Messenger virus plagues Finland

There is a messenger virus in the wild now in Finland. It will try to get user to open a picture in strange-looking web site. But that picture is actually malware installer. After installation it will try to make other Messenger users to open pictures by using following sentences (translated from Finnish):
"Hi :) Are u here? :D", "Is this your pic?" ja "U were pretty drunk :D"

File names vary a lot. One of the names is photo95.JPG-www.msnimages.com.
Some of these files are hosted under .fi domains.

This is a newer variant of old Sdbot family, Backdoor.Win32.SdBot.ebp. That will make
computer controllable by attacker.

Mikko Hyppönen from F-secure thinks that trojan might have been made in Finland and that latest F-secure virus database will recognize that threat.

Comodo Firewall Pro 3.0.24.368 released.

Comodo Firewall Pro 3.0.24.368 has been released.

This time only one minor update.

FIXED! COMODO Firewall activation fails under some circumstances.

See more here
and download latest version here

Comodo Firewall Pro 3.0.23.364 released

Comodo Firewall Pro 3.0.23.364 has been released.

See changelog below from Comodo website:

* NEW! COMODO SafeSurf Toolbar built on COMODO Memory Firewall technology
* FIXED! COMODO Firewall does not add files from network shares to pending list
* FIXED! COMODO Firewall does not log incoming ICMP packets properly
* FIXED! COMODO Firewall blocks everything when password protection is OFF and suppress options are ON
* FIXED! COMODO Firewall does not terminate active connections properly
* FIXED! COMODO Firewall firewall driver can not be installed properly in Vista operating systems
* FIXED! COMODO Firewall can be terminated when Windows XP is being shutdown
* FIXED! COMODO Firewall GUI does not appear properly on Windows Vista operating systems
* FIXED! COMODO Firewall GUI can truncate texts in 120 DPI
* FIXED! COMODO Firewall does not handle long filename properly
* FIXED! COMODO Firewall does not update the version correctly after being updated
* FIXED! COMODO Firewall crashes on exit
* FIXED! COMODO Firewall can cause BSODs when gameprotect rootkit triggers its self defense
* FIXED! COMODO Firewall can not verify digital signatures
* FIXED! Small problems in GUI
* IMPROVED! Clean PC Mode and Safe Mode: Improvements that lead to small number of alerts and pending files
* IMPROVED! Default Security policy so that Windows Updates do not lead to significant alerts

See more here
and download latest version here

Microsoft patented Proactive Virus Protection

Microsoft left that patent on year 2004 but it got accepted on Tuesday. Similar technique has been used in virus protection for a long time.

This is based on comparison about similarities between a possible malware and information already in database.

For example McAfee and Norton have used similar technique for years before Microsoft's patent.

We'll see if Microsoft contacts McAfee, Norton, Kaspersky etc. soon for some fees.

Source

Parody site WhiteHouse.org spreads malware

Trend Micro blogged recently about that issue. Problem is here that not only common visitors will get infected but also those who think that WhiteHouse.org is official website for White House. Real website is www.whitehouse.gov.

Malware there is malicious JavaScript code. It is unclear whether or not site has been yet cleaned.

Security problems in Vista are PEBKAC?

PC Tools published earlier this month a research which claims that Vista is somewhat as secure as Windows 2000.

Microsoft blogger Michael Kleef doesn't agree with that. He wrote in his blog
that way PC Tools used for calculations is wrong because amount of malware isn't only due to operating system fault. He believes in education; users need to understand risks.

New rogue AntiSpySpider in the wild

AntiSpySpider is a rogue anti-spyware program which is been advertised and installed by malware.

This one isn't very easy to remove as it disables both Task Manager and regedit.exe

BleepingComputer has a nice self-help guide for removing that nasty.

May Windows Updates to be released on next Tuesday

Monthly Windows Updates will be released on next Tuesday.

There will be four updates, three of them classified as critical and one as moderate.

All critical updates are fixes for code execution vulnerabilities. Two of them are for Microsoft Office (Word and Publisher) and one for Jet Bulletin.

Microsoft Windows Malicious Software Removal Tool will be also updated.

See more here

Yahoo warns about dangerous websites

Yahoo attempts to make its search engine more secure with McAfee. SearchScan(made by McAfee SiteAdvisor technology) shows a red warning with search engine hits considered as malicious.

InformationWeek says that Google has added similar thing over a year ago but Yahoo says that their SearchScan is better than anyone currently
existing one.

It's not surprising that Yahoo and McAfee are working together as a year go Yahoo hits had greatest amount of dangerous links.