Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

Trojan Redbrowser.A steal money

Redbrowser.A is J2ME based Java Midlet that sends SMS messages to specific number.

The Redbrowser pretends to be a WAP browser that offers free WAP browsing using free SMS messages to send the WAP page contents. But what Redbrowser actually does is to send SMS messages to one specific number thus it may cause financial losses to the user.

The fact that Redbrowser claims to send free SMS messages as part of its normal operation, is to fool the user into allowing the application permission to use Java SMS capabilities in phones that require permission from the user before sending SMS messages. This claim of free service is a form of social engineering.

The social engineering texts used in Redbrowser.A are in Russian, which limits the trojan only to Russian speaking countries.

February 28, 2006 on 10:07 am | In Trojan | No Comments |


Crossover PC/Windows Mobile virus found

The Mobile Antivirus Researchers Association claims to have detected the first worm that can jump from a PC to a Windows Mobile-powered wireless device.
The ‘Crossover’ worm nests itself in a directory on a Windows PC where it will automatically activate once the user connects a Windows Mobile device using Microsoft ActiveSync.
The digital pest was sent to the association anonymously and is a proof-of-concept designed to show off its features but not cause any actual harm.
“This is proof-of-concept code for educational purposes only. This virus closes the gap between handhelds and desktops. Now it’s one big world open to all,” the worm creators said in a note attached to the virus.

Read more here.

February 28, 2006 on 10:00 am | In Virus | No Comments |


SpyBot 2006-02-24 Update Available

Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL + CoolWWWSearch + MaxSearch ++ Hyperlinker ++ SecureServicePack.BadBHO
Malware
++ ADWareBazooka ++ HitVirus + Command Service ++ Smitfraud-C. (2) + Mailbot ++ SpyFalcon + MagicControl.Agent ++ Win32.Agent.acf ++ Win32.Agent.acr
PUPS
++ SpyiBlock
Spyware
+ Targetsaver ++ NiceSpy
Trojan
+ PestTrap ++ Teslaplus.com

Read more and download Free Anti Spyware – SpyBot.

February 24, 2006 on 9:55 am | In Updates | 2 Comments |


New worm with File encrypt function found

Yesterday Kaspersky Lab came across a worm with a German (speaking) background, Email-Worm.Win32.Skowor.b.
In contrary to programs like GPCode, Skowor is able to replicate; it tries to spread via a share that it creates.

When installed, the worm displays a message telling the user that s/he has 5 pc reboots in order to get a password which can be used to uninstall the worm. If the user doesn’t do this, the worm will encrypt a number of important files and change the Administrator and current user password.
The worm also changes the IE start page to the author’s website.

Link here.

February 24, 2006 on 9:30 am | In Worms | No Comments |


Panda DesktopSecure for Linux workstations

Security firm Panda Software yesterday unveiled the beta version of its Panda DesktopSecure for Linux workstations.

As Linux systems become increasingly prominent for home use and in corporate environments, the firm said that DesktopSecure aims to protect both types of workstations, providing anti-malware protection managed via a graphic console.

The product also includes an enhanced firewall for workstations, and an intrusion prevention system to guard against network threats such as worms.

The final release version of DesktopSecure will be offered free to home users, and can be installed on all distributions of Linux.

February 24, 2006 on 9:07 am | In Linux | No Comments |


Mac OS X File Association Meta Data Shell Script Execution

Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the “__MACOSX” folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment.

This can also be exploited automatically via the Safari browser when visiting a malicious web site.

Secunia has constructed a test, which can be used to check if your system is affected by this issue.

February 23, 2006 on 12:41 am | In Exploits & Vulnerabilities | No Comments |


New rogue Anti Spyware – “The Spyware Shield”

Spyware Warrior reports about new rogue anti spyware – The Spyware Shield

The Spyware Shield

The Spyware Shield uses inadequate detection scheme.
This app as Ad-Purge Spyware Remover, Privacy Crusader, & Spy Reaper

Downloadable from thespywareshield.com

February 22, 2006 on 10:47 am | In Rogue Anti Spyware | No Comments |


New variant W32/Feebs found

A new variant of W32/Feebs is making the rounds. Fellow handler Bojan has spent quite some time with de-obfuscating the JavaScript and VB code, and we’re still looking at what it does besides downloading base64 encoded versions of W32/Feebs. You might want to block access to

*.coconia.net
*.by.ru
*.kazan.bz
*.t35.com
*.freecoolsite.com
*.nm.ru

until the AV vendors have the patterns lined up.

New varian spreads as an email with subject “Secure Message from GMail.com user“, and contains a ZIP attachment (data.zip in the sample at hand), which in turn contains a file “Encrypted Html File.hta”, which contains the heavily obfuscated Javascript exploit code that triggers the W32/Feebs download from the above sites.

Update:
AV detection is available by now

BitDefender|7.2|02.22.2006|Win32.Worm.Feebs.1.Gen
Kaspersky|4.0.2.24|02.22.2006|Worm.Win32.Feebs.cb
McAfee|4703|02.22.2006|W32/Feebs.gen@MM
Panda|9.0.0.4|02.22.2006|Suspicious file
Sophos|4.02.0|02.22.2006|W32/Feebs-Gen
Symantec|8.0|02.22.2006|W32.Feebs

Thanks to SansBlog

February 22, 2006 on 5:30 am | In Virus | No Comments |


Multiple vulnerabilities in WinAmp – Affected all versions (including 5.13)

Multiple vulnerabilities have been identified in Winamp, which could be exploited by remote attackers to take complete control of the affected system.

The first flaw is due to a buffer overflow error when processing a specially crafted playlist containing an overly long media filename, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted playlist.

The second issue is due to a buffer overflow error when processing a playlist (.m3u) with an overly long filename, which could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system via a specially crafted web page.

Read more here.

February 19, 2006 on 6:20 am | In Exploits & Vulnerabilities | No Comments |


Leap.A – Worm for Mac OS X

Leap.A is a binary file compiled for Mac OS X. It arrives in an archive file, called ‘latestpics.tgz’. When the executable in the archive is opened the virus activates. First it drops an icon resource and an external hook bundle which is used for spreading through iChat.

Spreading through iChat

Leap.A installs a bundle to ‘~/InputManagers/apphook’ that hooks certain iChat functions. When any of the user’s buddies change their status, the worm initiates a file transfer and sends a copy of ‘ ‘latestpics.tgz’. The file transfer is not visible to the user as the worm hides the transfer status information.

File infection

The worm enumerates all applications on the computer that were used during the last month. Leap.A replaces the main executable of those applications with itself and saves the original file to a resource fork with the same filename. When the application is opened the worm activates first, then it runs the original application from the resource fork.

Thanks to F-Secure.

February 18, 2006 on 7:54 am | In Worms | No Comments |



Next Page »

My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.