DP's Security Bits

What is Optima-Speed?

The Malwarebytes research team has determined that Optima-Speed is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=124466

The FBI. Cybercrime Division or International Cyber Security Protection Alliance infection is a screenlocker from the Troj/Urausy-Ransomware family of ransomware infection. When installed this infection does not allow you to access your computer or your files without a paying a ransom. When infected with this Trojan, you will be shown a ransom screen instead of your Windows desktop when you login to Windows. This ransom screen will state that the FBI has detected that your computer has been downloading or distributing copyrighted content or pornography. This infection will display different lock screens depending on what country your computer is currently located in. It is able to detect your country by using the IP address of your computer. This guide will focus on the USA variant of the FBI Cybercrime Division, but the removal guide can be used for any variant of this ransomware.

http://www.bleepingcomputer.com/virus-removal/remove-fbi-cybercrime-division-ransomware

What is ClearBoan?

The Malwarebytes research team has determined that ClearBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=124465

2013-03-27

Adware
++ Delta.Toolbar
++ ilivid.Toolbar
+ Yontoo.Pagerage
Malware
++ Fraud.AntivirusProtecs
++ Win32.Hao123
PUPS
++ Casino.RubyPalace
Trojans
++ FakePorn.Winlock
+ Fraud.Bundespolizei
++ Win32.Barys.cp
+ Win32.Eupuds ++ Win32.Kryptik + Win32.Muollo + Win32.OnLineGames.down
Total: 2579126 fingerprints in 801262 rules for 6946 products.

http://www.safer-networking.org/about/updates/

What is SaveCom?

The Malwarebytes research team has determined that SaveCom is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=124332

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2819682)
  - Title: Security Updates for Microsoft Windows Store
    Applications
  - http://technet.microsoft.com/security/advisory/2819682
  - Revision Note: V1.0 (March 26, 2013): Announced availability
    of update 2832006 for Windows Modern Mail.

What is HelpInfo?

The Malwarebytes research team has determined that HelpInfo is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=124225

16 Internet Explorer
0 Restricted Sites
0 Firefox

16033 items in database

2013-03-20

Adware
+ Widgi.Toolbar
Malware
++ Banyan.GoPlayer ++ Elex.Desk365 ++ PrivacyN ++ ToPcKit
PUPS
++ TreasureMileCasino
Trojans
++ Win32.Eupuds + Win32.Kryptik + Win32.Muollo + Win32.OnLineGames.down ++ Win32.Tepfer.hdbt
Total: 2578750 fingerprints in 800886 rules for 6938 products.

http://www.safer-networking.org/about/updates/

AVASoft Professional Antivirus is a rogue anti-spyware program from the Rogue.WinWebSec family of computer infections. This program is classified as a rogue and as malware because it pretends to be an anti-virus program but in reality displays fake scan results, makes it so you cannot launch your legitimate applications, and displays false security alerts that state there are security problems with your computer. When installed, AVASoft Professional Antivirus will be installed as a random filename in a random folder under c:\Documents and Settings\All Users\Application Data\, in XP, or C:\ProgramData, in Windows Vista, Windows 7, and Windows 8.

AVASoft Professional Antivirus will then be configured to start whenever Windows boots up. Once started, it will perform a fake scan of your computer that will state that numerous infections are present. If you try to clean these infections, though, AVASoft Professional will state that you first need to purchase the program before being able to do so. As all of the scan results displayed by this program are fake, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-avasoft-professional-antivirus

What is Vaccine Speed?

The Malwarebytes research team has determined that Vaccine Speed is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=123959

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

  * MS13-023
  * MS13-026

 
Bulletin Information:

* MS13-023 - Critical

  - http://technet.microsoft.com/security/bulletin/ms13-023
  - Reason for Revision: V1.1 (March 15, 2013): Clarified language
    in the vulnerability FAQ, How could an attacker exploit the
    vulnerability?
  - Originally posted: March 12, 2013
  - Updated: March 15, 2013 
  - Bulletin Severity Rating: Critical
  - Version: 1.1

* MS13-026 - Important

  - http://technet.microsoft.com/security/bulletin/ms13-026
  - Reason for Revision: V1.1 (March 15, 2013): Corrected bulletin
    title and clarified affected version names in the vulnerability
    details and vulnerability FAQs.
  - Originally posted: March 12, 2013
  - Updated: March 15, 2013 
  - Bulletin Severity Rating: Important
  - Version: 1.1

2013-03-13

Malware
+ Barowwsoe2Save + Win32.Jorik
PUPS
++ Toolbar.Snap.do
Trojans
+ Bancos + Dexon.Agent + Hupigon + Win32.MSIL + Win32.Muollo
Total: 2577590 fingerprints in 800583 rules for 6931 products.

http://www.safer-networking.org/about/updates/

What is Boan Click?

The Malwarebytes research team has determined that Boan Click is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=123794

Summary

Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installations to the latest versions:

• Users of Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.6.602.180.
• Users of Adobe Flash Player 11.2.202.273 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.275.
• Adobe Flash Player 11.6.602.171 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.180 for Windows, Macintosh and Linux.
• Adobe Flash Player 11.6.602.171 installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.180 for Windows.
• Users of Adobe Flash Player 11.1.115.47 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.48.
• Users of Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.44.
• Users of Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.6.0.6090.
• Users of the Adobe AIR 3.6.0.597 SDK and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK.
• Users of the Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK & Compiler.

Affected software versions

• Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.273 and earlier versions for Linux
• Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android
• Adobe AIR 3.6.0.597 SDK and earlier versions
• Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions

https://www.adobe.com/support/security/bulletins/apsb13-09.html

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-003 - Important
* MS13-jan

Bulletin Information:

* MS13-003 - Important

- »technet.microsoft.com/security/b···MS13-003
- Reason for Revision: V2.0 (March 12, 2013): Rereleased this
bulletin to announce availability of an update for Microsoft
System Center Operations Manager 2007 Service Pack 1. No other
update packages are affected by this rerelease.
- Originally posted: January 8, 2013
- Updated: March 12, 2013
- Bulletin Severity Rating: Important
- Version: 2.0

* MS13-jan

- »technet.microsoft.com/security/b···ms12-jan
- Reason for Revision: V4.0 (March 12, 2013): For MS13-003,
bulletin rereleased to announce the availability of an update for
Microsoft System Center Operations Manager 2007 Service Pack 1.
No other update packages are affected by this rerelease. See the
bulletin for more information.
- Originally posted: January 8, 2013
- Updated: March 12, 2013
- Version: 4.0

Event ID: 1032538636

Language(s):  English.
Product(s):  computer security and information security.
Audience(s):  IT Decision Maker, IT Implem_IT Generalist and IT Manager.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

and

Andrew Gross, Senior Security Program Manager, Microsoft Corporation

Register for Event
Starts: Wednesday, March 13, 2013 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms13-mar

Critical (4)

Microsoft Security Bulletin MS13-021
Cumulative Security Update for Internet Explorer (2809289)
»technet.microsoft.com/en-us/secu···ms13-021

Microsoft Security Bulletin MS13-022
Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
»technet.microsoft.com/en-us/secu···ms13-022

Microsoft Security Bulletin MS13-023
Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
»technet.microsoft.com/en-us/secu···ms13-023

Microsoft Security Bulletin MS13-024
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
»technet.microsoft.com/en-us/secu···ms13-024

Important (3)

Microsoft Security Bulletin MS13-025
Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
»technet.microsoft.com/en-us/secu···ms13-025

Microsoft Security Bulletin MS13-026
Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
»technet.microsoft.com/en-us/secu···ms13-026

Microsoft Security Bulletin MS13-027
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
»technet.microsoft.com/en-us/secu···ms13-027

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Title: Use-after-free in HTML Editor
Impact: Critical
Announced: March 7, 2013
Reporter: VUPEN Security
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 19.0.2
  Firefox ESR 17.0.4
  Thunderbird 17.0.4
  Thunderbird ESR 17.0.4
  SeaMonkey 2.16.1

https://www.mozilla.org/security/announce/2013/mfsa2013-29.html

This is an advance notification of 7 security bulletins that Microsoft is intending to release on March 12, 2013.

4 rated as Critical and 3 with a rating of Important.

http://technet.microsoft.com/en-us/security/bulletin/ms13-mar