DP's Security Bits

What is HardBoan?

The Malwarebytes research team has determined that HardBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=116688

What is BoanTab?

The Malwarebytes research team has determined that BoanTab is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=116642

2012-09-26

Adware
++ Ahnsoft.AnCam + Babylon.Toolbar ++ Win32.BonusCash + Win32.InCore
Dialer
++ Win32.GenericPornDialer
Hijacker
++ Ghribi.Search
Malware
++ AdClicker.cn
Trojans
+ Bancos ++ Kazy.ru ++ Win32.Downloader.bltu ++ Win32.Jorik.ru + Win32.OnLineGames.down ++ Win32.OnlineGames.ws2 ++ Win32.Ramnit.C + Win32.ZBot
Total: 2554870 fingerprints in 796500 rules for 6764 products.

http://www.safer-networking.org/about/updates/

What is BoanCup?

The Malwarebytes research team has determined that BoanCup is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=116493

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-061 - Important

Bulletin Information:

* MS12-061 - Important

- http://technet.microsoft.com/security/bulletin/ms12-061
- Reason for Revision: V1.1 (September 24, 2012): Modified the
Recommendation section in the Executive Summary to reflect a
change in the way the update is offered. This update is no
longer offered automatically, but can be installed by checking
online for updates from Microsoft Update. Customers who have
already successfully updated their systems do not need to
take any action. Also added a link to Microsoft Knowledge Base
Article 2719584 under Known Issues in the Executive Summary.
- Originally posted: September 11, 2012
- Updated: September 24, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

25 Internet Explorer
0 Restricted Sites
0 Firefox

15520 items in database

System Progressive Protection is a computer infection from the Rogue.WinWebSec family of rogue anti-spyware programs. This program is classified as a rogue because it deliberately displays false scan results, hijacks your computer so that you are unable to run your normal applications, and displays a constant stream of fake security alerts that state your computer is infected. This rogue is distributed via three methods. The first method is hacked web sites that contain malicious code that attempts to exploit vulnerabilities on a visitors computers. If it can successfully exploit a vulnerability it will install the program without your permission or knowledge. The second method is through the use of fake online anti-malware scanners that pretend to scan your computer and then state you are infected. It will then prompt you to download System Progression Protection. The final method this rogue uses are Trojans that pretend to be software required to view an online video.

http://www.bleepingcomputer.com/virus-removal/remove-system-progressive-protection

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer 10
- http://technet.microsoft.com/security/advisory/2755801
- Revision Note: V1.0 (September 21, 2012): Advisory published.

* Microsoft Security Advisory (2757760)
- Title: Vulnerability in Internet Explorer Could Allow Remote
Code Execution
- http://technet.microsoft.com/security/advisory/2757760
- Revision Note: V2.0 (September 21, 2012): Advisory updated to
reflect publication of security bulletin.

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms12-sep

Critical (1)

Microsoft Security Bulletin MS12-063
Cumulative Security Update for Internet Explorer (2744842)
»technet.microsoft.com/en-us/secu···ms12-063

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

This is an advance notification for one out-of-band security bulletin that Microsoft is intending to release on September 21, 2012. The bulletin addresses security vulnerabilities in Internet Explorer.

Microsoft provides advance notification to our customers concerning the number of new security updates being released, products affected, and the aggregate maximum severity. This is intended to help our customers plan for the deployment of these security updates more effectively.

NEW (OOB) BULLETIN SUMMARY

Bulletin ID: Bulletin 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires a restart
Affected Software: Internet Explorer in Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Note: The list of affected software above an abstract. To see the full list of affected components please click on the "Advance Notification Webpage" link below and review the "Affected Software" section.

Although we do not anticipate any changes, the number of bulletins, products affected, restart information, and severities are subject to change until released.

Bulletin Advance Notification Webpage

The full version of the Microsoft Security Bulletin Advance Notification for this release can be found at http://technet.microsoft.com/security/bulletin/ms12-sep


FIX IT TOOL FOR INTERNET EXPLORER VULNERABILITY RELEASED

A Fix-it solution for Security Advisory 2757760 is being released today, September 19, 2012 through Microsoft KB Article 2757760. See the following for more details on the Fix-It Solution:

* Microsoft Security Advisory 2757760 - Vulnerability in Internet Explorer Could Allow Remote Code Execution  -http://technet.microsoft.com/security/advisory/2757760

* Microsoft KB Article 2757760  -http://support.microsoft.com/kb/275776

2012-09-19

Adware
+ Ad.FLVPlayer + Faglaro.ExpressFiles + Win32.InCore
Trojans
++ Win32.Buzus.lzfn + Win32.Muollo + Win32.ZBot
Total: 2557524 fingerprints in 796354 rules for 6755 products.

http://www.safer-networking.org/about/updates/

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2757760)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
- http://technet.microsoft.com/security/advisory/2757760
- Revision Note: V1.1 (September 18, 2012): Assigned Common
Vulnerability and Exposure number CVE-2012-4969 to the
issue. Also corrected instructions in the EMET workaround.

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2757760)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
- http://technet.microsoft.com/security/advisory/2757760
- Revision Note: V1.0 (September 17, 2012): Advisory published.

What is RealBoan?

The Malwarebytes research team has determined that RealBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=115940

What is DiskBoan?

The Malwarebytes research team has determined that DiskBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=115875

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS12-062 - Important


Bulletin Information:

* MS12-062 - Important

- http://technet.microsoft.com/security/bulletin/ms12-062
- Reason for Revision: V1.1 (September 12, 2012): Removed
Microsoft System Center Configuration Manager 2007 R2 and
Microsoft System Center Configuration Manager 2007 R3 from the
Non-Affected Software table and added a bulletin FAQ that
addresses the issue. Also added a bulletin FAQ to address the
server roles that require this update. These are bulletin
changes only. There were no changes to detection logic or
security update files.
- Originally posted: September 11, 2012
- Updated: September 12, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

What is VaccinePower?

The Malwarebytes research team has determined that VaccinePower is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=115726

2012-09-12
Adware
+ Win32.InCore ++ Win32.Krdr.x + Yontoo.Pagerage
Malware
++ Fraud.PCPlusSecurity
Trojans
+ Bancos + Bancos.BHO + Banload ++ Fake.Adobe.zusy ++ Fraud.Bundespolizei ++ Gimeo.rtk ++ Ransom.fr ++ Win32.Buzus.lhtz ++ Win32.Buzus.lzfn + Win32.Cont.wd ++ Win32.Injector.frow ++ Win32.Navi.c + Win32.OnLineGames.down ++ Win32.Pasta.buv
Total: 2557037 fingerprints in 796259 rules for 6756 products.

http://www.safer-networking.org/about/updates/

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2661254)
- Title: Update For Minimum Certificate Key Length
- http://technet.microsoft.com/security/advisory/2661254
- Revision Note: V1.2 (September 11, 2012): Clarified that
applications and services that use RSA keys for cryptography
and call into the CertGetCertificateChain function could be
impacted by this update. Examples of these applications and
services include but are not limited to encrypted email,
SSL/TLS encryption channels, signed applications, and private
PKI environments.

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-045 - Critical

Bulletin Information:

* MS12-045 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-045
- Reason for Revision: V1.3 (September 11, 2012): Added a link
to Microsoft Knowledge Base Article 2698365 under Known
Issues in the Executive Summary.
- Originally posted: July 10, 2012
- Updated: September 11, 2012
- Bulletin Severity Rating: Critical
- Version: 1.3