on one of three themes: e-privacy, netiquette, and power of image. On Safer Internet Day, all of the projects they have produced will be uploaded to the blogathon.

Links for more information and activities below;

Blogathon
Insafe Safer Internet Day 2007
EIS Safer Internet
BBC Technology Pages
EGov Monitor
The Register


Monday, February 05, 2007

Parental Controls in Vista

One of the exciting new features available in Windows Vista are the Parental Controls. These controls will help you, as a responsible parent, to allow your children to use the technology that is available for them in a safe and monitored environment.

Of course, as with anything that is new to us, getting our heads around how to actually use it can be a bit daunting. My friends at Bleeping Computer have just produced a great guide that will hopefully take a little of the head scratching out of setting up your Parental Controls.

With the launch of Windows Vista, Microsoft has introduced a new security feature called Windows Parental Controls. Windows Parental Controls allows a parent to configure, on a per user basis, various restrictions on what that user can do on the computer. These settings range from blocking websites to controlling what games they can play. Having access to these types of controls allows a parent to feel comfortable with their children using a computer and at the same time gives them the flexibility to customize these settings to their specific needs.

It is important to note that not all programs are compatible with Windows Parental Controls. In order for Windows Parental Controls to properly monitor and control certain activities on the computer, the application must be compatible with this new service. For the most part, most of the settings can be enforced across all applications, but it is important to test these controls using the applications that your users will be using. This way you know for sure that any restriction you put into place can be enforced. It is also important to note that Windows Parental Controls can only be assigned to a Standard User, which is a user with limited rights on the computer, and cannot be assigned to accounts that are configured as an Administrator. This is so a user cannot remove restrictions placed on them.

One of the more powerful features of this new service is that you will be able to view reports of the activity for each user that you have configured Parental Controls. The information you see will be determined by whether or not the user is using applications that are compatible with Windows Parental Controls. Assuming that all the applications are compatible you will be able to monitor the following activity.

  • Most recent websites blocked.
  • Attempts to visit sites that have been specifically blocked or allowed.
  • What files were downloaded.
  • What file downloads were blocked.
  • When the user logged on.
  • What programs they have run.
  • Emails sent and received
  • Instant Messages sent and received.
  • What games were played.
  • What media such as movies and videos were played.

For the full tutorial, please visit Setting up Windows Vista Parental Controls

Friday, February 02, 2007

Trojans Go to Superbowl XLI

The web site for Dolphin Stadium, where Super Bowl XLI will be played, got hacked and malicious code was added to it, Websense Security Labs reports . The web site for the Miami Dolphins, who play in Dolphin Stadium, also was attacked and infected with the same malware. The hackers changed the web page so it downloaded a file called w1c.exe to your computer. If your computer is not up to date on Windows security updates, then the hackers could get complete control of your computer. The good news is that all of the web sites have been fixed and are no longer offering the trojan.

The web sites that were affected are:
Dolphinsstadium.com
Dolphinstadium.com
Proplayerstadium.com
MiamiDolphins.com

You are vulnerable if you haven't installed these security updates MS06-014 and MS07-004 from Microsoft. If you are not sure if you are up to date, then visit Windows Update and select the express install to get your computer fully updated.

At the time of this post, the files that attack your computer are not detected well by most spyware and antivirus programs. Some of the files that attack your computer from this exploit are w1c.exe, msmsgs.exe, ADupdate.exe, 1.exe and 3.exe. These files and others have been submitted to the security companies, so they should be added to detection databases in the coming days.

Sitemeter