DP's Security Bits

What is Antivirus Smart Protection?

The Malwarebytes research team has determined that Antivirus Smart Protection is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=105420

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

http://www.symantec.com/connect/fr/blogs/androidcounterclank-found-official-android-market

What is Com-doumi?

The Malwarebytes research team has determined that Com-doumi is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=105357

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-004 - Critical
* MS12-JAN

Bulletin Information:

* MS12-004 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-004
- Reason for Revision: V1.2 (January 27, 2012): Corrected the
aggregate severity rating for the KB2631813 update package in
the Affected Software table for all supported editions of
Windows XP, Windows Server 2003, Windows Vista, and Windows
Server 2008. This is a bulletin change only. There were no
changes to the security update files or detection logic.
Customers should apply all update packages offered for the
software installed on their systems. See the update FAQ for
details.
- Originally posted: January 10, 2012
- Updated: January 27, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS11-JAN

- http://technet.microsoft.com/security/bulletin/MS11-JAN
- Reason for Revision: V2.1 (January 27, 2012): For MS12-004,
corrected the aggregate severity rating for the KB2631813
update package for all supported editions of Windows XP,
Windows Server 2003, Windows Vista, and Windows Server 2008.
See the MS12-004 bulletin for details.
- Originally posted: January 10, 2012
- Updated: January 27, 2012
- Version: 2.1

2012-01-25
Keylogger
+ KGBKeylogger.REFOG
Malware
++ Win32.Banload.qqb ++ Win32.Delf.Agr + Win32.FraudLoad.edt + Win32.Renos
Trojans
+ Bancos.Itau + Bancos.prx + Bancos.Santander + Banload.byct ++ Fraud.DHL.npp + Fraud.LiveMessenger + Fraud.UPSInvoice ++ Fraud.Vid.np ++ MiscNet + Win32.Banker.wnx ++ Win32.Heur.vp ++ Win32.Kazy + Win32.Muollo + Win32.NrgBot.rtk + Win32.OnLineGames.down + Win32.VB.ik + Win32.ZBot
Total: 2502212 fingerprints in 782577 rules for 6493 products.

http://www.safer-networking.org/en/index.html

What is Malware Protection Center?

The Malwarebytes research team has determined that Malware Protection Center is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=105187

What is PCupgrade?

The Malwarebytes research team has determined that PCupgrade is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=105047

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-JUN
* MS12-006 - Important

Bulletin Information:

* MS11-049 - Important

- http://technet.microsoft.com/security/bulletin/MS11-049
- Reason for Revision: V2.2 (January 18, 2012): Added a note
to the Affected and Non-Affected Software section to clarify
that this update also applies to 32-bit and x64-based
SQL Server 2008 and SQL Server 2008 R2 Express and
Express Advanced Editions.
- Originally posted: June 14, 2011
- Updated: January 18, 2012
- Bulletin Severity Rating: Important
- Version: 2.2

* MS11-JUN

- http://technet.microsoft.com/security/bulletin/MS11-JUN
- Reason for Revision: V3.1 (January 18, 2012): For MS11-049,
added a note to the Affected Software and Download Locations
section to clarify that this update also applies to 32-bit and
x64-based SQL Server 2008 and SQL Server 2008 R2 Express and
Express Advanced Editions.
- Originally posted: June 14, 2011
- Updated: January 18, 2012
- Version: 3.1

* MS12-006 - Important

- http://technet.microsoft.com/security/bulletin/MS12-006
- Reason for Revision: V1.1 (January 18, 2012): Added MS10-085 as
a bulletin replaced by the KB2585542 update for Windows 7 for
32-bit Systems, Windows 7 for x64-based Systems,
Windows Server 2008 R2 for x64-based Systems, and
Windows Server 2008 R2 for Itanium-based Systems.
This is an informational change only. There were no changes to
the detection logic or the update files.
- Originally posted: January 10, 2012
- Updated: January 18, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

23 Internet Explorer

0 Restricted Sites

0 Mozilla Firefox

14950 items in database

2012-01-18
Adware
+ Babylon.Toolbar
Malware
++ Win32.Injector.wx ++ Win32.Kazy.aprv
Trojans
+ Atraps.br + Banload.byct ++ Fraud.InfectRansom ++ Fraud.LiveMessenger ++ Fraud.USPSreport ++ Gimemo.rtk ++ P2P.MediaGet ++ Win32.Agent.arrc + Win32.Agent.wbc ++ Win32.Autoit.Facebook ++ Win32.Autoit.TajetaAmor ++ Win32.Downloader.Kazy + Win32.Mabezat + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen ++ Win32.Toolbar.DosPop
Worm
++ Win32.Agent.amf
Total: 2500068 fingerprints in 782249 rules for 6476 products

http://www.safer-networking.org/en/index.html

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-100 - Critical

Bulletin Information:

* MS11-100 - Critical

- http://technet.microsoft.com/security/bulletin/MS11-100
- Reason for Revision: V1.2 (January 17, 2012): Added entry to
the update FAQ to announce that the Security updates for the
Microsoft .NET Framework 3.5 on Windows 8 Developer Preview and
the Microsoft .NET Framework 4.5 on Windows 8 Developer Preview
are available from Microsoft Update and Windows Update.
- Originally posted: December 29, 2011
- Updated: January 17, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2

Issued: January 16, 2012

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-007 - Important

Bulletin Information:

* MS12-007 - Important

- http://technet.microsoft.com/security/bulletin/MS12-007
- Reason for Revision: V2.1 (January 16, 2012): Added a link
to Microsoft Knowledge Base Article 2607664 under Known Issues
in the Executive Summary. Also, revised entry in the update FAQ
to clarify why the upgrade to AntiXSS Library version 4.2.1
is only available from the Microsoft Download Center.
- Originally posted: January 10, 2012
- Updated: January 16, 2012
- Bulletin Severity Rating: Important
- Version: 2.1

What is Internet Security Guard?

The Malwarebytes research team has determined that Internet Security Guard is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=104627

Microsoft Security Bulletin Minor Revisions
Issued: January 11, 2012

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-004 - Critical

Bulletin Information:

* MS12-004 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-004
- Reason for Revision: V1.1 (January 11, 2012): Clarified the FAQ
entries for CVE-2012-0003 that address the scope of the
vulnerability and how an attacker could exploit
the vulnerability. These are informational changes only. There
were no changes to the security update files or detection logic.
- Originally posted: January 10, 2012
- Updated: January 11, 2012
- Bulletin Severity Rating: Critical
- Version: 1.1

Microsoft Security Bulletin Re-Releases
Issued: January 11, 2012

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-007 - Important
* MS12-JAN

Bulletin Information:

* MS12-007 - Important

- http://technet.microsoft.com/security/bulletin/ms12-007
- Reason for Revision: V2.0 (January 11, 2012): Announced that
the original upgrade package, AntiXSS Library version 4.2, has
been replaced with AntiXSS Library version 4.2.1. All users of
the AntiXSS Library will need to upgrade to AntiXSS Library
version 4.2.1 to help ensure they are protected from the
vulnerability described in this bulletin. See the update FAQ
for more information.
- Originally posted: January 10, 2012
- Updated: January 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-JAN

- http://technet.microsoft.com/security/bulletin/ms12-JAN
- Reason for Revision: V2.0 (January 11, 2012): For MS12-003,
corrected exploitability assessment for latest software
release in the Exploitability Index for CVE-2012-0005. For
MS12-007, revised to announce bulletin rereleased.
See the MS12-007 bulletin for more information.
- Originally posted: January 10, 2012
- Updated: January 11, 2012
- Version: 2.0

2012-01-11

Malware
+ Fraud.SecurityEssentials ++ Fraud.XPAntispyware2012 ++ NoRun.sps + Win32.FraudLoad.edt
Trojans
+ Bancos.Santander ++ DisDriver.ntl ++ Fraud.WindowsStableWork ++ Fraud.YoutubePlayer ++ Win32.Agent.rsw ++ Win32.Agent.vid + Win32.Amburadul + Win32.Banker + Win32.Diple.efau + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen + Win32.ZBot
Total: 2498071 fingerprints in 781864 rules for 6462 products.
http://www.safer-networking.org/en/index.html

Issued: January 10, 2012

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2588513)
- Title: Vulnerability in SSL/TLS Could Allow
Information Disclosure
- http://technet.microsoft.com/security/advisory/2588513
- Revision Note: V2.0 (January 10, 2012): Advisory updated
to reflect publication of security bulletin.

Event ID: 1032499498

Language(s): English.
Product(s): computer security and information security.
Audience(s): IT Decision Maker and IT Generalist.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Starts: Wednesday, January 11, 2012 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Presented By:

Pete Voss, Senior Response Communications Manager, Trustworthy Computing

Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms12-jan

Critical (1)

Microsoft Security Bulletin MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
»technet.microsoft.com/en-us/secu···ms12-004

Important (6)

Microsoft Security Bulletin MS12-001
Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
»technet.microsoft.com/en-us/secu···ms12-001

Microsoft Security Bulletin MS12-002
Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
»technet.microsoft.com/en-us/secu···ms12-002

Microsoft Security Bulletin MS12-003
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
»technet.microsoft.com/en-us/secu···ms12-003

Microsoft Security Bulletin MS12-005
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
»technet.microsoft.com/en-us/secu···ms12-005

Microsoft Security Bulletin MS12-006
Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
»technet.microsoft.com/en-us/secu···ms12-006

Microsoft Security Bulletin MS12-007
Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
»technet.microsoft.com/en-us/secu···ms12-007

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.