November 2013 - Posts

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2914486)
  - Title: Vulnerability in Microsoft Windows Kernel Could Allow
    Elevation of Privilege
  - https://technet.microsoft.com/security/advisory/2914486
  - Revision Note: V1.0 (November 27, 2013): Advisory published.

2013-11-27

Adware
++ 1ClickDownload ++ CoolMirage ++ DoSearches ++ OKitSpace
PUPS
+ iCrossRider ++ Installdaddy.HDVidCodecV1 ++ Linkury.Smartbar ++ Qualitink
Trojans
+ Win32.ZBot
Total: 2596559 fingerprints in 806617 rules for 7197 products.

http://www.safer-networking.org/about/updates/

 

Posted Wed, Nov 27 2013 8:59 by Don
Filed under:

Windows Cleaning Toolkit is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it does not allow you to access your Windows desktop, terminates legitimate applications when you attempt to run them, and display false scan results and security alerts that state your computer is under attack. This program will also be configured to start automatically before your Windows desktop is shown, which makes your computer unusable until the infection is removed. Windows Cleaning Toolkit is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Cleaning Toolkit is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-cleaning-toolkit

Posted Tue, Nov 26 2013 15:34 by Don
Filed under:

Windows Expert Console is a scareware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it prevents you from accessing your Windows desktop, blocks legitimate applications from running, and displays fake security alerts on your computer. In some situations this program will run before you are shown your desktop, which makes your computer unusable until the infection is removed. Windows Expert Console is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Expert Console is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-expert-console

Posted Tue, Nov 26 2013 4:58 by Don
Filed under:

0 Internet Explorer
77 Restricted Sites
0 Firefox

16613 items in database

Posted Mon, Nov 18 2013 15:18 by Don
Filed under:

What is OneCleaner?

The Malwarebytes research team has determined that OneCleaner is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

https://forums.malwarebytes.org/index.php?showtopic=136741

What is VaccineClear?

The Malwarebytes research team has determined that VaccineClear is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

https://forums.malwarebytes.org/index.php?showtopic=136731

What is Winboan?

The Malwarebytes research team has determined that Winboan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

https://forums.malwarebytes.org/index.php?showtopic=136489

Security Advisories Updated or Released Today


* Microsoft Security Advisory (2755801)

- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
- »technet.microsoft.com/security/a···/2755801
- Revision Note: V16.0 (November 12, 2013): Added the 2898108
update to the Current Update section.


* Microsoft Security Advisory (2854544)

- Title: Updates to Improve Cryptography and Digital Certificate
Handling in Windows
- »technet.microsoft.com/security/a···/2854544
- Revision Note: V1.3 (November 12, 2013): Added the 2868725
update and Root Certificates Policy announcement to the
Available Updates and Release Notes section.

* Microsoft Security Advisory (2862152)
- Title: Vulnerability in DirectAccess Could Allow Security
Feature Bypass
- »technet.microsoft.com/security/a···/2862152
- Revision Note: V1.0 (November 12, 2013): Advisory published.

* Microsoft Security Advisory (2868725)
- Title: Update for Disabling RC4
- »technet.microsoft.com/security/a···/2868725
- Revision Note: V1.0 (November 12, 2013): Advisory published.

* Microsoft Security Advisory (2880823)
- Title: Deprecation of SHA-1 Hashing Algorithm for Microsoft
Root Certificate Program
- »technet.microsoft.com/security/a···/2880823
- Revision Note: V1.0 (November 12, 2013): Advisory published.

* Microsoft Security Advisory (2896666)
- Title: Vulnerability in Microsoft Graphics Component Could
Allow Remote Code Execution
- »technet.microsoft.com/security/a···/2896666
- Revision Note: V1.1 (November 12, 2013): Clarified the scope of
the active attacks, clarified affected software configurations,
and revised workarounds. These are informational changes only.
Customers should re-evaluate the applicability of the suggested
actions for their environments based on the updated information.

Event ID:     1032557383

Language(s):     English.
Product(s):     computer security and information security.
Audience(s):     IT Decision Maker and IT Manager.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Presented by:

Dustin Childs
, Group Manager, Response Communications, Microsoft Corporation

and

TBD

Register for event
Starts: Wednesday, November 13, 2013 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Posted Tue, Nov 12 2013 13:33 by Don
Filed under:

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms13-nov

Critical (3)

Microsoft Security Bulletin MS13-088
Cumulative Security Update for Internet Explorer (2888505)
»technet.microsoft.com/en-us/secu···ms13-088

Microsoft Security Bulletin MS13-089
Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
»technet.microsoft.com/en-us/secu···ms13-089

Microsoft Security Bulletin MS13-090
Cumulative Security Update of ActiveX Kill Bits (2900986)
»technet.microsoft.com/en-us/secu···ms13-090

Important (5)

Microsoft Security Bulletin MS13-091
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
»technet.microsoft.com/en-us/secu···ms13-091

Microsoft Security Bulletin MS13-092
Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
»technet.microsoft.com/en-us/secu···ms13-092

Microsoft Security Bulletin MS13-093
Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
»technet.microsoft.com/en-us/secu···ms13-093

Microsoft Security Bulletin MS13-094
Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
»technet.microsoft.com/en-us/secu···ms13-094

Microsoft Security Bulletin MS13-095
Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
»technet.microsoft.com/en-us/secu···ms13-095

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

What is Qone8?

The Malwarebytes research team has determined that Qone8 is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the infected browser visits their site or one of their choice

https://forums.malwarebytes.org/index.php?showtopic=136288

Posted Sat, Nov 9 2013 9:13 by Don
Filed under:

This is an advance notification of 8 security bulletins that Microsoft is intending to release on November 12, 2013.

3 rated Critical and 5 with a rating of Important.

http://technet.microsoft.com/en-us/security/bulletin/ms13-nov

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-067
* MS13-084
* MS13-SEP
* MS13-OCT

Bulletin Information:

* MS13-067 - Critical

- »technet.microsoft.com/security/b···ms13-067
- Reason for Revision: V1.3 (November 6, 2013): Corrected the
product name for the Microsoft Office Web Apps Server 2013
(2817305) update. This is an informational change only.
There were no changes to the update files or detection logic.
Customers who have not applied the 2817305 update should
reevaluate the applicability of the update for their
environments based on the corrected information.
- Originally posted: September 10, 2013
- Updated: November 6, 2013
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS13-084 - Important

- »technet.microsoft.com/security/b···ms13-084
- Reason for Revision: V1.1 (November 6, 2013): Corrected
the product name for the Microsoft Office Web Apps Server
2013 (2827222) update. This is an informational change
only. There were no changes to the update files or detection
logic. Customers who have not applied the 2827222 update
should reevaluate the applicability of the update for their
environments based on the corrected information.
- Originally posted: October 8, 2013
- Updated: November 6, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-SEP

- »technet.microsoft.com/security/b···ms13-SEP
- Reason for Revision: V1.1 (November 6, 2013): For MS13-067,
corrected the product name for the Microsoft Office Web
Apps Server 2013 (2817305) update.
- Originally posted: September 10, 2013
- Updated: November 6, 2013
- Version: 1.1

* MS13-OCT

- »technet.microsoft.com/security/b···ms13-OCT
- Reason for Revision: V1.2 (November 6, 2013): For MS13-084,
corrected the product name for the Microsoft Office Web
Apps Server 2013 (2827222) update.
- Originally posted: October 8, 2013
- Updated: November 6, 2013
- Version: 1.2

2013-11-06

Adware
+ RXToolbar + Stud.A ++ Win32.DownVision
Malware
++ Win32.Neuraxon
Trojans
+ Win32.Dokic ++ Win32.Downloader.dq + Win32.Ransom.idws + Win32.ZBot
Total: 2596144 fingerprints in 806202 rules for 7180 products.

http://www.safer-networking.org/about/updates/

Posted Wed, Nov 6 2013 11:59 by Don
Filed under:

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2896666)
  - Title: Vulnerability in Microsoft Graphics Component Could
    Allow Remote Code Execution
  - https://technet.microsoft.com/security/advisory/2896666
  - Revision Note: V1.0 (November 5, 2013): Advisory published.

What is VaccineQ?

The Malwarebytes research team has determined that VaccineQ is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue

https://forums.malwarebytes.org/index.php?showtopic=135968

What is PointBoan?

The Malwarebytes research team has determined that PointBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

https://forums.malwarebytes.org/index.php?showtopic=135919

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-085

Bulletin Information:

* MS13-085 - Important

- »technet.microsoft.com/security/b···ms13-085
- Reason for Revision: V1.1 (October 31, 2013): Corrected the
update replacement information for the 2826033 update for
Microsoft Excel 2010 Service Pack 2. This is an informational
change only. There were no changes to the detection logic or
the update files.
- Originally posted: October 8, 2013
- Updated: October 31, 2013
- Bulletin Severity Rating: Important
- Version: 1.1