May 2007

PC Tools spokeswoman Magida Ezzat:

We believe the proceedings are an attempt by Zango to influence our
reclassification process. Prior to the lawsuit we were well into an
in-depth review and reclassification of the latest versions of Zango
products; Seekmo Search Assistant, Zango Search Assistant and Hotbar
products which were released after the FTC ruling against Zango. These
new versions received a new classification of “Potentially Unwanted
Products” and are to be updated in the Spyware Doctor database in the
next few days.

We advised Zango of this imminent re-rating and we believe they have
chosen to lodge these proceedings as a way to gain media attention of
the review. PC Tools has a stringent review and classification process
and will not be influenced or pressured into compromising this process
regardless of the threat of legal proceedings. Zango’s older products,
including 180 Solutions Search Assistant, will remain unchanged at their
higher threat levels and should Zango’s newly reclassified products
revert to previous behaviors PC Tools will not hesitate to reclassify
them to a higher level if justified.

PC Tools believes the proceedings are without merit and will vigorously
defend them.

Source: CSO

The Complaint. PDF

More coverage:
Sunbelt Blog Alex Eckelberry,

Both Eric Howes and I loaded the PC Tools Started Edition last night and found no such evidence that Zango is deleted without specific warning.

We have offered PC Tools any forensic documentation or assistance they may need in their efforts to defend themselves.

{ 0 comments }

An update to Symantec’s anti-virus software Friday, crippled thousands of Chinese Users PCs when it mistook two critical Windows .dll files for malware.

Chinese Internet Security Response Team (C.I.S.R.T.) Article

It’s a terrible day for lots of Chinese users (especially Enterprise Users) who use Norton products today. Since this morning, we have received many reports from lots of users. They meet the same problem that Norton detects two system files “netapi32.dll” and “lsasrv.dll” as Backdoor.Haxdoor when they finish upgrading their database to May.17,2007 , and these two files will be deleted. After reboot, the operate system will be loaded into blue screen, and display the following windows file protection message box:

Computerworld

In an e-mailed statement, Symantec acknowledged the signature update bug and said it re-released a new update late Thursday, U.S. time. The Cupertino, Calif.-based security vendor also said that only Simplified Chinese versions of Windows XP SP2 that have been patched with a Microsoft fix from November 2006 were impacted.

Computerworld May 18, 2007.

Adware Zango sues maker of antispyware tool.

The Spyware Doctor Starter Edition that ships with Google Pack assigns Zango an “elevated” threat-level rating.

Formerly known as 180solutions Inc., Zango is trying to clean up its tarnished reputation. In November it paid $3 million to settle Federal Trade Commission charges that its software was being installed deceptively on PCs.

Story

Norwich Bulletin

Originally scheduled for Friday in Norwich Superior Court, sentencing is now set for June 6 in New London Superior Court. It is unclear at this time at who requested the postponement.

{ 0 comments }

ANS changes:
As you know, the Thursday before Tuesday’s normal security update release, we send out an advanced notification letting you know what platforms are going to be impacted by the security updates and the maximum severity rating. The information is currently grouped and rolled up by platform (Windows, Office, etc.). This was implemented based on customer feedback that more time and information was needed to plan for testing and deployment. We’ve received positive feedback on the ANS, but customers have also told us that additional information would be even more helpful. Based on that, we are incorporating additional detail about the upcoming security updates. We plan to implement this change with June’s ANS release on Thursday, June 7.

Security Bulletin Design Changes:
We’ve also spent a lot of time talking to customers about the layout of our security bulletins and how we can improve them. Customers very clearly pointed out that they were satisfied with the level of technical detail in the bulletins but needed to be able to more quickly determine the severity of the bulletin and its applicability to their environment. With that in mind, we set out to accomplish the following goals:

• Move all applicable decision making information to the top of the page

• Create a table of affected products (instead of a list) with links to the download location of the updates

• Change the section titles to be more representative of the content under them

• Re-arrange content to areas that make them more intuitive to find

• Reduce some of the repetitive content in the bulletin

Rather than try to fully describe the changes to the bulletin format, we have provided a sample of an actual bulletin (MS07-016 Cumulative Security Update for Internet Explorer (928090)) for you to preview:
http://www.microsoft.com/technet/security/Bulletin/ms07-jun.mspx

Microsoft Security Response Center (MSRC)

| http://removalspyware.info | IP: 65.99.221.194

Colo4Dallas LP COLO4-BLK5 (NET-65-99-192-0-1)
65.99.192.0 - 65.99.255.255
Select Solutions, LLC COLO4-SELECT-082106-01 (NET-65-99-221-0-1)
65.99.221.0 - 65.99.221.255

{ 0 comments }

Normally I don’t bother to go through all the spams received on this blog before deletion, however today one Spam caught my eye: “download free removal spybot spyware | http://removalspyware.info |” because I have seen it advertised a lot via Google Ads.

http://www.removalspyware.info/content/Detecting_Spyware_on_your_computer.php

Which lists: spywareremoversreviewed.com and Spyware Remover 2006: Free Scan! 5 Star AntiSpyware - Recommended SpywareBot.com

Spyware Warrior Blog 2004:
http://netrn.net/spywareblog/archives/2004/09/12/beware-of-spyware-removal-software-sites/

There seems to be an ever-growing list of websites offereing reviews of spyware removal products. A Google search for “spyware removal” brings up a number of paid ads for such sites.

This site: http://www.spywareremoversreview.com has this disclaimer at the bottom of the page which says:

This site provides the comparisons as a service to the Internet community. We do not endorse any of the companies, products, or services mentioned. Each product or service is the trademark of their respective company. All information is provided as opinions only.

Zoom to 2007 and sounding familiar….

spywareremoversreviewed.com

This site provides the comparisons as a service to the Internet community. We do not
endorse any of the companies, products, or services mentioned. Each product or service
is the trademark of their respective company. All information is provided as opinions only.
Copyright © 2007 SpywareRemoversReviewed.com. All rights reserved.

http://www.spywarewarrior.com/rogue_anti-spyware.htm#notes

CompareSpywareRemovers.com
CompareSpywareRemoval.com
SpywareRemoverComparisons.com
SpywareRemoversReview.com pushes rogue/suspect products

I have seen Google ads pushing Rogues on more than one security site/blog, which is disappointing.

For instance, ads for spywarebot, which is on the Rogue List for exploiting the name of Spybot-Search & Destroy.

http://www.spywarewarrior.com/rogue_anti-spyware.htm#notes

SpywareBot spywarebot.com exploits name “Spybot Search & Destroy” exploits name “Spybot Search & Destroy”; same app as AdwareAlert [A: 5-14-06 / U: 1-9-07]

As Bill Pytlovany blogged at “Bits from Bill”:

AntiSpyware Advertising Gets Nasty

I’m pretty confident, both Spywarebot ads are from the same company who have a couple dozen AntiSpyware products available under different names and domains. Neither are related to the popular “Spybot, Search and Destroy” program.

{ 0 comments }

The Live Team have begun rolling out an upgrade from MSN Hotmail to Windows Live Hotmail at www.hotmail.com.

New user accounts will be created as Windows Live Hotmail accounts; existing MSN Hotmail users will be able to upgrade their accounts to Windows Live Hotmail by clicking the green Join Windows Live Hotmail button in their accounts after logging in.

There is also a new, free email client called Windows Live Mail, which is a Web-based alternative to Windows Mail, which is included in Windows Vista by default.

More at the Vista Team Blog

Symantec reports a Trojan they have named Trojan.Kardphisher. They have not yet given details on how the trojan is being distributed.

If the Trojan is installed, once you restart your PC, this window appears:

Looks legitimate but it isn’t, it is the creation of a malware maker aimed at getting your credit card information.

Microsoft does NOT request credit card information for WGA activation.

Two choices appear, Yes or No. Task Manager or any other application cannot be run. If you choose No your PC will be shut down. If you choose Yes you will see this image:

Keep your anti-virus and other security programs up to date and run regular scans.