Computer Security Articles

Every week or even day we see new vulnerabilities popping up in all software packages which we use daily: In the operating system (Windows, Mac, Linux), PDF Readers, Web browsers, Mail clients, Office suites, and so on. It is critical to install the available updates for all these software packages in order to not become a victim of malware and online fraudsters.

A neighbour of mine without any IT knowledge asked me some time ago why she should update her programs when everything works perfectly for her and she doesn’t need other features from that software? She was using her rather old laptop running Windows 95 only for casual browsing and basic email communication. She didn’t have an antivirus solution installed because it was slowing down the laptop significantly. IE6, Outlook Express and Notepad were everything she ever needed and used. She never heard of Facebook, Twitter, instant messaging or drive-by-downloads.

When I am confronted with such a situation where it doesn’t make any sense to explain the dangers of the online world, I try to use simple terms and analogies which everybody can understand. Imagine that your computer is like a house in which you have your goods and where you live. Of course, just like everybody else, you want to feel comfortable and secure in your house, you want privacy and make sure that no one can steal your goods when you are not at home.

Our house
For comfort, a house needs basic facilities like water, electricity and gas. You may also want to have certain commodities like TV with cable network, a telephone and an Internet connection. For security and privacy, the house needs walls, doors and windows with locks. Depending on where you live – for example in a village or a big city where the crime rate is higher – you may want to install a burglar alarm to secure your windows and doors. If you live in a country where the winter is very cold, you may want to insulate the walls in order to keep the heat inside.

Just like a house, the computer also needs some basic components to function correctly and you need some additional elements to give you comfort when using the computer. These basic components are the operating system (Windows, Mac, and so on) with all its elements (drivers, programs) and your commodities are for example a web browser, a document reader, an email client and an office suite.

If you restrict yourself to the basics, never exchange or receive documents with and from the external world, you can compare your computer with a house with minimal facilities or a hut. I doubt that these days this is a real use case for anyone. Assuming that you are just like the rest of us who need a computer with an Internet connection, then the situation looks different.

When you are on the Internet, it is just like you have a house in the middle of a big city. Can you imagine it without doors, windows (with blinds) and locks? Of course not, otherwise it would be like a public domain and you wouldn’t have any privacy and security.

So, you need some security elements. For a computer this means that it needs some kind of security software which keeps strangers away from your information. But a software which has problems (like security vulnerabilities) is the equivalent of a house which has doors and windows but the locks are damaged, thus allowing unrestricted access for everyone. In a house one can enter through the main door, basement, windows or a balcony. These elements which can grant access must be closed or locked in order to guarantee you security and privacy. Exactly like in a house, in a computer there are many ways to get access. A vulnerable operating system or program can be like the basement door left open or even closed but unlocked, no matter if the main door has the latest generation of security system.

This is why it is important to have everything secured, or in a computer, updated to the latest version. A security software is like having a security system installed on the main door and windows. Depending on the type of security software, it can make sure that nobody enters on the basement door or other doors. It might even tell you that some locks in the house are damaged and that they should be replaced. Like in an intelligent house, it could even order the replacements for you and call a technician to install them. For example, this is what an update service does for the software on your computer; it downloads and installs the required software for you.

To close the story with my neighbour, I managed to install the Avira AntiVir Personal edition, scheduled Windows to update itself automatically every day, and installed Firefox and Thunderbird as default Web and Mail clients instead of IE6 and Outlook Express. I created also a free account on an online backup provider and scheduled a synchronization with the cloud every day. This way, her documents were also safe (she didn’t have an external hard drive for backup).

The old laptop of my neighbour wasn’t working significantly slower as before, but now it was like an old house which got renovated: It looks good and it is comfortable, it is secure and provides privacy, but from time to time you hear the floor or the walls making strange noises because the components are old.

With a little help
On a side note, there are various free software solutions which can help identifying the applications which need updates because of known security vulnerabilities. Perhaps the best known is Secunia Online Software Inspector (OSI) and its equivalent for installing on the PC called Secunia Personal Software Inspector (PSI).

More hints about securing the own computer, networks and privacy can be found in the other articles of the “Improve your Security” series:
Improve your Security #1: Complex passwords aren’t always better
Improve your Security #2: Securing your notebook
Improve your Security #3: Online Protection

Sorin Mustaca
Data Security Expert

We continue to see numerous infected sites, which are redirecting users to fake security software campaigns. The pages display animated fake security warnings to users in order to scare them and convince them to download and install a binary, which is generally packaged as fake antivirus software. The victim will be infected with a downloader Trojan that will then download additional malware. Below are a few screenshots of animations typically used in the attacks:

After this initial load animation, the user will be prompted with another security warning:

Once a user clicks on the OK button, additional animated fake security warnings will be displayed.

At this point, the user is prompted to download the fake antivirus software.

This same campaign has been used over and over again and can be found hosted at thousands of domains.

All of the above animations are from the same malicious website. The content is randomly changed for each new visit to the site. Once installed the victim is forced to activate or buy a license key to remove these fake threats from the system. Here are some tips for users who still wants to stay away from those attacks.

1) No real Antivirus vendor displays such security warnings, animations and popups.

2) No website will scan a system when visited and display immediate warnings about threats on the system.

3) No real Antivirus vendor will force you to download an execuatble.

4) When you need AV software, go directly to the site of a reputable vendor yourself.

5) Keep an eye on address bar for the URL name and redirected URL names.

6) Keep any eye on the status bar of the browser, which is present at the bottom to spot redirection taking place.

7) If you want to download executable but are unsure that it is legitimate, it can be scaned against various antivirus vendiors by submitting it to a service such as VirusTotal If popular vendors triggers or declare the file as malicious, immedeatly delete it from the system.

Install a common antivirus solution and keep it updated with latest virus definitions.

9) Last but not least, never pay for such fake security software.

The VirusTotal results for the fake security software from the above example show that it was detected by only 21/42 popular AV vendors. Even now, we are still seeing a large number of fake security software websites promoting their fake products.

Stay safe

Umesh

We have talked in the last blog post about how SpyEye trojan evolved during the time, illustrating some of its technical features and the encryption algorithm used by the trojan to decrypt the configuration file. Yesterday we have uploaded a new technical video that shows how to unpack this new variant of SpyEye in just few minutes with the help of a free debugger.

While SpyEye goes ahead and quickly becomes yet more widespread after the SpyEye-ZeuS joint-venture, we should focus on another threat which is silently raising its status in the ranking of the infostealing trojan family.

Carberp quietly appeared in Q3/Q4 2010 (even if some traces of its code could be found in the months before) and immediately showed great potential. It appears that the team behind this trojan has been very active as of late.

This trojan shows great potential and a modular architecture used to easily and quickly expand its features. All plugins downloaded from the C&C are encrypted with a custom encryption algorithm to evade from classic antivirus scanners. Its features include a module able to disable a list of antivirus software and an antivirus-like module that cleans the infected PC from other infostealing trojan families.

We have written an in depth analysis of the Carberp trojan, illustrating all the technical features of the malware. The paper can be downloaded from the link below:

Carberp – A modular information stealing trojan

Windows Software Guard is a rogue security product in the Privacy Center family that pretends to find system and registry errors on a victim’s machine in order to frighten him or her into purchasing this useless application.

Windows Software Guard graphic interface

(Click on graphic to enlarge)

Windows Software Guard install screen

(Click on graphic to enlarge)

How to remove Windows Software Guard:

If  Windows Software Guard has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Windows Software Guard from your computer now.

We have noticed rogue antivirus software that pretends to be the AVG Anti-Virus 2011. As usually  social engineering is in use -  well known names (AVG, Microsoft Security Essentials)  and designs of trusted applications are present in order to increase credibility.

Once launched, this malware make users believe that computer is infected with malicious programs that might compromise privacy or damage computer, and of course – threat removal is not free and you are asked to purchase “license”.

…and there is even hardcoded BSOD

Malicious software caused system crash

A problem has been detected and Windows has been shut down to prevent damage to your computer.

Technical information:

*** STOP: 0x0000008E (0xC0000005,0x92F27DCF,0×99970968,0×00000000)

***   kernel32.dll – Adress 92F27DCF base at 92E40000, DateStamp 4943a3f

Creating crash dump. <b>Please do NOT turn off or reboot computer.</b>

Collecting data for crash dump

Initializing disk for crash dump

Beginning dump of physical memory

Dumping phisical memory to disk

 AVG detects this software (usually as  part of Trojan horse FakeAV family) and related websites are blocked as well.

Ondrej Novotny

The Bohu family of Trojans has recently earned some media attention. It’s a common malware family that is prevalent in Chinese-speaking part of the world, as can be seen in the spread of one variant, TROJ_FKEPLAYR.CH:

Recently, however, we’ve seen the Bohu family packaged with another malware family: the Goriadu family, which is used to hijack network traffic. In this particular attack, Goriadu malware was used to block the network traffic related to the in-the-cloud features of certain antivirus products.

TROJ_FKEPLAYR.CH drops a package which contains several malicious files. These are detected as TROJ_GORIADU.SMC , TROJ_GORIADU.SMM, and TROJ_GORIADU.SMX.

TROJ_GORIADU.SMM is the component responsible for hijacking the affected system’s network traffic. The targeted applications appear to be popular Chinese antivirus solutions. Trend Micro products and URLs are not on the list of targeted products and URLs.

In the past, many malware variants have blocked URLs related to antivirus companies. However, they usually did so fairly indiscriminately, blocking the entire domains of companies (i.e., for Trend Micro the entire trendmicro.com domain would be blocked.) However, this was fairly easy to detect.

Instead, TROJ_GORIADU.SMM’s blocking specifically targets “in the cloud” functionality by blocking only the servers used for these services. It does this by blocking very specific URLs, such that one could access the websites of the targeted products yet their “cloud” features would not work.

Trend Micro researchers are digging deeper into this issue. These particular behaviors meant to evade detection (appending of garbage code and blocking access to antivirus sites and related services) are definitely not unheard of but they do highlight the importance of protecting computers at all possible levels, such as the URL and file level.

Special thanks to Jamz Yaneza, Patrick Estavillo, Edgardo Diaz, Jr., Jasper Manuel and King Viray for contributing to this post.

Post from: TrendLabs | Malware Blog – by Trend Micro

Malware Targets Security Software in China and Taiwan

Full story: TrendLabs | Malware Blog – by Trend Micro

Twitter has been resetting passwords for accounts that started distributing links promoting fake antivirus software in an attack that used Google’s Web address shortening service to conceal the links’ destination.

Full story: Computerworld Security News

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

I thought I would make a quick post about rogue security software, something the AV industry really hates and that affects thousands of bystanders. First of all, I’d like to comment on the actual name: ROGUE. It irks me to see so many people spell it wrong… namely ROUGE. Now that this is out of [...]

Full story: Malware Diaries

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

It’s not common for Apple to patch a single bug, so the one they patched today must be serious.

The vulnerability patched today in the PackageKit module of OS X 10.6 and later (earlier versions are not affected) could lead to man-in-the-middle attacks. The attacks could result in system crash or arbitrary code execution.

The problem has to do with PackageKit’s handling of distribution scripts. An attacker sitting between Apple’s update server and a user could make changes in the scripts to abuse a format string in the script. PackageKit appears to be the program which interprets this script and is victimized by the attack.

Apple says improved validation of distribution scripts in the update fixes the issue.

This update (as I see it) raises some questions: Aren’t they distributing these scripts via SSL/TLS? If so, how is the man-in-the-middle attack accomplished? If not, well why not?

Full story: Security Watch

Internet has come of age, and with it malicious software and related infections. Viruses, Trojans and advertising software and popups have been there and the numbers have increased with time. With the advent of new century, especially in last 5 years, there has been an introduction to newer types of malicious software, namely spywares and rogue security software.

Full story: a-squared – English

DrWeb — The Russian anti-virus vendor Doctor Web announced the release of the Dr.Web software products for Unix series 6. Changes have mainly been made to Dr.Web for Unix mail servers to improve protection of mail and simplify its administration. Dr.Web for Unix file servers and Internet-gateways have also undergone improvements.

The new feature that enables load-balancing between several anti-virus daemons run on different hosts improves stability and scalability of Dr.Web 6.0 for Unix mail servers.

Parameters can now be set to restrict the total number and maximum nesting level of MIME-components of a message. The support of Milter 6 used with Postfix and Sendmail has been added.

Now the anti-virus can also scan messages transferred via POP3, POP3s, IMAP and IMAPs. The IP reputation filter has also been introduced to block an IP-address whose reputation is considered poor according to statistics. The quarantine format has been changed; yet the anti-virus now allows users to restrict storage time and size as well as the number of quarantined files.

The score points from anti-spam may now be added to scanning results from other components — the SMTP-server and anti-virus along with the anti-spam play their part in determining if a message is spam to increase efficiency of measures aiming to counter junk mail.

The anti-virus can now be set not to mark emails as spam if the messages that can be classified as unsolicited are sent from a computer connected to the ProtectedNetwork.

Some changes made administration of Dr.Web for Unix mail servers easier. It offers a wider range of command line options for controlling the anti-virus. Additional settings for statistics have been introduced: now anti-virus logs are accessible for users and groups; users now can also view statistical information related to spam, unconditional spam and filtered messages and statistics based on results of anti-virus scanning of attachments. Reports have been redesigned.

User-defined rules are stored in the internal database which now supports groups and aliases.

The SMTP proxy of Dr.Web for Unix mail servers series 6 is able to verify protected domains as well as protected addresses, so recipient addresses that are not on the protected list can be removed during an SMTP session. It also serves as an efficient countermeasure against DHA attacks. The performance of the mail receiving component has been improved.

Dr.Web for Unix mail servers series 6 also provides access to user FAQ.

Dr.Web for Internet-gateways Unix features an improved mechanism that blocks access to malicious web-resources: instead of a banner linked to a bogus site a user is displayed a warning, if a user attempts to visit a site found on the black list, they receive a notification. The product can now run without the anti-virus daemon and block access to web-resources by subjects present in its black list. Besides, the web-interface mime-rule editor that allows users to specify response to mime-objects according to their type has been improved significantly.

Now the anti-virus utilizes the dynamic process pool where request handlers are added and disabled depending on the current workload. The new concept supersedes the old process management mechanism and improves scalability of the program significantly.

User groups and groups and categories comprised of various settings including options to block and allow content make it easier to use the product.

Support of Samba 3.5. has been implemented for Dr.Web for Unix file servers.

Automatic updating of a key file has been implemented for each of the three products.

Dr.Web software products for Unix mail servers, Internet-gateways and file servers are available with Dr.Web Mail Security Suite, Dr.Web Gateway Security Suite and Dr.Web Server Security Suite respectively.

Buy Dr.Web for partners | Buy Dr.Web online

View the original article at DrWeb Blog

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Digital Trends – A new survey from German antivirus and computer security firm Avira finds that about one in four PC users admit to turning off virus protection on their PCs because they thought the programs were slowing down their computers. Furthermore, more than three out of five (62.8 percent) have tried multiple computer security products in the span of a year on the same computer, hoping to find one they like, and nearly one in eight (12 percent) have considered getting off the Internet altogether for safety reasons. – on Yahoo! News: Security News

Webroot’s Endpoint Security Software provides users with award-winning spyware and virus protection. Find out how Webroot’s Antispyware or Antispyware with Antivirus software can help your company can quickly remove infections and block new malware.

F-PROT Antivirus for NetBSD updated to feature our latest antivirus scanning engine

Source: FRISK Software News

This video is brought to you by: www.pcmichiana.com Spyware Terminator has been around for quite some time. In this review and quick installation video, I will walk you through all of the features included in this free software package that will help protect your system in real time from spyware infections. It gives you the option to enable virus protection, but that is better left with the experts over at Avast! antivirus instead. This is again, a completely free piece of software for personal use. You cannot use it for commercial use if you want to use the free version, you must buy a license if you wish to do so. Enjoy!

Clip 6/7 Speaker: Nguyen Anh Quynh (Researcher, Japan National Institute of Advanced Industrial Science and Technology) This talk presents eKimono, a new malware scanner for Virtual Machine (VM). By putting eKimono outside of the protected VM, we can fix, or raise the bar in other cases, the most significant flaws in the legacy anti-malware solutions. Advantages offered by our scanner include, but not limited to, the followings: firstly, eKimono is tamper-resistant against malware inside VM, even if the malware compromises the VMs kernel. Secondly, it is harder to be fooled, because eKimono does not rely on the services provided by VM. Last, but not least, our scanner is invisible from VM, so that malware inside never know that they are being monitored. The architecture and implementation of eKimono will be discussed in length. We will show how our scanner easily supports hypervisors like Xen, KVM and QEMU out-of-the-box. The talk will also demonstrate that it is trivial to support other types of VM, such as VMWare, thanks to its extremely flexible design. Technically, eKimono is a top component of a multiple framework architecture. The talk analyses all the layers and explains how we solve challenges in designing and implementing eKimono. The extended application of the below layers is also examined to prove that our frameworks are not just useful for eKimono, but can also be the base to create many new tools, such as such as live memory forensic and VM administration …

A Scottish university spin-out has attracted £170,000 of funding to commercialise an anti-cybercrime software based on the same algorithms for DNA…

Source: Computer Crime Research News

Microsoft is now offering free Symantec security software to small businesses for a limited time, through retailer PC Mall, following some grumbling in response to the free distribution of its own security software.

Source: Computerworld Security News

Oops! They moved the link! Antivirus Software download: antivirus-software.tech.officelive.com antivirus-software.tech.officelive.com

149.474 is now available, new definition file for Ad-Aware 8.2.

150.159 is now available, new definition file for Ad-Aware 8.3.

New definitions:
====================
Win32.Backdoor.Stapome
Win32.FraudTool.UltraDefragger
Win32.Trojan.Fidgen

Updated definitions:
====================
ASP.Backdoor.Ace
BAT.Backdoor.Teldoor
BAT.TrojanPWS.Labt
FunWeb
JS.Exploit.Pdfka
JS.Trojan.StartPage
JS.TrojanClicker.Agent
MSIL.Backdoor.Agent
MSIL.Trojan.Agent
MSIL.TrojanDropper.Late
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.Agent
MSIL.TrojanPWS.Dybalom
MSIL.TrojanSpy.Agent
MSIL.TrojanSpy.KeyLogger
MSIL.TrojanSpy.Zbot
MSIL.Worm.NsMes
MSIL.Worm.Reflesh
MSIL.Worm.Volosat
MyWebSearch
NSIS.Trojan.StartPage
NSIS.Trojan.Voter
VBS.Trojan.Agent
VBS.Trojan.HideIcon
VBS.TrojanClicker.Agent
VBS.TrojanDownloader.Agent
VBS.TrojanDownloader.Small
Win32.Adware.AdMedia
Win32.Adware.AdRotator
Win32.Adware.AdSubscribe
Win32.Adware.Admoke
Win32.Adware.Adwin
Win32.Adware.Agent
Win32.Adware.Allsum
Win32.Adware.Altnet
Win32.Adware.Aureate2
Win32.Adware.BHO
Win32.Adware.Boran
Win32.Adware.CashOn
Win32.Adware.Cinmus
Win32.Adware.CometSystems
Win32.Adware.DM
Win32.Adware.Delf
Win32.Adware.DigitalNames
Win32.Adware.Domhel
Win32.Adware.DuDu
Win32.Adware.Ejik
Win32.Adware.Eztracks
Win32.Adware.EzuLa
Win32.Adware.F1Organizer
Win32.Adware.FakeP2P
Win32.Adware.FearAds
Win32.Adware.Gamevance
Win32.Adware.Lop
Win32.Adware.MDH
Win32.Adware.NavExcel
Win32.Adware.NaviPromo
Win32.Adware.OneStep
Win32.Adware.Podcast
Win32.Adware.RON
Win32.Adware.Reklosoft
Win32.Adware.SearchIt
Win32.Adware.ShowBehind
Win32.Adware.SideFind
Win32.Adware.SurfSide
Win32.Adware.WSearch
Win32.Adware.Wintol
Win32.Adware.Zwangi
Win32.Backdoor.Agent
Win32.Backdoor.Agobot
Win32.Backdoor.Assasin
Win32.Backdoor.Bancodor
Win32.Backdoor.Bandok
Win32.Backdoor.Bandoora
Win32.Backdoor.Banito
Win32.Backdoor.BeastDoor
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredolab
Win32.Backdoor.Buterat
Win32.Backdoor.Cetorp
Win32.Backdoor.Chyopic
Win32.Backdoor.CiaDoor
Win32.Backdoor.Cindyc
Win32.Backdoor.Clampi
Win32.Backdoor.Curioso
Win32.Backdoor.DarkMoon
Win32.Backdoor.Darkshell
Win32.Backdoor.Death
Win32.Backdoor.Delf
Win32.Backdoor.Donbot
Win32.Backdoor.DsBot
Win32.Backdoor.EggDrop
Win32.Backdoor.Firstinj
Win32.Backdoor.Goolbot
Win32.Backdoor.GrayBird
Win32.Backdoor.HacDef
Win32.Backdoor.Harebot
Win32.Backdoor.Havar
Win32.Backdoor.Hobbit
Win32.Backdoor.HttpBot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Inject
Win32.Backdoor.Irc
Win32.Backdoor.Ircnite
Win32.Backdoor.Jewdo
Win32.Backdoor.JokerDoor
Win32.Backdoor.Joleee
Win32.Backdoor.Kbot
Win32.Backdoor.Koutodoor
Win32.Backdoor.Krafcot
Win32.Backdoor.Kredoor
Win32.Backdoor.Lavandos
Win32.Backdoor.Lolbot
Win32.Backdoor.Mex
Win32.Backdoor.MoSucker
Win32.Backdoor.Nbdd
Win32.Backdoor.Nepoe
Win32.Backdoor.NewRest
Win32.Backdoor.Nuclear
Win32.Backdoor.Obana
Win32.Backdoor.Optix
Win32.Backdoor.PcClient
Win32.Backdoor.Phanta
Win32.Backdoor.Phoenix
Win32.Backdoor.Poebot
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.PopWin
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.Protector
Win32.Backdoor.Protux
Win32.Backdoor.RBot
Win32.Backdoor.Ripinip
Win32.Backdoor.SDBot
Win32.Backdoor.Shark
Win32.Backdoor.Sheldor
Win32.Backdoor.Shiz
Win32.Backdoor.Singu
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.Snart
Win32.Backdoor.SpyAll
Win32.Backdoor.SubSeven
Win32.Backdoor.Swz
Win32.Backdoor.TDSS
Win32.Backdoor.Torr
Win32.Backdoor.Turkojan
Win32.Backdoor.UltimateDefender
Win32.Backdoor.VB
Win32.Backdoor.VanBot
Win32.Backdoor.Vipdataend
Win32.Backdoor.Visel
Win32.Backdoor.Vyrub
Win32.Backdoor.Whimoo
Win32.Backdoor.WinUoj
Win32.Backdoor.Xyligan
Win32.Backdoor.Yobdam
Win32.Backdoor.Yoddos
Win32.Backdoor.Yurist
Win32.Backdoor.ZeroPot
Win32.Backdoor.Zzslash
Win32.Backdoor.mIRC-based
Win32.BackdoorIRC.Zapchast
Win32.BadJoke.BadJoke
Win32.Dialer.Agent
Win32.Dialer.Small
Win32.Dialer.Trojan
Win32.Exploit.IMG-WMF
Win32.Exploit.Imail
Win32.Exploit.MS04-007
Win32.Exploit.MS05-017
Win32.Flooder.MobileBomb
Win32.Flooder.Vknkte
Win32.FraudTool.AntiMalwarePRO
Win32.FraudTool.DesktopDefender2010
Win32.FraudTool.PcCleanPro
Win32.FraudTool.SpywareIsolator
Win32.FraudTool.WinFixer
Win32.Hoax.ArchSMS
Win32.Hoax.Bravia
Win32.Hoax.Gsmgen
Win32.Hoax.Renos
Win32.Hoax.Screensaver
Win32.IMFlooder.ICQBomber
Win32.IMFlooder.VB
Win32.Monitor.ActiveKeyLogger
Win32.Monitor.ActualSpy
Win32.Monitor.AdvancedNetMonitor
Win32.Monitor.Agent
Win32.Monitor.Ardamax
Win32.Monitor.Delf
Win32.Monitor.DeskScout
Win32.Monitor.EliteKeylogger
Win32.Monitor.HiddenCamera
Win32.Monitor.HomeKeylogger
Win32.Monitor.Hooker
Win32.Monitor.KGBSpy
Win32.Monitor.KeyLogger
Win32.Monitor.MonitorSniffer
Win32.Monitor.Orvell
Win32.Monitor.PCAgent
Win32.Monitor.PCSpy
Win32.Monitor.PowerSpy
Win32.Monitor.RealSpy
Win32.Monitor.SCKeyLog
Win32.Monitor.SpyKeylogger
Win32.Monitor.SpyMyPC
Win32.Monitor.StaffCop
Win32.Monitor.WebSiteSpy
Win32.Monitor.XPCSpy
Win32.P2PWorm.Agent
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Deecee
Win32.P2PWorm.Palevo
Win32.Rootkit.Agent
Win32.Rootkit.Bezopi
Win32.Rootkit.Bubnix
Win32.Rootkit.Fdog
Win32.Rootkit.Mediyes
Win32.Rootkit.Small
Win32.Rootkit.TDSS
Win32.Rootkit.Tent
Win32.SMSFlooder.Ideknet
Win32.Toolbar.Agent
Win32.Toolbar.ChameleonTom
Win32.Toolbar.RK
Win32.Toolbar.WhenU
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Antavmu
Win32.Trojan.AutoHK
Win32.Trojan.AutoIT
Win32.Trojan.BAT
Win32.Trojan.BHO
Win32.Trojan.Bepiv
Win32.Trojan.Buzus
Win32.Trojan.C4dlmedia
Win32.Trojan.Cariez
Win32.Trojan.Cdur
Win32.Trojan.Chifrax
Win32.Trojan.Chydo
Win32.Trojan.Cidres
Win32.Trojan.Clicker
Win32.Trojan.ConnectionService
Win32.Trojan.Cosmu
Win32.Trojan.Cossta
Win32.Trojan.DNSchanger
Win32.Trojan.DelFiles
Win32.Trojan.Delf
Win32.Trojan.Delfinject
Win32.Trojan.Dialui
Win32.Trojan.Dire
Win32.Trojan.Eckut
Win32.Trojan.Exedot
Win32.Trojan.FakeAV
Win32.Trojan.Fakems
Win32.Trojan.Feedel
Win32.Trojan.Firulozer
Win32.Trojan.FlyStudio
Win32.Trojan.Fraudpack
Win32.Trojan.Genome
Win32.Trojan.Gibi
Win32.Trojan.Gipneox
Win32.Trojan.Goriadu
Win32.Trojan.Grom
Win32.Trojan.Hooker
Win32.Trojan.Hrup
Win32.Trojan.Inject
Win32.Trojan.Jexec
Win32.Trojan.Jkfg
Win32.Trojan.KeyLoma
Win32.Trojan.KillAV
Win32.Trojan.Kilva
Win32.Trojan.Koblu
Win32.Trojan.Kreeper
Win32.Trojan.Llac
Win32.Trojan.Logoninvader
Win32.Trojan.MMM
Win32.Trojan.Mahato
Win32.Trojan.Mailfinder
Win32.Trojan.Mejax
Win32.Trojan.Mepaow
Win32.Trojan.Midgare
Win32.Trojan.Migotrup
Win32.Trojan.Miser
Win32.Trojan.Monder
Win32.Trojan.Naiput
Win32.Trojan.Obfuscated
Win32.Trojan.Ormimro
Win32.Trojan.Pakes
Win32.Trojan.Pasmu
Win32.Trojan.Pasta
Win32.Trojan.Phires
Win32.Trojan.Pincav
Win32.Trojan.Pirminay
Win32.Trojan.PopUpper
Win32.Trojan.Powp
Win32.Trojan.Qhost
Win32.Trojan.Rabbit
Win32.Trojan.Refroso
Win32.Trojan.Regrun
Win32.Trojan.Rettesser
Win32.Trojan.Riner
Win32.Trojan.Rozena
Win32.Trojan.Sadenav
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Sefnit
Win32.Trojan.ShipUp
Win32.Trojan.Siscos
Win32.Trojan.Skillis
Win32.Trojan.Skor
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Smardf
Win32.Trojan.Spy
Win32.Trojan.Staget
Win32.Trojan.StartPage
Win32.Trojan.Starter
Win32.Trojan.Swisyn
Win32.Trojan.Swizzor
Win32.Trojan.Tdss
Win32.Trojan.Tirnod
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Trojan.Vkhost
Win32.Trojan.Vpuzus
Win32.Trojan.Workir
Win32.Trojan.Xih
Win32.Trojan.Zmunik
Win32.Trojan.Zybr
Win32.TrojanClicker.Agent
Win32.TrojanClicker.AutoIT
Win32.TrojanClicker.BHO
Win32.TrojanClicker.Cycler
Win32.TrojanClicker.Delf
Win32.TrojanClicker.VB
Win32.TrojanClicker.VBiframe
Win32.TrojanClicker.Vesloruki
Win32.TrojanDDoS.Agent
Win32.TrojanDDoS.Boxed
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Alphabet
Win32.TrojanDownloader.Apher
Win32.TrojanDownloader.Asune
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BaoFa
Win32.TrojanDownloader.Boltolog
Win32.TrojanDownloader.Calipr
Win32.TrojanDownloader.Clopack
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.Cyrel
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Dluca
Win32.TrojanDownloader.Fload
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Homa
Win32.TrojanDownloader.Hover
Win32.TrojanDownloader.ISTBar
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Lipler
Win32.TrojanDownloader.Losabel
Win32.TrojanDownloader.Metfok
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.NSIS
Win32.TrojanDownloader.Nurech
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Obitel
Win32.TrojanDownloader.PepperPaper
Win32.TrojanDownloader.Peregar
Win32.TrojanDownloader.Pgino
Win32.TrojanDownloader.Pher
Win32.TrojanDownloader.Radonl
Win32.TrojanDownloader.Refroso
Win32.TrojanDownloader.RtkDL
Win32.TrojanDownloader.Selvice
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Sumara
Win32.TrojanDownloader.Tobor
Win32.TrojanDownloader.Trad
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.WebDown
Win32.TrojanDownloader.Winad
Win32.TrojanDownloader.Zlob
Win32.TrojanDownloader.Zudz
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Aholic
Win32.TrojanDropper.Autoit
Win32.TrojanDropper.BHO
Win32.TrojanDropper.Binder
Win32.TrojanDropper.Blastit
Win32.TrojanDropper.Blocker
Win32.TrojanDropper.Bototer
Win32.TrojanDropper.Champ
Win32.TrojanDropper.Clons
Win32.TrojanDropper.Cryptrun
Win32.TrojanDropper.Danseed
Win32.TrojanDropper.Decay
Win32.TrojanDropper.Delf
Win32.TrojanDropper.Dron
Win32.TrojanDropper.Drooptroop
Win32.TrojanDropper.Ekafod
Win32.TrojanDropper.Flystud
Win32.TrojanDropper.Hdrop
Win32.TrojanDropper.HeliosBinder
Win32.TrojanDropper.Joiner
Win32.TrojanDropper.Juntador
Win32.TrojanDropper.KGen
Win32.TrojanDropper.Klop
Win32.TrojanDropper.Kwotc
Win32.TrojanDropper.MSIL
Win32.TrojanDropper.Meci
Win32.TrojanDropper.Microjoin
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.MultiJoiner
Win32.TrojanDropper.NSIS
Win32.TrojanDropper.Pasdon
Win32.TrojanDropper.Pendr
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Purityscan
Win32.TrojanDropper.Renum
Win32.TrojanDropper.Scheduler
Win32.TrojanDropper.Shiz
Win32.TrojanDropper.Small
Win32.TrojanDropper.Stabs
Win32.TrojanDropper.Startpage
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.Tab
Win32.TrojanDropper.Typic
Win32.TrojanDropper.VB
Win32.TrojanDropper.Vidro
Win32.TrojanDropper.Wlord
Win32.TrojanDropper.Zaslanetzh
Win32.TrojanDropper.taob
Win32.TrojanMailfinder.Delf
Win32.TrojanMailfinder.Gadina
Win32.TrojanNotifier.Faceless
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Batist
Win32.TrojanPWS.Bjlog
Win32.TrojanPWS.Delf2
Win32.TrojanPWS.Dybalom
Win32.TrojanPWS.Eruwbi
Win32.TrojanPWS.Fakemsn
Win32.TrojanPWS.Frethoq
Win32.TrojanPWS.Gamad
Win32.TrojanPWS.IcqSmiley
Win32.TrojanPWS.Kates
Win32.TrojanPWS.Kukuraz
Win32.TrojanPWS.Kykymber
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Maran
Win32.TrojanPWS.Mfirst
Win32.TrojanPWS.Minild
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.PdPinch
Win32.TrojanPWS.QQGame
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.QQShou
Win32.TrojanPWS.Qqfish
Win32.TrojanPWS.Rumrux
Win32.TrojanPWS.Staem
Win32.TrojanPWS.Steam
Win32.TrojanPWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.Vkont
Win32.TrojanPWS.WOW
Win32.TrojanPWS.WebMoner
Win32.TrojanPWS.Yahupass
Win32.TrojanProxy.Agent
Win32.TrojanProxy.Cimuz
Win32.TrojanProxy.Puma
Win32.TrojanProxy.Ranky
Win32.TrojanProxy.Saturn
Win32.TrojanProxy.Small
Win32.TrojanRansom.Blocker
Win32.TrojanRansom.Chameleon
Win32.TrojanRansom.Digitala
Win32.TrojanRansom.Fakeinstaller
Win32.TrojanRansom.Hexzone
Win32.TrojanRansom.PinkBlocker
Win32.TrojanRansom.PornoBlocker
Win32.TrojanRansom.SMSer
Win32.TrojanRansom.XBlocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Amber
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banker2
Win32.TrojanSpy.Banz
Win32.TrojanSpy.Baraklo
Win32.TrojanSpy.Burda
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Dibik
Win32.TrojanSpy.IESpy
Win32.TrojanSpy.Insain
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Lordspy
Win32.TrojanSpy.Luzia
Win32.TrojanSpy.Lydra
Win32.TrojanSpy.MultiBanker
Win32.TrojanSpy.Plankton
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.Sincom
Win32.TrojanSpy.Spenir
Win32.TrojanSpy.SpyEx
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.VB
Win32.TrojanSpy.Wemon
Win32.TrojanSpy.Zapchast
Win32.TrojanSpy.Zbot
Win32.TrojanSpy.Zcbhiv
Win32.Worm.Agent
Win32.Worm.AutoIt
Win32.Worm.Bybz
Win32.Worm.Carrier
Win32.Worm.Downloader
Win32.Worm.Kido
Win32.Worm.Kolab
Win32.Worm.Kolabc
Win32.Worm.Koobface
Win32.Worm.LockSky
Win32.Worm.LovGate
Win32.Worm.LoveLetter
Win32.Worm.Mabezat
Win32.Worm.Mytob
Win32.Worm.Netsky
Win32.Worm.Pinit
Win32.Worm.Polip
Win32.Worm.Qvod
Win32.Worm.Runfer
Win32.Worm.SDBot
Win32.Worm.Scano
Win32.Worm.Tdownland
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Warezov

MD5 checksum for Ad-Aware 8.2 core.aawdef is 367941b7290ad1b07b1fafcb1cc92fb4

Source: Lavasoft Malware Labs Blog

Reader LK wants to know if Microsoft Security Essentials (which I’ve championed in these pages many times) can be installed alongside other anti-virus and/or anti-malware programs.

View full post on Computerworld Security News