… And chuck in a fake codec for good measure.

Whilst I wait to get completely flooded, yes that is our street, I shall waste my time telling you about a new rogue.

If you’re a regular reader of this blog or by chance came to our blog via the search engines you may know about SpyHeal, which is an old rogue by comparison to what we have been getting. It now seems this one has been renamed to something else as well.

(Click to Enlarge)

The good guys over at SunBelt (click for screenies) also mention this one comes with a fake codec called DVDaccess.

It’s also no real surprise that this is a Inhoster/Estdomains setup. The whois informs us that!

So if you have been affected by this rogue in anyway get yourself in our forum for free help. In the mean time chat about this one here. Removal Guides will be added shortly.

I was contacted recently by the site owner of Vista4Beginners, asking if I would agree to an interview.

Here it is: “Getting to know the Microsoft enthusiasts: Corrine Chorney – Microsoft MVP“.

After you read the interview, take some time to check out the site. You will be glad you did. There is a lot of helpful information, presented in a clear, concise manner — and not just for “beginners”. Enjoy!

Remember – “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Well yes! I’ve been too busy with other matters, but just realised that this needs to be blogged as it’s very important!

Yesterday a fellow security buddy of mine tested a flaw that has been making the rounds lately … well since sunday to be precise. What flaw I hear you ask? This one!

“Microsoft Tuesday fixed a bug in its Windows Live ID registration that let users deceptively register a false e-mail address.

The false e-mail address could then be used as an ID for Microsoft’s Live Messenger program, which could trick users into thinking they are chatting with someone who is not whom he appears to be, such as steveballmer@microsoft.nl.”

We tested this whilst I was logged into my Windows Live ID. Even Chris Boyd has been getting reports about it over at his blog.

Be on the alert if someone adds you using @microsoft.nl to Windows Messenger or if an e-mail pops up in your Inbox/Junk Box. It is more than likely a scammer! Chat about it here.

Last week we reported about a rogue (System Live Protect) which looks alot like Microsoft and some may say alot like Windows Live Onecare.

I actually forgot to report the next one due to commitments elsewhere so here is the next one. Named Spy Hazard, it’s a family of other rouges.

(Click to Enarge)

I don’t need to go into great detail other than what I have said, it’s a rogue. It will autoinstall and annoy the hell out of you.

There are removal guides about which you can use if you have this on your system

• Our Removal Guide for SpyHazard

You can chat about this with us in our forum and receive help in our malware removal forum.

Exchange MVPs will be on hand to answer your questions about Exchange Server, Outlook and Exchange for Small Business Server. So if you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003 we hope you can join us for this informative online chat!

Chat 1

When: Tuesday June 19^th
Time: 5 pm PST (8pm EST)
Where: TechNet Chat Room www.microsoft.com/technet/community/chats/chatroom.aspx
No password required

Chat 2

When: Thursday June21st
Time: 10 am PST or 1 pm EST
Where: TechNet Chat Room www.microsoft.com/technet/community/chats/chatroom.aspx

No password required

References:

• Microsoft TechNet

• Microsoft Communities

Remember – “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

… Same story, different day …

This one goes by the name System Live Protect. And from what I can understand, this one is making the rounds at a few public boards already. By that I mean, computer users are complaining about it.

Originally reported by someone else I thought I’d give it a try and to my amazement this one doesn’t inform you that you have x, y and z on your system like most rogues do.

(Click to Enlarge)

(Click to Enlarge)

And as you can also see, it looks a lot like Windows. Another copyright issue? Maybe, but I’m sure many computer users will be fooled by this!

You know what the funniest-thing-ever-is? Copying someone else’s policy. But not just any old policy. It’s a policy from a known and respected company. Click the image.

(Click to Enlarge)

Two seconds later and we can compare what you see in the image above to Lavasoft’s Policy. No surprise to assume someone went on a copy & paste mission.

What about the whois? No surprise really;-

Old Whois (taken off 14th of June);-

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: LIVE-PROTECT.COM

Registrant:
Bulavich Inc.
Yakob Van
562 Johnson str.
Memphis
TN,23542
US
Tel. +310.3432333

Creation Date: 30-Jan-2007
Expiration Date: 30-Jan-2008

Domain servers in listed order:
managedns1.estboxes.com
managedns2.estboxes.com
managedns3.estboxes.com
managedns4.estboxes.com

Latest Whois;-

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: LIVE-PROTECT.COM

Registrant:
Windefender INC Canada
Joe Cravitz (support@windefenderpro.com)
433 Appel Str.
Toronto
ON,H7H3E4
CA
Tel. +416.7639002

Creation Date: 30-Jan-2007
Expiration Date: 30-Jan-2008

Domain servers in listed order:
managedns1.estboxes.com
managedns2.estboxes.com
managedns3.estboxes.com
managedns4.estboxes.com

… I say suprise. Take the name Dmitry Welch as an example. On the offending web-site above it states:

“Dmitry is the Founder and CEO of Live-Protect. As CEO, he is responsible for developing the overall vision, strategy and product roadmap for the company.”

That isn’t the only site which has the above quote on. It’s also on Sysrergistry.com and RegMagic.com. Click on those links, they all relate to Estdomains Inc. And also, to no suprise, a different registrant address appears. Plus they registerd on the same day.

(Click to Enlarge)

(Click to Enlarge)

(Click to Enlarge)

If you clicked on those images you can clearly tell that on the company/contact pages it has the same statement about who works there and what they do. For comedy value they also ask you to communicate via IM … lol

So what do you think about this? Tell us here. You can also receive help in our forums if this has affected you. Or if english isn’t your first language, visit asap for a wider choice.

Removal Guides;

• Our removal guide for System Live Protect
  

(Thanks goes out to nosirrah, suzi and several other for this)

Update – They clearly don’t like us and are changing the whois alot.

The Julie Amero case was probably the stand-out case over recent years about computer security. Many bloggers, including me, watched the case develop with great interest. Even with the recent events of a new trial. But like many people in the same field as me, we always wonder how we can prevent such a thing. If not in the first place but for the future.

What happened to Julie could easily be you! Cases like this could happen again. So let’s enter something that may prevent future cases, The Julie Group.

This group/blog brings many experts together from a wide range;

“Our purpose here is twofold: First, to bring attention to those situations where injustice is being done through the misuse or misunderstanding of computers and computer forensics; and second, to prevent future injustice wherever we are able.”

I recommend everyone to bookmark it & read what some of the contributors have to say. If you have a suggestion or comment about this, let us know so we can pass it on.

Back in December we reported about a new rogue, ContraVirus. Since then we have added a removal guide for you to follow.

ContraVirus has been making the rounds again lately after being used for another exploit. This time through hacked .edu sites. Sunbelt pretty much nail it on the head.

Links – Removal Guide for ContraVirus – HijackThis Forum to get help in – Forum Discussion Topic

As more info comes we will update posts, articles accordingly.

Ok so I can blabble on a bit and sometimes be a tad annoying. Taking that into account I will let “quotes” do the work in this article. Plus I am mega-tired right now!

“NEW LONDON — A New London Superior court judge this morning granted a defense request seeking a new trial for Julie Amero, the former Norwich middle school substitute teacher convicted of exposing her middle school students to Internet porn.” – Norwich Bulletin

… and …

“The new trial ordered by Superior Court Judge Hillary B. Strackbein comes after a campaign on Amero’s behalf by computer security experts around the country, who offered evidence showing that Amero’s computer was taken over by malicious “spyware” that caused a rapid fire sequence of pornographic “pop-up” windows to appear on the screen.”

“In setting aside the guilty verdict, Strackbein ruled that the witness the state presented as a computer expert, a Norwich police detective, provided “erroneous” testimony about the classroom computer.”

“The jury may have relied, at least in part, on that false information,” said Strackbein.” – courant.com

… So yeah some great news here and I can probably blab on for a bit, but I think those articles and quotes really tell you the story. Something good may be happening in regards to this. What do you think about this decision? Tell us here and also tell the world and Digg it over at Digg.com.

Update … Links are coming in thick and fast as you can imagine so here are just a few:

• SecurityFix
• Video outside the courts today
• TheDay.com
• SunBelts’s Alex Eckelberry’s comments
• … And many more

How fun is that? Well for the likes of me who can chuck rotton vegetables in their face and laugh, as fun as you can get. But for MySpace users, the fun ends immediatley.

In March we blogged about some new rogues in the wild, one called SpyAway. Eventually it went offline for a short period of time but since, when I just checked now, it seems to be back on the market. For how long? I wouldn’t like to say. But what if I tease you guys and add some more names into the mix with the said rogue?

… Zango… and a rogue application …

Is that good enough for you? No?

… Zango … and a rogue application … and MySpace?

Is that good enough? Well I hope so because here we go. Get ready!

According to Chris Boyd, Director of Malware Research for FaceTime and good friend, when you click on certain profiles on MySpace you could be in for a scary ride.

You’d get a fake profile that has random text, and eventually after endless amount of clicking and being annoyed, you’d have fake taskbar warnings popping up and a hijacked Internet Explorer banner which then directs you to Antispysolutions.com.

That site then lists SpyAway, but what has Zango got to do with this as it seems pretty obvious this is a fake profile promoting a few rogues? Well…..

“… the application claims to “detect” 180 Solutions (Zango), along with a few other items. This is done by downloading some “dummy” files that the scanner then magically finds. The files themselves don’t do anything as far as we can tell apart from sit there and feed the results of the scanner – of course, they aren’t legitimate Zango executables.” – SpywareGuide

… So there you have it. Will Zango go busting some rogue antispyware vendor/company/organisation? If so, I wish them luck. Should be interesting.

If you have an account on MySpace, be carefull on peoples profiles. MySpace is in itself clean, but some headcases who use it are not. Do you think MySpace are doing enough of killing people having fake profiles? Tell us here and you can also get help here!

Coverage: Digg.com – SpywareGuide – VitalSecurity