February 2014 - Posts

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2862152)
- Title: Vulnerability in DirectAccess and IPsec Could Allow
Security Feature Bypass
- »technet.microsoft.com/security/a···/2862152
- V1.1 (February 28, 2014): Advisory revised to announce a
detection change in the 2862152 update for Windows 8.1 for
32-bit Systems, Windows 8.1 for x64-based Systems, Windows
Server 2012 R2, and Windows RT 8.1. This is a detection change
only. There were no changes to the update files. Customers
who have already successfully updated their systems do not need
to take any action.

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-090
* MS13-095
* MS13-098
* MS14-005
* MS14-007
* MS14-009

Bulletin Information:

* MS13-090 - Critical

- »technet.microsoft.com/security/b···MS13-090
- Reason for Revision: V1.1 (February 28, 2014): Bulletin revised
to announce a detection change in the 2900986 update for Windows
8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems,
Windows RT 8.1, and Windows Server 2012 R2. This is a detection
change only. There were no changes to the update files. Customers
who have already successfully updated their systems do not need
to take any action.
- Originally posted: November 12, 2013
- Updated: February 28, 2014
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-095 - Important

- »technet.microsoft.com/security/b···MS13-095
- Reason for Revision: V1.1 (February 28, 2014): Bulletin revised
to announce a detection change in the 2868626 update for Windows
8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems,
Windows RT 8.1, and Windows Server 2012 R2. This is a detection
change only. There were no changes to the update files. Customers
who have already successfully updated their systems do not need
to take any action.
- Originally posted: November 12, 2013
- Updated: February 28, 2014
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-098 - Critical

- »technet.microsoft.com/security/b···MS13-098
- Reason for Revision: V1.3 (February 28, 2014): Bulletin revised
to announce a detection change in the 2893294 update for Windows
8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems,
Windows RT 8.1, and Windows Server 2012 R2. This is a detection
change only. There were no changes to the update files. Customers
who have already successfully updated their systems do not need
to take any action.
- Originally posted: December 10, 2013
- Updated: February 28, 2014
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS14-005 - Important

- »technet.microsoft.com/security/b···MS14-005
- Reason for Revision: V1.1 (February 28, 2014): Bulletin revised
to announce a detection change in the 2916036 update for Windows
8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems,
Windows Server 2012 R2, and Windows RT 8.1. This is a detection
change only. There were no changes to the update files. Customers
who have already successfully updated their systems do not need
to take any action.
- Originally posted: February 11, 2014
- Updated: February 28, 2014
- Bulletin Severity Rating: Important
- Version: 1.1

* MS14-007 - Critical

- »technet.microsoft.com/security/b···MS14-007
- Reason for Revision: V1.1 (February 28, 2014): Bulletin revised
to announce a detection change in the 2912390 update for Windows
8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems,
Windows RT 8.1, and Windows Server 2012 R2. This is a detection
change only. There were no changes to the update files. Customers
who have already successfully updated their systems do not need
to take any action.
- Originally posted: February 11, 2014
- Updated: February 28, 2014
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS14-009 - Important

- »technet.microsoft.com/security/b···MS14-009
- Reason for Revision: V1.1 (February 28, 2014): Bulletin revised
to announce a detection change in the 2901128 update for Microsoft
.NET Framework 4.5.1 on Windows 8.1 for 32-bit Systems, Microsoft
.NET Framework 4.5.1 on Windows 8.1 for x64-based Systems,
Microsoft .NET Framework 4.5.1 on Windows Server 2012 R2, and
Microsoft .NET Framework 4.5.1 on Windows RT 8.1. This is a
detection change only. There were no changes to the update files.
Customers who have already successfully updated their systems do
not need to take any action.
- Originally posted: February 11, 2014
- Updated: February 28, 2014
- Bulletin Severity Rating: Important
- Version: 1.1

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2871690)
- Title: Update to Revoke Non-compliant UEFI Modules
- »technet.microsoft.com/security/a···/2871690
- Revision Note: V2.0 (February 27, 2014): Revised advisory to
rerelease update 2871690. The rereleased update addresses an
issue where specific third-party BIOS versions did not properly
validate the signature of the original update. Customers who have
already successfully installed the original update do not need to
take any action. See the Advisory FAQ for more information.

2014-02-26

Adware
+ Firseria + GetSavin + Win32.InCore
Malware
+ Win32.Kazy.pld + Win32.Lmir.asyg
PUPS
+ IWantThis
Trojans
+ Win32.Androm.bith ++ Win32.Downloader.wlv + Win32.Muollo
Total: 2598562 fingerprints in 808727 rules for 7247 products

http://www.safer-networking.org/about/updates/

Posted Wed, Feb 26 2014 6:07 by Don
Filed under:

The Sweet-page.com adware from the Adware.LinkHijacker family of browser hijackers that are bundled with certain free programs that you can download off of the Internet. This adware is considered a browser hijacker because it changes your web browser's home page and default search provider to Sweet-page.com without your permission. Furthermore, this adware will append the argument http://www.sweet-page.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard-disk-id> to various web browser shortcuts and sometimes non-internet related programs. This causes the Sweet-page.com web page to open when you launch one of these hijacked shortcuts. Unfortunately, there is no Uninstall Programs entry that uninstalls Sweet-page from your computer and instead you need to use the specialized tools found in this guide to clean your computer.

http://www.bleepingcomputer.com/virus-removal/remove-sweet-page.com-browser-hijacker

Windows AntiVirus Tool is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows AntiVirus Tool is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows AntiVirus Tool is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-antivirus-tool

Posted Tue, Feb 25 2014 5:15 by Don
Filed under:

What is VeeHD?

The Malwarebytes research team has determined that VeeHD is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements

https://forums.malwarebytes.org/index.php?showtopic=142859

Posted Sun, Feb 23 2014 9:18 by Don
Filed under:

Windows Antivirus Suite is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Antivirus Suite is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows Antivirus Suite is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-antivirus-suite

Posted Sun, Feb 23 2014 4:23 by Don
Filed under:

Windows AntiBreach Suite is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows AntiBreach Suite is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

Once Windows AntiBreach Suite is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-antibreach-suite

Posted Sun, Feb 23 2014 4:22 by Don
Filed under:

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
- »technet.microsoft.com/security/a···/2755801
- Revision Note: V20.0 (February 20, 2014): Added the 2934802
update to the Current Update section.

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2934088)
- Title: Vulnerability in Internet Explorer Could Allow Remote
Code Execution
- »technet.microsoft.com/security/a···/2934088
- Revision Note: V1.0 (February 19, 2014): Advisory published.

2014-02-19

Adware
+ Aartemis ++ Ad.SupremeSavings + Firseria + GetSavin ++ ScorpionSaver + Win32.InCore ++ Win32.InstallIQ
PUPS
+ iCrossRider
Trojans
+ Win32.ZBot + Win32.Zusy
Total: 2598498 fingerprints in 808663 rules for 7246 products.

http://www.safer-networking.org/about/updates/

Posted Wed, Feb 19 2014 7:14 by Don
Filed under:

What is Pricora?

The Malwarebytes research team has determined that Pricora is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice.
This particular one displays advertisements in your browser(s).

https://forums.malwarebytes.org/index.php?showtopic=142335

Posted Sat, Feb 15 2014 9:11 by Don
Filed under:

Windows AntiBreach Tool is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays fake scan results, fake security warnings, and does not allow you to run programs on your computer. Windows AntiBreach Tool is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

When Windows AntiBreach Tool is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-antibreach-tool

Posted Fri, Feb 14 2014 18:40 by Don
Filed under:

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.
 
 * MS14-feb


Bulletin Information:

* MS14-feb

  - https://technet.microsoft.com/security/bulletin/MS14-feb
  - Reason for Revision: V1.2 (February 13, 2014): For MS14-011,
    revised the Exploitability Assessment for Latest Software
    Release in the Exploitability Index for CVE-2014-0271.
  - Originally posted: February 11, 2014  
  - Updated: February 13, 2014 
  - Version: 1.2

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.
 
 * MS14-feb


Bulletin Information:

* MS14-feb

  - https://technet.microsoft.com/security/bulletin/MS14-feb
  - Reason for Revision: V1.1 (February 12, 2014): For MS14-008,
    revised the Exploitability Assessment for Older Software Release
    in the Exploitability Index for CVE-2014-0294.
  - Originally posted: February 11, 2014  
  - Updated: February 12, 2014 
  - Version: 1.1

0 Internet Explorer
25 Restricted Sites
0 Firefox

16784 items in database

Posted Thu, Feb 13 2014 4:26 by Don
Filed under:

Young Entrepreneur Of The Week: Marcin Kleczynski Of Malwarebytes, Downloaded Over 200m Times

http://www.huffingtonpost.co.uk/2014/02/11/young-entrepreneur-week-malwarebyes_n_4767619.html?utm_hp_ref=tw

Posted Wed, Feb 12 2014 15:14 by Don
Filed under:

2014-02-12

Adware
++ Aartemis + Firseria ++ GetSavin ++ VuuPC + Win32.AddLyrics + Win32.Agent.qvo
PUPS
++ GrandParker.Casino
Trojans
+ Banker.cpl + Win32.Badur
Total: 2598168 fingerprints in 808333 rules for 7238 products.

»www.safer-networking.org/about/updates/

Posted Wed, Feb 12 2014 14:06 by Don
Filed under:

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2862973)
 - Title: Update for Deprecation of MD5 Hashing Algorithm for
   Microsoft Root Certificate Program
 - https://technet.microsoft.com/security/advisory/2862973
 - Revision Note: V2.0 (February 11, 2014): Revised advisory to
   announce that the 2862973 update for all affected releases of
   Microsoft Windows is now offered through automatic updating.
   Customers who previously applied the 2862973 update do not
   need to take any action.

* Microsoft Security Advisory (2915720)
 - Title: Changes in Windows Authenticode Signature Verification
 - https://technet.microsoft.com/security/advisory/2915720
 - Revision Note: V1.2 (February 11, 2014): Rereleased advisory as
   a reminder to customers that the dormant changes implemented
   with MS13-098 will be enabled on June 10, 2014. After this
   date, Windows will no longer recognize non-compliant binaries
   as signed.

More Posts Next page »