DP's Security Bits

Disk Antivirus Professional is a computer infection from the Rogue.WinWebSec family of rogue anti-spyware programs. This program is classified as a rogue because it displays fake scan results, terminates your legitimate applications when you attempt to run them, and display numerous fake security alerts that are worded to scare you into thinking your infected. This rogue is promoted via fake online anti-malware scanners that state you are infected and then prompt you to download and install the program. This rogue is also promoted as a program required to view an online video. Last, but not least, you may also become infected with Disk Antivirus when you visit a hacked web sites that attempts to exploit vulnerabilities on your computer to install the software without your permission.

http://www.bleepingcomputer.com/virus-removal/disk-antivirus-professional-removal

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-043
* MS12-057
* MS12-060


Bulletin Information:

* MS12-043 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-043
- Reason for Revision: V4.1 (January 30, 2013): Clarified that
customers with the KB2687324 and KB2596679 updates will be
offered the KB2687627 and KB2687497 updates respectively for
Microsoft XML Core Services 5.0. See the update FAQ for
details.
- Originally posted: July 10, 2012
- Updated: January 30, 2013
- Bulletin Severity Rating: Critical
- Version: 4.1

* MS12-057 - Important

- http://technet.microsoft.com/security/bulletin/ms12-057
- Reason for Revision: V2.1 (January 30, 2013): Clarified
that customers with the KB2553260 and KB2589322 updates
will be offered the KB2687501 and KB2687510 updates
respectively for Microsoft Office 2010 Service Pack 1.
See the update FAQ for details.
- Originally posted: August 14, 2012
- Updated: January 30, 2013
- Bulletin Severity Rating: Important
- Version: 2.1

* MS12-060 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-060
- Reason for Revision: V2.1 (January 30, 2013): Clarified
that customers with the KB2687323 update will be offered
the KB2726929 update for Windows common controls on all
affected variants of Microsoft Office 2003, Microsoft Office
2003 Web Components, and Microsoft SQL Server 2005.
See the update FAQ for details.
- Originally posted: August 14, 2012
- Updated: January 30, 2013
- Bulletin Severity Rating: Critical
- Version: 2.1

2013-01-30

Adware
+ Downloader.Mail.Ru
Trojans
++ Tinxy.pws + Win32.Bancos + Win32.Dapato + Win32.OnLineGames.down + Win32.OnlineGames.ws2 + Win32.Sirefef ++ Win32.Wisemop
Total: 2572610 fingerprints in 799733 rules for 6892 products.

http://www.safer-networking.org/about/updates/

Unfortunately it has come to light that the program ComboFix had a file in it that is infected with the Sality virus. The minute we heard about this, we pulled the executable so that it is no longer available from BleepingComputer.com. Unfortunately we have no control over other sites that may have mirrored ComboFix without permission, so please do not attempt to download it elsewhere.

The developer, sUBs, is currently looking into what happened and when I have a full update, I will be sure to let you know. From the limited information that I have, it appears that the affected version has been available since approximately 2am EST on January 29th, but it may have been earlier. If this timeframe changes, I will update this topic to let you know. If you have used a new copy of ComboFix in the last day or so, then you should examine your system for possible infection. If you have used a copy of ComboFix prior to this version, then you should be ok. See http://www.bleepingcomputer.com/forums/topic483431.html for details and further instructions.

The search.certified-toolbar.com toolbar is a program that is classified as a browser hijacker. It is considered a browser hijacker because it changes your home page and default search provide to search.certified-toolbar.com. This in itself is not considered malicious as there are many legitimate programs that change these settings as well. What is considered malicious, though, is that it will also append the argument http://search.certified-toolbar.com?si=41460&shortcut=true&tid=2937 to random Windows shortcuts on your desktop and your Windows Start Menu. This causes the http://search.certified-toolbar.com web page to open when you launch one of these hijacked shortcuts, even when the shortcut has nothing to do with web browsing. For example, if the Microsoft Excel shortcut is hijacked, when you start Excel, your browser will also open and automatically go to the search.certified-toolbar.com home page.

http://www.bleepingcomputer.com/virus-removal/remove-search.certified-toolbar.com-hijacker

What is Ukash ransom trojan?

The Malwarebytes research team has determined that the Ukash ransom trojan is ransomware. Ransomware typically makes your system unusable and ask for payment to undo the damage.

http://forums.malwarebytes.org/index.php?showtopic=121753

Smart Security is a computer infection from the Rogue.WinPCDefender family of rogue anti-spyware programs. This program is classified as a rogue because it deliberately displays false scan results, fake security alerts, and prevents you from running any programs on your computer. This program is promoted through fake online antimalware scanners and as a program required to view online videos. Once installed, Smart Security will automatically scan your computer and then state that there are numerous infections on your computer. If you attempt to remove any of these so-called infections it will state that you first need to purchase the program in order to remove anything. As many of the detected files are actually legitimate, please do not manually delete anything that this rogue detects as it may affect the proper operating of Windows and your installed programs. Instead ignore the scan results and proceed with the rest of the removal guide.

http://www.bleepingcomputer.com/virus-removal/smart-security-removal-guide

What is ErrorSmart?

The Malwarebytes research team has determined that ErrorSmart is a fake system utility application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these problems.

http://forums.malwarebytes.org/index.php?showtopic=121693

Security Defender is a computer infection from the Rogue.PCDefPlus family of rogue anti-spyware programs. This infection is considered a rogue because it deliberately displays false scan results, false security alerts, and hijacks your computer so that you are unable to run your normal applications. This infection is promoted as a utility that is required to view an online video, but actually installs the Security Defender infection instead. Once started, the rogue will pretend to be an anti-virus program but will display fake scan results and alerts. When you try to fix any of the infections it supposedly found, you will be shown a message stating that you need to purchase it before it can remove anything. As this is just a scare tactic, please ignore anything that it displays and continue with the rest of the removal guide.

http://www.bleepingcomputer.com/virus-removal/security-defender-removal

2013-01-23

Adware
+ Downloader.Mail.Ru + Pinballcorp.Appbundler

Malware
++ MissouriMedicalBilling ++ Win32.Andromeda.pep ++ Win32.Stonepast

PUPS
+ Pricepeep ++ Wajam

Trojans
++ Win32.Cidox + Win32.Kazy ++ Win32.Magania ++ Win32.Vundo

Total: 2572324 fingerprints in 799672 rules for 6886 products.

http://www.safer-networking.org/about/updates/

What is CodeSecurity?

The Malwarebytes research team has determined that CodeSecurity is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=121525

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-004 - Important
* MS13-jan


Bulletin Information:

* MS13-004 - Important

- http://technet.microsoft.com/security/bulletin/MS13-004
- Reason for Revision: V2.0 (January 22, 2013): Bulletin
rereleased to reoffer security update KB2756920 for Windows 7
and Windows Server 2008 R2 to systems that are running in
specific configurations known to have potential compatibility
issues. Customers who are reoffered the update should
reinstall this update. See the update FAQ for more
information.
- Originally posted: January 8, 2013
- Updated: January 22, 2013
- Bulletin Severity Rating: Important
- Version: 2.0

* MS13-jan

- http://technet.microsoft.com/security/bulletin/ms12-jan
- Reason for Revision: V3.0 (January 22, 2013): For MS13-004,
bulletin rereleased to reoffer the KB2756920 update for
Windows 7 and Windows Server 2008 R2 to systems that are
running in specific configurations known to have potential
compatibility issues. See the bulletin for more information.
- Originally posted: January 8, 2013
- Updated: January 22, 2013
- Version: 3.0

What is VirtualVaccine?

The Malwarebytes research team has determined that VirtualVaccine is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=121364

What is GoodScan?

The Malwarebytes research team has determined that GoodScan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=121317

What is VaccineSecure?

The Malwarebytes research team has determined that VaccineSecure is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=121114

32 Internet Explorer
0 Restricted Sites
0 Firefox

15733 items in database

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS13-004


Bulletin Information:

* MS13-004 - Important

- http://technet.microsoft.com/security/bulletin/ms13-004
- Reason for Revision: V1.1 (January 14, 2013): Added a link
to Microsoft Knowledge Base Article 2769324 under Known Issues
in the Executive Summary and corrected the registry verification
keys for the KB2742595 update where incorrect in this bulletin.
These are informational changes only.
- Originally posted: January 8, 2013
- Updated: January 14, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

Event ID: 1032541648

Language(s):  English.
Product(s):  computer security and information security.
Audience(s):  IT Decision Maker, IT Implem_IT Generalist and IT Manager.
Information about the January 2013 Out-of-Band Security Bulletin Webcast

Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

and

Jonathan Ness, Security Development Manager, Microsoft Corporation

Register for Event
Starts: Monday, January 14, 2013 1:00 PM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms13-jan

Critical (1)

Microsoft Security Bulletin MS13-008
Security Update for Internet Explorer (2799329)
»technet.microsoft.com/en-us/secu···ms13-008

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

This is an advance notification for one out-of-band security bulletin that Microsoft is intending to release on January 14, 2013. The bulletin addresses a security vulnerability in Internet Explorer.

http://technet.microsoft.com/en-us/security/bulletin/ms13-jan