According to the latest State of Spyware released by webroot, the USA is the top country of spyware origin in the world. Over 67% of the world’s spyware originates in the United States. The next country in line is Germany with only 7.57% and then followed by England with 6.25%. Webroot believes that this is because of how easy it is to attain various internet connections in the USA. They believe this is also the cause for the raising rates in Europe.

Yahoo! is in the process of testing a new anti-phishing security service that will be available to Yahoo! users. The security service is designed to protect users from landing on sites that look like they are legitimate Yahoo! sites but are actually fraudulent sites designed for phising scams. The service lets users know if they have landed on a legitimate Yahoo sign-in Web page, preventing them from entering their Yahoo ID and password on a phishing site. Look for this service in the near future.

For those that are participating in the Microsoft Windows Vista Beta, Microsoft has released two security bulletins regarding security flaws. The flaws deal with Internet Explorer and the Windows Vista kernel. Both of these flaws allow for remote control of the PC. Microsoft has been criticized for issuing the updates because everyone knows its test software and will have problems. Microsoft decided to err on the side of caution due to the large amount of people participating in the beta. Those that are participating in the beta are urged to update.

This Trojan will provide a remote malicious user with access to the victim machine. The Trojan itself is a Windows PE EXE file.

This program will be installed on the victim machine by another malicious program — Trojan-Dropper.Ichitaro.Tarodrop.a which exploits a vulnerability in Ichitaro…

This Trojan is designed to install another Trojan to the victim machine without the user’s knowledge or consent. The main Trojan file is a Justsystem Ichitaro (JTD) file 134835 bytes in size.

Ichitaro is the most popular Japanese text editing program.

Shortly after AOL has published search details of thousands of AOL customers, AOL is in hot water with consumer advocates over its Active Virus Shield software. The issue with the security tool has to do with its licensing agreement. The agreement allows AOL to collect and share data on how the software is being used. It also permits AOL and its affiliates to send email to its users. The worry of consumer advocates is that this agreement will allow AOL and its affiliates to send adware to the customers. AOL did say they plan on changing the licensing agreement.

This Trojan will open a range of Internet sites. The Trojan itself is a Windows PE EXE file 23040 bytes in size, written in C++.

This Trojan downloads other files via the Internet without the knowledge or consent of the user.

The Trojan itself is a Windows PE EXE file, 2896 bytes in size, packed using FSG. The unpacked file is approximately 20KB in size.

Many consumers throughout the world choose to do their shopping on the internet. Many of these consumers, however may be at risk. Here are some tips to keep you safe.

·        Be suspicious of everything. If something doesn’t seem right to you, it probably isn’t.

·        Make sure the site is secure. An easy way to check this is by looking in the address bar of your web browser. If after the http there is an s (https), then the site is secure. Another hint is that the browser will have a lock or key symbol on the bottom.

·        Shoppers should research the companies they are buying from using search engines. Search for the company name along with complaints, secure, or customer service. This will let the consumer know of any problems with a particular company.

·        Try to consolidate your shopping to the least amount of internet companies as possible. This will have your credit card information out in fewer places.

  

The above tips should help to keep you secure while surfing the internet. In addition to the above tips, have good security software installed on your computer to prevent any other malicious problems.

Just when you think that companies would learn, along comes MediaPipe and a lawsuit from Washington State Attorney General Rob McKenna filed against Digital Enterprises. The Attorney General claims in his lawsuit that Digital Enterprises is using an “aggressive, relentless and threatening” form of online bill collection. The Federal Trade Commission is claiming that most people who complained to them “claim they never signed up for the ‘free trial’ and have never heard of Movieland’s services until the popups started appearing on their machine demanding payment for services.

MediaPipe according to Webroot Spy Sweeper appears to be an adware based program that delivers popup advertisements to a user’s machine. Spy Sweeper does identify this program in their threat definitions file and can remove it from your computer. Users who have MediaPipe on their machine can use Webroot Spy Sweeper to remove it from their computer.

Users who were infected by MediaPipe were so annoyed have actually been paying the $29.95 charge to use the service, or have been paying computer technicians to remove it from their computer. Save you money and put it into Spy Sweeper to protect and remove MediaPipe as well as other forms of adware that exist now or will come in the future.

This Trojan is a Windows PE EXE file, 14655 bytes in size. Other modifications of this Trojan may have a slightly different size. The Trojan is written in C++ and packed using FSG. The unpacked file is approximately 65KB in size.

The program is designed to send spam.

Installation

Once launched,…

Details
Crusher.a

It’s a not dangerous memory resident stealth multipartite virus. On execution it writes itself into the MBR of the hard drive, then hooks INT 21h and writes itself at the beginnings of EXE-files are copied or moved. On loading from infected MBR it hooks INT 1Ch, waits for DOS loading, then restores INT 1Ch, hooks INT 21h and starts to infection.
If there’s no free memory for the virus installation, it types: “Insufficient memory” and returns to DOS. On execution CHKDSK utility the virus sometimes displays:
Crusher
You are damned
Bit Addict / Trident
———————-

Details
Crusade.3072

Crusade.3072 is a not dangerous memory resident multipartite stealth virus. While executing of infected file the virus traces INT 13h, infects MBR of the hard drive, then it hooks INT 21h and writes itself to the end of COM- and EXE-files that are accessed. The virus does not infect the file it the file name contains the symbols:
MM ID SC RG WE VI AD

While loading from infected MBR the virus also hooks INT 13h (stealth routine) and INT 1Ch (trigger routine). The trigger routine is executed in 5 hours after booting from infected hard drive. That routine decrypts and displays the message:
+——————–+
¦ LIVE `N` LET LIVE! ¦
+——————–+

The virus also contains the encrypted text string:
Take care of soft war or Last Crusade.

Details
Cruel

It is dangerous memory resident boot virus. It hooks INT 13h and writes itself into boot sectors of hard drive and floppies, in some cases it corrupts the boot code while infection. Depending on the system date it erases the CMOS memory. It contains the internal text string:
CRUE(L)

Details
Crude.936

It is not a dangerous memory resident parasitic virus. It hooks INT 10h, 16h, 21h and writes itself to the end of COM files that are executed. By hooking INT 10h, 16h (video&keyboard) the virus, depending on its internal random counter “skips” keystrokes or changes video mode.