Year: 2009

Not going to Twittertrain.net, just a Phishing attempt!!

Paul

So you want to have even more followers, but you don’t know how to do it?   I’ve talked about [intlink id=”3647″ type=”post”]Getting more followers and tips and tricks to get the people you want[/intlink].  Now let’s talk about this to a point.

There seems to be automatic post going out with:

“OMG WOW Im getting 100s of followers a day, Check out this site: http://twittertrain.net”

[ad]Now going to the site and giving out your password is always a bad idea.   It seems to some people think it is easy to get followers but those who have built up your followers will know just how hard it is sometimes to get more.

I would be willing to guess this is a phishing attempt to get passwords and twitter names for later on.   Some would guess this will just become another way the spammers will use this to [intlink id=”3662″ type=”post”]spread Scareware[/intlink].  I am thinking they want to get your password and save it for later use like this or others where they can get more people to click links and buy there fake products.

Graham Cluely blog post about this website also has a video about the problems associated with website. If you have given out your password, I’d strongly recommend Reseting your password if you can log in just changing the password.

I’d also suggest having [intlink id=”2205″ type=”page”]Anti-virus and Firewalls[/intlink] installed to help prevent any malware that might be on your system now or later on.

If your really desperate for more followers, the best proven way is make friends and communicate.  This will make it easier for people to recommend you to other people.

Ms Patch Tuesday For June 2009

Paul

Photo by Andrew Magill Photo by Andrew Magill

Microsoft has released the upcoming patch information for this Tuesday, and boy does it look like a big one. It looks like there will be 10 bulletins this time around:

  • Bulletin 1: Critical (Remote Code Execution):   Windows

  • Bulletin 2: Critical (Remote Code Execution):   Windows

  • Bulletin 3: Critical (Remote Code Execution):   Windows, Internet Explorer

  • Bulletin 4: Critical (Remote Code Execution):   Office

  • Bulletin 5: Critical (Remote Code Execution):   Office

  • Bulletin 6: Critical (Remote Code Execution):   Office

  • Bulletin 7: Important (Elevation of Privilege):        Windows

  • Bulletin 8: Important (Elevation of Privilege):        Windows

  • Bulletin 9: Important (Elevation of Privilege):        Windows

  • Bulletin 10: Moderate (Information Disclosure):    Windows

It will also include one or more updates on WSUS and Windows update, and Microsoft Windows Malicious Software Removal Tool.   This looks to be quite a big set of updates.   Each one is very serious and will probably be a big download.   If your in corporate IT you may want to get ready the [intlink id=”2883″ type=”post”]Autopatcher program [/intlink]this will help update all the important files on each system without having to have a internet Connection.

[ad]We don’t know what they will be until they have dropped from Microsoft, but we can guess that the Latest Directx vulnerability isn’t going to be one of them.  I wouldn’t be surprised if this was going to be pushed out of cycle but that is going to have to wait a see.

The Affected systems are Windows 2000 Through Windows Vista and Server 2008.   Which means if you have windows it most likely will need to be updated.   Although on a side not the Office suite from 2000 to 2008 also will be patched and that includes the Macintosh systems.

It also looks like 7 out of the 10 will require restarts, so the autopatcher will save you time.  I wouldn’t expect this to notbe exploited on Wensday because most of them are Remote Code Execution which means it is easy for a hacker to take control of your system.   These should be installed ASAP and you also should have a [intlink id=”2205″ type=”page”]Firewall and Antivirus installed[/intlink] to better protect your system.

Microsoft makes Firefox more insecure with the .NET 3.5 Framework (KB951847)!

Paul

Photo by Daniel F. Pigatto

In February, Microsoft quietly installed .NET Framework Assistant (ClickOnce) Firefox Extension. This extension is a bad idea because of what this could do.

This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

[Via Annoyances.org]

As you see, this is a way to make Firefox less secure and almost like Internet Explorer.   We’ve seen the problems with all the [intlink id=”2946″ type=”post”]Malware exploits[/intlink] that people have used in the past.   If you want to uninstall it, well you can’t.   Microsoft as went out if its way to prevent users from uninstalling.    Here is what Brad Abrams talked about on his blog:

[ad]We added this support at the machine level in order to enable the feature for all users on the machine.Seems reasonable right? Well, turns out that enabling this functionality at the machine level, rather than at the user level means that the “Uninstall” button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components.

If you went to your Addons Menu and then to your extensions tab you would see that the uninstall button is grey out. You can disable it but you can’t uninstall it. It looks like Microsoft has sent out a patch to let regular users uninstall this addon(KB963707).

I am really surprised that Microsoft did this little stunt. I would of expected more from Microsoft, but to their credit they did this for a reason to allow users who don’t use IE8 but Firefox , to be able to use the .net Framework but this plugin makes browsing just unsafe. Don’t forgot about the [intlink id=”1010″ type=”post”]MobileMe apple installed on Vista[/intlink] without your knowledge. Microsoft and Apple have both had problems but this is very disturbing.  This patch they are letting people download to fix the problem doesn’t mean much because it hasn’t been sent out to the Auto updates and requires people go download it manually.  So Microsoft believes if you don’t know, it won’t your.

“Look At This” Twitter Malware Exposed!

Paul

VirusList released information about the[intlink id=”3655″ type=”post”] Justse.Ru Video[/intlink] that people were being warned about last weekend.

It seems that it wasn’t a Cross Site Scripting but an PDF exploit that was [intlink id=”3114″ type=”post”]used to install Scareware[/intlink] but Virus List says it as a Fraudware.

[ad]It looks like they were trying to get people to buy [intlink id=”3607″ type=”post”]fake Antivirus[/intlink] software called “System Security”.    It looks like there was a silent download of the PDF and it tried various exploits to get this software installed.

Virus Total has stated that this looks to be the first time, in which one criminal group is looking at making money off of twitter and Facebook.   This could be the beginning of the onslaught of these types of things to continue in the next few months to years.

That is why it is so important to have an [intlink id=”2205″ type=”page”]Anti-virus software and a good firewall[/intlink] to prevent this sort of thing from happening.  It is important to note to all who have a twitter account that you will need to start being more cautious when it comes to videos being put on twitter.  You May never see another video virus like this or you could see a dozen in one day it depends on how people react to this and try to prevent it in the future.   If you think you have the scareware installed that is System Security.   I have found the Removal instrtuctions for people who want to get it off your system.

Blog Success Spam — What not to Do!!

Paul


Lately I’ve been getting spam emails with the titles:

  • Earning thousands blogging? You could be.

  • Bloggers Paid for Posts

  • Bloggers Wanted

  • Learn to blog for paychecks using this freebie video.

Each link sends me to blogsuccess.com, and looks like this:

blogsuccessspam

“Blog Success founders Jack Humphrey and Peter Lenkefi created this to help bloggers make money.”  This is what I read in searches.    I’ve got to wonder if this is so successful they why do an email spam?   [intlink id=”2833″ type=”post”]Most emails lately have been about scams and virus exploits[/intlink].   I am going to stick to the only way you should advertise by getting people to click links to come to my site.

According to Symantec:

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets –networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam.

90 Percent of E-mail Is Spam, Symantec Says

Now if we do the math at least half of these emails sent to me are from hacked computers and are coming from so-call botnets.   If they are so caviler about using hacked systems to spam people do you really think they are making enough money with this website of theirs?   The old tried and true method for any blogger is TIME, Research and building your community.   Other than that there is no really easy way to make money quickly.   I just hope they release this and start doing it the right way.    This just makes there company become a dark site, in which all you do is bring people in who want to earn money in the bad way.