March 31st, 2007 by
AndyAtHull
With a week or so to go untill the ‘Big One’ starts here at Security Cadets I thought I’d remind you folks about it! And spam it like it’s 1999!
It all kicks off next Sunday the 8th of April …
So what kicks off I hear you ask …? Well our celebrations for actually becoming a year old … amazing huh? I can’t believe it myself. There will be prizes to be won, randomness to be had and no security in site for a whole month! Unless it’s a mega-big-thing!
We’ll also have new forums being opened so you can get more direct advice it if isn’t malware related and I’ll even dress up as Mr. Bean!
So next week, the 8th of April, make sure you are around for the whole month of greatness! And look out for blog & forum announcements.
If you’re a security company and still wish to donate please contact me! With several already involved it will be stupid to miss out! All sponsers will get a link on the front page for a month. Things are subject to change. E-mail for more details.
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Filed under
Site News |
7 Comments »
March 30th, 2007 by
AndyAtHull
Going around as spam. I’ve had about five of them and SunBelt got them too. This is obviously a fake and never came from admin AT microsoft DOT com.
(Click to Enlarge)
You can see the source code here (pdf format). And the image isn’t as you have guessed hosted at microsoft. Once you click on the image you get a trojan. See the VirusTotal results here. So if this one comes into your inbox or junk box, delete!
If you have been affected by this or wish to discus it in more detail, visit our forum here.
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Filed under
Browsers, Microsoft, Spam |
3 Comments »
March 27th, 2007 by
Corrine
The following Windows Vista updates are available:
Install this update to resolve an issue where an error message is received when placing a Windows Vista system into a sleep state while a PPP connection is active. After you install this item, you may have to restart your computer
This update is provided to you and licensed under the Windows Vista License Terms.
Install this update for Windows Mail to revise the definition files used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
This update configures the Windows Customer Experience Improvement Program to improve the quality of software information sent to Microsoft.
Install this update to resolve an issue where poor video quality may be experienced when configuring video to interlaced mode on a system running Windows Vista.
Install this update to resolve an issue where an Apple iPod may be corrupted by using the Safely Remove Hardware feature on a system running Windows Vista.
Install this update to resolve an issue where when adding metadata to RAW images from Canon EOS-1D or EOS-1Ds cameras, the file is truncated and the image is permanently lost.
This update is provided to you and licensed under the Windows Vista License Terms.
Update information via ActiveWin - Mirrored in our forum
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Filed under
Microsoft, Security Related |
1 Comment »
March 27th, 2007 by
AndyAtHull
This last weekend just gone we reported that adverts appeared on the AOL site which directed to the malware related program, Winfixer. Sandi Hardmeier blogged that an advertisement was lurking on the AOL website some time ago but could only prove it in full this weekend.
After some hard work and trying to get into touch with AOL she finally managed to discuss this matter with AOL themselves. AOL’s official statement on the incident is:
“We use a wide range of technical and policy measures to prevent malware distributors from placing advertisements on our networks, but apparently one was able to circumvent those measures. We have blocked this ad campaign and [are] working with our technical and legal teams to take additional steps to block similar issues in future.”
For full details about this visit Spyware Sucks. If you have been affected by this, you can discuss this directly with me (or our staff) on this matter in more detail in our forum.
Hopefully AOL will manage to take the additional steps to block similar issues in the future!
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Filed under
Security Related |
No Comments »
March 24th, 2007 by
AndyAtHull
Here is proof you get directed to ErrorSafe aka WinFixer aka SystemDoctor from an AOL site.
DISCLAIMER: Please do NOT visit the urls in the article at Spyware Sucks unless you know what you are doing - some of the urls WILL try to install errosafe onto your computer
Sandi Hardmeier, who in my opinion certainly rocks, managed to prove today that AOL directed to ErrorSafe aka SystemDoctor aka WinFixer.
This week the MS MVP got alerted about this issue but never had the network monitors running so could only prove it from screenshots. However now the monitors were running she could be let loose on the matter:
“I’ve posted a couple of times on this blog about how visits to AOL pages were redirecting at random to Winfixer (aka SystemDoctor). On previous occasions I did not have network monitors running, and therefore could only offer screenshots and my word as “proof” of the incidents.”
“This time, however, Microsoft Network Monitor was running when I visited the AOL page and was redirected to an ErrorSafe page.”
“Below are snippets of relevant network data - the full logs are available for inspection and use by the appropriate authorities.” - Spyware Sucks
She goes into further detail what happens when you get redirected. And I agree with her, although I don’t have any monitors on, the redirect is there in full daylight to see.
Discuss any problems or questions about this in the forum topic here or in a comment to this article
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Filed under
Security Related |
2 Comments »
March 22nd, 2007 by
Corrine
Mozilla updated both supported versions of Firefox to 2.0.0.3 and 1.5.0.11, respectively, with a security and stability update. See Security Advisory 2007-11.
It is strongly recommended by Mozilla that the update be installed as soon as possible. If you have turned off the update notification, you can manually “check for updates” from the Help menu.
Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2.
Discuss any problems or questions about the update in the forum topic here.
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Filed under
Browsers |
No Comments »
March 20th, 2007 by
AndyAtHull
Which looks alot like VirusBurst(ers) and recent rogue, SpyDawn. Only they styled it the same blue as this rocking site! Ok enough of me boasting. Serious stuff here.
I never really tell you how these get installed or where they come from whilst surfing the internet. Mainly because we have all seen it before and generally know. But for the new readers applications like this get installed on a system by the Trojan.Zlob from fake codecs to view video files.
Then once you view these files with the codecs you will be asked to install these rogues then once installed it’s found x, y and z on your system. Only to lure you in to pay for the program which in affect is a scam.
(Clich to Enlarge)
This rogue, like many others generally look the same. The licence agreement or known as EULA contain the most mistakes as they sometimes show previous rogues mentioned rather than the rogue it is installing. And the web-sites for these also generate many mistakes.
This rogue is associated with the infamous Inhoster as the whois shows:
Registration Service Provided By: ERDOMAIN.COM
Contact: +49.1797458539
Website: http://www.erdomain.com
Domain Name: SPYLOCKED.COM
Registrant:
Privacyprotect.org
Domain Admin (contact@privacyprotect.org)
PO Box 83-000
Johnsonville
Wellington
null,6440
NZ
Tel. +45.36946676
Creation Date: 19-Feb-2007
Expiration Date: 19-Feb-2008
Domain servers in listed order:
ns3.wildgadgets.biz
ns2.wildgadgets.biz
ns1.wildgadgets.biz
If you come across this rogue, avoid installing it. If you have became affected by fake codecs and installed this one then visit our SpyLocked Removal Guide or get step by step assistance from a qualified helper here. Discuss it in more here.
Update; The removal guide has been updated to include the new names for this rogue and versions. SpywareLocked 3.1 3.4 & 3.5 all get removed by our guide.
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Filed under
Rogue Programs, Security Related |
16 Comments »
March 20th, 2007 by
Corrine
I was catching up the postings at Windows Vista Magazine which led me to a nice tutorial on how to Disable unnecessary services the quick and easy way at VistaRewired.
There is a lot more at VistaRewired, which is why the site has been bookmarked in Reviews and Collections. The individual tutorials are linked below. Perhaps when time allows (!), I will break those links down further into suitable bookmark pages. In the meantime, there is a lot of information at VistaRewired:
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
I see you all looking around and wondering if you are lost — or if it is me who is lost. Neither of us are lost. Andy asked me to stop in from time to time and add whatever I wish to Security Cadets Blog.
So, here I am with a Windows Vista Bookmarks update and wondering why I haven’t heard from Security Cadets members. Let’s have some suggestions for Vista bookmarks. Here is your own special topic in the Security Cadets forum:
Add your bookmarks!
Corrine
Share this article/page with:
These icons link to social bookmarking sites where readers can share and discover new web pages.
