by certifiedbug on February 8, 2008
in Rogue
VirusHeat. Can’t say it enough, Rogue!
VirusHeat is installed on your computer when you download and install a Trojan masquerading as a video or audio codec required to view a movie on the Internet. These fake codecs are know as Zlob Trojans. Once you install these programs, though, they install VirusHeat onto your computer along with other malware without your permission.
When the Zlob Trojan is installed, it automatically downloads and installs VirusHeat onto your computer. It will then configure your computer to automatically start another Trojan that displays fake security alerts in your taskbar that states you are infected or have some other security problem on your computer. When you click these alerts, VirusHeat automatically opens and scans your computer. This scan will not only display fake and exaggerated results, but will also find the Trojan that installed it in the first place. The scam, though, is that in order to remove anything you must first pay for the commercial version of this software. It goes without saying that by no means should you purchase this scamware.
How to remove VirusHeat (Removal Instructions)
http://www.bleepingcomputer.com/forums/topic130080.html
Scheduled February bulletin release day, Tuesday, February 12, 2008.
The Microsoft Security Response Center (MSRC)
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of our regularly scheduled bulletin release, we’re currently planning to release:
- Twelve Microsoft Security Bulletins– seven Critical and five Important. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
Finally, we are planning to release seven high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as two high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS).
TechNet Advance Notification
by certifiedbug on February 7, 2008
in Browser
Please update as soon as possible.
Fixed in Firefox 2.0.0.12
MFSA 2008-11 Web forgery overwrite with div overlay
Low
MFSA 2008-10 URL token stealing via stylesheet redirect
Low
MFSA 2008-09 Mishandling of locally-saved plain text files
Low
MFSA 2008-08 File action dialog tampering
Moderate
MFSA 2008-06 Web browsing history and forward navigation stealing
Critical
MFSA 2008-05 Directory traversal via chrome: URI
High
MFSA 2008-04 Stored password corruption
Moderate
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
Critical
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
High
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
Critical
Download from Mozilla
Or use browser, Help > Check For Updates.
by certifiedbug on February 6, 2008
in Security
Adobe Reader 8.1.2 Release Notes
The absence of a bulletin with details and severity ratings has raised eyebrows in the security research community.
The patch, included in Adobe Reader 8.1.2, plugs at least one known critical issue that allows rigged PDF files to be used in code execution attacks, says Kostya Kortchinsky, a vulnerability researcher at Immunity.
eWeek
US-CERT reports a fake Microsoft Update web site which contains an “Urgent Install” button that, when clicked, attempts to download and install malware.
The web site is using fast flux DNS which allows bot nets to use a multitude of servers to hide a key host; meaning that in order to disable it, countless hosts would have to be taken down.
by certifiedbug on February 4, 2008
in Rogue
I saw this article over at NetWorkWorld dated 01/31/08. Google blog used to spread malware
A Google-hosted blog is running phony security content that’s linked to malware, as well as using Google’s automated notification service to try to entice subscribers to click on an infected link, says one security expert.
“This is the first time we’ve seen something like this,” Elzam says. “If you get a message from a Google alert, you might think this is a service you can trust. But it’s directing you to a rogue site with fake security software.
This stuff is not new, but it is getting worse. A few days ago one of my alerts for Google Blogs provided a link which opened to a graphic pOrn page complete with videos, ‘click this to play’. Shortcut to infection via codecs, don’t ever click that junk.
I was watching for blogs containing the word of an outfit not usually associated with pOrn.
Fellow MVP TeMerc has been tracking Malware dispensing Google Blogs for some time:
More Blogspot Malware
Google Blogger Blogs Carry WinAntiVirus Ads
Announcement at the Windows Vista Team Blog
Here’s the timing for SP1 availability for current Windows Vista users:
- In mid-March, we will release Windows Vista SP1 to Windows Update (in English, French, Spanish, German and Japanese) and to the download center on microsoft.com. Customers who visit Windows Update can choose to install Service Pack 1. If Windows Update determines that the system has one of the drivers we know to be problematic, then Windows Update will not offer SP1. Since we know that some customers may want to update to SP1 anyhow, the download center will allow anyone who wants to install SP1 to do so.
- In mid-April, we will begin delivering Windows Vista SP1 to Windows Vista customers who have chosen to have updates downloaded automatically. That said, any system that Windows Update determines has a driver known to not update successfully will not get SP1 automatically. As updates for these drivers become available, they will be installed automatically by Windows Update, which will unblock these systems from getting Service Pack 1. The result is that more and more systems will automatically get SP1, but only when we are confident they will have a good experience.
- The remaining languages will RTM in April.
by certifiedbug on February 2, 2008
in Security
I have been a bit busy, bashing Malware and all that.
Couple of interesting items.
EPIC complaint (PDF) filed January 19, 2008 with the FTC against ASK regarding their product ‘AskEraser.’
The Anti-Spyware Coalition (ASC) meeting held in Washington DC has convened. Many well known anti-spyware experts attended, including a fellow forum friend of mine. Go CJ.
Please see:
Spyware: What’s Worked, What’s Left, and What’s Coming.
PressPass
REDMOND, Wash. — Feb. 1, 2008 — Microsoft Corp. (NASDAQ:MSFT) today announced that it has made a proposal to the Yahoo! Inc. (NASDAQ:YHOO) Board of Directors to acquire all the outstanding shares of Yahoo! common stock for per share consideration of $31 representing a total equity value of approximately $44.6 billion. Microsoft’s proposal would allow the Yahoo! shareholders to elect to receive cash or a fixed number of shares of Microsoft common stock, with the total consideration payable to Yahoo! shareholders consisting of one-half cash and one-half Microsoft common stock. The offer represents a 62 percent premium above the closing price of Yahoo! common stock on Jan. 31, 2008.
Update: Sunday, May 4, 2008
Microsoft yanks Yahoo bid
Microsoft chief Steve Ballmer may get second bite at Yahoo!
by certifiedbug on February 1, 2008
in Security
RealPlayer by RealNetworks is a popular alternative to Apple’s QuickTime and Windows Media Player.
StopBadware
We find that RealPlayer 10.5 is badware because it fails to accurately and completely disclose the fact that it installs advertising software on the user’s computer. We additionally find that RealPlayer 11 is badware because it does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled.
We currently recommend that users do not install the versions of RealPlayer that we tested, unless the user is comfortable with the software behaviors we identify or until the application is updated to be consistent with the recommendations in this report.
This alert represents StopBadware’s findings during our initial testing period. Additional badware behaviors that were not initially detected may exist in the application.
Announcement
http://www.stopbadware.org/pdfs/realplayer_press_release.pdf
Expect to see further developments.
