This Week's Top 10 Spyware Threats

[bmarv]

This Week's Top 10 Spyware Threats
Our overall Threat Level remains at Elevated - you should maintain a guarded approach to your surfing and computer practices. Things are not crazy but they are not calm either so be a little wary. Watch out for Halloween spam with offers for gift cards that include surveys that rip off your personal info. Also, here's a watch out for searches of Emma Stone nude, and Microsoft Security Essentials which could turn out to be dangerous (malicious sites).
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. Trojan.Win32.Malware: Trojan
4. Trojan.ASF.Wimad (v): Trojan
5. Trojan.Malware: Trojan
6. INF.Autorun (v): Trojan
7. Trojan.DNSChanger.Gen: Trojan
8. MyWebSearch Toolbar: Potentially Unwanted Program
9. GameVance: Adware (General)
10.Virtumonde: Adware (General)

[Oro raro]

Just wanted to say thanks for the weekly updates bmarv.    It helps keep us in the know of some of the latest spyware threats.  Shame that the brains behind the bad could not use them for good...I am sure the world would be a much better place.

[bmarv]

Threat Level Elevated
Adobe has patched Adobe Reader 9.34 Windows, Macintosh, and UNIX, Adobe Acrobat 9.34 Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. Last week the company issued updates for Flash Player and Air (unauthorized cross-domain request vulnerability). There have been some issues. Make sure you get patched up here.

On Microsoft Patch Tuesday this month the company released 13 bulletins fixing 26 vulnerabilities. Eleven affect Windows and two make fixes in older versions of Microsoft Office. MS10-015 caused blue screen problems on WinXP.

Danger Zone Topics
Like I have to tell you Valentine's Day and Haiti and how about tax filing themes in the U.S. are topics in the Danger Zone! Don't click on them as they are trying to phish and scam you.

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. Trojan.Win32.Generic.pak!cobra: Trojan
4. Exploit.PDF-JS.Gen (v): Exploit
5. Trojan.Win32.Generic!SB.0: Trojan
6. Virtumonde: Adware (General)
7. MyWebSearch Toolbar: Potentially Unwanted Program
8. Trojan.ASF.Wimad (v): Trojan
9. Trojan.Win32.Malware: Trojan
10. INF.Autorun (v): Trojan

[bmarv]

Threat Level Elevated
Mozilla has released updates: Firefox v 3.0.18, 3.5.8, or 3.6; Thunderbird v 3.0.2, and SeaMonkey v 2.0.3. Vulnerabilities would allow security bypass and remote execution of code.

Earlier in the week Adobe issued patches for Reader and Acrobat to close a vulnerability that could allow an unauthorized cross-domain requests and one that would allow denial of service attacks. Users are urged to update to Adobe Reader 9.3.1 and Acrobat 9.3.1.

Last week Adobe patched Adobe Reader 9.34 (Windows, Macintosh, and UNIX), Adobe Acrobat 9.34 (Windows and Macintosh), and Adobe Reader 8.2 and Acrobat 8.2 (Windows and Macintosh).

Danger Zone
The following areas are considered dangerous topics both in spam and searches: Olympics themes including Nodar Kumaritashvili fatal luge crash, "World Cup" and U.S. tax filing themes.

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. Trojan.Win32.Generic.pak!cobra: Trojan
4. Trojan.Win32.Generic!SB.0: Trojan
5. Exploit.PDF-JS.Gen (v): Exploit
6. Trojan.Win32.Malware: Trojan
7. MyWebSearch Toolbar: Potentially Unwanted Program
8. Trojan.ASF.Wimad (v): Trojan
9. Virtumonde: Adware (General)
10. Trojan.Win32.Agent: Trojan

[bmarv]

Threat Level Elevated
Microsoft has posted a hot fix for the vulnerability in Internet Explorer v. 6 and 7 that was made public last week, Version 8 is not affected. Microsoft researchers have found in-the-wild exploit code for the Adobe Reader flaw that was fixed Feb. 16. The exploit drops a downloader on the victim's hard drive.

There is an unpatched VBScript vulnerability in Internet Explorer on Win2K, XP and Server03 that could be used to run malicious code. A malicious operator could create a web site that displays a specially crafted dialog box and prompt a victim to press the F1 key (help screens.) The exploit could then execute malicious code on a victim machine. Avoid the sites if you can and most importantly don't follow such a prompt!

Danger Zone
The dangerous topics in spam and search results currently creating mayhem are March madness, Top 10, Cory Hain and Billy the Exterminator

Recent Updates
Apple has released Safari 4.0.5 that fixes 16 vulnerabilities, many of which could allow execution of malicious code. Microsoft's Patch Tuesday patches, Windows Movie Maker and Microsoft Office Excel. Mozilla has issued an update for its Thunderbird email client. Version 3.0.3 fixes a bug in 3.0.2 that was issued just a few days ago. Opera browser Version 10.50 is available. In addition to other things, it promises better integration with Windows 7.

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. Trojan.Win32.Generic!SB.0: Trojan
4. Exploit.PDF-JS.Gen (v): Exploit
5. INF.Autorun (v): Trojan
6. MyWebSearch Toolbar: Potentially Unwanted Program
7. Virtumonde: Adware (General)
8. Trojan.Win32.Malware: Trojan
9. Trojan.Win32.Agent: Trojan
10 Trojan.ASF.Wimad (v): Trojan

[bmarv]

Threat Level Elevated
Opera v 10.51 has been made available. It patches a high-profile vulnerability that was shown to allow execution of arbitrary code. Twitter phishing has been reported - themes involve photos. Google has patched 11 security vulnerabilities in Chrome for Windows. Mozilla will release an update for Firefox (3.6.2) March 30 to fix a vulnerability that could allow malicious operators to run arbitrary code. Microsoft researchers have found in-the-wild exploit code for the Adobe Reader flaw that was fixed Feb. 16 (CVE-2010-0188). The exploit drops a downloader on the victim's hard drive. CA has issued security notice CA20100318-01 urging users of CA's ARCserve Backup to patch vulnerabilities that could allow intruders to execute arbitrary code. Microsoft has posted a fix for the vulnerability in Internet Explorer v. 6 and 7 that was made public last week (MS Security Advisory 981374). Version 8 is not affected. Apple has released Safari 4.0.5 that fixes 16 vulnerabilities, many of which could allow execution of malicious code.

Danger Zone Topics
Dangerous topics in spam and search results include U.S. 2010 Census phishing emails, Iceland Volcano, March madness, Facebook login update spam (attachments carry Bredolab), Michelle McGee bombshell and Department of Homeland Security (DHS) themes in spam (Zeus Trojan).

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. Exploit.PDF-JS.Gen (v): Exploit
4. Trojan.Win32.Generic!SB.0: Trojan
5. INF.Autorun (v): Trojan
6. Trojan.Win32.Hiloti.gen.d (v): Trojan
7. Trojan.Win32.Generic.pak!cobra: Trojan
8. Trojan.Win32.Adware: Adware (General)
9. MyWebSearch Toolbar: Potentially Unwanted Program
10. Trojan.Win32.Malware: Trojan

[bmarv]

Threat Level Elevated
Microsoft researchers have found in-the-wild exploit code for the Adobe Reader flaw that was fixed Feb. 16 (CVE-2010-0188). The exploit drops a downloader on the victim's hard drive. There is an unpatched VBScript vulnerability in Internet Explorer on Win2K, XP and Server03 that could be used to run malicious code. A malicious operator could create a web site that displays a specially crafted dialog box and prompt a victim to press the F1 key (help screens.) The exploit could then execute malicious code on a victim machine.

Danger Zone Topics
Here are some of the dangerous topics in spam and search results: Farmville virus warning (hoax), copyright infringement lawsuit scam, World Cup, U.S. federal tax themes, U.S. healthcare reform themes and U.S. 2010 Census phishing emails.

Recent Updates
Mozilla Foundation has released update (v 3.6.2) for its Firefox browser to fix buffer-overflow vulnerability, Google has patched 11 security vulnerabilities in Chrome for Window and Opera v. 10.51 has been made available. It patches a high- profile vulnerability that was shown to allow execution of arbitrary code. Remember to stay patched and updated on all your critical software.

This Week's Top 10 Spyware Threats
You will note below a piece of malware called Exploit.PDF-JS.Gen (v) (don't you love how these are named?), technically it is categorized as an exploit.

Wikipedia describes an exploit as follows: "An exploit (from the same word in the French language, meaning "achievement", or "accomplishment") is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack." Thus Exploit.PDF-JS.Gen (v) exploits a security flaw in PDF files with embedded JavaScript that often installs downloaders that retrieve further malware from remote Web sites. Just thought you should know.

1. Trojan.Win32.Generic!BT : Trojan
2, AdWare.Win32.WebHancer : Adware (General)
3. Trojan-Spy.Win32.Zbot.gen: Trojan
4. Exploit.PDF-JS.Gen (v): Exploit
5. Trojan.Win32.Generic!SB.0: Trojan
6. INF.Autorun (v): Trojan
7. MyWebSearch Toolbar: Potentially Unwanted Program
8. Trojan.Win32.Generic.pak!cobra: Trojan
9. Trojan.Win32.Malware: Trojan
10. Trojan.ASF.Wimad (v): Trojan

[bmarv]

Threat Level Elevated
Just so you know Java has released Version 6 Update 19 that fixes 27 vulnerabilities. Foxit has issued an update for its Foxit Reader (Foxit Reader 3.2.1) to fix a vulnerability pointed out earlier this week. A researcher posted proof of concept code for a "feature" in PDF format that could enable a malicious operator to launch executable malcode in Foxit Reader and Adobe Reader. Adobe Reader does pop up a warning but potential victims could be social engineered into disregarding it.

There is an unpatched VBScript vulnerability in Internet Explorer on Win2K, XP and Server03 that could be used to run malicious code. A malicious operator could create a web site that displays a specially crafted dialog box and prompt a victim to press the F1 key (help screens.) The exploit could then execute malicious code on a victim machine. Go to windowsupdate and see if there are patches for your PC, and install them!
http://www.sunbeltsecuritynews.com/SMJAYI/100407-MS-Updates


Danger Zone Topics
Oh man there are dangerous topics a plenty in both spam and search - this week the riskiest are "Earthquake Mexico" (do you believe these idiots take advantage of disasters like this?), Fake eBay security alert and U.S. 2010 Census phishing emails. Be wary my friends, be very wary.

Recent Updates:
Microsoft released out-of-band Security Bulletin MS10-018 to fix critical vulnerabilities in Internet Explorer. (Especially important in versions 6 and 7). And Microsoft researchers have found in-the-wild exploit code for the Adobe Reader flaw that was fixed Feb. 16. The exploit drops a downloader on the victim's hard drive. . Go to windowsupdate and see if there are patches for your PC, and install them!
http://www.sunbeltsecuritynews.com/SMJAYI/100407-MS-Updates


This Week's Top 10 Spyware Threats
I haven't seen this one before, but it is definitely something you should watch out for - webHancer. It is an adware application underway at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This takes place unknown to the user. It can disrupt networking, especially if manual removal is attempted. Be careful if you are downloading any shareware products as this may be piggybacking.

1. Trojan.Win32.Generic!BT: Trojan
2. Exploit.PDF-JS.Gen (v): Exploit
3. webHancer: Adware (General)
4. INF.Autorun (v): Trojan
5. Trojan.Win32.Generic!SB.0: Trojan
6. Trojan-Spy.Win32.Zbot.gen: Trojan
7. MyWebSearch Toolbar: Potentially Unwanted Program
8. Trojan.Win32.Malware: Trojan
9  Trojan.Win32.Generic.pak!cobra: Trojan
10. Trojan.Win32.Agent: Trojan

[bmarv]

Threat Level Elevated
Good news - Java has released Version 6 Update 19 that fixes 27 vulnerabilities. Adobe will ship a critical security patch Tuesday (April 13, 2010) to fix multiple high-risk security holes in its Reader and Acrobat product lines. Microsoft will issue 11 security bulletins in next week's Patch Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange, including two holes for which exploit code is in the wild.

Danger Zone Topics
There are some dangerous topics in spam and search results out there, be very wary of Farm Town (Facebook game) rogue malware in ads, Polish plane crash and anything to do with Tiger Woods.

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. Exploit.PDF-JS.Gen (v): Exploit
3. INF.Autorun (v): Trojan
4. Trojan.Win32.Generic!SB.0: Trojan
5. Trojan-Spy.Win32.Zbot.gen: Trojan
6. Trojan.Win32.Generic.pak!cobra: Trojan
7. webHancer Adware (General)
8. MyWebSearch Toolbar: Potentially Unwanted Program
9. VirTool.Win32.Obfuscator.hg!a (v): Trojan
10. Trojan.Win32.Malware: Trojan

[bmarv]

Threat Level Elevated
As Apple products proliferate into the home and business environment, you will see more attacks on their products. The attacks are not at the level of Windows PC's but they are increasing. Apple has released its Security Update 2010-003 for Mac OS X to fix a vulnerability that could allow a maliciously crafted embedded font to enable execution of arbitrary code. There are now 115 known malware strains written for the MAC platform.

Adobe .pdf attacks have not slowed down (see more below) and Adobe has released updates for Reader and Acrobat (versions 9.3.1 and earlier and 8.2.1 and earlier). See Adobe security bulletin APSB10-09. Finally, Microsoft has issued Security Bulletins MS10-019 to 029 -- eleven bulletins addressing 25 vulnerabilities in Windows, Exchange and Office. Microsoft also released out-of-band Security Bulletin MS10-018 to fix critical vulnerabilities in Internet Explorer (especially important in versions 6 and 7).

Java has released Version 6 Update 19 that fixes 27 vulnerabilities. Oracle patched 27 vulnerabilities in Java SE and Java for Business (ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Pack200, Sound, JSSE, and HotSpot Server).

Microsoft researchers have found in-the-wild exploit code for the Adobe Reader flaw that was fixed Feb. 16 (CVE-2010-0188). The exploit drops a downloader on the victim's hard drive.

It's been a wicked week out there.

Danger Zone Topics
And in the search for dangerous topics in spam and search, we find Infected .pdf files in spam posing as post from UK's Royal Mail (Zeus botnet), Farm Town (Facebook Game) rogue malware from ads, Polish plane crash (some folks are really ghoulish) and last but certainly not least Tiger Woods.

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. FraudTool.Win32.SecurityTool (v): Trojan
3. Exploit.PDF-JS.Gen (v): Exploit
4. INF.Autorun (v): Trojan
5. Trojan.Win32.Generic.pak!cobra: Trojan
6. Trojan.Win32.Generic!SB.0: Trojan
7. Trojan-Spy.Win32.Zbot.gen: Trojan
8. Trojan.Win32.Malware: Trojan
9. MyWebSearch Toolbar: Potentially Unwanted Program
10. Trojan.ASF.Wimad (v): Trojan

[bmarv]

Threat Level Elevated
It's been quite a week in the world of computer security. McAfee had some major problems when it had a false positive which ended up crippling Win XP machines. Interesting timing, as two weeks ago we ran an interview with our VP R&D, Mark Patton regarding false positives.
http://www.sunbeltsecuritynews.com/SMJAYI/100428-Faulty-Update-Fix

Google has released Chrome 4.1.249.1059 to close multiple vulnerabilities that could allow an attacker to run arbitrary code and launch cross-site scripting or cross-site-request-forgery attacks. And Mozilla has disabled older versions of the Java deployment tool kit plugin for its Firefox browser. The tool kit had a vulnerability that could be exploited to install malicious code.

Not wanting to be left out of the security roundup, Apple has released a Security Update for Mac OS X (and server) v10.5.8 and Mac OS X to fix vulnerability that could allow a maliciously crafted embedded font to enable execution of arbitrary code.

Danger Zone Topics
And just when you thought the web waters might be safe, better watch out for these dangerous topics in both spam and search: - iPad update (malicious spam), Twitter spam (reset password or install attachment), and McAfee false positive. Look before you click!

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. INF.Autorun (v): Trojan
3. Exploit.PDF-JS.Gen (v): Exploit
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Trojan-Spy.Win32.Zbot.gen: Trojan
6. Trojan.Win32.Generic!SB.0: Trojan
7. MyWebSearch Toolbar: Potentially Unwanted Program
8. FraudTool.Win32.SecurityTool (v): Trojan
9. Trojan.Win32.Malware: Trojan
10. Trojan.ASF.Wimad (v): Trojan

[bmarv]

Threat Level Elevated
Microsoft is investigating vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007. (CVE-2010-0817) that could allow execution of an arbitrary script that could elevate privileges on SharePoint site. Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities.

Danger Zone Topics
Best be awake and suspicious about the following dangerous topics in spam and search results: iPad update (malicious spam attachment), Twitter spam (reset password or install attachment) and McAfee false positive. Take heed!

Recent Updates
Apple has released its Security Update 2010-003 for Mac OS X (and server) v10.5.8 and Mac OS X (and server) v10.6.3. Adobe Reader and Acrobat (versions 9.3.1 and earlier and 8.2.1 and earlier).

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. INF.Autorun (v): Trojan
3. Exploit.PDF-JS.Gen (v): Exploit
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. FraudTool.Win32.AVSoft (v): Trojan
6. Trojan-Spy.Win32.Zbot.gen: Trojan
7. Trojan.Win32.Generic!SB.0: Trojan
8. Trojan.Win32.Malware: Trojan
9. MyWebSearch Toolbar: Potentially Unwanted Program
10. VirTool.Win32.Obfuscator.hg!b (v): Trojan

[bmarv]

Threat Level Elevated
Foxit has updated its Reader (for Windows) to version 3.3. The new version includes a Secure Trust Manager that enables users to allow or deny URL connection, attachments PDF actions, and JavaScript functions.

Opera has released version 10.53 to fix a vulnerability that would allow an attacker to execute arbitrary code.

Google has released Chrome 4.1.249.1064 for Windows (fixes multiple vulnerabilities.)

Danger Zone Topics
Danger, danger - look out for the following dangerous topics in spam and search results: World Cup sweepstakes, "Does my new hair style look good? bad? perfect?' (Yahoo Messenger and Skype exploit), My printer is about to be thrown through a window if this pic won't come out right. You see anything wrong with it?" (Yahoo Messenger and Skype exploit), Apple Store gift card phishing

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. INF.Autorun (v): Trojan
3. Trojan.Win32.Generic.pak!cobra: Trojan
4. Trojan-Spy.Win32.Zbot.gen: Trojan
5. Trojan.Win32.Agent: Trojan
6. Exploit.PDF-JS.Gen (v): Exploit
7. Trojan.Win32.Generic!SB.0: Trojan
8. FraudTool.Win32.AVSoft (v): Trojan
9. Packed.Win32.Riggin.B (v): Trojan
10. MyWebSearch Toolbar: Potentially Unwanted Program

[bmarv]

Missing Trojan

Your top 10 list of May 12, 2010 missed a biggy - namely Win32.Meredrop which I believe was used to deliver the number 1 Trojan.Win32.Generic!BT: Trojan . As I understand it Win32.Meredrop is what I would describe as a bus virus used to bus in other viruses. Potentially this is a real baddy.
Trojan:Win32/Meredrop is a generic detection for Trojans that drop and execute multiple malwares on a local computer. These Trojans are usually packed, and may contain multiple Trojans, backdoors, or worms. Dropped malware may connect to remote Web sites and download additional malicious programs


Threat Level Elevated

US-CERT is reporting vulnerability in Apple's Safari that can be exploited by malicious web pages that can execute arbitrary code. Exploit code for this vulnerability is circulating. US-CERT encourages users to disable JavaScript.

Danger Zone Topics

We have a whole bunch of dangerous topics in spam and search results so be wary be very wary: Order confirmation email from Amazon (infected attachment), watch out for this one; Sexiest Facebook video (downloads Hotbar adware/spyware); phishing emails targeting HR departments with infected attachments masquerading as zipped CV (curriculum vitae); update Google Groups email settings (Trojan and ransomware); "update your resume" themes; "Windows 7 Upgrade Advisor Setup" attachment (Trojan) and the World Cup sweepstakes. Some tricky stuff out there folks - stay alert!

Recent update

Adobe has posted updates for Shockwave Player (version 11.5.7.609). Foxit Reader (for Windows) updated to version 3.3 and Opera has released version 10.53 to fix a vulnerability that would allow an attacker to execute arbitrary code.

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. INF.Autorun (v): Trojan
3. Trojan.Win32.Generic.pak!cobra: Trojan
4. Trojan-Spy.Win32.Zbot.gen: Trojan
5. Trojan.Win32.Agent: Trojan
6. MyWebSearch Toolbar: Potentially Unwanted Program
7. Trojan.Win32.Generic!SB.0: Trojan
8. Packed.Win32.Crum (v): Trojan
9. Trojan.Win32.Fraudpack: Trojan
10. HackTool.Win32.Keygen: Trojan

[bmarv]

Threat Level Elevated

Microsoft has updated the security of its Hotmail Web email service with SSL sessions and single-use security codes so Hotmail users can log in to their accounts on public networks without the worry of having their login information sniffed. That's pretty cool.

Apple has released an update of Java for Mac OS X 10.5 (Update 7) and Java for Mac OS X 10.6 (Update 2) to fix several vulnerabilities that could allow execution of arbitrary code or denial of service.

Microsoft is reporting a vulnerability in the Windows Canonical Display Driver (cdd.dll) in 64-bit versions of Windows 7 and Server 2008 R2 as well as Server 2008 RD for Itanium. Turning off the Aero theme is a workaround. (Security Advisory 2028859).

Opera has released version 10.53 to fix a vulnerability that would allow an attacker to execute arbitrary code.

Danger Zone Topics

Watch where you are going seems like there are a few more cyber-booby traps out there. These then are the dangerous topics in spam and search results: Facebook malicious video "Distracting Beach Babes", Facebook worm - message line "try not to laugh xD...", "See Office 2010 Beta in action" in email, attachment contains Trojan downloader , "Rima Fakih pole dancing" (SEO poisoning) - downloads rogue and "Adobe update" spam (Zbot Trojan).

This Week's Top 10 Spyware Threats

1. Trojan.Win32.Generic!BT: Trojan
2. INF.Autorun (v): Trojan
3. Trojan-Spy.Win32.Zbot.gen: Trojan
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Trojan.Win32.Malware: Trojan
6. Trojan.Win32.Generic!SB.0: Trojan
7. Trojan.Win32.Agent: Trojan
8. Packed.Win32.Tdss.q (v): Trojan
9. Worm.Win32.Downad.Gen (v): Worm.W32
10. FraudTool.Win32.SecurityTool (v): Rogue Security