All Posts by Paul

Mac Malware on the Rise drive by Downloads

Paul

Photo by Incase Designs Photo by Incase Designs

More and more there seems to be a building trend with Malware writers are developing ways to find both Mac systems and PC Systems. In a diary talking about that one mans journey leads to a site that can detect which system you are on and offer up Malware for that system. He also has some other examples of this on a Mac Trojan in the wild.

Now more and more[intlink id=”2173″ type=”post”] Apple users think they are not vulnerable[/intlink] to the types of antics that the PC users have to deal with day by day.  This however proves they are “WRONG”.   I will keep telling people whether PC or Mac that you need to have [intlink id=”2205″ type=”page”]Anti-virus and Firewalls[/intlink] installed to help protect yourself from be victim to this type of stuff.  Just a last week Sopho’s issued the OSX/Tored-Fam worm to their databases.   Sopho’s even talks about this in detail on their blog.

[ad]Though admittedly it is the people who are searching for Porn that will most likely install this malware.  It however begs the question, hasn’t this been done on the PC systems before?  I have to think this is because the Apple is getting a bigger share of the systems in the world.   For the one reason people still think they will never get Viruses or Worms on there system.   I on the other hand know that this is just the beginning and in the near future Apple will have to recommend to people to have Anti-virus software on your system.  They did that in the past but changed their minds.

Apple’s stance on malware and their systems are one that will be their downfall.   I’ve talked in the past about [intlink id=”694″ type=”post”]Mac\’s getting viruses and other such Malware[/intlink].  Although to Apple’s benefit they do offer ProtectMac AntiVirus for the OSX.   I don’t know how good this is but I do think they need to change their advertising and not make it seem like the Macintosh has can’t get viruses.   I think it would be really funny to see Justin Long in the Mac ads get a Virus, although I don’t think that will happen it is something that I would love to see.

Morpheus comes a scanning!!

Paul

morpheusscan1I’ve been reading about this on other blogs about this user agent   I have been seeing this agent trying to access an area where I know WordPress doesn’t have anything there.  Some people suspect it is scanning for any Drupal Vulnerabilities.   I have to say if it is searching for Drupal, it is in the wrong place.

Now let’s get down to it.  I’ve seen a lot of comments that just blocking the User is not going to prevent this from happening.   You see they can always spoof the agent with out much trouble but I feel that if they are going to do use an agent that I can track.  It is never a bad idea to block that type of access.  If that was a true agent, I seriously doubt it would be a legitimate agent because of the name.  Others have suggested this is looking to find a PHP Vulnerability and exploit your system.

[ad]I don’t know if it is true.   I have been reading the comments on the blog and some of them are quite interesting.   One such comment that I like how this scanner has been around since 2006 and most PHP servers have been updated to prevent this type of exploit.   So either this scanner is an old system that has nothing better to do or they are just trying to see if they can get a response from my server.   In which case, they now will be give the Access denied.   I have modified my htaccess file to prevent this scanner from even coming to my website.  See blog post to find out how.

What makes this so interesting is it tries to go to “user/soapCaller.bs” expecting to find something, Oh well I am pretty much unconcerned due to the fact that I keep WordPress up to date and I am constantly looking for oddities like this in my log files.   Now we heard that they don’t always have to use the headers and can hide and not be blocked so I have thought about denying anything that doesn’t show IP or has no header?   I wanted to ask my users if that is a good ide or bad idea?   This would stop bots from being bad, I do wonder if this has to do with me talking about [intlink id=”3132″ type=”post”]Pifts.exe a couple months ago[/intlink].    I have read about this on the comments section about this being a Government funded data collection, I don’t know but it does intrique me on the subject.

Remember to help prevent exploits on your server you should keep it up to date as much as possible.  [intlink id=”3700″ type=”post”]If there is an update to WordPress[/intlink], you should always consider updating even when there are problems down the road.

Harry Potter and the Half Blood Prince Movie Spreads Malware

Paul

It seems in anticipation of the release of Half Blood Prince the Malware authors are starting to send for the movie. For example:

harrypotterblogspotfake
As you can see they really try to fool you into think your are going to be able to watch it for free.    They even put it the movie poster to try to get you to click that link. It is on a blogspot page and has a few Google followers, which I am amazed at because what I have found it.   If you were to click that play link (usa-top-news.info) it will redirect your to (world-news-scandals.com) and then to the final destination (tubes-portal.com). Each site is surprisingly in the US and tries to look like it is a real site. It sends you a file called streamviewer.40018.exe, which I am surprised AVG hasn’t picked this up so I went to see if this was a virus and Virustotal showed me this:harrypotterblogspotfake1

[ad]Very few actually detect this trojan downloader even [intlink id=”2205″ type=”page”]AVG[/intlink] hasn’t detected this as being malware.   So you best bet is not try to go watch it early because 9 times out of 10 it will be a virus.  You also should know that there are even some links in Digg.com and other popular websites that are promoting this. The top rated sites are what I call Google Juice to put the blog spot website onto the first page of Google. So you should install a good [intlink id=”2205″ type=”page”]Anti-virus software and Firewall[/intlink]. I also believe this will be coming out on DVD in December according to my sources this movie has been ready for quite some time and they are anxious to have it ready for Christmas so you won’t have to wait long to see it. Afterall they have had this movie ready since last Year.

This seems to be like the [intlink id=”3448″ type=”post”]Fake Codecs[/intlink], I have talked about.   In order to see this you have to install this software to view this movie.   I don’t even know if it is a true movie but I do expect in the coming weeks to days there will be even more Fake Sites like this trying to promote watching it for Free.  Thank goodness [intlink id=”3385″ type=”post”]we don”t have to worry about Zango anymore[/intlink]. Nothing in life comes free, so be on your guard.  Only you can prevent virus infections on your system.

MyGodaddy Review : Thumbs UP!

Paul

I have been using [ad#Godaddy Name]as my Hosting Company for quite some time and really love the service. As you know they clam to have 99% uptime and I haven’t seen them go down for anything since I started. So Let’s Talk about this even more:

[ad#Godaddy Video]

  • Hosting plans starting as low as $4.99 a Month. ([ad#Godaddy Hosting plans])

  • Domains starting as low as $1.99.  ([ad#Goddady Domain Sale])

  • Technical Support has been excellent.  Every time I call there hasn’t been nothing they would not do to help out.

  • WordPress, Simple Machine Forum, and even Wiki programs. You have a wide variety of programs to use to such as blog and have it up and running in no time.

  • You can become a Reseller for Godaddy if you want, and have a store if you want.   This is also makes it even easier for you to make and sell domains for cheap.

  • SSL Certificates — Keep your website secure and prevent people from getting information they shouldn’t.   This is good for businesses who have to sell using a credit card or registration for people information.

This is a good service for bloggers and podcasters who want to blog.   I have been using this service from [ad#Godaddy Name]and have been really impressed.  If you looking for a hosting this is the right place to go.   Although the support for [ad#Godaddy Name]is not the best, when I went through them for tech support.   They would tell me how to fix it and leave me do it myself but that is a good way to learn how to keep a website going.   I still recommend [ad#Godaddy Name]for people who want a dependable service.   Do you like or not like Godaddy?  I want to hear from you!  Leave a comment and let me know what you think!

All in All, I like the support and friendliness of [ad#Godaddy Name]to keep me going when something unexpected comes up. You will never know what is around the corner.

Link shortening and the new wave malware on Twitter

Paul

I’ve been reading what Sans Internet storm has to say about twitter and how that can bring malware to Twitter. Sans argues that there is no reliable way to determine the information someone says, and that is where I am wanting to talk about the way people are creating what I call Link baiting or Blind links. You ever click on a link in twitter to find it it wasn’t what you thought it was?

[ad]I also thought of what Sopho’s blog about today where someone hijacked 2.2 Million redirect Urls using Cli.gs services to shorten links. I was reading through the Cli.gs blog about the incident and it came from Canada but I don’t think the user of the website who had all that traffic was involved in any way shape or form to the hacking of Cli.gs website. I personally think this was done to prove a point and it is a very good point.

That in the future there will be someone to redirect links to a malware site and it won’t be pretty. Think about it any shorten url service like Tinyurl or others who could have their links all be directed to a website. that is a big number and it worries me. Let us go through the numbers a little bit and see. 98.2% of people go to Tinyurl.com and don’t preview the url first. Half of the clicks in Bit.ly are coming from the US, which means we are more at risk of clicking on a link that could be a virus or malware.

Now I know people don’t have time to check out all the links or forget to check before they click. So I have a few plugins that might help with this.   LongUrl Pluggin  Can use 72 different web services including Bit.ly, Tinyurl, Cli.gs, and a bunch more.  This is a good little plugin to help prevent yourself from clicking those links that you are unsure of.    I would also recommend getting a [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewall[/intlink] to better protect yoru system.  I wouldn’t use Internet Explorer it seems that is more easier to infect with malware than Firefox.  [intlink id=”3668″ type=”post”]Firefox still has to worry[/intlink] but not as much.