Help Support my Blog!

Virgin Mobile USA
Glasses USA
Amazon
Newegg
VPN4ALL
Netflix
Hulu
CafePress

 

Subscribe to Paul’s Tech Talk Affiliate Marketing Blog

Subscribe to Paul’s Tech Talk Science Fiction Blog

Subscribe to Paul’s Tech Talk Scams Blog

  • Acer 11.6
    Acer 11.6" Laptop 2GB 16GB | C710-2856
    Acer

    Currently  in process review this Acer Chrome book and boy is it nice!

Navigation
Sponsors

Entries in Vulnebilities (28)

Wednesday
Jul222009

Computer Security : How you get infected with Malware?

I have had several people how they get infected in the past few weeks and I have scoured the internet to try to come up with some answers.   There are several ways to get infected and we will discuss them all here.   In case someone wants to get a better idea on how to avoid these commons ways of infections

What is an Exploit?


This by nature is the first thing we need to discuss because exploits are most common with Malware due to the fact that they like to use them to gain control over an Application or computer.
An Exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack.

[Via Wikipedia]

Now it can come from several vectors that I know of and it doesn't just have to be one but has to have several different programs running to happen.   You see malware authors like to write code to crash your system in a way.   Just like a Remote Code Execution, when they run the code it does something to the computer to make it install software without the users knowledge or permission.  When Remote Code execution happens it is most commonly used to take control over a computer process where the program is located in memory or on the hard drive.

Opening a PDF


As you explore the internet you may come across sites with PDF's that are there to hide there true nature.   Just like the H1N1 Virus that is epidemic in the US,  Malware authors are using PDF to run a number of possible exploits on people computer.  There are a number of exploits that can be used in PDF and even examples for those who want to understand it even more.   It however means you should turn off auto-load PDFs in your browser.  Any browser will auto load PDFS without having to open a new session it will load in your browser without as much of a warning.

Fake files name


I don't know what else to call this but you get an email with what looks like it is a picture but that isn't always true.   For example you would get a email from a friend and it says it is a document and may look like documentname.doc.exe  which will also use an ICON that looks like a document and may fool you.  See the Hidden File extensions that need to be fixed in Windows 7 for examples of what I mean.

Fake Codecs


Codecs are a necessity to view videos but most often are not real.  [intlink id="2991" type="post"]Fake Codecs[/intlink] are a way to get you to install malware when you actually think it is a codec.  Install fake codecs can lead to trojans, virus, or even key loggers.  I've talked abut this from time to time but figure it would be good to remind people about this.

Installing Fake Antivirus Software


Sometimes you may get to a [intlink id="3964" type="post"]site that may look like it is a real antivirus[/intlink] but it in reality is a [intlink id="3713" type="post"]scam and will scare[/intlink] you into buying there product.   Sometimes the [intlink id="3114" type="post"]Scareware will say you are infected and send you a file to run to help protect you,[/intlink] if that ever happens don't run it.   You should never run programs from sites that you have never heard of.    Always go to trusted vendors first or at least Google for the product name before you install any questionable software.

Website tries to use web Browser exploits


Just like WebAttacker uses scripts to try to exploit several different known exploits in IE and other such Browsers.   This is the most common way to get virus or trojans to be install into a computer.   That is why I will always recommend getting away from IE and running Firefox or some other low profile web browser

Windows Up to Date


It is very important to keep you Windows System up to date. That said you got to understand that if you don't keep your system up to date there will always be an increasing possibility of getting an infection. Due to the fake that malware authors right after Patch Tuesday will know exactly how to exploit a system that hasn't updated there windows system to current. Install Service packs and other patches is the one way to keep malware authors at bay.

In one of my next posts I will recommend software to use to help prevent some of this or even how to disable some of the most common exploits.   If you like this post please feel free and tell you friends so they may also learn more about Computer Security.

[ad#SUPERAntiSpyware]
Tuesday
Jul142009

Antispy.microsoft.com is another Scareware

It looks like the people who invented "[intlink id="3805" type="post"]Antivirus System Pro[/intlink]" have made another site looking like it was a Microsoft site:

Antivirussystempro1


It looks like they use hijack your host file and inseart "Antispy.Microsoft.com" to the host file  with the IP address of "209.44.111.62"  There is no real website at Microsoft with that url so if you get this you have a some kind of trojan or virus on your system.   By using the domain name of Microsoft.com the chance that people will believe this is actually from Microsoft and buy this fake software is higher than with it having its own domain.


[ad]They seem to have incorporated the [intlink id="3872" type="post"]Site Adviser Scareware tactics[/intlink] these tactics seem to be a new way for them to look Official almost like they are the read deal and should there for be taken for the REAL Thing.   You should [intlink id="3884" type="post"]Download SUPERAntiSpyware[/intlink] and See if you can find the problem.   If that doesn't work you can always remove this threat manually.


This has the same ideas as the "ITsecure.Microsoft.com" Malware, they both look like they are from Microsoft and have modified the host file but are really Scareware trying to trick you into buying there fake antivirus and you would be loosing money.   I would recommend you checkout my [intlink id="2205" type="page"]Malware resources[/intlink] and find out what I recommend to prevent this from the future.

Wednesday
Jul082009

Using Malwarebytes to get Rid of Malware

Malwarebytes



I have been using Malwarebytes for quite some time.  I have the Installer for Malwarebytes in place on a  USB drive so i can use anywhere I go. I have seen several computers with very old Viruses and this actually detected them.

[ad]How Malwarebytes useful

  • Malwarebytes has a really good protection module to help prevent infections in the first place, but that requires you to buy it.  It should never be used without at least a [intlink id="2205" type="page"]firewall installed[/intlink] but it is a good defense against what I like to call a Drive by install.

  • Automatically create logs of Malware that is found -- This is good to for people who want to be able to check out what might be infected.   Also good to help identify the virus or Trojan, and find out how to uninfected it.

  • Cheaper than buying AVG -- Cost $24.95 which is half of the cost of buying AVG.


As you can see buying Malwarebytes can be cheaper than buying AVG or Norton and protects your almost as if you have a brand name.   I think if a customer can't afford $50 this would be the next best thing to suggest being that it will at least protect the system.   You can always install a [intlink id="2205" type="page"]Free Anti-virus[/intlink] along with Malwarebytes to better protect your system.   This is one way to not have to buy expensive antivirus and yet still protect your systems from Malware.

No matter if you Buy Malwarebytes or use the Free version you are better off then not having it.  With the Free Version you can't unlocks real-time protection, scheduled scanning, and scheduled updating.  These can be done manually without the having any Real time Protect.   You can scan manually and Schedule manually without buying the full version.  This is still a good buy, I recommend this to all my customers.
Monday
Jul062009

A few Zero Day Exploits in the wild -- Heads up

Several different Security Vendors are Reporting that there is an ActiveX and Directshow exploits out in the wild.

The Directshow file in question is : msvidctl.dll

[A work around to prevent this]

[ad]It involves an ActiveX control called the Microsoft Streaming Video control and there is no workaround that I know of just yet.   Microsoft is aware of these exploits but we don't know when they will release the patches.
These flaws mean that if you visit an Infected site you will most likely install software that you really don't need or want.   You should be cautious where you go especially on chinese servers because some of them are reporting that they have seen an overnight bloom of sites that have these exploits in place.

People should take care and [intlink id="2205" type="page"]install anti-virus and firewalls[/intlink] even the free ones are the best choices right now to defend againts these types of attacks.  You should also make sure you have the updated virus definitions and make sure you have the latest version of the AV program.

It is also suggest for users to not use Internet Explorer to prevent some of these exploits but take care and install a good browser, I would suggest Firefox to better protect your computer from some of these exploits.
Friday
Jun262009

Michael Jackson Malware on the Rise

In the last 24 hours the spammers and scammers have begun to distribute spam with the guise to:

    [ad]
  • Harvest Email Addresses --  This seems to used to ask users to respond to the email to get "top secret" information about how he died.  Security experts believe this is an attempt to verify email addresses for future spam attempts.   Although it isn't wise to reply to people you don't know about it at least has very little risk with your computer for the time being.

  • Fake Codecs and Hidden Trojans --  Seems this is the main thing they are doing right now to get personal computers on their networks.   So you should never visit a site you don't know about without having an Anti-virus software and A firewall to better protect your system.

  • Extortion Ware -- This one is very interesting, and According to Webroot.  You should avoid sites that you don't know anything about.   With News of anything major you should keep with the trusted news sites.  This one looks to be the bad guy type.


These seem to be a common ploy with scammers and spammers who want to get money from you in one way or another.   I have been watching the Google searches and haven't seen any malicious sites but I could of missed one here and there.

You should always have an [intlink id="2205" type="page"]Anti-virus and Firewall[/intlink] available to help protect your system from these types of attacks.   If you had some kind of protection to better protect your computer.  Remember no one can stop computer infections but you.
Friday
Jun192009

Morpheus comes a scanning!!

morpheusscan1I've been reading about this on other blogs about this user agent   I have been seeing this agent trying to access an area where I know Wordpress doesn't have anything there.  Some people suspect it is scanning for any Drupal Vulnerabilities.   I have to say if it is searching for Drupal, it is in the wrong place.

Now let's get down to it.  I've seen a lot of comments that just blocking the User is not going to prevent this from happening.   You see they can always spoof the agent with out much trouble but I feel that if they are going to do use an agent that I can track.  It is never a bad idea to block that type of access.  If that was a true agent, I seriously doubt it would be a legitimate agent because of the name.  Others have suggested this is looking to find a PHP Vulnerability and exploit your system.

[ad]I don't know if it is true.   I have been reading the comments on the blog and some of them are quite interesting.   One such comment that I like how this scanner has been around since 2006 and most PHP servers have been updated to prevent this type of exploit.   So either this scanner is an old system that has nothing better to do or they are just trying to see if they can get a response from my server.   In which case, they now will be give the Access denied.   I have modified my htaccess file to prevent this scanner from even coming to my website.  See blog post to find out how.

What makes this so interesting is it tries to go to "user/soapCaller.bs" expecting to find something, Oh well I am pretty much unconcerned due to the fact that I keep WordPress up to date and I am constantly looking for oddities like this in my log files.   Now we heard that they don't always have to use the headers and can hide and not be blocked so I have thought about denying anything that doesn't show IP or has no header?   I wanted to ask my users if that is a good ide or bad idea?   This would stop bots from being bad, I do wonder if this has to do with me talking about [intlink id="3132" type="post"]Pifts.exe a couple months ago[/intlink].    I have read about this on the comments section about this being a Government funded data collection, I don't know but it does intrique me on the subject.

Remember to help prevent exploits on your server you should keep it up to date as much as possible.  [intlink id="3700" type="post"]If there is an update to Wordpress[/intlink], you should always consider updating even when there are problems down the road.
Monday
Apr132009

Mikeyy Worms stills going around Twitter

It seems Mikeyy has spawned a new and improved little advertisement:
Twitter, hire Mikeyy! (718) 312-8131 :)

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won't direct you to it. I just hope this doesn't keep up to much longer. If you've been infected with this worm I would refer to my other [intlink id="3308" type="post"]post about removing the worm[/intlink]. I do know if you aren't logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.
Sunday
Apr122009

StalkDaily.com was the culprit afterall!!

In my previous post, [intlink id="3308" type="post"]about StalkDaily[/intlink] I thought they were the innocent party in all this:
stalkdaily3

[ad#cricket-right-ez]Now he talks about how he did this and claims responsibility for the Twitter calamity. According to him he did this out of boredom, and needed a way to make money. I am wondering if Twitter will do some legal actions against him for the time it took to fix the problem and fact that it caused so much widespread panic for people to not trust Twitter makes me think that Twitter would have a real good case against a 17 year old who was trying to gain the system.

Then the people who have lost followers or have had problems with their twitter are going to be mad to, They were the innocent party and did not know about the Cross Site Scripting Vulnerability, although it doesn't appear to have gotten any passwords or sensitive data.

Although It does prove a p0int that the no script addon in Firefox is looking to be more and more needed as people search through the web.

Thursday
Apr092009

Conficker Gets a new Look : Spyware Protector 2009

Looks like the Conficker Worm has changed directions according to Viruslist:
One of the files is a rogue antivirus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido, detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[See Pictures of website at Viruslist.com]

[ad#cricket-right-ez]From my understanding of this worm, it seems to be trying to [intlink id="3114" type="post"]scareware tactic[/intlink] trying to get you to pay $49.95 to remove these threats. F-secure has also seen this worm and thinks this is doing what the Waldec virus is doing by becoming a spambot. According to Eset, the botnet is larger than most and this could create a problem in the future.  It seems that it used the p2p to distribute this update so they could bypass the domain blocks that were in place.

I will tell you this, if you get the warnings you are infected by all means go to my [intlink id="2205" type="page"]Malware resource page[/intlink] and do a scan from the trusted sources.   I will update as I get more information on this little development.
Monday
Apr062009

Securing your Windows Machines

After a Long day at work, you sometimes feel like there isn't much you want to talk about. Then this idea comes to me? Why do people blog and why do people talk about security?

I've come to realize something, I'm not one who was grew up understanding bits from bytes. I grew up as any family does fighting with my siblings.

Having been blogging the past few years, it seems like only yesterday that I started blogging. Cliche I know but still very much true. Most blogs do what they know, I aim to learn and teach each day I blog. Like days like this when the world is pretty much quite and the [intlink id="3214" type="post"]remnants of the conficker[/intlink] worm dies to a rumble.

[ad#cricket-right-ez]So how do you secure your Windows Machine?

After a day long battle with  my wife's system, I grow to wonder if there is something I should do differently with how to prevent Viruses and Worms on her system.  So I've groomed my Knowledge base and come up with 5 good points when it comes to locking down your Windows Machines:

  • [intlink id="994" type="post"]Lock down your Router/Modem[/intlink]  -- Some people don't know that having an insecure router with weak passwords is a way to get on another system.   This can easily be prevented if the users takes some steps to prevent. it.  Although if a hacker wants to break your encryption and find your Signal there is really nothing you can do but try to prevent that.

  • [intlink id="2205" type="page"]Firewall and Anti-virus[/intlink] --  Although I know people think I am a broken record this will always be something I encourage for everyone who reads my blogs.  I will never stop beating people over the head with this.   Seeing the [intlink id="3272" type="post"]Conficker map[/intlink] tells me there are quite a few without an Anti-virus or a Firewall, which might of given someone a heads up find out if they do or not!!

  • [intlink id="2984" type="post"]Disabling AutoRun[/intlink] --  This can prevent a USB stick from installing software it shouldn't.  Remember Microsoft has issued an statement on how to disable it for sure.  Although I must say The Security Now episode 187 seems to talk about this really well and how to make sure you do disable it the right way.

  • Make sure it is a Limited user account --  Most people always run as administrator when in fact that sometimes makes you more vulnerable to viruses, worms, and trojans.   Any software you install as an administrator will automatically be given Administrator rights.  That can be very bad when it comes to virus and such.

  • [intlink id="2883" type="post"]Keep your System up to date[/intlink] -- This is essental for people who to prevent exploits to be used against you.  Although  if your like me and you want to make sure your software is up to date some of that can be done with [intlink id="553" type="post"]APPSNAP[/intlink].


With These tips, your system can be a little more safer.  Just remember there is no perfect way to protect your systems 100% only some of the time.  The rest depends on you, because your the last layer of defense.  Also it isn't a bad idea to [intlink id="2407" type="post"]back up your system from time to time[/intlink].
Friday
Apr032009

Hackers Jump onto Power Point Exploits : KB969136

In my Previous post, we talked about Microsoft [intlink id="3280" type="post"]Advisory for KB969136[/intlink] and the exploit was in the wild.  It looks like Trend Micro has published some new spam attempts to get the users to open up the Maleware for them to deposit TROJ_PPDROP.AB onto there systems.

[ad#cricket-right-ez]Trend Micro has some screen shots of the most common Fake Presentations for you to see just how they try to get you to open the file.

Although these are some common tactics for  attackers to use such as  nude pictures, Earth Hour, or Celebrities without Makeup,  users who don't normally use PPT should check the files out before you load them.  You also should remember to save them to a file and [intlink id="2205" type="page"]scan them with your Anti-virus software[/intlink], also it wouldn't hurt to have a firewall software.  It looks like these exploits tries to connect to the internet and you might be able to find out by the request from the firewall.

According to Internet Storm Center, the CVE place Holder for this is CVE-2009-0556 and hasn't become live yet. I do not think they will release that information until they get a chance for Microsoft to patch the systems.

This would be a good time to remind IT staff and anyone who might use Power Point that they should not open anything they aren't expecting and even then they should verify with your IT staff that it is safe until Microsoft issues a patch for this. I expect that if this become widely used it will be released out of Cycle or even In May's Patch Tuesday. According to Microsoft you could install Microsoft Office Isolated Conversion Environment (MOICE) but requires Office 2003 and Office 2007 systems. Find out how you can use this work around at Microsoft's Advisory of KB969136 for further instructions.
Thursday
Apr022009

Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

Well, this had to happen sooner or later.  It looks like Powerpoint can be exploited with a Remote Code Execution.   So Microsoft today has issued an Advisory for KB969136.

In there post they say:
[ad#cricket-right-ez]
At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren't expecting either scan it good with a[intlink id="2205" type="page"] free anti-virus[/intlink]. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it's an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don't think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

According to Micrsoft the Windows Live One care picks this up as Win32 Exploit so I am sure other [intlink id="2205" type="page"]Anti-virus Software will do the same[/intlink].   Just for the time being you will want to scan any presentations that come your way.  I will update the blog as more information becomes available!!
Monday
Mar302009

Conficker Discussion Part 2 - Even more stuff to talk about

We've heard in the[intlink id="3214" type="post"] coming days there will be an update for the Conficker.C Worm[/intlink] and Microsoft has Released even more information about it: For Instance:
[ad#cricket-right-ez]
Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.(was reported to Microsoft on February 20, 2009.)

Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker. (was reported to Microsoft on March 4, 2009.)

As you can tell, this seems to be two different Variants starting to emerge.  Now let's go a little bit more deeper shall we.  According to US-CERT(United States - Computer Emergency Readiness Team) , They claim that this is Widespread infection and have posted about it on there website TA09-088A.

My one questions is Why is the US getting ready for this Conlicker worm, are they worried that what happened to the Parliament will happen to some branch of the White House.  This seems to be an even more hype building over this worm.  Everyone will tell you the same thing, they are not sure what will happen on April 1, 2009.  I think it will be a normal day and all because with all news about the Conficker worm, the person who wrote this won't want the light shined on them before they get there foot hold in systems.  So you will most likely not notice anything special on April Fools day due the awareness of the worm.

But don't forget to update your [intlink id="2205" type="page"]Anti-virus software[/intlink] and also might be time to add a good [intlink id="2205" type="page"]free firewall to help protect yourself[/intlink] from this worm.
Wednesday
Mar252009

The April fools Joke, You've got a computer worm!

Cluely's blog talks about this and I thought I would talk about it a little myself!!

[ad#cricket-right-ez]This is the newest version of the Conflicker/Downadup variant of the little worm.  There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.
Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

[Via Graham's Cluely Blog]

Now let's talk about this a little, this worm won't do anything else but ask for updates on April 1, and we don't know when the virus writers will implement the update it could be a month down the line.  You could[intlink id="3171" type="post" target="_blank"] Backup[/intlink] your software and use the free program [intlink id="2883" type="post" target="_blank"]Autopatcher[/intlink] to help make sure your system is completely up to date with windows security.  You can't forward the to that date to find out what will it call home to.    We don't know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009.  So you should install [intlink id="2205" type="page"]Anti-virus and Firewalls[/intlink] where you think it is needed.

I am sure though this will be an really big April Fools Joke from the Virus Programmers, they will be laughing at the hysteria of people trying to find out all the important information on April 1, and yet it might not start to happen until much later!!  You are the first line of defense from getting a virus or any malware.  So let's keep our heads on straight and not go over board!  Only time will tell, and I am sure what happens on Apr 1, 2009 will be a new day.


Sunday
Mar222009

Are You and Your Friends Fine -- Virus Spam

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

virusspam

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

fakesvideo

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan.  It blocked it, but  the file that it is downloaded called "save.exe" and I have talked about [intlink id="2991" type="post" target="_blank"]flash player fake updates[/intlink].  I have seen other blogs talking about dirty bomb news report leads to malware.  I don't know about you but if I wanted to update my flash player, I go to the source and not use any links.  It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans.  You should have a fiewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.
Thursday
Mar052009

I hate Snopes Spam

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.
[ad#ad2-right]
According to Snopes and I'll quote:
Although the Postcard virus is real, it isn't a "BIG VIRUS COMING" (it's already been around in multiple forms for a long time now), it will not "burn the whole hard disc" of your computer, CNN didn't classify it as the "worst virus" ever, and it doesn't arrive in messages bearing a subject line of 'Invitation.'

[Via Snopes]

Now as you can tell the link described in the blog post was "http://www.snopes.com/computer/virus/postcard.asp". If you went there, you'd have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn't true.

Some things you need to consider before forwarding anything is:

  • Is it completely True?

  • Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)

  • Does it Say to Forward? (if so it is probably not wise)

  • is it from a Friend (If so you might want to remind the friend nicely that it isn't nice to send spam)


If you follow some of these suggestions you'll be making the Internet a far better place for everyone.  Remember if you don't know, it's time to learn.  if you do know, it is time to teach.  These are the fundamental aspects of using the internet the right way.  Also if it is a fake virus warning you should tell them to get a Free Anti-virus and Firewall to better protect them.  Also  remind them that if they keep their system updated then they shouldn't be too worried.  Remember only you can prevent a Computer Virus and it's up to you keep your system up to date.
Tuesday
Mar032009

Cracking and Warez sites are Host of Trouble!!

It is nothing to laugh at and should be understood that gamers have no freedom right now.   That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan.  It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:
[ad#ad2-right]
The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: "Crack Sites Distribute VIRUX and FakeAV"

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

  • No-CD Crack (This is good for those who want to play the game without the CD)

  • Key Gen Cracks (This is used for pirated version of a game)

  • Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

  • Game Cheats (This is usually a small program like a bot or some other way for the gamer to cheat)


And should not be Downloaded or USED!! I don't say that lightly, because Gamers feel they should be able to play any game they want. Although this post will probably make the Gamer developers happy, I do this to tell people that these virus writers are using the gamers to distribute the Virus.   I encourage all the gamers out there, that don't want to loose their games to not download any more of these types of cracks.  It seems the virus writers are wanting to infect systems and slow you down.  You don't want to slowed down do you?  Please consider getting a Firewall and a Free Anti-virus software to better protect your system.
Friday
Feb202009

PDF Zero Day Vulnerability in the Wild

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:
APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:
Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field.  This also could be used to make Botnets and make the network involved become sluggish.   It must be warned that there are a whole wide variety of possibilities that could be done with this exploit.  Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader.  Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus.  This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%.  The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.