DP's Security Bits

Remove the Computer Crime and Intellectual Property Section Ransomware

Don — Sat, 18 May 2013 09:30:00 GMT

The Computer Crime and Intellectual Property Section ransomware is a computer infection that displays a screen requesting money before it allows you to access your Windows desktop. This screen locker pretends to be an alert from the FBI that states they have detected that you have been viewing child pornography, using unlicensed software, or distributing copyrighted files. They further state that in order to avoid federal prosecution you must pay a fee of $300 in the form of a MoneyPak voucher within 72 hours to gain access to your computer again.

http://www.bleepingcomputer.com/virus-removal/remove-computer-crime-intellectual-property-section

Microsoft Security Bulletin Minor Revisions Issued: May 15, 2013

Don — Thu, 16 May 2013 09:16:00 GMT

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-045

Bulletin Information:

* MS13-045 - Important

- http://technet.microsoft.com/security/bulletin/ms13-045
- Reason for Revision: V1.1 (May 15, 2013): Corrected link to the
    download location in the Detection and Deployment Tools and
    Guidance section. This is an informational change only.
- Originally posted: May 14, 3013
- Updated: May 15, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

Microsoft Security Bulletin Minor Revisions Issued: May 14, 2013

Don — Wed, 15 May 2013 08:15:00 GMT

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-009

Bulletin Information:

* MS13-009 - Critical

- http://technet.microsoft.com/security/bulletin/ms13-009
- Reason for Revision: V1.2 (May 14, 2013): Revised this bulletin
    to announce a detection change to correct an offering issue for
    Windows Server 2012 (Server Core installation). This is a detection
    change only. There were no changes to the security update files.
    Customers who have already successfully updated their systems do
    not need to take any action.
- Originally posted: February 12, 2013
- Updated: May 14, 2013
- Bulletin Severity Rating: Critical
- Version: 1.2

Microsoft Security Advisory Notification Issued: May 14, 2013

Don — Wed, 15 May 2013 08:10:00 GMT

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2846338)
- Title: Vulnerability in Microsoft Malware Protection Engine
    Could Allow Remote Code Execution
- http://technet.microsoft.com/security/advisory/2846338
- Revision Note: V1.0 (May 14, 2013): Advisory published.

* Microsoft Security Advisory (2820197)
- Title: Update Rollup for ActiveX Kill Bits
- http://technet.microsoft.com/security/advisory/2820197
- Revision Note: V1.0 (May 14, 2013): Advisory published.

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
    Internet Explorer 10
- http://technet.microsoft.com/security/advisory/2755801
- Revision Note: V12.0 (May 14, 2013): Added the 2840613 update
    to the Current Update section.

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow Remote
    Code Execution
- http://technet.microsoft.com/security/advisory/2847140
- Revision Note: V2.0 (May 14, 2013): Advisory updated to reflect
    publication of security bulletin.

TechNet Webcast: Information About the May 2013 Security Bulletin Release

Don — Tue, 14 May 2013 17:24:00 GMT

Event ID: 1032538728
Language(s): English.
Product(s): computer security and information security.
Audience(s): IT Decision Maker, IT Implem_IT Generalist and IT Manager.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

and

Jonathan Ness, Security Development Manager, Microsoft Corporation

Register for Event
Starts: Wednesday, May 15, 2013 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Microsoft Security Bulletin(s) for May 14, 2013

Don — Tue, 14 May 2013 17:00:00 GMT

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms13-may

Critical (2)

Microsoft Security Bulletin MS13-037
Cumulative Security Update for Internet Explorer (2829530)
»technet.microsoft.com/en-us/secu···ms13-037

Microsoft Security Bulletin MS13-038
Security Update for Internet Explorer (2847204)
»technet.microsoft.com/en-us/secu···ms13-038

Important (8)

Microsoft Security Bulletin MS13-039
Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
»technet.microsoft.com/en-us/secu···ms13-039

Microsoft Security Bulletin MS13-040
Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
»technet.microsoft.com/en-us/secu···ms13-040

Microsoft Security Bulletin MS13-041
Vulnerability in Lync Could Allow Remote Code Execution (2834695)
»technet.microsoft.com/en-us/secu···ms13-041

Microsoft Security Bulletin MS13-042
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
»technet.microsoft.com/en-us/secu···ms13-042

Microsoft Security Bulletin MS13-043
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
»technet.microsoft.com/en-us/secu···ms13-043

Microsoft Security Bulletin MS13-044
Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
»technet.microsoft.com/en-us/secu···ms13-044

Microsoft Security Bulletin MS13-045
Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
»technet.microsoft.com/en-us/secu···ms13-045

Microsoft Security Bulletin MS13-046
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
»technet.microsoft.com/en-us/secu···ms13-046

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Removal instructions for Boan Safe

Don — Sun, 12 May 2013 11:12:00 GMT

What is Boan Safe?

The Malwarebytes research team has determined that Boan Safe is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=126166

Removal instructions for Booster-Clean

Don — Sat, 11 May 2013 09:16:00 GMT

What is Booster-Clean?

The Malwarebytes research team has determined that Booster-Clean is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=126120

Microsoft Security Bulletin Advance Notification for May 2013

Don — Thu, 09 May 2013 16:59:00 GMT

This is an advance notification of 10 security bulletins that Microsoft is intending to release on May 14, 2013.

2 rated as Critical and 8 with a rating of Important

http://technet.microsoft.com/en-us/security/bulletin/ms13-may

Microsoft Security Advisory Notification Issued: May 8, 2013

Don — Thu, 09 May 2013 06:26:00 GMT

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
    Remote Code Execution
- http://technet.microsoft.com/security/advisory/2847140
- Revision Note: V1.1 (May 8, 2013): Added link to Microsoft
    Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that
    prevents exploitation of this issue.

Spybot Search & Destroy Weekly Update - May 8, 2013

Don — Wed, 08 May 2013 11:10:00 GMT

2013-05-08

Adware
+ Somoto.BetterInstaller + Yontoo.Pagerage
PUPS
++ Avanquest.PCSpeedMaximizer ++ USTechSupport.MyCleanPC
Malware
++ FindLyrics ++ Iminent.Messanger ++ Install.DomaIQ ++ Qtrax ++ Tuguu.VAFPlayer
Spyware
++ IronInstall.Toolbar.Amazon ++ SaveByClick
Trojans
+ Dexon.Agent + Win32.Expiro
Total: 2585519 fingerprints in 802514 rules for 6998 products.

http://www.safer-networking.org/about/updates/

Removal instructions for VaccineTools

Don — Sun, 05 May 2013 10:03:00 GMT

What is VaccineTools?

The Malwarebytes research team has determined that VaccineTools is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=125872

Microsoft Security Advisory Notification Issued: May 3, 2013

Don — Sat, 04 May 2013 10:48:00 GMT

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
- http://technet.microsoft.com/security/advisory/2847140
- Revision Note: V1.0 (May 3, 2013): Advisory published.

Malwarebytes: How to remove the Security Pro rogue

Don — Sat, 04 May 2013 10:37:00 GMT

The Security Pro rogue hijacks the .exe extensions and effectively blocks other programs. It can also delete wuauserv and disables shared access.

http://www.youtube.com/watch?v=YVf14ef6uC4

SpywareBlaster Database Update - May 2, 2013

Don — Thu, 02 May 2013 19:34:00 GMT

21 Internet Explorer
0 Restricted Sites
0 Firefox

16069 items in database

Spybot Search & Destroy Weekly Update - May 2, 2013

Don — Thu, 02 May 2013 10:32:00 GMT

2013-05-02

Malware
++ Fraud.DiskCleaner ++ Fraud.PCOptimizerPro + IronInstall ++ MustaphaCDRom ++ Toolbar.MySearchDial + Win32.Bicololo
Trojans
+ Bancos.BHO + FakePorn.Winlock + Kuluoz ++ Win32.AMN ++ Win32.Siggen.fyn + Win32.SonyAgent.NFP ++ Win32.Undef
Total: 2584817 fingerprints in 802125 rules for 6988 products.

http://www.safer-networking.org/about/updates/

Removal instructions for XP Security Cleaner Pro

Don — Sat, 27 Apr 2013 17:49:00 GMT

What is XP Security Cleaner Pro?

The Malwarebytes research team has determined that XP Security Cleaner Pro is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=125615

Microsoft Security Bulletin Minor Revisions - April 26, 2013

Don — Sat, 27 Apr 2013 09:11:00 GMT

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-043

Bulletin Information:

* MS12-043 - Critical

- »technet.microsoft.com/security/b···ms12-043
- Reason for Revision: V4.2 (April 26, 2013): Corrected update
replacement. This is an informational change only. There
were no changes to the security update files or detection
logic.
- Originally posted: July 10, 2012
- Updated: April 26, 2013
- Bulletin Severity Rating: Critical
- Version: 4.2

Microsoft Security Bulletin Minor Revisions Issued: April 24, 2013

Don — Thu, 25 Apr 2013 08:50:00 GMT

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-028
* MS13-031
* MS13-036
* MS13-APR

Bulletin Information:

* MS13-028 - Critical

- http://technet.microsoft.com/security/bulletin/ms13-028
- Reason for Revision: V1.1 (April 24, 2013): Added
    CVE-2013-1338 as a vulnerability addressed by this update.
    In addition, corrected update replacement and clarified why
    this update replaces MS13-010. These are informational
    changes only.
- Originally posted: April 9, 2013
- Updated: April 24, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-031 - Important

- http://technet.microsoft.com/security/bulletin/ms13-031
- Reason for Revision: V1.1 (April 24, 2013): Corrected update
    replacement. This is an informational change only. There were
    no changes to the security update files or detection logic.
- Originally posted: April 9, 2013
- Updated: April 24, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-036 - Important

- http://technet.microsoft.com/security/bulletin/ms13-036
- Reason for Revision: V3.1 (April 24, 2013): Corrected KB article
    hyperlink and incorrect KB numbers for Windows 7 for x64-based
    Systems and Windows Server 2008 R2 for Itanium-based Systems in the
    Affected Software table. These are informational changes only.
- Originally posted: April 9, 2013
- Updated: April 24, 2013
- Bulletin Severity Rating: Important
- Version: 3.1

* MS13-APR

- http://technet.microsoft.com/security/bulletin/ms13-apr
- Reason for Revision: V3.1 (April 24, 2013): For MS13-028,
    added an Exploitability Assessment in the Exploitability
    Index for CVE-2013-1338. This is an informational change
    only.
- Originally posted: April 9, 2013
- Updated: April 24, 2013
- Version: 3.1

Spybot Search & Destroy Weekly Update - April 24, 2013

Don — Wed, 24 Apr 2013 13:38:00 GMT

2013-04-24

Adware
++ Acala.DVDCopy + Babylon.Toolbar + Delta.Toolbar + GameVance + Pricepeep ++ XingHao.LyricsPal
Trojans
+ Bancos.prx + Banload.cpl + FakePorn.Winlock ++ Kuluoz ++ Win32.Agent.cgmc ++ Win32.Agent.xysa + Win32.Eupuds + Win32.Muollo + Win32.Tepfer.hdbt
Total: 2584322 fingerprints in 801991 rules for 6982 products.

http://www.safer-networking.org/about/updates/