2009 – Page 50 – Paul's Tech Talk

Tech Journalist breaks the silence — Journalist got Pwned!!

PaulFebruary 18, 2009

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam
[Click Picture to see the full story]

[ad#ad2-right]As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties. Some things to remember if you get an email with a link sometimes won’t send you to the real link. This can be easily done just like blogging. You don’t know where you will end up when you click an email link. One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

You could be the next person to have your Identity taken away from you. So what should you do to prevent this type of phishing attacks, assume any email you get from Facebook, Myspace, Twitter, and Any other Social Sites to be a possible phish email. These are always going to be a problem for these sites. The spammers want access to be able to spam your friends and family with links, or to make you look foolish. This is the reason they do it for Money or just for laughs.

One thing to remember is having a strong password will make it that much harder for you to be phished because if you can’t remember it you will be more careful. I will keep preaching this having a good Firewall and Anti-virus will also prevent you from getting viruses from these type of phishing attacks. It will also make it much more harder to go to sites that smell like Phish. Remember only you can keep your identity a secret.

Zero Day For IE7 Being used in the wild.

PaulFebruary 17, 2009

It looks like IE7 patches are being used right now in the wild. According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while. Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats. The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access. I still like the Autopatcher because it will do the job with very little input from the user. It also makes it easier for people to patch big systems. You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP. So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.

Not safe to download a worm : Project Snowblind

PaulFebruary 16, 2009

It looks like I missed this one yesterday. There seems to be a rogue and probably somewhat of a warez version of the game Project Snowblind.

[ad#ad2-right]ccording to Sophos:

Project: Snowblind is a multi-player first-person shooter (in the same genre as Doom) released by Eidos Interactive a few years ago.

A closer examination reveals that the installation program comes with a little nefarious piece of malware (detected by Sophos as W32/Rbot-GXL) that will drop a file called vghhost.exe. This file is actually a network worm as well as an IRC backdoor Trojan.

I must also tell people that if you want to download the demo, you can download it from the EIDO website and Download.com website. I will say I didn’t know about this one until Technibble, published something about this. Some of the things he publishes are great for the IT Professionals who want to start their own businesses.

I also suggest the Computer Repair Utility Kit, It can be used on a USB and has some good programs that you can use in Computer repair.

Polymorphic w32/Scribble and what that is:

PaulFebruary 12, 2009

Having read the Graham Cluley’s Blog about “Court halted by fast-spreading virus“. I wanted to talk about this one because of the need to let people know about this little Virus and what you see when you are infected.

This virus modifies the Windows Host file so it redirects the host to a loopback address. It also uses the I-frame Injection into HTM, PHP or ASP file extensions. W32/Scribble-a, also known as Virus.Win32.Virut.ce, PE_VIRUX.A, or Virus:Win32/Virut.BM allows a users to control the machine through IRC.
[ad#ad2-right]

Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).

[Via Graham Cluley’s Blog]

Sopho’s Has a removal tool for this to help disinfect a system that is infected. I also want to remind people about the need for backups and the need for Anti-virus Software, including a free firewall, will not protect you 100% of the time but will help you identify and possibliy remove a virus, Trojan, and worm from you system. Just like the seriousness of the Conflicker Worm, this too should be taken seriously due to how it is easily spreading. And with Valentines Day just a few days and some Other Holidays that will be coming up, you can bet this virus will start infecting even more systems. You should also backup your data weekly if not monthly. I’d suggest doing a backup on a Early Sunday Morning before 4am so the system won’t be used. I’ll update you if there is anything else about this virus on my blog later. Just wanted to let people know to be watching for this little virus on and offline!!

Figuring out the Hole for The USB Cricket Card? UM100C

PaulFebruary 12, 2009

So you bought and you see:

You probably wondering what that can be used for? Here’s what I know and from what I found out. That little can be used as an external Antenna. You could also use this to boost your signal and be able to use this for places that might not be getting a better speed upward and downward bandwidth. You see it all depends on where the Cell Towers are. Although this will likely help those who are either 1 to Almost Zero signal, it will not help those who are outside of the network. It might help and it might not, it depends on the location your at and the closest coverage area. If your on the edge of the coverage area and you buy this antenna it Should boost your signal and get you a better speed. I will not say it will help but in theory it could help. If you want to find out the other post that I have done on this subject please check my Cricket tag for more information. Although it varies on person to person, and region to region this is going to be a variable that will always remain in the grey. Only way to find out is to try it.