Weekly
Security News
Posted by Dave
5 Star Support Security Specialist
Week of 06/07/09
General
-
This has been a huge week for patches from many of the
major vendors, so you will have a lot of updating to do. Everything I am
covering this week should be considered as an urgent project on your to do
list. Microsoft, Adobe, Java, Apple and Firefox are all in the mix this
month.
Microsoft
Now that I have had a day to look over all the bulletins,
we can possibly all benefit from a brief explanation of what each one
relates to and does. There are a total of 10 bulletins that represent a
total of 31 patches in all. Here goes (in numerical order, and there is a
live link to each bulletin for your convenience if you want the entire
spiel):
MS08-018
(Critical): Fixes two privately reported vulnerabilities in implementations
of Active Directory
on Microsoft Windows 2000 Server and Windows Server 2003, and Active
Directory Application Mode (ADAM) when installed on Windows XP Professional
and Windows Server 2003. The more severe vulnerability could allow remote
code execution. It is rated Critical for all supported editions of
Microsoft Windows 2000 Server, and rated Important for supported versions of
Windows XP Professional and Windows Server 2003.
Details
Description
This patch fixes two vulnerabilities within Microsoft
Active Directory and Active Directory Application Mode (ADAM). These
vulnerabilities allow an attacker to craft a malicious Active Directory
network request that, when received by a vulnerable host, could allow for
the arbitrary execution of code on Windows 2000 hosts or a Denial of Service
(DoS) condition on other host operating systems.
Active Directory Invalid Free
Vulnerability - CVE-2009-1138
A remote code execution vulnerability exists in
implementations of Active Directory on Microsoft Windows 2000
Server. The vulnerability is due to incorrect freeing of memory when
processing specially crafted LDAP or LDAPS requests. An attacker who
successfully exploited this vulnerability could take complete
control of an affected system.
Active Directory Memory Leak
Vulnerability - CVE-2009-1139
A denial of service vulnerability exists in
implementations of Active Directory on Microsoft Windows 2000 Server
and Windows Server 2003. The vulnerability also exists in
implementations of Active Directory Application Mode (ADAM) when
installed on Windows XP Professional and Windows Server 2003. The
vulnerability is due to improper memory management during execution
of certain types of LDAP or LDAPS requests. An attacker who
successfully exploited this vulnerability could cause the affected
server to stop responding.
Windows 2000 Active Directory Servers are at the highest
risk from this vulnerability, where as CVE-2009-1138 could lead to arbitrary
code execution. Since Active Directory vulnerabilities could allow attackers
to compromise entire subnets and domains, they are high priority targets for
attackers who have already gained access to workstations by other means.
MS09-019
(Critical): Patches seven privately reported
vulnerabilities and one publicly disclosed vulnerability in
Internet Explorer. The more
severe of the vulnerabilities could allow remote code execution if a user
views a specially crafted Web page using Internet Explorer. Affects IE 5.01,
IE 6, IE 7 and IE 8 running on all supported editions of Windows.
Details
Description
This patch fixes eight vulnerabilities within Microsoft
Internet Explorer. These vulnerabilities allow an attacker to craft a
malicious website or HTML page that when viewed by a vulnerable Internet
Explorer browser, could allow for Cross-Domain Information Disclosure
(Cross-Domain Scripting/Hijacking), Denial of Service (Browser crash), or
execution of arbitrary code in the context of the current user.
Race Condition Cross-Domain
Information Disclosure Vulnerability - CVE-2007-3091
An information disclosure vulnerability exists
in Internet Explorer that could allow script to gain access to the
content in another browser window in another domain or Internet
Explorer zone. An attacker could exploit the vulnerability by
constructing a specially crafted Web page that could allow
information disclosure if a user viewed the Web page. An attacker
who successfully exploited this vulnerability could view data from a
Web page in another Internet Explorer domain.
Cross-Domain Information
Disclosure Vulnerability - CVE-2009-1140
An information disclosure vulnerability exists
in the way that Internet Explorer caches data and incorrectly allows
the cached content to be called, potentially bypassing Internet
Explorer domain restriction. An attacker could exploit the
vulnerability by constructing a specially crafted Web page that
could allow information disclosure if a user viewed the Web page. An
attacker who successfully exploited this vulnerability could view
content from the local computer or another browser window in another
domain or Internet Explorer zone.
DHTML Object Memory
Corruption Vulnerability - CVE-2009-1141
A remote code execution vulnerability exists in
the way Internet Explorer displays a Web page that contains certain
unexpected method calls to HTML objects. As a result, system memory
may be corrupted in such a way that an attacker could execute
arbitrary code if a user visited a specially crafted Web site. An
attacker who successfully exploited this vulnerability could gain
the same user rights as the logged-on user.
HTML Object Memory Corruption
Vulnerability - CVE-2009-1528/1530/1531/1532
A remote code execution vulnerability exists in
the way Internet Explorer accesses an object that has not been
correctly initialized or has been deleted. An attacker could exploit
the vulnerability by constructing a specially crafted Web page. When
a user views the Web page, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. If a user is
logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete
control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights.
Uninitialized Memory
Corruption Vulnerability - CVE-2009-1529
A remote code execution vulnerability exists in
the way Internet Explorer accesses an object that has not been
correctly initialized or has been deleted. An attacker could exploit
the vulnerability by constructing a specially crafted Web page. When
a user views the Web page, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. If a user is
logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete
control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights.
Microsoft Internet Explorer vulnerabilities are among the
most targeted vulnerabilities used by attackers. They are easily delivered
via email and Instant Message (IM) links, social engineering, Cross-site
scripting (XSS), or SQL Injection attacks on legitimate websites that
redirect visitors to malicious websites. Attackers will then use these
vulnerabilities to execute and install malware which allows the attacker to
further infiltrate the compromised system and gain access to sensitive
information.
MS09-020
(Important): Fixes one publicly disclosed
vulnerability and one privately reported vulnerability in Microsoft
Internet Information Services (IIS).
The vulnerabilities could allow elevation of privilege if an attacker sent a
specially crafted HTTP request to a Web site that requires authentication.
These vulnerabilities allow an attacker to bypass the IIS configuration that
specifies which type of authentication is allowed, but not the file
system-based access control list (ACL) check that verifies whether a file is
accessible by a given user. Affects all supported editions of
Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Details
Description
This patch fixes two vulnerabilities within Microsoft
IIS 5, 5.1, and 6.0 WebDAV. These vulnerabilities allow an attacker to craft
a malicious HTTP WebDAV request that, when received by a vulnerable host,
could allow the attacker to bypass certain authentication restrictions and
gain access to sensitive information or files.
IIS 5.0 WebDAV Authentication
Bypass Vulnerability - CVE-2009-1122
An elevation of privilege vulnerability exists
in the way that the WebDAV extension for IIS handles HTTP requests.
An attacker could exploit this vulnerability by creating a specially
crafted anonymous HTTP request to gain access to a location that
should require authentication.
IIS 5.1 and 6.0 WebDAV
Authentication Bypass Vulnerability - CVE-2009-1535
An elevation of privilege vulnerability exists
in the way that the WebDAV extension for IIS handles HTTP requests.
An attacker could exploit this vulnerability by creating a specially
crafted anonymous HTTP request to gain access to a location that
typically requires authentication.
This patch addresses two authentication bypass
vulnerabilities, including one previously publicly disclosed vulnerability
(CVE-2009-1535). This specific attack is being used in the wild by attackers
in order to gain access to files and websites with WebDAV restrictions in
place. Attacks of this nature could allow attackers to gain access to files
or data that could be used to compromise additional systems in addition to
sensitive personal or business information that could also be at risk.
MS09-021
(Critical): Patches seven privately reported
vulnerabilities that could allow remote code execution if a user opens a
specially crafted Microsoft Excel
file that includes a malformed record object. An attacker who successfully
exploited any of these vulnerabilities could take complete control of an
affected system. It affects Excel 2000, Excel 2002, Excel 2003, Excel
2007, Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File
Format Converter for Mac; and all supported versions of Microsoft Office
Excel Viewer and Microsoft Office Compatibility Pack.
Details
Description
This patch fixes seven vulnerabilities within all
versions of Microsoft Excel. These vulnerabilities allow an attacker to form
a specially-crafted Excel document that, when viewed by a vulnerable user,
could allow for an attacker to execute arbitrary code on the remote system.
Record Pointer Corruption
Vulnerability - CVE-2009-0549/1134
A remote code execution vulnerability exists in
Microsoft Office Excel that could allow remote code execution if a
user opens a specially crafted Excel file that includes a malformed
record object. An attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
Object Record Corruption
Vulnerability - CVE-2009-0557
A remote code execution vulnerability exists in
Microsoft Office Excel that could allow remote code execution if a
user opens a specially crafted Excel file that includes a malformed
record object. An attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
Array Indexing Memory
Corruption Vulnerability - CVE-2009-0558
A remote code execution vulnerability exists in
Microsoft Office Excel that could allow remote code execution if a
user opens a specially crafted Excel file that includes a malformed
record object. An attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
String Copy Stack-Based
Overrun Vulnerability - CVE-2009-0559
A remote code execution vulnerability exists in
Microsoft Office Excel that could allow remote code execution if a
user opens a specially crafted Excel file that includes a malformed
record object. An attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
Field Sanitization Memory
Corruption Vulnerability - CVE-2009-0560
A remote code execution vulnerability exists in
Microsoft Office Excel that could allow remote code execution if a
user opens a specially crafted Excel file that includes a malformed
record object. An attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
Record Integer Overflow
Vulnerability - CVE-2009-0561
A remote code execution vulnerability exists in
Microsoft Office Excel that could allow remote code execution if a
user opens a specially crafted Excel file that includes a malformed
record object. An attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
These vulnerabilities pose a very serious risk to all
Excel users. Attackers are likely to deliver these attacks through various
means, such as social engineering and malicious emails or websites hosting
malformed files. Once exploited, attackers will likely install malware on
the system in order to gain further access and steal sensitive information
stored on the vulnerable machine.
MS09-022
(Critical): Covers three privately reported
vulnerabilities in Windows Print Spooler.
The most severe vulnerability could allow remote code execution if an
affected server received a specially crafted RPC request. It applies
to Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows
Server 2008.
Details
Description
This patch fixes three vulnerabilities within Microsoft
Windows Print Spooler service. These vulnerabilities allow an attacker to
craft a malicious RPC network request that, when received by a vulnerable
host, could allow the attacker to gain access to sensitive local
information, elevate their privileges or execute arbitrary code at elevated
privileges that would lead to the complete compromise of the affected
system.
Buffer Overflow in Print
Spooler Vulnerability - CVE-2009-0228
A remote code execution vulnerability exists in
the Windows Print Spooler that could allow a remote, unauthenticated
attacker to execute arbitrary code on an affected system. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new
accounts.
Print Spooler Read File
Vulnerability - CVE-2009-0229
A local, authenticated information disclosure
vulnerability exists in the Windows Printing Service that could
allow a user to read or print any file on the system. This action
can be taken even if the user does not have administrative access.
However, the vulnerability could not be exploited remotely or by
anonymous users.
Print Spooler Load Library
Vulnerability - CVE-2009-0230
A remote, authenticated elevation of privilege
vulnerability exists in the Windows Print Spooler that could allow
an arbitrary dynamic link library (DLL) to be loaded by the Print
Spooler. An attacker who successfully exploited this vulnerability
could run arbitrary code with elevated privileges. An attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights.
This patch addresses one local and two remote
vulnerabilities that allow complete system compromise. Windows 2000 is at
the highest risk for this vulnerability, which allows remote unauthenticated
attackers to trigger the vulnerability.
MS09-023
(Moderate): Patches a privately reported vulnerability in
Windows Search. The
vulnerability could allow information disclosure if a user performs a search
that returns a specially crafted file as the first result or if the user
previews a specially crafted file from the search results.
This security update is rated Moderate for Windows Search
installed on all supported editions of Windows XP and Windows Server 2003.
Details
Description
This patch fixes a single vulnerabilities within the
optional Microsoft Windows Search. This vulnerability allows an attacker to
craft a malicious search request/file that, when executed by a vulnerable
host, could allow the attacker to execute arbitrary HTML script that could
disclose sensitive information to remote attackers. This attack requires
user interaction in order to successfully exploit a system.
Script Execution in Windows
Search Vulnerability - CVE-2009-0239
An information disclosure vulnerability exists
in Windows Search due to the way file previews are generated.
Attempts to exploit this vulnerability require user interaction. An
attacker who successfully exploited this vulnerability could run a
malicious HTML script that could disclose information, forward user
data to a third party, or access any data on the affected systems
that was accessible to the logged-on user. Note that this
vulnerability would not allow an attacker to execute code or to
elevate their user rights directly, but it could be used to produce
information that could be used to try to further compromise the
affected system.
This patch addresses a user-interaction required
vulnerability in Windows Search. This attack is relatively low on the
exploitability scale and could only be delivered by trusted attackers or
through extensive social engineering attacks.
MS09-024
(Critical): Fixes a privately reported vulnerability in the
Microsoft Works converters.
The vulnerability could allow remote code execution if a user opens a
specially crafted Works file. Affects Word 2000, Word 2002, Word 2003 with
the Microsoft Works 69 File Converter, Word 2007 Service Pack 1, Microsoft
Works 8.5 and Microsoft Works 9.
Details
Description
This patch fixes a vulnerability within the Microsoft
Works Converters. This vulnerability allows an attacker to craft a malicious
Works file (.wps) that, when opened by a vulnerable host, could allow the
attacker to execute arbitrary code in the context of the currently logged in
user.
File Converter Buffer
Overflow Vulnerability - CVE-2009-1533 A
remote code execution vulnerability exists in the way that the Works
for Windows document converters handle specially crafted Works
files. The vulnerability could allow remote code execution if a user
opens a specially crafted .wps file. Users whose accounts are
configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
This patch addresses a single vulnerability within
Microsoft Works that remote attackers could deliver through typical means of
email, IM, or website links. Once executed, the malicious WPS file would
typically install malware on the system that allows remote attackers to gain
access to the system and its resources.
MS09-025
(Important): Covers
two publicly disclosed and two privately reported vulnerabilities in the
Windows kernel that
could allow elevation of privilege. An attacker who successfully exploited
any of these vulnerabilities could execute arbitrary code and take complete
control of an affected system. The vulnerabilities could not be exploited
remotely or by anonymous users. Affects Microsoft Windows 2000, Windows XP,
Windows Server 2003, Windows Vista, and Windows Server 2008.
Details
Description
This patch fixes four vulnerabilities within the
Microsoft Kernel. These vulnerabilities allow an local attacker or exploit
to craft a malicious API call or execute code in such a way that it would
trigger a denial of service condition (BSOD) or elevate the malicious
program or attackers privileges to kernel level. This could then be used to
completely compromise the system.
Windows Kernel Desktop
Vulnerability- CVE-2009-1123
A remote code execution vulnerability exists in
the way that the Works for Windows document converters handle
specially crafted Works files. The vulnerability could allow remote
code execution if a user opens a specially crafted .wps file. Users
whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with
administrative user rights.
Windows Kernel Pointer
Validation Vulnerability- CVE-2009-1124
An elevation of privilege vulnerability exists
in the Windows kernel due to the insufficient validation of certain
pointers passed from user mode. An attacker who successfully
exploited this vulnerability could run arbitrary code in kernel
mode. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
Windows Driver Class
Registration Vulnerability - CVE-2009-1125
An elevation of privilege vulnerability exists
because the Windows kernel does not properly validate an argument
passed to a Windows kernel system call. An attacker who successfully
exploited this vulnerability could run arbitrary code in kernel
mode. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
Windows Desktop Parameter
Edit Vulnerability - CVE-2009-1126
An elevation of privilege vulnerability exists
when the Windows kernel improperly validates input passed from user
mode to the kernel when editing a specific desktop parameter. The
vulnerability could allow an attacker to run code with elevated
privileges. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode. An attacker
could then install programs; view, change, or delete data; or create
new accounts with full user rights.
Attackers are likely to implement these vulnerabilities
with other exploits, a technique known as exploit-piggy-backing. This would
allow an attacker to use one exploit to gain access to the system and then
combine it with any of the above vulnerabilities in order to elevate their
privileges to kernel level and completely compromise the system. These types
of vulnerabilities are essentially what makes Windows rootkits possible.
MS09-026
(Important): Patches a publicly disclosed vulnerability in the
Windows remote procedure call (RPC) facility
where the RPC Marshalling Engine does not update its internal state
appropriately. The vulnerability could allow an attacker to execute
arbitrary code and take complete control of an affected system. Rated
Important for all supported editions of Microsoft Windows 2000, Windows XP,
Windows Server 2003, Windows Vista, and Windows Server 2008.
Details
Description
This patch fixes a vulnerability within the Microsoft
Remote Procedure Call (RPC) framework. This vulnerability allows an attacker
to craft a malicious RPC request that, when processed by a vulnerable
application, could allow the attacker to execute arbitrary code with
elevated privileges. It's important to know that this vulnerability does not
affect any RPC interface that ships with Microsoft Windows, however certain
3rd party applications are at risk.
RPC Marshalling Engine
Vulnerability - CVE-2009-0568
An elevation of privilege vulnerability exists
in the Windows remote procedure call (RPC) facility where the RPM
Marshalling Engine does not update its internal state appropriately.
The failure to update internal state could lead to a pointer being
read from an incorrect location. An attacker who successfully
exploited this vulnerability could execute arbitrary code and take
complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new
accounts with full user rights.
This patch addresses a single vulnerability within the RPC
library for Microsoft Windows. The vulnerability can be present in 32bit
applications implementing RPC calls using a specific data structure.
MS09-027
(Critical): Covers two privately reported
vulnerabilities that could allow remote code execution if a user opens a
specially crafted Microsoft Word
file. Rated Critical for all supported editions of Microsoft Office Word
2000. For all supported editions of Microsoft Office Word 2002, Microsoft
Office Word 2003, Microsoft Office Word 2007, Microsoft Office 2004 for Mac,
and Microsoft Office 2008 for Mac, and all supported versions of Open XML
File Format Converter for Mac, Microsoft Office Compatibility Pack, and
Microsoft Office Word Viewers, this security update is rated Important.
Details
Description
This patch fixes two vulnerabilities within all
supported versions of Microsoft Office Word. This vulnerability allows an
attacker to craft a malicious Word document that, when opened by a
vulnerable host, could allow the attacker to execute arbitrary code in the
context of the currently logged in user.
Word Buffer Overflow
Vulnerability - CVE-2009-0563/0565
A remote code execution vulnerability exists in
the way that Microsoft Office Word handles a specially crafted Word
file that includes a malformed record. An attacker who successfully
exploited this vulnerability could take complete control of an
affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate
with administrative user rights.
This patch addresses two vulnerabilities within Microsoft
Word that remote attackers could deliver through typical means of email, IM,
or website links. Once executed, the malicious document would typically
install malware on the system that allows remote attackers to gain access to
the system and its resources.
Other Software
Adobe has released new updates for both Acrobat and
AdobeReader.
Summary:
Critical vulnerabilities have been identified in Adobe
Reader 9.1.1 and Acrobat 9.1.1 and earlier versions. These vulnerabilities
would cause the application to crash and could potentially allow an attacker
to take control of the affected system.
Adobe recommends users of Adobe Reader 9 and Acrobat 9 and
earlier versions update to Adobe Reader 9.1.2 and Acrobat 9.1.2.
Adobe recommends users of Acrobat 8 update to Acrobat
8.1.6, and users of Acrobat 7 update to Acrobat 7.1.3. For Adobe Reader
users who can't update to Adobe Reader 9.1.2, Adobe has provided the Adobe
Reader 8.1.6 and Adobe Reader 7.1.3 updates. Updates apply to Windows and
Macintosh.
Adobe FlashPlayer
Adobe has released v 10.0.22.87 of FlashPlayer 10. Users
are advised to update to this new version as soon as possible. If you use
Firefox, please note that you will have to update the version of FlashPlayer
plug-in version) for Netscape based browsers as well. File size is 1837kb
(1.8 MB)
Adobe Shockwave
Adobe (Macromedia) has also released v 11.5.0.596 of
Shockwave and I urge readers to be sure that they use this latest version
for Windows XP or Vista.
Sun (Java)
The new release for Java is v 1.6.0_14 (Java 6 update 14)
and I urge you to apply this update right away as it addresses a number of
security issues.
Apple
Apple has released Safari 4.0 as well as new versions of
iTunes and QuickTime over the past week. Patches total over 50 not including
the recent updates for iTunes and QuickTime released recently as well (you
should be running iTunes v 8.2 and QuickTime v 7.6.2).
Firefox
Mozilla has released Firefox v 3.0.11 and users should
update to this version immediately more that 10 security issues are
addressed in this new version.
Please be diligent and apply all the updates that apply to
your situation as soon as possible. Happy computing, and stay safe out there
on the Internet.
Dave
[Top]
Dangerous
Applications
Unwanted Freeware
03/16/08
Posted by Dave
5 Star Support Security Specialist
There are always new free add-ons for your browser and free applications for
your computer coming out, almost on a daily basis anymore. Trouble is, most of
them cause a host of other problems because many contain Adware and/or Spyware
of some sort. Sophos UK maintains a list of these and refers to them as
Potentially Unwanted Applications or PUA's. Below is a list of the most recent
ones released that you need to avoid:
1. Spyware Remover is a an application for the Windows platform. Spyware Remover
is known to produce bogus warning to ask user to register.
When Spyware Remover is installed the following files are created:
<Start Menu\Programs>\SpywareRemover\SpywareRemover on the Web.lnk
<Start Menu\Programs>\SpywareRemover\SpywareRemover.lnk
<Start Menu\Programs>\SpywareRemover\Uninstall SpywareRemover.lnk
<Desktop>\SpywareRemover.lnk
<Program Files>\SpywareRemover\DataBase.ref
<Program Files>\SpywareRemover\Launcher.exe
<Program Files>\SpywareRemover\SpyCleaner.dll
<Program Files>\SpywareRemover\SpywareRemover.exe
<Program Files>\SpywareRemover\SpywareRemover.url
<Program Files>\SpywareRemover\license.rtf
<Program Files>\SpywareRemover\tcl.dll
<Program Files>\SpywareRemover\unins000.dat
<Program Files>\SpywareRemover\unins000.exe
<Program Files>\SpywareRemover\zlib.dll
<Windows>\Tasks\SpywareRemover Scheduled Scan.job
2. FakeShareaza is an unwanted program. Adware
3. FakeShareaza MediaBar is a potentially unwanted application for the Windows
platform.
When Fake Shareaza MediaBar is installed the following files are created:
<Program Files>\Shareaza Applications\Shareaza MediaBar\Shareaza.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
<Program Files>\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
<Program Files>\Shareaza Applications\Shareaza MediaBar\Shareaza_icons.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\Shareaza_logo.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\Uninstall.exe
<Program Files>\Shareaza Applications\Shareaza MediaBar\Updater.exe
<Program Files>\Shareaza Applications\Shareaza MediaBar\basis.xml
<Program Files>\Shareaza Applications\Shareaza MediaBar\button_arrow.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\historyCombo.html
<Program Files>\Shareaza Applications\Shareaza MediaBar\resizer.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\search.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\search.html
<Program Files>\Shareaza Applications\Shareaza MediaBar\search.js
<Program Files>\Shareaza Applications\Shareaza MediaBar\search_images.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\search_maps.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\search_news.bmp
<Program Files>\Shareaza Applications\Shareaza MediaBar\showSettings.js
<Program Files>\Shareaza Applications\Shareaza MediaBar\storesearchcriteria.js
<Program Files>\Shareaza Applications\Shareaza MediaBar\version.txt
<Program Files>\Shareaza Applications\Shareaza MediaBar\web.bmp
4. ForceLibrary is an unwanted program Adware.
5. SpySheriff is a anti-spyware application for the Windows platform.
Known trial versions of this software use excessive amounts of virtual memory,
leading to a reduction in system performance.
6. SpySheriff Downloader is a potentially unwanted application.
SpySheriff Downloader downloads the application SpySheriff Installer from a
pre-defined site.
7. Soso AddressBar Search Downloader is a potentially unwanted application
Adware
8. Shutdown Timer is a potentially unwanted application.
Shutdown Timer allows the following actions to occur on the computer:
Log off
Hibernate
Standby
Restart
Shutdown
9. Vapsup is an unwanted program Adware
10. Mal/Dial-U is a dialer.
When first run Mal/Dial-U copies itself to the Windows system folder.
The following registry entry is created to run Mal/Dial-U on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OpenMstart
<System>\<original dialer filename>
11. Passware Password Recovery is a potentially unwanted application for the
Windows platform.
Passware Password Recovery includes functionality to steal passwords saved in
Internet Explorer.
12. IRCFast Downloader is a Potentially Unwanted Application for the Windows
platform.
IRCFast Downloader attempts to persuade the user to download otherwise free
software from the author's servers for an extremely high price. This site has
been associated with malware.
13. OneStepSearch is an unwanted program Adware
[Top]
