An amusing true story about crackers and crooks, testing antimalware software

Past 4 days were very amusing, you can call it pure entertainmant also. Anyway, I enjoyed what happened. I only regret that the fairytale and sweet dreams of a group of crackers, crooks and losers was destroyed already within 4 days after it started with a thread on Wilders Security Forums with subject “New AV Test From SSU”.

Yes, you read well: SSU (SSUpdater.com) produced a “malware test” and tried to provide the test with a “reliable – trustable label”. Very funny, observing crooks testing their own warez, keygenerators, serials and other related illegal stuff with antimalware programs. I suppose their real intention was, – yes you read well, was because their nifty antimalware test- and warez site is vanished -, to test what antimalware programs are able to detect, clean or delete their illegal crap.

They even showed their natural born stupidity to the entire audiance: inviting security vendors on their forum to provide their malware test with comments concerning the test results. The same vendors suffering from illegal practises carried out by SSUpdater.com and many other warez and crack sites. Oh yes, I know, SSUpdater.com had nothing to do with illegal activities, they only offered links to illegal crap. Anyway, that was their excuse and explanation.

The really sad end of the story: SSU (SSUpdater.com) don’t exist anymore. The hosting company suspended their account, obvious for reason of: illegal activities…….

Full story: Wilders Security Forums

Edit: at once the site, promoting illegal stuff, is back online. Very weird…
The Grand Commander, apparently Chief of the SSU troops, wrote:

“we can provide valuable information for everybody who is willing to listen, so far only few have listened”.

To me it is clear why only few have listened, to him obvious not.

October 31, 2008 Posted by Smokey | Downloads, Friends, Malware, News, Security | antimalware programs, crackers, crooks, illegal software, keygenerators, malware tests, New AV Test From SSU, serials, SSU - SSupdater.com, warez | 2 Comments

Security upgrade: Opera 9.62 for Windows released, upgrade now!

Today, Opera released v9.62 of their browser. Because this is a highly recommended security upgrade I strongly advice all Opera users to upgrade without delay.

Changelog

- Fixed an issue where History Search could be used to execute arbitrary code, see the Opera Advisory.
- The links panel no longer allows cross-site scripting, see the Opera Advisory.

Downloadpage Opera 9.62 for Windows: here

Note: Opera 9.62 incorporates the Opera Presto 2.1.1 user agent engine.

October 30, 2008 Posted by Smokey | Advisories, Alerts, Downloads, Friends, Malware, Security, Vulnerabilities | browser news, Changelog Opera 9.62, cross-site scripting, executing arbitrary code, History Search flaw, links panel vulnerabilty, Opera 9.62 released, Presto user agent engine, security upgrade | No Comments Yet

Highly critical vulnerabilities in all OpenOffice versions prior to v2.4.2

According to heise Security, despite the fact that OpenOffice v3.0 is released, many users of the suite of productivity applications may be in a controlled environment, such as a government organisation, and are not able to rapidly migrate to the latest release but are prepared to install updates that do not change functionality. For these users this OpenOffice v2.x highly critical vulnerabilities alert is important, they are advised to upgrade asap to v2.4.2

The vulnerabilities in all OpenOffice versions prior to v2.4.2 are:

1. A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

2. A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

Sources and background information:

- WMF security advisory from OpenOffice
- EMF security advisory from OpenOffice
- heise Security

October 30, 2008 Posted by Smokey | Advisories, Alerts, Downloads, Friends, Malware, Security, Vulnerabilities | CVE-2008-2237, CVE-2008-2238, heise Security, OpenOffice v2.x, OpenOffice v3.0, OpenOffice versions prior to 2.4.2 vulnerable, StarOffice/StarSuite, vulnerabilities WMF and EMF files | No Comments Yet

New Official Jetico Inc. Support Forums Opened: Jetico BestCrypt for Linux and BCWipe for UNIX

On behalf of Jetico Inc. I am pleased to announce that on my board Smokey’s Security Forums two new Jetico Inc. Support Forums are opened: Jetico BestCrypt for Linux and BCWipe for UNIX.

The addition of these new support forums to the board is good news for consumers using these Jetico products, like in all other Jetico support forums they will be provided with support, help and advice by engineers and developers of Jetico Inc.

Survey of all Official Jetico Inc. Support Forums on Smokey’s Security Forums

- Jetico Personal Firewall v1
- Jetico Personal Firewall v2
- Jetico BestCrypt for Windows
- Jetico BestCrypt for Linux
- Jetico BCVE -BestCrypt Volume Encryption
- Jetico BCArchive
- Jetico BCWipe for Windows
- Jetico BCWipe for UNIX

See you on Smokey’s!

October 27, 2008 Posted by Smokey | Downloads, Friends, News, Security, Uncategorized | decryption, encryption, Jetico BCArchive, Jetico BCVE, Jetico BCWipe for UNIX, Jetico BCWipe for Windows, Jetico BestCrypt for Linux, Jetico BestCrypt for Windows, Jetico BestCrypt Volume Encryption, Jetico Personal Firewall v1, Jetico Personal Firewall v2, Official Jetico Inc. Support Forums, secure data wipe, smokey's security forums | No Comments Yet

Partnership Smokey’s Security Forums – Gladiator Security Forum ceased

I have to announce the end of Partnership Gladiator Security Forum – Smokey’s Security Forums.

This is not a decision taken “on-the-fly”, it was an well-matured and unavoidable decision made by TheSentinel, Site Owner Gladiator Security Forum and me. Past days we have considered all options, at the moment we see no perspective anymore for continuation Partnership.

Keep in mind that Partnership was an experimental project, regrettably TheSentinel and me failed with our well-meant intentions. Several factors were cause of the project fall through, apparently time isn’t ready for such a Partnership project..

In special i want to express my gratitude to TheSentinel and Terryala of Gladiator Security Forum and Starbuck of my board Smokey’s Security Forums for their continuous efforts to make Partnership a successful project. They were and are the people always looking to the future and realizing that Partnership is a need. Their support was very valuable for both boards, therefore i highly appreciate their positive attitude and efforts to make Partnership a success.

Smokey
Site Owner Smokey’s Security Forums

October 25, 2008 Posted by Smokey | Friends, News, Security | Gladiator Security Forum, Partnership ceased, smokey's security forums | 2 Comments

Microsoft Out-of-band security bulletin MS08-067 – Critical

Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008
Version: 1.0

Added 25 Oct 2008 – Revision 1.3: Note In addition to the products that are listed in the “Affected Software” section, this article also applies to Windows 7 Pre-Beta.

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation

Microsoft recommends that customers apply the update immediately.

Known Issues

None

Affected Software

(Operating System – Maximum Security Impact – Aggregate Severity Rating – Bulletins Replaced by this Update)

Microsoft Windows 2000 Service Pack 4
Remote Code Execution
Critical
MS06-040

Windows XP Service Pack 2
Remote Code Execution
Critical
MS06-040

Windows XP Service Pack 3
Remote Code Execution
Critical
None

Windows XP Professional x64 Edition
Remote Code Execution
Critical
MS06-040

Windows XP Professional x64 Edition Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 Service Pack 1
Remote Code Execution
Critical
MS06-040

Windows Server 2003 Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 x64 Edition
Remote Code Execution
Critical
MS06-040

Windows Server 2003 x64 Edition Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 with SP1 for Itanium-based Systems
Remote Code Execution
Critical
MS06-040

Windows Server 2003 with SP2 for Itanium-based Systems
Remote Code Execution
Critical
None

Windows Vista and Windows Vista Service Pack 1
Remote Code Execution
Important
None

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Remote Code Execution
Important
None

Windows Server 2008 for 32-bit Systems*
Remote Code Execution
Important
None

Windows Server 2008 for x64-based Systems*
Remote Code Execution
Important
None

Windows Server 2008 for Itanium-based Systems
Remote Code Execution
Important
None

*Windows Server 2008 server core installation affected. For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.

Source/full bulletin: Microsoft TechNet

Attack code for critical Microsoft bug surfaces

10/27/2008

By Jason Meserve/Network World – THREAT ALERT

Hope you’ve got that out-of-cycle Windows patch installed, because there’s already a worm running amok exploiting the flaw.
Microsoft took the unusual step of rushing out a patch for Windows last Thursday and within hours attack code was published that could take advantage of the flaw. Not quite Zero Day, but pretty close. Of course, a lot of noise was made over Microsoft’s non-Patch Tuesday release, but some in the security community are wondering what the big deal is? After all, there are automatic systems in place to install said patches, and other vendors release patches all the time without a parade. So why the hoopla over this Microsoft release?

Full story: NetworkWorld

October 24, 2008 Posted by Smokey | Advisories, Alerts, Downloads, Friends, Malware, News, Security, Vulnerabilities | critical vulnerabilty, flaw exploited, KB958644, Malware, new attack code, Out-of-band security bulletin MS08-067, out-of-cycle Windows patch, RPC requests, Server service, threat alert, Windows 2000, Windows 7 Pre-Beta, Windows Server 2003, windows xp, worms | No Comments Yet

Investigate RAM problems with Vista’s Windows Memory Diagnostic Tool

Article Author: Greg Shultz / TechRepublic

If you’re encountering application failures, operating system faults, or Stop errors in Windows Vista, you could have defective or failing RAM. Microsoft included the Windows Memory Diagnostic Tool in Windows Vista so that you can test the RAM chips in your system.

There are actually several ways that you can launch the Windows Memory Diagnostic tool. The method you will use will depend on your situation.

If you are experiencing intermittent problems but can still boot into Vista, you can launch the Windows Memory Diagnostic tool by clicking the Start button, selecting Control Panel, and clicking the System and Maintenance icon. When you access the System and Maintenance window, select Administrative Tools. Then, click the Memory Diagnostics Tool icon.

Alternatively, you can click the Start button, type Memory in the Start Search box, and then click the Memory Diagnostics Tool icon. Either way, you’ll encounter a UAC and will need to respond accordingly.

When you see the Windows Memory Diagnostic Tool dialog box click the Restart Now and Check for Problems option. When you do, the dialog box will close and your system will automatically restart.

If you are experiencing problems booting up Vista, you can run Windows Memory Diagnostic Tool from the Windows Boot Manager menu. Press and hold down F8 while the system starts up. When you see the Windows Boot Manager menu use the arrow key to select the Windows Memory Diagnostic option at the bottom of the screen and press [Enter].

If you are experiencing major problems booting up Vista, you can run Windows Memory Diagnostic Tool from the Windows Vista DVD. Boot the system from the DVD and follow along until you see the Install Now prompt. When you see the prompt, locate and select the Repair Your Computer option. Once the System Recovery Options menu appears, select the Windows Memory Diagnostic Tool option.

In this edition of the Windows Vista Report, Greg Shultz show you how to launch and use the Windows Memory Diagnostic Tool. A clear how-to, provided with screenshots and explicit instructions.

Windows Vista Memory Diagnostic Tool Report: TechRepublic

October 18, 2008 Posted by Smokey | Advisories, Friends, Uncategorized | application failures, defective or failing RAM, How-To, memory errors, operating system faults, RAM problems, Stop errors, testing RAM chips, Windows Memory Diagnostic Tool, Windows Vista | No Comments Yet

Consumers Warned to Avoid Fake E-mails Tied to Bank Mergers

Federal Trade Commission (FTC) Alert concerning Bank Phishing

Online scammers are taking advantage of tough economic times. While e-mails phishing for sensitive data are nothing new, scammers are taking advantage of upheavals in the financial marketplace to confuse consumers into parting with valuable personal information.

The Federal Trade Commission urges caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or mortgage. In fact, these messages may be from “phishers” looking to use personal information – account numbers, passwords, Social Security numbers – to run up bills or commit other crimes in a consumer’s name.

Consumers are warned not to take the bait. The FTC has advice about how to stay on guard against this type of scam. To learn more, see the consumer alert “Bank Failures, Mergers and Takeovers: A ‘Phish-erman’s Special,’” at http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt089.shtm.

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Tips to help you avoid getting hooked by a phishing scam

- Don’t reply to an email or pop-up message that asks for personal or financial information, and don’t click on links in the message – even if it appears to be from your bank. Don’t cut and paste a link from the message into your Web browser, either. Phishers can make links look like they go one place, but actually redirect you to another.

- Some scammers call with a recorded message, or send an email that appears to be from an institution, and ask you to call a phone number to update your account. Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers are. To reach an institution you do business with, call the number on your financial statements.

- Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.

- Don’t email personal or financial information. Email is not a secure way to send sensitive information.

- Review your financial account statements as soon as you receive them to check for unauthorized charges.

- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.

- Forward phishing emails to spam@uce.gov – and to the institution or company impersonated in the phishing email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.

- If you’ve been scammed, visit the Federal Trade Commission’s Identity Theft website at ftc.gov/idtheft for important information on next steps to take.

Source and tips: FTC.gov

October 12, 2008 Posted by Smokey | Advisories, Alerts, Malware, News, Security, Uncategorized | advisory and tips to avoid, Anti-Phishing Working Group, Bank Failures, FTC Alert Bank Phishing, ftc.gov, Identity Theft, online scam, phishing scam | No Comments Yet