It’s worth repeating a few things here. There is a nasty exploit in the way that WMF images are parsed in Windows. This means that WITHOUT user intervention a system can be remotely exploited and through that exploit various software (spyware, viruses, other malware) can be installed. There is no patch at this moment, I don’t know of my AV vendors that detect it (f-prot seems to according to their blog posts.) There is a workaround TO PREVENT INFECTION. If the system is already infected, reinstallation may be the only solution.
Tag: malware
-
Network Security guide for the home or small business network – Part 15 – Security Through obscurity
I remember many years ago watching a Dr. Who episode where a very important key was “hidden” in a display of many other keys. Kind of like hiding a tree in a forest. This concept is “security by obscurity”. Generally this is considered a bad approach to security. It is a bad approach if this is the ONLY thing you consider. Many examples are security by obscurity are usually thought of as… proprietary applications that keep source code secret so no one can find what flaws exist, using operating systems or programs that are “obscure” or have small market share and are not targetted.
-
Spyaxe Spytrooper spysherriff et al removal
There are so many “wolves in sheeps clothing” or maybe I should say wolves in sheepdogs clothing… Anyway, so many nasty malware’s that pose as protective utilities. Spyaxe, spytrooper, spy sherriff, etc. There is a tool that is specialized towards removing these. Smitrem which is short for smitfraud removal. (After the viral name of one of the first of this class of rogue.)
-
Wow serious VMWare vulnerability HOST system infection
A flaw in vmware could allow malicious code to be run on the host machine according to Sunbeltblog and citing VMWare’s knowledge base. This is pretty big since this is something that’s not considered as a threat. (Many people use vmware and other virtual machines for malware/virus/spyware investigations because they’re supposed to be isolated from the host machine.)
-
Disinfecting a PC… part 8
All right, now it’s time to give ad-aware a spin. I like being able to use several spyware scanners to get full coverage and cleaning. Ad-aware and spybot s&d are usually my first two choices. Realize that I’ve already taken a pass at this machine with AVG, BHODemon (for the browser helper objects) and Spybot S&D. Ad-aware finds a total of 700+ items.
-
Malware scanning?
The SANS institute is warning of an increase in reports of malware scanning for vulnerabilities. Currently these samples of malware are undetected by current antivirus signatures. They’re requesting samples of the malware for analysis. The last such surge in scanning was about a week ago when they noted a spike in scans to port 1026. It turned out that was advance recognition of the dasher worm trying to circulate.
-
Disinfecting a PC… part 4
So, AVG has been scanning away finding things we’ve really got a foothold on the system and the malware has a fight on it’s hands. It’s good to see progress. Up to this point we’ve had multiple Spool32 errors (printer related). These errors are what prompted the system to be brought in initially. There’s a lexmark system tray item that loads on boot. No time to investigate that yet. Here’s the log of the AVG antivirus scan…
-
Adobe moving to monthly patch cycle
I just saw a news article (sorry no link at the moment)… that mentioned that Adobe has announced they will move to a monthly patch cycle. This takes a cue from Microsoft which since October of 2003 has had a predictable monthly patch release. It’s nice to see security patches released in a routine, expected, predictable, orderly way. Now if only we can get the malware writers to stick to a single monthly malware release we’ll be in good shape.
-
A couple warnings related to fake security sites
Sunbelt has this warning about yet another fake security site. This one is laid out a bit different than the others we’ve seen in recent days. It’s not quite the same spoof of the Windows Security Center, but it makes use of Microsoft’s security logo. (And it does say Security Center at the top of the page along with “Help protect your pc”.) From sunbelt…
For your block lists:
amaena[dot]com -
The letters keep coming…
I really don’t know how a SMALL operation can do any kind of software scanning with all the…. legal challenges to have to answer to. Of course, I suppose some don’t, they just cave and their scanners suffer in effectiveness. Anyway, Sunbelt Software blogs about ANOTHER cease and desist letter they’ve received from the makers of CasinoontheNet, Cassava. I still think there should be class action suits against spyware/malware/difficult to remove-ware/makers that use deceptive practices to get their software installed/make it a nightmare for an end-user to remove and generally wind up COSTING end-users money having their pc’s cleaned.