From the monthly archives:

February 2006

180 Solutions

by certifiedbug on February 23, 2006

in Internet Security

Ben Edelman
February 20 , 2006
Nonconsensual 180 Installations Continue, Despite 180’s “S3″ Screen

On Friday morning (February 17), I received a nonconsensual installation of 180solutions Zango software through a security exploit.

But what’s newsworthy here is that 180solutions got installed, even though 180 last year told the world that these nonconsensual installations were impossible.

180’s October press release correctly describes the serious harms that occur when users receive many advertising programs. “A myriad of unwanted software … can often negatively impact system performance,” 180 admitted. But 180 then claimed that S3 would keep 180 out of such bundles. I disagree. According to my records, the installation at issue also installed Ad-w-a-r-e, Adservs, Integrated Search Technologies, Internet Optimizer, Media Tickets, New.net, Quicklinks, Surfsidekick, Tagasaurus, Targetsaver, Toolbar888, Ucmore, Webhancer, Web Nexus, WinFixer, and more. These many programs collectively bombarded my test PC with an incredible 730 registry keys, 1194 registry values, 461 files, and 43 file folders. Worse, the newly-installed programs caused 61 processes to run on my test PC, via 24 EXEs set to load each time I turned on my computer. The programs even added three different toolbars to my web browser.

Copyright © is the original authors.

{ Comments on this entry are closed }

Who owns that computer anyway

by certifiedbug on February 21, 2006

in Internet Security

Invasion of the Computer Snatchers
washingtonpost.com
By Brian Krebs
Sunday, February 19, 2006

In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves.

The young hacker doesn’t have much sympathy for his victims. “All those people in my botnet, right, if I don’t use them, they’re just gonna eventually get caught up in someone else’s net, so it might as well be mine,” 0×80 says. “I mean, most of these people I infect are so stupid they really ain’t got no business being on [the Internet] in the first place.”

A quick scroll through the first few dozen pages of the file reveals credentials his victims have used to log in to online accounts at PayPal, eBay, Bank of America and Citibank, to name just a few.

Shadowboxing With a Bot Herder
washingtonpost.com
By Brian Krebs
March 9, 2006

Witlog may in fact be the product of a new generation of “script kiddiez”; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.

Copyright © is the original authors.

{ Comments on this entry are closed }

Mac OS X malware

February 21, 2006

Updated: 03-01-06
Apple security updates
Sophos in Mac OS X worm false alarm
Cure worse than disease
By John Leyden
Published Thursday 23rd February 2006
Sophos has apologised after releasing a faulty signature update that flagged up legitimate Mac OS X system files as infected with a new low-risk worm, Inqtana-B.
The faulty signature file, issued on Tuesday, February 21, falsely identified [...]

Read the full article →

Star skier takes home a gold metal and notoriety

February 19, 2006

By Stephen Hutcheon and Jacquelin Magnay
February 16, 2006
‘Spam man’ wins gold.
According to the International Olympic Committee’s website, Australia’s gold medallist Dale Begg-Smith, runs an internet pop-up advertising company that he describes as the third largest of its type.
According to the Canadian Press news agency, Begg-Smith said “his business had never dealt with any specific kind [...]

Read the full article →

Microsoft. Windows® Defender (Beta 2)

February 15, 2006

Microsoft has released Windows® Defender (Beta 2) which replaces Microsoft AntiSpyware.
Overview
Release notes
How to install and set up Windows Defender (Beta 2)
Download details

If you recieve an update error message after you reinstall Windows Defender Beta 2 see here: “Windows Defender definitions haven’t been updated�?

Read the full article →

Beware. SpyAxe and Other Bad Company

February 9, 2006

Installed on your computer via a Trojan these fake anti spyware programs popup a screen over the desktop or a balloon popup from the windows tray area; displaying a warning message that your computer is infected with spyware and telling you to purchase, download & install their program to remove it.
SpywareQuake and SpyFalcon.
These versions are [...]

Read the full article →

Fighting Back

February 6, 2006

Spyware Warrior
Fellow spyware warrior and Microsoft Security MVP Nellie2 has started a campaign to fight back against spyware pushers.
Nellie2
I have know Nellie2 for a few years now; she has helped countless users in the forums. Someone who genuinely cares about people; well…. unless they are malware writers.
Update: 02-10-06
Spyware warriors call for action
By Adam [...]

Read the full article →

IE7 Beta

February 6, 2006

IE7 Beta is out and available to the public for download.
Remember this is a Beta. Early days yet.
Thank you for choosing Microsoft and for trying this pre-release software. Everyone on the Internet Explorer team wants to make your web browsing experience safer and easier. We welcome your feedback.
To help you with beta testing, we’ve [...]

Read the full article →

Firefox Multiple Vulnerabilities

February 2, 2006

Highly critical.
Description:
Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, potentially disclose sensitive information, and potentially compromise a user’s system.
1) Some errors in the JavaScript engine where certain temporary variables are not properly protected may be exploited to execute arbitrary code [...]

Read the full article →