There have been two new variants of SpywareQuake and SpyFalcon found this week. Files have been collected and analysed and the removal tool has been updated already.
Read More: Latest Malware Threats
Friday, April 28, 2006
Tuesday, April 25, 2006
New SpyFalcon Variant Found
Researchers at Bleeping Computer came upon a new variant today:
The Bleeping Computer self-help guide has been updated along with the reg file.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\twain32.dll"
The Bleeping Computer self-help guide has been updated along with the reg file.
Tuesday, April 18, 2006
New Spyware Quake Variant Found
Another variant has been uncovered: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"="XenaDot Software"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32] @="C:\WINDOWS\system32\xenadot.dll"<<<--Bad File
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32] @="C:\WINDOWS\system32\xenadot.dll"<<<--Bad File
Monday, April 17, 2006
180Solutions & Kiddie Porn
Well, once again an affiliate of 180Solutions has gone rogue. Of course, we all knew this would happen yet again. Especially since all it takes is one line of code to break their bulletproof software. You know, the software they said would stop all the rogue activity, yeah that software.
I can hear the the clowns over there now rummaging thru the Official 180Colusions Pile Of Excuses For Affiliates file cabinet.
Wanna bet they come out with something interesting? At the very least, they are good for that.
Read More:
180Solutions Affiliate Installs Kiddie Porn
I can hear the the clowns over there now rummaging thru the Official 180Colusions Pile Of Excuses For Affiliates file cabinet.
Wanna bet they come out with something interesting? At the very least, they are good for that.
Read More:
180Solutions Affiliate Installs Kiddie Porn
Saturday, April 15, 2006
New SpywareQuake Variant Found
OK, we have a new variant of SpywareQuake, just found today. Here are the references to it: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}"="USB Mouse Driver"[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}\InProcServer32]@="C:\WINDOWS\system32\suprox.dll" <---new file
Tools at Bleeping computing and a new site have already been updated.
New site: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
Tools at Bleeping computing and a new site have already been updated.
New site: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
Wednesday, April 12, 2006
New Winfixer Clone, w\Vundo
There is a new Winfixer clone out, called SysProtect. It does not install Vundo, but in many cases is bundled with it. Some files to look for:
syp.exe
SysProtectScannerInstall.exe
Atribune's Vundo Fix has already been updated to deal with a new variant, tho I'm not 100% sure it's from SysProtect or not.
Read more: New WinFixer Clone
syp.exe
SysProtectScannerInstall.exe
Atribune's Vundo Fix has already been updated to deal with a new variant, tho I'm not 100% sure it's from SysProtect or not.
Read more: New WinFixer Clone
Sunday, April 09, 2006
New SpyAxe\SmithFraud Variant
A couple of new sites have been found using the same tactics as previous versions, pop ups which claim you are infected with something and homepage re-directs. The new sites are:
BestsecurityguideDOTcom securityfeatureDOTcom
New files and a BHO:
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hpAD57.tmp
The file names are not quite entirely new, Vundo infections use similar names, with the 'hp' followed by a random number and .tmp extention.
Users can still use the fix as previously recommended at Bleeping Computer
BestsecurityguideDOTcom securityfeatureDOTcom
New files and a BHO:
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hpAD57.tmp
The file names are not quite entirely new, Vundo infections use similar names, with the 'hp' followed by a random number and .tmp extention.
Users can still use the fix as previously recommended at Bleeping Computer
Friday, April 07, 2006
MessengerPlus: Now Includes Rogue & Adult Content
Just found this posted by one of the MS MVPs. Pretty amazing stuff, just goes to show you how greedy this scumbag is. It would appear as tho Patchou has tweaked his sponsor program yet again, but this time he has added some links and things to Adult Friend finder, which is not something any right minded coder would do, unless of course they were just a greedy bastard.
And btw, due to the fact that so many young people use this app, how is it that a guy could add something like this? Does this clown any sense of morality? Young kids may be subjected to some adult type of popup or dating services?
Come on, I'm amazed anyone can use this program with or wothout the sponsor program and support the person behind it. Oh yeah, and now they are also pushing a anti-spyware app that, guess what? It's on Eric Howe's rogue list!!! This guy has really done it this time.
Sandi Hardmeier MS MVP-Security Blog
And btw, due to the fact that so many young people use this app, how is it that a guy could add something like this? Does this clown any sense of morality? Young kids may be subjected to some adult type of popup or dating services?
Come on, I'm amazed anyone can use this program with or wothout the sponsor program and support the person behind it. Oh yeah, and now they are also pushing a anti-spyware app that, guess what? It's on Eric Howe's rogue list!!! This guy has really done it this time.
Sandi Hardmeier MS MVP-Security Blog
Thursday, April 06, 2006
NY AG Targets Direct Revenue
A lawsuit filed in Supreme Court of the State of New York seeks an order barring Direct Revenue from secretly installing spyware or sending ads through existing spyware programs. Reuters
Direct Revenue Rebuts New York Attorney General's Charges April 05, 2006
Direct Revenue has recently come under fire from Spitzer's office for a wide range of questionable practices. See Chris Boyd's write up. Now the company is going on the offensive and rebuts the charges.
Quote:
"This lawsuit is a baseless attempt by the Office of the Attorney General to rewrite the rules of the adware business. It focuses exclusively on the company's past practices - practices we and other industry leaders changed long ago - and says not a word about what we're doing today," said a company spokesperson. "We are proud of our products and the value they bring to both advertisers and consumers?the former by delivering positive, measurable results for their ad dollars, and the latter by offering free content and applications in exchange for viewing a few targeted advertisements per day.
ReveNews
80 Nails And Counting
Everyday brings with it an even more tightening coffin lid. Well it would seem that the clowns over at Direct Revenue have really gotten themselves into a pickle. Not only is NY AG Spitzer on their collective asses, which is bad enough, Ben Edelman has created a detailed and very damaging list of documents which outline the case. So if you want to read some extremely damaging accounts of how they:
1. Joked about user complaints
2. Conceded they don't much worry about if users get their software legitimately
3. Discuss the use of installing a Control Panel to ease removal, but worry more about the success rate of said removals.
Click this link to Ben Edelman's write up You won't believe your eyes....no joke.
Direct Revenue Rebuts New York Attorney General's Charges April 05, 2006
Direct Revenue has recently come under fire from Spitzer's office for a wide range of questionable practices. See Chris Boyd's write up. Now the company is going on the offensive and rebuts the charges.
Quote:
"This lawsuit is a baseless attempt by the Office of the Attorney General to rewrite the rules of the adware business. It focuses exclusively on the company's past practices - practices we and other industry leaders changed long ago - and says not a word about what we're doing today," said a company spokesperson. "We are proud of our products and the value they bring to both advertisers and consumers?the former by delivering positive, measurable results for their ad dollars, and the latter by offering free content and applications in exchange for viewing a few targeted advertisements per day.
ReveNews
80 Nails And Counting
Everyday brings with it an even more tightening coffin lid. Well it would seem that the clowns over at Direct Revenue have really gotten themselves into a pickle. Not only is NY AG Spitzer on their collective asses, which is bad enough, Ben Edelman has created a detailed and very damaging list of documents which outline the case. So if you want to read some extremely damaging accounts of how they:
1. Joked about user complaints
2. Conceded they don't much worry about if users get their software legitimately
3. Discuss the use of installing a Control Panel to ease removal, but worry more about the success rate of said removals.
Click this link to Ben Edelman's write up You won't believe your eyes....no joke.
Tuesday, April 04, 2006
I'm An MS MVP
My nomination to MS MVPs has been accepted. I'm proud to be part of this prestigious group. Read more:
TeMerc Gets Certified MS MVP!!!!
TeMerc Gets Certified MS MVP!!!!
Monday, April 03, 2006
Phishing Analysis
U.S. academic group deeply studies the reasons behind successful phishng ploys. The findings are rather astounding, especially for those who were 'very experienced' in computing and security. Read more at:
The secret of phishers' success
The secret of phishers' success
ASC Releases 'Tip Sheets'
The coalition offers both home and corporate users advice on how to recognize unwanted software. Read more at:
ASC Releases Two 'Tip Sheets' To Consumers
ASC Releases Two 'Tip Sheets' To Consumers
Claria Starts Up New Adware.....errr Business Model
Seems Claria has begun its transformation, from an alleged adware company to one that pushes something they call 'PersonalWeb'. Of course this is what it does, and I quote:
Claria is expected to then use the software to offer users personalized content, as well as to target ads based on users' Web-surfing habits.
Uh-huh...Call it what you want, it's still adware. Read more at:
Claria Leaving Adware Biz............Kinda
Claria is expected to then use the software to offer users personalized content, as well as to target ads based on users' Web-surfing habits.
Uh-huh...Call it what you want, it's still adware. Read more at:
Claria Leaving Adware Biz............Kinda
Subscribe to:
Posts (Atom)
.jpg)
