Category: Symantec

Scareware sites being sent through email!

Paul

setup_security_defender_622.exe Chrome Scareware site on a Linux system!

Don’t try this home!

If you are not careful you could easily get infected with spyware, or worms. I on the other hand know how to fix the problem if it happens or how to prevent it in the first place. I was using a live Kubuntu CD to do my test with the link that was given to me, so I didn’t have to worry to much about infections.  The URL which was given to me was “[Website]/wp-content/plugins/(random letters and numbers)“.   You could easily tell that it was just spam because there was no subject or anything else but a link in the email.   I did this a number a times and I got some very interesting websites:

  • http://scan27.delfasd.co.in (scareware site, See picture above)

  • http://wikimedicinepatients.eu (Canadian Pharmacy) [WHOIS]

  • http://systemtestnow.com  (Scareware site I think) [WHOIS]

  • http://scan7.oggnot.co.in

  • http://update17.oggnot.co.in

Never Run an unexpected Program!

I knew this was scareware site because it automatically sent me a file “setup_security_defender_622.exe“.   I decided to check it out even more so I submitted to Jotti and you can see what they said by clicking the filename.   I also submitted it to the Virustotal to see what it said and I wasn’t surprised but again, you should never run programs that your not expecting.    This is a really old scareware tactic that is still being used today and your self be taken advantage of.

Antivirus is KEY!

To prevent viruses, if your on a computer you really should consider buying an Antivirus.  There is even Antivurs for Macintosh machines, and Linux if your interested.   I don’t know if you really need a Linux antivirus but I guess it wouldn’t hurt to have it.   I think they are far behind Mac/Windows Antivurus programs but yet they are getting better.   You never really know what is needed in the future but you should be ready when it comes.

Which Antivirus Software do you use?

I am quite curious as to which you use when it comes to having an antivirus software.   By all means leave a comment and tell me which one you use or if you found another website that you have found, and I’ll investigate it and tell others about it.

Paul Sylvester

Related articles

Enhanced by Zemanta

Blog Success Spam — What not to Do!!

Paul


Lately I’ve been getting spam emails with the titles:

  • Earning thousands blogging? You could be.

  • Bloggers Paid for Posts

  • Bloggers Wanted

  • Learn to blog for paychecks using this freebie video.

Each link sends me to blogsuccess.com, and looks like this:

blogsuccessspam

“Blog Success founders Jack Humphrey and Peter Lenkefi created this to help bloggers make money.”  This is what I read in searches.    I’ve got to wonder if this is so successful they why do an email spam?   [intlink id=”2833″ type=”post”]Most emails lately have been about scams and virus exploits[/intlink].   I am going to stick to the only way you should advertise by getting people to click links to come to my site.

According to Symantec:

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets –networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam.

90 Percent of E-mail Is Spam, Symantec Says

Now if we do the math at least half of these emails sent to me are from hacked computers and are coming from so-call botnets.   If they are so caviler about using hacked systems to spam people do you really think they are making enough money with this website of theirs?   The old tried and true method for any blogger is TIME, Research and building your community.   Other than that there is no really easy way to make money quickly.   I just hope they release this and start doing it the right way.    This just makes there company become a dark site, in which all you do is bring people in who want to earn money in the bad way.

You won’t make money from W32:Sality.ao

Paul

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

  • Virus.Win32.Sality.y (Ikarus)

  • W32/Sality.AE (Norman)

  • W32/Sality.AH (Panda)

  • W32/Sality.AK (F-Prot)

  • Win32.KUKU.a (Rising)

  • Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

PDF Zero Day Vulnerability in the Wild

Paul

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field.  This also could be used to make Botnets and make the network involved become sluggish.   It must be warned that there are a whole wide variety of possibilities that could be done with this exploit.  Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader.  Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus.  This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%.  The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.

Careless Facebook profiling can lead to Identity Theft!

Paul

I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn’t believe what I saw:

Something users shouldn't do!!!As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity.   You shouldn’t be broadcasting your DOB and who your married to to your friends, just in case they get hacked.

Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their “walls” – personalized message boards.

[Via Computing.Co.UK]

This deservese a little mind and a lot of understanding.   By the spammers hacking into facebook accounts they have the chance to scam or spam people with links to possibly have a virus or trojan installer.

[ad#ad2-right]For example This one blog talks about the Virus:

Symantec’s Norton Antivirus software has flagged this as a “high risk” Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is “low,” since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)

You might be inclined to click on this link because it’s from a friend, but they did not intentionally send it to you — and yes, their Facebook photo is attached, too.

[Via Sync-blog]

facebookident2Now I went searching through my friends list and also found this little bit of information.  As you can see this one is asking for people to use there account to scam people out of money.  They could use this to find out even more information of the Other partner and make you believe your talking to the real deal.   Saying they need money because they are stuck over seas or something like that.   I’ve seen this on other blogs where people have sent money to “friends” but are actually people who are the scammers.  Then if you send the money you are out of luck with your money and possibly your friends to.  I am sure there are more but this is prime examples of what you shouldn’t do and why.

So what can you do to prevent Identity Theft and/or being scammed?

    [ad#cricket-right-ez]

  • Roboform Review — A Password Manager that will help protect your passwords from key loggers and other such phishing sites.    I strongly recommend it to to all who are security minded. (Never use the same password for all your accounts)

  • Are you worried about your identity? — This is good information in checking out sites that might be questionable.  You can find out what type of site it by using your brains.

  • Old Phish Become New again — This is blog post about twitter and what may happen if you did give out your password.   This is a good example of why you never should give out your password to third party websites.

  • Twitter Spammers a getting more smarter — This is also good example of what happens when you see become friends with someone who isn’t real.   You could be the next to be spammed and/or impersonated.

If you follow some common steps you to could prevent from being the victim or getting your Identitiy stolen.   Some things to remember is Never tell anyone your Birthday the whole date like someone did on twitter a few days ago.  It’s nice that they are growing older but that gives people that much more information to use to steal your money or your idenitiy.   Think before you give out any personal information like Age, Married, who your married to and anything that might be used to be able to access your account or your impersonate you.  Remember only you can prevent from being scammed or lossing your identity, you wouldn’t want to have to pay for your mistakes.