June 2006

Worm poses as Microsoft’s Windows Genuine Advantage (WGA)

by certifiedbug on June 30, 2006

in Internet Security

Worm Masquerades as Microsoft Antipiracy Program

W32.Cuebot-K spreads via through AIM and disguises itself as Windows Genuine Advantage on infected PCs.

Jeremy Kirk, IDG News Service
Friday, June 30, 2006

Security analysts have detected a new piece of malware that appears to run as a Microsoft program used to detect unlicensed versions of its operating system.

The malware has been classified as a worm and spreads through AOL’s Instant Messenger program, said Graham Cluley, senior technology consultant for Sophos PLC, a security vendor.

Sophos is calling it W32.Cuebot-K, a new variation in the Cuebot family of malware.

Cuebot-K can disable other software, shut off the Windows firewall, download new malicious programs, perform basic DDOS (distributed denial of service) attacks, scan local files and spawn a command prompt, Sophos said.

Article here

{ Comments on this entry are closed }

Future of Microsoft’s WGA?

by certifiedbug on June 30, 2006

in Microsoft

[IP] Interesting interaction with Windows OneCare Live
A blogification of Dave Farber’s Interesting People mailing list
Friday, June 23, 2006
From a forwarded message to Dave Farber:

I called Microsoft support to see if there is a hidden option to say,
“yep, I’ve got updates turned to manual… it’s okay.” The rep said,
“No and why wouldn’t you want to get the latest updates to Windows.”

He told me that “in the fall, having the latest WGA will become
mandatory and if its not installed, Windows will give a 30 day
warning and when the 30 days is up and WGA isn’t installed, Windows
will stop working, so you might as well install WGA now.”

:shock:

Windows Genuine Advantage
Misperceptions about WGA
MSDN Blog

With all of the recent interest in WGA over the past month, I wanted to take a moment to clarify a few of the misperceptions out there and hopefully bring some clarity about what the program is intended to do.

Published Friday, June 30, 2006 11:41 PM by alexkoc

More here

Speak to us at Microsoft! » Windows Genuine Advantage Talkback » Feedback and Comments

©Microsoft Corporation

{ Comments on this entry are closed }

Microsoft Genuine Advantage Notifications

by certifiedbug on June 29, 2006

in Microsoft

The Register
MS fixes phone-home nagware
By Andrew Orlowski
Published Wednesday 28th June 2006

Microsoft has patched a controversial nagware update that “phoned home” every time Windows started. Redmond has also issued an advisory with instructions on how to remove the software.

Microsoft Help and Support
How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications
Article ID : 921914
Last Review : June 27, 2006
Revision : 1.2

SUMMARY

This article applies to the version of Microsoft Windows Genuine Advantage (WGA) Notifications that is distributed during the pilot program. For example, this version is included in the pre-release version that accompanies the Microsoft Software License Terms. To safely and easily uninstall the pilot version, you must install the general release version of WGA Notifications. If you do not install this version, you can follow the steps in this article to disable or uninstall the pilot version.

Important These instructions have not been tested on the general release version of the WGA Notifications. Therefore, these instructions are not supported. Microsoft will offer the general release version of WGA Notifications to users who uninstall the pilot version at a later date. These users will obtain the general release version through the Microsoft Automatic Update service. WGA Notifications is part of the Windows Genuine Advantage program.

When you use a non-genuine version of Windows, you receive a message when you log on that states that the copy of Windows appears to be non-genuine. Then, you are directed to the WGA Web site to learn more. If you do not want to obtain a genuine copy of Windows, you receive periodic messages that notify you that the copy of Windows appears to be non-genuine.

Note If you are running a genuine copy of Windows and want to use WGA Notifications, you may receive messages to update Windows XP.

Regardless of genuine status, users are not denied access to critical updates. However, users who have not validated their computers as genuine are not able to install other updates such as those for Microsoft Internet Explorer 7.0 and Microsoft Windows Defender.

More here

{ Comments on this entry are closed }

UK Malware Distribution Site

by certifiedbug on June 28, 2006

in Internet Security

Arbor Networks Security Blog
Long Lived Malware Distribution Sites
by Jose Nazario
Posted on Thursday, June 22nd, 2006

In my malware investigations, I’ve repeatedly seen a UK-based host, so I began to dig deeper. I don’t have the time to dig this deep into every site, so it really has to be something that gets my attention to warrant such a distraction. In this case, it was seeing repeated downloads of files from one directory.

If you want to protect your users, consider blackhole’ing this malicious network: 217.73.64.0/20, belonging to AS16238.

Article

Other bloggers on this story:

Spyware Confidential
The perpetual malware distribution site lives on
Posted by Suzi Turner
June 23, 2006

In the course of my work, I see or hear about a lot of sites used for phishing and for distribution of malware. There are teams of people working constantly toward getting these shut down, but some just keep distributing malware even after the ISP/hosting company is notified.

Nellie2′s Blog
Malware distribution happening in the UK
Post in Security Related
24.06.06

I do feel that we should Stand Up and be Counted, and if we make enough noise to our respective governments then we will begin to make progress.

Bleeping Computer Security Blog
The malware site that keeps going and going…
Filed under malware, dialers
Added by: Bleeping Malware
June 27, 2006 at 4:23 pm

After reading an article written by Jose Nazario, a security expert for Arbor Networks about a particular long lived malware distribution site located on the 217.73.66.0 network I thought it would be interesting to document what this malware does when you install it. It should be noted that I do not have a modem installed, so the results will be different on a computer with one installed.

{ Comments on this entry are closed }

Spyware Fighter has new site

June 27, 2006

Webhelper 25 June 2006 Due to the June 2006 DDos attacks against webhelper4u.com along with the lack of security with my old hosting service, I have moved to a new hosting service that gives me the ability to fight against future DDos attacks. More here 26 June 2006 Webhelper DollarRevenue Main Menu Because of the [...]

Read the full article →

Claria stops spying?

June 27, 2006

Claria will stop displaying GAIN pop-up and other GAIN ads on July 1, 2006 and will stop supporting all GAIN Supported Software on October 1, 2006. After October 1, 2006, GAIN software may not function properly. Our software will continue to collect data about your web usage from your computer for research and other purposes [...]

Read the full article →

Spam Trojan bust

June 27, 2006

The Register ‘MOOP’ members cuffed in UK and Finland By Lester Haines Published Tuesday 27th June 2006 A Metropolitan Police statement reads: “This highly organised group are suspected of writing new computer viruses in order to avoid detection by anti-virus products. They have been primarily targeting UK businesses since at least 2005, and during this [...]

Read the full article →

Symantec is scaling down

June 27, 2006

The Register 80 jobs scrapped By Joe Fay Published Tuesday 27th June 2006 The vendor will stop designing and making the Symantec Security, Symantec Network Security 7100 and Advanced Manager 3.0 products. While it will continue to develop the software underpinning the devices, it is apparently hoping other companies will step forward and make the [...]

Read the full article →

PandaLabs warns. Browsezilla responds

June 27, 2006

pandasoftware Press Releases 6/23/2006. PandaLabs has discovered that Browsezilla, a fully functional Web browser available on several web pages, discreetly infects computers with the adware PicsPlace The malware installed by Browsezilla is used to periodically connect to web pages with adult content. The pages however, are not visible to the user, as the objective is [...]

Read the full article →

Windows XP SP1 and SP1a support ends October 10, 2006

June 18, 2006

Final customer notifications about the end of Windows XP SP1 and SP1a support Support for Microsoft Windows XP Service Pack 1 (SP1) and Service Pack 1a (SP1a) ends on October 10, 2006. Microsoft will end support on this date. This also includes security updates for these service packs. Microsoft is providing final notifications to customers [...]

Read the full article →

← Previous Entries