Updates and Alerts   4 comments

 10-06-14

Ccleaner  v4.18.4844 Available

Cleans all areas of your Computer

Internet ExplorerInternet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
FirefoxFirefox
Temporary files, history, cookies, download history, form history.
Google ChromeGoogle Chrome
Temporary files, history, cookies, download history, form history.
OperaOpera
Temporary files, history, cookies.
Apple SafariSafari
Temporary files, history, cookies, form history.
WindowsWindows
Recycle Bin, Recent Documents, Temporary files and Log files.

RegistryRegistry Cleaner
Advanced features to remove unused and old registry entries.

DOWNLOAD

Take the Tour

~~~~~~~~~~

Windows 10 Technical Preview is now available via the Windows Insider Program

Download Windows Technical Preview:

Follow these steps to download Technical Preview:

  • Sign up for the Windows Insider Program.

  • Read the system requirements.

  • Click one of the Download links on this page to download a special file—it’s called an ISO file—that you can use to install the preview.

  • When the download is complete, transfer the ISO file to installation media such as a DVD or USB flash drive.

  • Boot your PC from the installation media, and then follow the steps to perform a clean install.

 DOWNLOAD

As this is a very early release of Windows, it is not suggested that you upgrade your normal computer to the Windows 10 TP. Instead you should use a spare computer or even better a virtual machine like VirtualBox. If you decide to go the VirtualBox route, download the ISO and create a Windows 8.1 guest in VirtualBox. Then go into the settings of the guest and mount the ISO as a DVD. When you are ready to install, double-click on the guest to start the installation from the mounted ISO. It will install perfectly, but unfortunately at this time the Guest Additions will not work. I expect a VirtualBox update will be released soon that will allow the guest additions to work.

10-06-14

~~~~~~~~~~

Exclusive -Details on Investigation of Group-IB on new age of POS malware.

BREAKING NEWS – BlackPOS malware – IntelCrawler has identified the author

According to the statistics of Group-IB, one of the leading security and computer forensics company, modern cybercriminals started to use specific malware for ATMs and POS for targeted attacks. 

Most of them are organized with the help of insiders in face of staff, who has access to the POS to maintain or update its software locally. Only few infections were detected with the help of targeted remote attacks on POS working on Windows XP / Windows Embedded with RDP/VNC access or vulnerabilities in ATM networks connected to VPN channels of the banks or GSM/GPRS networks.

Previously a McAfee security researcher, Chintan Shah, has notified the banking community about vSkimmer, the Trojan-like malware is designed to infect Windows-based computers that have payment card readers attached to them.

At the end of 2012, Israel based company Seculert  notified about Dexter malware, used for parsing memory dumps of specific POS software related processes, looking for Track 1 / Track 2 credit card data.

Read MORE

A First Look at the Target Intrusion, Malware

A Closer Look at the Target Malware, Part II

New Clues in the Target Breach

~~~~~~~~~~

Malicious advertisements served via Yahoo

Posted on January 3, 2014 by

Detection of the infection

Fox-IT operates the shared Security Operations Center service ProtACT. This service monitors the networks of our clients for malicious activity. On January 3 we detected and investigated the infection of clients after they visited yahoo.com.

Infection

Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Those malicious advertisements are iframes hosted on the following domains:

  • blistartoncom.org (192.133.137.59), registered on 1 Jan 2014
  • slaptonitkons.net (192.133.137.100), registered on 1 Jan 2014
  • original-filmsonline.com (192.133.137.63)
  • funnyboobsonline.org (192.133.137.247)
  • yagerass.org (192.133.137.56)

Upon visiting the malicious advertisements users get redirected to a “Magnitude” exploit kit via a HTTP redirect to seemingly random subdomains of:

  • boxsdiscussing.net
  • crisisreverse.net
  • limitingbeyond.net
  • and others

All those domains are served from a single IP address: 193.169.245.78. This IP-address appears to be hosted in the Netherlands.

This exploit kit exploits vulnerabilities in Java and installs a host of different malware including:

  • ZeuS
  • Andromeda
  • Dorkbot/Ngrbot
  • Advertisement clicking malware
  • Tinba/Zusy
  • Necurs

The investigation showed that the earliest signs of infection were at December 30, 2013. Other reports suggest it might have started even earlier.

Read MORE      And      HERE

~~~~~

2 million Facebook, Gmail and Twitter passwords stolen in massive hack

By Jose Pagliery  @Jose_Pagliery December 4, 2013: 4:39 PM ET

Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firmTrustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands. They discovered compromised credentials for more than 93,000 websites, including:

  • 318,000 Facebook (FBFortune 500) accounts
  • 70,000 Gmail, Google+ and YouTube accounts
  • 60,000 Yahoo (YHOOFortune 500) accounts
  • 22,000 Twitter (TWTR) accounts
  • 9,000 Odnoklassniki accounts (a Russian social network)
  • 8,000 ADP (ADPFortune 500) accounts (ADP says it counted 2,400)
  • 8,000 LinkedIn (LNKD)accounts

Read MORE

Malwarebytes 2013 Threat Report

December 4, 2013   |   By 

The past year turned out to be an interesting introduction into the new types of threats users are facing as well as what they will continue to face, at greater levels, in the coming years.

We have continued to see the use of scammer and “assumed guilt” threats such as Ransomware and the emergence of even greater threats using similar tactics. We have seen the rise and fall of a very popular exploit kit and had an entire year of cautious surfing because of drive-by exploits and watering hole attacks.

Phone scammers have shown us that it’s not always safe to trust people who claim to be technical specialists and the battle against mobile threats has raged on in greater severity.

As we enter a new year, we can expect these threats to continue with more destructive force than we have ever experienced.

Our world is changing and much of our personal communication; banking and overall well-being is now accessible online. This trend will only continue as we adopt a new ‘online life’, where all sorts of criminals are taking advantage of those inexperienced with internet security.

We are lucky that we have been able to learn from the past year’s challenges and adopt new strategies to remain safe online. The lessons learned are invaluable when dealing with future threats; however, perhaps the greatest lesson of all would be the individual’s understanding of online threats and proper security measures. For example, while most Antivirus programs provide adequate protection, none of them will keep you safe if used improperly.

A few years ago, I said the internet was most like the ‘Wild West,’ where people were free to start their own adventure. There were outlaws, for sure, but at the same time law men who would protect the innocent.

Unfortunately, I can’t say that any more about our current situation: the cowboys are gone, and have been replaced with soldiers. The internet today is a warzone, and everybody online is part of the fight.

Read MORE

**********

1/15/2013

 Waledac botmasters use Virut malware to build a new botnet

Posted on 15.01.2013
Despite having been swooped down on by security companies and law enforcement a couple of times, the botmasters of the Waledac (Kelihos) botnet refuse to give up and are using new variants to set up new versions of the original botnet.
According to Symantec researchers and the company’s telemetry data, the number of computers infected with the W32.Waledac.D variant is on the rise again, and most of them are concentrated in the U.S.This latest increase can be attributed to the influence of the Virut botnet, which has apparently been hired to distribute the aforementioned Waledac botnet variant.Waledac’s goal is to send out spam emails through servers from a list that it receives from the botnet’s C&C servers, and according to the researchers’ estimates, that might currently mean anywhere between 1.2 billion to 3.6 billion spam emails per day.The email subjects vary, but the links contained in them mostly lead to Canadian online pharmacies and counterfeit performance-enhancing drugs.”The coexistence of Virut and Waledac on a single computer is further example of malware groups using affiliate programs to spread their threats, and that threats can be linked and coexist on an already compromised computer,” the researchers concluded.
Found HERE

**********

1/15/2013

Why does crapware still exist? Follow the Silicon Valley money trail

Summary: If you followed security experts’ advice and manually updated Java this week to fix a critical vulnerability, you might have gotten more than you asked for. Oracle probably makes tens of millions of dollars a year from crapware, and big venture capitalists see it as a growth business.

Ed Bott

By for The Ed Bott Report | January 15, 2013 — 14:22 GMT (06:22 PST)

Oracle this week released an update for its widely used Java software, fixing a zero-day vulnerability that was being actively exploited to install malware via drive-by downloads.

But before you begin patting Oracle on the back for its quick response, note two things about that update:

  • It might not actually fix the underlying security issues.
  • Along with the must-install security update, Oracle continues to include crapware.

Yes, adding insult to injury, Oracle is actually making money and cheapening your web browsing experience by automatically installing the Ask toolbar, which in turn tries to change your default search engine and home page

Read MORE

Installers Hall of Shame (Unwanted add-on)

gizmo’s Software Watch–Adware Watchlist

**********

1/14/2013

Zero-Day Java vulnerability wreaks havoc on computers worldwide

As mentioned in our security advisory, a new exploit is affecting the latest version (version 7 update 10) of Oracle Java. Since there is no patch available (0 day) at the time of writing, all Windows computers running Java are exposed to malware infections. If you need a refresher in what a drive-by exploit is, it is an attack against an application that allows the execution of arbitrary code, meaning it can download and install malware on your system without you knowing. It is composed of three parts:

  • Application Code Execution
  • Exploit Code Execution
  • Payload Execution

The Bait

An important piece that isn’t necessarily part of the drive-by exploit process is what we like to call the ‘bait’. What that means is how exactly you would get a user to navigate to the web page that included the exploit code. The usual method of baiting a user could be one or more of the following:

  • Advertising the links as something else, like a video, a coupon or just something of unique interest to the user
  • Including code in a Malicious Advertisement or Malvertisement that redirects the user to the exploit page without their consent
  • Hijacking a previously well visited legitimate site and secretly embedding the exploit code within its web pages

Read MORE

**********

1/14/2013

Java broken for at least two years

Do not activate Java on your browser

14 Jan 2013 10:22 | by

Oracle released an emergency update to its Java software over the weekend designed to fix a major security flaw in the software, but security experts warned that the update does not work and the company should not have bothered.

The update was released after the US Department of Homeland Security urged PC users to disable Java because of bugs in the software.

Java was being exploited to commit identity theft and other crimes, Homeland Security warned.

Adam Gowdiak, a researcher with Poland’s Security Explorations, who has discovered several bugs in the software over the past year, told Reuters  that the update from Oracle leaves several important security flaws unfixed.

He would not dare to tell users that it’s safe to enable Java again.

The fact that Oracle can’t fix the software means that PCs running Java in their browsers remain vulnerable to attack by criminals seeking to steal personal details to use in scams.

Read MORE

**********

1/13/2013

Update on the Java Exploit

Oracle has released a software update to fix a critical security vulnerability in its Java software that miscreants and malware have been exploiting to break into vulnerable computers.

Java 7 Update 11 fixes a critical flaw (CVE-2013-0422) in Java 7 Update 10 and earlier versions of Java 7. The update is available via Oracle’s Web site, or can be downloaded from with Java via the Java Control Panel. Existing users should be able to update by visiting the Windows Control Panel and clicking the Java icon, or by searching for “Java” and clicking the “Update Now” button from the Update tab.

This update also changes the way Java handles Web applications. According to Oracle’s advisory: “The default security level for Java applets and web start applications has been increased from “Medium” to “High”. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.”

Read MORE

**********

1/10/2013

CTA: Unpatched Java Exploit in the Wild

URGENT: New Java Exploit being used to infect Updated Users.

ACTION: Disable Java Browser Plugin using:

How to Disable Java

DETAILS:

As of yesterday, a new Java exploit has been developed and released to the cyber-crime community. It is currently in the wild and being used to distribute malware such as the Reveton Ransomware.

No one is safe from this exploit if you have Java enabled in your browser, it is targeting the most recent update however it will still work on previous versions.  The best thing to do is disable Java entirely from running as a plugin on your browser. To do this, follow one of the above links and follow the instructions and restart your browser. If you are using Mozilla Firefox, Java might already be disabled because it seems that some browsers are taking the initiative and just disabling it automatically because of the threat.

Read MORE

**********

1/9/2013

Using Yahoo Mail? You should turn on this privacy option as soon as possible

by Graham Cluley on January 8, 2013

It has taken Yahoo a ridiculously long time, but it is finally rolling out an option that will help protect users’ privacy when accessing their web-based email – HTTPS.

Yahoo Mail has lagged behind competitors such as Hotmail (in the process of being rebranded Outlook.com) and Gmail by not allowing users to access their email through HTTPS.

If you don’t have full-session HTTPS turned on for your webmail, anybody on your WiFi network could read any of the emails you write and receive using a tool like FireSheep, as they are transmitted from Yahoo to your browser.

Read MORE

**********

1/9/2013

Facebook Known Security Threats

Protect your account and the information you share.

**********
2012

*********

12/30/2012

How to remove the Babylon toolbar, home page and search engine

Babylon translation software adds a toolbar and other add-ons to browsers. It also changes Firefox preferences such as your home page and search engine. These changes are done in a way that can be difficult to detect and reverse. This article explains how to fully remove Babylon and reset the Firefox options back to normal.

Table of Contents

3 Steps prior to using any Malware Removal tool:

No.1 Create a New Restore point

No.2 Back-up your registry with ERUNT

No.3 Do a normal back-up of your system

Rootkit Detection Tools

Malware Removal Tools

Malware Removal Forums

Share this article: You can use the link http://mzl.la/UoMznp to easily share this article with others. It will display instructions automatically customized for their operating system and language.

Read MORE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

12/11/2012

Enlarge / Administration panel for Dexter, a malicious application that steals credit card data from point-of-sale systems. The malware was recently found on hundreds of computers around the world.

“Dexter” malware steals credit card data from point-of-sale terminals

Hundreds of businesses around the world infected.

by Dan Goodin – Dec 11 2012, 8:01am CST

A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses.

Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30 percent of those compromised located in the US, 19 percent in the UK, and nine percent in Canada. Malware that infects point-of-sale terminals can be one of the most efficient ways to carry out payment card fraud because it targets machines with access to large amounts of the required data.

“Instead of going through the trouble of infecting tens of thousands of PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware,” Raff wrote. “Dexter is one example of such malware.”

More   HERE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

12/7/2012

‘Eurograbber’ Lets Attackers Steal 36 Million Euros From Banks, Customers

Dec 06, 2012 | 07:48 AM |

By Tim Wilson
Dark Reading

Researchers say they have identified and thwarted a malware attack that enabled attackers to steal more than 36 million euros from more than 30,000 online banking customers in Europe.The attack, dubbed “Eurograbber,” infected users’ PCs with a new version of the Zeus Trojan, and then convinced them to download malware to their cell phones, defeating the second factor of authentication and exposing online banking accounts to slow data theft, according to researchers at security vendor Check Point Software and Versafe, an online fraud prevention vendor.”It was a targeted, multistage, sophisticated attack that used two different Trojans to infect both the online banking system and the user’s phone,” says Darrell Burkey, director of IPS at Check Point. “It broke through both the first factor of authentication on the banking system and the second factor of authentication, which in Europe is often an SMS-based cell phone.”
More    HERE    n    HERE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

12/3/2012

Yahoo Email-Stealing Exploit Fetches $700

A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits.

More   HERE   and    HERE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

12/2/2012

Microsoft Security Essentials loses AV-Test certificate

Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didn’t pass the test to achieve certification. Although that may not sound that impressive, Microsoft’s program was the only one which didn’t receive AV-Test’s certificate. For comparison, the other free antivirus software, including Avast, AVG and Panda Cloud did.

More    HERE   and   HERE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

10/31/12

Ccleaner  v3.24.1850 Available

Cleans all areas of your Computer

Internet ExplorerInternet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
FirefoxFirefox
Temporary files, history, cookies, download history, form history.
Google ChromeGoogle Chrome
Temporary files, history, cookies, download history, form history.
OperaOpera
Temporary files, history, cookies.
Apple SafariSafari
Temporary files, history, cookies, form history.
WindowsWindows
Recycle Bin, Recent Documents, Temporary files and Log files.

RegistryRegistry Cleaner
Advanced features to remove unused and old registry entries.

Download Ccleaner

Take the Tour

*********************************************************************

10-11-12

By Julio Franco on October 11, 2012

Interview with Malwarebytes’ founder, Marcin Kleczynski

Malwarebytes started its life as a company in 2004 as a one-man operation, but it wasn’t until four years later that its star product was released, simply called ‘Anti-Malware’. Since then the company has rapidly grown to establish itself as a serious player in the computer security industry.

Based on a successful freemium model where users can clean already infected machines for free or get real-time protection for a one-time fee, Malwarebytes Anti-Malware already counts hundreds of millions of downloads and over five billion infections cleaned.

More HERE

*********************************************************************

10-4-12

FTC cracks down on tech support scams and feds nail fake AV perps

“The federal government took much needed action today against sleazy PC tech support scammers and fake AV peddlers. Actions include lawsuits, a judgment of $163 million, and freezing of multiple assets. PC tech support scammers will be familiar to regular readers of this blog because David Harley and others have charted the progress of this scam in multiple posts. The scam involves con artists calling you up, typically from India but using a European-sounding first name, and persuading you that they can, for a fee, fix problems on your Windows machine (the problems are not real, and neither is the expensive fixing they do if you fall for the scam).” Read more HERE

*********************************************************************

10-2-12

A new version of the Rogue.FakeRean-Braviax family of rogues was released yesterday. The new version that was released  is called XP Defender 2013, Vista Defender 2013, or Windows 7 Defender 2013. It currently does not have support for Windows 8 and will not install on that version of Windows.

Read more HERE

For those who are infected BleepingComputer have removal guides available at the following links:

Remove XP Defender 2013 (Uninstall Guide)
Remove Vista Defender 2013 (Uninstall Guide)
Remove Win 7 Defender 2013 (Uninstall Guide)
Malwarebytes’ XP Defender 2013 Removal Guide

9-28-12

*************************************************************************

System Progressive Protection

System Progressive Protection is a computer infection from the Rogue.WinWebSec family of rogue anti-spyware programs. This program is classified as a rogue because it deliberately displays false scan results, hijacks your computer so that you are unable to run your normal applications, and displays a constant stream of fake security alerts that state your computer is infected. This rogue is distributed via three methods. The first method is hacked web sites that contain malicious code that attempts to exploit vulnerabilities on a visitors computers. If it can successfully exploit a vulnerability it will install the program without your permission or knowledge. The second method is through the use of fake online anti-malware scanners that pretend to scan your computer and then state you are infected. It will then prompt you to download System Progression Protection. The final method this rogue uses are Trojans that pretend to be software required to view an online video.

Read more HERE   or  HERE   or   HERE

9-19-12

**************************************************************************

The FBI MoneyPak Ransomware or the Reveton Trojan

The FBI MonkeyPak Ransomware is a computer infection that locks you out of your computer and your applications until you pay a ransom of $200 in the form of a MoneyPak. This infection is typically installed onto a computer when the user visits a hacked web site that contains malicious scripts that exploit vulnerabilities on the computer to install the FBI Ransomware without their knowledge or permission. It is for these reasons that it is imperative that all computer users make sure their installed programs, including Windows, are up-to-date with the latest patches.

Read more HERE  or HERE

********************************************************************************

The Win32/Reveton or Police Central e-crime Unit Ransomware

The Great Britain Police Central e-crime Unite Ransomware is a computer infection targeted at people who live in Great Britain that locks you out of your computer and your applications until you pay a ransom of £100 in the form of a Ukash or PaySafeCard payment. This infection is typically installed onto a computer when the user visits a hacked web site that contains malicious scripts that exploit vulnerabilities on the computer to install the PCeU Ransomware without their knowledge or permission. It is for these reasons that it is imperative that all computer users make sure their installed programs, including Windows, are up-to-date with the latest patches.

Read More HERE  or HERE

ScreenShots of Other Reveton Ransomware

Trojan:Win32/Reveton

More HERE

*********************************************************************************

Ccleaner 3.22.1800 Available

Cleans all areas of your Computer

Internet ExplorerInternet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
FirefoxFirefox
Temporary files, history, cookies, download history, form history.
Google ChromeGoogle Chrome
Temporary files, history, cookies, download history, form history.
OperaOpera
Temporary files, history, cookies.
Apple SafariSafari
Temporary files, history, cookies, form history.
WindowsWindows
Recycle Bin, Recent Documents, Temporary files and Log files.

RegistryRegistry Cleaner
Advanced features to remove unused and old registry entries.

Download Ccleaner

**********

Friday March 9 2012 @ 08:52

First Week Review of avast! out of 30 day test

  • INSTALLATION

Pretty simple install , EXCEPT, for avast! trying to get me to install Google Chrome Web Browser. Was given the option to NOT install and proceded with install. 10 point deduction for that episode. Antivirus software’s need to stick with viruses/malware and stay out of the Web Browser Game.

NOTE: I do use Google Chrome at times, BUT, NO installing program should try to get you to install additional software

  • Program Features

Execellent Interfaces to work with, often not seen in Over priced paid antivirus software’s GUI’s. One thing I do like is the “Blocked Sites’ List that can be added to. This combined with password protecting the avast! program, makes it quite usefull to parents as a parental control device.   See VMSAR1 Channel for Video Review

  • URL Blocking

First Test—20/20—-100% block rate of Zero day threats
Second Test—7/10—-70% block rate of Zero day threats
Third Test—20/20—-100% block rate of Zero day threats
Fourth Test—20/20—100% block rate of Zero day threats
Fifth Test—28/30————————————————–

Overall achieved a 95% BLock Rate of Zero Day Threats

  • Summary

As a Independent Tester (Not affiliated with any software posted at this blog), avast! has proven to be a excellent choice as a FREE application. Easy to use, pretty straight forward for a Advanced User. For a Beginning User I would Suggest Microsoft Security Essentials, (Set it , forget it)
Both of these achieved apprx. the same rating from me,
95% Overall Rating. This shows that you need further protection, other than antivirus software. As you can see from this blog, Malwarebytes’ Anti-Malware Pro &
SUPERAntiSpyware Free would be my recomendation. Get yourself protected and be safe out there !!!

**********

Thursday March 1 2012 @ 04:37

Fake IRS Web page

If you find yourself on a page like below, GET OUT NOW!!!!!! The only interest in you by this site, is stealing information(email addys,Credit Card No.’s, SSN’s) and using your computer as a BOT.

OFFICIAL IRS WEBSITE

**********

Ccleaner 3.16 Available

Cleans all areas of your Computer

Internet ExplorerInternet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
FirefoxFirefox
Temporary files, history, cookies, download history, form history.
Google ChromeGoogle Chrome
Temporary files, history, cookies, download history, form history.
OperaOpera
Temporary files, history, cookies.
Apple SafariSafari
Temporary files, history, cookies, form history.
WindowsWindows
Recycle Bin, Recent Documents, Temporary files and Log files.

RegistryRegistry Cleaner
Advanced features to remove unused and old registry entries.

Download Ccleaner

**********
2/20/2012

Malwarebytes Antimalware has released version 1.65.0.1400: Download  HERE  Or at the following Approved Sites

Bleeping Computer

Cnet
MajorGeeks
FileHippo
TechSpot
FileForum

Release Notes

Fixed issue resulting in freezes in certain third-party security products on Windows XP.
• Fixed issue where ignore list was not reloaded after a database update.
• Fixed issue where certain malformed ignore list data would result in a mbamcore.dll crash.
• Fixed issue where desktop icon was not created on certain upgrade installations.
• Fixed issues with Dutch, Belarusian, and Korean language files.
• Added Greek language file.
Malwarebytes Tutorial
Malwarebytes Video Tutorials
FAQ – Malwarebytes’ Anti-Malware won’t run or failed to resolve my issues

Any issues with the new version, please report HERE

**********

2011

Sept.   9,2011

Computer World Security News
ZD Net Malware News
The A Register Malware News
Yahoo Security News

********

June 22,2011

Don’t write it, read it instead!

The bootkit malware Trojan:Win32/Popureb.E has made some changes in its code compared to previous samples (specifically, Trojan:Win32/Popureb.B), and now it introduces a driver component to prevent the malicious MBR and other malicious data stored as disk sectors from being changed. The driver component protects the data in an unusual way – by hooking the DriverStartIo routine in a hard disk port driver (for example, atapi.sys).

Read MORE

Continuing:

If your system does get infected with Trojan:Win32/Popureb.E, They advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR). To fix the MBR, we advise that you use the System Recovery Console, which supports a command called “fixmbr”.

To find out how to use your system’s recovery options, refer to the following articles:

Microsoft Malware Protection Center

**********

June 22,2011

Malicious software downloads invade WordPress

WordPress is requiring all account holders on the WordPress.org website to change their passwords following the discovery that hackers contaminated it with malicious software.

The password reset comes after three popular plugins were found to contain “cleverly disguised backdoors” that had been uploaded by unauthorized people, rather than the legitimate authors, Matt Mullenweg, a founding developer of WordPress, blogged Tuesday. Members of the open-source blogging project reverted the plugins to their original versions, and temporarily closed the plugin repository to scour it for additional tainted software.

Mullenweg didn’t say how the hackers were able to breach the security of the plugin repository or whether changes have been made to prevent the same thing from happening in the future.

Read MORE

The A Register Malware News

**********

June 22,2011

Microsoft rings alarm bell on fake Windows support calls

22% of people called by phony support technicians fell for scam

Computerworld – Microsoft today warned that scammers have taken to the phone lines to dupe Windows users into putting malware on their machines or paying for worthless help.

The ploy isn’t new — security experts have seen it in circulation for at least a year — but Microsoft was the first to quantify the problem.

According to Microsoft, which sponsored surveys in the U.S., the U.K., Ireland and Canada, 15% of the people polled said they had received unsolicited calls from fraudsters posing as computer support technicians who claimed they were offering PC security checks.

Read MORE

Computerworld Security Topic Center

**********

June 19,2011

Fake Firefox Scanner

Then a FAKE Microsoft Update

Read MORE

**********

May 24,2011

Fake Windows Defender Rogue

Today a new rogue surfaced called “Windows Defender” and no folks, not the Legit one found HERE

First indication of a infection should be FLAG No.1.

Second indication WILL BE as below(Still not too late to back out,NOW)

Any clicking on page, or “X”, on “Remove ALL”,Cancel,  results in the download of a pack.exe

When trying to leave the page, encountered this:

Clicked “OK” on “Are you sure you want to leave this page”(YES)Then after tab closed, clicked “cancel” on pack.exe. Now folks, I use Sandboxie for testing, please don’t try this at home unless you have the expertise.

Y’all be Safe Out There Please !

If your current security solution let this infection through, you might please consider purchasing the

FULL version of  Malwarebytes’ Anti-Malware

**********

May 22,2011

FAKE VirusTotal Site

Early yesterday morning was checking around at MalwareDomains(DO NOT GO THERE UNLESS QUALIFIED), found another malicious attack from the Dot tk group, See screenshot

Which Injected a Java Exploit, see screenshot:


At this point stopped the Test, knew what would happen. Test pc’s needs breaks too, :)      As of late yesterday evening, above site was SHUT DOWN, 🙂

From Kaspersky Labs:

Fake virustotal website propagated java worm

**********

May 19,2011

Malwarebytes’ Antimalware are aiming to release the final version of 1.51 on Saturday, May 28.

New Features:

1. 14-day trial of the PRO version is now available. This is optional to all users.
2. Scheduler now has an edit button.
3. User is now notified of program updates awaiting installation.

Overall Improvements:

1. Scheduling has been simplified, including relocation of scheduler.
2. Website Blocking is now disabled when protection is turned off.
3. Logs are sorted by date automatically.
4. Updating is now much more efficient.
5. All HKCU settings can now be set in HKLM to override user settings.
6. Protection module now more efficient in terms of I/O read bytes.

Issues Fixed:

1. Fixed ignore list not working for default registry data, i.e. for Broken.OpenCommand.
2. Add to ignore list menu item is now left enabled if show tooltip balloon is unchecked.
3. User is now able to update from the system tray even if the scanner is open.
4. Fixed full scan drive list updating issue.
5. Fixed issue with protection module not honoring ignore list after an item is restored from the quarantined.
6. Date format on update tab is now the same as the system tray.

Download

Tutorial

**********

May 18,2011

SUPERAntiSpyware 5.0 Preview

**********

May 15,2011

Zbot Attack of Yahoo Answers

During the past several days, Yahoo Answers  (<–The Real YA)has been plagued with posters(Bots) of  malicious URL’s in answers which leads to a FAKE Yahoo Answers site(See Below)

Which prompts you to download or downloads a answers.exe file which is detected and removed by Malwarebytes’ Antimalware (See Below)(Click to enlarge Pics)


VirusTotal Report-11 /43 (25.6%)

MD5   : 69522273a49d3053bd8d7d4b5ca379e5

Comodo Malware Analysis

How Win32/Zbot Works

Notes: IE 9 and FF would NOT ALLOW this file to download, 🙂 . Google Chrome let it run with no prob, 😦

This infection also changes the settings to use a Proxy Server. Please try the following to correct this

  • Open Internet Explorer
  • Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser
  • Click on Tools at the top and select Internet Options
  • Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
  • Click on the Connections tab
  • Click on the LAN settings button
  • Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
  • Click on the OK button to close the Local Area Network (LAN) Settings window
  • Click on the OK button to close the Internet Options window
  • Use this diagram as a guide

Y’all be Safe Out There Please !

If your current security solution let this infection through, you might please consider purchasing the

FULL version of  Malwarebytes’ Anti-Malware

************************************************************

Apr.26,2011

CCleaner v3.6 Update Available

Cleans all areas of your Computer

Internet ExplorerInternet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
FirefoxFirefox
Temporary files, history, cookies, download history, form history.
Google ChromeGoogle Chrome
Temporary files, history, cookies, download history, form history.
OperaOpera
Temporary files, history, cookies.
Apple SafariSafari
Temporary files, history, cookies, form history.
WindowsWindows
Recycle Bin, Recent Documents, Temporary files and Log files.

RegistryRegistry Cleaner
Advanced features to remove unused and old registry entries.

Download Ccleaner

**********

Apr.12,2011

Microsoft delivers monster security update for Windows, IE

Computerworld – Microsoft today patched a record 64 vulnerabilities in Windows, Office, Internet Explorer (IE), and other software, including 30 bugs in the Windows kernel device driver and one in IE that was exploited at the Pwn2Own hacking contest last month.

Read MORE

**********

Apr.12,2011

Avast alert finds WHOLE WEB malign

Major freebie anti-virus scanner Avast has apologised for a cock-up defining the vast majority of the web as malign.

Rather than a Howard Beale-style insight into the state of the modern interwebs, the finding of any sites with scripts or frames – including Avast’s own support forums – as malign was the result of a rogue virus definition update.

The Czech Republic-based firm quickly realised its mistake, and released a revised definition file within a hour of discovering the problem on Tuesday morning.

Read MORE

**********

Apr. 6,2011

Malware baddies crank up Trojan production

Malware authors have stepped up production rates still further in their efforts to overwhelm anti-virus defences with banking Trojans and other crud.

During the first three months of 2011 an average of 73,000 new strains of malware have been created every day: 10,000 more than during the same period last year, according to stats from Panda Security. Around 70 per cent of these malware strains were Trojans, with viruses making up 17 per cent of the sample, the second most common category.

Worms (eight per cent) also made up a significant percentage while other once-significant categories of malware, such as adware, have dwindled away to background noise levels. This is illustrated by Panda’s pie-chart here.

Read MORE

**********

Apr. 4,2011

Millions of emails exposed in major security breach

A major security breach exposed countless customer emails for a growing list of companies, including TiVo, JPMorgan Chase, Citi, Capital One, Marriott Rewards, Walgreens and more.

Epsilon, the world’s largest permission-based email marketing services company, released a statement reporting an unauthorized entry in its clients’ customer database on Friday. Email addresses and customer names were obtained. The list of client databases began with the grocery chain Krogers, but as the investigation continues, more companies are added.

Epsilon sends over 40 billion emails annually and counts over 2,500 clients, including 7 of the Fortune 10 to build and host their customer databases, reports Security Week.

Read MORE

**********

Apr. 4,2011

Comodo Inspires No Confidence as Hacker Compromises Two More Accounts

The Iranian hacker who managed to trick Comodo into issuing nine fraudulent certificates appears to have compromised two more registration authority (RA) accounts, raising questions about exactly what is going on at the certificate authority.

“Two further RA accounts have since been compromised,” wrote Robin Alden, CTO of Comodo Security, on the mozilla.dev.security.policy mailing list on March 29. The partners have had their registration authority privileges withdrawn, Alden said.

Read MORE

**********

CCleaner v3.05.1409 Update Available

Cleans all areas of your Computer

Internet ExplorerInternet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
FirefoxFirefox
Temporary files, history, cookies, download history, form history.
Google ChromeGoogle Chrome
Temporary files, history, cookies, download history, form history.
OperaOpera
Temporary files, history, cookies.
Apple SafariSafari
Temporary files, history, cookies, form history.
WindowsWindows
Recycle Bin, Recent Documents, Temporary files and Log files.

RegistryRegistry Cleaner
Advanced features to remove unused and old registry entries.

Download

**********

Mar.23,2010

Microsoft Security Advisory (2524375)

Fraudulent Digital Certificates Could Allow Spoofing

Executive Summary

Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity.

Read More HERE ~n~ HERE

**********

Mar. 3,2011

WordPress.com targeted by DDoS attack

WordPress.com, home to many millions of blogs around the world, is currently being hit by an “extremely large” distributed denial-of-service (DDoS) attack.

According to the company, some users may experience performance and connectivity problems as a result.

Read MORE

**********

Mar. 2,2011

Rogue AV pimps finally show love for alternative browsers

For years, ads pimping malware disguised as legitimate antivirus programs have gone to great lengths to mimic the look and feel of Microsoft’s Internet Explorer browser and Windows operating system. Now Mozilla Firefox, Google Chrome, and Apple Safari are getting the same treatment.

Read MORE

**********

Microsoft Shows Off Radical New UI, Could be Used in Windows 8

In a three and a half minute videoMicrosoft may have shown the world what it has in store for the eagerly awaited Windows 8. In the video Microsoft showed a radically different interface from past versions of Windows — even Windows 7.

Running on Surface 2, the touch-screen successor to the original Microsoft Surface, the device accepts input from a Windows Phone 7 handset (HTC HD7).

Gone are the icons that drive Windows, OS X, and Linux operating systems of past and present.  In their place are “bubbles” that interacted with files and post streaming information off the internet.

Read MORE

**********

Feb. 21,2011

Researcher Identifies New Fast-Flux Botnet

A security researcher has identified a new pharma spam botnet which uses fast-flux technologies in order to increase its resiliency to takedown attempts.

Dubbed “Wibimo,” the botnet was discovered by Joe Stewart, director of malware research at Dell’s SecureWorks Counter Threat Unit, who presented it at the recent RSA security conference.

Read MORE

**********

Feb 20,2011

SUPERAntiSpyware 5.0 Preview and Screen Shots

**********

Microsoft Security Advisory (2501696)

*********

AUMHA Discussion: Should I Use a Registry Cleaner?

*********

What Facebook’s New Security Features Mean For You

*********

Spamvertised “Your password has been stolen!” Malware Campaign Circulating

*********

Computer World Security News

ZD Net Malware News

The A Register Malware News

Yahoo Security News

**********

CCleaner v3.03 Update Available

Cleans all areas of your Computer

Internet ExplorerInternet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
FirefoxFirefox
Temporary files, history, cookies, download history, form history.
Google ChromeGoogle Chrome
Temporary files, history, cookies, download history, form history.
OperaOpera
Temporary files, history, cookies.
Apple SafariSafari
Temporary files, history, cookies, form history.
WindowsWindows
Recycle Bin, Recent Documents, Temporary files and Log files.
RegistryRegistry Cleaner
Advanced features to remove unused and old registry entries.Download

**********

Jan 25,2011

QUOTE

“Over the last few days, we received numerous reports of computers infected with fake anti-virus (scareware). The name of this particular culprit is Antivirus 8.”

The interesting thing about these cases is that the users were getting fake anti-virus browser pop ups while not actively using the computer. During our research we noticed that these pop-ups would appear right when ICQ was fetching/displaying new ads.

Read MORE

**********

Jan 21,2011

Twitter worm hits goo.gl, redirects to fake anti-virus

A fast-moving Twitter worm is in circulation, using Google’s goo.gl redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign.

According to malware hunters tracking the threat, the worm’s redirection chain pushes users to a Web page serving up the “Security Shield” Rogue AV.   The page is using obfuscation techniques that include an implementation of RSA cryptography in JavaScript to obfuscate the page code.

Kaspersky Lab malware researcher Nicolas Brulez (see important disclosure) said the original “goo.gl” links in the Twitter messages are redirecting users to different domains with a “m28sx.html” page.  That page then redirects to a static domain with a Ukrainian top level address.

As if it was not enough, this domain redirects the user to another IP address which has been linked in the past to fake anti-virus distributions.  ”This IP address will then do the final redirection job, which leads to the actual Fake AV site,” Brulez explained.

Read MORE

**********

Jan 20,2011

Chinese Trojan blocks cloud-based security defences

Miscreants have released a Trojan specially designed to disable cloud-based anti-virus security defences.

The Bohu blocks connections from infected Windows devices and cloud anti-virus services in place to protect them. Malware writers have long included routines to disable components of desktop anti-virus software packages or block access to anti-virus websites from infected machines.

More and more security firms are beginning to adopt cloud-based anti-virus architectures, as they offer the twin benefits of a lesser performance overhead (all the heavy lifting is done on servers in the cloud not on the client) and faster response to the growing volume of malware threats. Bohu reflects the fact that the bad guys have once again adopted to the changes applied by security defenders.

Read MORE

**********

Jan 10,2011

Facebook Virus Spread Via Photo Albums

Over the weekend, a Koobface-like attack surfaced on Facebook, infecting users by tricking them into clicking to view a photograph.

“Unlike the majority of Facebook scams we report, this one actively infects your computer with malware instead of simply tricking you into taking surveys and passing on messages to other users,” said Chester Wisniewski, senior security advisor at Sophos. Facebook has since removed the malicious application.

From a security and hoax standpoint, it was a busy weekend for the social network, as links to a story also emerged that Facebook would shutter on March 15th, also known as the Ides of March. “The stress of managing this company has ruined my life,” Facebook CEO Mark Zuckerberg allegedly said. “I need to put an end to all the madness.”

Read MORE

**********

Jan 7,2011

Facebook riddled by ‘my first ever status message’ scam app

A new survey scam has hoodwinked thousands on Facebook.

Users are being induced into filling out a worthless survey on the false promise of a dubious reward – a reminder of their first ever status message on the social networking website. These false promises appear as status messages from already fooled surfers, touting a rogue application.

Surfers who install the application grant it account privileges – thus allowing it to post from a user’s account, a facility used to spam followers of a compromised account with spam come-ons, continuing the infection cycle.

Read MORE

**********

Dec 26,2010

MSE releases revamped freebie malware scanner

Microsoft has released a new version of its freebie security scanner tool last week, following the conclusion of a five-month beta testing program.

Microsoft Security Essentials (MSE) 2.0 features a revamped heuristic (automatic malware detection) engine as well as the addition of network intrusion detection technology. Less significantly, the slightly redesigned dashboard allows users to manage Microsoft’s firewall from inside MSE. MSE 2.0 also features tighter integration with Internet Explorer as a mechanism for protecting against web-based threats.

Read MORE

**********

Dec 26,2010

Rogue apps ‘worst Facebook feed malware baddies’

Stats from social networking safety apps suggest that one in five items on the news feeds of Facebook users lead to malicious content.

More than three in five (60 per cent) of these attacks come from notifications generated by malicious third-party applications on Facebook’s developer platform, according to Romanian-based net security firm BitDefender.

BitDefender’s stats comes from users of safego, a free application that scans the user’s wall, message inbox and comments for malicious content, which was released at the end of October. Around 14,000 Facebook users have downloaded safego, with the application scanning over 17 million Facebook posts to date.

Read MORE

**********

Nov 27,2010

Ccleaner 3.01 update

HERE

**********

Sept. 21, 2010

Worms Loose on Twitter.com

An XSS vulnerability was discovered earlier today, and we quickly saw several worms created by different individuals.

Most of the worms are using onmouseover techniques, meaning it’s enough to simply move your mouse on top of a malicious (mischievous) Tweet to resend the malicious message to your followers.

Read HERE

HERE

Twitter fixes cross-site scripting flaw

**********

Sept. 20,2010

Microsoft confirms unpatched ASP.NET data leakage security flaw

Microsoft has released a security advisory to confirm an unpatched information disclosure hole in its ASP.NET Web application framework. The vulnerability, which was discussed at last week’s ekoparty security conference in Argentina, exists in the ASP.Net encryption implementation can allow an attacker to decrypt and tamper with sensitive data.

Read MORE

**********

Sept.19,2010

Security Advisory for Flash Player

Update HERE

Security Advisory for Adobe Reader and Acrobat

Update HERE

**********

Sept.16.2010

Firefox 3.6.10 update available

HERE

**********

Sept. 12,2010

After Google incident, Wi-Fi data collection goes on

IDG News Service – Four months ago, amidst a backlash from government regulators and privacy advocates, Google stopped collecting Wi-Fi data with its Street View cars. But that doesn’t mean Google has stopped collecting wireless data altogether, and neither have other companies such as Apple.

Instead of sending out cars to sniff out wireless networks, Google is now crowdsourcing the operation, with users of its Android phones and location-aware mobile applications doing the reconnaissance work for it. In the past few months, Apple has quietly started building a similar database, leveraging its large base of users to log basic Wi-Fi data.

There are others: A Boston company, Skyhook Wireless, has been logging wireless access points for years, as has its competitor, Navizon of Miami Beach, Florida.

Read MORE

**********

Sept 10,2010

Email worm wants to party like it’s 1999 (almost)

A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.

The email arrives with the subject “Here you have.” An executable screensaver that’s disguised as a PDF document then tries to send the same message to everyone listed in the recipient’s address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.

Read MORE

**********

Sept.  9,2010

Microsoft plans double-sized Patch Tuesday next week

Computerworld – Microsoft today said it will issue nine security updates to patch 13 bugs in Windows, Office and its Web server software next week.

The number of Sept. 14 updates will be more than double the maximum the company has delivered in any other of this year’s odd-numbered months. Microsoft traditionally delivers relatively few patches in those months.

Four of the updates were labeled “critical,” Microsoft’s highest threat ranking in its four-step scoring system. The remaining five were marked “important,” the second-highest rating.

The update tally that Microsoft spelled out in its monthly advance notification to customers is “quite substantial,” said Wolfgang Kandek, chief security officer of Qualys, considering that September should be an “off” month for patches.

Microsoft has been shipping alternating large and small batches of fixes, with the larger-sized updates landing in even-numbered months. In August, for example, Microsoft delivered a record 14 updates that patched a record-tying 34 vulnerabilities. July’s batch, however, contained just four bulletins that fixed five flaws.

Read MORE

**********

Sept.  9,2010

Google Instant blacklists the Slutskys

Google’s “Instant” search engine includes a blacklist for words and phrases involving what the company considers “violence, hate, or pornography.”

Unveiled on Wednesday in the US, Google Instant serves up search results in “real-time” as you type. If you type “w,” for instance, it gives you results for “weather.” If you type “new” and then a space, it gives you results for “New York Times.”

Read MORE

*********

Sept.  9,2010

Google Instant a potential bonanza for search scams

Security watchers are concerned that scareware scammers may quickly adapt to the introduction of real-time search technology from Google to develop even more potent search engine poisoning attacks.

Google Instant speeds up search results by working as users type into the Google search box. The technology predicts what users are trying to type and rapidly makes suggestions on which search term is most relevant, all in real time.

Blackhat SEO threats typically seek to make sure links to malicious sites are returned close to the top of searches for topical terms. The problem has bedevilled search engines for years and more recently has become the main tactic in promoting rogue anti-virus (AKA scareware) scam portals.

Read MORE

**********

Sept. 8,2010

Mozilla patches DLL load hijacking vulnerability

Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications.

The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities (11 rated critical), including the publicly known DLL load hijacking flaw that exposes Windows users to remote code execution attacks.

The majority of the 15 vulnerabilities in this Firefox patch batch could be exploited to launch drive-by download attacks from booby-trapped Web sites.

Read MORE

MORE

**********

8-25-2010

Rogueware on the roll

Quite recently a new rogueware called Advanced Security Tool 2010 entered the scene. This file is being detected as Adware/SecurityTool2010.

Besides having a more modern look and a slick interface, it also loads an exploit known as the help center vulnerability. Microsoft has issued a Security Bulletin in July.

Preventive measures can be taken by keeping your Windows as well as your Antivirus software up-to-date. Sean-Paul Correl has reported on this vulnerability in another blog post:

HCP Vulnerability Exploited in the Wild

Read MORE

**********

8-20-2010

HD Moore: Critical bug in 40 different Windows apps

Metasploit’s HD Moore was in the midst of researching the recently patched LNK (Windows shortcut) vulnerability when he stumbled upon a serious problem that exposes more than 40 different Windows software programs to remote code execution attacks.

Moore issued a brief warning about the issue via Twitter and linked to a critical bulletin from Acros, a Slovenian security research outfit, that references a remote code execution bug patched in Apple’s latest iTunes update.

Read MORE

**********

8-20-2010

Scareware tries to trick marks into dropping defences

Virus authors have developed a strain of malware that attempts to con users into uninstalling legitimate security packages.

A rogue package called AnVi Antivirus generates a cheeky pop-up message suggesting that legitimate apps are “uncertified” and ought to be removed. Failure to take action would result in drastically degraded computer performance, marks are disingenuously warned.

Read MORE

**********

8-19-2010

Critical Adobe Reader hole to be patched Thursday

Adobe will release a patch on Thursday for a critical hole in Reader that was disclosed at the Black Hat conference late last month, the company said on Wednesday.

Adobe had announced on August 5 that the emergency fix was coming this week, in advance of the next quarterly security release, scheduled for October 12.

Read MORE

**********

8-19-2010

Unruy downloader uses CVE-2010-0094 Java vulnerability

Unruy is a family of trojan downloaders and unsolicited advertisement “providers” and although you might not have heard about it, it also is an infection vector for a rather prevalent family of rogues: Trojan:Win32/Fakespypro.

Read MORE

**********

8-18-2010

Facebook and Quiz Scam

The following two pic’s are of Scam and Malicious sites that have been seen for the past two weeks or more . Both are scams to con people out of their money and/or to infect their computer

Facebook Profile Spy? You can see Who views your profile?

**************************

Quiz Scam

Please avoid these at all costs.

**********

7-16-2010

Malicious widget hacked millions of Web sites

Computerworld – As many as five million Web sites hosted by Network Solutions have been serving up malware, probably for several months, a security expert said today.

“This is one of the biggest infections for drive-by download attacks that I’ve seen,” said Wayne Huang, co-founder and CTO of Santa Clara, Calif.-based Armorize Technologies, a Web application security company.

Network Solutions disputed Huang’s estimate of between 500,000 and 5 million infected sites, but was unable to provide its own count.

Read MORE

**********

Security update available for Adobe Flash Player

Release date: August 10, 2010

Vulnerability identifier: APSB10-16

Read HERE

**********

8-9-2010

Hackers offering tech support for malware they installed

In a bold move some hackers are offering tech support and customer service for removing malware from their victims’ computers, according to research by Kaspersky Lab.

The discovery showed a number of criminal syndicates offering e-mail, live chat, and telephone support for removing malware that these same syndicates installed. In many cases the advice offered does not remove the malware, but actually tricks the user into installing more.

Some of the operations are so advanced that they appear like genuine security services. Fake anti-malware software, called scareware, is advertised and installed, warning of infections that may or may not even exist. To solve the non-existant problem a 24/7 fully-manned switchboard with multi-language support is offered. Some even offer refunds to unsatisfied “customers”.

Read MORE

**********

8-5-2010

Microsoft Security Bulletin Advance Notification for August 2010

This is an advance notification of security bulletins that Microsoft is intending to release on August 10, 2010.

Read MORE

**********

8-1-2010

New list of dangerous websites to avoid

HERE is the list of new dangerous domains and subdomains, analyzed in URLVoid during the last month.

ThreatLog

**********

8-1-2010

New Massive BlackHat SEO Attacks

We noticed in these days a new massive number of websites hacked and used in a new campaign of blackhat seo attack with the objective to redirect all users to very dangerous websites that spread the infamous and well known rogue security software and the other dangerous threats such as TDSS rootkit and Zeus.

Read MORE

**********

7-29-2010

The Facebook Data Torrent Debacle: Q&A

Security concerns over Facebook have been raised yet again after a security consultant collected the names and profile URLs for 171 million Facebook accounts from publicly available information. The consultant, Ron Bowes, then uploaded the data as a torrent file allowing anyone with a computer connection to download the data.

Simon Davies a representative of the U.K.-based privacy watchdog Privacy International accused Facebook of negligence over the data mining technique, according to the BBC. Facebook, however, told the British news service that Bowes actions haven’t exposed anything new since all the information Bowes collected was already public.

So what are the security risks? Should you be concerned? Let’s take a look.

Read MORE

**********

7-28-2010

Shortcut Exploit

Sophos engineers have been busy developing and testing a free tool that protects users from malware exploiting the critical zero-day vulnerability known as the “Shortcut exploit”.

Read MORE

Microsoft will release the Out of Band update Monday, 8-2-2010

Read MORE

**********

7-28-2010

Privacy lawsuit targets ‘Net giants over “zombie” cookies

A wide swath of the ‘Net’s top websites, including MTV, ESPN, MySpace, Hulu, ABC, NBC and Scribd, were sued in federal court Friday on the grounds they violated federal computer intrusion law by secretly using storage in Adobe’s Flash player to recreate cookies deleted by users.

At issue is technology from Quantcast, also targeted in the lawsuit. Quantcast created Flash cookies that track users across the Web, and used them to recreate traditional browser cookies that users deleted from their computers. These “zombie” cookies came to light last year, after researchers at UC Berkeley documented deleted browser cookies returning to life. Quantcast quickly fixed the issue, calling it an unintended consequence of trying to measure Web traffic accurately.

Read MORE

**********

7-27-2010

Keeping Kerrigan from Infection

Starcraft fans would recognize that as a famous line from the first Starcraft version, which was released in 1998. Starcraft is a real-time strategy game that became a massive hit worldwide. The release date for its sequel, Starcraft II: Wings of Liberty, is today, the 27th of July. Players can install the game but can only activate their licenses from this day onwards. Surely most gamers out there (including us) are eager to get their hands on this new title, especially if you were a fan of the first.

Read MORE

**********

Encrypt the Web with the HTTPS Everywhere Firefox Extension

EFF and the Tor Project are launching a public beta of a new Firefox extension called

HTTPS Everywhere.

Read MORE

**********

7-26-2010

Ccleaner version 2.34.1200 available HERE

Now with HTML5 Web Storage cleaning.

**********

Fake tech support call scam – supportonclick, systemrecure and logmein123.com

Are you on a call with “tech support” from comantra, supportonclick, thenerdsupport, securesecurityinfotech, thesupportonline, go4isecure, thesparksupport, winpctech, compstep, ordinateurassist, advpccare, techisonline, techonsupport, fixonclick, Log4Rescue, PCTechnosupport, onlinepccare, pccare or logmein123.com while reading this?

Read More

**********

7-23-2010

Firefox Update to 3.6.8

Release Notes

**********

Texting and Driving

**********

7-21-2010

Firefox hit by drive-by download security holes

Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks.

The latest Firefox 3.6.7 update includes fixes for nine “critical” issues that could be exploited to launch remote code execution attacks.  Two of the 16 bugs are rated “high risk” while five carry a “moderate” severity rating.

Read MORE

**********

7-20-2010

Adobe Reader will soon have an additional layer of protection against the many attacks that target the popular PDF viewer.

Adobe Systems is borrowing a page from Microsoft’s and Google’s playbook by turning to sandboxing technology designed to isolate code from other parts of the computer.

Adobe is adding a “Protected Mode” to the next release of Adobe Reader for Windows due out some time this year, said Brad Arkin, director of product security and privacy at Adobe. The feature will be enabled by default and included in Adobe Reader browser plug-ins for all the major browsers.

Read more HERE

**********

7-20-2010

Firefox update 3.6.7 available

**********

7-18-2010

Java Update-21-HERE

**********

By-Mike Peters:


Compliments of ShyWriter

**********

7-16-2010

Fernanda Romero arrest leads to distribution of rogueware

Fernanda Romero, a Mexican actress, was arrested this week for marriage fraud amid allegations.
She paid an American man to help her become a U.S. citizen. Whether this is true or not, the bad guys have taken advantage of this and started spreading the rogueware SecurityMasterAV .

Some of the keywords that can lead you to malicious websites are the following:

fernanda romero actress

fernanda romero 2010

fernanda romero imdb

fernanda romero arrested

fernanda romero drag me to hell

Read MORE

**********

7-14-2010

Mozilla yanks password-stealing Firefox add-on

Computerworld – Mozilla on Tuesday warned users that a password-stealing add-on slipped into Firefox’s extension gallery more than a month ago had been downloaded nearly 2,000 times before it was detected.

The malicious “Mozilla Sniffer” add-on was yanked from Mozilla’s servers Monday, and added to the Firefox “blocklist,” a last-resort defense that uninstalls potentially-dangerous browser extensions from users’ machines.

Mozilla also notified users of a critical security vulnerability in another add-on, the popular “CoolPreviews,” which currently sits at No. 21 on the Firefox most-downloaded list, saying it had temporarily yanked that plug-in, too.

Read MORE

**********

7-14-2010

The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet. But few of the talks have titles quite as alarming as one on this year’s schedule: “How to Hack Millions of Routers.”

Read MORE

**********

Off Topic but something I wanted to share  🙂

http://www.youtube.com/watch_popup?v=hN8CKwdosjE

**********

7-13-2010

GFI – Acquires Sunbelt Software

more HERE

**********

7-13-2010

Security researchers from computer software giant CA warn that a new major version of the ZeuS crimeware toolkit is already being used in the wild. The new release protects its configuration better and focuses on banks in United States, United Kingdom, Spain and Germany.

ZeuS is a professional crimeware toolkit that can be used to generate customized computer trojans that are remotely controllable via a command and control server. Name Zbot (ZeuS bot), this type of trojan comes with information stealing capabilities and is one of the primary tools employed by identity thieves.

Variants of the new ZeuS “version 3” observed in the wild are targeting either banks in US and UK, or Spain and Germany, suggesting that they are used in more targeted attacks. This is understandable given that these four countries were the most profitable for past variants of the trojan.

Statistics compiled by CA show that during the first half of 2010, 26% of all detected Zbot samples targeted Spain, 22% UK, 19% US and 9% Germany. Countries like Italy, Russia, Canada or Colombia have also been targeted, but not as intensively.

The new ZeuS version also allows hackers to better hide the trojan’s configuration from security researchers and the competition. “It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose,” Zarestel Ferrer, a senior research engineer with CA’s Internet Security Business Unit (CA ISBU), explains.

ZeuS is so popular in the cyber criminal world that many malware writers have developed third-party addons for the toolkit, that add new features to the trojan. And while the toolkit can be bought for around $4,000, some of these custom-coded extensions can cost as much as $10,000. This price is low considering that the malware can help steal millions of dollars from the bank accounts of people, businesses and even governments.

Source: Softpedia

**********

7-12-2010

SCAM SITE WARNING

The following site is only for gathering personal information through contacting users through the phone. Please be careful out there!


**********

Hitman Pro 3.5.6 Build 106 now with Dr. Web and Ikarus

HERE

**********

AdBlock Plus update to 1.2.1

HERE

**********

Support is ending for some versions of Windows

Support for Windows Vista without any service packs ended on April 13, 2010.

Support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010.*

Read MORE

MORE

************

Botnet Viruses Captured by NetQin

First off, a lot of you are probably wondering what a “Botnet Virus” is. Well, “Botnet” is an abbreviation for “Robot Network”. What happens is that a group of computers all run a harmful application that is solely controlled and manipulated by one owner or software source. The reasons for the creation of these are limited only to the knowledge of the creators, and no one really knows if they are for good or for evil! In the past, this has strictly been done only in computers, but recently it has found a way to make it into mobile devices, and it has been captured by NetQin!

Read MORE

************

The Fake Car Tax

“Last weekend we detected a wave of spam messages used to distribute malware, emails that are still in circulation.It’s an attack mainly aimed  at car owners, as the subject of these emails is about some changes in the car tax.”

Read MORE

************

UPDATE: ITunes Users Accounts Hacked, Hundreds in App Purchases Tallied

According to a story which TheNextWeb broke over the holiday weekend, hundreds, if not thousands of iTunes accounts have been hacked over the holiday weekend, and a variety of methods used to ring up hundreds of dollars in fraudulent iTunes app store and music charges.

Read MORE

Posted July 8, 2010 by Wide Glide

4 responses to “Updates and Alerts

Subscribe to comments with RSS.

  1. I just added your blog site to my blog roll, I hope you’d look at doing the same.

  2. SPAM Will Not be Tolerated. No Comments are public until approved by the Editor

  3. Exciting write-up, is going to be quite valuable for my thesis – Alexander

  4. Y’all have got to be the bunch of Dumbest Spammers I have ever seen on the Internet. Not one comment is seen until I approve them. But Y’all go right ahead and try. My finger never gets tired of “DELETE”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

All Things Equal

A fine WordPress.com site

Everything Anti-Malware!

Reviews, Step-by-Step Guides,Toolkits and News

TechNet Blogs

Malware Removal

SUPERAntiSpyware Blog

Malware Removal

Security Garden

Malware Removal

S!Ri.URZ

Malware Removal

miekiemoes' Blog

Malware Removal

Malwarebytes Labs

Malware Removal

Metallica's blog

About malware

Malware Removal

Opera News

Malware Removal

WordPress.com

WordPress.com is the best place for your personal blog or business site.