Consumer Security on the web, information to assist you in practicing safe computing

The malware harvests web passwords and logins which it forwards to a domain in Russia.

It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively.

It filters the URLs within the Mozilla Firefox browser and whenever encounter the following addresses opened in the Firefox browser it captures the login credentials.

List here.

When it runs on a PC, it registers itself in Firefox’s system files as “Greasemonkey,” a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.

Jeremy Kirk (IDG News Service) report: NetWorkWorld

{ 0 comments }

Scheduled December bulletin release day, Tuesday, Dec. 9, 2008.

The Microsoft Security Response Center (MSRC)

Preliminary information, subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release eight security bulletins:

• Six Microsoft Security Bulletins rated as Critical and two rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

The December edition of the monthly security bulletin webcast will be held on Wednesday, Dec. 10, 2008 at 11 a.m., Pacific Standard Time.

Register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374647&Culture=en-US

{ 0 comments }

According to researchers Pushdo is the main source of worldwide spam in the absence of the Srizbi and Rustock botnets.
http://blog.fireeye.com/research/2008/12/kill-pushdo-to-kill-spam.html

Marshal Trace statistics for Week ending November 30, 2008.


Graphs Copyright © 2007 Marshal Limited.

{ 0 comments }

http://directi.com/estbulktransfer/

As a result of the EstDomains de-accreditation by ICANN, Directi will be taking over EstDomains’ Registrar operations. ResellerClub, Directi’s Reseller arm, will be managing EstDomains’ Domains and Digital Certificates henceforth. ResellerClub and EstDomains Inc use LogicBoxes’s Registrar Automation platform, OrderBox, which will make the entire migration process a smooth one.

Certifiedbug: http://certifiedbug.com/blog/tag/botnet/

{ 0 comments }

What’s with people trampling a person to death so they can get their hands on a bargain?

Shame on you.

Suddenly, witnesses and the police said, the doors shattered, and the shrieking mob surged through in a blind rush for holiday bargains. One worker, Jdimytai Damour, 34, was thrown back onto the black linoleum tiles and trampled in the stampede that streamed over and around him. Others who had stood alongside Mr. Damour trying to hold the doors were also hurled back and run over, witnesses said.

The New York Times.
http://www.nytimes.com/2008/11/29/business/29walmart.html

{ 0 comments }

Jeremy at sudosecure.
Ecatel’s harboring of SpamBots and Malware causes BGP Peers to stop peering with them.

Atrivo, McColo and now Ecatel by Rune.

Topic at WebHosting Talk,

Originally Posted by Ecatel.

We want to announce too:

ANYTHING

- related to SPAM
- related to MALWARE
- related to PHISING
- related to BOTNETS
- related to FRAUD
- related to CHILDPORN

in our network is NOT allowed. If we receive one complain regarding this cases we nullroute ip addresses immediately.

http://www.webhostingtalk.com/showthread.php?t=739238&page=9

A day would be nice without spam from Amsterdam.

The Spamhaus project SBL Advisory.

ECATEL-AS AS29073, Ecatel Network

{ 0 comments }

Also named virusremover2008.

From the EULA.

Lack of viruses? You mean aside from what they install or the fake scan results.

As to “uninstalling products”, the mind boggles. Legitimate security programs that detect this rogue?

32 infections on a clean machine, uh huh…
“Virusremover2008 may have detected programs that may compromise your privacy or damage your computer”. Got a bridge in the desert to sell.

Wake up Site Advisor!

Firefox Alert.

http://www.stopbadware.org/reports/container?reportident=1487644

{ 0 comments }

A cyber gunfight at high noon played across International lines.

According to The Register, Estonia has moved swiftly to shut down the servers hosting Srizbi, effectively cutting off the botnet’s connection to the outside world, other than a single server located in Frankfurt, Germany.

Srizbi spam botnet in failed resurrection

Certifiedbug, November 26, 2008. Srizbi spam botnet resurrected, in time for the holidays

{ 0 comments }

Two articles of note:
Brian Krebs at The Washington Post: Spam Volumes Expected to Rise with Botnet Resurrection.

Atif Mushtaq and Alex Lanstein at FireEye: Srizbi control regained by original owner

The new Command and Control servers are located in Estonia, and the domains registered through a registrar in Russia.

I have already noticed an increase over the past 24 hours.

Update, Washington Post.
Srizbi Botnet Re-Emerges Despite Security Firm’s Efforts

{ 0 comments }