Sunday, September 30, 2007

Weekly Roundup-Sept 30

Apologies for not blogging the last week or so. I've been involved with a 'donated' Pc for me to play with and it's been giving me fits with every turn.

Here is a round up of the some of the forum topics:
WinPatrol PLUS Data Collection

Radical Rethink Of The Net Under Way

AOL AIM Security Hole

MS Extends XP's Life For OEMs

.Net Domain Becoming Havin For Cyber Criminals

Report: Increase In Phish Attacks, New Techniques

Thursday, September 20, 2007

Spyslay: New Rogue?

Looks like this is a brand new rogue, not much via Google at all. They joined my site and left a link to it in their siggy. Guess that was a bad idea, eh?

When you go to their site you get an immediate re-direct for another known rogue install. Guess who spread the news all over the Net? This will be updated as more info is found. Read More Here

Blogger Malware Gang Update

Well today the Blogger Malware Gang(BMG) changed things up some. I got hit yesterday with a rogue anti-spyware install. But we're onto them, quick as a cobra to a mongoose. Read Details Here

Wednesday, September 19, 2007

Blogger\Blogspot Malware: Reloaded

I got two links yesterday from Chuck, of The Real Blogger Status and boy oh boy, they sure did not disappoint.

After clicking a single link, each leading to an .hk(Hong Kong) domain and sitting there a few minutes while IM'ing Chuck, things started to happen and happen fast.

First hint was Process Explorer activity. I noticed in my task tray it began to get jumpy and was figuring I'd see the same as
last time. But no, this was not the same.....this would turn out to be much worse.

The activity got so crazy I was expecting the machine to freeze up, but it didn't. It maintained a balance of activity with files loading and deleting themselves for at least 45 minutes. In that while I got Drive Cleaner installed as well as a few rootkits too.
See The Carnage Here

Wednesday, September 12, 2007

Gromozon Malaware SSL Certified?

WTF!!!!!!??

How can this happen, a notoriously famous piece of malware gets 'certified' by a popular and well known Internet certificate issuing company. Something is wrong, very wrong.

One would think that they would have this company on a blacklist of sorts yes? Read & Discuss Here

Tuesday, September 11, 2007

MS Windows Monthly Security Updates

MS has released their monthly updates for Windows OSs. One critical and 3 important.

See some details right here

MS Windows Monthly Security Updates

MS has released their monthly updates for Windows OSs. One critical and 3 important.

See some details right here

Sunday, September 09, 2007

WinPatrol Minor Update

BillP has yet made available another WinPatrol update. With the recent change in v12 to the 'newer' Scotty icon and subsequent complaining that many users like the older icon, Bill now has included an option to use either or. Really, now how cool is Bill? Read More Here

STORM WORM ALERTS!!!

With all the hoopla that seems to be heaped upon each and every new Storm\Nuwar\Peacomm\Peed\Zhelatin worm I thought I'd make a quick little template for these alerts so security people could make posting said alerts a little bit easier.

Mind you, I may not give too much attention to this because it's the easiest thing to avoid. Just don't open any unknown\odd\unusual\ emails! Plain as that. If you do, then you deserve what you get. Yea, it's harsh....get over it.

See my post here

Monday, September 03, 2007

Spybot Search and Destroy 1.5 Final Release

Safer-Networking finally releases the new, latest and greatest Spybot Search & Destroy. Accept no substitutes, as many use the 'Spybot' name to rip off the good people who made the application the big success it is today.

They made a ton of improvements and its already Vista capable right out of the box, unlike some other anti-spyware company that took another month or so.

To read about all the highlights and check out the home page right here,

Bot Infections Multiply Like Bunnies: SDFix to The Rescue

Within the world of malware there are a couple of infections which seem to develop new variants very quickly. The type which seem to be the fastest, with new variants uncovered daily are of the 'bot' variety. These include but are not limited to backdoors, proxies, password stealers, downloaders\droppers and spambots.

Their names can strike fear in the hearts and minds of IT professionals all across the world not to mention make a home user nearly passout. Hacker Defender, InfoStealer, Rustock are but to name a few.

These can in many cases be cleaned up, tho to be honest, wiping the drive and reformatting to reinstall Windows is probably the best advice. If you have one of these then you'll be needing to use a specialized tool called SDFix, by Andy Manchesta.

Do not attempt to clean any bots on your own. These can require some specific registry fixes even before you begin cleaning, not to mention many bots are coded to prevent running of removal tools. Instead first install and run HijackThis! and post the resultant log into my Countermeasures: Extraction Hlep forum and I'll assist in removal.

Sunday, September 02, 2007

'Next Blog' Button Infects Users

Just the other week, I posted about WinAntiVirus links which were found to be on some blogs. All of which were taken down by Google. Now these were specific blogs created to drive traffic to either infect or dupe users.

Then Sunbelt Blog posted about Storm worm links embedded into Blogger\Blogspot blogs. Again, specifically created to infect.

This weekend I decided to go looking for malware and boy did I find it! First link I hit, POW!! Malware got installed immediately. And some not very well detected malware either. I went out twice and got infected within 1 minute the first time and within 3 minutes the second time and I found a bunch of blogs all pushing the same malware. Read more about it, see the scan results right here