Announcements

2008-11-05 Keylogger + Ardamax Malware + AntiSpyCheck + AntiSpywareMaster + Fake.MSAntivirus + FakeAlert.cc ++ FakeBill.CourtCologne + Fraud.Antivirus2008 ++ Fraud.AntiVirusLab2009 + Fraud.PC-Antispy + Fraud.PCHealth ++ Fraud.PCProtectionCenter2008 ++ Fraud.PowerAntivirus + Fraud.SystemAntivirus ++ Fraud.VirusResponseLab2009 + Fraud.XPAntivirus + MicroAntivirus + PCCleanPro ++ RapidAntivirus + Smitfraud-C. + Smitfraud-C.gp + SpywareBOT ++ SpywareCease + UltimateAntivirus2008 + VistaAntivirus2008 ++ Win32.mIRC.603 ++ Win32.VB.dn + Win32.Renos + XPSecurityCenter + YourWebSafe PUPS ++ Joke.Password ++ MSNFlood + FunWebProducts + MyWay.MyWebSearch + WildTangent Trojan ++ Facegame + Hupigon + Netbus ++ PoisonIvy ++ Rbot.XXY + RS32UPS.ru...

SpybotWiki: our wiki, which has been restricted to logins of forum users until the OpenSBI system was finished, is now open to all readers, forum account or not. Stay tuned for the final release of OpenSBI! FileAlyzer 2: a first beta release of our file analysis tool created to help you understanding various file formats, and designed to support OpenSBI, is now available as the first of our tools to reach version 2.0. It's new multi-file interface allows you to easily compare multiple files, all detail pages have been updated to make use of XP/Vista style controls when available, and its speed has been improved to show up without delays now. Download portal: now if you are wondering where to download FileAlyzer 2, or other...

Spybot 2.0: Patrick Kolla, our chief software engineer, has started a series of small blog posts on features of Spybot-S&D 2.0, starting with a blog post about modularization, with more entries on various other topics already waiting in queue. Recommendations: our page with recommendations about security software has been out of date for a while, so we decided to go ahead and rewrite it. You can view the new article here and comment on our blog here. More...

2008-10-29 Hijacker + MT-Dials Keylogger ++ LightLogger Malware + AdDestination + AntispywareProXP + Fraud.PCHealth ++ Fraud.SystemAntivirus + Fraud.XPAntivirus + MicroAntivirus + Smitfraud-C. + Win32.Agent.cmn PUPS ++ WGDTEAM.GoldCashHack Trojan + Network Essentials.Hopper + RS32UPS.ru + Virtumonde + Virtumonde.prx + Virtumonde.sci + Virtumonde.sdn ++ Win32.Agent.agee + Win32.Agent.frl + Win32.Brontok.q ++ Win32.Delf.gycn + Win32.Exchanger.ch ++ Win32.Small.Ybe ++ Win32.VB.ayo ++ Win32.VB.bg ++ Win32.VB.bj + Zlob.Downloader + Zlob.Downloader.wet Total: 944259 fingerprints in 242323 rules for 4324 products. More...

2008-10-22 Adware ++ AdDestination ++ Win32.SmartPops.c Keylogger + Ardamax + PerfectKeylogger Malware + Command Service + MicroAntivirus ++ PornBHO.ru + Smitfraud-C. + SpywareBOT.SpywareStop ++ TotalSecure2009 + Win32.Renos ++ UltimateSpyKiller PUPS ++ Joke.BadGame ++ Joke.Train + MyWay.MyWebSearch + Network Monitor ++ Sleepy Security + Microsoft.Windows.AppFirewallBypass ++ Microsoft.Windows.Comfile.HideExtension Spyware + webHancer ++ Spy-net Trojan ++ IRC.crt ++ OIN.Analytics ++ RS32UPS.ru ++ SysVenFakP + Virtumonde + Virtumonde.sci + Virtumonde.sdn ++ Win32.Agent.aach + Win32.Agent.ark ++ Win32.AutoRun.dcw ++ Win32.AutoRun.diq ++ Win32.Delf.aam ++ Win32.Delf.ake ++ Win32.Delf.yj + Win32.Delf.zq + Win32.Exchanger.ch ++...

2008-10-15 Adware + AdDestination + Winzix Keylogger + Ardamax (2) Malware + Fraud.SmartAntiVirus2009 (2) + Smitfraud-C. + Swizzor ++ TotalSecure2009 (2) PUPS ++ SniffPass Spyware + CommonName Trojan + Bifrose.LA + Refpron (2) + Virtumonde.sdn + Win32.Agent.cmn + Win32.Agent.wo ++ Win32.Bifrose.zxe + Win32.Exchanger.ch + Win32.Small.axy + Win32.Sohanad.as ++ Win32.VB.atg ++ Win32.VB.bda ++ Win32.WPA_Kill.AK + Zlob.Downloader + Zlob.Downloader.vdt + Zlob.Downloader.wet Total: 1148843 fingerprints in 286076 rules for 4310 products. More...

2008-10-08 Adware ++ InternetGameBox Hijacker + MediaTickets Malware + Fraud.PCHealth ++ MicroAntivirus + Smitfraud-C. PUPS ++ FuckMailBomber Trojan ++ Refpron + Virtumonde + Virtumonde.sdn ++ Win32.Agent.fbx + Win32.Agent.JH ++ Win32.Bifrose.boa + Win32.Buzus.jqw ++ Win32.Buzus.ytg ++ Win32.Delf.abk ++ Win32.Ikmet.c ++ Win32.MataAVG + Win32.Small.fb + Win32.Sohanad.as ++ Win32.Virut.q + Zlob.DNSChanger + Zlob.DNSChanger.rtk ++ Zlob.Downloader.bit Total: 1147480 fingerprints in 285772 rules for 4296 products. More...

2008-10-01 Keylogger + PerfectKeylogger + SCKeylogger Malware ++ AdRotate ++ AntispywareProXP ++ MicroAntivirus ++ MySideSearch + Smitfraud-C. + SpywareBOT.SpywareStop ++ Win32.VB.ij Security ++ Microsoft.Windows.Disabled.DispSettings Trojan ++ Refpron ++ Stration.dtp ++ Virtumonde.atr + Virtumonde.dll + Virtumonde.prx + Virtumonde.sci + Virtumonde.sdn + Win32.Autoit ++ Win32.AutoRun.ET ++ Win32.AutoRun.HomeVideo + Win32.Delf.rtk ++ Win32.Small.axh ++ WinDestroyerGolden ++ Zlob.ARg Total: 1141725 fingerprints in 284288 rules for 4285 products. More...

2008-09-24 Keylogger + Ardamax Malware + ActiveToolBand + AntiSpywareMaster ++ AntispywareProXP + BookedSpace ++ Cleaner2009 + Fake.MSAntivirus + Fraud.AntiMalwares + Fraud.AntiSpyware2008XP + Fraud.Antivirus2008 + Fraud.PC-Antispy ++ Fraud.SmartAntiVirus2009 ++ InternetSpeedMonitor ++ PCCleanPro + Smitfraud-C. + Virantix (8) + Win32.Agent.pz ++ Win32.Hangame + Win32.Renos + Win32.VB.lu + WinSpyKiller + WinXDefender + Worldsecurityonline.FakeAlert Spyware ++ EBlaster Trojan + Adclicker + Command Service + Fake.IKEA-Bill ++ Popguide ++ ProGroup.ProRat + Vanbot ++ Virtumonde.atr + Virtumonde.dll + Virtumonde.prx + Virtumonde.sci + Virtumonde.sdn + WebBuyingAssistant ++ Win32.Agent.hz + Win32.Agent.msgr ++ Win32.Antilam.20 ++...

With regret, we have to announce that update support for dated versions of Spybot-S&D is going to end. Fighting malware is a task that constantly requires new approaches. Some of these, we will make available through updated versions of tool libraries or plugins, but some make updates of the full software necessary. For those interested in a detailed technical background, see the OpenSBI wiki, which shows some of the changes in structure. Users with very old hardware, and users of Windows 95 who could not use Spybot-S&D 1.4, chose to stay with very old versions of the software, and we tried to accommodate them by still offering them the updates, with the limitation that Spybot-S&D would complain about a lot of incompatible detection...

2008-09-17 Dialer + EGDAccess Malware + Smitfraud-C. + Win32.Agent.pz ++ Fraud.PCHealth + CoolWWWSearch.OleHelp + ISearchTech.ISTsvc + DyFuCa.InternetOptimizer + MagicControl.Agent + ZenoSearch + WinSpywareProtect + SpywareBOT.SpywareStop + AntiSpywareMaster Spyware + 180Solutions.SearchAssistant + TargetSaver Trojan ++ Win32.Joleee.K + Win32.Flux.fm + Win32.Agent.hz ++ ProGroup.ProRat ++ Win32.Delf.jl ++ Win32.Delf.gkw ++ Win32.Agent.hnk + CoolWWWSearch.GonnaSearch ++ IRCBot.svchost ++ Agent.Clicker ++ Win32.Delf.rtk + Fraud.AntiMalwares + WebBuyingAssistant + Virtumonde.dll + Virtumonde.prx + Virtumonde.sci + Virtumonde.sdn + Virtumonde.Crack Total: 1219618 fingerprints in 292344 rules for 4237 products. More...

2008-09-10 Adware ++ Give4Free.BHO ++ zztoolbar Dialer + eGroup.InstantAccess Keylogger + Ardamax + PerfectKeylogger Malware ++ ActiveToolBand + AdwareAlert + AdwarePro + AntiSpyCheck + ErrorSmart + ErrorSweeper ++ Fake.MSAntivirus + Fraud.AntiMalwares ++ MalwarePro ++ Redtube + RegClean + Smitfraud-C. + Spyhunter ++ Win32.Agent.ys + Win32.BHO.je + Win32.Renos PUPS + FunWebProducts + MyWay.MyWebSearch ++ RegCleanr Spyware ++ SolutionClass.pws Trojan ++ Fake.PCTools ++ RightMedia ++ StormCodec + Virtumonde + Virtumonde.prx + Virtumonde.sci + Virtumonde.sdn ++ VisualBreeze + Win32.Autoit ++ Win32.AutoRun.buv ++ Win32.BHO.kv ++ Win32.Hupigon.eez ++ Win32.LdPinch.fzw ++ Win32.Small.ba ++ Win32.VB.bbd + Zlob.Downloader.apl Total...

About 24 hours ago, Google made a beta version of their own browser, Chrome, available to the public. From a privacy standpoint, we neither like to see GoogleUpdate permanently in the background nor those anonymous usage statistics it wants to send home, but since it's open source, we're hoping for free cleaned-up clones. From a security standpoint, the idea of restricting rights of browsing processes is something we hope to see spreading to other browsers as well, since we fully have to agree with this precaution (see for example Alter Ego). But the reason to write a news article about it today is not for adding our opinion on Chrome to the mass of other opinions already out there, but to announce support for Chrome in Spybot...

2008-09-03 Keylogger + Ardamax ++ Win32.KeyLogger.ap Malware ++ 1ClickPCFix + ErrorSafe + Fraud.AntiMalwares ++ Fraud.AntiSpyXP ++ Fraud.Antivirus ++ Fraud.XPAntivirus.gen + Power-Antivirus-2009 + Smitfraud-C.bs ++ Smitfraud-C.ul ++ Virantix (7) ++ WinReanimator ++ XPSecurityCenter PUPS + FunWebProducts + MyWay.MyWebSearch ++ Win32.HackTool.Aid (652) Security + Microsoft.Windows.AppFirewallBypass Spyware ++ CashBar Trojan ++ CSR.tr ++ Fake.HostProcess + Hupigon + Maran.J ++ Nebuler.BHO + Virtumonde.dll + Virtumonde.prx + Virtumonde.sci + Virtumonde.sdn + Win32.Agent.ark ++ Win32.Agent.ayo ++ Win32.Agent.es ++ Win32.Banker.egt ++ Win32.BHO.bc ++ Win32.Bzub.fh (579) ++ Win32.Delf.if ++ Win32.Disabler.i ++ Win32.Fujack.b ++...

2008-08-27 Adware ++ BannerStyles.Optimizer++ RXToolbar+ SmartShopper+ Zango+ Zango.ShoppingReport++ MorpheusToolbar Hijacker ++ CoolWWWSearch.Aff.Madfinder Keylogger + Ardamax Malware ++ Fakealert.gen+ Fraud.XPAntivirus+ Fraud.Antivirus2008+ IEDefender+ MalwareProtector2008++ WinDefender+ WinSpywareProtect++ XPSecurityCenter PUPS ++ Joke.FakeFormat++ WildTangent Security + Microsoft.Windows.AppFirewallBypass Spyware + ShopAtHome Trojan ++ CSR.tr++ Fraud.AntiSpyware2008XP++ Fraud.Installer.as+ Hupigon13+ Smitfraud-C.MSVPS+ Virtumonde.dll+ Virtumonde.prx+ Virtumonde.sci+ Virtumonde.sdn+ Win32.Agent.bm++ Win32.Agent.cui++ Win32.Agent.dj.rtk++ Win32.Agent.rso++ Win32.Agent.uzf++ Win32.AutoRun.bck+ Win32.BHO.je++ Win32.Brontok.q++...

2008-08-20 Adware + Zango.ShoppingReport Hijacker ++ FM.Toolbar (2800) ++ SearchPixieBar ++ Win32.Control.pg Malware ++ AdvancedXPFixer + AntiSpyCheck + BrowserAid + Fraud.Antivirus2008 + Fraud.XPAntivirus ++ Power-Antivirus-2009 + RegistrySmart + Smitfraud-C. + SpyShredder ++ UltimateAntivirus2008 + VistaAntivirus2008 + Win32.Agent.pz + Win32.BHO.je ++ Win32.FraudLoad + Win32.Renos ++ Win32.Stud.a + Win32.VB.ck PUPS + CasinoRoyal.PT Security + Microsoft.WindowsSecurityCenter.FirewallBypass Spyware ++ Win32.FirefoxPSW.k Trojan ++ AntiLamerBackDoor ++ Fake.AntiSpywareCheck ++ Pigeon + Smitfraud-C.MSVPS ++ TargetedBanner.Optimizer + Virtumonde.dll + Virtumonde.prx + Virtumonde.sci + Virtumonde.sdn ++ Win32.Archivarius.a ++...

The new method TeaTimer uses to inform the user about its actions has caused some controversy recently, so we thought some kind of explanation would be useful. The decision to use balloon tooltips to display the progress was made because they're a Windows standard for informing the user, and following standards is in general regarded as making things easier for the user. Informing about scanned processes was also kind of important for people who did not understand what TeaTimer was doing on startup. The tray icon also allows to disable any future balloons from its context menu, so they were purely optional. Sadly, so far many users did not look for this option, but came asking for a way to get rid of them, so we feel a change to...

The new method TeaTimer uses to inform the user about its actions has caused some controversy recently, so we thought some kind of explanation would be useful. The decision to use balloon tooltips to display the progress was made because they're a Windows standard for informing the user, and following standards is in general regarded as making things easier for the user. Informing about scanned processes was also kind of important for people who did not understand what TeaTimer was doing on startup. The tray icon also allows to disable any future balloons from its context menu, so they were purely optional. Sadly, so far many users did not look for this option, but came asking for a way to get rid of them, so we feel a change to...

2008-08-13 Adware + 2Search ++ Eroca + Zango Hijacker + LoudMarketing.WinFavorites Keylogger + Goldeneye + SC KeyLog Pro + SCKeylogger Malware + Krepper-G + PPCHook + SpyAxe + SyperCrypt.Overwriter + Win32.Agent.pz + Win32.VanBot.ax + WinFixer2005 + Smitfraud-C. + AntiSpyCheck + Win32.BHO.je ++ Softland.Antivirus2008XP ++ Power-Antivirus-2009 PUPS + DriveCleaner 2006 Security + Microsoft.Windows.AppFirewallBypass Trojan + AdSpy.TTC + BackOrifice2k + Crypt.Spambot.qk + Dropper.Mondo + Irc.Agobot + KBui32.SMTP ++ Nurech + Psyme + Virtumonde + Win32.Agent.ac + Win32.ConHook.ah + Win32.Rbot.aeu + Win32.SdBot.bkx + Zlob.Downloader.ol + Zlob.ImageActiveXAccess + Zlob.VideoActiveXAccess + Zlob.VideoAXObject + Zlob.Downloader.vdt +...

With the release of Spybot-S&D 1.6, our detectives have spent some hard time implementing some of the new technologies to improve Virtumonde detections, increasing our detection range by more than 40% to now more than quarter of a million detection patterns to identify more than one million fingerprints. Virtumonde (also known as the Vundo Trojan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs. It also causes other misbehavior, including performance degredation and denial of service with some websites including Google. It attaches to the system using bogus BHO's (Browser Helper Objects) and DLL files attached to Winlogon and Windows Explorer. To profit from these improvements, we...