Latest Microsoft patches cause black screen of death, Microsoft looking into Windows ‘black screen of death’ problem

Microsoft’s latest round of security patches appears to be causing some PCs to seize up and display a black screen, rendering the computer useless.

The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said Mel Morris , the CEO and CTO for the U.K. security company Prevx.

Prevx was alerted to the problem by users of its security software last week, Morris said. Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar.

However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren’t aware of the changes and don’t run properly, causing a black screen, Morris said.

Security applications seem to be particularly affected. Morris said users of other security products have also complained about the issue, even going so far as trying to reinstall the operating system to fix it.

http://www.computerworld.com/s/article/9141568/Latest_Microsoft_patches_cause_black_screen_of_death

Black Screen woes could affect millions on Windows 7, Vista and XP

Firstly, there appears to be many causes of of the black screen issue. The symptoms are very distinctive and troublesome. After starting your Windows 7, Vista, XP, NT, W2K, W2K3 or W2K8 PC or server the system appears normal. However, after logging on there is no desktop, task bar, system tray or side bar. Instead you are left with a totally black screen and a single My Computer Explorer window. Even this window might be minimized making it hard to see.

If you have these symptoms you can safely try our free Black Screen Fix. It will fix the most common cause we have seen of this issue. Running the fix program is easy under normal circumstances, simply download with your browser using the link above and run the program. However, if you are trying to do this from the PC which has black screen it is a bit more tricky.

http://www.prevx.com/blog/140/Black-Screen-woes-could-affect-millions-on-Windows–Vista-and-XP.html

Microsoft looking into Windows ‘black screen of death’ problem

Microsoft says it’s looking into reports that its latest security updates are causing some Windows machines to stop working and display a mostly black screen with no desktop icons, taskbar, sidebar or other elements — seizing up and displaying just a "My Computer" Explorer window, if they’re lucky. […]

"Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers," a company representative said via email in response to our inquiry. "Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues."

http://www.techflash.com/seattle/2009/11/microsoft_investigating_windows_black_screen_of_death.html

Also, Recent Windows security patches causing ‘black screen of death’

Microsoft said it is aware of the issue and sent seattlepi.com the following statement:

* Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers.
* Based on our investigation so far we can say that we’re not seeing this as an issue from our support organization.
* The issues as described also do not match any known issues that have been documented in the security bulletins or KB articles.
* As always, we encourage customers to review the security bulletin and related KB articles and test and deploy security updates.
* If customers do encounter an issue with security updates, we encourage them to contact our Customer Service and Support group for no-charge assistance. Customers can contact CSS using the information at http://support.microsoft.com/security.

http://blog.seattlepi.com/microsoft/archives/186746.asp

Rogue Gallery

Few years ago, I remember talking with MVP Janie Whitty about a page that is similar to above and similar to MVP Eric Howes’ list of Rogue/Suspect Anti-Spyware programs. A place where people can see the look of Rogue software (avoid rogue applications!) and I’m glad her wish has come true because Lavasoft have it now online:  http://www.lavasoft.com/mylavasoft/rogues/latest

http://www.lavasoft.com/mylavasoft/company/blog/lavasoft-malware-labs’-rogue-gallery

Thanks to Ray for the link!

Avast installer now comes bundled with Chrome

Yes, another security software bundles their installer with third-party and unnecessary software.  Avast installer is now bundled with Chrome.  Just like Ad-Aware by Lavasoft.  Good thing it’s not Ask/IAC Toolbar/Search Assistant.

Still… people need to choose properly when installing stuff on their machine.  Such free add-ons is not necessary in using the program that you downloaded or going to install.

China warns of mass Internet virus (Panda Burning Incense worm due for a comeback)

A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee.

The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country’s first arrests for virus writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect, said Vu Nguyen, a McAfee Labs researcher.

"It has gotten more complex with the addition of a rootkit," said Nguyen. "It definitely makes it more challenging for users to clean up and even to know that their systems have been compromised." A rootkit burrows into a system to try to hide the existence of malware.

http://news.techworld.com/security/3207541/china-warns-of-mass-internet-virus/

Toshiba worker arrested for selling copy limit busting SW (You can’t do that in Japan)

A Toshiba employee in Japan has been arrested for selling copy limit breaking software, letting buyers copy digital TV programmes on Japanese recording and playback products as much as they liked.

The copy limit software is called Dubbing10 and lets digital media device users copy a recorded digital TV programme up to ten times. It was introduced in July 2008, after criticism that the previously available single copy facility was far too limited.

Sony added Dubbing10 as firmware updates for its Japanese territory Blu-ray and DVD recorders in 2008, as well as to certain Vaio desktop and notebook computers. Sharp and Panasonic also added the Dubbing10 software to certain of their products.

A Japanese paper reported that the Toshiba worker, Tetsuya Masumura, was arrested on Wednesday in the Ehime Prefecture in northwestern Shikoku, the smallest of the four main islands of Japan.

http://www.theregister.co.uk/2009/11/27/dubbing10_break_sw/

Hack In The Box heading to Holland

HITBSecConf2010 Amsterdam opens in July

The organizers of the Hack In The Box security conferences in Malaysia are planning their first European show for Amsterdam next July.

Hack In The Box (HITB) held its first security conference, or hacker convention, in Kuala Lumpur in 2003, one of the first major shows of its kind in Asia. HITB organizers added a show in the Middle East in Dubai, United Arab Emirates in 2007. The two shows run yearly and draw high profile security industry people every year.

Next year, HITB will host its first show in Amsterdam from July 5 to 8, according to Dhillon Andrew Kannabhiran, the head of HITB. The Amsterdam show, HITBSecConf2010 – Amsterdam, will follow a similar schedule to the other HITB exhibitions. There will be two days of training sessions and two days of the conference, complete with Web hacking competitions.

Hacking competitions feature in every HITB show and the winners used to receive cash awards from sponsors. But at HITB Malaysia this year, there was no prize money on offer due to lack of sponsorship of the event yet enough teams registered to fill the competition ticket.

http://www.networkworld.com/news/2009/112709-hack-in-the-box-heading.html

Another ZBOT Spam Run

Trend Micro threat analysts were alerted to the discovery of another ZBOT spam campaign. The emails bear subjects such as &"your photos" and "some jerk has posted your photos." They inform the recipients that someone has posted their photos without their permission on a site and has sent the link to their friends. The recipient is intended to beleive that the "sender" is acting as a "good samaritan," emailing the one who supposedly posted the said pictures.The URL, of course, points to a website that distributes a malware detected by Trend Micro as TSPY_ZBOT.CJA.

When executed TSPY_ZBOT.CJA connects to several websites to download another malicious file detected as TROJ_DROPR.KB. The spyware also has rootkit capabilities that enable it to hide its processes. ZBOT/ZeuS is one of the most notorious botnets with regard to identity, financial, and information theft.

http://blog.trendmicro.com/another-zbot-spam-run/

In another blog entry, Trend Micro is advising people to Don’t Give Spammers a Reason to Be Thankful

Thanksgiving kicks off the holiday season in the United States, the top spam-sending country in the world. The holiday season ushers sales and big discounts for users. Unfortunately, however, this also means that spammers will be rushing to offer consumers bogus promos and discounts. Seems even cybercriminals have something to be thankful for, too.

Trend Micro analysts received Thanksgiving-related spam samples. The spammed messages offered users who log in to their sites US$500 worth of "grocery vouchers." The sites were hosted on different domains that, upon further analysis, have already been blacklisted though they have only recently been created.

Users who are tricked into clicking any of the URLs in the spammed messages landed on sites where they are asked to give out personal information like email addresses, complete names, addresses, and phone numbers, which, as you may already know, may be used for other malicious activities later on or sold in underground forums.

http://blog.trendmicro.com/don’t-give-spammers-a-reason-to-be-thankful/

UK man arrested for video game account theft (RuneScape accounts compromised)

A 23-year-old man from Avon & Somerset has been arrested for theft of gaming accounts in the MMORPG RuneScape. The man is alleged to have "hacked and misappropriated" players’ accounts, and was caught after developers Jagex reported the issues to the Police Central e-crime Unit.

The accounts are stolen by the use of phishing sites, which mimic official websites and ask players to input their usernames and passwords, which are logged. The thief then changes the password on the account to lock the original owner out. The problem is common in many online multiplayer games as players can have equipment and characters worth hundreds of pounds.

Jagex’s CEO said: "Jagex maintains a specialist team to combat any law breaking within our games. Where there is any evidence to suggest someone has committed a crime, as is clearly the case with any phishing or hijacking, we work closely with law enforcement agencies around the world to bring these people to account".

http://www.pocket-lint.com/news/29839/uk-man-arrested-for-game-account-theft?

Facebook swipes user’s vanity URL

Facebook’s recently introduced vanity URLs may be a handy function for many, but the offer to distinguish users’ profiles with names rather than numbers is not unconditional.

Defence systems engineer David Lloyd was pleased to be able to adopt the nickname ‘squaresheep’ to distinguish his Facebook profile from those of the many others who share his given name. He had used the nickname for years on the likes of Hotmail and Skype, but found on logging into Facebook last weekend that the moniker had been taken off him and handed over to squaresheep.com, a US-based cooking website established only last year.

Facebook told Lloyd that the vanity URL had been taken away from him because it violated its terms and conditions. Lloyd was still able to log into his Facebook profile using a registered email address and password combination, but was put out at the fact he was given no opportunity to contest the handover.

A representative for Facebook explained that the use of ‘squaresheep’ by Lloyd violated its terms of service because the name had no relation to Lloyd’s real name. Facebook wasn’t saying whether it had acted in response to a complaint from squaresheep.com, the cooking site, which is yet to clarify its side of the story.

http://www.theregister.co.uk/2009/11/26/facebook_vanity_url_takeover/