DP's Security Bits

2012-10-31
Adware
++ Pinballcorp.Appbundler
Malware
++ Boleto.pdf ++ Win32.Autorun.Kraddare
PUPS
++ Uniblue.DriverScanner
Trojans
+ Banload ++ Directorio.Winlogon ++ Kazy.tgr + Win32.ArchSMS.jtyl + Win32.OnLineGames.down + Win32.Sirefef
Total: 2563174 fingerprints in 797890 rules for 6801 products.

http://www.safer-networking.org/about/updates/

Micorsoft Essential Security Pro 2013 is a scareware program that displays fake scan results and prevents you from running your normal programs. This computer infection is distributed as an update required to view an online video. In reality, though, this Trojan is the actual rogue that installs itself when you run it. Once installed, it will configure itself to run automatically every time you start another program. It will also prevent many security programs from running in order to protect itself from being removed.

http://www.bleepingcomputer.com/virus-removal/remove-micorsoft-essential-security-pro-2013

What is BoanK?

The Malwarebytes research team has determined that BoanK is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117868

2012-10-24

Adware
++ EoRezo ++ Kreapixel.WebPlayer ++ Win32.PrivCnt.a ++ YourFileDownloader
Malware
++ Win32.DownTango ++ Win32.Kbot
Trojan
+ Atraps.br + Bancos.BHO + Banload ++ Fraud.SystemProgressiveProtection + Morto.fi + Win32.Agent.nsi + Win32.Muollo + Win32.OnLineGames.down + Win32.Yakes.adkv ++ Yoddos.WinHelps
Total: 2561487 fingerprints in 797176 rules for 6794 products.

http://www.safer-networking.org/about/updates/

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer 10
- »technet.microsoft.com/security/a···/2755801
- Revision Note: V3.0 (October 23, 2012): Revised advisory to
announce the availability of the KB2758994 update for Windows RT.

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-043
* MS12-066
* MS12-OCT

Bulletin Information:

* MS12-043 - Important

- »technet.microsoft.com/security/b···ms12-043
- Reason for Revision: V3.1 (October 23, 2012): Added the
KB2721691 update to the Bulletin FAQ that explains which
updates are available for Windows 8 Release Preview and
Windows Server 2012 Release Candidate.
- Originally posted: July 10, 2012
- Updated: October 23, 2012
- Bulletin Severity Rating: Critical
- Version: 3.1

* MS12-066 - Important

- »technet.microsoft.com/security/b···ms12-066
- Reason for Revision: V1.3 (October 23, 2012): Added Microsoft
Windows SharePoint Services 3.0 Service Pack 3 (32-bit version)
and Microsoft Windows SharePoint Services 3.0 Service Pack 3
(64-bit version) to the Affected Software section. This is a
bulletin change only. There were no changes to the detection
logic or security update files.
- Originally posted: October 9, 2012
- Updated: October 23, 2012
- Bulletin Severity Rating: Important
- Version: 1.3

* MS12-OCT

- »technet.microsoft.com/security/b···ms12-oct
- Reason for Revision: V1.3 (October 23, 2012): For MS12-066,
added Microsoft Windows SharePoint Services 3.0 Service Pack 3
(32-bit version) and Microsoft Windows SharePoint Services 3.0
Service Pack 3 (64-bit version) to the Affected Software and
Download Locations section. This is an informational change
only. There were no changes to the detection logic or security
update files.
- Originally posted: October 9, 2012
- Updated: October 23, 2012
- Version: 1.3

What is CyberBoan?

The Malwarebytes research team has determined that CyberBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117683

What is VaccineChecker?

The Malwarebytes research team has determined that VaccineChecker is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117604

20 Internet Explorer
0 Restricted Sites
0 Firefox

15571 items in database

File Restore is a fake hard drive diagnostic program from the Rogue.FakeHDD family of scareware programs. This family of computer infections pretends to be a hard drive diagnostic and repair program that scans your hard drives for problems and attempts to fix them. In reality, though, this program is an infection that display fake alerts, stops you from running your normal applications, hides the files on your hard drive, and deletes your Windows Start menu in order to make you think that your hard drive is failing or has become corrupt.

http://www.bleepingcomputer.com/virus-removal/remove-file-restore

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-066

Bulletin Information:

* MS12-066 - Important

- http://technet.microsoft.com/security/bulletin/ms12-066
- Reason for Revision: V1.2 (October 17, 2012): Corrected
update replacement information. Corrected KB numbers for
Microsoft Lync 2010 Attendee (admin level install) and Microsoft
Lync 2010 Attendee (user level install). These are informational
changes only. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: October 9, 2012
- Updated: October 17, 2012
- Bulletin Severity Rating: Important
- Version: 1.2

Issues Fixed:

1. Upgrading from a previous version on Windows Vista or Windows 7 may result in the protection module starting with a delay.
2. The protection module does not start with Windows under under certain conditions.
3. Scans sometimes complete prematurely

»forums.malwarebytes.org/index.ph···c=117463

2012-10-17

Adware
+ Babylon.Toolbar ++ Solimba.dl + Win32.InCore
Trojans
 + Bancos.prx + Banload + Banload.bho ++ CouFerSA.bt ++ Cridex.kb ++ Win32.BlackHole + Win32.Muollo + Win32.OnLineGames.down
Total: 2559922 fingerprints in 796789 rules for 6784 products.

http://www.safer-networking.org/about/updates/

What is SpecialVaccine?

The Malwarebytes research team has determined that SpecialVaccine is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117438

Description

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for October 2012, which will be released on Tuesday, October 16, 2012.  While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 30 new security vulnerability fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

• JDK and JRE 7 Update 7 and earlier
• JDK and JRE 6 Update 35 and earlier
• JDK and JRE 5.0 Update 36 and earlier
• SDK and JRE 1.4.2_38 and earlier
• JavaFX 2.2 and earlier

http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

What is ZeroClean?

The Malwarebytes research team has determined that ZeroClean is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117309

What is CatchCode?

The Malwarebytes research team has determined that CatchCode is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117267

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS12-OCT
* MS12-053
* MS12-054
* MS12-055
* MS12-058
* MS12-066


Bulletin Information:

* MS12-OCT

- http://technet.microsoft.com/security/bulletin/ms12-oct
- Reason for Revision: V1.1 (October 10, 2012): For MS12-068
and MS12-069, corrected exploitability assessment for latest
software release in the Exploitability Index for
CVE-2012-2529 and CVE-2012-2551 respectively. For MS12-066,
corrected KB numbers for Microsoft Lync 2010 Attendee (admin
level install) and Microsoft Lync 2010 Attendee (user level
install).
- Originally posted: October 9, 2012
- Updated: October 10, 2012
- Version: 1.1

* MS12-053 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-053
- Reason for Revision: V2.1 (October 10, 2012): For the
rereleased KB723135 update, added an FAQ entry to provide
deployment guidance. See the update FAQ for details.
- Originally posted: August 14, 2012
- Updated: October 10, 2012
- Bulletin Severity Rating: Critical
- Version: 2.1

* MS12-054 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-054
- Reason for Revision: V2.1 (October 10, 2012): For the rereleased
KB2731847 update, added an FAQ entry to provide deployment
guidance. See the update FAQ for details.
- Originally posted: August 14, 2012
- Updated: October 10, 2012
- Bulletin Severity Rating: Critical
- Version: 2.1

* MS12-055 - Important

- http://technet.microsoft.com/security/bulletin/ms12-055
- Reason for Revision: V2.1 (October 10, 2012): For the rereleased
KB2731847 update, added an FAQ entry to provide deployment
guidance. See the update FAQ for details.
- Originally posted: August 14, 2012
- Updated: October 10, 2012
- Bulletin Severity Rating: Important
- Version: 2.1

* MS12-058 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-058
- Reason for Revision: V2.1 (October 10, 2012): For the rereleased
KB2756497, KB2756496, and KB2756485 updates, added an FAQ entry
to provide deployment guidance. See the update FAQ for details.
- Originally posted: May 08, 2012
- Updated: August 14, 2012
- Bulletin Severity Rating: Critical
- Version: 2.1

* MS12-066 - Important

- http://technet.microsoft.com/security/bulletin/ms12-058
- Reason for Revision: V1.1 (October 10, 2012): Corrected KB
numbers for Microsoft Lync 2010 Attendee (admin level install)
and Microsoft Lync 2010 Attendee (user level install). This is
an informational change only. Customers who have already
successfully updated their systems do not need to take any
action.
- Originally posted: October 9, 2012
- Updated: October 10, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

2012-10-10

Adware
+ Babylon.Toolbar ++ Claro.Toolbar ++ WhiteSmoke.Toolbar + Win32.InCore
PUPS
 ++ SelectionLinks
Trojans
++ Banload.ftp ++ FileVaccine ++ Fraud.XPDefender2013 + Win32.CoinBit.a + Win32.OnLineGames.down
Total: 2555117 fingerprints in 796747 rules for 6775 products.

http://www.safer-networking.org/about/updates/

What is PowerVaccine?

The Malwarebytes research team has determined that PowerVaccine is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117156