threat – Paul's Tech Talk

Microsoft to Release KB961051 on the Dec 17, 2008

PaulDecember 17, 2008

According to McAfee and I will quote:

December 16, 2008: Microsoft has announced an out-of-cycle patch release for a critical, remote-code-execution, vulnerability in Microsoft Internet Explorer (CVE-2008-4844). The patch, to be released on December 17, will address the vulnerability across multiple versions on Internet Explorer running on supported Windows platforms.

[via McAfee Threat Center]

[ad#ad2-right]From what I am understanding it will be KB961051 and will be a critical update on all Windows platforms. Microsoft issued a security advisory for this on there Technet support website. This will probably be put online sometime tomorrow and will be available to download after 10am PST although this is just a rumor because when I go to that article they talk about the work around and how to fix it temporary until they release the patch. This is releated to the IE Vulnerability that is in the wild and has been causing havok on the internet.

IE vulnerability in the Wild

PaulDecember 16, 2008

Well this was bound to happen, hackers found this vulnerability and is using it for their own purposes. [ad#ad2-right]It seems they put a virus on your system. Microsoft has issued an Recommendation and to check out Microsoft Security Bulletin MS06-055.

“What we’ve seen from the exploit so far is it stealing game passwords, but it’s inevitable that it will be adapted by criminals,” he said. “It’s just a question of modifying the payload the trojan installs.”

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

[Via BBC News]

[ad#ad2-left]I personally like to recommend a program that will do a better job at security and that is Firefox, I also suggest people use the Thunderbird and not Microsoft mail program. This will greatly reduce your likely hood of getting a virus or Trojan. Most of the time hackers like to find new ways to infection to get into your system. If you want to preven having a virus in the future, I’d recommend going to my Malware Resource and check out a good firewall and anti-virus. This will prevent you from getting some of the viruses and other types of malware.

Removing Win32/Bagle.HE worm

PaulDecember 15, 200815 Replies

Here is another virus that seems to be spreading lately. From the looks of it, it sees to be another email worm. Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

[ad#ad2-right]Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

Documents and Settings\All Users\Application Data\hidn\
hldrrr.exe

Documents and Settings\All Users\Application Data\hidn\
hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

[ad#ad2-left]It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

[via 411 on PC Security]

According to this site you can remove it by doing some steps. I think Kaspersky has an easier way to remove it and it looks like most anti-virus software will remove this. You need to remember that only you can prevent this from the future. You should also update your windows update and make sure your system is up to date.

Facebook : Beware Spam for breakfast. (Virus)

PaulDecember 7, 2008

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

[ad#ad2-right]

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”

[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

[ad#ad2-left]What’s this program name, it is call the K-lite Mega Codec pack. In this Pack you will be able to play almost everything without having to go download another program. This is done by people who want you to have all the latest codecs installed so you don’t have to go by a program you’ll only going to use once a month.

Once you’ve done that, you’ll no longer have to worry for the most part about codecs. There will be times when you might have to visit that site and update them but that will be far less.

The other thing you must remember is if it says you must update your player. That should be a sign that there is something. I’ll always go to the site and check for example Adobe. If it says I need to update my flash I’ll manually type it into my browser. This way you will know you have the latest updates, if you need to update the flash player by all means go to here and update.

If you got the virus I’d check out my Anti-virus and Anti-Spyware page and that should show you will you need to get rid of the Virus. This virus is very easy to get rid of, just download any one of the anti-virus software and install it. Don’t forget to update the virus database while your at it. That should fix the problem pretty fast. Remember the only way to prevent from getting the virus is YOU.

trojan.zlob removal tricks!!

PaulDecember 6, 2008

[ad#ad2-right]

Aliases:
Trojan-Downloader.Win32.Zlob.qyl (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzs (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzn (Kaspersky)
Trojan.Zlob.CPP (BitDefender)
Puper (McAfee)
SystemDefender (Symantec)

Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.

[Via Windows Live OneCare]

[ad#ad2-left]This one just popped up today on my radar it seems to be a very low threat on everyone’s radar according to my sources say “Trojan.Zlob.G is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page.” So to remove this little Trojan you would want to download one an Anti-virus and firewall. Once you install the software the program should fix the problem for you. This one seems to be really easy to fix. So Please read my post on how to better protect your self if you want to prevent this in the future.