Nellie2

Here we go folks, yet another rogue program for you all … with another really zippy name.

SpywareRemover is a rogue anti-spyware program that is advertised through the use of malware. When this malware, labeled Hoax.Win32.SpyWare.d by Kaspersky antivirus, is installed on your computer you will start to see popups for a variety of services. One of these is advertisements is a misleading popup stating you are infected and that you should install SpywareRemover to remove it. The title of this popup is Spyware detected! and the content of the popup is:

Windows has detected a spyware infection!
Please install Spywareremover to remove the infection.

Once SpywareRemover is installed, it will automatically scan your computer for infections and then display a variety of false positives as well as an interesting find; the malware that installed it in the first place. In order to remove these infections, though, you must first purchase a license for the software. (Surprise surprise) Screen shots of the SpywareRemover program can be seen below.

Above blurb and screenshot have been shamelessly pinched from Bleeping Computer. Needless to say… you won’t be doing yourself any favours if you do purchase this program because all you will be doing is putting money into the malware vendors pockets and your PC will still be infected.

For comprehensive self help removal instructions please visit Bleeping Computer.  If you are still having problems after following those instructions then please ask for help at one of the anti malware forums.

Bookmark to:

Just a word of warning… Microsoft does NOT send out updates by email.  Windows will tell you if there is an update pending.  If you aren’t sure how to configure your settings to your preferences then here are some links for you.

Manage Your Security Settings In One Place (Windows XP)

Windows Vista Security Centre

Check out the Sunbelt Blog for information (and screenshot) on the latest fake MS Update spam that was first seen yesterday.   As you will see…you won’t get updates to help keep your computer safe but an IRC.Backdoor Trojan!

Bookmark to:

Valentines day is approaching fast, and so romantic thoughts of secret admirers are beginning to cloud our already fuzzy brains. After all, who can resist the thought that someone, somewhere cares.

The guys at Sophos are warning today of a new initiative from the criminals behind the Storm Worm. This new variant is being spammed out using the Love theme with various subject lines.

Falling In Love with You
Special Romance
You’re In My Thoughts
Sent with Love
Our Love Will Last
Our Love is Strong
Your Love Has Opened
You’re the One
A Toast My Love
Heavenly Love

The body of the email will direct you to a website that will attempt to download your ‘love message’ for you.

I’m a big romantic softy myself… but all unsolicited emails from sources I do not know will get deleted, unread. I suggest you do the same dear reader!

Update….. I got one!! The subject line says ‘I Dream Of You‘ then the body of the email is just the simple message .. I Love Thee with an IP address link.

Bookmark to:

F-Secure have discovered the first rogue application that specifically targets the MAC, it’s called MacSweeper.

It will tell you your MAC is infected and that the only way you can get it clean is to buy the product, same old same old. Except this time it’s the MAC that is targeted. No operating system or computer build is totally secure… it’s the educated and aware person in control of the keyboard that dictates whether your system is safe or not.

Update from F-Secure see here

Bookmark to:

Ok so what’s a Rogue??  Well it’s a program that sorta tells you that your computer is infected and that it is going to roll over and die if you don’t purchase the program.  What it doesn’t tell you is that IT is the infection.  The latest one I reported on was Malware Crush… and boy is this blog getting a lot of hits from the search engines from that one!

If you are thinking of getting some new security software then a good site to check out is SpywareWarrior’s Rogue/Suspect Anti-Spyware Products and Websites list.

But if you find yourself with some sort of aggressive ‘free’ scanner screaming that you are infected with all sorts of nasties.. who do you tell about it?

My friends at Security Cadets have just opened a new forum for you to do just that.  It is also important to us that we get on top of these things quickly.. so we can figure out how to fix it.  Please bookmark this link and tell your friends and family about it.

Security Cadets Report Rogue Anti-Spyware Forum 

Bookmark to:

Brian Krebbs of Security Fix wrote yesterday about a new Rootkit which installs (and hides) itself into the Master Boot Record.   So essentially.. if it’s installed along with a trojan (which it invariably will be), even if your anti-virus detects and removes the trojan, the rootkit will be able to re-install it.

The current version of this rootkit, which Brian calls BootRoot, seems to be installed by an infected website which takes advantage of old security holes in Windows XP.  So the message which I hope is coming through loud and clear here is that if you keep your security fixes up to date.. then you shouldn’t need to worry about this threat.  There is the possibility that the malware could target more recent security holes in Windows.. or even in third party software.   So it really is essential that you keep all your software and your operating system up to date.   I’ve mentioned Secunia’s Software Inspector before in this blog.. it will let you know what third party software you have on your system have security updates outstanding.

Please read Brian’s full article, he goes into a lot of interesting detail and has information about running your XP system under a limited user account.. which will fully protect you from this malware.

Bookmark to:

I’m a bit late with this really as you will probably already have seen the new Storm Worm ‘e cards’ that have been spamming around over the holiday period.

Fellow MVP Harry Waldron has a good piece in his blog on how the Storm Worm botnets are still managing to spew out crap that is making it through our defences.

There is also some more detailed information available here on the RNB or Russian Business Network and how and what they are doing with regards to this new wave of attacks.

Bookmark to:

They don’t st