Top

Help Support my Blog!

Virgin Mobile USA
Glasses USA
Amazon
Newegg
VPN4ALL
Netflix
Hulu
CafePress

 

Subscribe to Paul’s Tech Talk Affiliate Marketing Blog

Subscribe to Paul’s Tech Talk Science Fiction Blog

Subscribe to Paul’s Tech Talk Scams Blog

  • Acer 11.6
    Acer 11.6" Laptop 2GB 16GB | C710-2856
    Acer

    Currently  in process review this Acer Chrome book and boy is it nice!

Blog Index

Subscribe to our mailing list

* indicates required
Email Format

View previous campaigns.

Powered by MailChimp

Follow Us

Navigation
Sponsors

Entries in hacker (7)

Wednesday
Feb252009

TINYURL being used by scammers and hackers -- How to prevent it!!

Author: AuthorPaul Sylvester | Date: DateWednesday, February 25, 2009 at 9:27AM |
With Phishing attempts going on with the TINYURL redirect website, I thought I would show you how you could prevent from going to a site you don't want. Tinyurl.com has a great little feature, although it is a feature based on your cookies. It however will help prevent you from going to a site that you don't know anything that about. It's called the Preview Feature, and is available to any user who wants to use it.

previewtiny


As you can see if you enable it and you go to a click on a tinyurl, you will see this:

http://tinyurl.com/6t7ukk

previewtiny1


[ad#ad2-right]As you can see, if you click any TINYURL links you will automatically be told where that link is redirecting you to. This however only works with there being a cookie left behind in your system to let tell Tinyurl that is has to show the link first. So if you clean your cookies out from time to time, you will need to enable it every time after you clean the browser cookies. This will help prevent you from being phished because you will be able to tell if it is the right site in the first place. If not then you don't have to visit that site. This should be enabled on all Short URL Sites, I hope they make it a mandatory for any site that redirects. This would help stop phishing and scammers because they can't hide behind unknown url. Only time will tell though, these sites are always going to have problems but this would solve so many problems.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , ,
Monday
Feb232009

Being a Bad BOT!

Author: AuthorPaul Sylvester | Date: DateMonday, February 23, 2009 at 1:12AM |
badbot1

I had the strangest thing happen today, Seemed a Bad Bot was Crawling my pages. I was getting at least 60 page views an hour from this bad Bot!! The individual IP's of this Bad Are:
65.208.151.112
65.208.151.113
65.208.151.114
65.208.151.115
65.208.151.116
65.208.151.117
65.208.151.118
65.208.151.119


[ad#ad2-right]After the first initial hour of this going on, I started wondering what this bot was doing.   I did some more research into this little bot.   I did find out it is owned by Kintiskton LLC.  (Twitter Search)

Anyways It bothers me that when you do a Google Search for this company, it comes back with no company.  Some people have already did there research and have come up with very little.

I dug even more and some are saying this might be Homeland Security, and I have my own thoughts on this.   I might be paranoid myself but if there is no company out there and the IP keeps coming back, I assume it is BAD mojo.  Some people worry that it is a hacker probing for vulnerabilities and that worried me.

I decided with the Help from Godaddy, to ban the lot of IPs.  I figure someone is trying to get information or trying something they shouldn't, I'll stop it myself.   If you have Wordpress and are also having problems with this ip, you can ban it by adding this to your HtAccess file:

order allow,deny
deny from 65.208.151.112
deny from 65.208.151.113
deny from 65.208.151.114
deny from 65.208.151.115
deny from 65.208.151.116
deny from 65.208.151.117
deny from 65.208.151.118
deny from 65.208.151.119
allow from all


This is how you block those ip in the HtAccess file. Thanks to Wordpress for showing me how.
VPN4ALL best privacy&encryption
Comment7 Comments | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Monday
Jan262009

'Life Owner' won't delete your data!

Author: AuthorPaul Sylvester | Date: DateMonday, January 26, 2009 at 8:10PM |
I received this email from a friend and wanted to talk about this:
VERY IMPORTANT , PLEASE READ THIS

Anyone-using Internet mail such as Yahoo, Hotmail,
AOL and so on.

[ad#ad2-right]This information arrived this morning,
Direct from both Microsoft and Norton

Please send it to everybody you know who has
access to the Internet.

You may receive an apparently harmless e-mail titled 'Mail Server Report'

If you open either file, a message will appear on your screen saying:
'It is too late now, your life is no longer beautiful.'

Subsequently you will LOSE EVERYTHING IN YOUR PC,
And the person who sent it to you will gain access to your
name, e-mail and password.

This is a new virus which started to circulate on Saturday afternoon.
AOLhas already confirmed the severity, and the anti virus software's are not capable of destroying it.

The virus has been created by a hacker who calls himself
'life owner'.

PLEASE SEND A COPY OF THIS E-MAIL
TO ALL YOUR FRIENDS, And ask them to
PASS IT ON IMMEDIATELY!

THIS HAS BEEN CONFIRMED BY SNOPES.

http://www.snopes.com/computer/virus/mailserver.asp

After doing my little research, I've come to the conclusion that this is nothing more than a warning that someone went over board on. I've check this on Snopes and it says that:
This latter version is difficult to classify as either "true" or "false": The virus it references (i.e., the Mail Server Report worm) was a real one, but it's neither new nor currently rampant (as claimed in the warning text), nor does it manifest itself in the fashion described (since the "symptoms" provided in the warning are merely a reworking of the text of an earlier virus hoax). All in all, that message doesn't really merit the dire warning to "SEND A COPY OF THIS TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!"

I decided to send a reply to my friend who email me this "Warning" and tell him this:

[ad#ad2-left]Although,  This is a real worm.  It however is over hyped and under no circumstances will it delete your files.   I'll quote from F-secure:

Warezov.W is a mass-mailing worm that sends itself as e-mail attachments to addresses found on the infected computer.

Typically, a mass-mailer arrives on a computer with an infected e-mail message. In some cases, the infected attachment can start automatically. In other cases, the system is infected when the user opens the attachment. When a typical mass-mailer is activated, it installs itself to the system and creates a startup key for itself in the Windows registry. It then stays active in the system's memory. While active, the mass-mailer searches for specific files (HTML files for example) on all available hard disks for e-mail addresses. Finally, it connects to an available mail server and sends itself to all the addresses it has found.

Aside from this, Warezov.W also downloads another worm variant from a specified website on the Internet.

According to all my sources is if you are worried about this worm, then I highly recommend a good Anti-virus and Software firewall.   This worm is easily detected by all the free anti-virus software out there.    I like AVG because it scans all incoming emails before you even touch the email.   Please don't forward that to anyone else it seems to be an old email warning that isn't really a warning anymore.   It seems to be a scare email where there is no real chance of your data going bye bye.   Just thought you'd like to know!!

So I tell you this, if you have any question of the likely hood of any emails you happen to come buy, you best best it to google it or ask your friend before you open the email up.   It is best also to scan all email attachments before even considering opening them.
VPN4ALL best privacy&encryption
Comment1 Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Saturday
Dec132008

Uncovering a Virus/Trojan

Author: AuthorPaul Sylvester | Date: DateSaturday, December 13, 2008 at 7:47PM |
Getting done with the first part really got my juices flowing. I was shopping looking and thinking about this next article. I came up to only one option turning this into a 3-5 length post due to all the content that I will have.  So where did we leave off?  Oh that is right figuring out if you have a virus/Trojan.  The instant I made a post about this 12 hours later someone make a comment and here is what he said:
[ad#ad2-right]
Rene Van Belzen

I can't wait to read part two of this article. I always wondered how you'd know you're infected if a virus don't want to be detected and no virus definitions are yet available, because the virus is so new.

Now the truth is anytime a Virus does something it usually leaves a footprint somewhere and somehow.   Even the hardest working hacker can't plan for all possibilities and that is where we begin.   I have been helping people for a while with viruses and know that no matter how hard the virus tries to hide you can usually find it relatively quickly and easily do to virus check here are the ways I've done to figure out if they may or may not have a virus/Trojan.

Now if this is a client's computer and you don't want to be rude to the client, there are a few indications of user error and installing a virus.   This is relatively simple, all you do is do a quick inventory of all the start menu programs.  You'd want to look for any P2P file sharing program, If they have Firefox Installed, and if they are using Window Mail and not Thunderbird.   You see 80% to 90% of virus downloaded are installed by the End USER.  They either downloading a game and installing a virus with [ad#ad2-left]a game, or not protecting themselves by using Internet Explorer or Using Windows Mail.  That is usually my first step due to the fact, I've got to be diplomatic about finding out about security ways.  Also make sure they are up to date on there Window updates, unless they are using a really old system then you will have to work even harder.  Also you can suspect a virus if the client is talking about having problem with a program recently although this isn't always true it sometimes is the case due to the fact hackers don't have a big chance to test these viruses/Trojans out before they set them into the wild.  So there are always going to be unplanned problems associated with them.

After the first initial search of desktop, you should really know the likely hood of a possible virus getting on the system and later we will talk about counter measures to prevent virus attacks in the future.   There are a few places a hacker likes to put commands.   Hackers love to put in the Registry to run a program every time Windows starts.  It usually in:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\


Usually 50% to 70% of virus like to make sure the program to runs.  This is a flaw in Windows because hackers can edit this without much effort but there isn't many places a hacker can go to make sure a program is set to run when you boot.   So this is also a benifit to finding those little programs.


Now just like the Regisitry, Hackers also like to put programs in a few areas on the hard drive.   This is also kinda hard to hide because most of the time these are consider important to the system but if you know what to look for you can pretty much figure out if it is truelly a system file.  These areas of the hard drive are:




  • C:\WINDOWS\System32[ad#ad2-right]

  • C:\WINDOWS

  • %programfiles%\common files\microsoft shared

  • %windir%\temp\


These are just a few but if you look hard enough it can be found most of the time.   Most of the time I use the registry to tell me where these programs are so I can do a further check of the program.  Some of this is not needed with some of the programs that I recommend but this is for those who want to be a through job and make sure the virus is gone.

On my next post we will talk about some good tools for the trade to help get rid of a virus/Trojan.  This little step here is used to  better help identify a virus and also give you chance to google each name on the list of registry and the hard drive  to see if you can identify the virus.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Friday
Dec122008

What is a Virus and Why do I have one

Author: AuthorPaul Sylvester | Date: DateFriday, December 12, 2008 at 7:04PM |
After seeing more and more the updates coming from the net.  I wanted to talk about what a Computer Virus or Trojan is and how you get it.   So how did  you could of gotten a Virus in the first place.   So here are some information to consider:

The vulnerability of operating systems to viruses


So what does that mean to you?  Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit. [ad#ad2-right]
A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit.  Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems.  You see if they can get on one system they can then find ways to get on other systems.

In the Old days, you'd ask

How Did I Get This Virus, Anyway?


You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document. How you copy the infected files is irrelevant: Viruses don't care if you get them as an e-mail attachment, a download, or via a shared floppy disk, though e-mail attachments are the most prevalent (and easiest) mode of transport.

[via PcWorld] (Dated Oct 13, 2000 11:00 pm)

That was before hackers wanted to infect for more personal gains.   There is a list of things that hackers want to get when they Infect a system and it is usually very few things.   In the Old days they wanted the fame but now they want money and to take control over the internet.  They usually want to infect for Money or to have computers become botnets.  Now We aren't talking about the Movie, I Robot.   Once a system becomes a bot it doesn't think for itself but follows a line of command from the Command and Control center.  So lets say we have  several hundred bots on one net, and the hacker blacked mailed a server saying if they didn't pay up they'd get DoS attacked.  With enough bots going to one site at one time can slow or even bring down a site, that is how A hacker sometimes uses a virus or trojan to get into a system.

Viruses & Trojans try to Avoid detection


So you have a virus, it wouldn't do a virus any good to be detected right after getting onto a system.   More and more, viruses are trying to avoid being seen and heard.  Most hackers who program are wanting to infect more than one system so they have to make really sure that you don't find out your infected.    So with that said there are several ways  and I won't try to explain them because I think the link talks about it better than I could.   It however will give people something to think about.


In the next few days there will be another post on How you will be able to figure out if you have a virus.  I had to talk about this first so people could understand how to figure out if you have in the next post.  So stay tuned for more
VPN4ALL best privacy&encryption
Comment2 Comments | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Wednesday
Dec032008

Apple's Immunity, Botnet sanctuary.

Author: AuthorPaul Sylvester | Date: DateWednesday, December 3, 2008 at 11:51AM |
Apple Immune? No way!
But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]



Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.



[ad#ad2-right]According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

[ad#digg-left]Everything I've seen suggest that virus writers and Malware writers will MOST likely start targeting the Mac OS X, they know Apple sense of security is Vulnerable to attack and they will exploit it more and more. So what does that mean for Apple, it just means that soon every hacker who has a botnet will want a piece of the Apple Pie and is right now.
[ad#ad2-left]As PC Trojans go, the programming features of RSPlug.E look fairly basic. PC malware is more highly evolved and usually cleverer. But a programmer - probably a Russian - with knowledge of OSX had taken time to create a Trojan that hits Macs instead of PCs, James pointed out.


[via Techworld]


Which looks like it has already begun. So what can Mac users do, get an Anti-virus and maybe Apple will have to start backing down from the Virus commercials and actually admit it. Sooner or later someone will have to challenge Apple to get them to start admitting to it.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Thursday
Nov202008

Vista has a new Vulnebility!

Author: AuthorPaul Sylvester | Date: DateThursday, November 20, 2008 at 11:41AM |
According to Techworld.com,  Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit.  The talk from them is quite intriguing.   I will quote it to better let you know what the Vulnerability is:
The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

[ad#ad2-left]Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista's next service pack. Microsoft released a beta version of Vista's second service pack to testers last month. Vista's Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista.  Now we all know that Microsoft will release a patch quicker than 6 months away.  According to this article, people are already looking for the exploit and want to know more about it.  I would be willing to bet they will have a patch out sooner than later.  Probably January or Febuary, which will be a big deal because no one will expect it.  I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch.   So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,