June 2006

[IP] Interesting interaction with Windows OneCare Live
A blogification of Dave Farber’s Interesting People mailing list
Friday, June 23, 2006
From a forwarded message to Dave Farber:

I called Microsoft support to see if there is a hidden option to say,
“yep, I’ve got updates turned to manual… it’s okay.” The rep said,
“No and why wouldn’t you want to get the latest updates to Windows.”

He told me that “in the fall, having the latest WGA will become
mandatory and if its not installed, Windows will give a 30 day
warning and when the 30 days is up and WGA isn’t installed, Windows
will stop working, so you might as well install WGA now.”

Windows Genuine Advantage
Misperceptions about WGA
MSDN Blog

With all of the recent interest in WGA over the past month, I wanted to take a moment to clarify a few of the misperceptions out there and hopefully bring some clarity about what the program is intended to do.

Published Friday, June 30, 2006 11:41 PM by alexkoc

More here

Speak to us at Microsoft! » Windows Genuine Advantage Talkback » Feedback and Comments

©Microsoft Corporation

The Register
MS fixes phone-home nagware
By Andrew Orlowski
Published Wednesday 28th June 2006

Microsoft has patched a controversial nagware update that “phoned home” every time Windows started. Redmond has also issued an advisory with instructions on how to remove the software.

Microsoft Help and Support
How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications
Article ID : 921914
Last Review : June 27, 2006
Revision : 1.2

SUMMARY

This article applies to the version of Microsoft Windows Genuine Advantage (WGA) Notifications that is distributed during the pilot program. For example, this version is included in the pre-release version that accompanies the Microsoft Software License Terms. To safely and easily uninstall the pilot version, you must install the general release version of WGA Notifications. If you do not install this version, you can follow the steps in this article to disable or uninstall the pilot version.

Important These instructions have not been tested on the general release version of the WGA Notifications. Therefore, these instructions are not supported. Microsoft will offer the general release version of WGA Notifications to users who uninstall the pilot version at a later date. These users will obtain the general release version through the Microsoft Automatic Update service. WGA Notifications is part of the Windows Genuine Advantage program.

When you use a non-genuine version of Windows, you receive a message when you log on that states that the copy of Windows appears to be non-genuine. Then, you are directed to the WGA Web site to learn more. If you do not want to obtain a genuine copy of Windows, you receive periodic messages that notify you that the copy of Windows appears to be non-genuine.

Note If you are running a genuine copy of Windows and want to use WGA Notifications, you may receive messages to update Windows XP.

Regardless of genuine status, users are not denied access to critical updates. However, users who have not validated their computers as genuine are not able to install other updates such as those for Microsoft Internet Explorer 7.0 and Microsoft Windows Defender.

More here

Arbor Networks Security Blog
Long Lived Malware Distribution Sites
by Jose Nazario
Posted on Thursday, June 22nd, 2006

In my malware investigations, I’ve repeatedly seen a UK-based host, so I began to dig deeper. I don’t have the time to dig this deep into every site, so it really has to be something that gets my attention to warrant such a distraction. In this case, it was seeing repeated downloads of files from one directory.

If you want to protect your users, consider blackhole’ing this malicious network: 217.73.64.0/20, belonging to AS16238.

Article

Other bloggers on this story:

Spyware Confidential
The perpetual malware distribution site lives on
Posted by Suzi Turner
June 23, 2006

In the course of my work, I see or hear about a lot of sites used for phishing and for distribution of malware. There are teams of people working constantly toward getting these shut down, but some just keep distributing malware even after the ISP/hosting company is notified.

Nellie2’s Blog
Malware distribution happening in the UK
Post in Security Related
24.06.06

I do feel that we should Stand Up and be Counted, and if we make enough noise to our respective governments then we will begin to make progress.

Bleeping Computer Security Blog
The malware site that keeps going and going…
Filed under malware, dialers
Added by: Bleeping Malware
June 27, 2006 at 4:23 pm

After reading an article written by Jose Nazario, a security expert for Arbor Networks about a particular long lived malware distribution site located on the 217.73.66.0 network I thought it would be interesting to document what this malware does when you install it. It should be noted that I do not have a modem installed, so the results will be different on a computer with one installed.

Webhelper
25 June 2006

Due to the June 2006 DDos attacks against webhelper4u.com along with the lack of security with my old hosting service, I have moved to a new hosting service that gives me the ability to fight against future DDos attacks.

More here

26 June 2006
Webhelper DollarRevenue Main Menu

Because of the June 2006 DDos attacks against me from a trojan that came from DollarRevenue’s exetrafflc.com site, the following section will be devoted to the watching of all DollarRevenue.com’s opperations (sic) around the Internet.

Claria will stop displaying GAIN pop-up and other GAIN ads on July 1, 2006 and will stop supporting all GAIN Supported Software on October 1, 2006. After October 1, 2006, GAIN software may not function properly.
Our software will continue to collect data about your web usage from your computer for research and other purposes as described in our Privacy Statement until September 30, 2006, unless you uninstall the software before this date.

More here

Claria Corporation has PersonalWeb in Beta.

If you are considering using PersonalWeb I suggest reading the Privacy Policy first.

As for me, thanks but no thanks.

The Register
‘MOOP’ members cuffed in UK and Finland
By Lester Haines
Published Tuesday 27th June 2006

A Metropolitan Police statement reads: “This highly organised group are suspected of writing new computer viruses in order to avoid detection by anti-virus products. They have been primarily targeting UK businesses since at least 2005, and during this time thousands of computers are known to have been infected across the globe.”

The Register
Junk mail scumbags in harvesting attack
By John Leyden
Published Monday 26th June 2006

Spammers launched a huge number of directory harvesting emails over recent days in an apparent attempt to update their email databases. The attack, which lasted several days, peaked on Sunday, 18 June when web security firm BlackSpider intercepted 109 times more of these malicious emails than it normally intercepts.

The Register
80 jobs scrapped
By Joe Fay
Published Tuesday 27th June 2006

The vendor will stop designing and making the Symantec Security, Symantec Network Security 7100 and Advanced Manager 3.0 products.

While it will continue to develop the software underpinning the devices, it is apparently hoping other companies will step forward and make the hardware.

pandasoftware
Press Releases
6/23/2006.

PandaLabs has discovered that Browsezilla, a fully functional Web browser available on several web pages, discreetly infects computers with the adware PicsPlace
The malware installed by Browsezilla is used to periodically connect to web pages with adult content. The pages however, are not visible to the user, as the objective is to fraudulently increase the number of hits on the site

browsezilla.org/press
26/06/06

Panda Software International 6/23/2006 have published this press release on their site: http://www.pandasoftware.com/about/press/viewNews.aspx?noticia=7520&sitepanda=particulares containing a unreliable information about our software product BrowseZilla.

The information presented in this release is false and puts the serious loss to reputation of our browser, and also puts the financial losses connected with significant reduction number of users, number of potential users and refusal of other sites in cooperation.

Final customer notifications about the end of Windows XP SP1 and SP1a support

Support for Microsoft Windows XP Service Pack 1 (SP1) and Service Pack 1a (SP1a) ends on October 10, 2006. Microsoft will end support on this date. This also includes security updates for these service packs. Microsoft is providing final notifications to customers regarding the end of support for these products.

Microsoft is ending support for these products as part of the Microsoft Support Lifecycle Service Pack support policy. We recommend that customers who are still running Windows XP SP1 or SP1a upgrade to Windows XP Service Pack 2 as soon as possible.

To determine whether you are running Windows XP SP1, right-click My Computer, and then click Properties. If “Service Pack 1″ appears under System, you are running Windows XP SP1. We do not recommend that you install SP1a if you are already running SP1. We recommend that you install Windows XP SP2 if you are running Windows XP SP1 or SP1a.

© 2006 Microsoft Corporation