Category: virus removal

Polymorphic w32/Scribble and what that is:

Paul

Having read the Graham Cluley’s Blog about “Court halted by fast-spreading virus“. I wanted to talk about this one because of the need to let people know about this little Virus and what you see when you are infected.

This virus modifies the Windows Host file so it redirects the host to a loopback address. It also uses the I-frame Injection into HTM, PHP or ASP file extensions. W32/Scribble-a, also known as Virus.Win32.Virut.ce, PE_VIRUX.A, or Virus:Win32/Virut.BM allows a users to control the machine through IRC.
[ad#ad2-right]

Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).

[Via Graham Cluley’s Blog]

Sopho’s Has a removal tool for this to help disinfect a system that is infected. I also want to remind people about the need for backups and the need for Anti-virus Software, including a free firewall, will not protect you 100% of the time but will help you identify and possibliy remove a virus, Trojan, and worm from you system. Just like the seriousness of the Conflicker Worm, this too should be taken seriously due to how it is easily spreading. And with Valentines Day just a few days and some Other Holidays that will be coming up, you can bet this virus will start infecting even more systems. You should also backup your data weekly if not monthly. I’d suggest doing a backup on a Early Sunday Morning before 4am so the system won’t be used.  I’ll update you if there is anything else about this virus on my blog later.  Just wanted to let people know to be watching for this little virus on and offline!!

Patch Release information Feb 10, 2009

Paul

I just got the patches that were sent down from Microsoft., Here’s what I do know:

Cumulative Update for Media Center for Windows Vista (KB960544)

Download size: 12.0 MB
You may need to restart your computer for this update to take effect.
Update type: Recommended

[ad#ad2-right]Install this update to resolve issues with Media Center for Windows Vista. For complete list of the issues that are included in this cumulative update, see Microsoft Knowledge Base article 960544.  After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=137169

Help and Support:
http://support.microsoft.com

Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB961260)

(CVE-2009-075, and CVE-2009-076)Download size: 7.9 MB

You may need to restart your computer for this update to take effect.

Update type: Important

[ad#ad2-right]Security issues have been identified that could allow an attacker to compromise a computer running Microsoft Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=139814

Help and Support:
http://support.microsoft.com

Update Rollup for ActiveX Killbits for Windows Vista (KB960715)

Download size: 44 KB

You may need to restart your computer for this update to take effect.

Update type: Important

[ad#robo-right-120×90]Security issues have been identified in ActiveX controls that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=139076

Help and Support:
http://support.microsoft.com
MS09-004: Vulnerabilities in Microsoft SQL Server could allow remote code execution
(KB959420) (MS09-004)
(CVE-2008-5416)(Exploit code publicly available since December 2008)

This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.

MS09-003: Vulnerability in Microsoft Exchange could allow remote code execution
(KB959239)(MS09-003)

(CVE-2009-0098 CVE-2009-0099)

This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

Each One of these Updates is either important or recommended.  As you can see on all of them it is time to load up Clone of Autopatcher and start downloading these patches.  If you start now you should be able to keep the bad guys away this weekend.  I just loaded it up and it downloaded all the new patches rather quickly.

Now on to the good stuff, As you can see each of these are important to patch your system and each of these patches need to be installed before someone makes a worm or virus to compromise systems.  I can just see people sending out fake emails that would compromise the Media Center trying to install some  Malware.  I can also see people trying to use the IE Vulnerability also, and the Active X.  These should be taken serious and installed before the week is over.  Some other things to consider is having a good Anti-virus and Firewall setup to prevent infection in the first place.  It’s up to us IT guys to keep the employees from doing something they shouldn’t.  Only you can prevent a Virus infection. (I’ll update when more information is available for a week)

Pirated iWork’09 — Shows users they’ll not smart!!

Paul

Pirated Version of iLife 2009 for Macintosh users are getting hit hard by a Virus.  These users seem to think they are immune to viruses or trojans, and install software without second thoughts.  Now I know this isn’t funny to some but at least 20,000 have been macintosh computers have been infected by this little OSX.Trojan.iServices.ANow did Apple help this out by making people think the OSX was immune to Viruses?  Some reports are saying this little Trojan is hard to get rid off.  Intego puts out a security Alert for this little Trojan.  Microsoft should jump on this like a hot knife through butter with there ad campaigns.  I would be laughing all the way to the mall.  No longer are Macintosh’s  safe from viruses, Trojans, or Spyware.

So you think you have the Trojan? I do not know how to get it off the system because I am a PC user, but I just had to comment on this and make sure people knew what was happening in the world of malware.   I’d suggest checking out my Malware Resource page and maybe there you’d find something that will work for you in removing this trojan.  Although it cost 79$, Mac users need to start using more common sense with their computers and not download software from untrusted sites. Security should be brought to the forefront when it comes to Apple.

Spammers defies Bill Gates ‘magic Solution’

Paul

Sopho’s published statistics and I thought I would talk about it here.   Bill Gates promised to have a Magic Solution 5 Years ago.   Sophos Also provide a Chart of the Dirty Dozen:

dirty-dozen-q408

Sopho’s also is claiming that “US retains its crown as spam king“.    I don’t think so because of the the Other 32.4%.   The US can’t be the main culprit to spam.    So What was this ‘Magic Solution’ that they promised 5 years ago?

Microsoft has two techniques in mind for solving the spam issue, both based on the premise of changing the economics of email to place a greater burden on the sender.

[Via CBR]

Microsoft did have some good ideas but they wouldn’t work for right now because the first part of the ‘magic Solution’ was to add  mathmatical question to each and every email we sent out.   I know that this wasn’t going to work because hackers have already created a systems to get around the captcha verification.

[ad#ad2-right]Spammers of course are the ones  who is sending out the spam but they have people who write virus software, which I consider a hacker.  You see they want to infect systems so they can easily send out even more email.  When a system becomes a Botnet they usually are used to send out email.  If your curious as to what a Botnet is Check out the Wikipedia entry for further details.  So they need these systems to be able to send out spam, and other types of email phishing.   Most of the time a spammers  spam just for money because they make money by spamming people.   I hate spam because it clogs up our email accounts with unwanted emails.

So Did Microsoft come up with a fix?  According to Sopho’s they seem to be dropping percentages from 2004 to now in the US.   I have to wonder if Microsoft proclomation made them worry and go outside of the US.   I don’t think it will stop in fact, I suspect with the economy like it is we will undoubtedly start seeing even more spam and even more computer infections.

In order to prevent yourself from viruses and computer infections, you will need to install Anti-virus software and a Good firewall, not just the Default Windows Firewall.  This will greatly increase your chances of not getting a virus and possibly help prevent some of the spam.   You should also tell your associates or customers the benefits of preventive updates.  You should also remind people about not clicking links in emails and also not everything you read is true.

More Information on the downadup Worm

Paul

If your working to get rid of this Downadup Worm, F-secure is giving out a free removal tool to help with that task.   According to F-Secure Worm:W32/Downadup.gen description which Talks about how bad this worm is.

[ad#ad2-right]Due to companies not updating the MS 08-067 patch, it is the primary way for this worm to get onto a system.

Graham Cluely’s Blog ask a question and got quite a few answers from the users. The results of the poll are 53% believe the hackers are to blame, and 30% think the System Administrators are to blame, and 17% think Microsoft is to blame for this worm.

I have a mix feelings over who is to be blamed for this worm. I think the person who wrote this, did it for a specific reason. We can’t expect any software we use to be 100% safe, even Macintosh are not 100% safe. Microsoft isn’t to be blamed because they tried to patch this as quickly as they could. I know that companies have a hard time keeping up with Microsoft updates, and they really can’t be blamed. I think Hackers are always going to make a virus just because they can. That’s in there nature and we will never be really rid of the virus or worm writers. They are in it for the Money, to boast, to take control of, or steal sensitive information. Windows being the Alpha Dog, people are always going to test the waters because of that.

So who do you think is to be blamed?  I’d like to hear your thoughts on this.

Who do you think is to blame for the Downadup Worm?

1) End Users
2) Microsoft who did patch it
3) The person who Wrote this Worm
4) Companies who didn’t implement updates
5) No one it is going to happen
6) People who pay the writers of Virus/Worms

View Results

Make your own poll

If you think someone else is to be blamed just make a comment.

Please bear in mind that this poll is not scientific and is provided for information purposes only. The comments expressed on this page are those of a subsection of poll participants, and not necessarily those of Tech-linkblog. Tech-linkblog makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.