The April fools Joke, You’ve got a computer worm!

Cluely’s blog talks about this and I thought I would talk about it a little myself!!

[ad#cricket-right-ez]This is the newest version of the Conflicker/Downadup variant of the little worm.  There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.

Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

[Via Graham’s Cluely Blog]

Now let’s talk about this a little, this worm won’t do anything else but ask for updates on April 1, and we don’t know when the virus writers will implement the update it could be a month down the line.  You could[intlink id=”3171″ type=”post” target=”_blank”] Backup[/intlink] your software and use the free program [intlink id=”2883″ type=”post” target=”_blank”]Autopatcher[/intlink] to help make sure your system is completely up to date with windows security.  You can’t forward the to that date to find out what will it call home to.    We don’t know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009.  So you should install [intlink id=”2205″ type=”page”]Anti-virus and Firewalls[/intlink] where you think it is needed.

I am sure though this will be an really big April Fools Joke from the Virus Programmers, they will be laughing at the hysteria of people trying to find out all the important information on April 1, and yet it might not start to happen until much later!!  You are the first line of defense from getting a virus or any malware.  So let’s keep our heads on straight and not go over board!  Only time will tell, and I am sure what happens on Apr 1, 2009 will be a new day.


The Seriousness of the Twitter Vulnerability?

twitter_110 The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer.  Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

New spam Campaign — Casino Anyone?

Looks like there is a new Campaign going on with regards to having VIP access.

geocitiesspam

So I go to the site:

geocitiesspam1

[ad#cricket-right-ez]

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

  • This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]
  • It also Changes your Autoexec.bat file.  (Not good)
  • Changes access flags on several different program (not good either)
  • It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.
  • It looks like it connects to the servers every time you boot up!! (Not good either)

I don’t know what it is trying to do but everything I see about this file makes me think this is trying to avoid virus detection.  I ran Kasperky and Avast file check, it came up clean.   I think what happens is you download the virus after you install this software.  I wouldn’t download this or install it, even though it advertise you 800% free that has to be scam or just a flat lie to get you to install software.  Everything about this program doesn’t make me want to to install this software, although it doesn’t seem to be a virus.  It however does make me want to delete the file.  Remember to use[intlink id=”2205″ type=”page”] Anti-virus and Firewalls[/intlink], that is your first line of defense.

Onlive? Could that be the downfall of Unlimited Internet?

onlivewebsiteAs most of read from Engadget, Cnet, and IGN, this is the the beginning to the end for unlimited internet access.  As you know [ad#cricket-right-ez]according to Wikipedia, there is 8.9 Million at least having XBOX 360 and according to Engadget there are 71% have DSL speeds, so that would be a possible 5.6 million I am guessing. Just on one Console, I could go through each console and see but I know it is a big number. It could out sell all these other consoles really quickly.

Now we have had console wars for some time and this might or might not work depending on the streaming of Onlive and also the FPS(Frames Per Second).  If they don’t do it right, this will never catch on and if they do it right which they might I see there will become a scenario where the ISP will want to regulate bandwidth.  Time Warner has been looking into for some time.  IF enough people buy this and use the service then all the ISP will have more reasons to regulate bandwidth.  So is this the downfall of Unlimited Internet Access?  All these kids wanting to play the most recent games, who knows how this will work out but this will be a bandwidth issue in the coming months as we see who wants to use this.  If Onlive sells these for $99 then I see it becoming the winner, I’d also like to see unlimited subscriptions like Netflix but We will have to wait and see!!

Apple get scammed out of 9,000 Ipods

This is an unusual report, Apple return policy seems to be flawed.

[ad#cricket-right-ez]

Apple replaces faulty iPods automatically once the serial number of the device has been given. If the customer does not return the faulty device then the company charges their credit card for the replacement cost.

[Via VNUNET]

It seems even Apple didn’t even notice the high amount of returns from a single user.  It just proves that there are more and more.  Some things Apple will like do is change the return policy and come up with more stricter return policies.  Although if this doesn’t show how scammers are trying to make money because of the recession.  Apple has a long road ahead of it to be security minded.