New Storm Trojan variant spreads in blogs, forums, Webmail

A new variant of the "Storm" Trojan is injecting its come-on into blogs, Web-based message forums and Webmail as part of an effort to spread itself to an ever-widening net of PCs, according to a security researcher.

Dmitri Alperovitch, principal research scientist at Secure Computing, said today that the Trojan -- best known as the "Storm worm" but also pegged as "Peacomm" and half a dozen other names by anti-virus vendors -- is using a novel approach to spread. "This is a really neat twist, through the Web channel," said Alperovitch.

An initial infection is still carried out via e-mail, which touts a link that when clicked downloads a number of malware components to a victimized machine. Once on a PC, however, the malicious code injects itself into the network stack as a rootkit and analyzes all outbound Web traffic

"It has hooks for boards, e-mail, and blogs," said Alperovitch. When a user on an infected PC posts a message to a forum or blog, or sends a message via popular Web-based mail services such as Hotmail, Gmail, and Yahoo Mail the Trojan adds text to the entry or message.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011903

iTunes and Windows Vista

iTunes 7.0.2 may work with Windows Vista on many typical PCs. Apple recommends, however, that customers wait to upgrade Windows until after the next release of iTunes which will be available in the next few weeks. This document will be updated as more information becomes available.

If you are upgrading to Windows Vista or have purchased a new computer with Windows Vista pre-installed, here is some information you may find helpful:
Compatibility with Windows Vista

Apple is preparing to address a number of iTunes compatibility issues in the next release of the software.

Some currently known compatibility issues with iTunes 7.0.2 and earlier versions include:

• iTunes Store purchases may not play when upgrading to Windows Vista from Windows 2000 or XP.
• iPod models with the "Enable Disk Use" option turned off may be unable to update or restore iPod software, and make changes to iPod settings.
• iPod models configured to Auto Sync and have the "Enable Disk Use" option turned off may require being ejected and reconnected to resync
• Ejecting an iPod from the Windows System Tray using the "Safely Remove Hardware" feature may corrupt your iPod. To always safely eject an iPod, choose Eject iPod from the Controls menu within iTunes.
• Cover Flow animation may be slower than expected.
• Contacts and calendars will not sync with iPod.
  

http://docs.info.apple.com/article.html?artnum=305042

Secunia Software Inspector

Run the Secunia Software Inspector to make sure that your system is up-to-date:
http://secunia.com/software_inspector/

Minimum Requirements in running the Software Inspector of Secunia:

• Windows 2000, Windows XP, or Windows 2003
  

• Sun Java JRE 1.5.0_06
  

• Internet Explorer 6.x, Opera 9.x, or Firefox 1.5.x
  

• Latest version of Microsoft Windows Update
  

Note: To receive reminder via email on the above, simply go to Secunia Software Inspector website, click "Reminder Service" at the right.

Microsoft Network Monitor 3

Brief Description
Network Protocol Analyzer
Tool to allow capturing and protocol analysis of network traffic.

Overview
Network Monitor 3.0 is a protocol analyzer. It allows you to capture network traffic, view and analyze it. This version is a complete overhaul of the previous Network Monitor 2.x version.

System Requirements

• Supported Operating Systems: Windows Server 2003; Windows Server 2003 x64 editions; Windows Vista; Windows Vista Business 64-bit edition; Windows XP; Windows XP 64-bit
  

It is suggested that you have a CPU of 1GHz or greater, 1G or greater of Memory and 25 Megs of available Hard Disk space, plus room for capture files.

http://www.microsoft.com/downloads/details.aspx?familyid=aa8be06d-4a6a-4b69-b861-2043b665cb53&displaylang=en&tm

Windows Genuine Advantage Notification (KB905474)

Date last published: 2/21/2007
Download size: 1.2 MB
The Windows Genuine Advantage Notification tool notifies you if your copy of Windows is not genuine. If your system is found to be a non-genuine, the tool will help you obtain a licensed copy of Windows.

http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

http://www.microsoft.com/genuine/downloads/WhyValidate.aspx

RegASSASSIN 1.01 (Feb 11th, 2007)

RegASSASSIN is a portable utility that can remove stubborn registry keys by resetting the key's permissions and then deleting it.

Simply download RegASSASSIN from the link below, unzip the file, and run RegASSASSIN.exe. Next, enter a registry key and choose the options you would like. Finally select delete to to execute the options.

Compatible with Windows 2000, NT, XP, Vista

http://www.malwarebytes.org/regassassin.php

 

FileASSASSIN 1.04 (Feb 11th, 2007)

FileASSASSIN can delete locked malware files on your system. It uses advanced techniques to unload modules, close remote handles, and terminate processes to allow the removal of the file.

Simply download FileASSASSIN from the one of the links below, unzip the file, and run the installer. Start FileASSASSIN and select a file by dragging it onto the text area or select it using the (...) button. Next, select a removal method from the list. Finally, click delete and the removal process will commence.

Compatible with Windows 2000, NT, XP, Vista

http://www.malwarebytes.org/fileassassin.php

RogueRemover PRO 1.05

View program history:
http://www.malwarebytes.org/rogueremoverpro_history.php

View database history:
http://www.malwarebytes.org/rogueremoverpro_database_history.php

Download:
http://www.malwarebytes.org/rogueremoverpro.php