DP's Security Bits

2012-11-28

Adware
+ Babylon.Toolbar + Win32.InCore + YourFileDownloader
PUPS
+ SweetIM
Malware
+ ClaroMultimedia
Trojan
+ Banload + FakePorn ++ Ransom.MSconfig ++ Win32.Blocker.kqc + Win32.Muollo
Total: 2565811 fingerprints in 798480 rules for 6826 products.

http://www.safer-networking.org/about/updates/

What is ProtectMine?

The Malwarebytes research team has determined that ProtectMine is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=118733

What is WindowSecure?

The Malwarebytes research team has determined that WindowSecure is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=118653

What is BasicSafe?

The Malwarebytes research team has determined that BasicSafe is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue

http://forums.malwarebytes.org/index.php?showtopic=118570

2012-11-21

Adware
+ Babylon.Toolbar ++ FreePriceAlert ++ Win32.Hemotoxin + Win32.InCore + Yontoo.Pagerage
Malware
+ Fraud.SecurityShield ++ Fraud.SheedAV
PUPS
+ RiverNileCasino
Trojan
++ FakePorn + IRC.Zapchast + Win32.Banker
Total: 2564900 fingerprints in 798257 rules for 6821 products.

http://www.safer-networking.org/about/updates/

What is WindowSafe?

The Malwarebytes research team has determined that WindowSafe is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=118428

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS12-058
  * MS12-073


Bulletin Information:

* MS12-058 - Critical

  - http://technet.microsoft.com/security/bulletin/ms12-058
  - Reason for Revision: V2.2 (November 20, 2012): Corrected the
    update package names, registry verification keys, and log file
    names for the KB2756497 and KB2756496 updates where incorrect
    in this bulletin. These are informational changes only. The
    download pages and associated Knowledge Base articles already
    contained the correct information.
  - Originally posted: August 14, 2012 
  - Updated: November 20, 2012 
  - Bulletin Severity Rating: Critical
  - Version: 2.2

* MS12-073 - Moderate

  - http://technet.microsoft.com/security/bulletin/ms12-073
  - Reason for Revision: V2.1 (November 20, 2012): Added missing
    Server Core installation entries to the Severity table. This
    is a bulletin change only. There were no changes to the
    Affected Software table.
  - Originally posted: November 13, 2012
  - Updated: November 20, 2012
  - Bulletin Severity Rating: Moderate
  - Version: 2.1

31 Internet Explorer
0 Restricted Sites
0 Firefox

15668 items in database

What is PrivacyManager?

The Malwarebytes research team has determined that PrivacyManager is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=118286

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS12-073 - Moderate
  * MS12-NOV

 

Bulletin Information:

* MS12-073 - Moderate

 - http://technet.microsoft.com/security/bulletin/MS12-073
 - Reason for Revision: V2.0 (November 14, 2012): Revised this
   bulletin to announce that the KB2716513 update on Windows Vista
   and Windows Server 2008 is now available through all distribution
   channels, including Windows Update and Microsoft Update. Customers
   who have already successfully installed this update from the 
   Microsoft Download Center do not need to reinstall the update.
   Also added an update FAQ to describe additional clarifications and
   corrections to the bulletin.
 - Originally posted: November 13, 2012
 - Updated: November 14, 2012
 - Bulletin Severity Rating: Moderate
 - Version: 2.0

* MS12-Nov

 - http://technet.microsoft.com/security/bulletin/ms12-Nov
 - Reason for Revision: V2.0 (November 14, 2012): For MS12-073,
   revised Bulletin Summary to reflect that the KB2716513 update on
   Windows Vista and Windows Server 2008 is now available through all
   distribution channels, including Windows Update and Microsoft
   Update. See the MS12-073 bulletin for details.
 - Originally posted: November 13, 2012
 - Updated: November 14, 2012
 - Version: 2.0

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS12-072
  * MS12-074


Bulletin Information:

* MS12-072 - Critical

  - http://technet.microsoft.com/security/bulletin/ms12-072
  - Reason for Revision: V1.1 (November 14, 2012): Clarified that
    on systems running supported editions of Windows Server 2008
    and Windows Server 2008 R2, this update only applies when the
    optional Desktop Experience feature is installed and enabled.
    See the update FAQ for details.
  - Originally posted: November 13, 2012
  - Updated: November 14, 2012
  - Bulletin Severity Rating: Critical
  - Version: 1.1

* MS12-074 - Critical

  - http://technet.microsoft.com/security/bulletin/ms12-074
  - V1.1 (November 14, 2012): Corrected the aggregate severity
    rating for Microsoft .NET Framework 4.5 on Windows Server
    2012 (Server Core installation) in the Severity table. This
    is a bulletin change only. The severity rating for this
    configuration remains unchanged.
  - Originally posted: November 13, 2012
  - Updated: November 14, 2012
  - Bulletin Severity Rating: Critical
  - Version: 1.1

2012-11-14

Adware
++ FLVBlaster ++ OptimumInstaller ++ SearchAmong.Toolbar++ Shopping.Sidekick ++ Somoto.BetterIntaller + Win32.BonusCash
Malware
+ ClaroMultimedia
PUPS
+ SelectionLinks
Total: 2564222 fingerprints in 798152 rules for 6813 products.

http://www.safer-networking.org/about/updates/

What is FireBoan?

The Malwarebytes research team has determined that FireBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=118121

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS12-046 - Important
  * MS12-JUL

 
Bulletin Information:

* MS12-046 - Important

 - http://technet.microsoft.com/security/bulletin/MS12-046
 - Reason for Revision: V2.0 (November 13, 2012): Rereleased
   bulletin to replace the KB2598361 update with the KB2687626
   update for Microsoft Office 2003 Service Pack 3 to address
   an issue with digital certificates described in Microsoft
   Security Advisory 2749655. See the update FAQ for details.
  - Originally posted: July 10, 2012
  - Updated: November 13, 2012
  - Bulletin Severity Rating: Important
  - Version: 2.0

* MS12-JUL

 - http://technet.microsoft.com/security/bulletin/ms12-JUL
 - Reason for Revision: V4.0 (November 13, 2012): For MS12-046,
   replaced the KB2598361 update with the KB2687626 update for
   Microsoft Office 2003 Service Pack 3. See the MS12-046
   bulletin for details.
 - Originally posted: July 10, 2012
 - Updated: November 13, 2012
 - Version: 4.0

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS12-062
  * MS12-075
  * MS12-NOV


Bulletin Information:

* MS12-062 - Important

  - http://technet.microsoft.com/security/bulletin/ms12-062
  - Reason for Revision: V1.2 (November 13, 2012): Revised
    bulletin to rerelease the KB2721642 update for System Center
    Configuration Manager 2007. Customers who have successfully
    installed only the KB2721642 EN (English) version of the update
    do not need to take any action.
  - Originally posted: September 11, 2012
  - Updated: November 13, 2012
  - Bulletin Severity Rating: Important
  - Version: 1.2

* MS12-075 - Critical

  - http://technet.microsoft.com/security/bulletin/ms12-075
  - Reason for Revision: V1.1 (November 13, 2012): Corrected
    vulnerability title and FAQ entries for CVE-2012-2897.
    This is an informational change only.
  - Originally posted: November 13, 2012
  - Updated: November 13, 2012
  - Bulletin Severity Rating: Critical
  - Version: 1.1

* MS12-NOV

 - http://technet.microsoft.com/security/bulletin/ms12-NOV
 - Reason for Revision: V1.1 (November 13, 2012): For MS12-075,
   corrected the CVE title and Denial of Service Exploitability
   Assessment in the Exploitability Index for CVE-2012-2897.
 - Originally posted: November 13, 2012
 - Updated: November 13, 2012
 - Version: 1.1

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2749655)
  - Title: Compatibility Issues Affecting Signed Microsoft Binaries
  - http://technet.microsoft.com/security/advisory/2749655
  - Revision Note: V1.2 (November 13, 2012): Added the KB2687626
    update, described in MS12-046, to the list of available
    rereleases. 

* Microsoft Security Advisory (2269637)
  - Title: Insecure Library Loading Could Allow Remote Code
    Execution
  - http://technet.microsoft.com/security/advisory/2269637
  - Revision Note: V18.0 (November 13, 2012): Added the following
    Microsoft Security Bulletin to the Updates relating to Insecure
    Library Loading section: MS12-074, "Vulnerabilities in .NET
    Framework Could Allow Remote Code Execution."

Event ID: 1032522560

Language(s):  English.
Product(s):  computer security and information security.
Audience(s):  IT Decision Maker, IT Implem_IT Generalist and IT Manager.
Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Presented by:

Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation

and

Jonathan Ness, Principal Security Development Lead, Microsoft Corporation

Starts: Wednesday, November 14, 2012 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms12-nov

Critical (4)

Microsoft Security Bulletin MS12-071
Cumulative Security Update for Internet Explorer (2761451)
»technet.microsoft.com/en-us/secu···ms12-071

Microsoft Security Bulletin MS12-072
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
»technet.microsoft.com/en-us/secu···ms12-072

Microsoft Security Bulletin MS12-074
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
»technet.microsoft.com/en-us/secu···ms12-074

Microsoft Security Bulletin MS12-075
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
»technet.microsoft.com/en-us/secu···ms12-075

Important (1)

Microsoft Security Bulletin MS12-076
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
»technet.microsoft.com/en-us/secu···ms12-076

Moderate (1)

Microsoft Security Bulletin MS12-073
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)
»technet.microsoft.com/en-us/secu···ms12-073

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Introduction

In the past malware infections typically consisted of worms, trojans, backdoors, and viruses that were easily detected, and for the most part, removed. To make an anti-virus program's job more difficult, an increasingly popular tactic for malware developers is to use a type of computer infection or technology called rootkits. Rootkits are computer infections that hijack your operating system so that it does not properly report the existence of other malware files, Windows Registry entries, and to make it more difficult to detect other computer infections that it may be protecting.

Malwarebytes Anti-Rootkit, or MBAR, is a rootkit scanner that searches your computer for rootkits and then removes them. Once Malwarebytes Anti-Rootkit removes the rootkit, any files or Windows Registry entries that the rootkit was hiding will then be visible and be easier to remove.

MBAR has the ability to target rootkits that belong to the following families or that use the following rootkit technologies:

• Kernel mode drivers hiding themselves, like TDL1, TDL2/TDSS, MaxSS, Srizbi, Necurs, Cutwail, etc.
• Kernel mode driver patchers/infectors, embedding malicious code into core files of an Operating System, such as TDL3, ZeroAccess, Rloader, etc.
• Master Boot Record infectors such as TDL4, Mebroot/Sinowal, MoastBoot, Yurn, Pihar, etc.
• Volume Boot Record/OS Bootstrap infectors like Cidox
• Disk Partition table infectors like SST/Elureon
• User mode patchers/infectors like ZeroAccess.

This tutorial will walk you through using Malwarebytes Anti-Rootkit to remove rootkits from your computer. It will also provide guidance on how to resolve problems that result from removing these rootkits. If you have any questions regarding this program, please feel free to ask us in the AntiVirus, Firewall and Privacy Products and Protection Methods forum.

http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit/

What is PrivacyKingdom?

The Malwarebytes research team has determined that PrivacyKingdom is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=117925