Top

Help Support my Blog!

Virgin Mobile USA
Glasses USA
Amazon
Newegg
VPN4ALL
Netflix
Hulu
CafePress

 

Subscribe to Paul’s Tech Talk Affiliate Marketing Blog

Subscribe to Paul’s Tech Talk Science Fiction Blog

Subscribe to Paul’s Tech Talk Scams Blog

  • Acer 11.6
    Acer 11.6" Laptop 2GB 16GB | C710-2856
    Acer

    Currently  in process review this Acer Chrome book and boy is it nice!

Blog Index

Subscribe to our mailing list

* indicates required
Email Format

View previous campaigns.

Powered by MailChimp

Follow Us

Navigation
Sponsors

Entries in virus removal (36)

Thursday
Mar082012

How computer viruses use word of mouth to infect systems!

Author: AuthorPaul Sylvester | Date: DateThursday, March 8, 2012 at 2:37AM |

Social Networks Hype Cycle (Photo credit: fredcavazza)

Social Network is Culprit!


I remember some very interesting Facebook, Twitter, and other social media sites used in the past to get people to click on an infected link.  This is one of the oldest techniques.   The virus post something on your twitter account or your Facebook account about something really interesting.   Even if you trust your friend, sometimes the friend or twitter account that you know aren't really in control of what they post.   This is the first line of trust that the virus makers use to spread their viruses until other computers and systems.   You should never click any link unless you know where it is going.  Although this is becoming less and less troublesome, I am sure it isn't going away but just biding it's time to come out and strike another day.

Some tips to remember when your using social media sites are to use url expanders such as:

 

These are some great little url expanders that if your have a question about what the URL is then by all means use these.   I also like to use Bit.ly extensions for Chrome but it won't expand all and is only available on Chrome.   I don't know if there are other apps for Firefox like this but at least you have a starting place!

 

Emails are Second!


It is just like Social Networks but in this case you are getting an email to you.  A few years ago, we had some really interesting emails with either warnings or saying you have a picture on the internet to click it.  There are a dozen or so ways someone could fool you into downloading malware or viruses but these are the most common because most users will click links and they feel safe because they have built up trust.   Lately though they haven't been doing this much but it could be a very good possibly, so you must be careful!

Some things to remember when using emails, if your not expecting a link don't click it!  If your thinking it was sent to you for that purpose, it might be high time to email your friend and ask them if the y knew they sent that to you.   Sometimes the person or account involved doesn't know that they sending links that might be infectious.

If you follow these steps and consider using Malwarebytes [Affiliate Link] you are less likely to get infected but that doesn't mean that you are a 100 percent immune to computer viruses.  No Operating system is immune even Linux but that is just my opinion others  have said that you can't possibly get infected on Mac OS or Linux!

Paul Sylvester

 

Try Malwarebytes, the Leader in Malware Removal

 

Related articles

 

 

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , ,
Wednesday
Jul082009

Using Malwarebytes to get Rid of Malware

Author: AuthorPaul Sylvester | Date: DateWednesday, July 8, 2009 at 11:04AM |

Malwarebytes



I have been using Malwarebytes for quite some time.  I have the Installer for Malwarebytes in place on a  USB drive so i can use anywhere I go. I have seen several computers with very old Viruses and this actually detected them.

[ad]How Malwarebytes useful

  • Malwarebytes has a really good protection module to help prevent infections in the first place, but that requires you to buy it.  It should never be used without at least a [intlink id="2205" type="page"]firewall installed[/intlink] but it is a good defense against what I like to call a Drive by install.

  • Automatically create logs of Malware that is found -- This is good to for people who want to be able to check out what might be infected.   Also good to help identify the virus or Trojan, and find out how to uninfected it.

  • Cheaper than buying AVG -- Cost $24.95 which is half of the cost of buying AVG.


As you can see buying Malwarebytes can be cheaper than buying AVG or Norton and protects your almost as if you have a brand name.   I think if a customer can't afford $50 this would be the next best thing to suggest being that it will at least protect the system.   You can always install a [intlink id="2205" type="page"]Free Anti-virus[/intlink] along with Malwarebytes to better protect your system.   This is one way to not have to buy expensive antivirus and yet still protect your systems from Malware.

No matter if you Buy Malwarebytes or use the Free version you are better off then not having it.  With the Free Version you can't unlocks real-time protection, scheduled scanning, and scheduled updating.  These can be done manually without the having any Real time Protect.   You can scan manually and Schedule manually without buying the full version.  This is still a good buy, I recommend this to all my customers.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , ,
Friday
Jun052009

Not going to Twittertrain.net, just a Phishing attempt!!

Author: AuthorPaul Sylvester | Date: DateFriday, June 5, 2009 at 12:35PM |
So you want to have even more followers, but you don't know how to do it?   I've talked about [intlink id="3647" type="post"]Getting more followers and tips and tricks to get the people you want[/intlink].  Now let's talk about this to a point.

There seems to be automatic post going out with:

"OMG WOW Im getting 100s of followers a day, Check out this site: http://twittertrain.net"

[ad]Now going to the site and giving out your password is always a bad idea.   It seems to some people think it is easy to get followers but those who have built up your followers will know just how hard it is sometimes to get more.

I would be willing to guess this is a phishing attempt to get passwords and twitter names for later on.   Some would guess this will just become another way the spammers will use this to [intlink id="3662" type="post"]spread Scareware[/intlink].  I am thinking they want to get your password and save it for later use like this or others where they can get more people to click links and buy there fake products.

Graham Cluely blog post about this website also has a video about the problems associated with website. If you have given out your password, I'd strongly recommend Reseting your password if you can log in just changing the password.

I'd also suggest having [intlink id="2205" type="page"]Anti-virus and Firewalls[/intlink] installed to help prevent any malware that might be on your system now or later on.

If your really desperate for more followers, the best proven way is make friends and communicate.  This will make it easier for people to recommend you to other people.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , ,
Monday
Jun012009

"Look At This" Twitter Malware Exposed!

Author: AuthorPaul Sylvester | Date: DateMonday, June 1, 2009 at 5:15PM |
VirusList released information about the[intlink id="3655" type="post"] Justse.Ru Video[/intlink] that people were being warned about last weekend.

It seems that it wasn't a Cross Site Scripting but an PDF exploit that was [intlink id="3114" type="post"]used to install Scareware[/intlink] but Virus List says it as a Fraudware.

[ad]It looks like they were trying to get people to buy [intlink id="3607" type="post"]fake Antivirus[/intlink] software called "System Security".    It looks like there was a silent download of the PDF and it tried various exploits to get this software installed.

Virus Total has stated that this looks to be the first time, in which one criminal group is looking at making money off of twitter and Facebook.   This could be the beginning of the onslaught of these types of things to continue in the next few months to years.

That is why it is so important to have an [intlink id="2205" type="page"]Anti-virus software and a good firewall[/intlink] to prevent this sort of thing from happening.  It is important to note to all who have a twitter account that you will need to start being more cautious when it comes to videos being put on twitter.  You May never see another video virus like this or you could see a dozen in one day it depends on how people react to this and try to prevent it in the future.   If you think you have the scareware installed that is System Security.   I have found the Removal instrtuctions for people who want to get it off your system.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , ,
Saturday
May302009

Juste Goes from Twitter to Facebook

Author: AuthorPaul Sylvester | Date: DateSaturday, May 30, 2009 at 5:38PM |
According to Twitter Spam report:
"Best video" not so great -- we're working on it.
No matter how good that “best video” looks, don’t go to any juste.ru domains. We’re aware of the situation and are working on it.

[ad]Some sources have started to report this and how it was being sent out. It seems to be some kind of Virus that is taking control of your Twitter account. Althought this is not unusal, what is Unusual is that some have reported this jumping from Twitter to Facebook.

Juste.Ru seems to have been designed for both platforms and someone must of been logged into both to make this happen.   If you've gotten this message on Facebook you should just delete it and tell the person who sent it they need to do a [intlink id="2205" type="page"]system check[/intlink].   Also if you have been hit by this virus, first thing to do is clean your system before you do anything else.   Then reset your password, this way you won't be giving the virus access to the new password.

I talked about where you need to go tor[intlink id="3599" type="post"] reset your password,[/intlink] and it isn't to hard to do but in case your need to know just check out the other post about it.  You should always have an[intlink id="2205" type="page"] antivirus and Firewall[/intlink] this might of prevented this.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , ,
Monday
May042009

Facebook malware sending people to junglemix.in Phishing!

Author: AuthorPaul Sylvester | Date: DateMonday, May 4, 2009 at 10:17AM |

fblightfacebookphish


It looks like this is the newest phishing attempt for the Facebook community.  According to Sans, there is malware trying to send out messages to go to "junglemix.in".  I visited the site and it redirects me to "http://fblight.com/".   This is a phishing site because you can see from the address bar.   As of writing this post, it has been flagged by Phishtank that this is a phishing site.  I am glad people are reporting these types of sites to prevent people from getting there account stolen.


Find out the other phishing attempts that have been talked about, keep yourself safe.  Also this is a good time to[intlink id="2205" type="page"] install some free Anti-virus or Free Firewall[/intlink] software to help protect your computer from Malware.

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , ,
Monday
May042009

Cellular Modem common problem -- DNS LOOKUP

Author: AuthorPaul Sylvester | Date: DateMonday, May 4, 2009 at 9:00AM |
With Cellular Modems being used more and more, the common problem is:




Address not Found Address not Found

This is something that comes with any ISP the DNS lookup problem. In which your connection acts like a VPN connection, it connects to a cell tower and then gets transported to the nears server and then goes on the internet. The Server does the DNS lookup for you and send you to the right page. There seems to be a problem with my Cellular DNS server because it doesn't have a complete list and if it doesn't know where you to go you get that screen.

[ad#cricket-right-ez]So I found an easy way to fix this problem. I have been using my Host file to tell my computer the IP of the server that I am having the problem. So how do I find out the Ip of the server? This can be a problem to an extent.

I found that visiting the OpenDns.com Cache check will tell me the internet protocol of the server for the time but it could change. I just edit the host file manually and insert the need information by hand. Like I said the IP may change from time to time depending on where you are going or if it is a big server. The servers ip will rotate to help the bandwidth and keep it even on all servers, so this only works with servers that have a Static IP.

There is a program that will help you manage your host file it's called Hostman and this does makes editing your Host file a little more easily. I have used this and I haven't found anything that does do anywhere better than this. If you have a suggestion on a good Host Manager, please tell people in the Forums or leave a comment. I'd love to hear some good programs to help update the Host file more easily.
VPN4ALL best privacy&encryption
Comment2 Comments | in , , , , , , , , , , , , , , , , , ,
Saturday
May022009

Nikki Catsouras being used to spread Malware

Author: AuthorPaul Sylvester | Date: DateSaturday, May 2, 2009 at 8:36AM |
I was doing my usual perusing the internet and I came accross this site about Nikki Catsouras Accident Photos, I won't go into gruesome details but looks like the Malware Authors are at it again with trying to have you install [intlink id="2991" type="post"]Fake codecs[/intlink] into your system.

nikkicatsitepicThese are some of the nicer picturs on the site


I must warn you if you go to the site there are some very gruesome and disturbing pictures of the accident, but that not what is computer related.  On the site they also have a Video that isn't really a Video.  Clicking that video link pops up this in my AVG warning window:


nikkicatvidofake[intlink id="2205" type="page"]This is the Free Version of AVG[/intlink]


As you can see, the Malware authors are using the accident video to get people to install the Fake Codec to install some Trojan, worm, or even a Virus onto your system.  I've talked about this from time to time but if  you need to install a codec from a site you don't trust.  I don't recommend this to anyone.   I would keep with the known [intlink id="2991" type="post"]Codecs [/intlink]and keep away from any site that says you will need to install a codec or tries to install a codec.   I also recommend some [intlink id="2205" type="page"]Free Anti-virus and Free Firewall[/intlink] software to better protect you.  As you can see the free AVG software that I was using did detect this and prevented me from going any further.  So the Free software Anti-virus providers are keeping even the most common users safe.


If you did visit that and get the virus, Trojan, or worm, you can visit my [intlink id="2205" type="page"]Maleware resources[/intlink] to  find tools to help remove this problem.


nikkitrends5209


As of writing the post this seems to be on the Google Trends on May 2.  I will always tell people to go to the trust media sites if they are wondering who this person or what happen.   It looks like they Media is going wild over the court cases right now to take down the pictures.  I am all for the family wanting those picture.  I do hope they take them down.


VPN4ALL best privacy&encryption
Comment6 Comments | in , , , , , , , , , , ,
Monday
Apr132009

Mikeyy Worms stills going around Twitter

Author: AuthorPaul Sylvester | Date: DateMonday, April 13, 2009 at 7:56AM |
It seems Mikeyy has spawned a new and improved little advertisement:
Twitter, hire Mikeyy! (718) 312-8131 :)

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won't direct you to it. I just hope this doesn't keep up to much longer. If you've been infected with this worm I would refer to my other [intlink id="3308" type="post"]post about removing the worm[/intlink]. I do know if you aren't logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , ,
Thursday
Apr092009

Conficker Gets a new Look : Spyware Protector 2009

Author: AuthorPaul Sylvester | Date: DateThursday, April 9, 2009 at 8:22PM |
Looks like the Conficker Worm has changed directions according to Viruslist:
One of the files is a rogue antivirus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido, detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[See Pictures of website at Viruslist.com]

[ad#cricket-right-ez]From my understanding of this worm, it seems to be trying to [intlink id="3114" type="post"]scareware tactic[/intlink] trying to get you to pay $49.95 to remove these threats. F-secure has also seen this worm and thinks this is doing what the Waldec virus is doing by becoming a spambot. According to Eset, the botnet is larger than most and this could create a problem in the future.  It seems that it used the p2p to distribute this update so they could bypass the domain blocks that were in place.

I will tell you this, if you get the warnings you are infected by all means go to my [intlink id="2205" type="page"]Malware resource page[/intlink] and do a scan from the trusted sources.   I will update as I get more information on this little development.
VPN4ALL best privacy&encryption
Comment3 Comments | in , , , , , , , , , , , , , ,
Thursday
Apr022009

Conficker maps of US!

Author: AuthorPaul Sylvester | Date: DateThursday, April 2, 2009 at 3:59AM |

conficker_us_map


The Conficker Work Group has been busy the last few days compiling data of where the [intlink id="3240" type="post"]Conficker Worm[/intlink] is in the world.  I am just showing one of the many pictures they have compiled.



[ad#cricket-right-ez]

Now I must say this isn't entirely accurate, but it gives a good impression of how many computers in the US have been infected and still need to be removed.   Giving that most of these are business that haven't updated there Windows Machines, this isn't surprising.  So I am guessing that if this map is close to what we expected, some of the companies didn't do anything about[intlink id="3214" type="post"] Conifcker during the hype[/intlink].


That being said, I would like people to answer this question?  Has any technicians had to disinfect systems that had the conficker worm?  Are you seeing a rise in repairs, in regards to conficker related problems?


I was look around there website, the Conficker Work Group, and I stumbled on a really good resource.  It is called Conficker Eye Chart.  If certain images don't load then you might be infected.   If you want to find out if your infected go check the chart out for yourself.


The Group also has a great list of tools to remove the Conficker Worm.    Although, I have been saying for the past week that the best way to prevent from getting infected is having [intlink id="2205" type="page"]Anti-virus, and Firewalls[/intlink].  You will also need to remember that only you can prevent from getting a computer virus or worm, you're the last line of defense!!

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , ,
Tuesday
Mar312009

Mac Users aren't Immune, so stop broadcasting "You're glad you have a MAC"

Author: AuthorPaul Sylvester | Date: DateTuesday, March 31, 2009 at 1:01PM |

With the Conficker going on right now, I am seeing more and more Tweets about Mactwitconficker and


twitconficker



[ad#cricket-right-ez]

Now I might not know a lot but this type of Smug confidence will be the downfall of the Mac's in the coming years.  I have to ask do you not expect to get a virus at ALL?    You see when a company like Apple starts to get above a certain degree in the eyes of the hackers.  They will become a target, not a big target but a target.


In one of my post I talk about [intlink id="2173" type="post"]Mac's and Botnet[/intlink], you should really read it.  It talks about why Apple will become the next fail whale.    Some other Articles to Consider are:




And So I went into Google to see the trends for "Mac Virus" and Here is what I seen:

Mac Virus Google Trend

As you can tell Mac's Virus and Maleware are on the rise.  This doesn't mean you have to worry about the Conficker worm, but you have to Worry.  Most Apple Users are over confident that they will never get a virus or maleware on there system to the point that they will install it because they think they won't get it.   I've seen in the past where Mac users are [intlink id="2801" type="post"]download programs illegally[/intlink] just because they think they are not going to a Virus or Maleware.

It just gets me going when I constantly see people post about how they have a Mac.  I guess that Mac Ads are working but soon very soon they will change.    Although the mentality of the Mac not getting a virus is so god like that one day something like the Conficker worm will hit Mac's exclusively because of the attitude of users.  Should Mac's get anti-virus software, has been asked so many times in the past months that it makes me wonder.  Who has made this happen in the first place?  I'd have to point to Apple.  I don't agree with there MAC Tax when it comes to buying a computer and will never pay for a mac.  So the next time I see people broadcasting they are glad they have a mac, I'll just have to send them to this page!!  No Operating system is 100% secure or safe, even Linux systems can have viruses.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , ,
Wednesday
Mar252009

The April fools Joke, You've got a computer worm!

Author: AuthorPaul Sylvester | Date: DateWednesday, March 25, 2009 at 11:53AM |
Cluely's blog talks about this and I thought I would talk about it a little myself!!

[ad#cricket-right-ez]This is the newest version of the Conflicker/Downadup variant of the little worm.  There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.
Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

[Via Graham's Cluely Blog]

Now let's talk about this a little, this worm won't do anything else but ask for updates on April 1, and we don't know when the virus writers will implement the update it could be a month down the line.  You could[intlink id="3171" type="post" target="_blank"] Backup[/intlink] your software and use the free program [intlink id="2883" type="post" target="_blank"]Autopatcher[/intlink] to help make sure your system is completely up to date with windows security.  You can't forward the to that date to find out what will it call home to.    We don't know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009.  So you should install [intlink id="2205" type="page"]Anti-virus and Firewalls[/intlink] where you think it is needed.

I am sure though this will be an really big April Fools Joke from the Virus Programmers, they will be laughing at the hysteria of people trying to find out all the important information on April 1, and yet it might not start to happen until much later!!  You are the first line of defense from getting a virus or any malware.  So let's keep our heads on straight and not go over board!  Only time will tell, and I am sure what happens on Apr 1, 2009 will be a new day.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , ,
Saturday
Mar142009

Malicious Spammers target Bank of America

Author: AuthorPaul Sylvester | Date: DateSaturday, March 14, 2009 at 5:29AM |
I've saw two different security firms talking about Bank of America and I wanted to share with you:

Fake Bank Of America SitePicture from F-secure


[ad#cricket-right-ez]The two sites are F-secure and Pandalabs who are talking about Bank of America and how they try to get you to install malware.  With Adobe having just sent out the new updates last month it looks like spammers are using this to get people to install Malware.


It is also been known to be floating around in Facebook this spam.  So if you get a link going to a site you don't know about to see a video and it says you need a codec or the Adobe update you should turn right around and leave site. You should always type in the url of Your Bank and not go there through links.


From what they are saying it monitors Network traffic and Steals ICQ, POP3, and IMAP passwords.  If you find network traffic going to Hong Kong IP, then it is time to check to make sure all your Virus definitions are up to date and you've installed an Anti-virus and Firewall.  I would encourage  users to report it to Phishtank so that any other unsuspecting user or person going to that site will be warned.

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , ,
Tuesday
Mar102009

Fake Scareware Sites Popup after the Pifts.EXE Conspiracy

Author: AuthorPaul Sylvester | Date: DateTuesday, March 10, 2009 at 7:37AM |
There Seems to Be a Fake site that are popping up today right after what happened with PIFTS.EXE. I just happen to Google it to see what people are talking about and this appears on the front page.

Not a real site!!

As you can see this leads to a server in Poland and once you go to it you see:

Not a real virus scanner



I will be reporting this to Phishtank. This is scareware which means  there is no real VIRUS because and you
Should never believe the screens when you see something like this. According to Wikipedia:

[ad#ad2-right]Some websites display pop-up advertisement windows or banners with text such as: "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click 'Yes' below." These websites go as far as saying that a user's job, career, or marriage would be at risk. Products using advertisements such as these are often considered scareware. serious scareware applications qualify as Rogue software.
[Via Wikipedia]

So if you are worried you have a virus or think you have a virus I would advise you to download one of the free Many anti-virus software and firewall. This is nothing new with the companies who are doing this but don't buy anything because people are trying to scare you into thinking you have a virus. That rarely is a valid software and you should use the ones that you trust. If you find a site like that please report them to Phishtank and other sites that way we can protect everyone who goes there.

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , ,
Monday
Mar092009

Fake Emails about Windows Support spam!

Author: AuthorPaul Sylvester | Date: DateMonday, March 9, 2009 at 7:33AM |
According to Trend Micro, Some malicious software is being sent to unsuspecting users about Windows SP1 andSP2 having a error that could damage software or even hardware.  See Trends blog with the photos of the fake spam.

[ad#ad2-right]Although from time to time Microsoft does send out security information to Technet subscribers people have also used this in the past to get people to install Viruses and Malware, like this one that installs TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information




Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident. Unfortunately, malicious individuals can and have sent fake security communications that appear to be from Microsoft.


[Via Microsoft]



So if you get an email from Microsoft you'll probably want to delete it.  Any Microsoft communications will be sent from the Update center.  You should never install software that is from an untrusted website.    If you are concerned you should check the web and find out what people are saying about the situation and see if it is a scam or true!!  Remember only you can prevent a virus or Malware!

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , ,
Wednesday
Mar042009

Microsoft Releases the Patch Information for March

Author: AuthorPaul Sylvester | Date: DateWednesday, March 4, 2009 at 8:07AM |
Microsoft Has Released the Patch information For march and This is what is expected to be patch on March 11, 2009:

  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Kb949029) -- This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)

    • [ad#ad2-right]
  • Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (Kb949031) -- This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. (affected System : Microsoft Office)

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Kb949030) -- This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (affected System : Microsoft Office)

  • Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (Kb933103) -- This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)


These Four are all Critical and should be applied the week of March 11, 2009.  Their are Seven Patches coming out, but these are the main focus.   According to Microsoft they have released MS08-014, MS08-015, MS08-016 and MS08-017 to better help you find out which ones are affected.

Now is the time to get AutoPatcher ready and make sure it is up to date on any patches that might of came out this month that you didn't know about.  Also consider downloading the new version of Anti-virus and Firewall software while you are it.  In case you come accross a rogue virus and need to disinfect it!!  Some of these patches for this month is due to the EXCEL vulnerability that is out right now and is in the wild, so that should be your top priority once Tuesday come around.  Remember hackers will start exploiting these patches on Wensday and you will be racing against the clock.   One last bit of information for the Mac Users you should also apply these patches they are vulnerable to according to Microsoft.  I'll update as more information becomes available!!
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Tuesday
Mar032009

Cracking and Warez sites are Host of Trouble!!

Author: AuthorPaul Sylvester | Date: DateTuesday, March 3, 2009 at 5:39AM |
It is nothing to laugh at and should be understood that gamers have no freedom right now.   That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan.  It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:
[ad#ad2-right]
The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: "Crack Sites Distribute VIRUX and FakeAV"

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

  • No-CD Crack (This is good for those who want to play the game without the CD)

  • Key Gen Cracks (This is used for pirated version of a game)

  • Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

  • Game Cheats (This is usually a small program like a bot or some other way for the gamer to cheat)


And should not be Downloaded or USED!! I don't say that lightly, because Gamers feel they should be able to play any game they want. Although this post will probably make the Gamer developers happy, I do this to tell people that these virus writers are using the gamers to distribute the Virus.   I encourage all the gamers out there, that don't want to loose their games to not download any more of these types of cracks.  It seems the virus writers are wanting to infect systems and slow you down.  You don't want to slowed down do you?  Please consider getting a Firewall and a Free Anti-virus software to better protect your system.
VPN4ALL best privacy&encryption
Comment2 Comments | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Tuesday
Feb172009

Zero Day For IE7 Being used in the wild.

Author: AuthorPaul Sylvester | Date: DateTuesday, February 17, 2009 at 6:10AM |
It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:
HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.


How the IE7 Exploits are being used


[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn't as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP.  So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Monday
Feb162009

Not safe to download a worm : Project Snowblind

Author: AuthorPaul Sylvester | Date: DateMonday, February 16, 2009 at 12:44PM |
It looks like I missed this one yesterday. There seems to be a rogue and probably somewhat of a warez version of the game Project Snowblind.

[ad#ad2-right]ccording to Sophos:
Project: Snowblind is a multi-player first-person shooter (in the same genre as Doom) released by Eidos Interactive a few years ago.

A closer examination reveals that the installation program comes with a little nefarious piece of malware (detected by Sophos as W32/Rbot-GXL) that will drop a file called vghhost.exe. This file is actually a network worm as well as an IRC backdoor Trojan.

I must also tell people that if you want to download the demo, you can download it from the EIDO website and Download.com website. I will say I didn't know about this one until Technibble, published something about this.  Some of the things he publishes are great for the IT Professionals who want to start their own businesses.

I also suggest the Computer Repair Utility Kit, It can be used on a USB and has some good programs that you can use in Computer repair.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , ,
Page 1 2 Next 20 Entries »