Computer Security Articles

Nearly a month after it yanked an Outlook 2007 update over connection and performance problems, Microsoft has re-released the patch to correct its mistakes.

Full story: Computerworld Security News

Added to the resources blog at http://blog.eset.com/2011/01/03/stuxnet-information-and-resources:

Report of a Stuxnet-unrelated vulnerability in SCADA software
A speculative cyberwar link
Some links on Iranian post-Stuxnet "cybermilitia" recruitment.

http://www.itworld.com/security/133469/iran-responds-stuxnet-expanding-cyberwar-militia

http://blogs.forbes.com/jeffreycarr/2011/01/12/irans-paramilitary-militia-is-recruiting-hackers/?boxes=financechannelforbes

David Harley CITP FBCS CISSP

Full story: ESET ThreatBlog

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Google released the web browser Chrome 8.0.552.237 last night to fix 16 security vulnerabilities in the software. Of the vulnerabilities, one is rated as being “critical”, while 13 get the rating “high” and two the rating “medium”.

The Update gets installed automatically on most systems. To check the version and install the Update if necessary, click on the tool symbol in Chrome and there on the entry “Info about Chrome”. Then a version check takes place and the currently installed version is shown.

Dirk Knop
Technical Editor

Full story: Avira – TechBlog

The vulnerability in Internet Explorer that was first reported on 23 December 2010, has yet to be patched but Microsoft has updated its advisory which contains workarounds and mitigations for the issue.

For those who don’t use IE, it’d be wise to turn off the IE option until a permanent fix is released. Those who need to use IE are advised to implement the workarounds that involve:

• preventing the recursive loading of CSS style sheets in IE,
• deploying the Enhanced Mitigation Experience Toolkit (EMET), and
• setting internet and local internet security zone settings to “High”

Detailed instructions for implementing the workarounds can be found at the updated Security Advisory 2488013. Please take note that for these workarounds to be effective, the latest security update (MS10-090) must be installed first.

Keep posted for the latest news.

On 12/01/11 At 03:38 AM

Full story: F-Secure Antivirus Research Weblog

It’s not common for Apple to patch a single bug, so the one they patched today must be serious.

The vulnerability patched today in the PackageKit module of OS X 10.6 and later (earlier versions are not affected) could lead to man-in-the-middle attacks. The attacks could result in system crash or arbitrary code execution.

The problem has to do with PackageKit’s handling of distribution scripts. An attacker sitting between Apple’s update server and a user could make changes in the scripts to abuse a format string in the script. PackageKit appears to be the program which interprets this script and is victimized by the attack.

Apple says improved validation of distribution scripts in the update fixes the issue.

This update (as I see it) raises some questions: Aren’t they distributing these scripts via SSL/TLS? If so, how is the man-in-the-middle attack accomplished? If not, well why not?

Full story: Security Watch

149.538 is now available, new definition file for Ad-Aware 8.2.

150.224 is now available, new definition file for Ad-Aware 9.x, 8.3.

New definitions:
====================

Updated definitions:
====================
BAT.Trojan.Startpage
BAT.Trojandownloader.Agent
MSIL.Trojan.Agent
MSIL.TrojanDownloader.Agent
MSIL.TrojanDropper.Agent
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.Agent
MSIL.TrojanSpy.Zbot
Win32.Adware.AdSubscribe
Win32.Adware.Admoke
Win32.Adware.Agent
Win32.Adware.EzuLa
Win32.Adware.FearAds
Win32.Adware.Gaba
Win32.Adware.Gabpath
Win32.Adware.SuperJuan
Win32.Adware.Zwangi
Win32.Backdoor.Agent
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredolab
Win32.Backdoor.Buterat
Win32.Backdoor.Cetorp
Win32.Backdoor.Darkshell
Win32.Backdoor.Delf
Win32.Backdoor.Gbot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Inject
Win32.Backdoor.Ircnite
Win32.Backdoor.Koutodoor
Win32.Backdoor.Krafcot
Win32.Backdoor.Optix
Win32.Backdoor.Poison
Win32.Backdoor.Prorat
Win32.Backdoor.RBot
Win32.Backdoor.SDBot
Win32.Backdoor.Shiz
Win32.Backdoor.Sinowal
Win32.Backdoor.Spammy
Win32.Backdoor.TDSS
Win32.Backdoor.Trup
Win32.Backdoor.Turkojan
Win32.Backdoor.VanBot
Win32.Backdoor.WinUoj
Win32.Backdoor.Xyligan
Win32.Backdoor.Yobdam
Win32.FraudTool.HDDDoctor
Win32.Hoax.ArchSMS
Win32.Monitor.Ardamax
Win32.Monitor.Perflogger
Win32.Monitor.PowerSpy
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Palevo
Win32.P2PWorm.Polip
Win32.Rootkit.Agent
Win32.Rootkit.Bubnix
Win32.Rootkit.TDSS
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.AntiAV
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Cosmu
Win32.Trojan.Delf
Win32.Trojan.Direr
Win32.Trojan.FakeAV
Win32.Trojan.FlyStudio
Win32.Trojan.Fraudpack
Win32.Trojan.Gabba
Win32.Trojan.Genome
Win32.Trojan.Hrup
Win32.Trojan.Inject
Win32.Trojan.Llac
Win32.Trojan.Monder
Win32.Trojan.Phires
Win32.Trojan.Pincav
Win32.Trojan.Pirminay
Win32.Trojan.Powp
Win32.Trojan.Refroso
Win32.Trojan.Regrun
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Searches
Win32.Trojan.Siscos
Win32.Trojan.Skillis
Win32.Trojan.Small
Win32.Trojan.StartPage
Win32.Trojan.Swisyn
Win32.Trojan.Tdss
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.TrojanClicker.Agent
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.Cntr
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Fosniw
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Myxa
Win32.TrojanDownloader.NSIS
Win32.TrojanDownloader.Ovosh
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.VB
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Clons
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.Vedio
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Bjlog
Win32.TrojanPWS.Delf
Win32.TrojanPWS.Dybalom
Win32.TrojanPWS.Emelent
Win32.TrojanPWS.Firethief
Win32.TrojanPWS.Kates
Win32.TrojanPWS.Kykymber
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Magania
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.QQShou
Win32.TrojanPWS.Qbot
Win32.TrojanPWS.WOW
Win32.TrojanRansom.Hexzone
Win32.TrojanRansom.PornoBlocker
Win32.TrojanRansom.Seftad
Win32.TrojanRansom.XBlocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.BHO
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banz
Win32.TrojanSpy.Brospa
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Flystudio
Win32.TrojanSpy.Gritz
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.MultiBanker
Win32.TrojanSpy.Qqlogger
Win32.TrojanSpy.Sincom
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.VB
Win32.TrojanSpy.Zbot
Win32.Worm.Allaple
Win32.Worm.AutoIt
Win32.Worm.Autooter
Win32.Worm.Autorun
Win32.Worm.Hlux
Win32.Worm.Iksmas
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Mabezat
Win32.Worm.Mixor
Win32.Worm.Mytob
Win32.Worm.VB
Win32.Worm.Vbna

MD5 checksum for Ad-Aware core.aawdef is 7a8cab1e832af597936a384bbb42c802

Full story: Lavasoft Malware Labs Blog

The WordPress team has alerted WordPress users to a critical XSS flaw in versions 3.0.3 and previous. WordPress has not sent out many alerts of this importance, and during the holiday downtime it increases the difficulty for many teams to consider upgrading.

On initial inspection it would appear to be quite trivial for folks with malicious intent to exploit these flaws, so consider applying this update before popping the cork on the bubbly on New Years Eve.

WordPress users who have subscribed to their security mailing list should have already received a notice of the update.The email states:

First off, happy holidays. I hope this time of the year, chilly for many of you, has given you time to enjoy family, friends, and loved ones and reflect on the year before and the year to come.

My last message to you this year is an important but unfortunate one: we’ve fixed a pretty critical vulnerability in WordPress’ core HTML sanitation library, and because this library is used lots of places it’s important that everyone update as soon as possible.

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

You can update in your dashboard, on the “updates” tab, or download the latest WordPress here:

http://wordpress.org/download/

The official release announcement is here:

http://wp.me/pZhYe-qt

Merry WordPressing in 2011,
Matt Mullenweg

Looking at the source code changes it would appear that the flaws exist in parts of the code which are case-sensitive when detecting which protocols are allowed in certain parts of the application. The update prohibits evading the rules with mixed case input.

Bloggers hosting their own instance of WordPress are advised to update immediately. Those of us at SophosLabs will be sure to update Naked Security readers if this is seen to be exploited in the wild.

Full story: Naked Security – Sophos

Version 1.3 of the Stuxnet Analysis white paper is now available on the white papers page at http://www.eset.com/documentation/white-papers. Details as follows.
Stuxnet Under the Microscope 
By Alexandr Matrosov, Eugene Rodionov, David Harley and Juraj Malcho, December 2010
Summary: Version 1.3 of a comprehensive analysis of the Stuxnet phenomenon, updated to include further information on the now-patched Task Scheduler … Read More. – on ESET ThreatBlog

We just published an update for Avira AntiVir 10 with Service Pack 1 that solves an issue some users were experiencing where their computers stopped to respond after a short time of running. An error message indicates in those cases that the paged pool memory isn’t sufficient. As a workaround it was possible to disable the process protection of Avira AntiVir.

The now released update solves that issue. Those who disabled the process protection may enable it again after applying that update, which should happen automatically within the usual update cycle (exception: if the default configuration got changed and product updates explicitly got disabled). Please accept our sincere apologies for any inconveniences!

Dirk Knop
Technical Editor

– Avira GmbH on Avira – TechBlog

It’s been a bit quiet on the Qubes development front for the last 2 months. The reason for this was that Rafal and myself got fully engaged in a new commercial research project. After all, we do need to make money somehow, so that we could later spend them on funding Qubes development

But this new engagement is actually closely related to what we do with Qubes (i.e. how new hardware technologies allow to build more secure OSes), so it’s not like we’re abandoning Qubes, as the experience we get with this research project will surely be useful for us when designing and implementing the Qubes 2.0 architecture.

In order to continue with Qubes, we’ve decided to hire some Linux programmers, while Rafal and I will continue with our research project over the coming months. We’ve decided to start a cooperation with another Polish computer outfit, TLS Technologies, who specializes in advanced systems design and implementation.

There are a couple of people people from TLS engaged in Qubes, and you will soon “meet” them on qubes-devel, in our wiki, and of course, you will see their contributions in our git repos.

The plan is to have Beta 1 released sometime in January 2010. The two important features that will be implemented first, and that will make it into Beta 1 (apart for the long-awaited installer) are: Firewall VMs, and support for templates for service VMs. Stay tuned for more details soon!

If everything goes smoothly, then we should expect Qubes 1.0 sometime at the end of Q1 2011…

– on The Invisible Things Lab’s blog

Another site selling “memberships” for something that’s free

Here’s the latest twist in the “membership” site scam: spam emails that tell potential victims to update their Adobe Reader include links to a web site intended to look like something related to Adobe products, but is selling “memberships.”

The REAL way to update your Adobe software is on the help menu: help | check for updates (see the end of this blog piece for details).

The spam email:

(click graphic to enlarge)

Notice that the graphic on the web page says “PDF Reader/Writer” and doesn’t mention Adobe, as the email (and the URL it contained) did:

(click graphic to enlarge)

The default selections on the “choose your  plan” page includes

– three years of “unlimited VIP access and support” ($ 12.97)
– one year of “full protection against intrusion with ETD scanner” ($ 1.49 per month – payable up front, so that’s $ 17.88)
– “award-winning download accelerator” for $ 9.95.

That’s a total of $ 40.80.

(click graphic to enlarge)

A web search for “ETD scanner” is interesting too. Its home page says it has been parked by GoDaddy.

In material that comes with it, it’s described as: “… an anti-spyware/malware/trojan, privacy protector, system performance enhancer and popup blocker software all-in-one!” In its “system requirements” the latest version of Windows listed is 2003.

The scanner is for sale on a site called “BrotherSoft”  for $ 29.95 although only 135 people have purchased it in a year and a half.

A 60-day trial version that we downloaded installed successfully and wasn’t detected as malicious code by VIPRE or other AV sources, but didn’t download any signature updates, so, apparently the only detections it was capable of were those from 2004 (if it’s functional at all.)

 

How to REALLY update Adobe products (IT’S FREE!)

Now back in the REAL world, if you want to update one of your Adobe products, you open it, then select the help menu, then “check for updates.” They’re free.

 (click graphic to enlarge)

Thanks Adam.

Tom Kelchner

– on Sunbelt Blog

WikiLeaks appears to be quickly taking steps to reduce its reliance on Internet infrastructure in the U.S. as it battles to keep secret diplomatic cables online while its new French hosting provider is seeking court protection. – on Computerworld Security News

– on CSRT: Content Security Research Team

A website labelled ‘Porn TV’ acts as a malware distribution platform: freev.info When clicking on any video link, a very convincing screen pops up: Downloading the update actually downloads a malware file (Adobe_FlashPlayer_Update_nov.2010.exe) from: freev.info/go/getflashplayer/ There currently is very low detection amongst AV vendors (8/43 on VirusTotal). The malicious server hosting that file is located in [...] – on Malware Diaries

Just when you think they can’t pull another one off, Apple does it again. No, we’re not talking about killer consumer electronics products, we’re talking about security updates of record-setting girth.

Only 45 of the 85 vulnerability fixes described in Apple’s latest iOS security advisory apply to the new iOS 4.2 version. iOS 3.2 through 3.2.2 for iPad incorporates another 40 fixes on top of those. 8 of the vulnerability fixes for iOS also affect Apple TV and are fixed in the new version 4.1 of that product.

It’s always fun to look for the oldest vulnerability listed by Apple and this update is no exception. CVE-2009-1707, revealed to the public on 6/10/2009 and just fixed today, describes an error which could allow a user with physical access to the device to view stored web site passwords. It’s not the most serious bug, but 17 months+ is a long time.

But many of the other vulnerabilities are classic critical bugs where reading a file can lead to remote code execution. Normal users run in a less privileged mode, but combined with CVE-2010-3830 (“Malicious code may gain system privileges“), a more severe compromise is possible.

Time to go to iTunes and apply updates.

– on Security Watch

The Cupertino based company just released the long awaited update of the operating system iOS 4.2.1 for the iPhone, iPad and iPod Touch. While it brings many changes mainly for iPad owners like multitasking, app folders and so on, it is more than just these more or less cosmetic fixes.

It is a full-blown security update which closes plenty of security holes especially in Webkit – the foundation of the Safari web browser. These vulnerabilities allow attackers for example to dial out without user knowledge to costly numbers or to take over complete control of the iPhone/iPad/iPod Touch. A post on Apple’s security announcement list contains a lengthy list of security vulnerabilities fixed with iOS 4.2.1.

Thus owners and users of an iPad, iPhone or iPod Touch are strongly recommended to apply the update as soon as possible. The danger of an attack is significantly increased since meanwhile the source code of the greenp0ison hack to unlock and root the iP*-devices has been published by their developers and greatly simplifies the programming of according hacks.

Dirk Knop
Technical Editor

– Avira GmbH on Avira – TechBlog

Apple issued today updates to the Safari browser on Windows and Mac OS X to address 27 vulnerabilities in the Webkit browser engine on which the browser is built.

For 23 of the fixes the impact is straightforward remote code execution: “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.” 3 of the remaining vulnerabilities enable spoofing or information disclosure and the last may allow Webkit to perform DNS prefetching even when it is disabled.

Webkit is the engine in other browsers as well, from those in the iPhone, iPad and Google Android devices to Google’s Chrome and WebOS, so expect updates in those browsers as well.

Source: Security Watch

149.474 is now available, new definition file for Ad-Aware 8.2.

150.159 is now available, new definition file for Ad-Aware 8.3.

New definitions:
====================
Win32.Backdoor.Stapome
Win32.FraudTool.UltraDefragger
Win32.Trojan.Fidgen

Updated definitions:
====================
ASP.Backdoor.Ace
BAT.Backdoor.Teldoor
BAT.TrojanPWS.Labt
FunWeb
JS.Exploit.Pdfka
JS.Trojan.StartPage
JS.TrojanClicker.Agent
MSIL.Backdoor.Agent
MSIL.Trojan.Agent
MSIL.TrojanDropper.Late
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.Agent
MSIL.TrojanPWS.Dybalom
MSIL.TrojanSpy.Agent
MSIL.TrojanSpy.KeyLogger
MSIL.TrojanSpy.Zbot
MSIL.Worm.NsMes
MSIL.Worm.Reflesh
MSIL.Worm.Volosat
MyWebSearch
NSIS.Trojan.StartPage
NSIS.Trojan.Voter
VBS.Trojan.Agent
VBS.Trojan.HideIcon
VBS.TrojanClicker.Agent
VBS.TrojanDownloader.Agent
VBS.TrojanDownloader.Small
Win32.Adware.AdMedia
Win32.Adware.AdRotator
Win32.Adware.AdSubscribe
Win32.Adware.Admoke
Win32.Adware.Adwin
Win32.Adware.Agent
Win32.Adware.Allsum
Win32.Adware.Altnet
Win32.Adware.Aureate2
Win32.Adware.BHO
Win32.Adware.Boran
Win32.Adware.CashOn
Win32.Adware.Cinmus
Win32.Adware.CometSystems
Win32.Adware.DM
Win32.Adware.Delf
Win32.Adware.DigitalNames
Win32.Adware.Domhel
Win32.Adware.DuDu
Win32.Adware.Ejik
Win32.Adware.Eztracks
Win32.Adware.EzuLa
Win32.Adware.F1Organizer
Win32.Adware.FakeP2P
Win32.Adware.FearAds
Win32.Adware.Gamevance
Win32.Adware.Lop
Win32.Adware.MDH
Win32.Adware.NavExcel
Win32.Adware.NaviPromo
Win32.Adware.OneStep
Win32.Adware.Podcast
Win32.Adware.RON
Win32.Adware.Reklosoft
Win32.Adware.SearchIt
Win32.Adware.ShowBehind
Win32.Adware.SideFind
Win32.Adware.SurfSide
Win32.Adware.WSearch
Win32.Adware.Wintol
Win32.Adware.Zwangi
Win32.Backdoor.Agent
Win32.Backdoor.Agobot
Win32.Backdoor.Assasin
Win32.Backdoor.Bancodor
Win32.Backdoor.Bandok
Win32.Backdoor.Bandoora
Win32.Backdoor.Banito
Win32.Backdoor.BeastDoor
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredolab
Win32.Backdoor.Buterat
Win32.Backdoor.Cetorp
Win32.Backdoor.Chyopic
Win32.Backdoor.CiaDoor
Win32.Backdoor.Cindyc
Win32.Backdoor.Clampi
Win32.Backdoor.Curioso
Win32.Backdoor.DarkMoon
Win32.Backdoor.Darkshell
Win32.Backdoor.Death
Win32.Backdoor.Delf
Win32.Backdoor.Donbot
Win32.Backdoor.DsBot
Win32.Backdoor.EggDrop
Win32.Backdoor.Firstinj
Win32.Backdoor.Goolbot
Win32.Backdoor.GrayBird
Win32.Backdoor.HacDef
Win32.Backdoor.Harebot
Win32.Backdoor.Havar
Win32.Backdoor.Hobbit
Win32.Backdoor.HttpBot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Inject
Win32.Backdoor.Irc
Win32.Backdoor.Ircnite
Win32.Backdoor.Jewdo
Win32.Backdoor.JokerDoor
Win32.Backdoor.Joleee
Win32.Backdoor.Kbot
Win32.Backdoor.Koutodoor
Win32.Backdoor.Krafcot
Win32.Backdoor.Kredoor
Win32.Backdoor.Lavandos
Win32.Backdoor.Lolbot
Win32.Backdoor.Mex
Win32.Backdoor.MoSucker
Win32.Backdoor.Nbdd
Win32.Backdoor.Nepoe
Win32.Backdoor.NewRest
Win32.Backdoor.Nuclear
Win32.Backdoor.Obana
Win32.Backdoor.Optix
Win32.Backdoor.PcClient
Win32.Backdoor.Phanta
Win32.Backdoor.Phoenix
Win32.Backdoor.Poebot
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.PopWin
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.Protector
Win32.Backdoor.Protux
Win32.Backdoor.RBot
Win32.Backdoor.Ripinip
Win32.Backdoor.SDBot
Win32.Backdoor.Shark
Win32.Backdoor.Sheldor
Win32.Backdoor.Shiz
Win32.Backdoor.Singu
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.Snart
Win32.Backdoor.SpyAll
Win32.Backdoor.SubSeven
Win32.Backdoor.Swz
Win32.Backdoor.TDSS
Win32.Backdoor.Torr
Win32.Backdoor.Turkojan
Win32.Backdoor.UltimateDefender
Win32.Backdoor.VB
Win32.Backdoor.VanBot
Win32.Backdoor.Vipdataend
Win32.Backdoor.Visel
Win32.Backdoor.Vyrub
Win32.Backdoor.Whimoo
Win32.Backdoor.WinUoj
Win32.Backdoor.Xyligan
Win32.Backdoor.Yobdam
Win32.Backdoor.Yoddos
Win32.Backdoor.Yurist
Win32.Backdoor.ZeroPot
Win32.Backdoor.Zzslash
Win32.Backdoor.mIRC-based
Win32.BackdoorIRC.Zapchast
Win32.BadJoke.BadJoke
Win32.Dialer.Agent
Win32.Dialer.Small
Win32.Dialer.Trojan
Win32.Exploit.IMG-WMF
Win32.Exploit.Imail
Win32.Exploit.MS04-007
Win32.Exploit.MS05-017
Win32.Flooder.MobileBomb
Win32.Flooder.Vknkte
Win32.FraudTool.AntiMalwarePRO
Win32.FraudTool.DesktopDefender2010
Win32.FraudTool.PcCleanPro
Win32.FraudTool.SpywareIsolator
Win32.FraudTool.WinFixer
Win32.Hoax.ArchSMS
Win32.Hoax.Bravia
Win32.Hoax.Gsmgen
Win32.Hoax.Renos
Win32.Hoax.Screensaver
Win32.IMFlooder.ICQBomber
Win32.IMFlooder.VB
Win32.Monitor.ActiveKeyLogger
Win32.Monitor.ActualSpy
Win32.Monitor.AdvancedNetMonitor
Win32.Monitor.Agent
Win32.Monitor.Ardamax
Win32.Monitor.Delf
Win32.Monitor.DeskScout
Win32.Monitor.EliteKeylogger
Win32.Monitor.HiddenCamera
Win32.Monitor.HomeKeylogger
Win32.Monitor.Hooker
Win32.Monitor.KGBSpy
Win32.Monitor.KeyLogger
Win32.Monitor.MonitorSniffer
Win32.Monitor.Orvell
Win32.Monitor.PCAgent
Win32.Monitor.PCSpy
Win32.Monitor.PowerSpy
Win32.Monitor.RealSpy
Win32.Monitor.SCKeyLog
Win32.Monitor.SpyKeylogger
Win32.Monitor.SpyMyPC
Win32.Monitor.StaffCop
Win32.Monitor.WebSiteSpy
Win32.Monitor.XPCSpy
Win32.P2PWorm.Agent
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Deecee
Win32.P2PWorm.Palevo
Win32.Rootkit.Agent
Win32.Rootkit.Bezopi
Win32.Rootkit.Bubnix
Win32.Rootkit.Fdog
Win32.Rootkit.Mediyes
Win32.Rootkit.Small
Win32.Rootkit.TDSS
Win32.Rootkit.Tent
Win32.SMSFlooder.Ideknet
Win32.Toolbar.Agent
Win32.Toolbar.ChameleonTom
Win32.Toolbar.RK
Win32.Toolbar.WhenU
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Antavmu
Win32.Trojan.AutoHK
Win32.Trojan.AutoIT
Win32.Trojan.BAT
Win32.Trojan.BHO
Win32.Trojan.Bepiv
Win32.Trojan.Buzus
Win32.Trojan.C4dlmedia
Win32.Trojan.Cariez
Win32.Trojan.Cdur
Win32.Trojan.Chifrax
Win32.Trojan.Chydo
Win32.Trojan.Cidres
Win32.Trojan.Clicker
Win32.Trojan.ConnectionService
Win32.Trojan.Cosmu
Win32.Trojan.Cossta
Win32.Trojan.DNSchanger
Win32.Trojan.DelFiles
Win32.Trojan.Delf
Win32.Trojan.Delfinject
Win32.Trojan.Dialui
Win32.Trojan.Dire
Win32.Trojan.Eckut
Win32.Trojan.Exedot
Win32.Trojan.FakeAV
Win32.Trojan.Fakems
Win32.Trojan.Feedel
Win32.Trojan.Firulozer
Win32.Trojan.FlyStudio
Win32.Trojan.Fraudpack
Win32.Trojan.Genome
Win32.Trojan.Gibi
Win32.Trojan.Gipneox
Win32.Trojan.Goriadu
Win32.Trojan.Grom
Win32.Trojan.Hooker
Win32.Trojan.Hrup
Win32.Trojan.Inject
Win32.Trojan.Jexec
Win32.Trojan.Jkfg
Win32.Trojan.KeyLoma
Win32.Trojan.KillAV
Win32.Trojan.Kilva
Win32.Trojan.Koblu
Win32.Trojan.Kreeper
Win32.Trojan.Llac
Win32.Trojan.Logoninvader
Win32.Trojan.MMM
Win32.Trojan.Mahato
Win32.Trojan.Mailfinder
Win32.Trojan.Mejax
Win32.Trojan.Mepaow
Win32.Trojan.Midgare
Win32.Trojan.Migotrup
Win32.Trojan.Miser
Win32.Trojan.Monder
Win32.Trojan.Naiput
Win32.Trojan.Obfuscated
Win32.Trojan.Ormimro
Win32.Trojan.Pakes
Win32.Trojan.Pasmu
Win32.Trojan.Pasta
Win32.Trojan.Phires
Win32.Trojan.Pincav
Win32.Trojan.Pirminay
Win32.Trojan.PopUpper
Win32.Trojan.Powp
Win32.Trojan.Qhost
Win32.Trojan.Rabbit
Win32.Trojan.Refroso
Win32.Trojan.Regrun
Win32.Trojan.Rettesser
Win32.Trojan.Riner
Win32.Trojan.Rozena
Win32.Trojan.Sadenav
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Sefnit
Win32.Trojan.ShipUp
Win32.Trojan.Siscos
Win32.Trojan.Skillis
Win32.Trojan.Skor
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Smardf
Win32.Trojan.Spy
Win32.Trojan.Staget
Win32.Trojan.StartPage
Win32.Trojan.Starter
Win32.Trojan.Swisyn
Win32.Trojan.Swizzor
Win32.Trojan.Tdss
Win32.Trojan.Tirnod
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Trojan.Vkhost
Win32.Trojan.Vpuzus
Win32.Trojan.Workir
Win32.Trojan.Xih
Win32.Trojan.Zmunik
Win32.Trojan.Zybr
Win32.TrojanClicker.Agent
Win32.TrojanClicker.AutoIT
Win32.TrojanClicker.BHO
Win32.TrojanClicker.Cycler
Win32.TrojanClicker.Delf
Win32.TrojanClicker.VB
Win32.TrojanClicker.VBiframe
Win32.TrojanClicker.Vesloruki
Win32.TrojanDDoS.Agent
Win32.TrojanDDoS.Boxed
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Alphabet
Win32.TrojanDownloader.Apher
Win32.TrojanDownloader.Asune
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BaoFa
Win32.TrojanDownloader.Boltolog
Win32.TrojanDownloader.Calipr
Win32.TrojanDownloader.Clopack
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.Cyrel
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Dluca
Win32.TrojanDownloader.Fload
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Homa
Win32.TrojanDownloader.Hover
Win32.TrojanDownloader.ISTBar
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Lipler
Win32.TrojanDownloader.Losabel
Win32.TrojanDownloader.Metfok
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.NSIS
Win32.TrojanDownloader.Nurech
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Obitel
Win32.TrojanDownloader.PepperPaper
Win32.TrojanDownloader.Peregar
Win32.TrojanDownloader.Pgino
Win32.TrojanDownloader.Pher
Win32.TrojanDownloader.Radonl
Win32.TrojanDownloader.Refroso
Win32.TrojanDownloader.RtkDL
Win32.TrojanDownloader.Selvice
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Sumara
Win32.TrojanDownloader.Tobor
Win32.TrojanDownloader.Trad
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.WebDown
Win32.TrojanDownloader.Winad
Win32.TrojanDownloader.Zlob
Win32.TrojanDownloader.Zudz
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Aholic
Win32.TrojanDropper.Autoit
Win32.TrojanDropper.BHO
Win32.TrojanDropper.Binder
Win32.TrojanDropper.Blastit
Win32.TrojanDropper.Blocker
Win32.TrojanDropper.Bototer
Win32.TrojanDropper.Champ
Win32.TrojanDropper.Clons
Win32.TrojanDropper.Cryptrun
Win32.TrojanDropper.Danseed
Win32.TrojanDropper.Decay
Win32.TrojanDropper.Delf
Win32.TrojanDropper.Dron
Win32.TrojanDropper.Drooptroop
Win32.TrojanDropper.Ekafod
Win32.TrojanDropper.Flystud
Win32.TrojanDropper.Hdrop
Win32.TrojanDropper.HeliosBinder
Win32.TrojanDropper.Joiner
Win32.TrojanDropper.Juntador
Win32.TrojanDropper.KGen
Win32.TrojanDropper.Klop
Win32.TrojanDropper.Kwotc
Win32.TrojanDropper.MSIL
Win32.TrojanDropper.Meci
Win32.TrojanDropper.Microjoin
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.MultiJoiner
Win32.TrojanDropper.NSIS
Win32.TrojanDropper.Pasdon
Win32.TrojanDropper.Pendr
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Purityscan
Win32.TrojanDropper.Renum
Win32.TrojanDropper.Scheduler
Win32.TrojanDropper.Shiz
Win32.TrojanDropper.Small
Win32.TrojanDropper.Stabs
Win32.TrojanDropper.Startpage
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.Tab
Win32.TrojanDropper.Typic
Win32.TrojanDropper.VB
Win32.TrojanDropper.Vidro
Win32.TrojanDropper.Wlord
Win32.TrojanDropper.Zaslanetzh
Win32.TrojanDropper.taob
Win32.TrojanMailfinder.Delf
Win32.TrojanMailfinder.Gadina
Win32.TrojanNotifier.Faceless
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Batist
Win32.TrojanPWS.Bjlog
Win32.TrojanPWS.Delf2
Win32.TrojanPWS.Dybalom
Win32.TrojanPWS.Eruwbi
Win32.TrojanPWS.Fakemsn
Win32.TrojanPWS.Frethoq
Win32.TrojanPWS.Gamad
Win32.TrojanPWS.IcqSmiley
Win32.TrojanPWS.Kates
Win32.TrojanPWS.Kukuraz
Win32.TrojanPWS.Kykymber
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Maran
Win32.TrojanPWS.Mfirst
Win32.TrojanPWS.Minild
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.PdPinch
Win32.TrojanPWS.QQGame
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.QQShou
Win32.TrojanPWS.Qqfish
Win32.TrojanPWS.Rumrux
Win32.TrojanPWS.Staem
Win32.TrojanPWS.Steam
Win32.TrojanPWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.Vkont
Win32.TrojanPWS.WOW
Win32.TrojanPWS.WebMoner
Win32.TrojanPWS.Yahupass
Win32.TrojanProxy.Agent
Win32.TrojanProxy.Cimuz
Win32.TrojanProxy.Puma
Win32.TrojanProxy.Ranky
Win32.TrojanProxy.Saturn
Win32.TrojanProxy.Small
Win32.TrojanRansom.Blocker
Win32.TrojanRansom.Chameleon
Win32.TrojanRansom.Digitala
Win32.TrojanRansom.Fakeinstaller
Win32.TrojanRansom.Hexzone
Win32.TrojanRansom.PinkBlocker
Win32.TrojanRansom.PornoBlocker
Win32.TrojanRansom.SMSer
Win32.TrojanRansom.XBlocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Amber
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banker2
Win32.TrojanSpy.Banz
Win32.TrojanSpy.Baraklo
Win32.TrojanSpy.Burda
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Dibik
Win32.TrojanSpy.IESpy
Win32.TrojanSpy.Insain
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Lordspy
Win32.TrojanSpy.Luzia
Win32.TrojanSpy.Lydra
Win32.TrojanSpy.MultiBanker
Win32.TrojanSpy.Plankton
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.Sincom
Win32.TrojanSpy.Spenir
Win32.TrojanSpy.SpyEx
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.VB
Win32.TrojanSpy.Wemon
Win32.TrojanSpy.Zapchast
Win32.TrojanSpy.Zbot
Win32.TrojanSpy.Zcbhiv
Win32.Worm.Agent
Win32.Worm.AutoIt
Win32.Worm.Bybz
Win32.Worm.Carrier
Win32.Worm.Downloader
Win32.Worm.Kido
Win32.Worm.Kolab
Win32.Worm.Kolabc
Win32.Worm.Koobface
Win32.Worm.LockSky
Win32.Worm.LovGate
Win32.Worm.LoveLetter
Win32.Worm.Mabezat
Win32.Worm.Mytob
Win32.Worm.Netsky
Win32.Worm.Pinit
Win32.Worm.Polip
Win32.Worm.Qvod
Win32.Worm.Runfer
Win32.Worm.SDBot
Win32.Worm.Scano
Win32.Worm.Tdownland
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Warezov

MD5 checksum for Ad-Aware 8.2 core.aawdef is 367941b7290ad1b07b1fafcb1cc92fb4

Source: Lavasoft Malware Labs Blog

Because of a problem with the AVG server, AVG anti-virus users can not download new updates and therefor are not safe from the latest threats. In this video you can see how to manually download the updates until they fix the problem. you can also see a forum discussion about it here: www.dslreports.com To open the AVG update site click here: www.grisoft.com

The former college student who guessed his way into Sarah Palin’s Yahoo e-mail account during the 2008 U.S. presidential election was sentenced to a year and a day in prison Friday, according to published reports.

View full post on Computerworld Security News

Apple released today an update to OS X of possibly unprecedented proportions, addressing 131 separate vulnerabilities, one over 2 years old.

View full post on PCMag.com Security Coverage

Apple this week patched a record 134 Mac OS X vulnerabilities, easily topping the previous record of fixing 90 flaws in March.

View full post on Computerworld Security News

Apple released today an update to OS X of possibly unprecedented proportions, addressing 131 separate vulnerabilities, one over 2 years old.

55 of the vulnerabilities, including the one first revealed in October 2008, were for the Flash Player plug-in, proving once more that it’s a mistake to wait for Apple for such updates.

The age of some of the vulnerabilities is staggering. In addition to the one from 2008, 7 were first revealed in 2009. A much more recent one (though far from the most recent), CVE-2010-1797, was fixed 3 months ago in iOS, leaving OS X users badly exposed in the meantime.

The update mixes fixes to Apple code with fixes to common UNIX software such as X11, PHP and OpenSSL. For instance CVE-2009-0796, found in February of 2009, is a cross-site scripting bug in the mod_perl Apache module.

The update is designated Security Update 2010-007 for OS X 10.5 and brings 10.6 up to 10.6.5.

View full post on Security Watch