Some news & some free stuff

After Microsoft's last "Tuesday, BIG patchday", Adobe also has issued a large sum of updates for Adobe Reader and Acrobat.
Make sure to update these programs regularly or use an online program like Secunia Online Scan to search for such updates, if applicable.

Facebook is one of those major malware targets (mainly because of it's size) that recently has been hit by a trojan, which used exactly an Adobe vulnerability to infect users. AVG has reported on this new issue where it's not some user being the victim/culprit but a facebook application that hosted a trojan.
These (infected) applications can have much more capabilities than just retrieving your personal data, as described by Heise Security.

Often trojans will change the Windows HOSTS file, in order to block security software from updating, it works but it's easy to see and easy to fix for the advanced user.
A new trojan makes use of functionalities of the Windows Packet Filter Kit (available for devs, including sourcecode for $3500 at Redmond).
This trojan will insert ndisrd_xp.sys, ndisrd.sys and ndisapi.dll in your driver map and run a rogue firewall; Netfilter.exe.
This is what blocks AV's from updating but other programs will be able to connect to internet (making it difficult to immediately diagnose the problem).
Those infected by it, for instance with fake AV AntiVirus 2010 can see 'Netfilter.exe' in their Taskmanager.
Simply kill the process and then update your AV of choice (and hopefully remove it).

Security software outfit Pandalabs has found a new malware variation; 'application hostageware'...
Yes, really; 'Application hostageware'.
It's a combination of rogueware and scareware named TotalSecurity2009 which is a variation on the well known 'fake virus scanners'.
This scam version doesn't deny just access to personal files, clicking on almost any application will result in a 'File infected!!! - Buy our $79,95 license!!!'. Now!!!'-popup.
Only Internet Explorer will work, so users can buy their 'licensekey' and hand over their financial data to the malware writers.
PandaLabs has cracked the malware and published a list of keys here.
Maybe helpful info if a friend or familymember accidentally stumbles across this new variation.

Returnil Virtual System 2010.
GiveAwayOfTheDay/GAOTD offers a 1-year license for the full version here
This security program uses strong virtualization combined with an antivirus/malware scanner.
It will virtualize your OS and installed programs on your HDD, which you can then use to download stuff, install it, test it, whatever you want.
A simple reboot will delete the virtualized OS and you're back to your original clean&real OS.
Make sure to uninstall any previous versions of Returnil before installing this one.
Works on XP, Vista and 7, 32&64-bit.
There is an instructional Youtube clip on 'Returnil 2010' by Matt from Remove-malware.com available here.

Iobit Security 360 has popped up a couple of times already here on NBR but this new kid on the block isn't well known yet.
This anti-spyware/malware program offers real-time protection, even in the free version.
It hasn't been tested against competition like Malwarebytes or SuperAntispyware so it's difficult to say if it's on par.
There is a bit of an issue with the current real-time detection rate but it's being worked on and a solution should come end of november/early december, as posted by an Iobit forum mod on WildersSecurity.
The paid version offers automated updates and scheduled scanning; everything needed to make life easier .
Sounds interesting? Here is a link for a free 1-year license for the paid-for Pro version.
Iobit Security 360 is meant to work besides your regular anti-virus, not as a replacement.
Works on XP, Vista, Windows 7, 32&64-bit.
That's it.

 

aww too bad the Free license for 1 year Iobit Security 360 Pro finished..

 

Really, already??
Can I ask, you got that answer in an email?
The site still mentions ' Deadline: Nov 11, 2009'

 

Just checked...it's still up.

 

ah last nite it told me license has ran out.. Now i got them already