Hardhead's Blog

Spambot Search Tool v0.48

2010-04-02T23:52:00.001-04:00

* Fixed display of results (now properly centered)
* Modified check_spammers.php (submission to FSL/SFS)
* Fixed IsValidEmail function
+ Added resolve_host function (makes things a little cleaner)
* Modified query so username + email are case insensitive.

Download: http://support.it-mate.co.uk/?mode=Products&act=DL&p=spambotsearchtool

Firefox 3.6.3

2010-04-02T23:47:00.001-04:00

What’s New in Firefox 3.6.3

Firefox 3.6.3 fixes a critical security issue that could potentially allow remote code execution (see bug 555109 ).

Download: http://www.mozilla.com/en-US/firefox/personal.html

Malwarebytes' Anti-Malware 1.45

2010-04-02T23:31:00.001-04:00

Version 1.45 (March 29th, 2010)

1. Added new scheduling engine for our customers featuring realtime updating, more finely-grained scheduled scanning/updating, and a streamlined interface.
2. Added new flash scanning option which searches for malicious objects in memory and load point locations.
3. Added compatibility with Remote Desktop Protocol (RDP) for our corporate customers.
4. Added a brand new advanced heuristics detection module named Shuriken that will be integrated into both scanner and protection module.
5. Integrated website blocking options and other customizable policies into the main program interface.
6. Heavily improved command line interface allowing customers to scan and remove automatically and silently.
7. Heavily improved updating module which should solve various updating issues. Also added full proxy support including authentication and integration into the GUI.
8. Fixed a large number of various issues and enhanced overall stability of the scanner and protection module.

Product Details: Malwarebytes' Anti-Malware

Version 1.34 (February 11th, 2009)

2009-02-12T00:55:00.001-05:00

1. (FIXED) Removing registry keys with corrupt permissions.
2. (FIXED) Removal of drivers now improved.
3. (FIXED) Improved memory usage (more to come!)
4. (FIXED) Certain types of freezing during full scan.
5. (FIXED) Improved full scan times significantly.
6. (ADDED) Better detection techniques for the real-time protection module.
7. (ADDED) Directories now counted as items scanned.
8. (ADDED) Disinfection for certain USB spread infections (Conficker).
9. (ADDED) New command line parameter: /schedule (see help file).

Product Details: Malwarebytes' Anti-Malware

Congratulations' Donna

2009-01-20T23:59:00.001-05:00

I want to take the opportunity to congratulate Donna Buenaventura.

Admin site owner of Calendar of Updates

Donna has passed the Microsoft Certification Exam which now makes her an Microsoft Certified Technology Specialist.

Great work Donna.

http://msmvps.com/blogs/donna/archive/2009/01/18/congratulations-you-re-now-an-mcp.aspx

Malwarebytes' Anti-Malware 1.33

2009-01-18T22:41:00.001-05:00

Version 1.33 (January 14th, 2009)

1. (FIXED) Issue with Latvian language file.
2. (FIXED) Improved activation license key checking.
3. (ADDED) Safeguard to prevent users from losing scan results.
4. (ADDED) Created framework for Malwarebytes' scripting language.
5. (ADDED) Updater now has 900+ access points (mirrors).

Product Details: Malwarebytes' Anti-Malware

Windows Live Writer

2008-12-21T05:06:00.000-05:00

Just finished installing Windows Live Writer.

I love all the new goodies it offers so I thought I would post a picture of our house here in Blue Ridge, Va.

Malwarebytes' Anti-Malware 1.31

2008-12-03T23:25:00.002-05:00

Version 1.31 (December 3rd, 2008)

1. (FIXED) Minor issues with heuristics and false detections.
2. (FIXED) Improved activation license key checking.
3. (FIXED) Removal on reboot now uses RunOnce registry key.
4. (ADDED) Support for Ukrainian language.
5. (ADDED) Heuristics for newer infections.

Download: http://www.malwarebytes.org/mbam.php
Posted in Forum: http://www.malwarebytes.org/forums/index.php?showtopic=8027

Malwarebytes' Anti-Malware 1.29

2008-10-17T00:41:00.002-04:00

Version 1.29 (October 16th, 2008)

1. (FIXED) Drastically improved heuristics detections.
2. (ADDED) Brand new protection module.
3. (ADDED) Brand new scheduler, protection no longer has to run.
4. (ADDED) Support for Greek and Macedonian languages.

Download: http://www.malwarebytes.org/mbam.php
Posted in Forum: http://www.malwarebytes.org/forums/index.php?showtopic=6864

Note: Uninstall previous version is recommended.

Mozilla Firefox 3.0.3

2008-09-26T22:49:00.003-04:00

What’s New in Firefox 3.0.3
Firefox 3.0.3 contains the following changes:
* Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708)
* See the Firefox 3.0.2 release notes for previous changes.

Download: http://www.mozilla.com/en-US/firefox/
Release Notes: http://www.mozilla.com/en-US/firefox/3.0.3/releasenotes/

Mac OS X Java Multiple Vulnerabilities

2008-09-25T20:10:00.002-04:00

Description:
Some vulnerabilities have been reported and acknowledged in Java for Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system.

1) An error leading to the use of an uninitialized variable exists in the hash-based Message Authentication Code (HMAC) provider. This can potentially be exploited to execute arbitrary code when a user visits a web page containing a specially crafted java applet.

2) An error in the Java plug-in within the handling of "file://" URLs can be exploited to launch local files when a user visits a web page containing a specially crafted java applet.

Mac OS X 10.4 is reportedly not affected.

3) Some vulnerabilities in Java 1.4.2_16 and Java 1.5.0_13 can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system

Solution:
-- Java for Mac OS X 10.4 --
Update to Release 7:
http://www.apple.com/support/downloads/javaformacosx104release7.html

-- Java for Mac OS X 10.5 --
Apply Update 2:
http://www.apple.com/support/downloads/javaformacosx105update2.html

http://secunia.com/advisories/32018/

Firefox 3.03 update coming soon

2008-09-25T19:38:00.001-04:00

A bug, found in yesterday’s Firefox 3.0.2 update, that prevents access to saved passwords that include international characters either in the web address the password is saved for, the login, or the password itself, has prompted planning for a quick Firefox update.

http://mozillalinks.org/wp/2008/09/quick-firefox-update-on-its-way-to-fix-saved-credentials-access-issues/

Malwarebytes' Anti-Malware 1.28

2008-09-16T05:03:00.002-04:00

Version 1.28 (September 10th, 2008)

1. (FIXED) Problem with heuristics on Windows 2000.
2. (ADDED) Better malware regeneration prevention on reboot.

http://www.malwarebytes.org/forums/index.php?showtopic=6241&view=findpost&p=27396

Download: http://www.malwarebytes.org/mbam.php

EstDomains declares global war on malware

2008-09-16T04:56:00.003-04:00

EstDomains, Inc: Global Struggle Against Malware Distribution

EstDomains, Inc, a US-based domain name Registrar, officially declares opposition to malware mongers in order to protect Internet users from attacks on their computers or stealing of their important data. EstDomains, Inc pays special attention to domain name holders' private data protection and secure money transaction operations. It can be said in all modesty that EstDomains, Inc has succeed in protecting its customers from any possible occurrence of fraudulence or cracking. However, being an eminent member of interactive community, EstDomains, Inc management along with other giants of online industry continues its struggle against malicious software distribution and is giving its best to work out even more efficient solutions for detecting malware sources.

More here (thanks Ferg).

http://feeds.feedburner.com/~r/SunbeltBlog/~3/393608199/estdomains-proclaims-global-war-on.html

Malwarebytes' Anti-Malware 1.25

2008-08-17T23:02:00.002-04:00

Version 1.25 (August 17th, 2008)

1. (FIXED) Problem with ignore list.
2. (FIXED) Problem repairing certain registry keys.
3. (FIXED) Overflow error during removal.
4. (FIXED) Improved detection of multiple components.
5. (FIXED) Drastically improved scan speed.
6. (ADDED) Advanced technology to delete files on reboot.
7. (ADDED) Ability to run a truly silent install.
8. (ADDED) Support for Chinese Simplified, Chinese Traditional and Polish languages.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?showtopic=5814&hl=

hpObserver v0.1.4

2008-08-03T23:42:00.003-04:00

Changes:

Added: Import Outpost IP Blocklist
Added: Full rDNS (including PTR)
Added: New validation mode (IP resolution only)

Modified: Updated help file

Download:

http://support.it-mate.co.uk/?mode=Products&act=DL&p=hpobserver

Homepage:

http://support.it-mate.co.uk/?mode=Products&p=hpobserver

Screenshot:

http://support.it-mate.co.uk/images/products/imghpobserver_Screenshot.gif

Thanks so much Steven for adding the new features. :-)

Malwarebytes' Anti-Malware Version 1.24

2008-07-30T22:49:00.001-04:00

Version 1.24 (July 30th, 2008)

1. (FIXED) Problem with GUI closing after program update.
2. (FIXED) False positives with Zlob and Vundo heuristics.
3. (FIXED) Improved detection of random named BHOs.
4. (ADDED) Support for Turkish language.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?showtopic=5603

Malwarebytes' Anti-Malware Version 1.21

2008-07-18T21:03:00.002-04:00

Version 1.21 (July 18th, 2008)

1. (FIXED) Problem with update hanging up application on first run.
2. (FIXED) Problem quarantining large files.
3. (FIXED) Greatly improved memory scan speed.
4. (FIXED) Updated zib.dll to latest version.
5. (ADDED) Scheduled scanning now creates log files.
6. (ADDED) Advanced heuristic detections for multiple trojans.
7. (ADDED) Direct Disk Access for enumerating folder contents.
8. (ADDED) Direct Disk Access for breaking file headers.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=23196

Malwarebytes' Anti-Malware Version 1.19

2008-06-29T22:35:00.001-04:00

Version 1.19 (June 28th, 2008)

1. (FIXED) Various problems with update.
2. (FIXED) Improved protection module stability and speed.
3. (ADDED) Advanced detection schemes for Trojan.Vundo.
4. (ADDED) Windows version number to log file.
5. (ADDED) Support for Czech language.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=21289

Malwarebytes' Anti-Malware Version 1.18

2008-06-20T18:33:00.002-04:00

Version 1.18 (June 19th, 2008)

1. (FIXED) Created new scheduling interface.
2. (FIXED) Minor glitches with Protection Module.
3. (FIXED) Problem opening help file.
4. (FIXED) System crashes during full scan.
5. (ADDED) Support for Portuguese language.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=20704

Windows XP SP3 omits critical security update

2008-06-04T21:17:00.000-04:00

Microsoft Tuesday confirmed that Windows XP SP3 (Service Pack 3) omits a critical security update issued by the company in November 2006.

The company acknowledged the omission while attempting to clarify the impact XP SP3 has on existing installations of Flash Player, an add-on that Microsoft bundled with Windows XP when it first shipped in 2001. Microsoft has patched Flash Player in the past using Windows Update, notably with the security update MS06-069 it issued Nov. 14, 2006.

MS06-069, the AWOL update, patched five vulnerabilities in Adobe's Flash Player, and was rated "critical" by Microsoft, the company's highest threat ranking.

Microsoft did not explain why the patch is missing from the service pack, which it has billed as including "all previously released updates."

Flash Player has made security news of late; last week, for example, researchers revealed that hackers were actively exploiting Flash Player 9.0.115.0, an edition released by Adobe in December 2007. On Monday, Computerworld reported that Windows XP SP3 shipped with that out-of-date and vulnerable version, rather than the newer and more secure Flash Player 9.0.124.0, which Adobe issued in early April, about two weeks before Microsoft wrapped up the service pack and began distributing it to OEMs.

http://www.infoworld.com/article/08/06/04/Windows-XP-SP3-omits-critical-security-update_1.html

XP3 changes Flash player file in System 32

2008-06-01T16:53:00.002-04:00

I noticed that after installing Windows XP Service Pack 3 that the current up to date flash player file at C:\Windows\System32\Macromed\flash.ocx was overwritten with the old 6.0 version.

Be sure to scan at Secunia Software Inspector and make sure that you have the correct version of Flash installed.

Malwarebytes' Anti-Malware 1.13

2008-05-29T22:31:00.002-04:00

Version 1.13 (May 29th, 2008)

1. (FIXED) Problems with progress bar flickering on Vista.
2. (FIXED) Minor bugs when trying to update multiple times.
3. (FIXED) Problems registering product on Unicode systems.
4. (FIXED) Highly optimized GUID scanning.
5. (ADDED) Support for Slovak and Norwegian languages.
6. (ADDED) Log file name and save date to log file.
7. (ADDED) Better detection for Vundo leftovers.
8. (ADDED) Better rootkit detection with heuristics.
9. (ADDED) New command line parameter: /register. See help file

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=19094

Malwarebytes' Anti-Malware 1.12

2008-05-05T22:42:00.002-04:00

Version 1.12 (May 5th, 2008)

1. (FIXED) Improved detection of new malware.
2. (FIXED) Minor changes to help file.
3. (FIXED) Dramatically improved Protection Module loading speed.
4. (FIXED) Minor improvements to scanning speed.
5. (FIXED) Moved drivers to proper locations.
6. (ADDED) Support for Danish language.
7. (ADDED) Registry permission fixing code.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?showtopic=4524&hl=

Microsoft Delays Windows XP Service Pack 3

2008-04-29T19:48:00.001-04:00

Microsoft is delaying the release of Service Pack 3 for Windows XP users due to a "compatibility issue" with the bundle of updates and a supply-chain solution the company markets to small- and medium-sized businesses. The software giant had previously said SP3 would be released to XP customers today via Windows Update and its software download center.

In a written statement, Microsoft said:

"In order to make sure customers have the best possible experience we have decided to delay releasing Windows XP SP3 to Windows Update and Microsoft Download Center.

http://blog.washingtonpost.com/securityfix/2008/04/microsoft_delays_windows_xp_se.html?nav=rss_blog

Mass SQL injection

2008-04-24T22:07:00.002-04:00

There's another round of mass SQL injections going on which has infected hundreds of thousands of websites.
Performing a Google search results in over 510,000 modified pages.

What happens as a result?

It finds all text fields in the database and adds a link to malicious javascript to each and every one of them which will make your website display them automatically. So essentially what happened was that the attackers looked for ASP or ASPX pages containing any type of querystring (a dynamic value such as an article ID, product ID, et cetera) parameter and tried to use that to upload their SQL injection code.

So far three different domains have been used to host the malicious content — nmidahena.com, aspder.com and nihaorr1.com. There's a set of files that gets loaded from these sites that attempts to use different exploits to install an online gaming trojan. Right now the initial exploit page on all domains are unaccessible but that could change. So if you're a firewall administrator we recommend you to block access to them.

So what should you do?

First of all, search your website logs for the code above and see if you've been hit. If so, clean up your database to prevent your website visitors from becoming infected. Second, make sure that all the data you pass to your database is sanitized and that no code elements can be stored there. Third, block access to the sites above. Fourth, make sure the software you use is patched, F-Secure Health Check is an easy way to do this. Fifth, keep your antivirus solution up-to-date.

http://www.f-secure.com/weblog/archives/00001427.html

Malwarebytes' Anti-Malware 1.10

2008-04-02T17:00:00.002-04:00

Version 1.10 (April 1st, 2008)

1. (FIXED) Installer missing Romanian translation.
2. (FIXED) Minor problem during memory scan.
3. (FIXED) Improved service scanning techniques.
4. (FIXED) Problems removing certain registry values.
5. (FIXED) Dramatically improved Protection Module speed.
6. (FIXED) Scheduler problems with Protection Module.
7. (ADDED) Advanced file scanning methods.
8. (ADDED) DNS checking and fixing.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=4138&view=findpost&p=15505

Malwarebytes' Anti-Malware 1.09

2008-03-19T21:10:00.003-04:00

Version 1.09 (March 19th, 2008)

1. (FIXED) CD-ROM and Network drives not checked by default.
2. (FIXED) Minor optimizations in Protection Module.
3. (ADDED) Jump to Location option to results list right click menu.
4. (ADDED) Support for Romanian language.
5. (ADDED) New main application icon.
6. (REMOVED) Splash form on program start.

Still working a few problems out with the Protection Module.
Please uninstall all versions before installing this one!

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?showtopic=4029&hl

Malwarebytes' Anti-Malware 1.08

2008-03-09T22:02:00.001-04:00

Version 1.08 (March 9th, 2008)

1. (FIXED) Problem creating quick launch icon.
2. (FIXED) Program not closing properly.
3. (FIXED) Errors 708/730 on Unicode systems after update.
4. (FIXED) Problems with Protection Module recognizing updates.
5. (ADDED) Support for Finnish language.
6. (ADDED) Database update after program update.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=14575

Malwarebytes' Anti-Malware 1.07

2008-03-05T19:24:00.002-05:00

Version 1.07 (March 5th, 2008)

1. (FIXED) Items in Swedish translation.
2. (FIXED) Minor problems with scanner.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=14364

Malwarebytes' Anti-Malware 1.06

2008-03-04T23:00:00.001-05:00

Version 1.06 (March 4th, 2008)

1. (FIXED) Improved certain trojan detections.
2. (FIXED) Problems with Internet Explorer termination.
3. (FIXED) Problems with 0kb files. See CatchMe addition below.
4. (FIXED) Problems loading certain settings.
5. (FIXED) Problems starting scanner from protection module.
6. (FIXED) Problems with registration information with limited users.
7. (ADDED) Support for Catalan and Bulgarian languages.
8. (ADDED) Direct disk access using CatchMe.
9. (ADDED) Start with Windows setting to Protection tab.

Product Details: Malwarebytes' Anti-Malware

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=14314

Aladdin eSafe First to Offer Dual Engine Protection from Spam and Malware

2008-03-03T20:08:00.001-05:00

Aladdin eSafe combines industry-tested, best-of-breed e-mail security
engines to comprehensively block zero-hour spam and malware in real time

CHICAGO, March 3 /PRNewswire-FirstCall/ -- Aladdin Knowledge Systems
(Nasdaq: ALDN), an information security leader specializing in
authentication, software DRM and content security, today announced the
release of Aladdin eSafe 6 Feature Release 2. This latest version of
Aladdin eSafe features dual anti-spam engines for zero-hour, best-of-breed
anti-spam and malware outbreak prevention, in addition to enhanced content
security.

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/03-03-2008/0004766045&EDATE=

http://www.aladdin.com/eSafe/mail.aspx

RogueRemover Pro Version 1.20 Program Update

2008-02-25T00:10:00.002-05:00

RogueRemover Pro Program Update

Version 1.20 (2/24/08)

1. Added support for Catalan language.
2. Changed version tab information.
3. Improved Rogue.Infector detection.
4. Rewrote cookie cleaning functions.
5. Packaged new database.

Product Details: RogueRemover Pro

http://www.malwarebytes.org/forums/index.php?s=&showtopic=2595&view=findpost&p=13718

Note: Please update via the program updater

RogueRemover Free Version 1.24 Program Update

2008-02-25T00:01:00.004-05:00

RogueRemover Free Program Update

Version 1.24 (2/24/08)

1. Changed version tab information.
2. Improved Rogue.Infector detection.
3. Packaged new database.

Product Details: RogueRemover FREE

http://www.malwarebytes.org/forums/index.php?s=&showtopic=2596&view=findpost&p=13719

Note: Please update via the program updater

Critical VMware security alert for Windows-hosted VMware client versions

2008-02-24T10:51:00.003-05:00

During the last couple of years intensive security research has been performed on virtualization environments, like VMware, Virtual PC, XEN etc. It has been mainly focused on finding new ways to detect if you are running inside a virtual machine (vs. a native host), and finding ways to escape from a virtual machine to the host (or to another virtual machine).

This new VMware vulnerability discovered by Core means a full scape from the guest virtual machine to the host is possible: "On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations."

It has been rated as critical by VMware and it affects all VMware client products on Windows, that is:

VMware Workstation 6.0.2 and earlier, AND 5.5.4 and earlier

VMware Player 2.0.2 and earlier, AND 1.0.4 and earlier

VMware ACE 2.0.2 and earlier, AND 1.0.2 and earlier

VMware on Mac OS (Fusion) and Linux are not affected by it.

By default, the shared folders feature is disabled in Workstation 6, Player 2, and ACE 2. Workstation 5, Player 1, and ACE 1 enable the shared folders feature by default, but exploiting this vulnerability still requires at least one folder to be configured as shared between the host and guest.

The impact on production environments is supposed to be limited as they tend to use the server versions. However, we, as security professionals, make an extensive use of virtualization technologies for multiple purposes: malware analysis, incident response, forensics, security testing, training, etc, and we typically use the client versions of the products, so... It is time to disable the shared folder capabilities!!, as no update or patch is available yet:

Workaround (from the VMware advisory)

Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.

To disable shared folders in the Global settings:

1. From the VMware product's menu, choose Edit > Preferences
2. In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.

To disable shared folders for the individual virtual machine settings:

1. From the VMware product's menu, choose VM > Settings.
2. In the Options tab, select Shared Folders and Disable.

http://isc.sans.org/diary.html?storyid=4018

Windows Live SkyDrive

2008-02-24T10:36:00.000-05:00

When you sign in to Windows Live SkyDrive, you're in charge
For each folder you create, you choose who has access to it. Add new folders, rename them, or change who has access at any time.

Always where you need them
5 GB of free online storage, available from any computer with Internet access.
Create personal, shared, and public folders -- you decide who has access to each folder.
Windows Live SkyDrive works well on any Windows or Macintosh computer with Firefox 1.5 or higher, or Internet Explorer 6 or higher.

How we help protect your files
Your personal folders are password-protected with your Windows Live ID, so only you have access.
When you create a shared folder, the friends you're sharing with need to sign in with their own Windows Live ID and password.
Just like at your online bank, all file transfers are protected using Secure Socket Layers (SSL).

Personal
Use personal folders to back up important files that are only for you.
Get to your files from any computer with Internet access by signing in with your Windows Live ID.

Shared
Shared folders make it easy to collaborate with coworkers or classmates.
You decide how much control each person has over each shared folder. Some can just read what's there: others can add and delete files.
Everyone who is sharing uses their own Windows Live ID.

Public
With public folders, anyone on the Internet can view your files, but they can't change them.
Want to show your public files to others? Just send them a link! Each folder and file has its own web address.

http://skydrive.live.com/

Getting ready for Vista SP1

2008-02-24T10:24:00.002-05:00

Donna, admin owner of the site Calendar Of Updates has put together a great tutorial about what to do before installing Windows Vista SP1.

Check out what she has to say about it here. I know you will learn more about what you need to do after reading her article.

Malwarebytes’ Anti-Malware 1.05

2008-02-24T10:12:00.002-05:00

Version 1.05 (February 21st, 2008)

1. (FIXED) Faster response to scan abort.
2. (FIXED) Minor bug detecting registry values.
3. (FIXED) Better uninstall support.
4. (FIXED) Better abort scan cleanup.
5. (ADDED) Improved Zlob detection.

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3283&view=findpost&p=13547

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

Product Details: Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware Version 1.04

2008-02-18T19:50:00.002-05:00

Version 1.04 (February 18th, 2008)

1. (FIXED) Minor bug in Winsock LSP repair.
2. (FIXED) Improved autostart detection.
3. (FIXED) Flicker of desktop during update.
4. (FIXED) Quarantine problem with restoring files with no folder.
5. (ADDED) CatchMe driver for better file deletion.
6. (ADDED) Delete on reboot for registry items.
7. (ADDED) Support for Swedish language.

http://www.malwarebytes.org/forums/index.php?showtopic=3593&hl=

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

Product Details: Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware Version 1.02

2008-02-03T18:40:00.000-05:00

Malwarebytes Anti-Malware Version 1.02 (February 3rd, 2008)

1. (FIXED) Problems with Protection Module.
2. (FIXED) Language resetting to English on reinstall.
3. (FIXED) New log naming conventions.
4. (FIXED) New locations of certain files and registry entries.
5. (ADDED) New mirror to update tab.
6. (ADDED) Help button in about tab.
7. (ADDED) Latest news now gets saved and loaded on start.
8. (ADDED) Support for Albanian and Hungarian languages.

http://www.malwarebytes.org/forums/index.php?s=&showtopic=3448&view=findpost&p=12766

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

Download: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Malwarebytes Anti-Malware 1.00 Final

2008-01-22T21:34:00.000-05:00

Key features

Support for Windows 2000, XP, and Vista
Light speed quick scanning.
Ability to perform full scans for all drives.
Malwarebytes' Anti-Malware Protection Module. (requires registration)
Database updates released at least once every two days.
Quarantine to hold threats and restore them at your convenience.
Ignore list for both the scanner and Protection Module.
Settings to enhance your Malwarebytes’ Anti-Malware performance.
A small list of extra utilities to help remove malware manually.
Multi-lingual support.
Works together with other anti-malware utilities.
Command line support for quick scanning.
Context menu integration to scan files on demand.

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

http://www.malwarebytes.org/mbam.php

Spammer infects Google Search Index

2007-10-01T11:59:00.000-04:00

A GOOGLE watchdog site has barked the claim that the search engine has been hacked by a spammer.

The Google Watchdog says here that the spammer wormed their way into the Google index without being caught. And suddenly some searches began returning a large number of Chinese sites.

These sites are often nicked content from legitimate US websites but the legitimate sites are being ranked below the scammed ones.

http://www.theinquirer.net/gb/inquirer/news/2007/10/01/spammer-infects-google-search

Triple-play protection from McAfee

2007-10-01T10:56:00.000-04:00

McAfee, Inc.
(NYSE: MFE) today announced its 2008 security solutions will provide
consumers with the industry's first triple-play protection, securing
consumers' PCs, Web experiences, and mobile phones with one offering to
lead the industry with security solutions unavailable anywhere else.

http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/10-01-2007/0004672981&EDATE=

Firefox 2.0.0.7

2007-09-18T18:32:00.000-04:00

Release Date:
September 18, 2007

Security Update:
The following security issue was fixed.

Download: http://en-us.www.mozilla.com/en-US/firefox/all.html

Germans spot Chinese spy attacks

2007-08-27T22:58:00.000-04:00

Germany joined a group of at least four other countries that have been targeted by hackers apparently located in China, according to a media report published on Monday.

The report, which came in this week's edition of Der Spiegel, fingered the world's largest nation as the source of Internet attacks which have stolen sensitive data from German government ministries. The article described the hallmarks of targeted Trojan-horse programs that have previously attacked -- and likely continue to attack -- companies and government agencies in Australia, Canada, the United Kingdom and the United States, according to computer-security experts.

http://www.securityfocus.com/brief/577

Double Whammy! Another Sony Case (And it's Not BioShock)

2007-08-27T22:51:00.000-04:00

QUOTE:
Biometrics – yes. BioShock – no.

Hypothetical: Imagine that you visit your local mall and browse around for stuff to buy. And you decide to buy a new CD from your favorite artist and you also buy a brand new cool USB stick thingy on an impulse. You go home and stick the CD into your laptop's CD drive. It prompts you to install some software. You do so and while you are listening to the music, you open the USB stick package and start experimenting with your new toy. It has a fingerprint reader so you install the software for that as well. Guess what… you might have just installed, not one, but two different rootkit-like software on your laptop.

We received a report that our F-Secure DeepGuard HIPS system was warning about a USB stick software driver. The USB stick in question has a built-in fingerprint reader. The case seemed unusual so we ordered a couple of USB sticks with fingerprint authentication. We installed the software on a test machine and were quite surprised to see that after installation our F-Secure BlackLight rootkit detector was reporting hidden files on the system.

http://www.f-secure.com/weblog/archives/archive-082007.html#00001263

Vista Validation Issue Fixed

2007-08-26T21:17:00.000-04:00

Quote:

We've been receiving reports on our forum and through customer service starting last night that Windows Vista validations have been failing on genuine systems. It looks now as though the issue has been resolved and validations are being processed successfully.

Customers who received an incorrect validation response can fix their system by revalidating on our site (http://www.microsoft.com/genuine). We encourage anyone who received a validation failure since Friday evening to do this now. After successfully revalidating any affected system should be rebooted to ensure the genuine-only features are restored.

http://blogs.msdn.com/wga/archive/2007/08/25/validation-issue-fix.aspx

Vista Validation 0xC004C4A5 Errors

2007-08-25T17:23:00.000-04:00

PLEASE READ (Or read the latest post for resolution steps)

http://forums.microsoft.com/Genuine/ShowPost.aspx?PostID=2054756&SiteID=25

Validation issues - Microsoft is having WGA server problems

2007-08-25T16:14:00.000-04:00

Users of valid copies of Microsoft Vista ran into problems when trying to update their Vista installations.

Read more about it here.

RogueRemover DataBase Version 147 (8/16/07)

2007-08-17T17:53:00.000-04:00

[Added]
VideoAccessCodec, Video iCodec

[Updated]
Rogue.Infector, Rogue.Misc, virusProtectPro, Video ActiveX Access

[Removed]
No applications were delisted.

[Notes]
RogueRemover Free and RogueRemover PRO now targets 371 rogue programs.
RogueRemover PRO now immunizes against 2970 rogue sites

http://www.malwarebytes.org/rogueremoverpro.php

The RogueRemover database is now available to be browsed at:
http://www.malwarebytes.org/rogueremoverpro_database_history.php

Posted at Forum:
http://www.malwarebytes.org/forums/index.php?s=&showtopic=1096&view=findpost&p=7735

Note: Please update via the program updater

MPack: Getting More Dangerous

2007-08-16T17:30:00.000-04:00

In our previous alert we discussed ‘What is Mpack and how it works’. We had reviewed MPack version 0.84 in our previous blog. This time we will compare it with an updated version, MPack v 0.91.

1. The exploits include the existing ones present in v0.84. The list of exploits is present at the end of this blog.

2. There have been some changes to the management and reporting interface. A new file admin.php is introduced and stats.php has been removed.

The developers of the tool kit have provided admin.php for secure control and configuration of the Mpack installation. The Mpack owner can set username and password protection through settings.php.

http://www.symantec.com/enterprise/security_response/weblog/2007/08/mpack_getting_more_dangerous.html

Symantec, Intel work on microchip-level VM security

2007-08-15T16:14:00.000-04:00

August 15, 2007 (Reuters) -- Symantec Corp and Intel Corp are jointly developing security products that could be built into tiny computer microprocessors, Symantec Vice President Rowan Trollope said on Tuesday.

The program, dubbed Project Hood, is part of an effort by both companies to expand their use of virtualization technology, or using software to replicate entire computer systems.

They are developing software security "appliances" that would work with virtualization technology that Intel is already incorporating into its computer chips, Trollope said.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9030767

Flash vulnerability reveals open ports

2007-08-15T00:32:00.000-04:00

From http://scan.flashsec.org/:

Summary
Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS.

You can see a proof of concept at the site, and it's quite interesting to watch. This happens inside your firewalled network, just by browsing the internet.

http://sunbeltblog.blogspot.com/2007/08/flash-vulnerability-reveals-open-ports.html

Microsoft Security Bulletin Summary for August 2007

2007-08-14T18:07:00.000-04:00

Published: August 14, 2007

6 Critical:

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

Cumulative Security Update for Internet Explorer (937143)

Vulnerability in GDI Could Allow Remote Code Execution (938829)

Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

3 Important:

Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782)

Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)

Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx

Malwarebytes' Anti-Malware MBAM 0.67 Beta

2007-08-11T22:24:00.000-04:00

Version 0.67 Beta (August 10th, 2007)

1. (FIXED) Improved erasing of arrays.
2. (FIXED) Improved expansion of variables.
3. (FIXED) Database support on Unicode systems.
4. (FIXED) Corrupted encryption of quarantine items.
5. (ADDED) Old version of database in update success screen.
6. (ADDED) Ability to enable/disable context menu.

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

You must download the beta by going to the site below
http://www.malwarebytes.org/beta

Please use built in updater.
Post all bugs here.

Microsoft Security Bulletin Advance Notification for August 2007

2007-08-09T19:20:00.000-04:00

This is an advance notification of nine security bulletins that Microsoft is intending to release on August 14, 2007.

Microsoft Security Bulletin Advance Notification issued: August 9, 2007
Microsoft Security Bulletins to be issued: August 14, 2007

http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx

What to do before Patch Tuesday? at http://www.dozleng.com/updates/index.php?showtopic=9112

Microsoft will host a webcast to address customer questions on these bulletins on August 15, 2007, at 11:00 AM Pacific Time (US & Canada). Register now for the August Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Red Curtain

2007-08-09T17:20:00.000-04:00

MANDIANT Red Curtain is software for Incident Responders that assists with the analysis of malware. MRC examines executable files (e.g., .exe, .dll, and so on) to determine how suspicious they are based on a set of criteria. It examines multiple aspects of an executable, looking at things such as the entropy (in other words, randomness), indications of packing, compiler and packing signatures, the presence of digital signatures, and other characteristics to generate a threat "score." This score can be used to identify whether a set of files is worthy of further investigation.

http://www.mandiant.com/mrc

Malwarebytes' Anti-Malware MBAM 0.66 Beta

2007-08-07T22:01:00.000-04:00

Version 0.66 Beta (August 6th, 2007)

1. (FIXED) Problems with initial memory scan.
2. (FIXED) HKCU key expansion.
3. (FIXED) Problem with complex infections not being detected.
4. (FIXED) Problem with modules being confused as processes.
5. (FIXED) Improved overall stability and speed of entire application.
6. (ADDED) More details to log.
7. (REMOVED) Registry permission code, to buggy.

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

You must download the beta by going to the site below.
http://www.malwarebytes.org/beta

Please use built in updater.
Post all bugs here.

Rogue Remover & Pro database update 08/04/2007 {v146}

2007-08-05T01:29:00.000-04:00

Version 146 (8/04/07)

[Added]
No applications were added.

[Updated]
Rogue.Infector, Video ActiveX Access

[Removed]
No applications were delisted.

[Notes]
No further comments

http://www.malwarebytes.org/rogueremoverpro.php

The RogueRemover database is now available to be browsed at:
http://www.malwarebytes.org/rogueremoverpro_database_history.php

Posted at Forum:
http://www.malwarebytes.org/forums/index.php?s=&showtopic=1096&view=findpost&p=7113

Note: Please update via the program updater

Malwarebytes' Anti-Malware MBAM 0.65 Beta

2007-08-05T00:06:00.000-04:00

Version 0.65 Beta (August 4th, 2007)

1. (FIXED) Optimized database HKEY expansion.
2. (FIXED) Problem with timer counting every 10 seconds.
3. (FIXED) Minor problems with LoadDatabase().
4. (FIXED) Problem with %WINDIR% variable.
5. (ADDED) Compression to database.

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

Note: You must download the beta by going to the site below.
http://www.malwarebytes.org/beta

Note: You may need to view your e-mail as you probably are not able to download the file using the build in updater.
Post all bugs here.

Malwarebytes' Anti-Malware MBAM 0.64 Beta

2007-08-03T01:56:00.000-04:00

Version 0.64 Beta (August 3rd, 2007)

1. (FIXED) Problem with logfiles not creating properly.
2. (FIXED) Various UI improvements.
3. (ADDED) Language strings for monitor.
4. (ADDED) Better error handling to LoadDatabase().
5. (ADDED) Shell context menu.
6. (ADDED) Better program termination cleanup code.

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

http://www.malwarebytes.org/beta

Please use built in updater. Post all bugs here.

We are nearing a release date.

Malwarebytes' Anti-Malware MBAM 0.63 Beta

2007-08-03T00:58:00.000-04:00

Version 0.63 Beta (August 2nd, 2007)

1. (FIXED) Memory leak with program not terminating properly.
2. (FIXED) Settings not saving correctly under certain conditions.
3. (FIXED) Language not loading immediately after being selected.
4. (FIXED) Further compressed certain images.
5. (ADDED) Description of rootkit detection in results list.

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

http://www.malwarebytes.org/beta

Please use built in updater. Post all bugs here.

WinPatrol 2007(Version 12)

2007-08-02T21:57:00.000-04:00

Quote from Bill Pytlovany:

I'm again pleased to announce a new and improved WinPatrol. Thank you for telling your friends and co-workers about WinPatrol. In November we'll be celebrating the 10th Anniversary of WinPatrol. It wouldn't have been possible without your support.

What's New

A. New Scotty Icon
You'll see a brand new icon in your taskbar. Many users are using the default dark theme in Vista and have suggested a new icon so they can see Scotty and feel more secure.

B. Two New Report Options
Folks have been asking for more information especially for helping their friends and family fix problems. Our new version includes two new output formats designed to help diagnose any problem.

1. HijackPatrol Log
The new HijackPatrol Log button on the options screen will create and display a style of output familiar to many online helpers. HiJackPatrol.logs aren't exact duplicates of the popular HijackThis log or meant to replace them but the format should be familiar. HijackPatrol logs will also contain additional information which is routinely monitored by WinPatrol.
2. SpreadSheet Log
Important details will be output in a CSV(Comma Separated Value) format popular with spreadsheets and many database programs. WinPatrol users will be able to sort all their system data in any format they want.

C. Easy Access to PLUS Info
Program properties and PLUS Info have been combined into a single page of information from our extensive online library. Instead of multiple steps, you can now just double click on any filename to access the new improved PLUS format. Free WinPatrol users will also see improved information to help them decide if a program is worthy.

D. PLUS Requests updated for future expansion
This change also allows us to expand our PLUS Info response and provide more specific and helpful information based on more than just a filename. You'll see some additions immediately when using WinPatrol 2007 version 12.

E. Bugs Fixed
Yea, I found one or two
1. Fix size bug in autodetection of Explorer/Run/Policy autostart entry
2. Auto correct screen position errors on multiple monitor systems when registry has been corrupted.
3. Local flag sent for any country code and not just ones currently supported
4 .Secret Startup location checkbox now available immediately after entering PLUS name/code.
5. Found solution to why Scotty's bark was silent in Vista.
6. Fixed bug reading large HOST, WinPatrol History and Netscape Cookie files

Thank you for your support!

http://www.winpatrol.com/upgrade.html

Malwarebytes’ Malware Upload Center

2007-08-01T15:28:00.000-04:00

Malware is always mutating and new variants are emerging everyday. If you should discover a file on your computer that our Malwarebytes’ Anti-Malware doesn’t recognize as malware while you suspect it is, then Malwarebytes is inviting you to submit these suspicious file for analysis by our experts.

You can simply send this file to our anti-malware team for investigation by uploading it here.

http://uploads.malwarebytes.org/

Malwarebytes' Anti-Malware MBAM 0.62 Beta

2007-08-01T15:20:00.000-04:00

Version 0.62 Beta (July 31st, 2007)

1. (FIXED) Minor optimizations in code.
2. (FIXED) Tabstops in correct order.
3. (FIXED) Shrunk filesize of images.
4. (FIXED) Issues with lockup deleting registry key.
5. (FIXED) Issues with lockup terminating processes.
6. (FIXED) Optimized trim function firing.
7. (FIXED) Changed module enumeration code.
8. (ADDED) Regular file check before rootkit check.
9. (REMOVED) Startup progress bar. It was unnecessary.

Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

http://www.malwarebytes.org/beta

Please use built in updater. Post all bugs here.

Malwarebytes' Anti-Malware MBAM 0.60 Beta

2007-07-28T23:58:00.000-04:00

Version 0.60 Beta (July 28th, 2007)

1. (FIXED) Changed installer images.
2. (FIXED) Problem will 'Full Scan' showing no drives selected prompt.
3. (FIXED) Issue with setting saving with extra space in registry.
4. (ADDED) Initial license code implementation.

Please use built in updater.
Post all bugs here.

After updating to 0.60 don't forget to update again to download the latest database version 100.

Malwarebytes Anti-Malware MBAM 0.56 Beta

2007-07-25T11:10:00.000-04:00

Malwarebytes' Anti-Malware (MBAM) public beta (build 056)

[Changes]

1. (FIXED) Major bug with home path not being read correctly.
2. (FIXED) Improved heuristics scanning speed.
3. (ADDED) Anonymous submission to threat center.
4. (ADDED) Build version variable of database [internal addition].
5. (ADDED) Custom built listview for results list.

Please use the built in updater. There may be problems with the listviews, please let me know if you see any.

http://www.malwarebytes.org/forums/index.php?showtopic=2093

Malwarebytes Anti-Malware beta 1 (build 055)

2007-07-24T13:32:00.000-04:00

Malwarebytes' Anti-Malware (MBAM) public beta 1 (build 055)

[Changes]

(ADDED) Scheduling options which will be available with the monitor.
(ADDED) /quickscan switch for scheduling.
(ADDED) /update switch for scheduling.
(ADDED) Finalized multi-language implementation. Language settings.
(ADDED) FileASSASSIN functionality under More Tools.
(ADDED) Handle closing code to module handler.
(FIXED) Minor optimizations in scanning code.
(FIXED) Installer sets language correctly now.
(FIXED) Changed module handler function to __stdcall.
(FIXED) Altered the way MBAM loads manifest files.
(FIXED) Changed location of installation directory.

It is suggested that you uninstall and then install the latest version. Please use the built in updater. It will download the latest installer into C:\Program Files\Malwarebytes. Remove it and copy it to your desktop. Uninstall Malwarebytes' Anti-Malware 0.54 Beta and delete the directory C:\Program Files\Malwarebytes. Now install the latest version. These steps will not need to be taken on any other versions, only due to the changed location of the new installation directory.

http://www.malwarebytes.org/forums/index.php?showtopic=2082

Malwarebytes Anti-Malware

2007-07-17T19:55:00.000-04:00

It is finally here. The program you have been waiting for for months.

Malwarebytes' Anti-Malware (MBAM) public beta 1 (build 054)
Microsoft Internet Explorer 5.5 or higher.
250MHZ processor with at least 64mb of RAM.
Windows 2000, NT, XP, or Vista.
3MB of available free space on hard drive.
Internet access for updating definitions.

http://www.malwarebytes.org/forums/index.php?showtopic=2050
http://www.malwarebytes.org/beta

RogueRemover Database 141

2007-07-04T14:57:00.000-04:00

(4jul07) RogueRemover Free and RogueRemover PRO databases updated to version 141.

[Added]
No applications were added.

[Updated]
Rogue.Infector, Rogue.Misc

[Removed]
No applications were delisted.

[Notes]
No further comments

[Immunization]
RogueRemover Pro now immunizes against 2880 rogue sites.

Note: Please update via the program updater

http://www.malwarebytes.org/rogueremoverpro.php

The RogueRemover database is now available to be browsed at:
http://www.malwarebytes.org/rogueremoverpro_database_history.php

Posted at Forum:
http://www.malwarebytes.org/forums/index.php?s=&showtopic=1096&view=findpost&p=5977

RogueRemover Database 138

2007-06-25T22:24:00.000-04:00

(25jun07) RogueRemover Free and RogueRemover PRO databases updated to version 138.

[Added]
VirusLocker

[Updated]
Rogue.Infector, Rogue.Misc, SpyCrush, Video ActiveX Access, WinAntiSpyware 2007

[Removed]
No applications were delisted.

[Notes]
No further comments

[Immunization]
RogueRemover Pro now immunizes against 2832 rogue sites.

Note: Please update via the program updater

http://www.malwarebytes.org/rogueremoverpro.php

The RogueRemover database is now available to be browsed at:
http://www.malwarebytes.org/rogueremoverpro_database_history.php

Posted at Forum:
http://www.malwarebytes.org/forums/index.php?s=&showtopic=1096&view=findpost&p=5739

RogueRemover Pro Version 1.14

2007-06-13T19:53:00.000-04:00

Program update Version 1.14 (6/13/07)

1. Added removal notification in logfile.
2. Fixed bug with monitor status being invalid.
3. Packaged new database.

RogueRemover PRO program update history:
http://www.malwarebytes.org/rogueremoverpro_history.php

Download:
http://www.malwarebytes.org/rogueremoverpro.php

Note: Exisiting users can use the check for updates function on the program and follow the prompts.

RogueRemover Version 1.20

2007-06-13T19:48:00.000-04:00

Program Update Version 1.20 (6/13/07)

1. Added removal notification in logfile.
2. Packaged new database.

http://www.malwarebytes.org/rogueremover_history.php

Download:
http://www.malwarebytes.org/rogueremover.php

Note: Exisiting users can use the check for updates function on the program and follow the prompts.

New Security site in Town :~)

2007-06-03T16:03:00.000-04:00

I'm pleased to announce a new security forum has opened, Montana Menagerie, managed by JeanInMontana.

I'm sure that there will be lots of good security information to come very soon.
Now its time for you to check it out: http://z6.invisionfree.com/Montana_Menagerie/index.php?act=site

You will need to Register to be a new member.

Enjoy!!!!

Ad-Aware 2007 Premiere

2007-06-03T03:33:00.000-04:00

The premiere of Ad-Aware 2007 is only days away, and an all-new Ad-Aware anti-spyware will be available online June 7, and on U.S. retail shelves shortly thereafter.

At Lavasoft, our mission is to develop and deliver the highest quality anti-spyware solutions, in order to give computer users the power to control their privacy and security. Ad-Aware 2007 is Lavasoft’s answer to the rapidly changing threat landscape in today’s cyber world. The fully redesigned Ad-Aware 2007 has a new architecture that allows for more program flexibility and improved malware detection as the industry continues to grow in sophistication.

The 2007 product will be released in three different versions: Ad-Aware 2007 Pro, Ad-Aware 2007 Plus, and Ad-Aware 2007 Free (formerly known as Personal). Take a look at the host of new features included in Ad-Aware 2007 Pro, Plus, and Free by clicking on the product boxes below.

While Ad-Aware 2007 will not be Vista compatible right away, a Vista compatible version (32-bit) will be released at the end of August, and all Ad-Aware users with a valid license will immediately receive the Vista compatible version update upon its release.

http://www.lavasoft.com/company/newsletter/2007/5_31/article1.html

Malwarebytes Chatroom launched

2007-05-03T21:17:00.000-04:00

Wanta talk about malware and rogue programs?

Malwarebytes has launched its own Chatroom. :~)

http://www.malwarebytes.org/chatroom.php

(NEW!) StartUpLite 1.00

2007-04-02T23:59:00.000-04:00

StartUpLite is a lightweight program that can disable or remove all known unnecessary startup entries from your computer and thus quicken the startup procedure of your system.

Simply download StartUpLite from the link below and save it to a convenient location. Double click on StartUpLite.exe. Select all options you would like executed and select continue.

Compatible with Windows 2000, NT, XP, Vista

http://www.malwarebytes.org/startuplite.php

RogueRemover 1.14

2007-03-27T20:09:00.000-04:00

Program Update Version 1.14 (3/26/07)

*Added ability to download program updates.
*Fixed minor typos.
*Improved installer.
*Made rogue reporting a bit easier/clearer.
*Minor bug fixes to scanner.
*Major changes to interface.
*Packaged new database.
*Renamed installer.

History:
http://www.malwarebytes.org/rogueremover_history.php

Download:
http://www.malwarebytes.org/rogueremover.php

Trend Micro HijackThis™

2007-03-11T20:20:00.000-04:00

Trend Micro™ HijackThis™ is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no seperation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your scan results identified as malicious or unwanted from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

*Trend Micro does not officially support HiJackThis.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

RogueRemover Pro Version 1.08

2007-03-09T17:57:00.000-05:00

Version 1.08 (3/08/07)

Added support for Italian, Portuguese (Brazil), Slovak, Spanish and Turkish languages.
Changed some language names and flag images.
Fixed monitoring bug.
Fixed cookie scanning bug.
Improved environmental variable expansion techniques.
Packaged new database.

RogueRemover PRO program update history:
http://www.malwarebytes.org/rogueremoverpro_history.php
Download:
http://www.malwarebytes.org/rogueremoverpro.php

SpyBye 0.2

2007-03-04T14:49:00.000-05:00

Integration with ClamAV. In addition to applying SpyBye's heuristics for determining if a site is potentially malicious, everything now also gets scanned for malware/spyware by ClamAV.

More consistent logging - all requests are logged to syslog now.

Improved Javascript sanitization for those web pages that try to break out of frames.

http://www.spybye.org/index.php?/archives/7-SpyBye-0.2-released.html

Proxy Configuration
To use SpyBye set your proxy to http://www.spybye.org:8080.
Then visit http://spybye.org/.

The SwitchProxy Firefox extension might help.

Installation Instructions
Follow these instructions to install SpyBye.

RogueRemover Database Version 109

2007-03-01T19:32:00.000-05:00

Database Version 109 (3/1/07)

[Added]
CodeClean, Malware Scanner, Neospace Internet Security

[Updated]
Trust Cleaner

[Removed]
Registry Rinse

[Notes]
Visit the new Malwarebytes Blog.

http://www.malwarebytes.org/rogueremoverpro_database_history.php

http://www.malwarebytes.org/database.php

New Storm Trojan variant spreads in blogs, forums, Webmail

2007-02-27T17:50:00.000-05:00

A new variant of the "Storm" Trojan is injecting its come-on into blogs, Web-based message forums and Webmail as part of an effort to spread itself to an ever-widening net of PCs, according to a security researcher.

Dmitri Alperovitch, principal research scientist at Secure Computing, said today that the Trojan -- best known as the "Storm worm" but also pegged as "Peacomm" and half a dozen other names by anti-virus vendors -- is using a novel approach to spread. "This is a really neat twist, through the Web channel," said Alperovitch.

An initial infection is still carried out via e-mail, which touts a link that when clicked downloads a number of malware components to a victimized machine. Once on a PC, however, the malicious code injects itself into the network stack as a rootkit and analyzes all outbound Web traffic

"It has hooks for boards, e-mail, and blogs," said Alperovitch. When a user on an infected PC posts a message to a forum or blog, or sends a message via popular Web-based mail services such as Hotmail, Gmail, and Yahoo Mail the Trojan adds text to the entry or message.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011903

iTunes and Windows Vista

2007-02-24T23:09:00.000-05:00

iTunes 7.0.2 may work with Windows Vista on many typical PCs. Apple recommends, however, that customers wait to upgrade Windows until after the next release of iTunes which will be available in the next few weeks. This document will be updated as more information becomes available.

If you are upgrading to Windows Vista or have purchased a new computer with Windows Vista pre-installed, here is some information you may find helpful:
Compatibility with Windows Vista

Apple is preparing to address a number of iTunes compatibility issues in the next release of the software.

Some currently known compatibility issues with iTunes 7.0.2 and earlier versions include:

iTunes Store purchases may not play when upgrading to Windows Vista from Windows 2000 or XP.
iPod models with the "Enable Disk Use" option turned off may be unable to update or restore iPod software, and make changes to iPod settings.
iPod models configured to Auto Sync and have the "Enable Disk Use" option turned off may require being ejected and reconnected to resync
Ejecting an iPod from the Windows System Tray using the "Safely Remove Hardware" feature may corrupt your iPod. To always safely eject an iPod, choose Eject iPod from the Controls menu within iTunes.
Cover Flow animation may be slower than expected.
Contacts and calendars will not sync with iPod.

http://docs.info.apple.com/article.html?artnum=305042

Secunia Software Inspector

2007-02-24T18:10:00.000-05:00

Run the Secunia Software Inspector to make sure that your system is up-to-date:
http://secunia.com/software_inspector/

Minimum Requirements in running the Software Inspector of Secunia:

Windows 2000, Windows XP, or Windows 2003

Sun Java JRE 1.5.0_06

Internet Explorer 6.x, Opera 9.x, or Firefox 1.5.x

Latest version of Microsoft Windows Update

Note: To receive reminder via email on the above, simply go to Secunia Software Inspector website, click "Reminder Service" at the right.

Microsoft Network Monitor 3

2007-02-21T18:34:00.000-05:00

Brief Description
Network Protocol Analyzer
Tool to allow capturing and protocol analysis of network traffic.

Overview
Network Monitor 3.0 is a protocol analyzer. It allows you to capture network traffic, view and analyze it. This version is a complete overhaul of the previous Network Monitor 2.x version.

System Requirements

Supported Operating Systems: Windows Server 2003; Windows Server 2003 x64 editions; Windows Vista; Windows Vista Business 64-bit edition; Windows XP; Windows XP 64-bit

It is suggested that you have a CPU of 1GHz or greater, 1G or greater of Memory and 25 Megs of available Hard Disk space, plus room for capture files.

http://www.microsoft.com/downloads/details.aspx?familyid=aa8be06d-4a6a-4b69-b861-2043b665cb53&displaylang=en&tm

Windows Genuine Advantage Notification (KB905474)

2007-02-21T18:04:00.000-05:00

Date last published: 2/21/2007
Download size: 1.2 MB
The Windows Genuine Advantage Notification tool notifies you if your copy of Windows is not genuine. If your system is found to be a non-genuine, the tool will help you obtain a licensed copy of Windows.

http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

http://www.microsoft.com/genuine/downloads/WhyValidate.aspx

RegASSASSIN 1.01 (Feb 11th, 2007)

2007-02-12T00:04:00.000-05:00

RegASSASSIN is a portable utility that can remove stubborn registry keys by resetting the key's permissions and then deleting it.

Simply download RegASSASSIN from the link below, unzip the file, and run RegASSASSIN.exe. Next, enter a registry key and choose the options you would like. Finally select delete to to execute the options.

Compatible with Windows 2000, NT, XP, Vista

http://www.malwarebytes.org/regassassin.php

FileASSASSIN 1.04 (Feb 11th, 2007)

2007-02-12T00:00:00.000-05:00

FileASSASSIN can delete locked malware files on your system. It uses advanced techniques to unload modules, close remote handles, and terminate processes to allow the removal of the file.

Simply download FileASSASSIN from the one of the links below, unzip the file, and run the installer. Start FileASSASSIN and select a file by dragging it onto the text area or select it using the (...) button. Next, select a removal method from the list. Finally, click delete and the removal process will commence.

Compatible with Windows 2000, NT, XP, Vista

http://www.malwarebytes.org/fileassassin.php

RogueRemover PRO 1.05

2007-02-04T01:58:00.000-05:00

View program history:
http://www.malwarebytes.org/rogueremoverpro_history.php

View database history:
http://www.malwarebytes.org/rogueremoverpro_database_history.php

Download:
http://www.malwarebytes.org/rogueremoverpro.php

RegASSASSIN 1.00

2007-01-16T22:21:00.000-05:00

RogueRemover PRO 1.03 Beta

2007-01-15T22:17:00.000-05:00

Computer users worldwide are being targeted by so-called rogue applications. These programs are disguised, for instance, as trustworthy anti-spyware programs or registry cleaners. But they are only put on the market to scare you into buying these programs because they make exaggerated claims about the safety of your computer or, worse still, give erroneous scan results or put their own spyware in your system. These programs mutate like viruses but there is a program that targets them in return: Rogue Remover PRO.

RogueRemover PRO already has its share of admirers. It's a simple and easy to use program that can detect and remove most of these rogue applications. It has an ever growing database that contains more and more of these rogue programs.

But now there is RogueRemover PRO. It has the acclaimed realtime RogueMonitor which will alert you if you want to download a rogue program. And if you already did download such a rogue application, RogueRemover PRO will let you remove it with a simple push on a button. Furthermore, RogueRemover PRO has the option to immunize your computer against you visiting a rogue website ever again.

You need to protect yourself against all that is evil on the internet. Of course you have an up to date anti-virus-program and an anti-spyware-program but in this ever changing world that is not enough anymore. As the threats evolve your defence against them must evolve with them. RogueRemover PRO is especially designed with that in mind. We from malwarebytes are in the forefront of this new battle. RogueRemover PRO will protect and warn you, detect and delete most of these programs that are considered rogue in the world of internet threats. Internet piracy stops at your doorstep when you start using RogueRemover PRO.

In short, RogueRemover PRO will greatly enhance your sense of security and privacy. Never again will you or your family be put in a position to buy software that you do not need and that can even potentially be damaging to your computer.

Compatible with Windows 2000, NT, XP

Download:   http://www.malwarebytes.org/rogueremoverpro.php

View program history:   http://www.malwarebytes.org/rogueremoverpro_history.php

View database history:   http://www.malwarebytes.org/rogueremoverpro_database_history.php

RogueRemover PRO 1.02

2007-01-14T00:54:00.000-05:00

Computer users worldwide are being targeted by so-called rogue applications. These programs are disguised, for instance, as trustworthy anti-spyware programs or registry cleaners. But they are only put on the market to scare you into buying these programs because they make exaggerated claims about the safety of your computer or, worse still, give erroneous scan results or put their own spyware in your system. These programs mutate like viruses but there is a program that targets them in return: Rogue Remover PRO.

RogueRemover PRO already has its share of admirers. It's a simple and easy to use program that can detect and remove most of these rogue applications. It has an ever growing database that contains more and more of these rogue programs.

But now there is RogueRemover PRO. It has the acclaimed realtime RogueMonitor which will alert you if you want to download a rogue program. And if you already did download such a rogue application, RogueRemover PRO will let you remove it with a simple push on a button. Furthermore, RogueRemover PRO has the option to immunize your computer against you visiting a rogue website ever again.

You need to protect yourself against all that is evil on the internet. Of course you have an up to date anti-virus-program and an anti-spyware-program but in this ever changing world that is not enough anymore. As the threats evolve your defence against them must evolve with them. RogueRemover PRO is especially designed with that in mind. We from malwarebytes are in the forefront of this new battle. RogueRemover PRO will protect and warn you, detect and delete most of these programs that are considered rogue in the world of internet threats. Internet piracy stops at your doorstep when you start using RogueRemover PRO.

In short, RogueRemover PRO will greatly enhance your sense of security and privacy. Never again will you or your family be put in a position to buy software that you do not need and that can even potentially be damaging to your computer.

Compatible with Windows 2000, NT, XP

Download: http://www.malwarebytes.org/rogueremoverpro.php

View program history: http://www.malwarebytes.org/rogueremoverpro_history.php

View database history: http://www.malwarebytes.org/rogueremoverpro_database_history.php

Microsoft Windows Explorer WMF File Denial of Service Vulnerability

2007-01-11T15:08:00.000-05:00

Failure to Handle Exceptional Conditions

Published: Jan 10 2007 12:00AM

Updated: Jan 11 2007 06:30PM

Credit: Orbital is credited with the discovery of this vulnerability.

Vulnerable:
Microsoft Windows XP Tablet PC Edition SP2

Microsoft Windows XP Tablet PC Edition SP1

Microsoft Windows XP Tablet PC Edition

Microsoft Windows XP Professional x64 Edition

Microsoft Windows XP Professional SP2

Microsoft Windows XP Professional SP1

Microsoft Windows XP Professional

Microsoft Windows XP Media Center Edition SP2

Microsoft Windows XP Media Center Edition SP1

Microsoft Windows XP Media Center Edition

Microsoft Windows XP Home SP2

Microsoft Windows XP Home SP1

Microsoft Windows XP Home

Microsoft Windows XP 64-bit Edition Version 2003 SP1

Microsoft Windows XP 64-bit Edition Version 2003

Microsoft Windows XP 64-bit Edition SP1

Microsoft Windows XP 64-bit Edition

Microsoft Windows Explorer 0

Solution:

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.[/quote]

http://www.securityfocus.com/bid/21992/info

RogueRemover PRO 1.01

2007-01-10T22:17:00.000-05:00

RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.
RogueRemover has the ability to completely remove WinAntiSpyware/WinAntiVirus, SpyAxe, VirusBlast, VirusBursters and many more!
Simply download RogueRemover from the one of the links below, unzip the file, and run the installer. Start the program and select Scan and the program will walk you through the remaining steps.

Compatible with Windows 2000, NT, XP

Download:   http://www.malwarebytes.org/rogueremover.php

View program history:   http://www.malwarebytes.org/rogueremoverpro_history.php

View database history:  http://www.malwarebytes.org/rogueremoverpro_database_history.php

RogueRemover 1.09

2007-01-10T22:10:00.000-05:00

RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.

RogueRemover has the ability to completely remove WinAntiSpyware/WinAntiVirus, SpyAxe, VirusBlast, VirusBursters and many more!

Simply download RogueRemover from the one of the links below, unzip the file, and run the installer. Start the program and select Scan and the program will walk you through the remaining steps.

Compatible with Windows 2000, NT, XP

Download:   http://www.malwarebytes.org/rogueremover.php

View program history:   http://www.malwarebytes.org/rogueremover_history.php

View database history:  http://www.malwarebytes.org/rogueremover_database_history.php

Rogue Remover 1.08

2007-01-05T20:12:00.000-05:00

Version 1.08 (1/05/07)

1. Fixed exclude list not working on right item.

2. Tweaked update function in case update file was ever missing.

3. Fixed minor typos.

Download:
http://www.malwarebytes.org/rogueremover.php

Version History:
http://www.malwarebytes.org/rogueremover_history.php

Opera Browser Two Vulnerabilities

2007-01-05T11:32:00.000-05:00

Software: Opera 9.x

Description:
Two vulnerabilities have been reported in Opera, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error when processing JPEG files can be exploited to cause a heap-based buffer overflow via a JPEG file with a specially crafted DHT marker.

2) An error within createSVGTransformFromMatrix() can be exploited by passing an incorrect object to the said function.

Successful exploitation of the vulnerabilities allow execution of arbitrary code.

Solution:
Update to version 9.10.

Provided and/or discovered by:
The vendor credits iDefense Labs.

Original Advisory:
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852

http://secunia.com/advisories/23613/

RogueRemover 1.07

2007-01-04T18:28:00.000-05:00

Version 1.07 (1/04/07)

Program: [173 applications listed]
1. Created installer to make application smaller for dialup users.
2. Fixed scan results right click bug.
3. Created exclude list.
4. Redesigned interface.
5. Fixed minor typos.
6. Created external database for easy updating.
7. Added ability to rescan after removal.
8. Created help manual.

Definitions:

[Added]
Error Fix, Error Fixer, Error Scan and Fix, Evidence Eraser Pro, Fix Registry Errors, Free Spyware Adware Scanner and Remover, Keep Your Privacy, Online Privacy Pro, Page Cannot Be Displayed, PC Error Eliminator, Privacy Keeper, Registry Fix It, Registry Fix, Registry Optimizer 2007, Registry Repair 2006, Restore My Files, The Ultimate Spyware Adware Remover

[Updated]
VirusBursters (+14)

[Removed]
No applications were delisted.

[Notes]
No further comments.[/quote]

Download: http://www.malwarebytes.org/rogueremover.php

History: http://www.malwarebytes.org/rogueremover_history.php

Extra edit
The database was removed from within the program and into a seperate file in version 1.07.

Database: Version 100
http://www.malwarebytes.org/rogueremover_database_history.php

Apple QuickTime RTSP URL Buffer Overflow

2007-01-03T23:32:00.000-05:00

Vendor:
Apple

Application:
QuickTime 7.1.3 and earlier

Description:
A stack-based buffer overflow occurs when processing a long rtsp:// URL within a QTL file, which is an XML document laid out like the following, according to the published proof-of-concept:

This malicious QTL file may be hosted on a web site, allowing for exploitation across the internet. Other attack vectors may be possible to reach the same vulnerable code in QuickTime which may require less user interaction than this published proof-of-concept.

Severity:
High

Remote Code Execution:
Yes

http://research.eeye.com/html/alerts/zeroday/20070101.html

http://projects.info-pull.com/moab/MOAB-01-01-2007.html

http://www.milw0rm.com/exploits/3064

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015

http://www.milw0rm.com/exploits/3072