How-to – Page 7 – Paul's Tech Talk

Spying on Spyware.ISpynow!!

PaulNovember 29, 2008

[ad#digg-right]This is another Virus that is going around and thought I’d tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

[ad#ad2-left]Now this one isn’t to hard to figure out what happened. You have to manually install it on your system to get infected. Symantec has a great way on uninstalling this annoyance. I also suggest checking out my other program list just in case you don’t want to buy Symantec Anti-Virus programs. Some other things to check out is:

Avg detected Trojan Horse Generic 12.htc? – This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.

Some Important programs to prevent yourself from having viruses and Malware!! — This article gives you some other programs to use other than Symantec. You have a wide variety of choices on Anti-virus programs and Firewall Choices. You also have some choices on Spyware removal programs.

This is just the beginning in getting your system clean. You have to keep all you programs up to date and one way I do that is with Appsnap. This little program keeps you programs up to date from Virus to Firewall. I hope this helps people prevent and control spyware.

How to disable autorun the easy way!!!

PaulNovember 21, 2008

I read a report from Cnet about USB devices spreading Virus and I will quote:

The bad guys are intentionally developing new flavors of malware designed to propagate through USB devices,” said Gunter Ollmann, chief security strategist for IBM’s ISS security division. “They are today’s floppy drives.”

[ad#ad2-right]An infected computer can spread a virus to a clean USB thumb drive that is inserted. That USB drive will then be spreading the virus onto other computers if the operating system on those machines has an AutoRun-type feature enabled. The AutoRun function in Windows launches installers and other programs automatically when a flash drive or CD is inserted. The Mac has an equivalent function, according to Ollmann.

[Via Cnet]

In order to disable “autorun“, which in Vista is called Autoplay. In order to disable Autoplay from starting when you insert media into your computer here is how you do it:

You will need to be Logged in as Administrator before this can be done:

Next click start and type “Autoplay” without quotes. It will bring up a screen but all you have to worry about is this:

You will need to make sure there is no check mark for “Use AutoPlay for all media and Devices”. Click save and close.

[ad#ad2-left]Once that is done, you will have no more Autoruns from USB devices. If you want to disable Autorun in XP, I’d suggest reading some of these articles for XP.

Wikipedia – AutoRun

How to Disable Autorun

These are just a few and are really nice to articles but there are others out there that might be more to your liking. I suggest searching Google for them. I hope this helps you out!!!

Vista has a new Vulnebility!

PaulNovember 20, 2008

According to Techworld.com, Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit. The talk from them is quite intriguing. I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

[ad#ad2-left]Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista. Now we all know that Microsoft will release a patch quicker than 6 months away. According to this article, people are already looking for the exploit and want to know more about it. I would be willing to bet they will have a patch out sooner than later. Probably January or Febuary, which will be a big deal because no one will expect it. I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch. So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

It’s Offical, Calicanis says Your on your own.

PaulOctober 27, 2008

In the Newsletter, Calicanis says this:

As a startup, you are now, officially, on your own. You can’t count on
your VCs saving you or some magical offer from Yahoo or Google showing
up to bail you out. Chances are Yahoo and Google are going to be
shutting down and/or selling off companies they’ve already
bought–like EBAY and AOL have started doing. Parents don’t adopt
while they’re putting their kids up for adoption.

Now I don’t know about you but I am really worried about what people are going to do next. Some other things Jason said is that the storm is upon us. That’s right, in the next thirty days you will have to figure out how to survive. It won’t be easy. Is this the beginning or the ending of this so called storm? I say only time will tell. I hope this becomes a rebound soon. We are definitely in for the long haul.

Microsoft Windows Server Service Vulnerability (MS08-067)

PaulOctober 23, 2008

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system. This issue is caused by an error in the Server service that does not properly handle specially crafted RPC requests, which could be exploited by attackers to crash an affected system or execute arbitrary code via a specially crafted request.

On Windows Vista and Windows Server 2008, the vulnerability is only exploitable by authenticated users.

Note: This vulnerability is being exploited in targeted attacks.

[via FrSirt]

[ad]

This was just discovered and needs to let people know. I will do more research on it and maybe come up with a way to fix the problem. According to my sources there is a patch that will fix the problem!!

*UPDATE*
According to Microsoft:

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
[Via Microsoft Security Bulletin]