Wiz's Computer and Website Security Blog

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).

Spybot-S&D Updates Page

2006-12-29

Adware
+ NSIS Media Extension

Hijacker
++ PartyPoker

Malware
+ ErrorSafe + PSW.WOW + Smitfraud-C. (3) + SystemDoctor2006 + VirtuMonde

PUPS
+ AntiverminsPro ++ CyberDefender

Trojan
+ AnotherBOT + BPS Spyware Remover ++ CIOLE.Media.Extension + Dumaru (2) ++ GoldenRivieraCasinoLoader + LZIO.Small + QQRob (5) ++ War3z + WarezP2P (2) ++ Win32.Agent.At + Win32.Agent.uj + Win32.Bancos.zm + Win32.Banker.anv ++ Win32.Delf.acc ++ Win32.SdBot.azc ++ Win32.VB.atz (2) + Zlob.GoldCodec (3) + Zlob.KeyGenerator + Zlob.PornMagPass (2) + Zlob.PornPassManager ++ Zlob.SoftCodec + Zlob.VideoAccess (4) + Zlob.VideoActiveXObject (3)

Total: 346147 fingerprints in 57026 rules for 2586 products.

English Language Company Links:
Spybot Search and Destroy Home Page
Spybot Search and Destroy Download page - Program and definition updates.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. Furthermore, if you run with reduced user privileges, such as a Limited User, or Power User, your choice of updates will be more limited that if you apply them from an administrator level account. You would do this by first applying the updates as a Limited or Power User, then Switch Users, or log onto an Administrator account and re-apply the updates and immunizations.

People with Windows based computers can greatly improve their browsing security by running their accounts as less privileged users, switching to the Administrator level account only when it is needed for a particular operation that is not possible from a Limited rights account. I have a lot of imformation about using reduced privileges here and here.

Posted by Wiz at 2:50 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).

Dialer
+ StarnetItalia

Keylogger
+ Smitfraud-C.Keylogger

Malware
+ Backdoor.Win32.SdBot.gen + CarpeDiem Vars + Cimuz + PestTrap + PWS.WOW (2) + Smitfraud-C. (2) + VirtuMonde + WinClean + Winsoftware.WinAntiVirusPro2006 ++ Backdoor.Win32.MsnLog ++ Win32.Bancos.zm

PUPS
+ MalwareWipe

Spyware
+ TargetMarketingAgency

Trojan
+ Cassava + FakeBill + LZIO.Small + QQRob (3) + SeachToolbarCorp.ToolbarVision + VistaActivation.Trojan + Win32.Bifrose.aci + Win32.Delf + Zlob.DigiPassword + Zlob.PornMagPass (2) + Zlob.Wave ++ Zlob.VideoActiveXObject

Total: 343132 fingerprints in 56039 rules for 2557 products.

English Language Company Links:
Spybot Search and Destroy Home Page
Spybot Search and Destroy Download page - Program and definition updates.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

Posted by Wiz at 3:43 PM | Permalink

back to top ^

Mozilla.org has released Firefox 1.5.0.9 as a security and stability update to the 1.5x line of browsers. It is recommended that people who are not ready to update the firefox 2 should at least get this update. You extensions should continue to work, along with all of your bookmarks and personal settings (this may not be the case when upgrading to version 2.x). You can download Firefox 1.5.0.9 here.

Here is what Mozilla has to say about this incremental upgrade to 1.5.0.9:

What's New in Firefox 1.5.0.9

Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2.

Fixed in Firefox 1.5.0.9

MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

Source and details: http://www.mozilla.com/en-US/firefox/releases/1.5.0.9.html

Posted by Wiz at 2:27 AM | Permalink

back to top ^

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated. Users of the free version should check for and install the new definitions manually.

Updated definitions:
====================
Win32.Trojandownloader.Zlob +9
Urls
Tracking Cookies
Redirected hostfile entry

MD5 checksum is a35ff7910204e191b20454727786c014

You can use Webupdate to install the new reference file, or download
it manually from: http://download.lavasoft.de.edgesuite.net/public/defs.zip

Download the current version of Ad-Aware here: http://www.download.com/3405-8022-5153545.html

See all security program update notices in this catagory

Posted by Wiz at 4:55 PM | Permalink

back to top ^

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated. Users of the free version should check for and install the new definitions manually.

Updated definitions:
====================
Adware.Agent
Adware.BHO(generic) +5
Adware.LinkOptimizer
Adware.MyToolbar
Adware.NewWeb +2
Adware.VB
ErrorSafe +3
FakeAlert +2
istbar
Locators.com Toolbar
PurityScan
Softomate Toolbar +2
Virtumonde +5
Win32.Backdoor.Agent +2
Win32.Backdoor.PcClient
Win32.Backdoor.SDBot
Win32.Generic.PWS +10
Win32.Trojan.Agent +8
Win32.Trojan.Delf +2
Win32.Trojan.Downloader +22
Win32.Trojan.Klone
Win32.Trojan.MatrixHasYou +28
Win32.Trojan.Mirc +9
Win32.Trojan.Spambot +2
Win32.Trojan.Spy +2
Win32.Trojan.Starter +2
Win32.TrojanClicker +9
Win32.TrojanDownloader.Agent +6
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.Delf +8
Win32.TrojanDownloader.Small +10
Win32.TrojanDownloader.VB +4
Win32.Trojandownloader.Zlob +72
Win32.TrojanDropper +5
Win32.TrojanProxy.Agent.dl +4
Win32.Trojan-PSW.Lineage +3
Win32.TrojanSpy.Banker +64
Win32.Worm.MSNMaker
Win32.Worm.Viking +4
Win32.Worm.Warezov +3
WinAntiVirusPro +9

MD5 checksum is d6bbf51363239f631af2d1a48cfdbf67
============================================
You can use Webupdate to install the new reference file, or download
it manually from: http://download.lavasoft.de.edgesuite.net/public/defs.zip

Download the current version of Ad-Aware here: http://www.download.com/3405-8022-5153545.html

See all security program update notices in this catagory

Posted by Wiz at 12:06 PM | Permalink

back to top ^

CastleCops A new filter set for MWP users brought to you by Wizcrafts!

I just updated my most effective MailWasher Pro image spam filter to catch a new variant; jpegs instead of gifs. The updated filters are here.

The new rule, just under the "Restored From MailWasher Recycle Bin" rule, catches 99% of the image spam sent to me. It uses only one regular expression and is faster acting than the other rules that use more regular expression matches.

If you are not currently using a spam filter and are getting deluged with image spams for penny stocks, the combination of the email screening program MailWasher Pro and my custom MailWasher filters will reduce your visible spam to a tiny percentage of what you are probably seeing right now.

Note: The MailWasher Pro filters.txt does not go into the program directory. It goes into the MailWasherPro subdirectory under Documents and Settings\(your profile)\Application Data\. You can find this direectory and it's contents by opening MailWasher Pro, clicking on "Help," "About" and on the link on the bottom of the "About" box.

I have updated my MailWasher Pro filter rules again to block all of the current variety of image spam for junk stocks, pills and porn, effective 5/1/2007. If you have been using my filters and are still getting these image spam emails you should update your filters to the newest codes. I have also improved the parsing speed by reducing the scope of the Regular Expressions rules to the bare minimum needed to catch various types of spam.

My filters are here: http://www.wizcrafts.net/mwp-filters.html. There is a link under the iframe to load my current reduced filter set instead of the large, partially out-dated set, into the iframe. You can also download either filter set from that page.

Posted by Wiz at 1:10 PM | Permalink

back to top ^