Welcome to this weeks round-up. All articles in the NewsBot Centre are imported from blog and site feeds from the world of security and technology. This weeks top articles are:

• Bing is live!
• Microsoft unveils new controller
• Malware SPAM: 123greetings.com card – bizzi11.zip
• Malware SPAM: Outlook Setup Notification – micr__outlook_update_6556.zip inside Outlook Setup Notification.zip
• Twitter hit with rogue anti-virus scam (Follow @Securitycadets)
• Windows 7 release date announced
• FTC Sues, Shuts Down N. Calif. Web Hosting Firm
• Google Chrome Out for Mac and Linux – Just Don’t Download It

There are more articles located within the NewsBot Centre. You can also add your feed to our NewsBot should you wish, details about it can be found here.

Welcome to this weeks Sunday NewsBot. All articles in the NewsBot Centre are imported from blog and site feeds from the world of security and technology. This weeks top articles are:

• Ask brings back butler Jeeves
• Stopbadware delists CyberDefender as badware (Read our take on this)
• BBC iPlayer goes high definition
• PCWith.org software bundles their program with Rogue software PC MightyMax 2009
• Zango in transition to Blinkx
• Net security, Windows 7 and Conficker under scrutiny
• Microsoft, HSBC, Sony, Coca-Cola(…) New Zealand hacked
• Yahoo pulls the plug on GeoCities
• ShuURL: A Safe URL Redirection using Web of Trust
• Malware SPAM: WorldPay CARD transaction Confirmation – WorldPay_NR9712.zip
• Windows 7 Release Candidate

There are more articles located within the NewsBot Centre. You can also add your feed to our NewsBot should you wish, details about it can be found here.

First there was SmitFraudFixTool and then VundoFixTool came onto the scene. What do all these have in common?

… Well, they all imitate legit removal tools for malware. And probably created to gain financial advantages from the traffic the original tools get.

This time they have released another version called ComboFixTool which imitates the legit tool ComboFix.

Make no bone about it. SmitFraudFixTool, VundoFixTool and now ComboFixTool are the fake applications here. Not SmitFraudFix, VundoFix or ComboFix.

What is funny at the time of me writing this is that the offending domain has not been updated. Nor has it’s download. Example below:

(Click to Enlarge)

Another twist on this story are the comments we’ve been getting from the last product this gang released. A victim has claimed to even get a refund on the amount of money they had spent before realising it’s practices from our articles. They’re also receiving help in our support forums.

A discussion has started about ComboFixTool over at BleepingComputer.com. And it’s safe to say that exploiting ComboFix is a dangerous prospect. You should never use the legit tool without supervision due to the nature of it. So when this fake application comes along, the impression it has could well affect this area of ComboFix and possibly push users into confusion.

We have procedures to help you with this kind of problem. Our forums have experts in place to assist you and will provide step-by-step help freely in removing it:

• Malware Removal Assistance with an Expert

Update (29/03/2009 – 17:41 PM – BST) – Offending URL’s are combofixtool.org and combofixtool.com. Both sites still not updated with graphics and download.

Update (31/03/2009 – 20:40 PM – BST ) – Both offending URL’s are now down – Result

Selective Linkbacks;

• Dell Forums – ComboFixTool – What’s that all about?
• Forum Linkback- ComboFixTool – What’s that all about?

This weeks Sunday NewsBot marks it’s first anniversary. We started this venture all the way back in March 2008 and the first article was a Microsoft Security Advisory (950627) article. Let’s hope this is the start of many more.

All articles in the NewsBot Centre are imported from blog and site feed from the world of security and technology:

• WinPatrol 2009 (V16.0.2009) is here! (or Introducing WinPatrol 2009)
• Massive Profits Fueling Rogue Antivirus Market
• Twitter growth explodes in a year (Follow us on Twitter @Securitycadets)
• Passwords of Comcast Customers Exposed
• StopBadware and Consumer Reports launch BadwareBusters.org
• Symantec decides to disable Ask.com Search (Aka Safe Search) by default
• Quite a long thoughts by Symantec customer regarding Ask.com in Norton installers
• Google’s pictures of UK go live
• Microsoft launches latest browser
• Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5k
• FTC urged to investigate security of Google services
• Antivirus2009 Holds Victim’s Documents for Ransom
• IE8 issues if immunization by Spybot-S&D is enabled
• Rogue Antivirus Distribution Network Dismantled
• Ad-Aware SE Updates Discontinued

We hope you have a great remaining Sunday wherever you are. There are more articles from the last eight days or so. Just visit the NewsBot Centre for more.

You can add your feed to our NewsBot should you wish, details about it can be found here.

A few weeks ago I was sat here telling you about a legit tool being targeted. SmitFraudFix was the target and the rogue created was SmitFraudFixTool.

This week another legit tool got targeted.

VundoFixTool

Popular removal tool for the infection Vundo, VundoFix, has been around for a long time. And for the time it’s been here, it’s done a lot of good.

You could say now it’s been a target itself, it’s a compliment. However this won’t help the fact it will fool general members of the internet. That is offcourse one of the reasons it was targeted.

Like SmitFraudFixTool, VundoFix Tool is the fake here. Which also happens to be a copy of MalwareRemovalBot.

We have procedures to help you with this kind of problem. Our forums have experts in place to assist you and will provide step-by-step help freely in removing VundoFixTool:

• Malware Removal Assistance with an Expert

Misc. Links:

• Forum Mirror – VundoFix also gets imitated: VundoFixTool

Have you ever made a removal tool which has become the most popular tool in removing rogue anti-spware programs and variants from rogues on the internet? Then only to have it rogue’d? No, you say? Well …

… Popular removal tool SmitFraudFix (which we mirror) has this week been rogue’d. Enter … SmitFraudFixTool

The above is the GUI of the fake anti-spyware program in question. Which is carbon copy of MalwareRemovalBot (also a rogue).

The author of SmitFraudFix brought this one to my attention on his personal blog. I followed up enquiries with the author about this rogue. And when asked what he thought of his tool being targeted he had the following to say:

“It’s not the first time that rogues are using real tools names to deceive final users. Spyware Warrior list has got a lot of some. But it’s the first time for SmitfraudFix. What a nice GUI!”

“I was really deceived. But when a legit tool is copied, this also means that it is well known. Should I be happy and/or proud of being targeted? I’m not. First feelings are passed. It’s funny, and I’m waiting for the next rogue.” - S!Ri.URZ

My main concerns when rogues like this come out and target legit tools is that it’s there to deceive computer users. Off course it is. Which is why we are posting about this. But you have to remember that SmitFraudFix and SmitFraudFixTool are not from the same author and the latter one is the fake.

We have procedures to help you with this kind of problem. Our forums have experts in place to assist you and will provide step-by-step help freely:

• Malware Removal Assistance with an Expert

Or follow the self-help removal guide:

• How To Remove SmitFraudFixTool (removal instructions)

Misc. Links:

• Forum Mirror – SmitFraudFix gets imitated into a rogue dubbed SmitFraudFixTool
• Digg it also at Digg.com

Update:- We’ve changed the title of this article as the previous title may suggest to some that we implied SmitFraudFix became a rogue itself. This is not the case. The URL has also changed.

Another rogue, of many, has been making the rounds on the internet. This one is called MS Antispyware 2009.

(Click to Enlarge) Thanks to S!Ri.URZ for the image.

Offending URL for this rogue anti-spyware is the following:

www(dot)msantispyware2009(dot)com

This rogue looks a lot like PestTrap and rogues from years ago. Type that into our search and you will see what I mean.

We do have procedures in place for this rogue. We have a removal guide which you can use or you can seek help with a expert;

• How To Remove MS Antispyware 2009 (removal instructions)

or;

• Malware Removal Assistance with an Expert

With any rogue we blog about, we also mirror the article in our forum for your viewing. You can chat about this rogue there.

NewsBot Round-Up time again. With news generated and pulled from all over the web by our NewsBot Centre in the last week.

• Your site is dangerous Google glitch
• Obama Administration Outlines Cyber Security Strategy
• Gates predicts four-year downturn
• Broadband in every home (in the UK) by 2012
• Blogfight: IE Vs. Firefox Security
• Poisoned Search Queries at Google Video
• Dell and Broadcom fixes BCM42RLY issue on Dell Wireless WLAN 1505/Vista
• UK will not legislate on piracy
• Internet Explorer 8 Release Candidate
• New Rogue -Total Defender (Alongside IE Security)

Want to add your feed to our NewsBot? Details about it here.

A new rogue anti-spyware is making the rounds and it’s a member of the IE Defender crew.

IE Security

(Click to Enlarge)

Installed Message

(Click to Enlarge)

The last image is the window that automatically opens when IE Security is installed. And the offending URL for this rogue is:

www(dot)ie-security(dot)com

With the install coming from 216 240 151 112/ie.exe.

We do have procedures if you happened to have this rogue on your computer. We have a removal guide which you can use or you can seek help with a expert;

• How To Remove IE Security (removal instructions)

or;

• Malware Removal Assistance with an Expert

With any rogue we blog about, we also mirror the article in our forum for your viewing. You can chat about this rogue here or in our forum here (<–Click).

Sources:

• Sunbelt
• S!RI.URZ

… At least that is what researchers believe. According to several sources it now appears the zlob trojan, which was responsible for promoting and installing rogue anti-spyware  applications, will be dumped and not developed further.

A pretty big thing to happen in the world we live in as this trojan was and still is a big force in malware and infection rates. Let’s face it, everyone blogs about the rogues and have removal guides for them. The propaganda is huge.

Our friends at BleepingComputer.com post about this recent development. As do TheRegister.co.uk and Micorsoft.

The author(s) of the trojan appear to have signed off from developing this trojan with messages hidden in the trojan detected by french researchers;

“For Windows Defender’s Team: I saw your post in the blog (10-Oct-2008) about my previous message. Just want to say ‘Hello’ from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast. I can’t sign here now (he-he, sorry), how it was some years ago for more seriously vulnerability for all Windows ;) Happy New Year, guys, and good luck! P.S. BTW, we are closing soon. Not because of your work. :-)) So, you will not see some of my great ;) ideas in that family of software. Try to search in exploits/shellcodes and rootkits. Also, it is funny (probably for you), but Microsoft offered me a job to help improve some of Vista’s protection. It’s not interesting for me, just a life’s irony.”

So is this the end of Zlob? Or, as they stop development of this trojan, the start of a new war with shellcodes and rootkits?

If this is is end of zlob by the owners, I cannot help but think someone else will try to continue it in some form. But if the guys behind it originally move onto other areas, then we’re in for tough times.

What do you think of this? Why not discuss it in the forums. And as always, if Zlob has managed to get onto your system, seek help in our Malware Removal and HijackThis Log forum help.

PS – We are a bit late on this so apologies for that. Nevertheless it is a significant story.

Media Coverage – Bharath’s Security Blog