Donna's SecurityFlash

McAfee SiteAdvisor sued over 'spyware' tag

donna — Fri, 29 Aug 2008 00:26:32 GMT

In a case that could tie the hands of companies trying to protect their customers from internet threats, a website owner with past ties to a notorious piece of spyware has filed a lawsuit claiming it is being unfairly maligned by warnings from McAfee that the site poses a risk to its customers.

7Search.com filed the complaint in US District Court in Illinois. It seeks unspecified monetary damages and an injunction ordering McAfee's SiteAdvisor service to designate the site as safe. SiteAdvisor, which warns users when they are about to visit a site that may pose security threats, currently displays a warning that reads: "Feedback from credible users suggests that downloads on this site may contain what some people would consider adware, spyware, or other potentially unwanted programs."

http://www.theregister.co.uk/2008/08/28/7search_sues_mcafee/

Rogue Software using ImageShack to spread itself

donna — Thu, 28 Aug 2008 12:59:56 GMT

They are really desperate to steal money from users.

http://www.dozleng.com/updates/index.php?showtopic=16468

New Rogue Program: AndromedaAV

donna — Wed, 27 Aug 2008 12:57:06 GMT

Symantec discovered a new Rogue (misleading application) software name AndromedaAV by Andromeda-AV.com

http://www.symantec.com/security_response/writeup.jsp?docid=2008-082710-2239-99&tabid=2

Posted too in CoU: http://www.dozleng.com/updates/index.php?showtopic=16461

How to remove: http://www.bleepingcomputer.com/malware-removal/remove-andromeda-antivirus

Malware SPAM: We have hijacked your baby

donna — Tue, 26 Aug 2008 11:48:43 GMT

The email is SPAM with photo.zip as malware attachment:

http://www.dozleng.com/updates/index.php?showtopic=16448

Malware SPAM: XP Official Update 2008

donna — Mon, 25 Aug 2008 23:38:51 GMT

That's a trojan peed, malware, fake alert.

Update on Products with Ask Toolbar

donna — Mon, 25 Aug 2008 09:20:35 GMT

We don't post updates information of security programs that bundles with Ask Toolbar because of it's questionable status. Today, I decided to test detection by antispyware programs whether any of them will still detect anything related with Ask Toolbar. The result with screenshots is at: http://www.dozleng.com/updates/topic16253

VIPRE, Malwarebytes, A-squared and Outpost Antispyware/Antimalware programs will detect something.

The installer of Ask Toolbar is also detected by some malware scanners. The askPopStp.dll and askBar.dll files is also detected as risk.

So our stand to not to post update information on products bundled with Ask Toolbar remains the same.

If it's clean.. they should work with these vendors to fix their claim as false positive. Recommending to users to "temporarily disable" their NOD32 or other antivirus programs to allow the installation of products with Ask Toolbar (W32/Adinstaller etc) is NOT recommended.

If it's undetected by many scanners, only then we should inform users that it is OK to use it (if you like another toolbar).

And if you want to know what programs have Ask Toolbar, please check the "Installers Hall of Shame (Unwanted add-on)" list.at:

http://www.dozleng.com/updates/calendar44514

Edit: Our friend BillP (WinPatrol) received another invitation to bundle ASK toolbar in his WinPatrol. This is the 2nd time he receive the offer and again, he said NO to ASK toolbar again. Thanks Bill!

http://billpstudios.blogspot.com/2008/08/what-wrong-with-toolbars.html

Is your software & hardware compatible with Vista?

donna — Sun, 24 Aug 2008 03:39:10 GMT

Wondering if your favorite stuff works with Windows Vista? Here's where you can find out if it already does or if you just need a new driver. You'll get the latest details on thousands of products and benefit from users' feedback.

http://www.microsoft.com/windows/compatibility/Default.aspx

Sample search posted at Calendar of Updates' Windows OS forum.

More rogue domains by Antivirus 2008 XP

donna — Sun, 24 Aug 2008 01:44:07 GMT

antivirusq.net
antivirus2008b.net
antivirus2008m.net
antivirus2008n.net
antivirus2008v.net
antivirus777.com
antivirusq.net
antivirusr.net
antivirust.net
antivirusw.net
antivirusu.net
expressantivirus2009.com

http://www.dozleng.com/updates/index.php?showtopic=16312

Malware SPAM: The new standard in Internet Security, Rogue: Antivirus 2009 - 6 months to try

donna — Sun, 24 Aug 2008 01:26:03 GMT

Today's malware SPAM will try to trick users in downloading Antivirus 2009 (6 months trial)

http://www.dozleng.com/updates/index.php?showtopic=16442

Windows Live OneCare Safety Scanner users can't scan because of Adobe Reader 9

donna — Fri, 22 Aug 2008 15:54:00 GMT

Some users reported that they could NOT run the scan using Windows Live OneCare Safety Scanner after installing Adobe Reader v9.

Discussion at http://boards.live.com/safetyboards/thread.aspx?threadid=606296

Dave (aka drawAblank) help the users by investigating what's going on by installing Adobe Reader 9 and he found out that Adobe Reader alter the security setting of Internet Explorer (without prompting the user) by selecting "Allow Active content to run in my computer" in IE>Internet Options>Advanced>Security.

When the user disabled "Allow Active content to run in my computer" (which is the default setting in IE), the user able to run a scan using OneCare Safety Scanner.

If anyone have the said problem with OneCare Safety Scanner and you have Adobe Reader 9, you might to review the above discussion.

Note: I tried to reproduce the above issue but after installing Adobe Reader v9 while IE is not open and when I use Opera to download the Adobe Reader v9 installer in XP Pro, I cannot reproduce it. The setting here is the same... the "Allow Active content to run in my computer" is still unchecked and I can scan using OneCare Safety Scanner.

Moving to calendarofupdates.com

donna — Fri, 22 Aug 2008 15:11:12 GMT

Calendar of Updates is located in dozleng.com, we will be using calendarofupdates.com starting next month - Sept. 6, 2008

More info at http://www.dozleng.com/updates/index.php?showtopic=16431

Rogue Software: MS Antivirus 2008

donna — Thu, 21 Aug 2008 23:21:11 GMT

Bharath Narayan blog today about the new rogue software name MS Antivirus 2008

Site Name: Msantivirusxp.com
IP Address: 91.208.0.229

Site Name: Msscanner.com
IP address: 91.208.0.228

Screenshot at http://bharath-m-narayan.blogspot.com/2008/08/ms-antivirus-2008.html

Homeland Security Phones Hacked

donna — Thu, 21 Aug 2008 13:19:55 GMT

A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.

The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.

http://www.cbsnews.com/stories/2008/08/20/tech/main4368749.shtml?source=RSSattr=SciTech_4368749

Symantec to Acquire PC Tools

donna — Thu, 21 Aug 2008 13:16:51 GMT

Symantec, today announced it has signed a definitive agreement to acquire PC Tools, a global provider of innovative software products designed to protect the privacy and security of Windows® computer users. The financial terms of the acquisition are not being disclosed. The transaction is expected to close by the end of the calendar year and is subject to customary closing conditions and regulatory approvals.

With the addition of PC Tools, Symantec will expand its consumer product portfolio to include award-winning PC utilities software and point security technologies. PC Tools will help Symantec expand its reach with consumers in new emerging regional markets and will bring an array of go-to-market capabilities, that have been effective with consumers in many markets around the world.
http://www.symantec.com/about/news/release/article.jsp?prid=20080818_02

Opera v9.52 is available as security upgrade

donna — Wed, 20 Aug 2008 20:31:11 GMT

"Opera 9.52 is a recommended security and stability upgrade."

Fixed a startup crash that could allow execution of arbitrary code.
Sites can no longer change framed content on other sites.
Fixed an issue that could allow cross-site scripting, as reported by Chris Weber of Casaba Security: details will be disclosed at a later date
Custom shortcuts no longer pass the wrong parameters to applications, as reported by Michael A. Puls II.
Prevented insecure pages from showing incorrect security information, as reported by Lars Kleinschmidt.
Feed links can no longer link to local files: see our advisory
Feed subscription can no longer cause the wrong page address to be displayed: see our advisory

http://www.opera.com/docs/changelogs/windows/952/

Download: http://www.opera.com/download/

Why users should use browser security add-ons?

donna — Wed, 20 Aug 2008 07:08:39 GMT

Because when you search online for software or services, links to malware or rogue is around.

Because when you click on a page or link, malware or rogue installers are around too.

So what browser security add-ons do you use?

We have a discussion at Calendar of Updates on September 2007 and I bump it today by updating what browser security add-ons is effective still and what is the new add-on that is also effective:

http://www.dozleng.com/updates/index.php?showtopic=15674&st=0&gopid=71229&#entry71229

A news and a malware: Journalists shot in Georgia - Georgia.zip (joined.exe)

donna — Tue, 19 Aug 2008 20:58:31 GMT

Journalists shot in Georgia - http://news.bbc.co.uk/2/hi/europe/7563706.stm

The above is the news few days ago only but today, there's a malware SPAM for the above. The email subject is same as news story "Journalists shot in Georgia". The email contain attachment Georgia.zip (compressed joined.exe) which is password protected (123 as password).

Details at http://www.dozleng.com/updates/index.php?showtopic=16413

More rogue domain by Antivirus XP 2008

donna — Sat, 16 Aug 2008 13:26:13 GMT

antivirus0003.com
antivirus0003.com
antivirus0004.com
antivirus0005.com
antivirus0006.com
antivirus0007.com
antivirus0015.com
antivirus2009online.com
antivirusxp-pro.com
antivirusxp2009.com
pwrantivirus.com
theantivirusscan.com
wista-antivirus2009.com
xpertantivirus.com

http://www.dozleng.com/updates/index.php?showtopic=16312

Add the above in your blocklist, hosts file or restricted sites (if not listed yet)

2 new rogue domain of Antivirus 2008 PRO

donna — Fri, 15 Aug 2008 21:17:01 GMT

antivirus-2008a-pro.com
antivirus-2008y-pro.com

Add them in your HOSTS file, blocklist or restricted sites. If you are using OpenDNS and have an account, add them too.

http://www.dozleng.com/updates/index.php?showtopic=16395

VIPRE Antivirus + Antispyware Review

donna — Fri, 15 Aug 2008 18:42:22 GMT

Sunbelt Software, the makers of the popular CounterSpy Antispyware introduced their new product called VIPRE. Like you, I'm interested to know how VIPRE differs from existing antivirus or antimalware software in the market.

My review is at http://www.brighthub.com/computing/smb-security/reviews/4027.aspx