Top

Help Support my Blog!

Virgin Mobile USA
Glasses USA
Amazon
Newegg
VPN4ALL
Netflix
Hulu
CafePress

 

Subscribe to Paul’s Tech Talk Affiliate Marketing Blog

Subscribe to Paul’s Tech Talk Science Fiction Blog

Subscribe to Paul’s Tech Talk Scams Blog

  • Acer 11.6
    Acer 11.6" Laptop 2GB 16GB | C710-2856
    Acer

    Currently  in process review this Acer Chrome book and boy is it nice!

Blog Index

Subscribe to our mailing list

* indicates required
Email Format

View previous campaigns.

Powered by MailChimp

Follow Us

Navigation
Sponsors

Entries in worm (28)

Saturday
May302009

Juste Goes from Twitter to Facebook

Author: AuthorPaul Sylvester | Date: DateSaturday, May 30, 2009 at 5:38PM |
According to Twitter Spam report:
"Best video" not so great -- we're working on it.
No matter how good that “best video” looks, don’t go to any juste.ru domains. We’re aware of the situation and are working on it.

[ad]Some sources have started to report this and how it was being sent out. It seems to be some kind of Virus that is taking control of your Twitter account. Althought this is not unusal, what is Unusual is that some have reported this jumping from Twitter to Facebook.

Juste.Ru seems to have been designed for both platforms and someone must of been logged into both to make this happen.   If you've gotten this message on Facebook you should just delete it and tell the person who sent it they need to do a [intlink id="2205" type="page"]system check[/intlink].   Also if you have been hit by this virus, first thing to do is clean your system before you do anything else.   Then reset your password, this way you won't be giving the virus access to the new password.

I talked about where you need to go tor[intlink id="3599" type="post"] reset your password,[/intlink] and it isn't to hard to do but in case your need to know just check out the other post about it.  You should always have an[intlink id="2205" type="page"] antivirus and Firewall[/intlink] this might of prevented this.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , ,
Wednesday
Apr152009

Mebroot becomes More Stealthier!!

Author: AuthorPaul Sylvester | Date: DateWednesday, April 15, 2009 at 4:31PM |
Well Here is something we should all be on the look out for:
[ad#cricket-right-ez]
Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

Mebroot inserts program hooks into various functions of the kernel, or the operating system's core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn't been tampered with.

[Via Pcworld Magazine]

I will be updating my [intlink id="2205" type="page"]Malware Resource[/intlink] for the Prevx Software, but this looks to be a very bad root kit.  From my understanding most of the security related software.   It seems this little program will become even harder to detect and remove.   It also looks like this is ready to start infecting people with this root kit.   You should update every part of your system from [intlink id="3327" type="post"]Windows Patches[/intlink] to Browser. [intlink id="2229" type="post"] Securnia once said[/intlink] that most people are not patched fully!!  Just like the [intlink id="3301" type="post"]Conficker Worm[/intlink], if your not fully patched and keeping anti-virus and Firewalls on your system then you might as well be walking on nails.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , ,
Monday
Apr132009

Mikeyy Worms stills going around Twitter

Author: AuthorPaul Sylvester | Date: DateMonday, April 13, 2009 at 7:56AM |
It seems Mikeyy has spawned a new and improved little advertisement:
Twitter, hire Mikeyy! (718) 312-8131 :)

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won't direct you to it. I just hope this doesn't keep up to much longer. If you've been infected with this worm I would refer to my other [intlink id="3308" type="post"]post about removing the worm[/intlink]. I do know if you aren't logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , ,
Sunday
Apr122009

StalkDaily.com was the culprit afterall!!

Author: AuthorPaul Sylvester | Date: DateSunday, April 12, 2009 at 7:07AM |

In my previous post, [intlink id="3308" type="post"]about StalkDaily[/intlink] I thought they were the innocent party in all this:
stalkdaily3

[ad#cricket-right-ez]Now he talks about how he did this and claims responsibility for the Twitter calamity. According to him he did this out of boredom, and needed a way to make money. I am wondering if Twitter will do some legal actions against him for the time it took to fix the problem and fact that it caused so much widespread panic for people to not trust Twitter makes me think that Twitter would have a real good case against a 17 year old who was trying to gain the system.

Then the people who have lost followers or have had problems with their twitter are going to be mad to, They were the innocent party and did not know about the Cross Site Scripting Vulnerability, although it doesn't appear to have gotten any passwords or sensitive data.

Although It does prove a p0int that the no script addon in Firefox is looking to be more and more needed as people search through the web.

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , ,
Saturday
Apr112009

Stalkdaily worm strikes Twitter -- Brings down the House!!

Author: AuthorPaul Sylvester | Date: DateSaturday, April 11, 2009 at 7:10PM |
twitter-stalkdaily

According to Techcrunch, this seems to of happened today where this worm has brought down twitter. I have been using the Twitter Client Tweetdeck and have not had any problems like they have had with this site. I wouldn't visit the site in question because you would most likely get the worm. It seems to be a very good hack it sends out spam on your twitter account like this:

stalkdaily1

[ad#cricket-right-ez]If you have been infected twitter is suggesting you password reset and requesting a new password. Some other removal information can be found here. I will update as necessary when I find out more.

*Update a Few hours*
It looks like Twitter had a Cross Site Scripting going on, and it wasn't really Stalkdaily who did it rather someone injected code into twitter to grab peoples browser Cache. See this post for more information.

According to watch I am seeing Stalkdaily is now safe to surf to as long as you don't click on links on twitter just yet. I have found that if you make sure you aren't logged into twitter in your browser you are much better at preventing this type of attacks. You can see the screenshot of stalkdaily website and it looks like they are an innocent party.




stalkdaily2

VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , ,
Thursday
Apr092009

Conficker Gets a new Look : Spyware Protector 2009

Author: AuthorPaul Sylvester | Date: DateThursday, April 9, 2009 at 8:22PM |
Looks like the Conficker Worm has changed directions according to Viruslist:
One of the files is a rogue antivirus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido, detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[See Pictures of website at Viruslist.com]

[ad#cricket-right-ez]From my understanding of this worm, it seems to be trying to [intlink id="3114" type="post"]scareware tactic[/intlink] trying to get you to pay $49.95 to remove these threats. F-secure has also seen this worm and thinks this is doing what the Waldec virus is doing by becoming a spambot. According to Eset, the botnet is larger than most and this could create a problem in the future.  It seems that it used the p2p to distribute this update so they could bypass the domain blocks that were in place.

I will tell you this, if you get the warnings you are infected by all means go to my [intlink id="2205" type="page"]Malware resource page[/intlink] and do a scan from the trusted sources.   I will update as I get more information on this little development.
VPN4ALL best privacy&encryption
Comment3 Comments | in , , , , , , , , , , , , , ,
Monday
Mar302009

Conficker Discussion Part 2 - Even more stuff to talk about

Author: AuthorPaul Sylvester | Date: DateMonday, March 30, 2009 at 9:07AM |
We've heard in the[intlink id="3214" type="post"] coming days there will be an update for the Conficker.C Worm[/intlink] and Microsoft has Released even more information about it: For Instance:
[ad#cricket-right-ez]
Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.(was reported to Microsoft on February 20, 2009.)

Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker. (was reported to Microsoft on March 4, 2009.)

As you can tell, this seems to be two different Variants starting to emerge.  Now let's go a little bit more deeper shall we.  According to US-CERT(United States - Computer Emergency Readiness Team) , They claim that this is Widespread infection and have posted about it on there website TA09-088A.

My one questions is Why is the US getting ready for this Conlicker worm, are they worried that what happened to the Parliament will happen to some branch of the White House.  This seems to be an even more hype building over this worm.  Everyone will tell you the same thing, they are not sure what will happen on April 1, 2009.  I think it will be a normal day and all because with all news about the Conficker worm, the person who wrote this won't want the light shined on them before they get there foot hold in systems.  So you will most likely not notice anything special on April Fools day due the awareness of the worm.

But don't forget to update your [intlink id="2205" type="page"]Anti-virus software[/intlink] and also might be time to add a good [intlink id="2205" type="page"]free firewall to help protect yourself[/intlink] from this worm.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , ,
Thursday
Mar262009

What will happen on April 1? Conficker discussion!

Author: AuthorPaul Sylvester | Date: DateThursday, March 26, 2009 at 11:04AM |
I saw that F-secure has posted what a Question and Answer on the Conficker Worm.  I wanted to talk about this a little myself:
Q: I heard something really bad is going to happen on the Internet on April 1st! Will it?
A: No, not really.

Q: Seriously, the Conficker worm is going to do something bad on April 1st, right?
A: The Conficker aka Downadup worm is going to change it's operation a bit, but that's unlikely to cause anything visible on April 1st.

[Via F-secure Website]

[ad#cricket-right-ez]I am like everyone else, I really don't know what will happen it is always going t to be media exposure when it comes to Worms, Viruses, or Trojans.  Virus Writers whoever "THEY" are, will always want to update there infected systems to keep the virus(Also worms, and Trojans) on peoples systems.   This is the way of security firms will always have to predict them, keep up with them, or just follow them.  This will never  change because as virus writers want to find even more ways to infect systems that is the necessity of Anti-virus Software.

I don't know what will happen on April 1, you most likely will be fine if not you won't know it until you try to update your system or update your anti-virus software.  One way you can find out if your infected is by trying to serf to security vendors like F-secure, Norton, and Kasperky.  If you Can't get to those sites then you most likely have a Virus or Worm, and it could be this worm!!

  1. Make the worm harder to detect -- This is a common practice they want to be able to hide the worm for as long a possible.  So they will always tweak it to make it that much hard to detect and remove.

  2. Make the Worm easier to infect systems --  This is another common practice, because without having systems there is no need for a Command and Control server.  The worm could do things such as Denial of Service, Or send out spam, or steal sensitive information.  This is the nature of why people make viruses, Trojans, or Worms.

  3. Easily update the virus software -- as with any software the virus writers will come up with easier ways of updating the software, because the security will do whatever they can to prevent the update.  This is also the nature of why there will always be updating of the code.  They will put in more ways to keep the virus, worm or Trojan from being blocked.   Like the Conflicker has some Peer to Peer functionality, so if one company blocks the update another way it could get the update is Peer to Peer.  So you can't block it very easily.


So what will happen April 1?  Who knows it could be a normal day, or it could be the biggest [intlink id="3208" type="post"]April Fools joke[/intlink] ever.  That is why I put that in my last blog post.  With so much Media Frenzy the security firms don't know what the Worm will do when it updates, all they can do is wait.   So let's take a deep breath and relax, there's nothing we can do just yet!!
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , ,
Wednesday
Mar252009

The April fools Joke, You've got a computer worm!

Author: AuthorPaul Sylvester | Date: DateWednesday, March 25, 2009 at 11:53AM |
Cluely's blog talks about this and I thought I would talk about it a little myself!!

[ad#cricket-right-ez]This is the newest version of the Conflicker/Downadup variant of the little worm.  There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.
Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

[Via Graham's Cluely Blog]

Now let's talk about this a little, this worm won't do anything else but ask for updates on April 1, and we don't know when the virus writers will implement the update it could be a month down the line.  You could[intlink id="3171" type="post" target="_blank"] Backup[/intlink] your software and use the free program [intlink id="2883" type="post" target="_blank"]Autopatcher[/intlink] to help make sure your system is completely up to date with windows security.  You can't forward the to that date to find out what will it call home to.    We don't know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009.  So you should install [intlink id="2205" type="page"]Anti-virus and Firewalls[/intlink] where you think it is needed.

I am sure though this will be an really big April Fools Joke from the Virus Programmers, they will be laughing at the hysteria of people trying to find out all the important information on April 1, and yet it might not start to happen until much later!!  You are the first line of defense from getting a virus or any malware.  So let's keep our heads on straight and not go over board!  Only time will tell, and I am sure what happens on Apr 1, 2009 will be a new day.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , ,
Sunday
Mar222009

Are You and Your Friends Fine -- Virus Spam

Author: AuthorPaul Sylvester | Date: DateSunday, March 22, 2009 at 5:52PM |

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

virusspam

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

fakesvideo

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan.  It blocked it, but  the file that it is downloaded called "save.exe" and I have talked about [intlink id="2991" type="post" target="_blank"]flash player fake updates[/intlink].  I have seen other blogs talking about dirty bomb news report leads to malware.  I don't know about you but if I wanted to update my flash player, I go to the source and not use any links.  It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans.  You should have a fiewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , ,
Wednesday
Feb252009

Microsoft Updates the Autorun Patch KB967715

Author: AuthorPaul Sylvester | Date: DateWednesday, February 25, 2009 at 2:11PM |
The updates offered in this article correctly disable the Autorun features. These features were not correctly disabled if you followed previously published guidance. The updates that are offered in this article have been distributed to the following systems through the Windows Update and Automatic update distribution channels:

* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2

[ad#ad2-right]This will help with the Conflicker Worm, also known the new variant Conflicker B++. Microsoft released this patch to better help the Administrators deal with the problem at hand. That the Conflicker worm exploits the autorun feature in most system. The Administrators need to disable the Autorun feature the right way, or it will not prevent infections.

Microsoft releases the necessary registry keys to edit and how want updates are needed to make this work. This will make it much harder for any program to exploit the Autorun feature in Windows.

This information is provided to help the Admins prevent from getting infected and should not be done by anyone who isn't comfortable with editing the registry. If you're not sure how to do it, please take it to someone who can do it. You could potentially make the system unstable messing with registry.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , ,
Thursday
Feb122009

Polymorphic w32/Scribble and what that is:

Author: AuthorPaul Sylvester | Date: DateThursday, February 12, 2009 at 1:06PM |
Having read the Graham Cluley's Blog about "Court halted by fast-spreading virus". I wanted to talk about this one because of the need to let people know about this little Virus and what you see when you are infected.

This virus modifies the Windows Host file so it redirects the host to a loopback address. It also uses the I-frame Injection into HTM, PHP or ASP file extensions. W32/Scribble-a, also known as Virus.Win32.Virut.ce, PE_VIRUX.A, or Virus:Win32/Virut.BM allows a users to control the machine through IRC.
[ad#ad2-right]
Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be "W32/Virut.n" (which Sophos has detected as the W32/Scribble-A virus since 3rd February).

[Via Graham Cluley's Blog]

Sopho's Has a removal tool for this to help disinfect a system that is infected. I also want to remind people about the need for backups and the need for Anti-virus Software, including a free firewall, will not protect you 100% of the time but will help you identify and possibliy remove a virus, Trojan, and worm from you system. Just like the seriousness of the Conflicker Worm, this too should be taken seriously due to how it is easily spreading. And with Valentines Day just a few days and some Other Holidays that will be coming up, you can bet this virus will start infecting even more systems. You should also backup your data weekly if not monthly. I'd suggest doing a backup on a Early Sunday Morning before 4am so the system won't be used.  I'll update you if there is anything else about this virus on my blog later.  Just wanted to let people know to be watching for this little virus on and offline!!
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Tuesday
Feb032009

Offline Update 5.0, Clone of Autopatcher to Some!!

Author: AuthorPaul Sylvester | Date: DateTuesday, February 3, 2009 at 3:51AM |
Offline updater 5.0 has been released a couple months ago and I just realized it now.  This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft.  The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

ct-offline-update50


[ad#ad2-right]I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections.  This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install.   You can take a DVD and update on the fly within Mins.   DVD being Cheap or buying them in bulk helps saves time and money for the company.   Less time spent downloading the updates and more time actually getting work done.  As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm.  This would help install the updates that it prevented you from doing in the first place.  I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again.  You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.
Q: How can I create the offline update CD images automate, for example via a "scheduled job"?
A: Create a new batch file in the "cmd", eg "DownloadUpdatesAndCreateISOImage.cmd". Add the desired calls of

"DownloadUpdates.cmd" and "CreateISOImage.cmd" with the necessary parameters in this new file. The file might for

example have the following contents:

@ echo off
call WXP download updates eng
call CreateISOImage WXP eng

Then set a "time-controlled contract" for the new script "DownloadUpdatesAndCreateISOImage.cmd" to your desired

time. For example, after each Microsoft Patchday create new images, select every second Wednesday of the month.

[Via The FAQ's Documentation (Translated Via Google)]

As you can see you can have it do a script and be ready for you in the morning.  You then just take it out of the drive and install where you need to install the day after the updates are issued. On another Note if you have clients who use Windows office Xp, 2000, 2003, 2007 then this will also help:

ct-offline-update50-1


This is nice if you have clients who use the Microsoft Office Suites also.  Some Malware will often try to infect people's systems through a office script or some other vector.   So this will also prevent infections or hackers from getting onto the system by updating this also.  You can have this added to each and every DVD ISO you make to include these as you update the patches also.

Download:
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Thursday
Jan292009

Do you have the Obama Worm?

Author: AuthorPaul Sylvester | Date: DateThursday, January 29, 2009 at 8:52PM |
So I sit here reading about the Obama Worm from PcWorld. Asking myself what type of worm this is? Here's what I do know, it isn't a malicious intent but it does look like it is something someone thought of this to test out their skills and to make people laugh. This however isn't a well made worm, it seems to slow down systems after awhile and prevents loading up of programs. The Odds of you getting this worm is like Dieing in an Airplane or Very slim according to some researchers.

[ad#ad2-left]It seems to be spreading through USB and therefore should prevent this by disabling Autorun features in your machine, also you should limit the use of external storage devices whenever possible to help prevent infection.  Although currently it seems that the worm isn't detected by any anti-virus software t right now.  There is a screen capture of the Obama Worm in case anyone wanted to see what it looks like.

The Back story is this started at school, and It looks to be only visible on Monday's.  So if you find yourself seeing the face of Obama on the right hand corner of your screen. That is the only way to find out if you have the Obama Worm.   If you want to find out,if you have the worm, the easiest and quickest way is to change the time on your Windows systems to the following Monday and reboot.  IF after you reboot, and you see the head then you will know you are infected or at least that is my theory on discovering it, haven't had a system with the Obama Worm yet but expect it to be really simple to find out.

Right now, Most of the Anti-virus companies are trying to figure out how to detect it and remove it so it will of course be a little while.  The best advice I can give you is to make sure you systems are fully patched to help protect the systems from Malware infestations.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , ,
Monday
Jan262009

'Life Owner' won't delete your data!

Author: AuthorPaul Sylvester | Date: DateMonday, January 26, 2009 at 8:10PM |
I received this email from a friend and wanted to talk about this:
VERY IMPORTANT , PLEASE READ THIS

Anyone-using Internet mail such as Yahoo, Hotmail,
AOL and so on.

[ad#ad2-right]This information arrived this morning,
Direct from both Microsoft and Norton

Please send it to everybody you know who has
access to the Internet.

You may receive an apparently harmless e-mail titled 'Mail Server Report'

If you open either file, a message will appear on your screen saying:
'It is too late now, your life is no longer beautiful.'

Subsequently you will LOSE EVERYTHING IN YOUR PC,
And the person who sent it to you will gain access to your
name, e-mail and password.

This is a new virus which started to circulate on Saturday afternoon.
AOLhas already confirmed the severity, and the anti virus software's are not capable of destroying it.

The virus has been created by a hacker who calls himself
'life owner'.

PLEASE SEND A COPY OF THIS E-MAIL
TO ALL YOUR FRIENDS, And ask them to
PASS IT ON IMMEDIATELY!

THIS HAS BEEN CONFIRMED BY SNOPES.

http://www.snopes.com/computer/virus/mailserver.asp

After doing my little research, I've come to the conclusion that this is nothing more than a warning that someone went over board on. I've check this on Snopes and it says that:
This latter version is difficult to classify as either "true" or "false": The virus it references (i.e., the Mail Server Report worm) was a real one, but it's neither new nor currently rampant (as claimed in the warning text), nor does it manifest itself in the fashion described (since the "symptoms" provided in the warning are merely a reworking of the text of an earlier virus hoax). All in all, that message doesn't really merit the dire warning to "SEND A COPY OF THIS TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!"

I decided to send a reply to my friend who email me this "Warning" and tell him this:

[ad#ad2-left]Although,  This is a real worm.  It however is over hyped and under no circumstances will it delete your files.   I'll quote from F-secure:

Warezov.W is a mass-mailing worm that sends itself as e-mail attachments to addresses found on the infected computer.

Typically, a mass-mailer arrives on a computer with an infected e-mail message. In some cases, the infected attachment can start automatically. In other cases, the system is infected when the user opens the attachment. When a typical mass-mailer is activated, it installs itself to the system and creates a startup key for itself in the Windows registry. It then stays active in the system's memory. While active, the mass-mailer searches for specific files (HTML files for example) on all available hard disks for e-mail addresses. Finally, it connects to an available mail server and sends itself to all the addresses it has found.

Aside from this, Warezov.W also downloads another worm variant from a specified website on the Internet.

According to all my sources is if you are worried about this worm, then I highly recommend a good Anti-virus and Software firewall.   This worm is easily detected by all the free anti-virus software out there.    I like AVG because it scans all incoming emails before you even touch the email.   Please don't forward that to anyone else it seems to be an old email warning that isn't really a warning anymore.   It seems to be a scare email where there is no real chance of your data going bye bye.   Just thought you'd like to know!!

So I tell you this, if you have any question of the likely hood of any emails you happen to come buy, you best best it to google it or ask your friend before you open the email up.   It is best also to scan all email attachments before even considering opening them.
VPN4ALL best privacy&encryption
Comment1 Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Monday
Jan262009

Valentine's Day Brings More Malware!

Author: AuthorPaul Sylvester | Date: DateMonday, January 26, 2009 at 7:02AM |
Panda Labs talks about this new technique where it tries to install W32/Waledac.C.worm under the thought of someone special. It sends out email to people hoping to click links such as:

    [ad#ad2-right]
  • hxxp://goodnewsreview.com

  • hxxp://worldnewseye.com

  • hxxp://www.spacemynews.com

  • hxxp://www.worldnewsdot.com

  • hxxp://www.worldtracknews.com

  • hxxp://www.wapcitynews.com

  • hxxp://linkworldnews.com

  • hxxp://goodnewsdigital.com

  • hxxp://waleprojekt.com

  • hxxp://expowale.com

  • hxxp://topwale.com

  • hxxp://waleonline.com

  • hxxp://goodnewsdigital.com

  • hxxp://wapcitynews.com

  • hxxp://bestgoodnews.com

  • hxxp://spacemynews.com

  • hxxp://linkworldnews.com




Once your at the site,  clicking on the hearts you would then download an file that is the worm!!  SO here are some things to remember.

If you don't know the person, then it's probably spam.   If you know the person you need to ask them before you run the program.   You also need to scan any downloads before you run them.  Go to my Malware Page and get a free Anti-virus and Firewall.  For the likely possibility this worm seems to search the computer and harvest email addresses, you should also warn the person who email you the link to let them know that they are infected.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , ,
Thursday
Jan222009

Alarming results are coming from the Conflicker Worm

Author: AuthorPaul Sylvester | Date: DateThursday, January 22, 2009 at 1:37PM |
[ad#digg-right]Today I've been doing research because I surprised how many people have searched for the Conflicker Worm/Virus and I wanted to point just how bad this is getting.     I was looking on Twitter about this some more and here is what I found out:
Over a million conflicker hosts: Are you responsible for any of them? (http: //tinyurl.com/awpeep

[Via twitter  Hevnsnt]

Now I went there and he seemed to of added ")" to the URL so I took that out and here's the URL to check this out.  I went there and saw all these IP(Internet Protocols) and it claims that it is over a MILLION.  I don't know if it is true because I stopped the list of IP's due to the size of list.

conflicker-statsI also wanted to talk about the rate at which people are finding this site due to the conflicker virus/worm infecting their systems.     As you can see it is steadily increasing as more and more people are trying to find out how to get rid of this very pesky infestation.   See below for some good resources to get this annoyance.

I went back to twitter and some other places to find out what people are saying about this virus and I found this interesting comment:
Conflicker Virus has locked out my work account again.... slightly upsetting it keeps trying to break my account password

[via Twitter twitpaul]

[ad#ad2-right]According to one blog post, they seem to think this is a test worm trying the waters out to see how well it works.  I tend to agree with this blog post because of the unlikely hood of just infecting systems for fun.   I also think they are going to use this worm/virus for a Botnet.  There have been several post about this being a possible Botnet setup.  Acording to Computeworld, They claim this is building a Botnet and I tend to wonder if this was a bad deployment or if they are just reading to start this up after so many computers are infected.

I don't know what to call the Conflicker a Virus or a Worm.  So I've decided to just use both.  I've been telling people to patch there system as soon as possible.  I'd also tell people that you need a good AV and a Good Firewall.   Although this sometimes won't prevent you from getting a virus you will undoubtedly need to disable Auto run.   Here are some good resources to better help you get this virus off your system:

As you can see there are several different options to help remove this virus and I thought I would list them here.   I have heard how hard this virus is to remove and I want to help people remove this virus.  Some other things to consider is disabling your restore points before you remove the worm, or it will just come back.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , ,
Wednesday
Jan212009

Apple's Not immune after all

Author: AuthorPaul Sylvester | Date: DateWednesday, January 21, 2009 at 4:16PM |
In a recent post from the San Internet Storm Center:
Apple


[ad#ad2-right]Apple has said they will not say yes or no to this report and that they will be investigating this fully. I've been saying Apple needs to get it's head out of the sand. According to Apple these effect both Mac's and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh's with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

In Any case It is time to update the software and maybe think about installing anti-virus software also.  Although the Mpeg-2 Playback Component vulnerability is for Windows Vista, XP SP2 and SP3.  You can see where a hacker would use that for a windows system very easily.   So you must be careful what you click on and remember that your no longer safe.  You know how they will want to test out the waters for OSX just because they could so this year I predict Apple will start having even more Malware and Viruses than ever before.
VPN4ALL best privacy&encryption
CommentPost a Comment | in , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Page 1 2 Next 20 Entries »