Storm Worm not done yet

Despite the article at April 22, 2008 reporting that Microsoft’s Malicious Software Removal Tool (MSRT) had made Storm pretty insignificant, the botnets appear to be preparing for another attack, possibly targeting around Mother’s Day.

According to’s Malware Blog, one of their researchers has found indications of a new storm worm variant moving in.

“At the time of this posting we have not had any reports of spam from the botnet using the 3 domains that were found in the research, but the files are definitely there and the domains are fast fluxing as per the normal method.”

This does not diminish the impact that Microsoft’s Malicious Software Removal Tool (MSRT) has made on disinfecting users machines, less infected PCs means less infection gets spread around.

Storm Worm Morphs to only serve exploits

Time Flies

Now in my third year as a Consumer Security MVP, the time has flown since I started this blog with the best intentions to be prolific.

My first post on this blog, Life on the Forums 

“They may win the battle but not the war.”

A phrase that comes to mind when I see the heroic efforts of helpers in the malware removal forums, where my security interests lie.”

The battle continues, I am now an Administrator at two training schools. Volunteers helping users to remove infections from their computers are still my heroes, as are the site owners, the developers of the free tools and all who help people recover their PCs from the bad guys.

Back from my second Microsoft MVP Global Summit, still feeling the glow and looking forward to a third one, I am sure time will fly.

Debate with rogue antispyware maker

I have been following a discussion of iedefender at CastleCops which is five pages long so far.

The topic started with: “Attached below is a copy of IEdefender (hxxp:// a new rogue software.” To which the vendor replied:

iedefender: “Hello, we’re developers of IEDefender, our software is clean and is real antispyware. As we can see, people from your site send our exe to different antivirus and antispyware companies, trying to black PR our company. They’ve got answers, that our soft is clean, because IT IS CLEAN! We contacted Kaspersky, they also confirmed, there are no problems with our software, you can check our .exe with any popular antiviruses, there no problems! Stop sending your detractive mails and messages, in other case we would be forced to send all information to our lawyers and meet your representative in the court, where it would be very hard for you to prove, that our software is not real, because IT’S REAL ANTISPYWARE!”

nosirrah to iedefender:  “Since you want to respond lets make this as cut and dry as possible . Here is a list of issues you need to address . Answer each question directly with no obscenities and no name calling.

1. When will the fake codec site on your server stop advertising your software ?

2. Why does your home page contain text directly copied from other well known rogues ?

3. Why did you choose hosting that is well known for hosting hundreds of other rogue applications ?

4. When will you take the plagiarized content from NOD32 off of your home page ?

5. When will you give credit to the sources of the plagiarized content in your forum ?”

I won’t hold my breath.

As Alex said, thanks PG.

DirectRevenue-Best Offers, shuts down

Posted on DirectRevenue’s home page and giving no reason for the sudden closure.

“Best Offers and Direct Revenue have ceased operations. To service legacy consumers we are maintaining this page of uninstall instructions, an uninstall software tool, and an email based support service.”

Whether this means DirectRevenue is truly gone or will surface under a different name, remains to be seen.

DirectRevenue Settles FTC Charges

Microsoft Security Intelligence Report, third volume

From the Webpage portal:

“The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Each individual report focuses on data and trends observed in either the first or second half of each calendar year and uses historical data to provide context. The purpose of the SIR is to keep Microsoft’s customers informed of the major trends in the threat landscape and to provide valuable insights and security guidance designed to help customers improve their security posture in the face of these threats.”

Download details.

VirusRay, latest Zlob rogue anti-spyware program

The Zlob Trojan Downloader typically poses as audio or video codecs, required to be installed on your computer so you can watch or listen to certain media.

VirusRay is just the latest infection that downloads and installs rogue anti-spyware programs and displays fake security alerts in your Windows taskbar.

“When the Zlob infection downloads and installs VirusRay, VirusRay will automatically start and perform a scan of your computer. When done scanning, VirusRay will state that it found Trojans on your computer. The funny thing is that the Trojans VirusRay finds are the actual ones that were used to install it in the first place. In order to remove these Trojans, though, you will be required to purchase the full version of the software. This is obviously a scam and you should not purchase this software under any circumstances.”

Removal instructions at Bleeping Computer.

Internet Explorer 7 Re-Release for Windows XP

Good news.

“Today, we updated the installation experience to make IE7 available to as many Windows users as possible. As of today, IE7 will no longer require Windows Genuine Advantage validation, and will be available to all Windows XP users. If you’re not already running IE7, you can get it from the Internet Explorer home page on We’ve made a few other small tweaks to the UI, including enabling the menu bar by default, and created a new MSI installer that simplifies deployment for IT administrators in the enterprise environment.”

PeteL’s Blog Product Manager, Internet Explorer, Developer Division.

“Description of the Windows Internet Explorer 7 Installation and Availability Update”.

Source: Sandi Hardmeier at Spywaresucks

Windows Live Translator Beta

Microsoft’s Live Translator, in Beta and powered by Systran, has been quietly released.

I received a few 500 Internal Server errors, and not all the translations worked all the time, but it is early days yet.

Like other translator tools, Live Translator lets you enter a block of text for translation from one language to another, or you can enter a URL to have an entire web page translated.

          Live Translator Beta Help