webDotWiz talks Windows Live

A daily list of links to interesting sites

Category Archives: Security

Scareware on the rise

From Roger’s Security Blog, the following is worth bearing in mind, particularly with the scammers preparing to steal money from well-meaning people who are fooled into thinking they’re making donations to a good cause (e.g., to help those affected by Hurricane Gustav):

We have regular ConfCalls with our security support to exchange trends and issues we see. During the last one we had an interesting discussion I would like to share with you:

We seem to get a hell lot of calls mainly from the consumer segment with Virus/Trojan/Spyware infections. The way they get the malware is a pretty well known one:

You go to a web page which is telling you that your PC is infected by malware and that you have to install the "protection software" immediately – which then installs the malware. That’s the reason why we call this software "Scareware".

There are two things which frighten me:

One is that it shows how easy social engineering works (once again).

But the second one is much more frightening:

The malware installed is by far not sophisticated. It is usually pretty old and well known. Therefore every AV scanner would detect it easily and prevent it from being installed.

This tells us that there is still a high percentage of people not running AV software on their PC… Since years we are telling our customers you have to do at least three things to run your system:

Use a firewall, keep your software updated, run an Anti-Malware software and keep it updated.

Similar things are true for ISPs. Why do people still not do it? Is it the money?

(Original post editted by inserting line breaks to emphasise the points that Roger is making).

webDotWiz’s advice: Purchase Live OneCare (there’s a free 90-day trial period) and be protected.


Posted using the Tech Preview of Windows Live Writer.


Malicious Software Removal Tool – Key Findings for July to Dec 2007

You can download the full report, Microsoft Security Intelligence Report (July through December 2007) – Key Findings Summary, but here are some figures for Australia for July to December 2007.

webDotWiz’s attention was drawn to this report from a blog entry by Sandi, Microsoft Security Intelligence Report (July through December 2007) – Key Findings Summary (Australia, Canada, Germany, Japan, Netherlands and Norway).

Here are Australia’s results:

During each month in the second half of 2007, the Microsoft Malicious Software Removal Tool (MSRT), on average, removed malware from 1 out of every 204 Windows-based computers it was executed on.

Zlob (Trojan) 6.9%
Starware (Potentially unwanted software) 4.4%
Hotbar (Adware) 2.7%
WhenU (Adware) 3.3%
Winfixer (Potentially unwanted software) 2.7%
Agent (Trojan and trojan downloader) 2.6%
All others – 77.7%

Other important notes from the key findings summary (all countries)

  • The total amount of malware removed from computers worldwide via the Microsoft Malicious Software Removal Tool (MSRT) increased over 40% during the second half of 2007 to more than 450 million unique computers worldwide per month.

  • During the second half of 2007 there was a 300% increase in the number of trojan downloaders and droppers detected and removed.

  • The most prevalent rogue security software detected in the second half of 2007 was Win32/Winfixer, with more than five times as many detections as any other single family. Winfixer displays erroneous alerts warning of severe system threats. The program then offers to remove the erroneous detections for a fee. These warnings appear under multiple false product names in several different language versions.

  • 129.5 million pieces of potentially unwanted software were detected between July 1 and December 31 2007, resulting in 71.7 million removals. These figures represent increases of 66.7% in total detections and 55.4% in removals over the first half of 2007.

  • Adware remained the most prevalent category of potentially unwanted software in the second half of 2007.

  • The top potentially unwanted software family detected in the second half of 2007 was Win32/Hotbar.

Update the Adobe Flash player (to version

As of writing, you are strongly urged to update the Flash player to the latest version ( to better protect yourself from malvertisements.

Courtesy of Sandi:

Please update Flash

A security update has been released – details here:

You can install the update via this URL:

Make sure the version installed on your computer after the update is (you may need to restart Internet Explorer).

If you need to distribute Flash in a corporate environment such as an intranet, you can apply for a distribution licence – see here:

After you register you can download EXE, MSI or MSM installers (and DMG, GZIP and RPM for non Windows users) as well as an SMS catalogue.

Thanks to Sandi’s investigations, research and examination of the malvetisement criminal activity over the past months, Adobe have brought out an update to the Flash player – take advantage of this update – it’s imperative you do so.

Posted using Windows Live Writer.

Do not click on this advertisement!

Courtesy of Sandi’s blog (Spyware Sucks at http://msmvps.com/blogs/spywaresucks/)

Here is a screenshot:


If you click on the advertisement you may end up at a web site hosting Exploit.HTML.IframeBof and Trojan-Downloader.JS.Multi.av.

We can safely view the target web page by using a web sniffer.  When we do that we discover that a couple of lines of code have been added to insert an iframe that loads content from two different chinese URLs.

Posted using Windows Live Writer.

Oxfam impersonated by Errorsafe pimps – Spyware Sucks

Sandi (at http://msmvps.com/blogs/spywaresucks/) has been tracking down and exposing malicious Flash ads for months now and this Oxfam impersonation is one of the worst cases she’s come across so this post is in support of her efforts.

The link to her latest post is below.

Other posts from her blog include the following:

Oxfam impersonated by Errorsafe pimps – Spyware Sucks

Posted using Windows Live Writer.

Installing Windows Live OneCare – webDotWiz’s experience

So you’ve got a rough idea of what to expect when you install Windows Live OneCare, here are some of the steps the install wizard will go through.

Reminder: if you tried out OneCare for the free 90-day period, you’ll probably get an email with an invite to install the new, full version at the special discount price of $39.95 (Australian dollars; up to 3 computers). If you didn’t try the free version, go to http://get.live.com/onecare/introCC1 to get the special discount price (available until Feb 12).

webDotWiz clicked the link in the email he received, Special offer for Beta participants and was taken to a page where he selected his language/country.

After signing in to his Windows Live ID, he had to drag out his dust-covered credit card and give all the necessary details. Then the download and install started – the page gives you the estimated time and it’s pretty accurate.

Now like all good webDotWizards, webDotWiz has been using AVG Free for virus protection and Windows Defender to ward off spyware. OneCare knows about AVG Free and it’ll popup to tell you it’s going to remove it. After AVG Free goes through it’s removal process, untick the box that AVG shows because it wants to restart your computer. Don’t worry because after you’ve unticked that box and you come back to the OneCare install screen, OneCare tells you to restart – just click to Finish and it’ll do it.

After your computer restarts, OneCare will prompt you to finish installing online. You’ll get a Good status (in bright, shiny green).

A few seconds later you’ll be prompted to Activate your subscription – click the button to do so.

You’ll have to give a name for your computer (if you’ve got a home network you may not have to do this because your computers will each have a name).

Sign in again to your Windows Live ID and OneCare goes off to check if you’ve got an existing OneCare account. After a bit, OneCare will be happy and you’re activiated.

That’s it.

Windows Live OneCare now available for Australia (at a discount) – get it

The release of Windows Live OneCare has been publicly advertised as January 30 but it’s available now – get it – at a discounted price until February 12.

Those who tried out the earlier version using the 90-day trial period (it wasn’t possible to buy it in Australia so those of us who tried it had to remove it after 90 days) should receive an email from the OneCare team with an invite to purchase at the special price. Here’s part of the email that webDotWiz received:

Special, Limited-Time Introductory Offer for Beta Users

To show our appreciation for our beta participants, we are offering you the full, released version of Windows Live OneCare at a price of $19.95 for one year. This offer is over 60% off the full retail price and covers up to 3 Windows XP or Windows Vista PCs. The offer will expire February 12, 2007, so be sure to take advantage of it soon.

That $19.95 is the U.S. price and webDotWiz remembers being charged $39.95 for his Australian version but that’s a good price for what OneCare does (and you can install OneCare on 3 computers).

Even if you weren’t a beta tester (i.e., used up the 90-day free trial or were able to purchase a copy if you were in the U.S.) you can go to http://get.live.com/onecare/introCC1 and purchase OneCare at the special price (until Feb 12).

Windows Live OneCare provides the following:

  • antivirus
  • antispyware (via Windows Defender if you haven’t already got it installed)
  • 2-way firewall (XP service pack introduced a one-way firewall to protect us only from nasties coming in; a 2-way firewall stops nasties that may have got onto your system from doing more damage by trying to do their nasty work on other computers on the ‘Net)
  • backup and restore (a monthly reminder to backup; knows to backup to a DVD if you’ve got one – webDotWiz’s favourite feature; after the first big backup, monthly backups are incremental onto the same DVD if there’s space)
  • tuneups (clean up and disk defragmenting in the background)

Everything runs in the background without slowing down your computer (even old, slow ones like webDotWiz’s) or being intrusive with popup messages.

For more info, see the Windows Live OneCare team blog and Liveside.

Windows Live OneCare now available

Windows Live OneCare is now available as a retail product. You can start off, however, with a free 90 day trial and later pay for the service. Note payment for Live OneCare is for up to three computers under the same account (i.e., Windows Live ID).

webDotWiz has decided to try out the service via the free 90-day trial offer. OneCare consists of a anti-virus scanner, anti-spyware scanner (Windows Defender) and an improved two-way firewall (unlike the standard XP firewall which is only one-way). The first step in the installation checks your computer for what security services you’re already running (e.g., it found AVG free edition and unininstalled it on webDotWiz’s machine) before installing the OneCare package.

For a full list of what OneCare does, see the Service overview page at the OneCare site and to keep up to date with news from the OneCare team, visit their Space.

Live Safety Centre goes global

The Windows Live Safety Center at http://safety.live.com is a free online antivirus and anti-spyware scanning service to rid your computer of nasties. The team has just announced that it’s now available in 43 languages with more to come.

By the way, if you’re using Live Messenger, check the Activities menu tab because you may find you can help out family and friends by running a Safety scan for them inside their copy of Live Messenger. Here are the details.

Talking about OneCare now certified by ICSA and WCL

WindowsLive OneCare is a full service to protect your computer and when the full service begins, it will become very attractive, both in features and price, for individuals and organisations. Reports indicate OneCare offers excellent protection against viruses and malware and keeps your computer tuned for best performance.



OneCare now certified by ICSA and WCL

Windows Live OneCare – ICSA Labs and WCL Labs certified

My name is Girish Bablani and I am the engineering manager for Windows Live OneCare. Yoav thought it would be interesting for some of the managers on the OneCare effort to share their thoughts on the product and so here I am.


I have been a reader of this space and now am really excited to be blogging on it as well. I think this forum is invaluable for exchanging views between the people working on the product and you who are really helping us make the product better.


Today I will talk about 2 things – Windows Live OneCare earning industry certifications and share a personal experience with OneCare Advisories.


Windows Live OneCare becomes a certified service

First, we have some great news to share.  The final version of Windows Live OneCare – coming soon to a retail store near you – has been certified by ICSA Labs as an effective solution to combat viruses and other forms of malicious code as well as providing a quality firewall service. In addition, OneCare has achieved West Coast Lab’s Checkmark certification, meeting the lab’s criteria for protection against malware.  These certifications are evidence of our commitment to deliver a comprehensive, quality PC Care product and another key milestone in the product development process.


For those of you unfamiliar with the certification process – in short, it is an official recognition from an independent 3rd party organization that OneCare is effective in helping protect your PC from malware.  This means that our customers can be more confident than ever that OneCare is effectively helping protect their PCs.  We’ve worked hard to achieve this important certification and we’re thrilled that we get to share this news with all of you.  This is a major milestone and we thank you – our customers – for helping us get there. We also want to thank our partner teams for helping us get there – see Matt Braverman’s blog for more on this topic:  http://blogs.technet.com/antimalware/archive/2006/05/25/430279.aspx


Windows Live OneCare Advisory – A Story

Second, I wanted to share a story with you which was very motivating for me and keeps on reminding me how much we can simplify a customer’s life by having a service backing up our software. If you remember in late November there was an attack with a new variant of the Sober worm which was characterized as the biggest virus outbreak ever by some media. The story on the attack and the virus was all over the media, and of course people who read or heard the news were nervous about whether they were protected or not. One such person happened to be my neighbor. He was someone who I had persuaded to install OneCare. Anyway to cut a long story short, when our operations team realized that the Sober news was blanketing the world they sent out an advisory that stated that if a OneCare machine was “green” it