May 2008

Flagged red at Site Advisor

Internet Storm Center 2008-04-29 Scripts in ASF files

Reported 2008 Apr 07 at Bit Defender as Trojan.Downloader.WMA.Wimad.N
Spreading: very low

Not any more. Helped along by P2P users, this one is now spreading fast. When a user attempts to load one of these MP3 and MPG files, which are fake and contain no media clips, they are directed to download a file named PLAY_MP3.exe.

McAfee May 6, 2008 Fake MP3s Running Rampant

Detection of a trojan named Downloader-UA.h was added to the McAfee DAT files several days ago. Since that time more than 360,000 McAfee VirusScan Online users have reported detections, a whopping 32% of those reporting in the past 24 hours alone. Now Downloader-UA.h is not your everyday trojan, this detection covers fake music and video files associated with fastmp3player.com.

Users say they have downloaded this .exe using P2P clients such as Limewire, now why would you want to do that eh?

.exe means executable, no stopping, no pass go.

{ 0 comments }

IEBlog

Windows XP SP3 contains some new updates, and a number of bug fixes and security improvements. You can learn more about XPSP3 features by reading the white paper located here. We expect XPSP3 will be publicly available shortly and want you to have this information prior to its final release to the web.

Internet Explorer 6 Users
Internet Explorer 7 Users
Internet Explorer 8 Beta 1 Users

Before upgrading to XPSP3 see the following.
IEBlog: IE and Windows XP Service Pack 3
Microsoft KB 950717: Steps to take before you install Windows XP Service Pack 3

{ 0 comments }

Despite the article at computerword.com April 22, 2008 reporting that Microsoft’s Malicious Software Removal Tool (MSRT) had made Storm pretty insignificant, the botnets appear to be preparing for another attack, which may target around Mother’s Day.

According to UploadMalware.com’s Malware Blog, one of their researchers has found indications of a new storm worm variant moving in.

At the time of this posting we have not had any reports of spam from the botnet using the 3 domains that were found in the research, but the files are definitely there and the domains are fast fluxing as per the normal method.

This does not diminish the impact that Microsoft’s Malicious Software Removal Tool (MSRT) has made on disinfecting users machines, less infected PCs means less infection gets spread around.

Storm however, is not done yet.

Storm Worm Morphs to only serve exploits

{ 0 comments }

Zango is in the news again.
The Register: Zango’s adware fox desperate to guard net henhouse

Last month, it asked the Ninth US Circuit Court of Appeals to reconsider a decision by a lower-court judge that held Kaspersky was immune from such lawsuits.

Sunbelt Blog:
Zango partnerships
Zango reacts to Sunbelt blog posts

PCMag: Must You Install Zango?

Ben Edelman commented at PCmag and Sunbelt:

Why do people continue to distrust Zango? Because Zango’s continued actions deserve distrust. Four specific examples:

1) Zango continues to run “fake user interface” ads that are disguised to look like Windows message boxes. Example. These ads continue to this day.

2) Zango continues to install its software without unavoidable, prominent disclosure of material terms. Example. Zango’s settlement with the FTC requires improved disclosure. To my surprise, Zango claims the FTC settlement doesn’t require such disclosure for “heritage Hotbar products”. But the FTC settlement’s plain language specifically applies to “any software program” Zango installs or downloads — offering no “Hotbar exception.” Quotes, citations, and further analysis.

3) Zango continues to defraud online advertisers, including by showing pop-ups that claim affiliate commissions Zango did nothing to earn. Last spring I wrote up a few examples. It’s easy to find many more. Indeed, my Automated Spyware Tester catches dozens of such examples per month.

4) Zango touts its video offerings, which include widespread videos infringing on copyrights held by others. Zango has no proper basis to hold these videos in its library, or to use them as bait to attract users to install Zango’s software.

This is all in the present, not the past. And these scams — fake user interfaces, ineffective installation disclosures that fall short of settlement obligations, defrauding advertisers, and infringing others’ copyrights — are good reasons for users to “distrust” Zango (or worse!)

Certifiedbug: Zango tags.

The beat goes on…..

{ 0 comments }