Year: 2009

Cracking and Warez sites are Host of Trouble!!

Paul2 Replies

It is nothing to laugh at and should be understood that gamers have no freedom right now.   That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan.  It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:
[ad#ad2-right]

The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: “Crack Sites Distribute VIRUX and FakeAV

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

  • No-CD Crack (This is good for those who want to play the game without the CD)

  • Key Gen Cracks (This is used for pirated version of a game)

  • Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

  • Game Cheats (This is usually a small program like a bot or some other way for the gamer to cheat)

And should not be Downloaded or USED!! I don’t say that lightly, because Gamers feel they should be able to play any game they want. Although this post will probably make the Gamer developers happy, I do this to tell people that these virus writers are using the gamers to distribute the Virus.   I encourage all the gamers out there, that don’t want to loose their games to not download any more of these types of cracks.  It seems the virus writers are wanting to infect systems and slow you down.  You don’t want to slowed down do you?  Please consider getting a Firewall and a Free Anti-virus software to better protect your system.

Facebook Goes Phishing again

Paul

In one of my Previous articles about the Koobface Worm, I talked about the way they were infecting the systems and what you need not do.

It seems that Trend Micro has seen an even more rise in people downloading the WORM_KOOBFACE.AZ and Seems to be on the RISE. This is all done with a Social engineering and Has had some attempts before with this little worm on Facebook.

[ad#ad2-right]After your Infected with this new Variant, it searches for cookies and Sends out a message to people from:
* facebook.com
* hi5.com
* friendster.com
* myyearbook.com
* myspace.com
* bebo.com
* tagged.com
* netlog.com
* fubar.com
* livejournal.com

This seems to be a social engineering Nightmare for these websites and as yet are unsure what else it does but it says the same thing it did before by saying “This is a Video of You on the Street.” Which is bogus but none the less people click and think they have to download a codec or update their Flash. Social Engineering is on the rise and will be taken seriously. You should read the full report from Trend on what it does but you also should have an anti-virus and Firewall installed to prevent this from happening in the first place. The only true way of preventing this is not to be fooled, you should NEVER Download from a site you don’t know or trust. See all the Facebook articles for more information.

A Sneak Peak at the A600 3G Broadband Cricket Card

Paul

So I was doing a little research and found this nugget from my Affiliates Network:

Features:

Removable Memory Format:  microSD
Storage Capacity External memory up to 4GB
Text Messaging Yes
Contact Directory Yes
Language English/Spanish

Wireless Capabilities:

Technology CDMA
Mode Tri-Band
Data Transfer Speed 3G (EVDO Rev 0, Rev A) and 1x
USB Broadband Modem (A600) Looks interesting, and I am thinking this will be the next thing the company will start Advertising for. Right now though, it cost 119$ with a 50$ Mail in Rebate and you spend 69$. With a CDMA only USB Card like the UM100, you know the speed of that. Now According to Wikipedia for 3G and I’ll quote:

Thus users sold 3G service may not be able to point to a standard and say that the speeds it specifies are not being met. While stating in commentary that “it is expected that IMT-2000 will provide higher transmission rates: a minimum speed of 2Mbit/s and maximum of 14.4Mbit/s for stationary users, and 348 kbit/s in a moving vehicle,”

Now this is a much improved speed and I will be testing this in the future but for right now it is untested. I’ll have another article in the coming months about this. I also like the look of this but haven’t seen it first hand. The other thing I like is the the 4 Gigabytes of MicroSD memory. [intlink id=”3171″ type=”post”]I can see a whole range of useful programs you can install on the USB and make it Portable to a point[/intlink]. I’ll improve on that later on once I play around with what you can have on the card and what you have to have to use the USB modem. The Modem supports Windows 2000 through Windows Vista 64 Bit, also Supports Macintosh.

More to Come!!  (Check out the UM100 Review)

[ad#text-broadband1]

Rogue Fake Codecs on the Rise

Paul

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

[ad#ad2-right]As you can see this makes you have very little security with your system.  I talk about Identity theft, and why you should always worry about your identity.   This however will make your passwords less secure and maybe even compromise you system to the point of having a data breach.   You need to be careful when you come by this, some fake codecs have been know to be scareware.  In which, the fake codecs installs a Trojan to tell you have a virus and try to make you buy a fake program to get rid of the Virus.  In one of my recent posts about Codecs and Facebook, I talked about the K-Lite Mega Codec Pack and how that will prevent you from installing these sociable links from friends and family.  The nice thing about this pack is it install all the really good codecs that you might come across on the web.  If you have this installed and there’s a website that says you need a special codec, you’d know that it is either a fake codec or the author who made the video doesn’t standardize.   In which case you will be more willing to leave that site without installing that codec.

If you follow these steps and also consider installing an Anti-virus and Firewall, you will be in a much better shape then when you first started out. Remember only you can prevent from getting a virus. You should also consider doing the registry edit that will prevent Autorun. As you can tell these new variants also are spread through USB and other removable media. This is the other way these programs are using to infect other systems.

Time to update Adobe Flash Player 10.0.22.87

Paul

Adobe has issued a patch for some of the exploits in the wild. This should be installed on any system that isn’t up to the date with Adobe’s player. If you want to check your systems version you can go here and it will tell you what your version is and what the current version is.

If it doesn’t look like this:

adobe1002287

[ad#ad2-right]Then your on the wrong website.   According to Adobe this fixes CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521.

This update resolves a buffer overflow issue that could potentially allow an attacker to execute arbitrary code. (CVE-2009-0520)

This update resolves an input validation issue that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com has been deployed to avoid a potential Clickjacking issue variant for Flash Player. The Settings Manager is a special control panel that runs on your local computer but is displayed within and accessed from the Adobe website. (CVE-2009-0114)

This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)

This update prevents a potential Linux-only information disclosure issue in the Flash Player binary that could lead to privilege escalation. (CVE-2009-0521)

[Via Adobe Website]

Although this is due to the problem with the exploits in the Windows environment, this however won’t stop virus writers from using this exploit for the Macintosh and Linux Distro’s.  This should be updated on there system also.