Archive for the 'Spyware' Category


Another Spysherriff clone

Wednesday, January 18th, 2006

Sunbelt blog has the details on a spysherriff clone called pesttrap (distributed through pesttrap.com). I guess clone is not the best word as they’re calling it a “variant” which suggests to me that perhaps more has changed than just the name. SpySherriff, of course, is one of the “rogue antispyware” programs or “wolves in sheeps […]

How-to Remove SpyAxe and SpywareStrike

Tuesday, January 10th, 2006

There’s a good post at Spyware Confidential about the removal of the SpyAxe and SpywareStrike pests that are circulating widely these days. There is a good CastleCops Wiki page with Malware removal information on SpyAxe (With screenshots). Also, there is a good walkthrough of removal here, which includes instructions for smitremfix.    Send article as […]

AIM worm

Friday, January 6th, 2006

Strange AIM worm going around. It apparently includes an interesting combination of rootkits, a rootkit detector, spyware/adware, and a specialized bittorrent client. The machines can then be controlled through IRC. Source seems to be the Middle East… IM hackers then control a global botnet where their infections can be tested and payloads are pushed. Facetime […]

Warning – old wolf in sheeps clothing cloned…

Friday, January 6th, 2006

Our “good friend” spyaxe, which is one of the “wolves in sheeps clothing” that masquerade as security software, but in actuality are delivered WITH spyware, has a new clone. Apparently SpywareStrike is making the rounds, and has a website which is identical to the SpyAxe site and it looks to be the same program. The […]

More testing on the second WMF exploit

Monday, January 2nd, 2006

After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install against the latest version of […]

Version 2 of the WMF exploit vs Windows 98 SE

Sunday, January 1st, 2006

Ok, I wasn’t quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that’s now up to 4 or 5 days or so… Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for Windows 98 users. I was […]

More WMF exploit testing on Windows 98

Sunday, January 1st, 2006

I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried […]

WMF exploit situation summary…

Sunday, January 1st, 2006

Since there’s been quite a bit of flux the last couple of days I thought I’d try to “reset” the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF (Windows MetaFile) image files that […]

WMF Exploit — it’s worse…

Sunday, January 1st, 2006

This is going to be a rough start to the new year for IT staff and computer users…. There’s coverage at Incidents.org, the sunbeltblog and f-secure of the latest twist in what will likely be a BIG mess to clean up. It looks like there’s a someone spamming emails to tons of addresses with a […]

NEW exploit for the WMF vulnerability

Saturday, December 31st, 2005

Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it’s worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was “made by the folks at metasploit and xfocus, […]

Google
 
Web www.averyjparker.com