Year: 2009

Insanity Run Rampant — Antivirus Pro System (scareware)

Paul

Some of you would want to ask me why I am calling this title an usual title. In fact it is quite simple, I have been at the hospital since early this morning. While I was there I had some intriguing things happen. I was watching a person cruise the internet while they were at work. This is someone who is supposed to answer the phones and such. Then I see this POP UP, this draws my attention. “You SYSTEM Has Spyware”. This was my first thought, Scareware. The Popup said it was for “Antivirus Pro System”.
antivirus-system-pro

Since this was a Hospital computer, I couldn’t get a real screen shot of this but there are plenty examples out there, just like that one above.  Anyways what worries me is how System Admins are allowing employees to surf the web while at work on company time.   It also makes for a bad experience with their family.  It also concerns me about the fact that while that computer is infected some of the patients records could be leaked online.

[ad]If you have this Scareware program, Here is a good explanation on how to remove it.   Hospitals have a duty to protect peoples privacy.   Although I seriously this system had patient records it was being used to keep track of who was in surgery and where they were.

Hospitals should prevent their employees from using the internet and preventing patients or their family’s from using the internet.   While I was there I couldn’t do much but check my email and Maybe watch Twitter using Tweetdeck.   That was how bad the bandwidth was there.  According to some nurses they have a T1 Line.   So you know people are watching movies or other things through the internet.   I also heard from a doctor that people were streaming who were supposed to be at work.

That has been my day,  and am I tired.

I would also suggest people have a f[intlink id=”2205″ type=”page”]ree anti-virus software and a Good free Firewall[/intlink] to help prevent this type of scareware in the future.  Remember your the End User and that means only you can prevent this from happening in the first place.  Never go to suspicious sites or URLS that you don’t know where they go.   If you can prevent these types of attacks then you are much better off.

Hulu Days Of Summer are here again

Paul7 Replies

huludaysofsummer09

So we have it here right now, and it starts out really good.   You can watch Stargate SG1 Season 1 through 4 the whole summer.  The last of the Mohicans was the frst movie they brought out for this event.  I rember last years one where we had to guess the coming week.  Some of the ones that I did last year were:

Now I don’t know all that will come this summer but I would of liked to have clues like we did last year. That would of been really fun.  Oh well, I will keep watch on this and see what comes from this.   I also have been using the Hulu Desktop more and more, it seems to work well with [intlink id=”3059″ type=”post”]A600 Cricket modem[/intlink] really well.  For those who have it, I would suggest using the lowest quality of playback for using it.  It really isn’t bad quality for watching shows and such on.   You really don’t have to worry to much about buffering.  Although you should check your settings on the [intlink id=”1009″ type=”post”]player and change them[/intlink].

On a side note this week and next I will be really busy so I don’t know if I will update as much as I have in the past.  This is summer afterall so it might be off and on this summer until everything goes back to normal in the fall.  I will update the blog when I can this summer, so don’t you fret to much!!

Mac Malware on the Rise drive by Downloads

Paul

Photo by Incase Designs Photo by Incase Designs

More and more there seems to be a building trend with Malware writers are developing ways to find both Mac systems and PC Systems. In a diary talking about that one mans journey leads to a site that can detect which system you are on and offer up Malware for that system. He also has some other examples of this on a Mac Trojan in the wild.

Now more and more[intlink id=”2173″ type=”post”] Apple users think they are not vulnerable[/intlink] to the types of antics that the PC users have to deal with day by day.  This however proves they are “WRONG”.   I will keep telling people whether PC or Mac that you need to have [intlink id=”2205″ type=”page”]Anti-virus and Firewalls[/intlink] installed to help protect yourself from be victim to this type of stuff.  Just a last week Sopho’s issued the OSX/Tored-Fam worm to their databases.   Sopho’s even talks about this in detail on their blog.

[ad]Though admittedly it is the people who are searching for Porn that will most likely install this malware.  It however begs the question, hasn’t this been done on the PC systems before?  I have to think this is because the Apple is getting a bigger share of the systems in the world.   For the one reason people still think they will never get Viruses or Worms on there system.   I on the other hand know that this is just the beginning and in the near future Apple will have to recommend to people to have Anti-virus software on your system.  They did that in the past but changed their minds.

Apple’s stance on malware and their systems are one that will be their downfall.   I’ve talked in the past about [intlink id=”694″ type=”post”]Mac\’s getting viruses and other such Malware[/intlink].  Although to Apple’s benefit they do offer ProtectMac AntiVirus for the OSX.   I don’t know how good this is but I do think they need to change their advertising and not make it seem like the Macintosh has can’t get viruses.   I think it would be really funny to see Justin Long in the Mac ads get a Virus, although I don’t think that will happen it is something that I would love to see.

Morpheus comes a scanning!!

Paul

morpheusscan1I’ve been reading about this on other blogs about this user agent   I have been seeing this agent trying to access an area where I know WordPress doesn’t have anything there.  Some people suspect it is scanning for any Drupal Vulnerabilities.   I have to say if it is searching for Drupal, it is in the wrong place.

Now let’s get down to it.  I’ve seen a lot of comments that just blocking the User is not going to prevent this from happening.   You see they can always spoof the agent with out much trouble but I feel that if they are going to do use an agent that I can track.  It is never a bad idea to block that type of access.  If that was a true agent, I seriously doubt it would be a legitimate agent because of the name.  Others have suggested this is looking to find a PHP Vulnerability and exploit your system.

[ad]I don’t know if it is true.   I have been reading the comments on the blog and some of them are quite interesting.   One such comment that I like how this scanner has been around since 2006 and most PHP servers have been updated to prevent this type of exploit.   So either this scanner is an old system that has nothing better to do or they are just trying to see if they can get a response from my server.   In which case, they now will be give the Access denied.   I have modified my htaccess file to prevent this scanner from even coming to my website.  See blog post to find out how.

What makes this so interesting is it tries to go to “user/soapCaller.bs” expecting to find something, Oh well I am pretty much unconcerned due to the fact that I keep WordPress up to date and I am constantly looking for oddities like this in my log files.   Now we heard that they don’t always have to use the headers and can hide and not be blocked so I have thought about denying anything that doesn’t show IP or has no header?   I wanted to ask my users if that is a good ide or bad idea?   This would stop bots from being bad, I do wonder if this has to do with me talking about [intlink id=”3132″ type=”post”]Pifts.exe a couple months ago[/intlink].    I have read about this on the comments section about this being a Government funded data collection, I don’t know but it does intrique me on the subject.

Remember to help prevent exploits on your server you should keep it up to date as much as possible.  [intlink id=”3700″ type=”post”]If there is an update to WordPress[/intlink], you should always consider updating even when there are problems down the road.

Harry Potter and the Half Blood Prince Movie Spreads Malware

Paul

It seems in anticipation of the release of Half Blood Prince the Malware authors are starting to send for the movie. For example:

harrypotterblogspotfake
As you can see they really try to fool you into think your are going to be able to watch it for free.    They even put it the movie poster to try to get you to click that link. It is on a blogspot page and has a few Google followers, which I am amazed at because what I have found it.   If you were to click that play link (usa-top-news.info) it will redirect your to (world-news-scandals.com) and then to the final destination (tubes-portal.com). Each site is surprisingly in the US and tries to look like it is a real site. It sends you a file called streamviewer.40018.exe, which I am surprised AVG hasn’t picked this up so I went to see if this was a virus and Virustotal showed me this:harrypotterblogspotfake1

[ad]Very few actually detect this trojan downloader even [intlink id=”2205″ type=”page”]AVG[/intlink] hasn’t detected this as being malware.   So you best bet is not try to go watch it early because 9 times out of 10 it will be a virus.  You also should know that there are even some links in Digg.com and other popular websites that are promoting this. The top rated sites are what I call Google Juice to put the blog spot website onto the first page of Google. So you should install a good [intlink id=”2205″ type=”page”]Anti-virus software and Firewall[/intlink]. I also believe this will be coming out on DVD in December according to my sources this movie has been ready for quite some time and they are anxious to have it ready for Christmas so you won’t have to wait long to see it. Afterall they have had this movie ready since last Year.

This seems to be like the [intlink id=”3448″ type=”post”]Fake Codecs[/intlink], I have talked about.   In order to see this you have to install this software to view this movie.   I don’t even know if it is a true movie but I do expect in the coming weeks to days there will be even more Fake Sites like this trying to promote watching it for Free.  Thank goodness [intlink id=”3385″ type=”post”]we don”t have to worry about Zango anymore[/intlink]. Nothing in life comes free, so be on your guard.  Only you can prevent virus infections on your system.