by certifiedbug on December 31, 2007
in Security
Ben Edelman, anti-spyware researcher and Harvard Business School Assistant Professor.
Late last month, Benjamin Googins (a senior researcher in the Anti-Spyware unit at Computer Associates) critiqued a ComScore installation performed by Sears’ “Sears Holdings Community” (”My SHC Community” or “SHC”). After reviewing the installation sequence, Ben concluded that the installation offered “very little mention of software or tracking” and otherwise fell short of CA and industry standards. I agree.
I write today to add my own critique. I begin by presenting the entire installation sequence in screenshots and video. I then explain why the limited notice provided falls far short of the standards the FTC has established. Finally, I show that Sears’ claims of adequate notice are demonstrably false.
Article and video: The Sears “Community” Installation of ComScore
by certifiedbug on December 31, 2007
in Security
Storm is evolving into a very complex beast.
From rbnexploit.blogspot
Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff.
There are some interesting elements concerning which make this attack innovative:
# Although much of that detected is conventional spam, however there is also a large amount of spam which is getting through many anti-spam defenses due to the use of “fake” BlogSpot (Blogger) links
# Although most have identified as the Zhelatin Storm email worm or variant, it is also as the more recent fake codec downloads, dependent upon where the unfortunate user has come from. This now shows a “polymorphic” format, i.e. the virus or exploit has the ability to alter its signature in an attempt to combat anti-virus tools.
RBN – New and Improved Storm Botnet for 2008
Source: Harry Waldron
Intertwined. Malware on Google Blogspot
Users are getting infected every day with no interaction required.
Unlike some of these Zlob\Codec sites where users are duped into
downloading something. Or the current run of Storm variants being
pushed via Blogspot for that matter.
If you have the misfortune to be infected, I suggest you seek help at one of the sites listed in the right side column under “Security Forums”.
by certifiedbug on December 29, 2007
in Security
With more frequency I see content scrapers subscribe to security orientated blog feeds, simply to draw traffic to their own pages which link to Rogue anti-spyware programs.
FeedEntryHeader is a useful WordPress plugin, allowing you to add a copyright statement with a link to the original article, at the top of your feed entries.
by certifiedbug on December 29, 2007
in Security
Storm mutates yet again.
Do not click on the links or attachments you may receive. These particular ones are so clearly spam don’t be tempted to play chicken.
I am hammering it home as many will fall victim, especially during this holiday season with people receiving new computers for Christmas.
I tested this in a virtual machine:
Microsoft added detection of the Storm family of malware to the September build of its Malicious Software Removal Tool (MSRT) which is released as part of the monthly security update cycle. I recommend downloading and running each month’s updated version along with your other Microsoft updates.
However MSRT is released but once a month, please keep all your security software up to date.
by certifiedbug on December 28, 2007
in Rogue
Yet another fake to be aware of.
MalwareCrush is a rogue anti-spyware program that uses aggressive advertising and is installed onto your computer through the use of Trojans and other malware. This software is typically installed on your computer when you download programs masquerading as a video codecs required to view a video on a web page. In reality, though, when you install these Trojans, they will instead show fake security alerts in your Windows taskbar and install MalwareCrush onto your computer without your consent.
Once MalwareCrush is installed, it will automatically start and scan your computer. When the scan is finished it will have found the malware that actually installed it in the first place, but will require you to purchase the software before you can attempt to remove it. This is obviously a scam and you should not purchase the software under any circumstances.
How to remove MalwareCrush (Removal Instructions).
http://www.bleepingcomputer.com/forums/topic123050.html
by certifiedbug on December 26, 2007
in Security
With the New Year at hand, malicious email is on the rise.
You may receive something similar to this:
It’s the new Year
Joyous new year
Containing a link that obviously one should not click to open.
Which during two separate downloads, was detected as delivering TR/Rootkit.Gen, TR/Renos.31288.28
Kaspersky Lab flagged Windows Explorer as infected with a low-risk virus, Huhk-C. (12.19.2007)
Kaspersky quickly released an update and advice on how to recover legitimate system and application files from quarantine.
However that won’t help users who set their software to automatically delete infected files.
Kaspersky Lab Forum
Kaspersky is a good program and one I recommend, however the lesson being, think twice before setting any security program to auto delete.
Way back when, I actually paid for a browser from a McAfee afflicate.
McAfee promptly deleted it as a worm, denied it and then under pressure confessed and offered me a new download, which I declined, but lesson learnt.
By Jan Libbenga. channelregister
It is the first time OPTA has imposed fines for spreading malicious Trojans, and has been called “one of the biggest cases of illegal software crime”, by the regulator.
In 2005, the two unnamed businessmen distributed software called DollarRevenue among millions of internet users. Approximately 450 million software files were installed on 22 million computers in the Netherlands and abroad.
by certifiedbug on December 17, 2007
in Security
Another pre-checked ‘Opt In by default’ toolbar, this time ZoneAlarm takes the cake.
The Toolbar uses the AskJeeves/Ask.com search engine.
Previously:
After Alex Eckelberry wrote about this on the Sunbelt Blog, he received some interesting feedback in the comments section. That topic was regarding Spy Sweeper’s pre-checked Ask toolbar.
Another security company succumbs to temptation
How many will just install and click away, I imagine that is exactly what these companies want you to do.
Cash register… ca-chink.
As you know, Office 2007 SP1 was released yesterday to Microsoft Update, and to WSUS as part of the Tues, Dec 11th release.
As planned, Office 2007 SP1 was not pushed via Automatic Updates. There has been some confusion where Windows Vista customers are seeing Office 2007 SP1 listed as available with an option to install in their Windows Update control panel applet.
Technet: Office 2007 SP1 Update Availability
Error message when you try to upgrade 2007 Office programs, Expression Web or Windows SharePoint Services 3.0 to the Service Pack 1 level.
SYMPTOMS
You try to upgrade 2007 Office programs, Expression Web or Windows SharePoint Services 3.0 to the Service Pack 1 level on a computer that has insufficient free disk space on the Windows system drive. In this scenario, the upgrade fails, and you receive the following error message: The installation of this package failed.
Please see KB: 943589
