Slashdot Mirror

> Did they ever release any actual evidence the Russians hacked the DNC?

They released the CrowdStrike report which said they think it was a Russian APT based on various signatures, such as an old copy of Ukranian malware called P.A.S. and a bunch of tor exit nodes, which they presented but failed to identify. They later retracted some of their claims. The DNC did not at any time turn over the affected servers to the FBI or anyone else, as one might expect for such a serious crime as was alleged.

Then the ODNI released the "17 agencies" report that doesn't present any technical info at all, just a few conclusions.

Somewhere in here we have that story about the "mystery server" where they think a Trump server (actually a 3rd party marketing site) is talking to a Russian bank. It turns out to be DNS traffic due to spam, but it's funny to look at now given the #Spygate allegations.

Then there were reports from Trend Micro including this one. There's a lot there about phishing and such, but not a whole lot about how to identify who this is other than "we think this is Russia."

Of course, then comes the Vault 7 leaks showing the CIA (likely among many others) has lots of tools to falsely attribute stuff to other parties. A person was later blamed for that leak, but they instead find that he's a pedophile which is... interesting. One may or may not be aware of a short-lived attempt by the "Todd & Claire" site to frame Julian Assange of that which melted under public scrutiny. There were also the infamous Guccifer 2.0 "Russian fingerprints" which seemed interesting, as he only dropped random Trump opposition research docs.

> Did they ever release any actual evidence the Russians hacked the DNC?

They released the CrowdStrike report which said they think it was a Russian APT based on various signatures, such as an old copy of Ukranian malware called P.A.S. and a bunch of tor exit nodes, which they presented but failed to identify. They later retracted some of their claims. The DNC did not at any time turn over the affected servers to the FBI or anyone else, as one might expect for such a serious crime as was alleged.

Then the ODNI released the "17 agencies" report that doesn't present any technical info at all, just a few conclusions.

Somewhere in here we have that story about the "mystery server" where they think a Trump server (actually a 3rd party marketing site) is talking to a Russian bank. It turns out to be DNS traffic due to spam, but it's funny to look at now given the #Spygate allegations.

Then there were reports from Trend Micro including this one. There's a lot there about phishing and such, but not a whole lot about how to identify who this is other than "we think this is Russia."

Of course, then comes the Vault 7 leaks showing the CIA (likely among many others) has lots of tools to falsely attribute stuff to other parties. A person was later blamed for that leak, but they instead find that he's a pedophile which is... interesting. One may or may not be aware of a short-lived attempt by the "Todd & Claire" site to frame Julian Assange of that which melted under public scrutiny. There were also the infamous Guccifer 2.0 "Russian fingerprints" which seemed interesting, as he only dropped random Trump opposition research docs.

If you need to keep your data, 1) don't use any Microsoft products

I have an even better idea. Don't take stupid advice from people on Slashdot:
https://www.trendmicro.com/vin...

The Internet advertising industry has exhibited, over the last two decades, a consistent pattern of complete, active and malevolent indifference to the well-being of yourself, your computing equipment and your data. "Malvertising" is a term because of their laxity. Their representatives equate using ad blocking software with racism combined with a direct attack on freedom of speech, and other editorials equate it to actively causing children to starve and stealing. Otherwise useful parts of JavaScript have had to be essentially obliterated because ads abuse them so very, very badly. They populate your screen with deceptive content, such as "diagnostic windows" and fake Download buttons in an attempt to entice you into downloading their shit.

Link to more information on how your ad blocker is racist censorship (according to ad firms)

A link to why they think you're a thief that steals food from children with ad blockers

Google's ad service being used for cryptocurrency mining on web browsers

It's too late for the Internet advertising industry. When trying to block out their crap has become an act of necessary self-defense, when they steal your processor cycles for their own gain for cryptocurrency, when they allow malware onto your machine, they've become an active hostile force. They are attacking you and consider you scum for defending yourself. Unfortunately there are just too many of the bad guys and not enough of the good guys here, and as such a potentially harmless way of keeping websites afloat is essentially doomed in its current form (although something like, say, the Brave browser's model might work).

0.0.0.0 vijus.bid
0.0.0.0 ozivu.bid
0.0.0.0 thisdayfunnyday.space
0.0.0.0 thisaworkstation.space
0.0.0.0 mybigthink.space
0.0.0.0 mokuz.bid
0.0.0.0 pabus.bid
0.0.0.0 yezav.bid
0.0.0.0 bigih.bid
0.0.0.0 taraz.bid
0.0.0.0 megu.info

* SOURCE http://blog.trendmicro.com/trendlabs-security-intelligence/digmine-cryptocurrency-miner-spreading-via-facebook-messenger/

APK

P.S.=> You'd be in GOOD company (security pro):

"use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ BLEEPING COMPUTER ... apk

See subject & my sources my program gets do it @ diff. intervals ALL AROUND THE CLOCK & I go 'above & beyond it' personally - how?

SECURITY SITES I WILL LIST FOR YOU (these are excellent finding all kinds of exploiters & malicious sites/servers galore for ALL types of threats):

http://blog.talosintelligence....
https://www.welivesecurity.com...
https://blog.malwarebytes.com/
https://researchcenter.paloalt...
https://www.bleepingcomputer.c...
https://securityintelligence.c...
https://www.cyren.com/blog
http://garwarner.blogspot.com/
http://www.malwaretech.com/
https://securelist.com/all/?ca...
https://www.fireeye.com/blog/t...
https://www.secureworks.com/re...
https://research.checkpoint.co...
http://blog.trendmicro.com/tre...
https://www.proofpoint.com/us/...
https://blog.comodo.com/catego...

That's 25 sources in total from the security community that UPDATES all the time around the clock - my program makes easy work of consolidating all that data is all! It works (see testimonials I posted in my other replies to you from /. peers).

APK

P.S.=> ... & YOU, personally, have FULL CONTROL OF THE DATA (try that w/ addons OR a REMOTE DNS - good luck on the latter & the former? You'd best know regular expressions)... apk

Sorry, got to call FUD. If you read this,
https://blog.trendmicro.com/tr...

Basically this is an app that requests a ton of permissions, including being a device administrator allowing it to control the lockscreen. The user had to accept several scary warning dialogs for the app to obtain these privileges. They also had to go outside the Play store, and specifically allow untrusted apps to be sideloaded.

TFA states this app can escalate to root, but doesn't explain how that's possible across different versions of Android / Linux and different hardware. I've never heard of a root for Android that involves simply installing an app, let alone a universal one.

0.0.0.0 cccn.nl
0.0.0.0 basisinkomen.nl
0.0.0.0 netart.pl
0.0.0.0 chnet.se

* Per source article http://blog.trendmicro.com/trendlabs-security-intelligence/mouseover-otlard-gootkit/

APK

P.S.=> For the best in hosts file based protection vs. this & other threats online (most use hostnames vs. IP addresses is why)? APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Or just get their appstore to do the malware distribution for you.

Or do you really think MS will check more about your software than whether its revenue stream is flowing?

See my subject: Your impersonating me proves 1 thing - You WISH you were me (poor imitation = sincerest form of flattery).

APK

P.S.=> In case anyone's interested, the C&C servers for Persira are:

load.gtpnet.ir
ntp.gtpnet.ir
gtpnet.ir

185.62.189.232
95.85.38.103

From http://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/ ... apk

> The "conspiracy theorist" label is usually applied to people who have no evidence for their beliefs.

So, what is that evidence? Ars says there's something cyrillic in some metadata and fobs off to Trend Micro's report, which says there's an email from a free email provider that they think is related to a different hack. They also label it as Fancy Bear without bothering to give any details about why.

Given that the original "signature" had things like using Tor exit nodes, this seems like a case of "I saw cyrillic somewhere, it's Putin's fault" unless they actually bother to give us more data to establish these links.

Same AC as the GP. Please educate yourself on what the keylogger actually does: link to research paper.

Among other things, Limitless was designed to steal saved passwords in a number of applications, deny browser access to certain websites, and force logins to Steam. The behavior seems like malware to me.

Is there a contest on slashdot as to how to talk about malware without mentioning that it will only run on Microsoft Windows?

"the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks".

"Detected as Ransom_HDDCRYPTOR.A, HDDCryptor not only targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive" link

How to detect Umbreon:

Most of the tools you will find in Linux are written in C. Even programs written in Perl, Python, Ruby, PHP and other scripting languages end up calling GNU C Library wrappers as their interpreters are also written in C. Because Umbreon library hooks libc functions, creating a reliable tool to detect Umbreon would require a tool that doesn’t use libc.

One way is to develop a small tool to list the contents of the default Umbreon rootkit folder using Linux kernel syscalls directly. This bypasses any malicious C library installed by Umbreon. If the output contains one or more files with names starting with libc.so followed by a random integer, this is the red flag that suggests Umbreon is installed in the machine.

We have also created YARA rules that detect Umbreon, which can be downloaded here.

Removal Instructions

Umbreon is a ring 3 (user level) rootkit, so it is possible to remove it. However, it may be tricky and inexperienced users may break the system and put it into an unrecoverable state. If you are brave enough to proceed, the easiest way is to boot the affected machine with Linux LiveCD and follow the steps:

Mount the partition where the /usr directory is located; write privileges are required.
Backup all the files before making any changes.
Remove the file /etc/ld.so..
Remove the directory /usr/lib/libc.so..
Restore the attributes of the files /usr/share/libc.so...*.so and remove them as well.
Patch the loader library to use /etc/ld.so.preload again.
Umount the partition and reboot the system normally.

I can't say I have ever seen that issue, are you sure your computer isn't compromised?

I would suggest running http://housecall.trendmicro.co... to see if it finds anything (if you are using Windows at least). The reason to use that is that it bypasses the viruses that have bypassed your installed virus scanner. You could also use other scanners, but that is a good starting point.

Damn that Slashdot, it must have eaten your citation of a cookie being malware. The image exploit you speak of was not one that impacted the visitor, it was on that impacted the server that the site ran on. Maybe you should reformat your reply and fix the links so we can see your citations.

I suppose you know more than these guys/

How can a cookie threaten a computer?
A cookie itself cannot harm the computer, as it does not and cannot hold code (therefore the cookie cannot perform an action itself). However, the cookie can support (help) malicious actions to be taken on the respective system. Even more, being a plain text file, they are vulnerable, meaning that they can be “harvested” by other applications.

How about for ImageMagick? Here's the description.

This could be used to compromise Web servers and take over websites.

Now settle down while the adults talk or you're going to have to go sit at the kid's table. Stop spreading fud. Do you browse the web with imagemagick? No? Go figure. Does plain text file operate as an executable binary? No? Go figure.

Settle down and think a minute. You just look silly when you're covered in spittle and wrong.

Fortunately, Trend Micro won an award, they're the best at stopping zero day threats! So it's not a problem, keep using your anti-virus.

Unless you are going to tamper with the firmware or its settings, "good luck" changing my boot sequence.

Oh, by the way, a comment at this Trend Micro write-up suggests that the initial program that infects the system won't work unless the user has administrative privileges.

The real link is Android Vulnerabilities Allow For Easy Root Access

And from that link:

Using these two exploits, one can gain root access on a Snapdragon-powered Android device.

So the click bait headline is that. Click bait. A more correct headline would mention that it is the combination of Snapdragon and Android.

Than get Trend Micro Server protect. Trend Micro's virus scanner on Windows installs plugins into browsers as well, but it works as you describe. I doubt their Linux virus scanner does the same thing, as Linux is thought of as a server OS only by them.

http://www.trendmicro.com/us/e...

It doesn't matter what Linux compatible virus scan you choose, it is your choice.

https://www.linux.com/news/sof...

Riiiight, I'll just leave these here then.

"Security researchers from Trend Micro wondered what kind of cyberattacks might target one of our most common and vital pieces of infrastructure: gas pumps" ref

On a stock, non-rooted phone you can disable MMS to provide some degree of protection from this particular exploit.

Although unconfirmed, there are several stagefright booleans in /system/build.prop on some phones. Setting them to false might provide some additional protection. Root and a reasonable text editor will be required (i.e., busybox vi), and you should be able to recover from a boot loop before attempting this modification.

Here's the narrative:

- Trend Micro documented a 0-day Java exploit, leading to it's patching http://blog.trendmicro.com/tre...

- The hacking org Operation Pawn Storm that was using the exploit got all pissy, and redirected a domain that computers infected with their malware contact, pointed it to an IP address in Trend Micro.

The domain names contacted for command and control instructions are usually randomly encoded and encrypted, and rotate on a regular basis. The crackers know what the next domain name to be used is, but they are hard to deduce from the binary. Infected systems will likely move on to contacting the next domain/ip looking for remote control instructions in hours/days.

"Upon analysis of the same WIPALL malware family, its variant BKDR_WIPALL.D drops BKDR_WIPALL.C, which in turn, drops the file walls.bmp in the Windows directory. The .BMP file is as pictured below: link

https://ers.trendmicro.com/rep...

It's not on any known blacklists, but it's a major one that many use.

> Beyond transactions, I wonder whether retailers should even be storing credit card information?

They don't. All the big hacks so far have been at or near the point-of-sale using RAM scrapers (and other malware too).

malware of this nature probably wouldn't even be feasible if it wasn't for bitcoin and it's kin. There'd be no way to anonymously extort money from victims.

Not the case.

CryptoLocker’s creators also recently shifted their monetization tactics, giving willing users additional time to pay the ransom with bitcoin or MoneyPak.

Strains of this in the past were using MoneyPak (prepaid cash card) to extort money just fine.

http://blog.trendmicro.com/cry...

Sony has been a big supporter of groups that lobby for a three strike rule on copyright violations. According to them, copyright protections are so important that people caught violating it three times should have their internet access removed. While I disagree with the claim, I think Sony should at least hold themselves to how they feel the world should work.

So therefore all it should take is three copyright violations by Sony itself and they should feel obligated to remove themselves from the internet.

An example of such three copyright violation performed by Sony could be:

• Sony copyright violation with GPL covered PalmOS emulator[1]. They violated the license by performing distribution under a different license terms and therefore violated the copyright.
• Sony copyright violation with GPL covered worked included in XCP[2]. Again, they violated the license and therefore violated the copyright when they redistributed the covered works.
• Sony copyright violation of Sintel. They claimed license terms which conflicted with creative commons license terms when they added it to the youtube Match ID system.

The fact that Sony's website is still online suggests that Sony wishes there to be one law for everyone else and an exception for them. This game that copyright law is important only as long as someone other than Sony is violating it needs to stop. People need to learn that as long as they continue to buy products and services from Sony, then Sony will use that money to continue the historical trend lobbying to inhibit others for violating the same laws that Sony itself blatantly violates.

[1] http://docs.gnu-designs.com/sony/

[2] http://blog.trendmicro.com/trendlabs-security-intelligence/sony27s-xcp-drm-system-violates-gpl/

To protect the legitimacy of copyright requires first halting the businesses that have profited on violating it's terms. To protect the legitimacy copyright requires bringing down Sony.

I read that Skyfall is actually inspired by Stuxnet, which was way worse than controlling thermostats and happened in real life.

Aaand Stuxnet was designed to target which systems again? SCADA systems.

By and large, black hats can do a shit-ton more actual, physical damage to a society by gaining control of (or simply wrecking) their utilities' SCADA infrastructure than any of their other networks.

That's why any engineer worth their ring designs the SCADA infrastructure to be completely isolated from teh interwebs, with no remote control capabilities that aren't conducted over secured and dedicated leased lines. If emergency remote access is required for troubleshooting, then it is formally requested via phone, and if approved an operator on site will push a button that physically connects the system to a VPN router for a preset amount of time (5 mins to 1 hour, usually). If more time is required, the operator has to push the button again, otherwise the remote party is physically disconnected in the middle of whatever they were doing.

Yes, it can be a nuisance for remote support, but better this than leaving the systems connected (and vulnerable) all the time...

Wow. 41 comments in and only a handful actually on topic. The rest just bitch about an analogy involving Apple or the proper use of the term "hacker". I guess Slashdot has totally given up on discussions relating to security.

For those (few) interested, here is the link to the original paper.

http://www.trendmicro.com/us/security-intelligence/research-and-analysis/index.html#spotlight-articles

amusing how Trend Micro blocks access to this site http://global.sitesafety.trendmicro.com/

Trend Micro Hosted Email Security and Microsoft Forefront Online Protection for Exchange

It only took them 2 years http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/a_cybercrime_hub.pdf

"His botnet was able to compromise approximately 25,394 systems .. SpyEye was built specifically for Windows systems and Windows XP led the way, making up 57% of the compromised computers. Despite its improvements in security, there were nearly 4,500 compromised Windows 7 computers"

And according to TrendMicro 'someone' make rather heavy use of the diginotar certificates on ~40 different networks in Iran: http://blog.trendmicro.com/diginotar-iranians-the-real-target

I'm not even going to bother linking all of these...

http://www.mcafee.com/us/products/virusscan-enterprise-for-linux.aspx
http://us.trendmicro.com/us/products/enterprise/serverprotect-for-linux/
http://www.kaspersky.com/linux
http://www.eset.eu/products/nod32-for-linux
http://www.centralcommand.com/Products/VexiraforLinux/VexiraforLinuxFileserver.aspx http://www.centralcommand.com/Products/VexiraforLinux/VexiraforLinuxSambaServer.aspx
http://www.centralcommand.com/Products/VexiraforMailServers.aspx
http://www.f-prot.com/download/home_user/download_fplinux.html
http://www.avast.com/linux-home-edition
http://www.avast.com/linux-unix-edition
http://www.sophos.com/en-us/products/endpoint/endpoint-security-and-data-protection/components/anti-virus-protection/linux.aspx?utm_source=Non-campaign&utm_medium=AdWords&utm_campaign=NA-AW-Linux
http://www.ca.com/us/Support/gsa/Virus-Info/Virus-Signature-Updates/eTrust-Antivirus-7x-for-UNIX-and-Linux.aspx
http://www.pandasecurity.com/homeusers/downloads/desktopsecure/
http://www.pandasecurity.com/enterprise/solutions/
http://www.pandasecurity.com/enterprise/solutions/commandline/
http://free.avg.com/us-en/download.prd-alf
http://download.bitdefender.com/repos/

There's more OSX and Linux malware out there than you might think. Especially OSX.

One of the Windows users I work with says the same thing. Like you, he can't provide any examples either.

And if you're talking about those instances of trojans that rely on social engineering, what anti-virus program can defend against a user who willingly types in an administrative password and installs the malware on his own?

Well if we are excluding those...

There's 90% of Windows malware wiped out. The user is, always has been and will always be the biggest source of infection. Even in the Windows world and especially today when a patched Win 7 and Office suite aren't vulnerable to drive by infections.

I love how Mac fanboys need to move the goal posts to justify their positions. But here you go anyway.

http://about-threats.trendmicro.com/Search.aspx?language=us&p=OSX

No doubt you have some wonderfully convenient excuse to ignore this.

Have fun.

There's more OSX and Linux malware out there than you might think.

Examples?

Here you go.

As always, the most common infection vector is the user. This gets worse when a user refuses to recognise they can be infected.

No need to ask...

Now, in fairness, having a single AV engine, running on a box with powerful CPU(s) and a fast disk subsystem; busily snipping known viral payloads off of passing emails and network shared directories is actually a reasonably sensible 'pragmatic risk reduction' strategy, no matter what OS the server is running. It does help catch a lot of the more sophmoric virus attempts floating around, at zero computational and disk access overhead to the clients, who are the ones that likely have weaker CPUs and vastly lousier disk systems...

Not necessarily. Businesses love their anti-virus products. Not to mention the fact that if everyone were on open source, open source would be the target and viruses would come out of the wood work.

http://us.trendmicro.com/us/products/enterprise/serverprotect-for-linux/

# curl -i http://us.trendmicro.com/
HTTP/1.1 301 Moved Permanently
Server: Apache
etc...

Hmm.

Probably antivirus programs that report their findings back to home base so the parent company can assess threats and display them to the public.

I'm just reading this doc and the whole thing seems to be an exercise in fail on the part of Windows and antivirus programs:

* Detection of this is as easy as looking for a file "Rs32net.exe" in the Windows system folder.

* Subverting Windows' "safe mode" is as simple as writing registry values to "HKLM\SYSTEM\CurrentControlSet\Safeboot\Minimal\[EXEFILENAME]"

* Making sure you load into memory *before* the antivirus is as simple as this (yet somehow the antivirus programs can't use this technique??)

etc.

I've had great success with SysClean from trendmicro. It's free and may be a bit unintuitive how to get the files required, but it has worked greatly for me in the past for malware that disable AVs and requires no isntallation.

Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well.

Yes. Yes they are.

Now please list the count of Windows trojans vs. mac trojans. I'll get you started with the Mac count:

1 (or is this trojan actually in the wild yet?)

After all, we are talking about active trojans in the wild...

Do you not think that a system with a few orders of magnitude fewer active security threats might not, in fact, be more secure for the average user.

No I don't. I just believe that the claim that Mac has no such issues now is proven wrong. That is all. Nobody have claimed that Windows doesn't have a longer list of malware in the wild.

And questioning whether this one is in the wild is either disingenuous or you haven't RTFA or anything else on the subject. This is clearly proven to be in the wild, fx as a disguised iPhoto app for download.

Among some of the first Mac OSX trojans discovered in the wild was this one in 1996: http://www.macrumors.com/2006/02/16/the-first-mac-os-x-virus-a-new-os-x-trojan/.

And in 1997: http://boingboing.net/2007/10/31/mac-trojan-in-the-wi.html

Then you had these two: http://www.scmagazineus.com/two-in-the-wild-trojans-target-mac-os-x/article/111551/ . The ARDAgent one was drive-by stealth install (which Mac users also are fond of pointing out is a Windows only problem)

You've had a handful of others in the wild as well, like:
http://blog.trendmicro.com/mac-os-x-dns-changing-trojan-in-the-wild/ http://www.macupdate.com/info.php/id/30265/iservices-trojan-removal-tool

etc. There are more, but again, I'm not in any way claiming the list isn't shorter than similar Windows list, nobody is. But the claim that Mac OSX have no such malware in the wild have clearly been proven wrong (a long time ago).

Perhaps in the eyes of the overlords, or perhaps evolution, STDs are a "feature not a bug" situation, a form population control. Reducing numbers through the attempt to increase numbers. I wonder if we should start including a Trojan constant in our population growth and decay models. Combined with the social network clusterfuck, perhaps we need a digital vaccine. Hope your not allergic to PCillin.

While on this line of thought, I would liken using Norton to wearing 8 condoms, all which having been poked with a needle, and Spybot Search & Destroy being the "Pull-Out" contraceptive method, and disconnecting from the internet altogether being like a hysterectomy. Unfortunately, we can't forget Live OneCare, which is like wrapping it with toilet paper, drinking a fifth of tequila, taking two viagras, and then wandering around Mexico City.

What was my point again?

I cron this every day, have fun!

fog@fog:/usr/local/bin$ cat getantivirus.sh
wget -N -i /antivirus/filestoget.txt -P /antivirus

fog@fog:/antivirus$ cat filestoget.txt
http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE
http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.spybotupdates.com/files/spybotsd162.exe
http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe
http://download.avgfree.com/filedir/inst/avg_free_stf_en_85_420a1708.exe
http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe
http://dlce.antivir.com/package/wks_avira/win32/en/pecl/avira_antivir_personal_en.exe
http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip
http://mbam.malwarebytes.org/database/mbam-rules.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
http://files.avast.com/iavs4pro/vpsupd.exe
http://files.avast.com/iavs4pro/setupeng.exe

There are several good online virus scanners. They will ask you to download a small plugin, but I've used them with great success, without having to install applications.

http://housecall.trendmicro.com/
http://security.symantec.com/sscv6/home.asp

Also, two arguments against what is often suggested:

1) Virus scanners aren't for everyone. Some are extremely intrusive, often with their own "innovative" interfaces that make them bulky and impossible to manage for novices. Some will hijack your email applications, not tell you exactly when they block or delete something, and can also hinder web surfing speeds. If you don't know how things work already, having a scanner will make things even more confusing. Add subscription fees, and I say the whole thing isn't worth it.

2) No, I don't think "knowing your software" is a good way to tell if something is legit. Seriously, Windows alone will update itself and install weird things, as do most large software suites these days. They give ambiguous names to critical components, and to think we would know them unless they were dangerous is a bit much.

If you know what you're doing, I'd say you can avoid most issues by just being careful and knowing the signs (of danger and of contamination).

If you don't (or helping someone who doesn't), then I say dumb down the apps so things are simpler and safer. Like migrate to gmail, make FireFox or Chrome the default browser, and just setup all the bundled security features to their appropriate settings (windows firewall etc).