Wiz's Computer and Website Security Blog

Mozilla released Beta 2 of its upcoming Firefox 2 browser for developer review Aug. 31, emphasizing that it is being made available for testing purposes only. The release contains a number of new features, as well as some enhancements to look and feel. "Firefox 2 Beta 2 is intended for Web application developers and our testing community," the team said on the Mozilla development website. "Current users of Firefox 1.x should not use Firefox 2 Beta 2 and expect all of their extensions and plugins to work properly."

Source: http://www.desktoplinux.com/news/NS3852026030.html

This beta release will soon be posted to the following page.

Firefox published beta downloads page: http://www.mozilla.org/projects/bonecho/all-beta.html

The final Firefox 2.0 is expected to be completed in early 2007, the team said. More beta versions are expected to be released this fall and winter.

Key new features in beta 2, as listed by the team, include:

* Visual refresh -- Firefox 2's theme and user interface have been updated to improve usability without altering the familiarity of the browsing experience. For instance, toolbar buttons now glow when you hover over them.

* Built-in phishing protection -- Phishing Protection warns users when they encounter suspected Web forgeries, and offers to return the user to their home page. Phishing Protection is turned on by default, and works by checking sites against either a local or online list of known phishing sites. This list is automatically downloaded and regularly updated when the Phishing Protection feature is enabled.

* Enhanced search capabilities -- Search term suggestions will now appear as users type in the integrated search box when using the Google, Yahoo! or Answers.com search engines. A new search engine manager makes it easier to add, remove and re-order search engines, and users will be alerted when Firefox encounters a website that offers new search engines that the user may wish to install.

* Improved tabbed browsing -- By default, Firefox will open links in new tabs instead of new windows, and each tab will now have a close tab button. Power users who open more tabs than can fit in a single window will see arrows on the left and right side of the tab strip that let them scroll back and forth between their tabs. The History menu will keep a list of recently closed tabs, and a shortcut lets users quickly re-open an accidentally closed tab.

* Resuming your browsing session -- The Session Restore feature restores windows, tabs, text typed in forms, and in-progress downloads from the last user session. It will be activated automatically when installing an application update or extension, and users will be asked if they want to resume their previous session after a system crash.

* Previewing and subscribing to Web feeds -- Users can decide how to handle Web feeds (like this one), either subscribing to them via a Web service or in a standalone RSS reader, or adding them as Live Bookmarks. My Yahoo!, Bloglines and Google Reader come pre-loaded as Web service options, but users can add any Web service that handles RSS feeds.

* Inline spell checking -- A new built-in spell checker enables users to quickly check the spelling of text entered into Web forms.

* Live Titles -- When a website offers a microsummary (a regularly updated summary of the most important information on a Web page), users can create a bookmark with a "Live Title." Compact enough to fit in the space available to a bookmark label, they provide more useful information about pages than static page titles, and are regularly updated with the latest information. There are several websites that can be bookmarked with Live Titles, and even more add-ons to generate Live Titles for other popular websites.

* Improved Add-ons manager -- The new Add-ons manager improves the user interface for managing extensions and themes, combining them both in a single tool.

* New Windows installer: Based on Nullsoft Scriptable Install System, the new Windows installer resolves many long-standing issues.

Posted by Wiz at 3:05 PM | Permalink

back to top ^

I finally put the finishing touches on my revamped website hosting page, found at www.wizcrafts.net/hosting.html, on August 30, 2006. This is the first major overhaul of that page in many months.

The old page made a very brief mention about what hosting is and only scraped at the surface of the concept of different types of hosting accounts. It then went on to list the detailed features of a few select web hosting companies, wih no mention of alternatives. to say the least it was lacking in breadth of coverage.

The new hosting page is totally the opposite in how it presents information. The first half of the page contains reasonably detailed explanations about what website hosting is, what web servers are, and details the differences between dedicated, semi-dedicated, VPS and shared web hosting.

The next section explains domain name registration and registrars.

Following that I have embedded a comparison of over 20 shared-hosting companies, outlining their allowed disk space, bandwidth (data transfer), email or FTP accounts, add-on domains policies and pricing (monthly and annual). I have also created separate pages detailing the features of the various hosting plans, showing as many features as the company publishes online. Those pages contain links to the companies and to alternate services like VPS servers. I have not finished the features pages for all of the listed web hosts, but am in the process of creating new ones every day or two. I am also trying to keep the disk space/bandwidth/pricing up to date, as several companies are frequently changing their plans to respond to their competitors.

I also plan to include a voting script on each features page, in the immediate future. I look forward to your input to help rate the various hosts according to your own experiences with them (not hearsay).

The final section of the new hosting page deals with website promotion tools and has several very useful links to help you get listed or improve you online business prospects.

Please avail yourselves of this information, found at www.wizcrafts.net/hosting.html

I have opened this topic up to visitor comments, on a trial basis. If you have a relevant suggestion, or would like to see a more information about a topic covered on my hosting page, let me know. I am considering creating an entire page dealing with web servers and hosting issues. If there is something you want to learn about, mention it in your comments.

Warning to potential blog or log spammers: Don't waste your time by submitting spam comments or sending links to spamvertised websites. They will never be posted so nobody will read them, because I hold all comments for moderation and delete spam on sight, plus I will block you from accessing my website again.

Posted by Wiz at 2:09 PM | Permalink

back to top ^

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated on 08/28/2006. Users of the free version should check for and install the new definitions manually.

Current Definition File:
SE1R121 28.08.2006

New Definitions:
========================
Adware.180Solutions.Seekmo +8
Adware.Axfibula
Win32.Hacktool.AmericanPride
Win32.Hacktool.Brontok
Win32.Hacktool.VncNoAuth
Win32.Worm.Viking +7

Updated Definitions:
========================
Adware.NewWeb
Adware.WSearch +7
AlertSpy
CoulombDialer
Dialer +7
Spyagent
SPySpotter
SPywareNo
SystemDoctor +2
Webhancer
Win32.Backdoor.Agent +6
Win32.Backdoor.Rbot +4
Win32.Downloader
Win32.Generic.PWS +7
Win32.Mydoom.A +7
Win32.Trojan.Agent +4
Win32.Trojan.Downloader +14
Win32.TrojanClicker +2
Win32.Trojandownloader.Zlob
Win32.TrojanProxy.Agent.dl +3
Win32.TrojanSpy.Bancos +5
Win32.TrojanSpy.Banker +26
Win32.TrojanSpy.Goldun +2

The MD5 checksum for the defs.ref file is 5904b8b8437a98ae259c993bc385af49
============================================
You can use Webupdate to install the new reference file, or download
it manually from: http://download.lavasoft.de.edgesuite.net/public/defs.zip

Download the current version of Ad-Aware here: http://www.download.com/3405-8022-5153545.html

Requirements for Ad-Aware SE Personal Edition are:
Processor: P166 or faster
RAM: Operating system + 24 MB
Browser: Internet Explorer 5.5 or higher
Operating system platforms: Windows 98/98se/Me/NT4
Workstation/NT4 Server/2000 Pro/2000 Server/XP
Home/XP Pro/ XP 64-Bit Edition/Terminal Services

Besides scanning for the usual suspects in the usualy places, Ad-Aware has a checkbox option to scan volume for ADS (Alternate Data Streams), which are sometimes used by advanced malware, to hide it's activities. You should use this option occasionally. The default option is to perform a "smart system scan" of the usual places where malware is found.

Posted by Wiz at 1:29 PM | Permalink

back to top ^

SpywareBlaster 3.5.1 Database Update

SpywareBlaster Latest Definitions: 8/26/2006

Items in the Spywareblaster database: 6577

New with this update: 20

Download: Online Updater in the program interface * (see extended comments)

Learn more, or download the current version here: http://www.javacoolsoftware.com/spywareblaster.html

Spywareblaster is not like most anti-spyware programs, in that it does not "run" as such, as an active process in memory. It is more like a preventative shot that innoculates your computer against certain common avenues of attack, mostly ActiveX threats.

1: Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
2: Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
3: Restricts the actions of potentially unwanted sites in Internet Explorer.

* SpywareBlaster is freeware for personal and educational use and offers two updating options:

1.) AutoUpdate - keep your protection up-to-date automatically!
2.) Check for Updates - manually check for and download the latest updates

The built-in (manual) Check for Updates function is completely free. To access Check for Updates, simply click on the "Updates" tab on the left side of the SpywareBlaster interface, and then press the "Check for Updates" button.

If you would like the convenience of the AutoUpdate feature, more information can be found in SpywareBlaster itself. (Click on the "Updates" tab, and then the "AutoUpdate" tab.)

A SpywareBlaster AutoUpdate subscription is $9.95 (US) per computer, per year, and is good on the computer from which it is purchased. Subscriptions do not automatically renew - you will be prompted to purchase a new subscription when your current subscription expires.

Learn more, or download the current version here: http://www.javacoolsoftware.com/spywareblaster.html

Posted by Wiz at 2:01 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. e.g. WinAntiVirusPro 2006 is definitely malware that masquerades as a solution to the false detections it presents to people whose computers it infects. It is an infection, not a solution! Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

Spybot Search and Destroy ( Multi-Lingual Landing Page, Choose your language).

2006-08-25

Hijacker
+ ISearchTech.PowerScan

Malware
+ PestTrap + Search.AnyOfUs + Zlob.HostsKill + Zlob.Inverse + Smitfraud-C. (2) + CashDeluxe + Vcodec.Intcodec + Vcodec.eMedia + WinFixer2005 + ErrorSafe + Winsoftware.WinAntiVirusPro2006 + Zlob.HomepageMonitor

Spyware
+ Targetsaver

Trojan
+ Fraud.ProtectionBar + Zlob.IERedir + Vcodec + SpyQuake2 + Banker.Delf + PSW.Lineage + EbayBill.F + Win32.AdvertMen + Win32.Small.cjy + Zlob.Downloader + Zlob.XPasswordManager + Rightclick.Pcast

Total: 314623 fingerprints in 43834 rules for 2219 products.

English Language Company Links:
Spybot Search and Destroy Home Page
Spybot Search and Destroy Download page - Program and definition updates.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

More in extended comments -->

Note:
If Spybot S&D reports "Microsoft.WindowsSecurityCenter_disabled" you should be aware that this is an informational alert that requires some thinking on your part. The reason is that if you have installed a software firewall that program may (usually does) disable the Windows XP firewall to prevent conflicts. When the built-in firewall is disabled, whether by your own actions or by another security program, a flag is set in the Windows Registry. Spybot is simply reporting that it found the flag set for a portion of the Windows Security Center, of which the Windows Firewall is a part.

If you have not installed a software firewall this could also be caused by an anti-spyware, or anti-virus program/security suite, which contains a firewall component. It could also be caused by spyware, adware, Trojans, backdoors, or other malware that needs to establish two way communications via your hijacked computer and it's Internet connection. So, if you cannot come up with any reasonable explanation as to why the Windows Security Center alerts are disabled, you should suspect foul play and scan your entire computer for viruses and spyware, with everything you have on hand, or can get online - as a free scan.

See this forum thread about Spybot S&D reporting the Security Center is disabled, and what the responders and experts have to say about it.

Posted by Wiz at 4:57 PM | Permalink

back to top ^

Published on 08-19-2006 | Updated on 4-24-2007

Webroot, the manufacturer of Spy Sweeper has released a study which finds that 89% of PCs connected to the Internet contain some spyware/adware infections, with the average home computer hosting 30 different malware programs. Furthermore, according to the Webroot® State of Internet Security report, issued on March 28, 2007, 43 percent of companies surveyed globally have suffered a business disruption due to malware and 60 percent of businesses polled don't have an information security plan.

According to the Webroot study, purveyors of malware are increasingly harnessing the popularity of social networks and Web video to infect PCs. Spyware's threat is getting nastier. Infection rates are on the rise, in part thanks to the surging popularity of social-networking sites like MySpace.com.

"We're finding that the social-networking sites like MySpace are turning out to be hotbeds for spyware," CEO Dave Moll says. "People are creating multiple profiles, and the links on their sites will take you to sites that will either download or drive-by download adware and spyware."

It doesn't help that many younger users aren't sufficiently cautious about where and how they surf the Web, Moll says. "They're not looking out for danger in quite the way that more skeptical adults do," he says. "Kids on MySpace and sites like it act as though they are in a safe youth-only environment, and as a result their behavior is less cautious, and that is something that is being preyed upon by all kinds of Internet villains. And we think spyware creators will be the most aggressive in exploiting that."

Spyware creators are also employing a wider arsenal of weapons. They're piggybacking on other, more malicious types of programs such as rootkits, a type of program that conceals itself, and keyloggers, which record a user's keystrokes on a PC.

All of these infections on Windows PCs are possible in part because so many users are operating the computers with Administrator level privileges. This means that a virus or other malware program has the same rights as you do (full control), over the operating system. If the owners of these computers would switch to using a Limited User account to do their browsing, email and instant messaging the infection rate would drop off the measurable radar.

I have devoted an entire web page to the subject of creating and using Limited or Power User accounts, instead of using the default Administrator level account your computer started with. Go read that page, then create a new Limited or Power User account for your daily use. You can copy your existing settings and preferences to the new account, including your desktop icons and start menu items. Alternately, instead of creating a new Limited User account, create a new "Computer Administrator" account, assigning it a password. Log off the account you are using for everyday use and log onto the new "Computer Administrator" account to set it up as an identity. Once inside that account you can go to Start > Control Panel > User Accounts and change your other account to a "Limited User." When you log back onto your regular account all your icons and settings will still be there, but your user rights will be lowered for your protection.

As a Limited user you cannot install some programs, or uninstall any, nor can you run the Disk Defragmenter or manage accounts and policies. To do these things you can either use the Run As command (explained on the Privileges page), or use the Switch User function to log in to your Administrator level account, do what needs doing, then log off that and log back onto the Limited account.

This really works to protect your computer against virtually all of the current known exploits. If you read the various bulletins released every month by Microsoft, concerning this or that new vulnerability, you'll see a paragraph explaining that the scope of the damage is proportional to the level of privileges on the account you are logged onto. If you are using an account that does not have privileges to create, delete, rename, or alter any files in the operating system directories, the danger from accidentally downloaded malware is close to nil, in that account. This includes the entire crop of browser search hijackers and BHOs. They all depend on being able to write to the local machine branch of the Windows Registry to do their dirty work. Furthermore, if something does manage to attach itself to your browser, under a Limited Account, it cannot jump across identities to infect the administrator account, or other user accounts. Also, viruses and spyware cannot disable your anti-virus, or anti spyware, or firewall programs, from within a Limited User account, but those programs can go after the attackers and remove them before they find a way to install into the system.

Read about an exploit that masquerades as a video decoder to install the Zlob Trojan -->

Spyware creators are exploiting the popularity of Internet video clips to convey their nasty cargo. A Trojan program called Zlob masquerades as a video-decoder program intended to be an update for Microsoft's (MSFT) Windows Media Player. Users may come across a video clip they'd like to see, and on clicking a link are given an error message and a link to install a new version of the player software. The user's browser is then redirected to a download site that gives them a program that includes the Zlob Trojan, which in turn downloads more spyware and other malicious software programs.

To date, Webroot's researchers have identified some 527,000 malicious Web sites, an increase of 100,000 from a year earlier.

Webroot's Spy Sweeper is one of the foremost tools used to detect and remove Spyware, Adware and other malware threats from PCs.

Posted by Wiz at 4:37 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

2006-08-18

Adware
+ NewWeb + 2Search + SurfAccuracy + WSearch ++ ZenoSearch

Hijacker
+ MaxSearch + MarketDart + Kuaiso.a + DailyToolbar

Malware
+ Smitfraud-C. + AntispywareSoldier + IMNames + Mirar ++ Pacimedia.BHO + Mailbot + IGetNet.WinStart + ISearchTech.ISTsvc

PUPS
+ LetsCool.Wallpaper + WPA_Reset5

Security
+ Windows.Security.InternetExplorer + Windows.Explorer

Spyware
+ Huntbar.Web Search + Alexa + Targetsaver + 180Solutions.Zango + 180Solutions.SearchAssistant + VX2.NetPal

Trojan
+ Win32.Small.fb + Jupilites + Zlob.Downloader + Banker.R + StartPage.NK + Win32.Dldr + Downloader.Dstart + Zlob.BigDown + UptoFind.RelatedSearch + eUniverse.PowerSearch + Virtual Bouncer

Total: 313821 fingerprints in 43568 rules for 2209 products.

Update History

Company Links:

Home - The home of Spybot-S&D!

Spybot Search and Destroy Download page - Program and definition updates.

Full tutorial about using and setting up Spybot Search and Destroy

More in extended comments -->

Note:
If Spybot S&D reports "Microsoft.WindowsSecurityCenter_disabled" you should be aware that this is an informational alert that requires some thinking on your part. The reason is that if you have installed a software firewall that program may (usually does) disable the Windows XP firewall to prevent conflicts. When the built-in firewall is disabled, whether by your own actions or by another security program, a flag is set in the Windows Registry. Spybot is simply reporting that it found the flag set for a portion of the Windows Security Center, of which the Windows Firewall is a part.

If you have not installed a software firewall this could also be caused by an anti-spyware, or anti-virus program/security suite, which contains a firewall component. It could also be caused by spyware, adware, Trojans, backdoors, or other malware that needs to establish two way communications via your hijacked computer and it's Internet connection. So, if you cannot come up with any reasonable explanation as to why the Windows Security Center alerts are disabled, you should suspect foul play and scan your entire computer for viruses and spyware, with everything you have on hand, or can get online - as a free scan.

See this forum thread about Spybot S&D reporting the Security Center is disabled, and what the responders and experts have to say about it.

Posted by Wiz at 10:38 AM | Permalink

back to top ^

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated on 08/15/2006. Users of the free version should check for and install the new definitions manually.

Current Definition File:
SE1R119 15.08.2006

New definitions:
====================
TrustCleaner.ref +10

Updated definitions:
====================
Adware.DuDu +19
Adware.Henbang +2
Clickspring
FakeAlert
Hijacker.Qyule +6
Win32.Backdoor.RBot +2
Win32.Trojan.KillAV
Win32.Trojan.Mirc
Win32.Trojan.SDBot +7
Win32.TrojanDownloader.ConHook +2
Win32.TrojanDownloader.Swizzor.br +12
Win32.Trojandownloader.Zlob +29
Win32.TrojanSpy.Goldun +3
Win32.Winshow +8

MD5 checksum is c6fcffc94e29d31bac50b982c706efaf

The current version of Ad-Aware SE Personal Edition is: 1.06r1

Download the current version here: http://www.download.com/3405-8022-5153545.html

Requirements for Ad-Aware SE Personal Edition are:
Processor: P166 or faster
RAM: Operating system + 24 MB
Browser: Internet Explorer 5.5 or higher
Operating system platforms: Windows 98/98se/Me/NT4
Workstation/NT4 Server/2000 Pro/2000 Server/XP
Home/XP Pro/ XP 64-Bit Edition/Terminal Services

Posted by Wiz at 5:50 PM | Permalink

back to top ^

SpywareBlaster 3.5.1 Database Update

SpywareBlaster Latest Definitions: 8/14/2006

Items: 6557

Change: 107 New Entries;
0 -IE ActiveX CLSIDs
107 -IE Resticted Sites
0 -Mozilla/Firefox

Download: Online Updater in the program interface *

Spywareblaster is not like most anti-spyware programs, in that it does not "run" as such, as an active process in memory. It is more like a preventative shot that innoculates your computer against certain common avenues of attack, mostly ActiveX threats.

1: Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
2: Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
3: Restrict the actions of potentially unwanted sites in Internet Explorer.

* SpywareBlaster is freeware for personal and educational use and offers two updating options:

1.) AutoUpdate - keep your protection up-to-date automatically!
2.) Check for Updates - manually check for and download the latest updates

The built-in (manual) Check for Updates function is completely free. To access Check for Updates, simply click on the "Updates" tab on the left side of the SpywareBlaster interface, and then press the "Check for Updates" button.

If you would like the convenience of the AutoUpdate feature, more information can be found in SpywareBlaster itself. (Click on the "Updates" tab, and then the "AutoUpdate" tab.)

A SpywareBlaster AutoUpdate subscription is $9.95 (US) per computer, per year, and is good on the computer from which it is purchased. Subscriptions do not automatically renew - you will be prompted to purchase a new subscription when your current subscription expires.

Learn more, or download the current version here: http://www.javacoolsoftware.com/spywareblaster.html

Posted by Wiz at 5:18 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

2006-08-11

Adware
++ IEHelper.e ++ Win32.Agent.y ++ MaxFiles ++ PurityScan.ej + MediaMotor + BookedSpace + 2Search

Hijacker
+ Clearsearch.Net + FunWebProducts

Malware
++ DiaRemover ++ GoldSpy ++ Vcodec.Intcodec + SurfSideKick ++ DigitalNames + E2Give ++ IMNames

PUPS
+ WildTangent + Hotbar + WhenU.SaveNow + EverestPoker

Spyware
++ PurityScan ++ C2.lop + Targetsaver + Xupiter.Sqwire + 180Solutions.Zango

Trojan
+ CnsMin ++ Win32.Agent-gen.cws + Zlob.Downloader ++ CoolWWWSearch.SearchToolbar ++ BankAsh ++ SpyQuake2 ++ Zlob.Downloader ++ LZIO.Small + UpToFind.RelatedSearch ++ HomelandNet.DL

Total: 311879 fingerprints in 43059 rules for 2170 products.

Update History

Note:
If Spybot S&D reports "Microsoft.WindowsSecurityCenter_disabled" you should be aware that this is an informational alert that requires some thinking on your part. The reason is that if you have installed a software firewall that program may (usually does) disable the Windows XP firewall to prevent conflicts. When the built-in firewall is disabled, whether by your own actions or by another security program, a flag is set in the Windows Registry. Spybot is simply reporting that it found the flag set for a portion of the Windows Security Center, of which the Windows Firewall is a part.

If you have not installed a software firewall this could also be caused by an anti-spyware, or anti-virus program/security suite, which contains a firewall component. It could also be caused by spyware, adware, Trojans, backdoors, or other malware that needs to establish two way communications via your hijacked computer and it's Internet connection. So, if you cannot come up with any reasonable explanation as to why the Windows Security Center alerts are disabled, you should suspect foul play and scan your entire computer for viruses and spyware, with everything you have on hand, or can get online - as a free scan.

See this forum thread about Spybot S&D reporting the Security Center is disabled, and what the responders and experts have to say about it.

Company Links:

Home - The home of Spybot-S&D!

Spybot Search and Destroy Download page - Program and definition updates.

Full tutorial about using and setting up Spybot Search and Destroy

Posted by Wiz at 3:08 PM | Permalink

back to top ^

Microsoft's security response unit is bracing for the worst after exploit code that offers a blueprint for attacks began circulating on the Internet.

On August 8, 2006, Microsoft released a dozen patches and fixes for Windows and Office products. One of those patches, MS06-040, fixes a vulnerability in the Windows Server Service, as follows:

Buffer Overrun in Server Service Vulnerability:

There is a remote code execution vulnerability in Server Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

That service is normally found and running on computers running Windows 2000, XP Home and Pro (32 and 64 bit), and Server 2003. If you don't apply the patch either via Windows Updates or by downloading from the aforementioned MS page, and you are not behind a firewall that blocks incoming unsolicited TCP traffic, your computer(s) will be at severe risk of being taken over by hackers or criminals, who will use them for their own nefarious purposes.

This vulnerability and the anticipated attacks to come any day now are similar to the infamous MSBlaster Worm attack of August 11, 2004. People who ignored the advise to apply Windows Updates in July 2004 and were not behind good firewalls had their computers invaded by the MSBlast Worm and many found them rebooting within 60 seconds after entering the Windows desktop (due to a RPC Buffer Overflow condition). The Blaster Worm spread from computer to computer over TCP, the protocol which computers use to communicate over the Internet. This new Server Service vulnerability is also attacked via TCP traffic directed to incoming TCP Ports 139 and 445.

If you haven't already received automatic Windows Updates go the the Windows Update website, using Internet Explorer, and download/install the available updates. If you are unable to obtain Windows Updates because your copy of Windows is pirated, or not legally licensed, at least get yourself behind a firewall as soon as possible. Windows XP has one built in that will stop incoming attacks. ZoneLabs ZoneAlarm is an excellent firewall, available in free and paid versions, and Sunbelt makes the free and paid Sunbelt-Kerio Personal Firewall.

If you are on a LAN behind a hardware router/firewall you are protected against unsolicited incoming TCP attacks, but not outgoing, phone-home threats that might sneak onto your computer. Do yourself a favor and get a software firewall installed onto all of your computers, whether or not they are behind a router. Routers have vulnerabilities also, some of which are being actively exploited right now. Without a software firewall you may be completely at the mercy of criminal attackers who want to add your computers to their BotNets. They will then use your computer to launch DDoS attacks or for use as spam relays.

I have created a webpage all about firewalls and TCP attacks, at: http://www.wizcrafts.net/ans/firewalls.html which is a child of my FAQs page.

Windows Live OneCare

Microsoft offers Windows Live OneCare, an automatically self-updating PC care service that runs quietly in the background. It helps provide persistent protection against viruses, hackers, and other threats, and helps keep your PC tuned up and your important documents backed up. For more details, see Windows Live OneCare at www.windowsonecare.com.

Details about activating the Windows XP firewall are in my extended comments --->

To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, which is included with Windows XP and with Windows Server 2003.

By default, the Internet Connection Firewall feature in Windows XP and in Windows Server 2003 helps protect your Internet connection by blocking unsolicited incoming traffic. We recommend that you block all unsolicited incoming communication from the Internet. In Windows XP Service Pack 2 this feature is called the Windows Firewall.

To enable the Internet Connection Firewall feature by using the Network Setup Wizard, follow these steps:

1. Click Start, and then click Control Panel.

2. In the default Category View, click Network and Internet Connections, and then click Setup or change your home or small office network. The Internet Connection Firewall feature is enabled when you select a configuration in the Network Setup Wizard that indicates that your system is connected directly to the Internet.

To configure Internet Connection Firewall manually for a connection, follow these steps:

1. Click Start, and then click Control Panel.

2. In the default Category View, click Networking and Internet Connections, and then click Network Connections.

3. Right-click the connection on which you want to enable Internet Connection Firewall, and then click Properties.

4. Click the Advanced tab.

5. Click to select the Protect my computer or network by limiting or preventing access to this computer from the Internet check box, and then click OK.

Note If you want to enable certain programs and services to communicate through the firewall, click Settings on the Advanced tab, and then select the programs, the protocols, and the services that are required.

� To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature.

You can enable advanced TCP/IP filtering to block all unsolicited inbound traffic. For more information about how to configure TCP/IP filtering, see Microsoft Knowledge Base Article 309798.

� To help protect from network-based attempts to exploit this vulnerability, block the affected ports by using IPSec on the affected systems.

Use Internet Protocol security (IPSec) to help protect network communications. Detailed information about IPSec and about how to apply filters is available in Microsoft Knowledge Base Article 313190 and Microsoft Knowledge Base Article 813878.

Posted by Wiz at 2:12 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated on August 4, 2006. If you use this program be sure to run manual updates as soon as possible.

2006-08-04
Adware
++ IEHelper.e ++ Caishow ++ 91Cast ++ Boran.g ++ Win32.Nurvel.a ++ Win32.Agent.y + 2Search
Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL + CoolWWWSearch.Toolband
Keylogger
+ Elite Keylogger + EvilEye + LttLogger
Malware
+ Smitfraud-C. + VirusBlast + Look2Me ++ Aest ++ WB.Hider ++ EngeryPlugin + IMNames
PUPS
+ Hotbar ++ Baigoo.a ++ Tencent
Spyware
++ Trickle.Gator
Trojan
+ SpyQuake2 + Zlob.PornMagPass + Zlob.XPasswordManager ++ Amiboide + Amitis ++ AOLTrojan ++ Asassin ++ BackAge ++ Bandook ++ Beast ++ Win32.Agent.se ++ WinAntiVirusPro2006 ++ HB.RichMedia

Total: 347862 fingerprints in 47547 rules for 2167 products.

Update History

Home - The home of Spybot-S&D!
Spybot Search and Destroy Download page - Program and definition updates.
Full tutorial about using and setting up Spybot Search and Destroy

Posted by Wiz at 11:19 AM | Permalink

back to top ^

AVG Anti-Virus Free is a free anti-virus protection tool developed by GRISOFT for home use.

AVG Free is easy to use, featuring regular and automatic virus database updates. It has realtime protection of files and e-mails (incoming and outgoing), scheduled and manual testing (scanning), and is available for both Windows and Linux.

AVG Free had a program update on August 7, 2006. The new version is now 7.1.405 for Windows, and 7.1.28 for Linux.

If you are currently using AVG Free you can get this update by right clicking on the icon in the System Tray and clicking on "Check for Updates." Alternately, open the AVG Free Control Center and click on the link - "Check for Updates."

SInce this is a program update it will require you to check for updates two or three times, to get all available updated components (Hey, it's free. How much automation can we ask for?). Agree to each available and optional component and install them all. No reboot was required on my Windows XP Pro SP2 computer and I was able to complete the updates from a Power User account.

Important
If you have a software firewall like ZoneAlarm you will need to allow the changed files to access the Internet. This is a security feature in most (real) software firewalls. They create a hash signature of the various files that you permit to connect out to the Internet. Whenever one of those files is updated it will stop it from connecting out until you check the option to Allow it and Remember the decision. I use ZoneAlarm free and had to allow four changed files to connect out with the Aug 7 update to AVG Free.

AVG Free Download Location: AVG Free Advisor: Installation files & documentation

The AVG Free download page also has a link to download the famed ewedo anti-spyware program. Here is what it says about this program on the bottom of the download page:

ewido anti-spyware Free
This setup contains the free as well as the paid version of ewido anti-spyware. After the installation, a free 30-day trial version containing all the extensions of the full version will be activated. At the end of the trial, these extensions will be deactivated and the program will turn into a feature-limited freeware version. The purchased license code can be entered at any time.

Scheduler
The AVG Free anti virus program includes a scheduler to automatically check for updates and apply them if available. Unfortunately, you are limited to just one scheduled check time in the program. I have created and tested an alternate means of checking for and installing updates using the Windows Task Scheduler, and posted an article about it on this blog page.

Posted by Wiz at 10:22 AM | Permalink

back to top ^

On 8 August 2006 Microsoft is planning to release:

Security Updates

. Ten Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.

. Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

. Microsoft will release twoNON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft will host a webcast next week to address customer questions on these bulletins. For more information on this webcast please see below:
. TechNet Webcast: Information about Microsoft's Security Bulletins
. Wednesday, August 09, 2006 11:00 AM Pacific Time (US & Canada)
WebCast Link

At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 8 August 2006.

Posted by Wiz at 7:14 PM | Permalink

back to top ^