Spyware Remover Help

Microsoft Security Advisory (953839): Cumulative Security Update of ActiveX Kill Bits - 8/13/2008

admin — Fri, 15 Aug 2008 15:15:08 +0000

Revision Note: August 13, 2008: Updated to include links to HP’s Advisories Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Microsoft Security Advisory (953839): Cumulative Security Update of ActiveX Kill Bits - 8/12/2008

admin — Thu, 14 Aug 2008 15:15:03 +0000

Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Microsoft Updates for August

admin — Wed, 13 Aug 2008 19:15:03 +0000

Eleven new security bulletins have been published (from MS08-041 to MS08-051) as part of the usual launch of Microsoft updates.We recommend you to update your system as soon as possible, as according to Microsoft's classification six of the bulletins are rated as "critical", while the others are rated as "important".You can find more information about the security bulletins by clicking the following links:MS08-041 – Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access.MS08-042 – Vulnerability in Microsoft Word.MS08-043 – Vulnerabilities in Microsoft Excel.MS08-044 – Vulnerabilities in Microsoft Office Filters.MS08-045 – Cumulative Security Update for Internet Explorer.MS08-046 – Vulnerability in Microsoft Windows Image Color Management System.MS08-047 – Vulnerability in IPsec Policy Processing.MS08-048 – Security Update for Outlook Express and Windows Mail.MS08-049 – Vulnerabilities in Event System.MS08-050 – Vulnerability in Windows Messenger.MS08-051 – Vulnerabilities in Microsoft PowerPoint.

original article

Microsoft Security Advisory (954960): Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates - 8/12/2008

admin — Wed, 13 Aug 2008 15:15:10 +0000

Revision Note: August 12, 2008: Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update to communicate that the re-release of the update to fix a known installation issue with Windows Server 2008 systems is now available via Microsoft Update. Advisory Summary:Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

Beijing’s Olympic Games Malware

admin — Fri, 08 Aug 2008 19:15:03 +0000

It’s pretty clear that Beijing’s Olympic Games are a good chance for cybercrooks to infect users using the Games as a social engineering tool. The Games have started today, and we have just seen a new malware, Bck/PcClient.HV, that seems to be a PowerPoint about the Games, but it installs in the infected computers the files PcCortr.dll and 81.dll, that lower the system security level, enabling the file wuauct.exe copied by the malware in the system folder to remotely connect to a Chinese IP to send information about the infected computer. To avoid any suspect, it shows 12 slides about the real Beijing Olympic Stadium:

original article

Microsoft Security Advisory (954960): Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates - 8/1/2008

admin — Sat, 02 Aug 2008 15:15:03 +0000

Revision Note: August 1, 2008: Added Frequently Asked Questions entry to communicate re-release of the update to fix known installation issue with Windows Server 2008 systems. Advisory Summary:Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

For the E-crime, Angelina is not the only pebble on the beach

admin — Wed, 30 Jul 2008 19:15:05 +0000

Angelina naked!!!…. Angelina Jolie porno Video Free!!!…. Angelina Jolie And Madonna Compete For Adoption Of Jamie Lynn Spears Baby!!!!! Angelina Jolie And The *** Lover.-.. Angelina.. Angelinaaa….. Angelinaaaaaaaaaaaaaaaaaa!!!!!!! You can also find messages with other fake news about any topic, but mainly about celebrities like Rihana, Pamela, Britney Spears,Obama, Bush but among them the most used is Angelina Jolie.However, we have recently received another kind of spam. But I was surprised not to see Angelina Jolie neither Britney nor obama.. instead, I saw that it was a fake email coming from an airline company which attached had a flight electronic ticket… This eletronic ticket is in fact a Banker Trojan,Trj/Sinowal.VQK, which is designed to steal confidential data… Thanks to Andrea Urbani for the sample.

original article

Microsoft Security Advisory (956187): Increased Threat for DNS Spoofing Vulnerability - 7/25/2008

admin — Sat, 26 Jul 2008 15:15:03 +0000

Revision Note: July 25, 2008: Advisory published. Advisory Summary:Microsoft released Microsoft Security Bulletin MS08-037, Vulnerabilities in DNS Could Allow Spoofing (953230), on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.

Patch your DNS NOW!!!!!

admin — Thu, 24 Jul 2008 19:15:03 +0000

The exploit is here. Metasploit has developed a module to trigger the last DNS vulnerability (announced by Dan Kaminsky two weeks ago). The DNS system translates names to numbers the Internet can use (www.pandasecurity.com -> 88.221.26.28). This threat allows malicious people to redirect any website or domain to a system controlled by the attacker. The full vulnerability description would be described at BlackHat, however it was published (by mistake) in a very known blog. Although It was removed, nevertheless it was already accessible with Google cache or Google Reader. The vulnerability uses two well-known issues with DNS Protocol:Prediction of Source Port and transaction ID: DNS uses UDP packets to send and receive queries. Most DNS servers use the same source port to connect to the same DNS server within a short period of time. This way, an attacker could predict the destination port in a very short time. Transactions ID are randomized but this randomization is not enough, and malicious people could spoof packets to send answer packets to the target DNS server before the real DNS server sends its response. The image below shows this scenario:The attacker (trigger machine) sends DNS packets, to the target DNS, with queries for a website of a domain controlled by them (www.mytestdomain.com). The target DNS will send the queries to the DNS server controlled by the attacker, so this way they could predict the source port used by the target DNS and predict some patterns in the transaction ID. After that the attacker sends spoofed DNS packets, to the target DNS, pretending to be the DNS server, redirecting the client to the website owned by the attacker.Additional Resource Records: DNS servers can include additional information in their answer to avoid future questions and improve the efficiency of the process. For example, the nameservers' IP of the target domain. Combining these two issues, an attacker could control the entire traffic directed to the target domain. We have developed a tool to verify if your DNS is vulnerable (DnsTester). It basically executes the following query, suggested by Sans Diary: nslookup -type=txt -timeout=30 porttest.dns-oarc.net If your DNS is vulnerable, you should inform your ISP or networkadministrator about it. However a better and faster approach is tochange your DNS to OpenDNS. There are also some websites to verify if your DNS is vulnerable (http://www.doxpara.com/ or you could follow the SANS suggestions on Sans Diary). (Thanks to Iker Perez for the image)

original article

Fake Fernando Alonso car accident used to distribute a new banking Trojan

admin — Tue, 22 Jul 2008 19:15:03 +0000

We have just discovered another spam message used to fool users into installing a new banking Trojan (Trj/Banker.LGC). This time it passes itself off as if it were a real piece of news from El Pais, one of the major newspapers in Spain. It is about a car accident that would have taken place today in Bilbao and where Fernando Alonso, the two-time Formula 1 world champion has been supossedly seriously injured. As I'm writing this post from Bilbao, I can guarantee that there has not been any car accident in which Fernando Alonso is involved… ;-)The link to download the video points to the Trojan. This is a screenshot of the fake piece of news:The banking Trojan targets one of the biggest Spanish banks, which in the past was one of the Fernando Alonso's team sponsors. This is not the first time we have seen this piece of news used to spread malware though, as a few weeks ago we saw a very similar one, the major difference was that it was trying to install a Gaobot worm instead.

original article