by certifiedbug on June 11, 2008
in Security
Brian Krebs reports for the Washinton Post.
Malware Silently Alters Wireless Router Settings
Philip Sloss, a software engineer for myNetwatchman.com, said he first observed the activity while examining a Zlob variant distributed on May 22. The DNS hijack occurs, he said, during the installer program, so by the time the user sees the fake codec installer screen, the malware has already attempted to change DNS settings on the victim’s router.
I reached out to researchers at Sunbelt Software to check Sloss’s data, and Sunbelt was able to confirm that the malware successfully changed the DNS settings on a Linksys router (model BEFSX41), pulled straight out of the factory box (with the default username and password). Another test showed that the Zlob variant successfully changed the DNS settings on a Buffalo router running the DD-WRT open source firmware.
Sunbelt also found that if there are multiple machines using the same router, all of the systems connected to that router will have their traffic hijacked.
Article
by certifiedbug on June 11, 2008
in News
Bill aimed at small-biz cybersecurity
By Mary Mosquera
FCW.com
June 10, 2008
Lawmakers have introduced legislation to help protect small businesses from computer hackers and information security breaches.
On June 9, Sens. John Kerry (D-Mass.) and Olympia Snowe (R-Maine) joined Reps. Michael Michaud (D-Maine) and Donald Manzullo (R-Ill.) in introducing versions of the Small Business Information Security Act of 2008 in both houses of Congress.
The measures would create a Small Business Information Security Task Force at the Small Business Administration. The task force’s goal would be to help small firms understand and effectively respond to information security vulnerabilities, said Nick Christiansen, a spokesman for the Senate Small Business and Entrepreneurship Committee.
http://www.fcw.com/online/news/152790-1.html
by certifiedbug on June 11, 2008
in Rogue
The latest rogue installed through the Zlob Trojan.
How to remove AntiSpyCheck
If you have an infected computer and would feel more comfortable being assisted by a trained malware remover helper, please start a topic at one of the forums. Short but trusted list in the right hand column.
Certifiedbug: Fake Security Programs
by certifiedbug on June 10, 2008
in Microsoft
Microsoft released the following security bulletins today:
- MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) - Critical
- MS08-031 - Cumulative Security Update for Internet Explorer (950759) - Critical
- MS08-032 - Cumulative Security Update of ActiveX Kill Bits (950760) - Important
- MS08-033 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) - Critical
- MS08-034 - Vulnerability in WINS Could Allow Elevation of Privilege (948745) - Moderate
- MS08-035 - Vulnerability in Active Directory Could Allow Denial of Service (953235) - Moderate
- MS08-036 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) - Moderate
TechNet
Scheduled June bulletin release day, Tuesday, June 10, 2008
The Microsoft Security Response Center (MSRC)
Preliminary information, subject to change.
- Three Microsoft Security Bulletins rated Critical, three Important, and one Moderate. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
Finally, we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.
As always, we’ll be holding the June edition of the monthly security bulletin webcast on Wednesday, June 11, 2008 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well.
You can register for the webcast here:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032357225&Culture=en-US
TechNet
by certifiedbug on June 6, 2008
in Rogue
Sunbelt Blog, screenshots here
Anykindmp3 com advertises free music. Instead, what you’re going to get is a trojan downloader that installs Virusheat.
This is an extremely dangerous site, because it’s so innocuous, luring people in with “free MP3s”. Expect users to get infected by typing in various keywords to search engines.
Certifiedbug: VirusHeat Rogue antispyware program
Not yet tested at Site Advisor: http://www.siteadvisor.com/sites/anykindmp3.com/postid?p=936196
by certifiedbug on June 5, 2008
in Programs
From Patrick Kolla, developer of Spybot Search and Destroy.
Scanning a bit faster… first beta of 1.6 available!
Eight years ago, Spybot-S&D originally started off as a very fast anti-spyware scanner, detecting some 30 small things, and you could watch it finish in under a minute.
Today, a full scan applies more than 600,000 tests, and you can watch that number grow weekly on our update list. Handling such numbers obviously is quite a bit different, and while we’ve tried to adjust to that with each version, a full scan might still take half an hour currently. Since this was one big major complaint issue, we decided to integrate parts of the new file scanner designed for a future 2.0 release and optimized for modern malware fighting, and got you a major push in speed now - that same scan will now take five to six minutes only, being about five times as fast as 1.5 was!
If you want to enjoy that speed and know a bit about beta testing, head over to our beta forums and get the first beta! If you prefer to wait for a thorougly tested public release, we hope to get around to that quite soon.
Oh, and one more thing… there’s more up for 1.6: a second big issue we hear often will be addressed, so stay tuned!
More…
by certifiedbug on June 4, 2008
in News
According to a report released today by antivirus software vendor McAfee Inc.
The second annual McAfee “Mapping the Mal Web” report into the riskiest and safest places on the Web reveals that 19.2% of all Web sites ending in the “.hk” domain pose a security threat1 to Web users. China (.cn) is second this year with over 11%. By contrast, Finland (.fi) remains the safest online destination for the second year with 0.05%, followed by Japan (.jp).
Basing that on TLD seems flawed to me and when I see this;
The domain risk assessments come from the McAfee SiteAdvisor site rating database.
I think of this; xpsecuritycenter Rogue Security Program
Now available for download.
Official announcement: Windows Live Writer Technical Preview
And for developers: Windows Live Writer Technical Preview SDK
We’re calling this a Technical Preview release because the primary reason for it is to gather feedback on some enhancements to the SDK we’ve made. (The Tech Preview is available in English only, but don’t worry, the other languages will be back later in the release cycle.)
This preview contains new features and significant bug fixes.
There is a drawback in that I can’t incorporate two of my most frequently used WordPress plugins or this theme’s custom field.
Which means instead of publishing straight to blog I posted the draft to edit online.
One can make feature requests at the New Beta forum
Perhaps another small business victim of Walmart’s low prices in a small town.
Now there is nowhere to take the baby hamsters, the birds, buy crickets and fish; no animal store to receive one on one service with friendly banter and hear pet stories that make your day.
Just an ugly box in town with employees who seem to want to go home.
