Our “good friend” spyaxe, which is one of the “wolves in sheeps clothing” that masquerade as security software, but in actuality are delivered WITH spyware, has a new clone. Apparently SpywareStrike is making the rounds, and has a website which is identical to the SpyAxe site and it looks to be the same program. The only thing that appears different is the new name. I guess with all the publicity over the spyaxe name, they figured they wanted a fresh start for the new year.
Category: Security
-
Windows more secure than Linux?
For the last week, I’ve seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I’m seeing all sorts of headlines about how Windows is more secure than Linux based on this report. (?!?) Did anyone reporting “windows more secure than linux/unix” actually read the report, look at some of the details and compare with the Technical Cyber Security Alerts?
-
Microsoft Patch Tuesday January
Sounds like this patch Tuesday will have a couple of updates in spite of the early release of the WMF vulnerability fix. Thanks to Microsoft for yielding that fix as soon as the testing was done. I would hope that it wasn’t just public pressure, but a sense of what the right thing to do is when there are exploits actively targeting a vulnerability.
-
Microsoft releases patch early for WMF exploit
Microsoft has released the patch for the WMF vulnerability that’s been all over the news early. It was released to http://windowsupdate.microsoft.com ahead of the previously announced January 10th “patch Tuesday”.
Congrats to Microsoft for getting this out the door early. That should go a long ways to blunting the attacks that are making use of this vulnerability.
-
Makers of fake security software settle lawsuit
The security fix has some news today on some bogus security software makers (the wolves in sheeps clothing as I tend to think of them…) Anyway, they’re settling deceptive trade practice chargers that were brought by the FTC. SpywareAssassin and Spykiller were facing a civil suit over their ads which invariably found infestations on a users pc and offered to clean it up for ~$30 or so.
-
WMF vulnerability advisory update
Microsoft has updated their security bulletin on the WMF vulnerability to note a couple things. One, they acknowledge that embedded images within a document can trigger the exploit. Previously they said this needed further investigation. Second, they are seconding what I’ve been finding that Windows 98 and other pre-XP systems are not as critically at risk for this vulnerability….
-
Sober virus watch…
Well, antivirus vendors and IT security folks are waiting now for the expected activation of the sober.y worm searching for a new downloads and a new revision of the pest. kaspersky’s log indicates the expected activation time is 00:00 GMT January 6th, which means here in the EST zone that would be 7PM EST… Of course many of the expected sites have been shut down. It appears that the virus will look periodically for sites to “upgrade” from for some time.
-
Microsoft OneCare and another unofficial patch
Brian Krebs at the SecurityFix today has questions about Microsoft OneCare. In fact, with Microsoft saying that OneCare is “more than just antivirus” you wonder whether that’s just marketing speak, or if that’s really the case…. he speculates about OneCare doing the registry patch that was a recommended workaround and a few other things related to OneCare.
-
Another update to exploit?
I didn’t see this reported anywhere, but since yesterday when there was an update to the metasploit module for the WMF vulnerability I think there’s been yet another update. I read yesterday that it had been updated and could evade all known IDS signatures. I downloaded the update to continue my Win98 testing. Then today found that there was another update. I haven’t compared the old/new versions but can’t help but wonder if this means more scrambling of antivirus writers for new signatures to keep up.
-
Windows 98 and WMF exploit posts
Since there’s some interest…. here is a listing of all posts related to the WMF exploit and Windows 98 that have come out in the last week.
http://www.averyjparker.com/2006/01/04/lack-of-working-exploit-does-not-mean-windows-98-is-safe/
http://www.averyjparker.com/2006/01/03/wmf-exploit-vs-windows-98-again/
http://www.averyjparker.com/2006/01/03/wmf-exploit-testing-on-windows-98/
http://www.averyjparker.com/2006/01/02/windows-98-and-the-wmf-exploit/
http://www.averyjparker.com/2006/01/01/version-2-of-the-wmv-exploit-vs-windows-98-se/
http://www.averyjparker.com/2006/01/01/more-wmf-exploit-testing-on-windows-98/
http://www.averyjparker.com/2006/01/01/wmf-exploit-and-windows-98/