Sunbelt Blog have reported that the Bank of India website has been seriously compromised.

This was reported several hours ago and the safety of the site is still unknown. The Malware reported by Sunbelt being served by infected bankofindia.com are as follows:

Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz
Trojan-Proxy.Win32.Xorpix.Fam
Trojan-Downloader.Win32.Agent.ceo
Trojan-Downloader.Win32.Tibs.mt
Trojan-Downloader.Win32.Agent.boy
Trojan-Proxy.Win32.Wopla.ah
Trojan-Proxy.Win32.Wopla.ag
Rootkit.Win32.Agent.ea
Trojan.Pandex
Trojan-Proxy.Win32.Cimuz.G
TSPY_AGENT.AAVG (Trend Micro)
Trojan.Netview

This is an ongoing alert and we strongly advise you avoid visiting the site despite having a fully patched browser. It’s just common sense.

To keep fully updated please make sure you visit the blog post about this compromise at SunBelt (<—- click there). Of course we will keep you updated about this in our forum and on this blog. Join the dabate in our forum!

Update: The site in question appears to be clean now. According to SunBelt the hack was related to the Russian Business Network (RBN) criminal gang.

Microsoft formally announced the long-awaited and widely speculated Service Pack 1 (SP1) for Windows Vista today as “Evolving Approach to Servicing the Windows Platform.” SP1 will be released to a small group of beta testers within the next several weeks. From there, testing will expand, with the release of SP1 expected in the first quarter of 2008.

If you have been holding off getting a new PC or an upgrade until the release of SP1, you will see from the information below, that although SP1 will provide improvements, it should not be compared to Windows XP SP2. Windows Vista is already a secure and stable operating system. So, why wait? See if your computer is ready with the Windows Vista Upgrade Advisor.

What is your opinion of SP1?  Discuss it in our topic here at Security Cadets.

In a PressPass interview of Jon DeVaan, senior vice president of the Windows Core Operating System division at Microsoft, Mr. DeVaan characterized SP1 this way:

“DeVaan: I should start by saying that one thing people shouldn’t expect to see is new features, although some existing components and features will be enhanced. For example, we’ve added support in BitLocker Drive Encryption for encrypting multiple volumes on the PC, and have improved printer management by simplifying printing to a local printer from within a Terminal Server session. Service packs typically are not vehicles for new features, and the same will be true with Windows Vista SP1.

Windows Vista SP1 will contain changes focused on addressing feedback from our customers across a number of areas. In addition to all the fixes delivered via other channels like Windows Update, Windows Vista SP1 will address specific reliability and performance issues that have been discussed on many self-help forums, such as copying files and shutdown time. It will support new types of hardware and emerging standards, like EFI (Extensible Firmware Interface) and ExFat (a new file format that will be used in flash memory storage and consumer devices). It will also include some management, deployment, and support improvements, such as adding the ability to detect and correct common file sharing problems to Network Diagnostics. Windows Vista SP1 also will include Secure Development Lifecycle process updates, where we identify the root cause of each security bulletin and improve our internal tools to eliminate code patterns that could lead to future vulnerabilities.

As we’ve done in the past, we will document all of the changes through our support.microsoft.com site in a Knowledge Base article, which will be available around the time the beta is released.”

SP1 will include an enhancement to some features and existing components, including support in BitLocker Drive Encryption for encrypting multiple volumes on the PC. However, Microsoft is not waiting for SP1 to deliver updates to customers. For example, yesterday, Microsoft released two updates to improve performance and reliability, KB 938194 and KB 938979. In addition, through the cooperation of vendors, Microsoft has been better able to provide driver updates via Windows Update.

The information below from the Windows Vista Service Pack 1 Beta White Paper, describes many of the security, reliability, and performance improvements that will be in Windows Vista SP1.

“Security

Security improvements that will be in Windows Vista SP1 include:

• Provides security software vendors a more secure way to communicate with Windows Security Center.
• Includes application programming interfaces (APIs) by which third-party security and malicious software detection applications can work with kernel patch protection on x64 versions of Windows Vista. These APIs help ISVs develop software that extends the functionality of the Windows kernel on x64 computers without disabling or weakening the protection offered by kernel patch protection.
• Improves the security of running RemoteApp programs and desktops by allowing Remote Desktop Protocol (RDP) files to be signed. Customers can differentiate user experiences based on publisher identity.
• Adds an Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNGs in Windows Vista.
• Enhances BitLocker Drive Encryption (BDE) to offer an additional multifactor authentication method that combines a key protected by the Trusted Platform Module (TPM) with a Startup key stored on a USB storage device and a user-generated personal identification number (PIN).

Reliability

Windows Vista SP1 will include improvements that target some of the most common causes of crashes and hangs, giving users a more consistent experience. Many of these improvements will specifically address issues identified from the Windows Error Reporting tool. The following list describes some of the reliability improvements that Windows Vista SP1 will include:

• Improved reliability and compatibility of Windows Vista when used with newer graphics cards in several specific scenarios and configurations.
• Improved reliability when working with external displays on a laptop.
• Improved Windows Vista reliability in networking configuration scenarios.
• Improved reliability of systems that were upgraded from Windows XP to Windows Vista.
• Increased compatibility with many printer drivers.
• Increased reliability and performance of Windows Vista when entering sleep and resuming from sleep.

Performance

The following list describes some of the performance improvements that Windows Vista SP1 will include:

• Improves the speed of copying and extracting files.
• Improves the time to become active from Hibernate and Resume modes.
• Improves the performance of domain-joined PCs when operating off the domain; in the current release version of Windows Vista, users would experience long delays when opening the File dialog box.
• Improves performance of Windows® Internet Explorer® 7 in Windows Vista, reducing CPU utilization and speeding JavaScript parsing.
• Improves battery life by reducing CPU utilization by not redrawing the screen as frequently, on certain computers.
• Improves the logon experience by removing the occasional 10-second delay between pressing CTRL-ALT-DEL and the password prompt displaying.
• Addresses an issue in the current version of Windows Vista that makes browsing network file shares consume significant bandwidth and not perform as fast as expected.

Administration Experience

Many of the changes in Windows Vista SP1 will improve the deployment, management, and support experience for Windows Vista customers. The following list describes some of these enhancements:

• BitLocker Drive Encryption encrypts extra local volumes. For example, instead of encrypting only drive C, customers can also encrypt drive D, E, and so on.
• Addresses problems with printing to local printers from a Windows® Terminal Services session.
• The Network Diagnostics tool will help customers solve the most common file sharing problems, in addition to the basic problems that it already diagnoses.
• Administrators can control the volumes on which to run Disk Defragmenter.”

References:

• Microsoft Knowledge Base Articles: KB 938194 and KB 938979
• PressPass: Microsoft’s Evolving Approach to Servicing the Windows Platform
• Windows Vista Team Blog: Announcing Windows Vista Service Pack 1 Beta
• Wiindows Vista Team Blog: Windows Vista Service Pack 1 Beta White Paper
• Microsoft: Windows Vista Upgrade Advisor

Remember – “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

There was a brief outage Friday evening into Saturday (24-25 August 2007) of the Microsoft Windows Genuine Advantage (WGA) server where Windows Vista validations were failing on genuine systems. The issue has been resolved and anyone affected needs to re-validate, followed by a shutdown/restart to ensure the genuine features have been restored.

Windows Genuine Advantage blog post:

“We’ve been receiving reports on our forum and through customer service starting last night that Windows Vista validations have been failing on genuine systems. It looks now as though the issue has been resolved and validations are being processed successfully.

Customers who received an incorrect validation response can fix their system by revalidating on our site (http://www.microsoft.com/genuine). We encourage anyone who received a validation failure since Friday evening to do this now. After successfully revalidating any affected system should be rebooted to ensure the genuine-only features are restored.”

We hope you didn’t run into this problem.  Discuss Windows Vista Validation problems in our fourm.

Corrine

Remember – “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Remember when we blogged about the whole “double v scam”? Where some braniac started to set up domains thinking “vv” will fool internet users it’s a “w”?

…Well this time it’s not windows that was the target. Bring in Western Union. The domain that was brought up to think it was Western Union is:

wumt(dot)vvesterunion(dot)us

Go read all the juicy details over at the SunBelt blog because I said so! Then tell us what you think about it!

That’s right folks, AOL® Active Virus Shield is no more.

If you remember I posted a review of Active Virus Shield just over a year ago. Now a year later it’s gone. It actuallty went a few weeks ago and this is the first time I’ve manged to inform you guys about it.

They will now be offering McAfee® Virus Scan Plus-Special edition from AOL.

I won’t be holding a review of this one due to lack of time. However if you think the new one is good or bad, tell us. We’d like to know.

Security Cadets can happily announce the arrival of new support forums.

Two new forums have arrived. One for Windows support and the other for Hardware support. These new forums do not offer any security based advice, but only windows and hardware advice.

Windows Support forum:

• Offers support for all windows platforms from Windows 98 upwards

Hardware Support forum:

• Offers support for computer Hardware

Both forums, which are in the PC Help and Questions category, are led by a special PC Help Team so you get the best advice possible.

Spread the word and use the forums we provide. If you don’t ask, we cannot advice and support. Tell us what you think in our forum announcement.

Links:- PC Help & Questions – Click here to take you directly to the new forums

… Well the ones who link to articles from this blog or topics in our forum. I know there are a few of you from the stats.

Please contact me as I wish to chat to you in detail on items you can help me and the wider internet with. Due to the lack of time I cannot possibly sit and send e-mails at present.

To those not involved with the UK media, something kick-ass may be coming soon. :)

Ever since we highlighted companies or fake people spam on security forums about either their product or service, it’s been in the public eye alot.

Smaller cases come to light which may have been swept aside before and the bigger ones get plastered all over the internet as the ‘next big war‘. But what suprised me the most was someone or an individual using a tag named after a big security vendor.

… Enter, “McAfee 2008“. Only six or five months out of cycle, but still nevertheless showing how spammers want to get ahead of the game.

(Image by PaperGhost, aka Chris Boyd – Click to Enlarge)

As you can see the user is posting about a Beta project. This user tends to post the same message about three to four times. Maybe it’s done from an automated program, who knows.

Their e-mail however, according to PaperGhost, is leading to a still-not-ready “PR Company” or whatever they are, operating out of a PO Box.

If you’re a forum owner I would just be aware of this spammer and take appropiate action. McAfee have been contacted, but as of yet no reply. Discuss this matter in detail here.

Ever since I started in the ‘security area‘ I have come across many people, companies and individuals. Some are an outstanding asset to this industry. Others just need a kick up the ass and set straight. And the bad need to be taken away from the internet full stop.

When I first started reporting about spammers on security forums, which involved Enigma Software Group at the time, I never imagined they would react as they did. We all know about the discussions at SpywareWarrior and what I managed to set straight when it came to their affiliates. And from that point we got something done about their ethics and affiliate practices. Basically some good managed to come from it.

… however what I find strange is accusing this site and others who they classed as direct “competitors” and then months later use these sites as a reference on malware.

(Click to Enlarge)

This was taken a week or so ago. In fact it’s still the same today. So you’re probably thinking what my point is. Well it’s simple …

I don’t want to act as a reference point by a company who months before accused us of being some big competitor. You can’t have ones cake and eat it.

Fine, argue your point about spamming on forums and your ethics, but don’t try and benefit from it by linking back to this site, the site you accused.

I did do something about it, I mailed the CEO of Enigma twice in as many months. So far no response. So this article is basically my next step as this cannot happen.

The above example in the image is also for Pest Capture and others. Ironically what has happened since I mailed the CEO is that the front page of this affiliate has changed somewhat. It has small description paragraphs of malware and a direct link to ESG’s software. However the pages are still in the search engines, although not directly linked in the home page.

…Final words, Enigma still need to look at how their affiliates work, how they work as a company and realise you cannot one week accuse certain communities and then happily use those communities as a positive way in order to benefit.

We also request all links to this site from any Enigma sites and affiliate sites to be removed.

Update – Our links have now been removed from the raised afiliate site in this article.