From the Mozilla blog:
Issue:
Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild.
Firefox 3.6.11 and Thunderbird 3.15 have been released which include security updates for several critical vulnerabilities that can be exploited to run malicious code. Users are advised to update these applications.
Full details about the updates here:
Firefox
Thunderbird
Its a good idea to set these applications to check for updates automatically.
Today at Lavasoft, we discovered a number of new clones from the XpAntispyware2010 family of rogue security software. The unique aspect of this family is the ability to randomly change its name. Lavasoft Malware Labs found 36 different names on three operating systems (Windows XP, Windows Vista and Windows 7).
The links below lead to snapshots in the Lavasoft Rogue Gallery:
Windows XP
antispywarexp
antivirusxp
totalxpsecurity
xpdefender
xpdefenderpro
xpsecuritytool2010
xpsmartsecurity
xpsmartsecurity2010
xpantimalware
xpantimalware2010
xpsecurity
xpsecuritytool
A new clone from the MalwareCatcher rogue security software family has now been released.
The fraud tool is called SecurityAntivirus and will add hundreds of registry keys within:
SecurityCentral is a new painful rogue application. It will prevent execution of several Windows and security applications and disable Task Manager, DOS Prompt and Regedit to avoid users from killing the process manually. The cyber criminals running out of uniqe names. This rogue have "stolen" the name from another fraudtool which was released in August 2009.
PAntispyware09 is a new rogue anti-spyware application and a clone of MsAntispyware2009. It will give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove threats which do not exist.
Antivirus09 (or Antivirus’09) is a new rogue that follows the normal rogue procedure. It is distributed through a web page that presents the user with a fake online scanner.
Antispyware Pro 2009 is a new rogue anti-spyware application. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove threats which don't exist.
Lavasoft Malware Labs recently had a closer look on an IP range full of hoax sites. Reverse IP on 78.129.142.235 will reveal around 200 fraudulent domains which are hosted in United Arab Emirates. Most of the sites hosted under 78.129.142.235 will use and take advantage of already existing products from the security industry and other popular software. The examples below display their way to make illegal domains look reliable.
hxxp://7zip-2009.info
hxxp://Directx-full.info
hxxp://Icq-full.info
hxxp://Messengerplus-2009.info
hxxp://Safari-full.info
hxxp://Winrar-2009.com
hxxp://Www-kaspersky.info
Today a new rogue was discovered called Spyware Fighter. It is following the normal patterns with false detections and trying to scare the user into buying a license to clean them.
Further it has the classic user friendly home page available under a few similar named domains.
SpywareFighter was added to detection in release 0146.0017.
