Despite the article at computerword.com April 22, 2008 reporting that Microsoft’s Malicious Software Removal Tool (MSRT) had made Storm pretty insignificant, the botnets appear to be preparing for another attack, possibly targeting around Mother’s Day.

According to UploadMalware.com’s Malware Blog, one of their researchers has found indications of a new storm worm variant moving in.

"At the time of this posting we have not had any reports of spam from the botnet using the 3 domains that were found in the research, but the files are definitely there and the domains are fast fluxing as per the normal method."

This does not diminish the impact that Microsoft’s Malicious Software Removal Tool (MSRT) has made on disinfecting users machines, less infected PCs means less infection gets spread around.

Storm Worm Morphs to only serve exploits

Now in my third year as a Consumer Security MVP, the time has flown since I started this blog with the best intentions to be prolific.

My first post on this blog, Life on the Forums 

"They may win the battle but not the war."

A phrase that comes to mind when I see the heroic efforts of helpers in the malware removal forums, where my security interests lie."

The battle continues, I am now an Administrator at two training schools. Volunteers helping users to remove infections from their computers are still my heroes, as are the site owners, the developers of the free tools and all who help people recover their PCs from the bad guys.

Back from my second Microsoft MVP Global Summit, still feeling the glow and looking forward to a third one, I am sure time will fly.

I have been following a discussion of iedefender at CastleCops which is five pages long so far.

The topic started with: "Attached below is a copy of IEdefender (hxxp://www.iedefender.com/) a new rogue software." To which the vendor replied:

iedefender: "Hello, we’re developers of IEDefender, our software is clean and is real antispyware. As we can see, people from your site send our exe to different antivirus and antispyware companies, trying to black PR our company. They’ve got answers, that our soft is clean, because IT IS CLEAN! We contacted Kaspersky, they also confirmed, there are no problems with our software, you can check our .exe with any popular antiviruses, there no problems! Stop sending your detractive mails and messages, in other case we would be forced to send all information to our lawyers and meet your representative in the court, where it would be very hard for you to prove, that our software is not real, because IT’S REAL ANTISPYWARE!"

nosirrah to iedefender:  "Since you want to respond lets make this as cut and dry as possible . Here is a list of issues you need to address . Answer each question directly with no obscenities and no name calling.

1. When will the fake codec site on your server stop advertising your software ?

2. Why does your home page contain text directly copied from other well known rogues ?

3. Why did you choose hosting that is well known for hosting hundreds of other rogue applications ?

4. When will you take the plagiarized content from NOD32 off of your home page ?

5. When will you give credit to the sources of the plagiarized content in your forum ?"

I won't hold my breath.

As Alex said, thanks PG.

Posted on DirectRevenue's home page and giving no reason for the sudden closure.

"Best Offers and Direct Revenue have ceased operations. To service legacy consumers we are maintaining this page of uninstall instructions, an uninstall software tool, and an email based support service."

Whether this means DirectRevenue is truly gone or will surface under a different name, remains to be seen.

DirectRevenue Settles FTC Charges

From the Webpage portal:

"The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Each individual report focuses on data and trends observed in either the first or second half of each calendar year and uses historical data to provide context. The purpose of the SIR is to keep Microsoft’s customers informed of the major trends in the threat landscape and to provide valuable insights and security guidance designed to help customers improve their security posture in the face of these threats."

Download details.

The Zlob Trojan Downloader typically poses as audio or video codecs, required to be installed on your computer so you can watch or listen to certain media.

VirusRay is just the latest infection that downloads and installs rogue anti-spyware programs and displays fake security alerts in your Windows taskbar.

"When the Zlob infection downloads and installs VirusRay, VirusRay will automatically start and perform a scan of your computer. When done scanning, VirusRay will state that it found Trojans on your computer. The funny thing is that the Trojans VirusRay finds are the actual ones that were used to install it in the first place. In order to remove these Trojans, though, you will be required to purchase the full version of the software. This is obviously a scam and you should not purchase this software under any circumstances."

Removal instructions at Bleeping Computer. http://www.bleepingcomputer.com/forums/topic113374.html

Good news.

"Today, we updated the installation experience to make IE7 available to as many Windows users as possible. As of today, IE7 will no longer require Windows Genuine Advantage validation, and will be available to all Windows XP users. If you’re not already running IE7, you can get it from the Internet Explorer home page on Microsoft.com. We’ve made a few other small tweaks to the UI, including enabling the menu bar by default, and created a new MSI installer that simplifies deployment for IT administrators in the enterprise environment."

PeteL’s Blog Product Manager, Internet Explorer, Developer Division.

“Description of the Windows Internet Explorer 7 Installation and Availability Update”. http://support.microsoft.com/kb/940767

Source: Sandi Hardmeier at Spywaresucks http://msmvps.com/blogs/spywaresucks/archive/2007/10/05/1229925.aspx

Microsoft’s Live Translator, in Beta and powered by Systran, has been quietly released.

I received a few 500 Internal Server errors, and not all the translations worked all the time, but it is early days yet.

Like other translator tools, Live Translator lets you enter a block of text for translation from one language to another, or you can enter a URL to have an entire web page translated.

• translator.live.com   translate.live.com   windowslivetranslator.com

          Live Translator Beta Help

Zango Drops Lawsuit Against PC Tools

"Adware company Zango has voluntarily withdrawn its lawsuit against security software company PC Tools, which Zango accused of illegally removing its software from users’ PCs without their express permission. The move follows a court’s refusal to grant Zango a temporary restraining order."

Article at BetaNews:  http://www.betanews.com/article/Zango_Drops_Lawsuit_Against_PC_Tools/1188317390

Microsoft has launched Tafiti, http://www.tafiti.com/ a search engine built on Microsoft® Silverlight. http://silverlight.net/

This is not your usual search interface and has rich visualizations. Check it out.

Scheduled August bulletin release day, August 14, 2007.

The Microsoft Security Response Center (MSRC)

"Next Tuesday, we’re currently planning to release nine security bulletins:

• Six Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
• One Microsoft Security Bulletins affecting Microsoft Office with a Maximum Severity rating of Critical. These updates will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
• One Microsoft Security Bulletin affecting Microsoft Office and Microsoft Windows a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
• One Microsoft Security Bulletin affecting Microsoft Virtual PC and Microsoft Virtual Server with a Maximum Severity rating of Important. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.

Remember that here we’re providing the maximum severity for any of the updates per product. Specific details about severity per-bulletin as well as additional details about the affected versions can be found in the Advance Notification posted on the web.

We are also planning to release an update to the Microsoft Windows Malicious Software Removal Tool.

Finally, we are planning to release four high-priority non-security updates on Microsoft Update and two on Windows Update.

Remember that this information is to help with your advance planning for the Tuesday release: this information can change between now and the release on Tuesday. If things do change or we have new information about the release, we will let you know through this weblog."

http://blogs.technet.com/msrc/archive/2007/08/09/august-2007-bulletin-release-advance-notification.aspx

http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx

Weblog Tools Collection posted an alert regarding a site called Templatebrowser dot com, which provides direct downloads to public blog themes.

Apprantly the themes have been modified to include an additional functions.php file, calling home after a theme is installed and able to be used for inserting hidden spam or malware links.

Mark Ghosh strongly suggests users stay away from the site.

WARNING: TemplateBrowser dot com: http://weblogtoolscollection.com/archives/2007/08/04/warning-templatebrowser-dot-com/

WordPress & Joomla theme users beware!: http://5thirtyone.com/archives/837