Security Ticker

Is This Thing Still On? Revisiting Security After 15 Years

2025-07-20T23:09:00.000-07:00

Wow, this blog is still up. Does anyone still use Blogger? What do people use to find out about security stuff now?

Back in 2006–2009, antivirus and anti-malware discussions dominated forums and blogs. Today, the security landscape has evolved significantly. Cyber threats have grown more sophisticated, moving far beyond simple viruses and spyware. Ransomware attacks, data breaches, zero-day vulnerabilities, and phishing campaigns are now commonplace. State-sponsored threat actors bring a whole new level of danger.

I imagine these days people rely on Reddit, but I see BleepingComputer and Wilders Security Forums are still around. My user accounts are still there and I can log into them. I should post something. I'm sure YouTube is also big. Nice to see Krebs on Security is still around. I remember when he was still with the Washington Post.

So, Blogger might feel a bit vintage now, but security is more dynamic than ever. If you're still around or stumbled onto this ancient blog, let me know—how are you keeping your digital life secure these days?

Still Around

2009-08-14T21:12:00.000-07:00

Been lots of updates that I've missed posting about. Been busy with that real world thing. Should be busy soon with Windows 7 and Snow Leopard coming out in the next few months. List of important updates that you should have:

Mac OS 10.5.8
Firefox 3.5.2
Microsoft security updates for August 2009

Lot more, but those are notable. The 10.5.8 update will also update you to Safari 4.0.3 unless you are still using Safari 3.

Windows Security Updates for July 2009

2009-07-14T19:15:00.000-07:00

Patch Tuesday is here. From the Microsoft Security Bulletin, there are six security updates. There are two for the Windows operating system, one for the Microsoft Office system, one for the Windows Internet Explorer browser, one for Microsoft ISA Server, and one for Microsoft Virtual PC.

Most important I believe is the fix for the Internet Explorer Video Active X exploit. Microsoft Security Bulletin MS09-032 patches this one by setting killbits in IE to stop the exploit before it can do anything.

Here are the specific updates:

MS09-032 - addresses a vulnerability in Microsoft Internet Explorer (KB 973346) - This one is mentioned above with the Video Active X issue.

MS09-028 - addresses a vulnerability in Microsoft Windows (KB 971633) - This addresses vulnerbilities in DirectShow that could allow specially crafted Quicktime files to gain the same rights as the current user. Not good if you are logged in as an admin user, like most people are.

MS09-029 - addresses a vulnerability in Microsoft Windows (KB 961371) - Embedded OpenType Font Engine which could allow your computer to be taken over.

MS09-030 - addresses a vulnerability in Microsoft Office (KB 969516)

MS09-031 - addresses a vulnerability in Microsoft ISA Server (KB 970953)

MS09-033 - addresses a vulnerability in Microsoft Virtual PC (KB 969856)

You can see all the gory and boring details on the July 2009 Security Bulletin. Of course, the easy way to get patched against these threats is to go to Windows Update.

Imageshack got Hacked

2009-07-10T20:10:00.001-07:00

Looks like Imageshack left the backdoor of their server open. All images hosted by them are showing the hacked image, but the wording seems to indicate that no pictures were deleted.

Imageshack, one of the web's largest image hosts, was attacked tonight by a movement called "Anti-Sec". The result of the attack has been toreplace all ImageShack hosted images with a manifesto for the movement (below).

Still breaking, see more plus the hacked image at Mashable.

Google Chrome Operating System

2009-07-07T22:46:00.000-07:00

The Google Chrome blog announced just recently that they are planing an operating system. Initially geared for netbooks, but I'm sure there's more in plan. I'm guessing they wpn't target full blown computers for awhile, but this is probably an extension of Android that Google aready has for the cell phone market.

Google Chrome OS is an open source, lightweight operating system that will initially be targeted at netbooks. Later this year we will open-source its code, and netbooks running Google Chrome OS will be available for consumers in the second half of 2010. Because we're already talking to partners about the project, and we'll soon be working with the open source community, we wanted to share our vision now so everyone understands what we are trying to achieve

Google Empire marches on.

Internet Explorer Video Active X Exploit

2009-07-06T20:13:00.000-07:00

Been awhile since Windows had a zero day exploit that would allow the bad guys to take over your computer just by visiting a web site. Got one now. All you need to do is to visit a web site that has been set up to use this vulnerability with Internet Explorer and boom, they got you. Apparently, a flaw in Microsoft directShow( MSVIDCTL.DLL ) lets them do it. It does need to be IE 6 or 7 with Windows XP or Windows 2003. Yay! Vista and presumably Windows 7 aren't affected.

One way to avoid this is to not use IE. Firefox, Opera, Safari and other browsers aren't affected. The bad guys could try to open IE or trick you into opening it, so it's best to the video Active X advisory page and use the fix it button to turn off the part of IE that allows the exploit.

F-secure detects it as Exploit:W32/Agent.LBV. They have a write up and plug for their free beta of ISTP or ExploitShield that also protect you. Also has video link showing them trying to get infected with it and failing.

McAfee detects it as Exploit-MSDirectShow.b and has their write up here that says this has been around since last December and only has become widely know recently.

The Registry key that the Microsoft advisory page modifies is this. Best to not mess around in the registry. Might be more, but I'm not going to list them all.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]

"Compatibility Flags"=dword:00000400

More tech details at Microsoft Security Advisory 972890.

Somewhat new rogue Barracuda Antivirus gets wrath of legit Barracuda Networks

2009-07-01T23:35:00.000-07:00

Another day, another rogue. This time it's named Barracuda Antivirus. I guess they wanted to ride the coattails of the real Barracuda firewall products. As usual, the fake Barracuda Antivirus will pop fake warnings and try to goad you into buying it.

The real Barracuda Networks had this to say:

This rogue ‘Barracuda Antivirus’ program is in no way affiliated with Barracuda Networks and is just one of a string of recent examples of hackers attempting to spread malicious programs using an established and trusted Internet security brand,” said Stephen Pao, vice president of product management for Barracuda Networks.

Barracuda is a successor to AntivirusBest. You can probably get rid of it with Malwarebytes Antispyware using the removal guide at Bleeping Computer for AntispywareBest. Screen shot of Barracuda Antispyware here.

More information about the real and legit Barracuda Networks here. They make hardware products to filter malware and spam for large networks, not really a home consumer solution.

iPhoto update 8.0.4 available

2009-07-01T01:11:00.000-07:00

I don't use iPhoto too much, but it has it uses. There's a nice 103 MB update for it that fixes the issue from the iPhoto 8.03 update that caused iPhoto to crash. You could work around it by holding the Option key and then choosing your library, but what fun was that. I didn't have that problem, but this should help those that did.

Firefox 3.5 final available

2009-06-30T21:14:00.000-07:00

Probably not a secret to most, but the latest version of Firefox is out. A big update, since the version went from 3.0 to 3.5. Most of the changes are underneath, so they aren't readily apparent. I've run it for a few hours and haven't had any issues. Tried doing just about everything you can with a browser and it all went well.

Speed is one thing that Firefox 3.5 is touted as having over the older version. It seems like everyone is touting their new, even faster browser. I do notice that Firefox doesn't compare itself to other browsers like Safari and IE but the earlier 3.0 and 2 versions. Safari is still faster for me going loading new pages, but clicking back to ones in your history, it's still Firefox.

One thing you'll see that is new is the private browsing feature. Safari has had it for quite awhile. Google Chrome launched with it and spread awareness, even getting the nickname "porn mode". Nothing groundbreaking, but handy to have. You can always just clear your private data manually.

Firefox 3.5 does have one thing that no other browser has. It supports some video types natively, without the need for a plug-in or 3rd party add-on. However, it's only the open source Ogg file types. Most things people watch online aren't using this. you can see a demo of a video that also showcases the new features. If web developers make more use of Ogg files, then this could be good. My guess is that it won't mean much until more file types are supported. Wikipedia might be an exception.

Missing is a top sites feature, like Safari and Opera have. You can get it with add-ons for Firefox, but this is becoming a standard feature of these days. I didn't think it was a big deal when Opera had it and then when Safari 4 added it. Once i started using it, it was like tabbed browsing. How did I get by without it before?

Other features include geolocation, the ability to drag tabs to be their own window, and adding a window as a new tab in a different browser window.

Of course there is security. there's a whole list of features listed at the Mozilla Firefox security page. Private browsing and Forget This Site are the new ones listed. Many of the others, like antimalware and antiphising are listed as improved. I haven't tested those two filters, but they are likely to be weak as they have been in all browsers.

You can download Firefox 3.5 at www.getfirefox.com now. The internal updater for Firefox 3.0 doesn't offer it, as of yet.

AVProtection2009 Rogue

2009-06-30T19:13:00.000-07:00

Saw an alert today about AVProtection2009. Like all rogue antispyware programs, it warns users about threats on their computer, which are usually false. It runs a somewhat real looking scan. After the scan, the program will offer to remove the threats if you purchase it.

Not too many details yet except what's at the Panda link above.

SecretService is the latest Rogue antispyware

2009-06-26T17:38:00.000-07:00

SecretService is the latest rouge antispyware product acording to S!
ri. Away from home, so check out his page for more info.

http://siri-urz.blogspot.com/2009/06/secret-service-rogue.html

Airport and Time Capsule Update 7.4.2

2009-06-23T20:53:00.000-07:00

Well, here we go. First update and it's an Apple router one.

Apple released firmware update 7.4.2 for their Airport Base Station and Time Capsule today. Nothing particular for security mentioned, but there are several fixes which are listed as:

Fixes some problems with extending and maintaining connectivity with extended networks
Fixes an issue with clients that enable 802.11 "Power Save"
Fixes connectivity issues with some third-party devices
Fixes an issue when the base station is configured for PPPoE
Fixes some Back To My Mac issues with connectivity and support for third-party routers

You don't have to use an Airport router for a Mac to get online and a Windows computer can use an Airport router. I got a Time Capsule for a good cheap price recently and i like it. It's an 802.11n router, has an internal hard drive for sharing files and has a USB port that you can connect more hard drives and printers to so all my Macs and PC's can easily share files and print.

The wireless range is pretty good. I can turn down the transmit power to 25% and still connect through two outside walls and on the other side of the yard from where the router is.

How to Tell If That Pop-Up Window Is Offering You a Rogue Anti-Malware Product

2009-06-22T20:24:00.001-07:00

One thing I run into often, is how to know if that program that is
saying it can fix your spyware and malware woes is actually any good.
As many have found out, even programs that remove malware can be
malware themselves. The infamous SpyAxe (which started me blogging)
was the first mainstream one. That was 2006. Since then, there have
been many, many that have followed. They usually get onto your system
by tricking you into installing a video codec to watch something.
There's even been some for the Mac. It can be quite confusing figuring
out what is a legit antispyware program and what is a rogue.

Sunbelt has a good piece on how to find out. I'll link to the blog
post since the it's a pdf file. http://sunbeltblog.blogspot.com/2009/06/beginners-guide-is-that-real-anti.html

I command you to rise from the dead

2009-06-22T19:37:00.000-07:00

Since using OS X, it's been no fun to to mess with all the updates for Windows. You don't have to deal with 90% or more of the garbage that affects Windows. This isn't to say Windows is no good. I still use it, but nowhere near as much as I used to. Also add the time it takes to filter out all the spam comments that try to get through when comments are enabled, it became tiresome to update this blog.

While looking for up to date info on the election crisis in Iran, I finally started using Twitter. It really is the way to find out information as it happens. Anyways, it has invigorated me to get back to this blog. Tried a few times, so let's see what happens and where it goes.

Oh, Windows 7 certainly has renewed interest in Windows. Running the release candidate and it's looking good.

Antivirus 360 Replaces Antivirus 2009 As New Rogue

2008-12-11T06:16:00.000-08:00

The Vundo trojan is now using Antivirus 360 in it's effort to scam money out of victims. The name is play off of Norton 360 it appears. Like all rogue antispyware products, the malware that found it's way on your computer is from the same group that is trying to sell you the solution.

Antivirus 360 removal guide found Bleeping Computer. Hijackthis log symptoms and files:

O4 - HKCU\..\Run: [13376694984709702142491016734454] C:\Program Files\A360\av360.exe

c:\Program Files\A360
c:\Program Files\A360\av360.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
%UserProfile%\Desktop\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360
%UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Help.lnk
%UserProfile%\Start Menu\Antivirus 360\Registration.lnk

Spywareinfo Domain Now Linking Rogues

2008-12-09T04:02:00.000-08:00

The domain spywareinfo.com once was one of the main sites to help with stopping spyware and helping people remove spyware. Once a good source of information and news, it began a slow decline in 2006 when the owner Mike Healan disappeared from the net for personal reasons. The domain was bought recently and is now hosting links to undesirable removal programs, including Antivirus 2009.

Spywareinfo's legacy still lives on. The forums were moved to their own domain and can be found at spywareinfoforum.com . An archive of the old spywareinfo site can be found at spywareinfoforum.info. While archive of spywareinfo is mostly old and out of date, the forums are current , up to date and a good place to go if you need help.

More on the change of ownership of spywareinfo:

Warning at the spywareinfoforum site.

DSLreports security forums discuss the change.

Analysis of the new links.

Need An Update

2008-12-07T00:26:00.000-08:00

My poor blog is almost dead. Silly work and real life keeping me from updating it.

Is your Computer running slowly?

2008-09-13T22:39:00.000-07:00

Whoops, three months went by without a post. Oh well, no time like now to get back to it.

Malware Removal just put up a page to help with keeping your Windows computer from slowing down and what you can do to keep it from slowing down.

We get a lot of people coming here complaining of slow running computers, and posting HijackThis logs for us to look at. They suspect that an infection is causing their problem. In a great many cases, Malware is not the cause of the problem, and a few simple procedures are all that it takes to resolve things.

Is your Computer running slowly

AntiSpyCheck Rogue Program

2008-06-11T22:17:00.000-07:00

AntiSpycheck is a new rogue spyware program. It's installed by the zlob trojan, giving fake alerts that try to get you to purchase it. The zlob trojan disguises itself as a video codec that is supposedly needed to view a video. It really installs spyware to make fake alerts and installs AntiSpyCheck to trick you into buying it.

Here are some lines from Hijackthis that you may find if you are infected:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll
O2 - BHO: 514852 helper - {9420D9C5-E151-4D83-B9A6-27DE1A7A0E5F} - C:\WINDOWS\system32\514852\514852.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O22 - SharedTaskScheduler: campaniform - {5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f} - C:\WINDOWS\system32\kfcpnd.dll

Here are some files that you my have if you are infected with this trojan:

c:\Program Files\AntiSpyCheck
c:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
c:\Program Files\AntiSpyCheck\IEWarning.dll
c:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru
c:\Program Files\NetProject
c:\Program Files\NetProject\sbmdl.dll
c:\Program Files\NetProject\sbmntr.exe
c:\Program Files\NetProject\sbsm.exe
c:\Program Files\NetProject\sbun.exe
c:\Program Files\NetProject\scit.exe
c:\Program Files\NetProject\scm.exe
c:\Program Files\NetProject\scu.exe
c:\WINDOWS\system32\kfcpnd.dll
c:\WINDOWS\system32\514852\514852.dll

For full details and a free removal guide, take a look at Bleeping Computer's AntiSpyCheck Removal Guide.

Internet Explorer Flaw Plus Safari Equals Trouble

2008-06-02T17:54:00.000-07:00

An undisclosed vulnerability in Internet Explorer, combined with exploiting Safari for Windows' ability to download files without being prompted, apparently allows the bad guys to take over Windows. This affects XP, Vista and IE versions 6 and 7. The unnamed Internet Explorer bug has been around for awhile. Combined with the Windows version of Safari, where files can be downloaded without an option to prompt before doing so, the flaw can be used to take over Windows, reports Aviv Raff.

The flaw in Internet Explorer uses the calculator program in conjunction with Safari for Windows to make two moderate vulnerabilities into a critical one. Microsoft has issued a bulletin, but it doesn't really say too much. Even if Microsoft patches IE, there's still Safari's "carpet bomb" issue that can allow unwanted downloads. Right now, Apple doesn't appear to want to fix this. Simply adding the option to prompt for all downloads before doing the download would help prevent this. Stopbadware wrote on their blog to urge Apple to do so.

You have to visit a specially crafted web page for this exploit to work. So it is not an all out fiasco. So far, there is not a known use of this problem. Right now, the only guaranteed fix to prevent this is to uninstall Safari for Windows. This may not be a bad idea, since there could be more bugs like this that can be exploited in Safari for Windows, said Raff in an interview with Macworld.

Service Pack 3 Available On CD

2008-05-29T23:02:00.000-07:00

For those who are not on a good Internet connection or one where you are limited in bandwidth, you can get Service Pack 3 on CD now. You can also download a disk image or stand alone installer, which you can use to take home or save for a re-install. Having SP 3 available will help if you do need to re-install, so you won' have to go online and expose yourself to the evils of the Internet. You can check it out on Microsoft TechNet.

Mac OS 10.5.3 for leopard, Security Update for Tiger

2008-05-28T22:23:00.000-07:00

A few hours ago, Apple made the 10.5.3 update available on Software Update. There's lots of changes and fixes in this one. If you have 10.4 Tiger, you do get a nice set of security updates so you don't feel left out.

The 10.5.3 update details can be found at Apple. The kbase article mentions inprovements or fixes for: Address Book, Automator, Airport, iCal, iChat, Mail, Parental Controls, Spaces, Time Machine and voice Over. I also noticed changes to Back to My Mac and Finder.

For BTMM, there is now a red, green and yellow indicator for the service. I think it is just checking connectivity to the BTMM servers and successful login. I'm behind a crapy Linksys router that doesn't like to keep UPnP on, but I get a green light. So I can see the other mac, but connections still fail, as should since Universal Plug n Play isn't on.

Finder now has a more accurate display of uploads to network drives, like iDisk. It used to sit on the closing file and would stay there until the file was finished uploading. That could be another 20 minutes or longer. Now it displays a rough estimate of the time remaining in the upload.

If you have Tiger or haven't updated to 10.5.3, then you still want to use check updates for Security Update 2008-003. Updates include AFP Server, Apache, AppKit, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, Common Unix Printing System (CUPS), Flash Player Plug-in, iCal, LoginWindow, Mail, Wiki Server and more.

I installed 10.5.3 and had no problems. It was faster than the 10.5.2 update. So far, I'v only seen the usual people who seem to have trouble with every update complain. I see no reason to hold off of this set of updates.

Spyware Doctor False Positive Flags Part of XP Service Pack 3

2008-05-24T20:16:00.000-07:00

Apparantly, Spyware Doctor may be detecting Rundll32.exe as having Trojan-Spy.Pophot.WX. The latest update, 5.09900, should fix this. In any event, you should run Spyware Doctor's Smart Update t be safe.

MacWindows

2008-05-23T23:53:00.000-07:00

Since moving to Mac from Windows, it's been quite refreshing not having to keep multiple security programs running and updated. Sure, I still have several Windows machines here and have used them, but not so much anymore. Now that I have VMWare Fusion on my iMac with a 2.8 GHz Core 2 Duo, 4 Gigs of RAM, and 24 inch screen, I can run them all. Now I need to get a 2nd display so I can run Windows Full screen side by side with OS X. I've got XP and Vista and can run them at the same time :) Though Aero won't work while I am running it in virtual machine. I can reboot to Vista using Bootcamp and Aero will pop on.

Anyways, with all the Windows going on, I'll need to keep up with the security stuff and will get back to updating here more. I haven't decided what changes there'll be, but I think a real template for this blog is past due. One thing to think about is what to display in updates. Most security programs these days have so many updates with similar names, that it's hard to pick out what it means. It used to be simple. A Look2Me here, a Vundo there and whatever the Zlob trojan was calling itself this week.

I'll see what i can come up with.

Spybot Search & Destroy May 21st

2008-05-23T23:48:00.000-07:00

2008-05-21

Keylogger
+ KGBKeylogger ++ KGBKeylogger.REFOG ++ SmartPCKeylogger

Malware
++ AntiSpyCheck ++ BugDoctor + ConOpt.BHO (3) ++ DeusCleaner ++ DoctorCleaner ++ EliteProtector + ErrorDoctor + FakeAlert.cc ++ LiveAntispy ++ MalwareDestructor + MyNetProtector ++ PCSleek.FreeErrorCleaner + Smitfraud-C. ++ Spyburner ++ SpyKill + Trojan-Guarder + Vario.AntiVirus + Win32.BHO.je + Win32.Renos + WinSpyKiller + Worldsecurityonline.FakeAlert

PUPS
++ SpyPry

Security
+ Microsoft.Windows.AppFirewallBypass

Trojan
+ Smitfraud-C.MSVPS + Virtumonde.ddc ++ Win32.Agent.abd ++ Win32.Agent.ark ++ Win32.Agent.byc + Win32.AutoRun ++ Win32.Delf.bj ++ Win32.Friendown + Win32.PcClient.agu + Win32.Small.ih

Total: 609774 fingerprints in 159642 rules for 3951 products.

http://spybot.info/en/updatehistory/index.html