Security news and information

There is currently an unpatched vulnerability in Internet Explorer that can allow a web site to install software on your computer.  This vulnerability can only affect you if you visit a site that is running one of these exploits.  Spam, though, has been found that is acting as lure to have you visit one of these sites.

Websense has a released an alert stating:
“Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites. These e-mail messages contain excerpts from actual BBC news stories and offer a link to “Read More”. Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail. This website exploits the unpatched createTextRange vulnerability and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker.”

So if you receive an email about stories found on the BBC’s website, do not visit these links.  Instead discard these emails and instead go to the BBC’s website manually by typing its address in your web browser.  That way at least you know you are going to the correct site rather than a forged one.

Tags: No Tags

If I could hazard a guess, I would say the vast majority of people who surf the web have at one time or another received a popup stating that they are infected with a trojan and to click on the popup to remove it. Want my advice? DO NOT CLICK ON THE POPUP!

The majority of these popups are for antispyware and antivirus software that are of low quality and are not actually able to remove much of anything. These popups are just a scare tactic. Popups are just small bits of html that are displayed in a small window when you visit a page.  The warnings in these popups are just as valid as a stranger calling you on the phone and stating your computer is infected.  How do they know?  They don’t!

For those that may have inadvertantly downloaded one of these products you will find that they will list a whole slew of infections while other more quality products, like the ones listed in the previous entry, state that you are clean. This is done purely as a scare tactic in order to push you into purchasing their product. Go ahead and uninstall the software as it is probably just wasting space on your hard drive.
Be careful on the Internet. Do not click on popups and do not believe what they say. Your computer will stay that much cleaner that way.  If you are in the need of a legitimate and quality antispyware application then you can see the ones listed in the following links:

Diamonds in the Rough
Antivirus and Antimalware Resources

Tags: No Tags

How many of you have received emails in the past stating that there was a file that was a virus and that you had to delete it. Or an email saying you would get paid by Microsoft 10 cents for every person you send an email to and who they send it to? Ok. You can all put your hands down.

These types of emails are common. We all get them. Some are spam, some are forwarded over by friends and family, but ultimately we are reading them and wondering if the information is real or a hoax. You may be wondering why I am bringing this up in a security blog? Quite simply because sometimes these hoaxes tell you to do something to your computer or delete a file that you shouldn’t.

For example the famous JDBGMGR.EXE computer hoax that my family still sends me from time to time after they deleted the file. This hoax states that you have a virus on your computer called JDBGMGR.EXE and that you should delete it. Here is a brief snippet:

“The name of the virus is jdbgmgr.exe and is transmitted automatically through the Messanger and addresses book of the OUTLOOK. The virus is neither detected by Norton nor by Mc Afee. It remains in lethargy (”sleeping”) for 14 days and even more, before it destroys the whole system. It can be eliminated during this period.”

This information is completely false. JDBGMGR.EXE is actually a legitimate file used by JAVA developers in Windows. Don’t worry if you deleted this file, though, as it is only really used by programmers. In your panic that there is a virus on your computer, how are you supposed to know if this is true or not?

There is a great site called Snopes that lists all of these types of emails and tells you if they are hoaxes or reality. Not only does it list computer hoxes, but it lists hoaxes and urban legends from every category. So check it out and do your research before you believe and follow the instructions in an an email.

Tags: No Tags

Anti-Spyware apps are a dime a dozen. Don’t believe me? Just type anti-spyware or spyware in google and see what I mean. There are hundreds of individual anti-spyware programs out there to choose from and you, the consumer, have to pick the right one that will be able to keep you safe and secure. Does not sound easy does it? It isn’t. This is a common problem we see in the forums. People are duped every day into purchasing what we call a rogue anti-spyware application, or an application that entices you into purchasing it through deception or other methods.

The reality is that out of these hundreds of programs, there are really only a small amount that are really considered top-notch, legitimate, and worthy to use. The rest are programs that are classified as rogue anti-spyware applications. Some of the criteria used to add an application to this category are programs that:

• Do not do a good job detecting and removing the malware
• Install adware, spyware, or malware (Yes there are anti-spyware apps that actually install spyware!)
• Hijacks users desktops or browsers to display information without permission.
• Installed through adware or other malware.
• Adveritised via adware or spyware
• Installed without a user’s consent.
• Uses false, deceptive, or misleading scan results to scare you into purchasing the full commercial version.

A full list of rogue anti-spyware applications can be found at SpywareWarrior.

I have included a list, by no means complete, of spyware removal tools that I consider to be quality and trustworthy below. If you have spyware installed, or just want a good scanner on your system, then you can trust any of the ones below. Most of them also include a trial period and some are even free!

Ad-aware - Free personal version!

Pest Patrol

Spy Sweeper

Spyware Doctor

Windows Defender - Currently in development but available for free

Spybot Search & Destroy - Free!

ewido anti-malware plus
CounterSpy

Tags: No Tags

Remember the wide spread infections of SpyAxe, SpyFalcon, and SpywareStrike?  Now there is a new rogue-antispyware application out from the same developers called SpywareQuake.  SpywareQuake uses the same method of installing a Trojan, c:\windows\system32\stickrep.dll, on your comptuer that issues fake security alerts as a fear tactic to make you purchase their commercial version of the program SpywareQuake.

This is a scam!  No other way to put it.  If you are infected with this application do not be tricked into purchasing the full version.  Instead you follow the instructions we have put together on removing the infection for free.  The removal guide can be found below:

How to remove spywarequake

Tags: No Tags

Our friends at Spyfalcon have decided to use a new file to infect your machine and display the fake taskbar alerts. This file is:

C:\Windows\System32\ginuerep.dll

The removal guide at How To Remove Spyfalcon has been updated t reflect this new file. This file can not be removed in regular mode or in safe mode without first running the reg file found in the above guide.

Other methods to delete it are to killbox the file or rename it and reboot. Killboxing should delete it and renaming it will make it inactive a reboot.

A big thanks to the scumbags over at Spyfalcon for bringing us this new file!

Tags: No Tags