+ ActualSpy + IMSurfSentinel + Win32.ActiveKeyLogger
+ Forbot + Smitfraud-C. + SpyHeal + SpyHunter + SpyDawn + Win32.Banload.bsr
+ WebExplorer + WinSpy.SpySoftWareX + FreeKeylogger + EasyKeylogger
+ Banload + Nurech + Win32.Bagle.E + Win32.LowZones + Win32.Rbot + Win32.Bagle.av ++ Win32.Bagle.hl + Zlob.SiteTicket + Zlob.AdultAccess + Zlob.VideoAccessActiveXObject + Zlob.VideoAccess + Banker.PorSMTP + Banker.PorSVC + Winsoftware.WinAntiVirusPro2007 + Win32.RAdmin
Total: 370983 fingerprints in 64108 rules for 2774 products.
Wednesday, March 28, 2007
The newest build of WinPatrol 2007 is now online.
- Major performance improvement reading the Windows registry when duplicate reading is being done other security programs.
- Right-click access to a programs Folder and Properties including Vista Security settings, Digital Signatures and Shadow copies
- Fixed a bug moving some Startup Folder items back from Delayed Startup to normal startup folder.
- Added backup method to launch programs that failed to start at the appropriate time.
PLUS members, just download the newest free version and Scotty should automatically activate your PLUS features. Everyone else, just overwrite your old WinPatrol with the newest free build.
Credit to Bits from Bill for the info.
Looks like The higher ups at AOL finally got the news that some of the banner ads were dealing out spyware and removed them. Sandi reports at Spyware Sucks that the affiliate who was infecting the banner ads on Aol.com web pages, has been tracked down and removed. There's also some thoughts and comparisons to how Microsoft handled a similar situation on their site.
Monday, March 26, 2007
Updated: March 26th, 2007
Total: 7363 Items
SpywareBlaster is free and available from Javacool's SpywareBlaster page.
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
- Restrict the actions of potentially unwanted sites in Internet Explorer
I reported recently how Winfixer had infiltrated MSN's advertising network. Microsoft acted swiftly to these reports and stomped on the problem quick smart.
AOL are having the same problem, but unlike Microsoft, don't seem to be doing anything about it. I really can't understand this, I would have thought that a big company like AOL would have been on this before the ink had time to dry on the notification email.
See SpywareSucks for all the info
and this is the latest from Sandi... check it out
It looks like Sandi has managed to get AOL to sit up and take notice after all......... go girl!! Latest from SpywareSucks
A few days ago, fellow MVP Sandi Hardmeier reported that Winfixer was being installed from some of the advertising on Aol.com web pages. You can see on her Gotcha! Winfixer and Aol post all of the details. In short, Aol has advertising banners that show many ads. One of them will load from errorsafe.com and then attempt to trick you into installing System Doctor. A few screen shots can be seen here. The whole thing is a scam to trick people into buying the program. AOL needs to remove these ads immediately. By allowing them to stay, AOL is allowing people's computers to get infected with spyware and letting the spyware creators make money.
Winfixer is one of many names the rogue program goes by. There are different versions that use different names. Some of them are: System Doctor, WinAntiVirus, ErrorSafe and DriveCleaner. They aren't fake antispyware programs, but they claim to find problems with Windows, kind of like registry cleaners. The problems reported by one of these programs aren't real. They are used to trick you into buying the program. You will also get pop ups and other unwanted reminders to buy the program. Sunbelt CounterSpy targets these programs under ErrorSafe. Antivirus programs detect Winfixer as well. Symantic and McAfee have detailed web pages that describe this threat as well.
AOL needs to take action to protect their users immediately. While the Winfixer ads are infrequent, the large number of people who visit aol.com means that many people are being put at risk. Also, by hosting the ads for Winfixer, this means Aol is directly responsible for letting these spyware creators make money. Any delay in removing the Winfixer trojan from Aol is not acceptable.
Monday, March 19, 2007
A new rogue named SpyLocked is the latest fake antispyware program found today. SpyLocked will be installed on your program by one of the Zlob trojans from installing a fake codec to view video files. You don't really need to install the fake codec, but you will be tricked into installing it so SpyLocked can get onto your computer. Once it is on your computer, you will get pop ups and warnings that you have spyware. Then you will be coerced to buy SpyLock or one of the other fake programs.
The following is one of the fake warnings you will see when you get infected. This is from an earlier rogue program SpyFalcon, but the same kind of warning happens with SpyLocked.
Removal instructions can be found at Bleeping Computer's How to remove SpyLocked instructions. In a few days, the programs used in my earlier post, Easy Fix For Spyware and Virus Alert post should be updated to remove SpyLocked.
Ad Aware has been updated, the new definition is SE1R161 19.03.2007
Softomate Toolbar +4
Ad Aware can be downloaded from the official Lavasoft Ad Aware page.
Sunday, March 18, 2007
Last week, the American Anti-Spyware Bill got it's third hearing in the House Subcommittee on Commerce, Trade and Consumer Protection. It has already been passed twice by the U.S House of Representatives, only to get quashed by the Senate.
The full article about this can be found at Security Focus, it's a two page article, make sure you read it all. Here are some snippets of interest.
The bill, whose full title is the "Securely Protect Yourself Against Cyber Trespass Act," would prohibit any software that takes control of a computer, modifies registry settings, logs keystrokes, or collects other data through misrepresentation. The legislation would also require that any program that collects information first get consent from the computer's user. The bill would levy stiff civil penalties against those responsible for programs that hijack a user's computer or collects data without adequate authorization.
Congress needs to give consumer's better protections against unsavory practices of spyware vendors, Rep. Bobby L. Rush (D-Ill.), chairman of the House Subcommittee on Commerce, Trade and Consumer Protection, said in a statement.
"At worst, spyware can lead to the unwanted exposure of offensive Web content to unsuspecting individuals, particularly children," Rush said. "It can also lead to outright fraud resulting in significant financial damages. At best, spyware is simply nasty stuff that clogs computers, slows down processing power, and is costly to remove."
Spyware is likely the most prevalent online threat, infecting more than half of all consumers' PCs, according to a study published by AOL and National Cyber Security Alliance in December 2005. Moreover, a single spyware program frequently acts as a beachhead, installing other spyware or adware programs on a victim's PC.
The unwanted programs, in addition to stealing a victim's data, could also make an innocent PC user appear guilty of a crime. In Connecticut, a substitute teacher has been found guilty of four counts of risk of injury to a minor after her classroom PC started displaying pornographic pop-up ads. A forensic investigator working for the defense found that the computer had been significantly compromised by spyware programs, and security researchers have criticized the prosecution for not adequately investigating the digital evidence. The teacher is scheduled to be sentenced at the end of March.
This got me to wondering what is happening in the UK at the moment. Well, there was a paper published last November by the Parliamentary Information Technology Commitee.(PITCOM) There are an interesting few paragraphs under the 'Hackers' and cyber crime heading.
The Computer Misuse Act was updated recently (and about time too). Although some of the wording in the Police and Justice Act is a bit worrying for IT and security professionals who are trying to combat cyber crime.
But my point is... how effective is this legislation? I don't recall seeing a news story where the good guys caught and prosecuted a cyber baddie recently.
Who is looking after the little guy on his home PC who is being bombarded with 'postcards from a friend' or being directed to phishing sites or getting dragged down by Winfixer?
It isn't just industry who are victims or potential victims of cyber crime, we all are... but who do we report it to? Is anyone collecting statistics? How do you get something done? Malware Complaints won't be able to solve your problems for you, but it is a step in the right direction.
Saturday, March 17, 2007
It's not a security update, but if you have an iPod Shuffle and need to restore it back to factory settings, this may interest you. iPod Reset Utility will restore your Shuffle back to factory settings when you aren't able to use the restore feature in iTunes. I would follow the iPod 5 R's before using the reset utility, since restoring your iPod will erase your music from the Shuffle.
iPod Rest Utility 1.0 download for Windows and Mac. Installation info and use can be found here.
CounterSpy 2.0 latest update definition is 518
CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.
CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.
New Threats Added to Database
Adware.Egyrank, Backdoor.Delf.AWA, Backdoor.Win32.SdBot.bfn, Constructor.Win32.MicroJoiner.155r, Email-Flooder.Win16.AoKilla.a, Email-Worm.Win32.Locksky.bb, Exploit.Win32.DCom.ay, Exploit.Win32.ShellCode.m, Monitor.Win32.KeyLogger.x, Nuker.Win32.Nuaa, P2P-Worm.Win32.Agent.w, Trojan-AOL.Win32.VB.ag, Trojan-Clicker, Trojan-Downloader, Trojan-Downloader.Win32.VB.auj, Trojan-Dropper.AK, Trojan-Keylogger.4DC7ECCE, Trojan-Proxy.Win32.Slaper.p, Trojan-PWS.LDPinch.CW, Trojan-PWStealer.FA98F453, Trojan-Spy.Win32.Banbra.AC.dam#2, Trojan.Dialer.457FA747, Trojan.DNSChanger.AN, Worm.Win32.Viking.ii
Threats that have been updated
ActMon Computer Monitoring, Adware.NewWeb, Adware.Webprefix, All-In-One Spy, Ardamax Keylogger, AskYaya, Backdoor.Win32.Hupigon.cda, Backdoor.Win32.Hupigon.cpb, Backdoor.Win32.Hupigon.cvx, Backdoor.Win32.Hupigon.dka, Backdoor.Win32.Hupigon.dkl, Backdoor.Win32.Hupigon.dnt, Backdoor.Win32.Hupigon.dsj, Backdoor.Win32.Hupigon.dst, Backdoor.Win32.Hupigon.dwu, Backdoor.Win32.Hupigon.edt, Backdoor.Win32.Hupigon.ejr, Backdoor.Win32.Hupigon.ekr, Backdoor.Win32.Hupigon.elw, Backdoor.Win32.Hupigon.gs, Backdoor.Win32.Hupigon.mc, Backdoor.Win32.Hupigon.pv, Backdoor.Win32.Hupigon.rc, Backdoor.Win32.Hupigon.uh, Backdoor.Win32.IRCBot.ul, Backdoor.Win32.IRCBot.wd, Backdoor.Win32.IRCBot.wt, Backdoor.Win32.IRCBot.ye, Backdoor.Win32.IRCBot.zx, Backdoor.Win32.Liondoor.240, Backdoor.Win32.mIRC-based, Backdoor.Win32.Nucleroot.a, Backdoor.Win32.Pahador.t, Backdoor.Win32.PcClient.yu, Backdoor.Win32.PoisonIvy.j, Backdoor.Win32.Prorat.19.i, Backdoor.Win32.Prorat.b, Backdoor.Win32.Prorat.dz, Backdoor.Win32.Prorat.ef, Backdoor.Win32.Rbot.adf, , ackdoor.Win32.Rbot.aeu, Backdoor.Win32.Rbot.asn, Backdoor.Win32.Rbot.bmf, Backdoor.Win32.Rbot.bni, Backdoor.Win32.Rbot.bns, Backdoor.Win32.Rbot.bud, Backdoor.Win32.Rbot.gen, Backdoor.Win32.Rukap.e, Backdoor.Win32.SchoolBus.b, Backdoor.Win32.SdBot.aad, Backdoor.Win32.SdBot.aqj, Backdoor.Win32.ServU-based.bq, Backdoor.Win32.ServU-based.t, Backdoor.Win32.SkSocket.109, Backdoor.Win32.Small.hf, Backdoor.Win32.Small.lu, Backdoor.Win32.Small.ly, Backdoor.Win32.Spookdoor.58.b, Backdoor.Win32.VanBot.ax, Backdoor.Win32.VanBot.ay, Backdoor.Win32.VanBot.f, Backdoor.Win32.VanBot.g, Backdoor.Win32.VB.avd, Backdoor.Win32.VB.awr, Backdoor.Win32.VB.bab, Backdoor.Win32.VB.bam, Backdoor.Win32.Zombam.m, BaiduBar, Bloodhound.Packed.7, Borlan.MMsAssist, Boss Everywhere, CarpeDiem, Claria.GAIN.OfferCompanion, ClickSpring.PuritySCAN, Constructor.Win32.MicroJoiner.17, Dialer.TrafficAdvance, Dialer.Volta, Dialer.WSV, DialerPlatform, Dimpy.Win32VBsy, Dreamadvert, EGroup.InstantAccess, EgyRank Toolbar, Email-Worm.Win32.Bagle.as, Email-Worm.Win32.Bagle.hp, Email-Worm.Win32.Brontok.q, Email-Worm.Win32.Buchon.c, Email-Worm.Win32.GOPworm.196, Email-Worm.Win32.Locksky.ba, Email-Worm.Win32.Magistr.b, Email-Worm.Win32.Runouce.b, Eqiso, Exploit.HTML.CodeBaseExec, Exploit.Win32.Wkk.f, Goldun.Fam, Hacktool.Rootkit, Haxdoor.Fam, Hotbar, IamBigBrother, IEHost, Infostealer.Bancos, Infostealer.Lineage, Infostealer.QQRob.A, MidAddle, Net-Worm.Win32.Allaple.a, Net-Worm.Win32.Bobic.q, NewDotNet, Optix, P2P-Worm.Win32.Polip.a, P2P-Worm.Win32.SpyBot.gen, P2P-Worm.Win32.Tibick, P2P-Worm.Win32.VB.cm, Perfect Keylogger, PigSearch, PlugIn Movie Limited, Rootkit.Agent.J, Rootkit.Win32.Agent.ck, Rootkit.Win32.Agent.dq, Rootkit.Win32.Agent.ea, Rootkit.Win32.Vanti.ee, SC-KeyLog, Spammer-Win32/Mailbot.P, SpamTool.Win32.Agent.u, SpamTool.Win32.Delf.m, Storm.Worm, Trojan-Clicker.Win32.Agent.jh, Trojan-Clicker.Win32.Small.mn, Trojan-Downloader.AGR, Trojan-Downloader.Bancos!gen, Trojan-Downloader.Banload.ABR, Trojan-Downloader.VY, Trojan-Downloader.Win32.Agent.aez, Trojan-Downloader.Win32.Agent.afg, Trojan-Downloader.Win32.Bagle.bp, Trojan-Downloader.Win32.Banload.yo, Trojan-Downloader.Win32.Busky.gen, Trojan-Downloader.Win32.ConHook.gen, Trojan-Downloader.Win32.Cryptic.gen, Trojan-Downloader.Win32.Dadobra.es, Trojan-Downloader.Win32.Delf.aas, Trojan-Downloader.Win32.Koone, Trojan-Downloader.Win32.Mulod.A, Trojan-Downloader.Win32.Nurech.ay, Trojan-Downloader.Win32.Nurech.az, Trojan-Downloader.Win32.QQHelper.gen, Trojan-Downloader.Win32.QQHelper.rb, Trojan-Downloader.Win32.Small.bhp, Trojan-Dropper.Win32.ExeBind, Trojan-Dropper.Win32.ExeBinder.e, Trojan-IM.Win32.AimLog.a, Trojan-IM.Win32.VB.ac, Trojan-IM.Win32.VB.ai, Trojan-Keylogger.E2862E22, Trojan-Proxy.Win32.Agent.jz, Trojan-PSW.Win32.LdPinch.bmi, Trojan-PSW.Win32.Maran.cj, Trojan-Spy.Win32.VB.qp, Trojan-Spy.Win32.VBStat.h, Trojan.Adclicker, Trojan.Adduser.O, Trojan.Agent.ACX, Trojan.Agent.AMS, Trojan.BAT.Agent.j, Trojan.BAT.KillAV.ec, Trojan.Bombocika.A, Trojan.Busky.1.Gen, Trojan.Crackpai.A, Trojan.FakeAlert, Trojan.FatObfus.Gen, Trojan.FirewallBypass, Trojan.Flooder.I, Trojan.GameStealer.D, Trojan.Graybird.1533F53D, Trojan.Gromozon, Trojan.KillAV, Trojan.Killproc!KH, Trojan.Legmir.E, Trojan.LinkOptimizer, Trojan.Mespam, Trojan.Monicker, Trojan.Muldrop.FL, Trojan.Mydoom.119A3766, Trojan.Mydoom.F647222A, Trojan.Nimosw.A, Trojan.Nukem, Trojan.Obfus.Gen, Trojan.P!VPk!.EAE444B5, Trojan.Packed.13, Trojan.Packed.9, Trojan.Panddos, Trojan.Patch.B, Trojan.Peed.Gen, Trojan.Peflog.31, Trojan.Perfloger.AA8D53CB, Trojan.Sdbot.DD54BC8A, Trojan.ServU.CF2D516A, Trojan.SFMYBd.3CF6D329, Trojan.ShellHook, Trojan.SP!Pk!.294178FA, Trojan.Spambot.BXB, Trojan.Spambot.BXC, Trojan.StartPage, Trojan.Unclassified.gen, Trojan.Win32.Dialer.cj, Trojan.Win32.DNSChanger.fb, Trojan.Win32.DNSChanger.io, Trojan.Win32.KillAV.is, Trojan.Win32.NSAnti, Trojan.Win32.NSAnti.b, Trojan.Win32.Pakes, Trojan.Win32.Patched.g, Trojan.Win32.Small.fb, Trojan.Win32.Small.ih, Trojan.Win32.StartPage.amd, Trojan.Zapchas.F, Ultimate Defender, Virtumonde, VirusBurst, W32.IRCBot, W32.Lunalight@mm, W32.Rahack.H, W32.Spybot.Worm, W32/MEWpacked.gen, WhenU.Save, Win32.ExplorerHijack, Win32.Stration.Gen@mm, Win32.Worm.Fujacks.AG, WinAntiVirus Pro, WinNT/Rootkitdrv.gen!A, Worm-Win32/Nuwar.gen, Worm.Magistr.H, Worm.Win32.VB.cz, Worm.Win32.Viking.iq, Worm.Win32.Viking.n, Zango.SearchAssistant
Spyware Doctor has been updated with new spyware definitions.
Latest Database Version: 3.0690 0
Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.
A free scan is available from the Spyware Doctor Homepage:
3.0690 0 - Adware.AdAgent, Trojan.Downloader.1372, Trojan.PSW.PWL
3.0689 0 - Adware.Fotomoto, Trojan.Downloader.Bagle, Trojan.Lasta, Trojan.PSW.PassDev, Trojan.PSW.QQTtff, Trojan.PSW.Recon, Trojan.PWSteal.QQPass.CV, Trojan.Spy.Banker.CJI
3.0688 0 - Trojan.PSW.QQPass.CD
3.0690 0 - Adware.NewWeb, AntiVirusGold, AsianRaw, Backdoor.Agent.JN, Backdoor.Aphexdoor, Backdoor.Blackhole, Backdoor.IRCBot, Common Components Unrelated, Dialupass, LockSky, Malware Wipe, Phoenix Keylogger, PodcastbarMini, Trojan.Agent, Trojan.Busky, Trojan.Dialer, Trojan.Downloader.QQHelper, Trojan.Downloader.VB, Trojan.Downloader.Zlob.GEN, Trojan.Fald, Trojan.LowZones, Trojan.Proxy.BK, Trojan.Spy.Flux, Trojan.Spy.VB
3.0689 0 - AdRotator, Adult_Chat, Adware.Agent.BN, Adware.Baigoo, Adware.Softomate, Backdoor.Bifrose.CY, Backdoor.Bifrose, Caishow, MSN Password Logger, PodcastbarMini, PSGuard Desktop Hijacker, SC Keylogger, SuperUtilBar, Trojan.Agent, Trojan.Busky, Trojan.Dropper.Agent.AMR, Trojan.KillFiles, Trojan.Proxy.SRSHost, Trojan.PSW.QQRob.U, Ultimate Defender, WinSpy Stealth Monitor, Worm.Alcaul, Worm.Padobot, Worm.Warezov
3.0688 0 - Adware.NewWeb, Backdoor.Agent.NC, CD1 Dialer, MokeAd, Trojan.Agent.AWW, Trojan.Dluca, Trojan.Downloader.CashDeluxe, Trojan.Downloader.Small.CQB, Trojan.IRC.Comiz, Trojan.PSW.Hazif, Trojan.PSW.OnlineGames.ES, Trojan.Spy.Banker.BT, Worm.Welchia
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.
Friday, March 16, 2007
I've been mostly quiet the last few months. I've been busy with work in the real world and some other offline activities. I also just got back from the 2007 MVP Global Summit in Seattle where I learned quite a bit about Windows Vista. It was great to hear directly from some of the people at Microsoft who are directly responsible for Vista.
Anyways, I've begun to change the blog to get it looking better than the generic template it has been using all of this time. Some of the antispyware programs have changed significantly recently, so I'll have to do some updating myself.
Thanks to Nellie for keeping some quality content here.
Monday, March 12, 2007
Microsoft have released an advance notification for the updates that are due to be released next Tuesday.
On 13 March 2007 Microsoft is planning to release:
No Security UpdatesMicrosoft Windows Malicious Software Removal Tool
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
- Microsoft will release two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
- Microsoft will release four NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Because there are no new Security Bulletins, Microsoft will not host a webcast on March 14th 2007
Thursday, March 08, 2007
Last September, Beatrice Ochoa paid for Winfixer to get rid of the spyware and pop ups. When Winfixer didn't help, she contacted their support. It was never available. When she started getting more advertisements from VipFares.com, enough was enough. Beatrice hired a lawyer and started a class action lawsuit.
Copy of a news story from KTVU Channel 2 posted at Youtube. I couldn't find a copy on the KTVU website. It's worth watching to see how the Winfixer crooks are making tens of thousands of dollars by putting malware on your computer.
Here's a link to the blog from the lawyer about the case. Here is a great write up of information at Spyware Sucks from a few days ago. It has links and instructions on how to find the case on the Santa Clara Superior Court website. You need to search for case 106CV072057 to check the status. There's also some info about Vipfares.com and Mark Cohen, who is one of the people sued by Beatrice's lawyer.
Wednesday, March 07, 2007
..... with all that security stuff?
Good question, why should you? After all, once your computer becomes unusable because it's taking 10 minutes to boot up and those pop ups are just getting really annoying and the internet seems really clogged up... well, you can just reformat and start all over again can't you, no need to bother with all that anti virus rubbish and why worry about downloading cracked software and illegal music, everybody does it and it's par for the course if you get a trojan or two whilst you are at it. Innit??
Well......... here is an eye opener for you.
I've been following Paperghost's reporting on the Julie Amero case, I just love it when he gets all steamed up about something and he has good reason to in this case. Anyway, Paperghost found this story while he was checking stuff out.
Basically what happened was that a young lad was arrested because he had illegal images on his computer... the police targeted him because child porn was being uploaded from his computer.
It is possible for a criminal to zombify your PC and use it to download and view bad stuff, to store bad stuff on your computer and to send it to others from your computer and you may not know anything about it until the police come to impound your kit and take you away.
All it takes is one itty bitty trojan.
Your home computer could, as you’re reading this, contain child pornography or other illegal material placed there by criminals who have turned your computer into a “zombie” which they control at their whim. And under the laws of many states, and federal legislation being pushed hard in Congress, you could go to jail for what is found on your computer, even if you didn’t put it there.
Posted by Nellie2 at 11:33 AM