Smokey's Security Weblog

veritas odium parit

[NEWS] Malwarebytes Acquires Junkware Removal Tool (JRT)

Exciting news, the Junkware Removal Tool (JRT) acquisition by Malwarebytes will make the outstanding malware removal tool Malwarebytes Anti-Malware MBAM (detects and removes e.g. worms, trojans, rootkits, rogues, spyware, and more)  stronger and better.

MBAM Press Announcement:

SAN JOSE, CA – June 22, 2015 – Malwarebytes, the company founded to protect people and businesses from sophisticated malware attacks, today announced the acquisition of Junkware Removal Tool, a security program that searches for and removes potentially unwanted programs (PUPs) such as adware, spyware, and toolbars. The acquisition will integrate its definitions and tactics into the Malwarebytes product line.

Junkware Removal Tool owner and developer, Filipos Mouliatis, will also be joining Malwarebytes Labs out of Houston, Texas. “Malwarebytes is a highly respected anti-malware and anti-exploit company that I’ve known of for years, so I was excited to hear about the possibility of working together,” said Mouliatis. “I look forward to helping further develop software that will destroy potentially unwanted programs such as adware and spyware.”

“Let’s face it, PUPs are a growing problem, and the Junkware Removal Tool is a fantastic addition to strengthen our ability to address them,” said Malwarebytes founder and CEO Marcin Kleczynski. “We’re proud to be integrating this technology. Not only that, Filipos’ creativity and ingenuity are great additions to the Malwarebytes team. With this move and others to come, we’re doubling down on expanding our PUP protections, and our customers will see the benefits very soon.”

Junkware Removal Tool is a popular download on sites such as CNET, MajorGeeks, and BleepingComputer.com. The security utility consistently ranks in the top 10 downloaded Windows apps on all three sites, and has had more than 4 million downloads on BleepingComputer.com alone.

“At BleepingComputer.com, we’ve found that adware and PUPs have increasingly become one of the largest sources of problems for our visitors,” said Lawrence Abrams, owner of BleepingComputer.com. “With Malwarebytes and Junkware Removal Tool being two of the most popular downloads, it’s going to be exciting to see how these two programs will join forces to further protect our visitors against adware and PUPs.”

Malwarebytes has already taken an aggressive stance on targeting and removing PUPs, adware, spyware, and grayware. Acquiring Junkware Removal Tool reinforces its commitment to fighting not only harmful and deceptive PUPs, but also annoying and misleading ones.

The integration of Junkware Removal Tool within Malwarebytes Anti-Malware will take place over the next few months. The stand-alone JRT program will remain intact for those who wish to use it.

Announcement source: Malwarebytes Press Center

Malwarebytes Anti-Malware (MBAM) homepage: here

Advertisements

June 22, 2015 Posted by | Uncategorized | , , , , , , , , , , , | Leave a comment

Microsoft Out-of-band security bulletin MS08-067 – Critical

Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008
Version: 1.0


Added 25 Oct 2008 – Revision 1.3: Note In addition to the products that are listed in the “Affected Software” section, this article also applies to Windows 7 Pre-Beta.

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation

Microsoft recommends that customers apply the update immediately.

Known Issues

None

Affected Software

(Operating System – Maximum Security Impact – Aggregate Severity Rating – Bulletins Replaced by this Update)

Microsoft Windows 2000 Service Pack 4
Remote Code Execution
Critical
MS06-040

Windows XP Service Pack 2
Remote Code Execution
Critical
MS06-040

Windows XP Service Pack 3
Remote Code Execution
Critical
None

Windows XP Professional x64 Edition
Remote Code Execution
Critical
MS06-040

Windows XP Professional x64 Edition Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 Service Pack 1
Remote Code Execution
Critical
MS06-040

Windows Server 2003 Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 x64 Edition
Remote Code Execution
Critical
MS06-040

Windows Server 2003 x64 Edition Service Pack 2
Remote Code Execution
Critical
None

Windows Server 2003 with SP1 for Itanium-based Systems
Remote Code Execution
Critical
MS06-040

Windows Server 2003 with SP2 for Itanium-based Systems
Remote Code Execution
Critical
None

Windows Vista and Windows Vista Service Pack 1
Remote Code Execution
Important
None

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Remote Code Execution
Important
None

Windows Server 2008 for 32-bit Systems*
Remote Code Execution
Important
None

Windows Server 2008 for x64-based Systems*
Remote Code Execution
Important
None

Windows Server 2008 for Itanium-based Systems
Remote Code Execution
Important
None

*Windows Server 2008 server core installation affected. For supported editions of Windows Server 2008, this update applies, with the same severity rating, whether or not Windows Server 2008 was installed using the Server Core installation option. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.

Source/full bulletin: Microsoft TechNet

Attack code for critical Microsoft bug surfaces

10/27/2008

By Jason Meserve/Network World – THREAT ALERT

Hope you’ve got that out-of-cycle Windows patch installed, because there’s already a worm running amok exploiting the flaw.
Microsoft took the unusual step of rushing out a patch for Windows last Thursday and within hours attack code was published that could take advantage of the flaw. Not quite Zero Day, but pretty close. Of course, a lot of noise was made over Microsoft’s non-Patch Tuesday release, but some in the security community are wondering what the big deal is? After all, there are automatic systems in place to install said patches, and other vendors release patches all the time without a parade. So why the hoopla over this Microsoft release?

Full story: NetworkWorld

October 24, 2008 Posted by | Advisories, Alerts, Downloads, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , | Leave a comment

Brief Review MBAM – Malwarebytes’ Anti-Malware

On regular base I test anti-malware programs, most recent test concerned MBAM – Malwarebytes’ Anti-Malware. About the detection capabilities I can be short: great, as claimed by the developers, many times it discovered malware like rootkits, worms, trojans, viruses, spyware and other malicious programs that weren’t detected by other anti-malware programs like anti-viruses and anti-trojans. I am even more enthousiastic about the cleaning capabilities of MBAM, all discovered malware was cleaned/removed 100%, without leaving any traces.

MBAM offer support for Windows 2000, XP, and Vista, and is free. However, the full (paid) version unlocks realtime protection, scheduled updating and scheduled scanning. If you like the program, I advice to opt for the full version. Price: a one time fee of $24.95.

Remark: MBAM was also able to detect the recent XP Antivirus 2008/2009 malware programs and removed this crap entirely.

More info about MBAM (free version and how-to buy): malwarebytes.org
Recommended review MBAM: Web Worker Daily

Update 2009-06-03: recent, extended Softpedia Review MBAM – Malwarebytes’ Anti-Malware: https://smokeys.wordpress.com/2009/06/02/profound-malwarebytes-mbam-anti-malware-scanner-review/

August 23, 2008 Posted by | Advisories, Bundleware, Downloads, Friends, Malware, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , | 13 Comments

New kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks

A new kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks.

The new malware inserts links to dangerous Web pages within ASF (Advanced Systems Format) media files.

“The possibility of this has been known for a little while but this is the first time we’ve seen it done,” said David Emm, senior technology consultant for security vendor Kaspersky Lab.

If a user plays an infected music file, it will launch Internet Explorer and load a malicious Web page which asks the user to download a codec, a well-known trick to get someone to download malware.

The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, Emm said. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.

The malware has worm-like qualities. Once on a PC, it looks for MP3 or MP2 audio files, transcodes them to Microsoft’s Windows Media Audio format, wraps them in an ASF container and adds links to further copies of the malware, in the guise of a codec, according to another security analyst, Secure Computing.

The “.mp3” extension of the files is not modified, however, so victims may not immediately notice the change, according to Kaspersky Lab.

“Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream,” Secure Computing said.

Trend Micro calls the malware “Troj_Medpinch.a,” Secure Computing named it ” “Trojan.ASF.Hijacker.gen” and Kaspersky calls it “Worm.Win32.GetCodec.a.”

Source / full article: PCWorld Business Center

July 18, 2008 Posted by | Advisories, Alerts, Downloads, Malware, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , | Leave a comment