October 2008

Microsoft releases an updated version of the Windows Malicious Software Removal Tool on the second Tuesday of each month, and as needed in response to security threats.

The free tool searches for specific infections and is available through Microsoft Update, Windows Update and the Microsoft Download Center. Operating systems covered are Windows Vista, Windows XP, Windows 2000, and Windows Server 2003.

KB890830 64 bit version for Vista x64, Windows XP x64 and Windows 2003 x64 computers.

“Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment”.
http://support.microsoft.com/kb/891716

MSRT is not a replacement for an anti-virus program, make sure you have one installed.

Microsoft® Malware Protection Center article by Oleg Petrovsky, Uprooting Win32/Rustock

Edit:
How to troubleshoot an error when you run the Microsoft Windows Malicious Software Removal Tool
http://support.microsoft.com/kb/891717

Rustock is a challenge to remove, if you experience difficulties try running MSRT in ‘Safe Mode’.

How to Start Vista in Safe Mode
Windowshelp-Microsoft

A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/kb/315222

{ 0 comments }

Someone thought it funny to put up a site called downloadmalware.com and offer a malware download. “I’m pretty sure it’s harmless”, he said.

The .exe was a malicious infection as pointed out by Alex at the Sunbelt Blog: A sick joke

Site Advisor, reviewer comments: http://www.siteadvisor.com/sites/downloadmalware.com/postid?p=1160990

IP Blocklist for Outpost Firewall. Calender Of Updates. (COU)

hpHosts. http://www.hosts-file.net/?s=Download&f=Partial

http://www.mywot.com/en/scorecard/downloadmalware.com

Update
Google cache.

Oh boo, I ended up finding out thanks to The Sunbelt Blog that the malware I was handing out on downloadmalware.com was actually a quite harmful vondu …
www.lifeofahuman.com/ -

http://maru.lunarmania.com/suspended.page/

Visitors, we are sorry, however, this site is experiencing difficulties at this time. Please return later.

{ 0 comments }

IE Blog.

Design criteria such as standard compliance, performance, reliability and security framed the design of IE8 as whole, for new as well as existing features. As a result, CSS expressions are no longer supported in IE8 standards mode. This change was announced previously on the IE blog, however, this post will provide a few more details about that decision. The following FAQ will give a quick overview of the feature, the rationale behind our design decision and what it may mean for your own site.

http://blogs.msdn.com/ie/archive/2008/10/16/ending-expressions.aspx

{ 0 comments }

Judy Devenow pleaded guilty to fraud and conspiracy charges Tuesday in federal court in Michigan, admitting she had sent millions of spam e-mails a day helping spam kingpin Alan Ralsky.

Devenow said she was paid US$150,000 to send e-mail and manage others from January 2004 through September 2005. She, Ralsky and nine other people were charged in January 2008. Thomas Dukes, who specializes in computer crimes at the U.S. Justice Department in Washington DC, is quoted as saying that Ralsky sent tens of millions of e-mails over a 20-month period - and that’s a “conservative number,” Dukes told the judge. We agree; Spamhaus regularly sees spammers like Ralsky and his gang sending tens of millions of spam e-mails each day. They use innocent people’s virus infected PCs to do this and also forge the addresses of innocent people onto the spam’s “From:” line (”spoofing”) causing untold damage and costs.

Spamhaus

{ 0 comments }

Adobe Product Security Incident Response Team (PSIRT)

Flash Player 10 addresses Flash Player-specific aspects of the overall clickjacking issue that has been making news recently, and also includes a mitigation for recent clipboard attacks as well as other security enhancements.

Adobe will be providing an update to Flash Player 9 for customers who cannot upgrade to Flash Player 10 in early November.

Vulnerability identifier: APSB08-18, categorized as a critical update.
Flash Player update available to address security vulnerabilities

If you use multiple browsers, verify the Adobe Flash Player version number for each browser you have installed on your system.

http://www.adobe.com/products/flash/about/

{ 0 comments }

On the heels of a Congressional crackdown on Charter Communications and its Web tracking partner NebuAd, behavioral advertising firm Adzilla has reportedly quit the US market following the resignation of chief executive Toby Gabriner.

Gabriner, who was named CEO at Adzilla earlier this year, told the New York Times,

“It’s not like I didn’t know that privacy was a potential third rail,” he said. “None of us saw that it would become this much of an issue this quickly.”

Adzilla’s website.

UK Parliamentary question regarding Phorm, a targeted advertisement service formerly known as 121Media.

{ 0 comments }

Fly the friendly skies.

Pythias Brown, 48, of Maplewood, New Jersey, regularly sold the high-priced video cameras, laptop computers, and global positioning systems on eBay using the handle “alirla”, according to a criminal complaint filed in federal court in Newark. Brown told investigators he began stealing the items in September 2007 while screening luggage at Newark Liberty International Airport.

http://www.theregister.co.uk/2008/10/14/tsa_screener_theft/

It’s not the first time baggage screeners/handlers have been busted for stealing from passengers.

New York Times. August 12, 2004.
4 Baggage Screeners Arrested; TV Stars Were Among Victims

[PDF] Press Release December 7, 2007.
Jacksonville Airport Baggage Screener and Three Baggage Handlers Arrested for Thefts

Jan. 21, 2003.

With the signing of the act, airport security came under direct federal responsibility for the first time in airline history. Strict new requirements have been adopted to screen checked baggage. At airports, a new security force of federally-employed managers, supervisors, law enforcement officers and screeners is posted to check passengers and carry-on bags. TSA hired 23,000 baggage screeners and 33,000 passenger screeners to help shoulder the load.

http://www.cdi.org/terrorism/tsa-pr.cfm

{ 0 comments }

A U.S. district court has ordered a halt to the operations of a vast international spam network that peddled prescription drugs and bogus male-enhancement products. The network has been identified as the largest “spam gang” in the world by the anti-spam organization Spamhaus. The Federal Trade Commission has received more than three million complaints about spam messages connected to this operation, and estimates that it may be responsible for sending billions of illegal spam messages. At the request of the FTC, the court has issued a temporary injunction prohibiting defendants from spamming and making false product claims, and has frozen the defendants’ assets to preserve them for consumer redress pending trial. Authorities in New Zealand also have taken legal action, working in tandem with the FTC.

According to papers filed with the court, the defendants deceptively marketed a variety of products through spam messages, including a male-enhancement pill, prescription drugs, and a weight-loss pill.

The defendants include two individuals – Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith of Texas – and four companies they control: Inet Ventures Pty Ltd., Tango Pay Inc., Click Fusion Inc., and TwoBucks Trading Limited. The FTC’s complaint alleges that both Atkinson and Smith are liable for the spamming. It holds Lance Atkinson responsible for all product claims, and Smith liable for claims made for the pharmaceutical products. In June 2005, the FTC obtained a $2.2 million judgment against Atkinson and another business partner for running a similar spam affiliate program that marketed herbal products.

News Release: http://www.ftc.gov/opa/2008/10/herbalkings.shtm

Civil Action No. 08-CV-5666
FTC File No. 072 3085

Complaint for Injunctive and Other Equitable Relief
http://www.ftc.gov/os/caselist/0723085/081014atkinsoncmpt.pdf

Memorandum Supporting Plaintiff’s ex parte Motion for a Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsonmemo.pdf
Interesting read. Snippet:

SanCa$hSupport i guess so… they’ll never find you
sancashl well they bought me up, but nothing linked to me, most i do is provide services for spammers

O what a tangled web we weave when first we practise to deceive.
(Sir Walter Scott. Marmion, Canto VI, Stanza 17)

Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsontro.pdf

Certifiedbug: March 30, 2007.
Fake pharmaceuticals on-line, buyer beware

{ 0 comments }

Email spoofing basically is when someone forges the header information making the email appear to have originated from somewhere other than the real source.

One such spoof is doing the rounds falsely claiming to be from Steve Lipner at Microsoft urging recipients to install an attached update.

The email is not from Microsoft, the malicious attachment contains Backdoor:Win32/Haxdoor, and of course you should not open it.

The Microsoft Security Response Center (MSRC)

First and foremost, we never, ever, ever send attachments with our security notification e-mails. And, as a matter of company policy, Microsoft will never send you an executable attachment. If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof. You can think of our security notification e-mails as a notification for you to go the security bulletin to get the updates from the link in the bulletin to the Microsoft Download Center http://www.microsoft.com/downloads. You should always get our security updates from the links in the bulletins or through our deployment tools such as Microsoft Update or Windows Update, Windows Software Update Services (WSUS) or Systems Center Configuration Manager.

Article: Microsoft Security E-mail Spoofs with Malware

{ 0 comments }