Lavasoft News - December S2006

Spyware Newsbits

Name Description
AntispywareSoldier The user can download this rogue anti-spyware program at http://www.antispywaresoldier.com. But it often comes bundled together with malicous downloaders on other homepages. AntispywareSoldier’s spyware detection is false, and may show false positives just to swindle the user into thinking it’s a trustworthy program. The uninstaller is non-functioning.
AntiVermins AntiVermins is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. If the user restarts the computer, AntiVermins automatically scans the user's harddrive and the software runs on all user accounts.
DeluxeCommunications DeluxeCommunications is formerly known as SurfSideKick. It will install itself as a Browser Helper Object. DeluxeCommunications tracks surfing habits and may also cause system instabilities.
PestCapture PestCapture is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it’s a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy PestCapture software. If the user restarts the computer, PestCapture automatically scans the user’s harddrive and the uninstaller will not function.
SpyDefence SpyDefence is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it’s a good program that removes viruses. Alert warning "pop ups" try to entice the user to buy SpyDefence software. If the user restarts the computer, SpyDefence executes and the uninstaller will not function.
SpyHeal SpyHeal is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. If the user restarts the computer, SpyHeal automatically scans the user's harddrive.
SysProtect SysProtect is a rogue anti-spyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses, but the software uses false positive detections to trick the user into buying the commercial version. If the user restarts the computer, SysProtect automatically scans the user's harddrive.
Webalize Toolbar Webalize Toolbar distinguishes itself from other toolbars. It contains a technical report which stores information about the user’s surfing habits. The surfing report is stored in a .txt document. Webalize Toolbar installation does not include any license agreement or privacy policies.
Win32.Backdoor.PcClient Win32.Backdoor.PcClient contacts a HTTP domain to receive backdoor commands. The malware creates a TCP stream towards the host computer and synchronizes with a suspicious HTTP domain. All users with a HTTP connection will be in the danger zone if they have executed this type of malware.
Win32.Trojan.Klone Installs new files and suspicious processes run in stealth for the user. License agreement and a functional uninstaller do not exist.
Win32.Trojan.MatrixHasYou Win32.Trojan.MatrixHasYou is a set of downloaders, mail spam bots, rootkits, fake alerts and desktop hijackers. It also downloads other malware such as Pesttrap. After clearing with Ad-Aware SE we strongly recommend you seek further help in the Lavasoft Support forums: http://www.lavasoftsupport.com/
Win32.Worm.Warezov Win32.Worm.Warezov is a worm that spreads through e-mail. When infecting a new computer it will scan it for e-mail addresses and then mail itself to those addresses. It may also alternate your host file to block you from accessing certain web sites.

 

TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

 

Threat Analysis (TA) Index

 
Quick Buy: Ad-Aware SE Plus, Professional & Enterprise *offer ends 31/12/2006
In the spirit of giving this holiday season Lavasoft is giving you 15% off all Ad-Aware SE products – Plus, Professional and Enterprise – the entire month of December. Take advantage of this merry deal and keep yourself and your loved ones spyware free!

* Please enter the following coupon code to retain your rebate: zz46tv12x8c

Holiday Shopping Stats
American consumers will spend more than $32 billion in holiday Internet purchases this year.
Source: Jupiter Research

As many as 12 million people could fall prey to ID theft in some form – 40% of them between mid-Nov. and Jan.1.
Source: LifeLock Inc.

Trojan horse

Term of the Month
A zero-day attack is a virus or other exploit that takes advantage of a newly discovered hole in a program before the developer has made the fix available, or sometimes even before they are aware the hole exists. "Zero-day" is the day you open the virus-infected e-mail or get hit by a drive-by download because the anti-virus or anti-spyware software you keep up-to-date knew nothing of the attacks.
Read more at Wikipedia here.

Tech Tips
Attention Windows Users: If Microsoft Windows is your main operating system, be sure to visit Microsoft Security Updates and stay on top of all of the security patches that Microsoft releases on a monthly basis. Ongoing Microsoft vulnerabilities underscore the need to:

1) Regularly update your operating system with the latest patches, and

2) Maintain active virus, hacker, spyware and other identity theft protection.

Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com

Page footer