DP's Security Bits

Windows Safety Maintenance is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Safety Maintenance in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-safety-maintenance

System Protection Tools is a rogue anti-spyware program from the Rogue.FakeVimes family. This infection is promoted through web sites that show advertisements that pretend to be online anti-malware scanners. These scanners will then pretend to scan your computer, and when finished, will state that your computer is infected and that you need to download and install System Protection Tools to protect yourself. The truth is that these online scanners are all fake and are only an advertisement. They have no way of knowing what is running on your computer.

http://www.bleepingcomputer.com/virus-removal/remove-system-protection-tools

29 Internet Explorer
0 Restricted Sites
0 Firefox

15206 items in database

http://www.javacoolsoftware.com/downloads.html

Windows Multi Control System is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Multi Control System in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-multi-control-system

2012-05-23
Trojans
+ Bancos + Bancos.Santander ++ BoanKeeper ++ Win32.Banker.prx ++ Win32.Barys.bho + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen ++ Win32.Typic.bga + Win32.ZBot
Total: 2541906 fingerprints in 792410 rules for 6658 products.

http://www.safer-networking.org/en/index.html

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS11-100 - Critical
  * MS12-034 - Critical
  * MS12-035 - Critical
  * MS12-MAY

Bulletin Information:

* MS11-100 - Critical

  -http://technet.microsoft.com/security/bulletin/MS11-100
  - Reason for Revision: V1.5 (May 22, 2012): Added entry to the
    update FAQ to announce a detection change for KB2656352 for
    Microsoft .NET Framework 2.0 Service Pack 2 to correct an
    installation issue. This is a detection change only. There were
    no changes to the security update files. Customers who have
    already successfully updated their systems do not need to take
    any action.
  - Originally posted: December 29, 2011
  - Updated: May 22, 2012
  - Bulletin Severity Rating: Critical
  - Version: 1.5

* MS12-034 - Critical

  -http://technet.microsoft.com/security/bulletin/MS12-034
  - Reason for Revision: V1.2 (May 22, 2012): Added an entry to
    the Frequently Asked Questions (FAQ) Related to This Security
    Update section to explain this revision.
  - Originally posted: May 8, 2012
  - Updated: May 22, 2012
  - Bulletin Severity Rating: Critical
  - Version: 1.2

* MS12-035 - Critical

  -http://technet.microsoft.com/security/bulletin/MS12-035
  - Reason for Revision: V2.1 (May 22, 2012): Added entry to the
    update FAQ to announce a detection change for KB2604092 for
    Microsoft .NET Framework 2.0 Service Pack 2 and KB2604110 for
    Microsoft .NET Framework 3.0 Service Pack 2 to correct an
    installation issue. This is a detection change only. There were
    no changes to the security update files. Customers who have
    already successfully updated their systems do not need to take
    any action.
  - Originally posted: May 8, 2012
  - Updated: May 22, 2012
  - Bulletin Severity Rating: Critical
  - Version: 2.1

MS12-MAY

- http://technet.microsoft.com/security/bulletin/MS12-may
- Reason for Revision: V2.1 (May 22, 2012): For MS12-034, added
footnotes for security update KB2660649 for Windows Server 2008
and Windows Server 2008 R2. There were no changes to the
security update files. Customers who have successfully
installed the update do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 22, 2012
- Version: 2.1

Windows Private Shield is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Private Shield in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-private-shield

Windows Pro Safety Release is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Pro Safety Release in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-pro-safety-release

What is RealBoan?

The Malwarebytes research team has determined that RealBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=110073

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-034 - Critical


Bulletin Information:

* MS12-034 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-034
- Reason for Revision: V1.1 (May 16, 2012): Added a link to
Microsoft Knowledge Base Article 2681578 under Known Issues
in the Executive Summary. Also added Microsoft .NET Framework 1.1
Service Pack 1 to the Non-Affected Software table and corrected
the update replacement information for Microsoft Office.
These were informational changes only. There were no changes
to the security update files or detection logic.
- Originally posted: May 8, 2012
- Updated: May 16, 2012
- Bulletin Severity Rating: Critical
- Version: 1.1

2012-05-16
Malware
+ ClaroMultimedia + Win32.Autorun.ie ++ Win32.Downloader.bdld + Win32.FraudLoad.edt + Win32.Renos
Trojans
++ Conficker.rtk ++ Win32.Graftor.6078 + Win32.IRCBot + Win32.Mabezat + Win32.OnLineGames.down + Win32.OnLineGames.gen + Win32.SpyEye ++ Win32.Yakes.adkv + Win32.ZBot
Total: 2541129 fingerprints in 792248 rules for 6655 products.

http://www.safer-networking.org/en/index.html

What is Cen Protect?

The Malwarebytes research team has determined that Cen Protect is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=109934

Windows Secure Surfer is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Secure Surfer in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-secure-surfer

What is Total Anti Malware Protection?

The Malwarebytes research team has determined that Total Anti Malware Protection is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=109828

Windows Be-on-Guard Edition is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Be-on-Guard Edition in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-be-on-guard-edition

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-035 - Critical
* MS12-MAY

Bulletin Information:

* MS12-035 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-035
- Reason for Revision: V2.0 (May 11, 2012): Added an entry to the
update FAQ to communicate that security update KB2656353
addresses the vulnerabilities described in this bulletin for all
supported systems running Microsoft .NET Framework 1.1
Service Pack 1, except when installed on Windows Server 2003
Service Pack 2. There were no changes to the security update
files. Customers who have successfully installed the update
do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 11, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-MAY

- http://technet.microsoft.com/security/bulletin/MS12-MAY
- Reason for Revision: V2.0 (May 11, 2012): For MS12-035,
corrected the security update number to KB2656353 for all
supported systems running Microsoft .NET Framework 1.1
Service Pack 1, except when installed on Windows Server 2003
Service Pack 2. There were no changes to the security update
files. Customers who have successfully installed the update
do not need to take any action.
- Originally posted: May 8, 2012
- Updated: May 11, 2012
- Version: 2.0

24 Internet Explorer

0 Restricted Sites

0 Firefox

15177 items in database

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS12-029 - Critical
* MS12-030 - Important
* MS12-032 - Important
* MS12-MAY


Bulletin Information:

* MS12-029 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-029
- Reason for Revision: V1.1 (May 9, 2012): Corrected update replacement
information for Microsoft Office Compatibility Pack Service Pack 2.
This is a bulletin change only. There were no changes to detection
logic or security update files.
- Originally posted: May 8, 2012
- Updated: May 9, 2012
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS12-030 - Important

- http://technet.microsoft.com/security/bulletin/MS12-030
- Reason for Revision: V1.1 (May 9, 2012): Removed erroneous reference
to known issues from the Executive Summary and updated the title of
CVE-2012-1847.
- Originally posted: May 8, 2012
- Updated: May 9, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

* MS12-032 - Important

- http://technet.microsoft.com/security/bulletin/MS12-032
- Reason for Revision: V1.1 (May 9, 2012): Corrected mitigating factors
for CVE-2012-0174 and CVE-2012-0179 in the Vulnerability Information
section.
- Originally posted: May 8, 2012
- Updated: May 9, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

* MS12-MAY

- http://technet.microsoft.com/security/bulletin/MS12-MAY
- Reason for Revision: V1.1 (May 9, 2012): Updated the title of
CVE-2012-1847 in the Exploitability Index.
- Originally posted: May 8, 2012
- Updated: May 9, 2012
- Version: 1.1

2012-05-09
Adware
+ Aureate
Malware
++ Sidego ++ Win32.Autorun.gen + Win32.FraudLoad.edt
PUPS
++ RiverNileCasino
Spyware
++ UltraAccessNetworks.NetBusPro
Trojans
+ Atraps.br + Bancos.prx + Banload ++ Win32.Autorun.bomb ++ Win32.Chiznit ++ Win32.Matsnu + Win32.OnLineGames.down + Win32.OnLineGames.gen
Total: 2539948 fingerprints in 791992 rules for 6646 products.

http://www.safer-networking.org/en/index.html

What is InterBoan?

The Malwarebytes research team has determined that InterBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=109662