… And chuck in a fake codec for good measure.

Whilst I wait to get completely flooded, yes that is our street, I shall waste my time telling you about a new rogue.

If you’re a regular reader of this blog or by chance came to our blog via the search engines you may know about SpyHeal, which is an old rogue by comparison to what we have been getting. It now seems this one has been renamed to something else as well.

(Click to Enlarge)

The good guys over at SunBelt (click for screenies) also mention this one comes with a fake codec called DVDaccess.

It’s also no real surprise that this is a Inhoster/Estdomains setup. The whois informs us that!

So if you have been affected by this rogue in anyway get yourself in our forum for free help. In the mean time chat about this one here. Removal Guides will be added shortly.

I was contacted recently by the site owner of Vista4Beginners, asking if I would agree to an interview.

Here it is: “Getting to know the Microsoft enthusiasts: Corrine Chorney - Microsoft MVP“.

After you read the interview, take some time to check out the site. You will be glad you did. There is a lot of helpful information, presented in a clear, concise manner — and not just for “beginners”. Enjoy!

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Well yes! I’ve been too busy with other matters, but just realised that this needs to be blogged as it’s very important!

Yesterday a fellow security buddy of mine tested a flaw that has been making the rounds lately … well since sunday to be precise. What flaw I hear you ask? This one!

“Microsoft Tuesday fixed a bug in its Windows Live ID registration that let users deceptively register a false e-mail address.

The false e-mail address could then be used as an ID for Microsoft’s Live Messenger program, which could trick users into thinking they are chatting with someone who is not whom he appears to be, such as steveballmer@microsoft.nl.”

We tested this whilst I was logged into my Windows Live ID. Even Chris Boyd has been getting reports about it over at his blog.

Be on the alert if someone adds you using @microsoft.nl to Windows Messenger or if an e-mail pops up in your Inbox/Junk Box. It is more than likely a scammer! Chat about it here.

Last week we reported about a rogue (System Live Protect) which looks alot like Microsoft and some may say alot like Windows Live Onecare.

I actually forgot to report the next one due to commitments elsewhere so here is the next one. Named Spy Hazard, it’s a family of other rouges.

(Click to Enarge)

I don’t need to go into great detail other than what I have said, it’s a rogue. It will autoinstall and annoy the hell out of you.

There are removal guides about which you can use if you have this on your system

• Our Removal Guide for SpyHazard

You can chat about this with us in our forum and receive help in our malware removal forum.

Exchange MVPs will be on hand to answer your questions about Exchange Server, Outlook and Exchange for Small Business Server. So if you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003 we hope you can join us for this informative online chat!

Chat 1

When: Tuesday June 19^th
Time: 5 pm PST (8pm EST)
Where: TechNet Chat Room www.microsoft.com/technet/community/chats/chatroom.aspx
No password required

Chat 2

When: Thursday June21st
Time: 10 am PST or 1 pm EST
Where: TechNet Chat Room www.microsoft.com/technet/community/chats/chatroom.aspx

No password required

References:

• Microsoft TechNet

• Microsoft Communities

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

… Same story, different day …

This one goes by the name System Live Protect. And from what I can understand, this one is making the rounds at a few public boards already. By that I mean, computer users are complaining about it.

Originally reported by someone else I thought I’d give it a try and to my amazement this one doesn’t inform you that you have x, y and z on your system like most rogues do.

(Click to Enlarge)

(Click to Enlarge)

And as you can also see, it looks a lot like Windows. Another copyright issue? Maybe, but I’m sure many computer users will be fooled by this!

You know what the funniest-thing-ever-is? Copying someone else’s policy. But not just any old policy. It’s a policy from a known and respected company. Click the image.

(Click to Enlarge)

Two seconds later and we can compare what you see in the image above to Lavasoft’s Policy. No surprise to assume someone went on a copy & paste mission.

What about the whois? No surprise really;-

Old Whois (taken off 14th of June);-

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: LIVE-PROTECT.COM

Registrant:
Bulavich Inc.
Yakob Van
562 Johnson str.
Memphis
TN,23542
US
Tel. +310.3432333

Creation Date: 30-Jan-2007
Expiration Date: 30-Jan-2008

Domain servers in listed order:
managedns1.estboxes.com
managedns2.estboxes.com
managedns3.estboxes.com
managedns4.estboxes.com

Latest Whois;-

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: LIVE-PROTECT.COM

Registrant:
Windefender INC Canada
Joe Cravitz (support@windefenderpro.com)
433 Appel Str.
Toronto
ON,H7H3E4
CA
Tel. +416.7639002

Creation Date: 30-Jan-2007
Expiration Date: 30-Jan-2008

Domain servers in listed order:
managedns1.estboxes.com
managedns2.estboxes.com
managedns3.estboxes.com
managedns4.estboxes.com

… I say suprise. Take the name Dmitry Welch as an example. On the offending web-site above it states:

“Dmitry is the Founder and CEO of Live-Protect. As CEO, he is responsible for developing the overall vision, strategy and product roadmap for the company.”

That isn’t the only site which has the above quote on. It’s also on Sysrergistry.com and RegMagic.com. Click on those links, they all relate to Estdomains Inc. And also, to no suprise, a different registrant address appears. Plus they registerd on the same day.

(Click to Enlarge)

(Click to Enlarge)

(Click to Enlarge)

If you clicked on those images you can clearly tell that on the company/contact pages it has the same statement about who works there and what they do. For comedy value they also ask you to communicate via IM … lol

So what do you think about this? Tell us here. You can also receive help in our forums if this has affected you. Or if english isn’t your first language, visit asap for a wider choice.

Removal Guides;

• Our removal guide for System Live Protect
  

(Thanks goes out to nosirrah, suzi and several other for this)

Update - They clearly don’t like us and are changing the whois alot.

The Julie Amero case was probably the stand-out case over recent years about computer security. Many bloggers, including me, watched the case develop with great interest. Even with the recent events of a new trial. But like many people in the same field as me, we always wonder how we can prevent such a thing. If not in the first place but for the future.

What happened to Julie could easily be you! Cases like this could happen again. So let’s enter something that may prevent future cases, The Julie Group.

This group/blog brings many experts together from a wide range;

“Our purpose here is twofold: First, to bring attention to those situations where injustice is being done through the misuse or misunderstanding of computers and computer forensics; and second, to prevent future injustice wherever we are able.”

I recommend everyone to bookmark it & read what some of the contributors have to say. If you have a suggestion or comment about this, let us know so we can pass it on.

Back in December we reported about a new rogue, ContraVirus. Since then we have added a removal guide for you to follow.

ContraVirus has been making the rounds again lately after being used for another exploit. This time through hacked .edu sites. Sunbelt pretty much nail it on the head.

Links - Removal Guide for ContraVirus - HijackThis Forum to get help in - Forum Discussion Topic

As more info comes we will update posts, articles accordingly.