WinHound Antispyware Added to Rogue List

Winhound Antispyware is the latest addition to the Rogue Antispyware list maintained by Eric Howes. This appears to be the latest pest from the Smitfraud, PSGuard, and RazeSpyware family. Early examples of Winhound include the following at Geeks to Go: Hijackthis log and other post Here is the brief description by Eric about Winhound:

stealth installs through exploits, system hijacking (1, 2); scare-mongering used as goad to purchase [A: 11-29-05 / U: 11-29-05]

From some preliminary tests, this fake antispyware product is installed with alot of other nasties. Stay far away from this program.

Microsoft announced that it will include detection and removal of the rootkit installed by several music CD's from Sony BMG. From Washington Post:

Microsoft said Saturday that it is updating its anti-spyware software (now called "Windows Defender") to detect and remove the file-hiding capabilities of the anti-piracy software installed by some Sony BMG music CDs. In December, Microsoft will automate that process through its malicious software removal tool, which is designed to help people clean up infections from some of the most pervasive bots, viruses, worms and rootkits.

If you have Windows Update set to automatic, then you will be notified by the icon in the system tray when the next Malicious Software Tool is avalable. Note that the current tool doesn't fix it, so you will have to wait till it is updated next month. You can also go directly to Windows Update to check for updates at any time. Microsoft Antispyware will become Windows Defender and when it does, it will expand it fixes to include malware like the Sony rootkit. No specific date has been set when MS Antispyware will be replaced by Windows Defender. When it does come out, you will be notified by the update process in the current MS Antispyware program.

It pleases me that Microsoft has targetted the Sony rootkit. If they want to protect their music, then fine, but to hide the protection program with a rootkit that isn't disclosed and is open to abuse by others is just wrong.