Top

Help Support my Blog!

Virgin Mobile USA
Glasses USA
Amazon
Newegg
VPN4ALL
Netflix
Hulu
CafePress

 

Subscribe to Paul’s Tech Talk Affiliate Marketing Blog

Subscribe to Paul’s Tech Talk Science Fiction Blog

Subscribe to Paul’s Tech Talk Scams Blog

  • Acer 11.6
    Acer 11.6" Laptop 2GB 16GB | C710-2856
    Acer

    Currently  in process review this Acer Chrome book and boy is it nice!

Blog Index

Subscribe to our mailing list

* indicates required
Email Format

View previous campaigns.

Powered by MailChimp

Follow Us

Navigation
Sponsors

Entries in Symantec (11)

Tuesday
Jan172012

Scareware sites being sent through email!

Author: AuthorPaul Sylvester | Date: DateTuesday, January 17, 2012 at 5:16AM |
setup_security_defender_622.exe Chrome Scareware site on a Linux system!

Don't try this home!


If you are not careful you could easily get infected with spyware, or worms. I on the other hand know how to fix the problem if it happens or how to prevent it in the first place. I was using a live Kubuntu CD to do my test with the link that was given to me, so I didn't have to worry to much about infections.  The URL which was given to me was "[Website]/wp-content/plugins/(random letters and numbers)".   You could easily tell that it was just spam because there was no subject or anything else but a link in the email.   I did this a number a times and I got some very interesting websites:

  • http://scan27.delfasd.co.in (scareware site, See picture above)

  • http://wikimedicinepatients.eu (Canadian Pharmacy) [WHOIS]

  • http://systemtestnow.com  (Scareware site I think) [WHOIS]

  • http://scan7.oggnot.co.in

  • http://update17.oggnot.co.in


Never Run an unexpected Program!


I knew this was scareware site because it automatically sent me a file "setup_security_defender_622.exe".   I decided to check it out even more so I submitted to Jotti and you can see what they said by clicking the filename.   I also submitted it to the Virustotal to see what it said and I wasn't surprised but again, you should never run programs that your not expecting.    This is a really old scareware tactic that is still being used today and your self be taken advantage of.

Antivirus is KEY!


To prevent viruses, if your on a computer you really should consider buying an Antivirus.  There is even Antivurs for Macintosh machines, and Linux if your interested.   I don't know if you really need a Linux antivirus but I guess it wouldn't hurt to have it.   I think they are far behind Mac/Windows Antivurus programs but yet they are getting better.   You never really know what is needed in the future but you should be ready when it comes.

Which Antivirus Software do you use?


I am quite curious as to which you use when it comes to having an antivirus software.   By all means leave a comment and tell me which one you use or if you found another website that you have found, and I'll investigate it and tell others about it.

Paul Sylvester


Related articles


Enhanced by Zemanta
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , ,
Monday
Jun012009

Blog Success Spam -- What not to Do!!

Author: AuthorPaul Sylvester | Date: DateMonday, June 1, 2009 at 9:07AM |

Lately I've been getting spam emails with the titles:

  • Earning thousands blogging? You could be.

  • Bloggers Paid for Posts

  • Bloggers Wanted

  • Learn to blog for paychecks using this freebie video.


Each link sends me to blogsuccess.com, and looks like this:

blogsuccessspam


"Blog Success founders Jack Humphrey and Peter Lenkefi created this to help bloggers make money."  This is what I read in searches.    I've got to wonder if this is so successful they why do an email spam?   [intlink id="2833" type="post"]Most emails lately have been about scams and virus exploits[/intlink].   I am going to stick to the only way you should advertise by getting people to click links to come to my site.




According to Symantec:


Symantec reported that nearly 58 percent of spam is now coming from so-called botnets --networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam.



90 Percent of E-mail Is Spam, Symantec Says



Now if we do the math at least half of these emails sent to me are from hacked computers and are coming from so-call botnets.   If they are so caviler about using hacked systems to spam people do you really think they are making enough money with this website of theirs?   The old tried and true method for any blogger is TIME, Research and building your community.   Other than that there is no really easy way to make money quickly.   I just hope they release this and start doing it the right way.    This just makes there company become a dark site, in which all you do is bring people in who want to earn money in the bad way.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , ,
Monday
Feb232009

You won't make money from W32:Sality.ao

Author: AuthorPaul Sylvester | Date: DateMonday, February 23, 2009 at 7:43AM |
People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says "W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file."

Aliases for this Virus is:



  • Virus.Win32.Sality.y (Ikarus)






  • W32/Sality.AE (Norman)



  • W32/Sality.AH (Panda)



  • W32/Sality.AK (F-Prot)



  • Win32.KUKU.a (Rising)




  • Win32/Sality.AA (VET)


These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there's no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Friday
Feb202009

PDF Zero Day Vulnerability in the Wild

Author: AuthorPaul Sylvester | Date: DateFriday, February 20, 2009 at 9:33AM |
From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:
APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:
Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field.  This also could be used to make Botnets and make the network involved become sluggish.   It must be warned that there are a whole wide variety of possibilities that could be done with this exploit.  Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader.  Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus.  This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%.  The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Thursday
Feb192009

Careless Facebook profiling can lead to Identity Theft!

Author: AuthorPaul Sylvester | Date: DateThursday, February 19, 2009 at 10:48AM |
I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn't believe what I saw:

Something users shouldn't do!!!As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity.   You shouldn't be broadcasting your DOB and who your married to to your friends, just in case they get hacked.
Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their "walls" – personalized message boards.

[Via Computing.Co.UK]

This deservese a little mind and a lot of understanding.   By the spammers hacking into facebook accounts they have the chance to scam or spam people with links to possibly have a virus or trojan installer.

[ad#ad2-right]For example This one blog talks about the Virus:
Symantec's Norton Antivirus software has flagged this as a "high risk" Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is "low," since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)

You might be inclined to click on this link because it's from a friend, but they did not intentionally send it to you -- and yes, their Facebook photo is attached, too.

[Via Sync-blog]

facebookident2Now I went searching through my friends list and also found this little bit of information.  As you can see this one is asking for people to use there account to scam people out of money.  They could use this to find out even more information of the Other partner and make you believe your talking to the real deal.   Saying they need money because they are stuck over seas or something like that.   I've seen this on other blogs where people have sent money to "friends" but are actually people who are the scammers.  Then if you send the money you are out of luck with your money and possibly your friends to.  I am sure there are more but this is prime examples of what you shouldn't do and why.

So what can you do to prevent Identity Theft and/or being scammed?


    [ad#cricket-right-ez]
  • Roboform Review — A Password Manager that will help protect your passwords from key loggers and other such phishing sites.    I strongly recommend it to to all who are security minded. (Never use the same password for all your accounts)

  • Are you worried about your identity? -- This is good information in checking out sites that might be questionable.  You can find out what type of site it by using your brains.

  • Old Phish Become New again -- This is blog post about twitter and what may happen if you did give out your password.   This is a good example of why you never should give out your password to third party websites.

  • Twitter Spammers a getting more smarter -- This is also good example of what happens when you see become friends with someone who isn't real.   You could be the next to be spammed and/or impersonated.


If you follow some common steps you to could prevent from being the victim or getting your Identitiy stolen.   Some things to remember is Never tell anyone your Birthday the whole date like someone did on twitter a few days ago.  It's nice that they are growing older but that gives people that much more information to use to steal your money or your idenitiy.   Think before you give out any personal information like Age, Married, who your married to and anything that might be used to be able to access your account or your impersonate you.  Remember only you can prevent from being scammed or lossing your identity, you wouldn't want to have to pay for your mistakes.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Thursday
Jan222009

Alarming results are coming from the Conflicker Worm

Author: AuthorPaul Sylvester | Date: DateThursday, January 22, 2009 at 1:37PM |
[ad#digg-right]Today I've been doing research because I surprised how many people have searched for the Conflicker Worm/Virus and I wanted to point just how bad this is getting.     I was looking on Twitter about this some more and here is what I found out:
Over a million conflicker hosts: Are you responsible for any of them? (http: //tinyurl.com/awpeep

[Via twitter  Hevnsnt]

Now I went there and he seemed to of added ")" to the URL so I took that out and here's the URL to check this out.  I went there and saw all these IP(Internet Protocols) and it claims that it is over a MILLION.  I don't know if it is true because I stopped the list of IP's due to the size of list.

conflicker-statsI also wanted to talk about the rate at which people are finding this site due to the conflicker virus/worm infecting their systems.     As you can see it is steadily increasing as more and more people are trying to find out how to get rid of this very pesky infestation.   See below for some good resources to get this annoyance.

I went back to twitter and some other places to find out what people are saying about this virus and I found this interesting comment:
Conflicker Virus has locked out my work account again.... slightly upsetting it keeps trying to break my account password

[via Twitter twitpaul]

[ad#ad2-right]According to one blog post, they seem to think this is a test worm trying the waters out to see how well it works.  I tend to agree with this blog post because of the unlikely hood of just infecting systems for fun.   I also think they are going to use this worm/virus for a Botnet.  There have been several post about this being a possible Botnet setup.  Acording to Computeworld, They claim this is building a Botnet and I tend to wonder if this was a bad deployment or if they are just reading to start this up after so many computers are infected.

I don't know what to call the Conflicker a Virus or a Worm.  So I've decided to just use both.  I've been telling people to patch there system as soon as possible.  I'd also tell people that you need a good AV and a Good Firewall.   Although this sometimes won't prevent you from getting a virus you will undoubtedly need to disable Auto run.   Here are some good resources to better help you get this virus off your system:

As you can see there are several different options to help remove this virus and I thought I would list them here.   I have heard how hard this virus is to remove and I want to help people remove this virus.  Some other things to consider is disabling your restore points before you remove the worm, or it will just come back.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , ,
Monday
Dec152008

Removing Win32/Bagle.HE worm

Author: AuthorPaul Sylvester | Date: DateMonday, December 15, 2008 at 8:23AM |
Here is another virus that seems to be spreading lately.   From the looks of it, it sees to be another email worm.  Here is what eset says:

Aliases


Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

[ad#ad2-right]Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

  • Documents and Settings\All Users\Application Data\hidn\
    hldrrr.exe

  • Documents and Settings\All Users\Application Data\hidn\
    hidn2.exe


In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

[ad#ad2-left]It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:
Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

[via 411 on PC Security]

According to this site you can remove it by doing some steps.  I think Kaspersky has an easier way to remove it and it looks like most anti-virus software will remove this.   You need to remember that only you can prevent this from the future.   You should also update your windows update and make sure your system is up to date.
VPN4ALL best privacy&encryption
Comment15 Comments | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Saturday
Dec132008

Figuring out the Email-Worm Win32.Zafi.b

Author: AuthorPaul Sylvester | Date: DateSaturday, December 13, 2008 at 10:28AM |
This is another just I just saw on the web and wanted to talk about what this little Worm does and what it's known Aliases:

Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)

[ad#ad2-left]This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.


This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe

It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.

[ad#ad2-right]It also attempts to conduct DoS attacks on the following sites:

www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu

This seems to be a very big virus and can be removed with the use of Kapersky Virus removal tool for free for this type of virus. In order to prevent this virus in the future the user has to remember about not getting opening unknown documents or emails and not running any unkown program from an unknown file sharing.   Also remember you need to have an anti-virus  and also a firewall to protect yourself in the future.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Saturday
Dec062008

trojan.zlob removal tricks!!

Author: AuthorPaul Sylvester | Date: DateSaturday, December 6, 2008 at 8:20AM |
[ad#ad2-right]
Aliases:
Trojan-Downloader.Win32.Zlob.qyl (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzs (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzn (Kaspersky)
Trojan.Zlob.CPP (BitDefender)
Puper (McAfee)
SystemDefender (Symantec)

Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.

[Via Windows Live OneCare]

[ad#ad2-left]This one just popped up today on my radar it seems to be a very low threat on everyone's radar according to my sources say "Trojan.Zlob.G is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page."  So to remove this little Trojan you would want to download one an Anti-virus and firewall.   Once you install the software the program should fix the problem for you.   This one seems to be really easy to fix.   So Please read my post on how to better protect your self if you want to prevent this in the future.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Saturday
Nov292008

Spying on Spyware.ISpynow!!

Author: AuthorPaul Sylvester | Date: DateSaturday, November 29, 2008 at 7:08AM |
[ad#digg-right]This is another Virus that is going around and thought I'd tell you about it:
Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]



[ad#ad2-left]Now this one isn't to hard to figure out what happened.  You have to manually install it on your system to get infected.  Symantec has a great way on uninstalling this annoyance.  I also suggest checking out my other program list just in case you don't want to buy Symantec Anti-Virus programs.  Some other things to check out is:

This is just the beginning in getting your system clean.  You have to keep all you programs up to date and one way I do that is with Appsnap.  This little program keeps you programs up to date from Virus to Firewall.  I hope this helps people prevent and control spyware.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Sunday
Nov022008

Sites that you need not Visit:

Author: AuthorPaul Sylvester | Date: DateSunday, November 2, 2008 at 5:45PM |
[ad#ad2-right]I've had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw.  So I did some research and found some sites that you should not go to, or download from.   These sites have been know to spread the fake anti-virus malware software.   So I wanted to warn people of some common websites that have been known to have viruses on them:




  • hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ -- this site usually tries to send you the "Trojan.HTML.Zlob.AG" Virus.


  • hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php --This site usually tries to send you the "Trojan.Dropper.SMN" Virus.


  • hxxp://handballfondi.it/xxxxxx1.php -- This site is one of the new Malware sites that looks like Youtube,   When you go to this site they say you need a special to play a video clip.  Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.


  • hxxp://0scanner.com/---censored---/ --  This site usually tries to send you the "Adware.FakeAntiVirus.L" virus.  Another site trying to install malware. [ad#ad2-left]



If you want to check your system, here are some places to go to get a free Anti-virus check:

If you have any other ways sites that we should avoid by all means comment about it. I would love to hear sites that you know are bad!!
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,