Category: Virus

The April fools Joke, You’ve got a computer worm!

Paul

Cluely’s blog talks about this and I thought I would talk about it a little myself!!

[ad#cricket-right-ez]This is the newest version of the Conflicker/Downadup variant of the little worm.  There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.

Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

[Via Graham’s Cluely Blog]

Now let’s talk about this a little, this worm won’t do anything else but ask for updates on April 1, and we don’t know when the virus writers will implement the update it could be a month down the line.  You could[intlink id=”3171″ type=”post” target=”_blank”] Backup[/intlink] your software and use the free program [intlink id=”2883″ type=”post” target=”_blank”]Autopatcher[/intlink] to help make sure your system is completely up to date with windows security.  You can’t forward the to that date to find out what will it call home to.    We don’t know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009.  So you should install [intlink id=”2205″ type=”page”]Anti-virus and Firewalls[/intlink] where you think it is needed.

I am sure though this will be an really big April Fools Joke from the Virus Programmers, they will be laughing at the hysteria of people trying to find out all the important information on April 1, and yet it might not start to happen until much later!!  You are the first line of defense from getting a virus or any malware.  So let’s keep our heads on straight and not go over board!  Only time will tell, and I am sure what happens on Apr 1, 2009 will be a new day.


The Seriousness of the Twitter Vulnerability?

Paul

twitter_110 The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer.  Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

New spam Campaign — Casino Anyone?

Paul

Looks like there is a new Campaign going on with regards to having VIP access.

geocitiesspam

So I go to the site:

geocitiesspam1

[ad#cricket-right-ez]

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

  • This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]

  • It also Changes your Autoexec.bat file.  (Not good)

  • Changes access flags on several different program (not good either)

  • It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.

  • It looks like it connects to the servers every time you boot up!! (Not good either)

I don’t know what it is trying to do but everything I see about this file makes me think this is trying to avoid virus detection.  I ran Kasperky and Avast file check, it came up clean.   I think what happens is you download the virus after you install this software.  I wouldn’t download this or install it, even though it advertise you 800% free that has to be scam or just a flat lie to get you to install software.  Everything about this program doesn’t make me want to to install this software, although it doesn’t seem to be a virus.  It however does make me want to delete the file.  Remember to use[intlink id=”2205″ type=”page”] Anti-virus and Firewalls[/intlink], that is your first line of defense.

Malicious Spammers target Bank of America

Paul

I’ve saw two different security firms talking about Bank of America and I wanted to share with you:

Fake Bank Of America SitePicture from F-secure

[ad#cricket-right-ez]The two sites are F-secure and Pandalabs who are talking about Bank of America and how they try to get you to install malware.  With Adobe having just sent out the new updates last month it looks like spammers are using this to get people to install Malware.

It is also been known to be floating around in Facebook this spam.  So if you get a link going to a site you don’t know about to see a video and it says you need a codec or the Adobe update you should turn right around and leave site. You should always type in the url of Your Bank and not go there through links.

From what they are saying it monitors Network traffic and Steals ICQ, POP3, and IMAP passwords.  If you find network traffic going to Hong Kong IP, then it is time to check to make sure all your Virus definitions are up to date and you’ve installed an Anti-virus and Firewall.  I would encourage  users to report it to Phishtank so that any other unsuspecting user or person going to that site will be warned.

Thinking back to PIFTS.EXE.

Paul

Thinking to this very incident looks to something out of the movie “Lemony Snicket’s A Series of Unfortunate Events“.  I won’t go into much detail but here is what I want answers to about the PIFTS.EXE.  You see after I have read a great article talking in detail about this, I have also come to the conclusion something isn’t right.

[ad#cricket-right-ez]The blog owner known as Anshar in the forums on the Symantec points out some key events. He wanted to point out that the users who were posting were not violating the TOS and was posting questions that look to asking about this file. See screen capture of what I took. This one picture doesn’t prove his theory in whole, but does bring up some suspicions. This actually might be them trying to find a ‘scapegoat’ so to speak. He also talks about what others are asking? What is PIFTS.EXE? People seem to still have not be answered that question.

Although, in Norton’s defense there seems to be a lot of information that they have to sort through. I’ll admit this information people are asking should be really simple to find in the Symantec Databases somewhere. I will not say they are hiding anything major but I do think something is going on that we are not aware of. Here’s some other thoughts to considers? If Norton needed to find out who was using Windows 7, couldn’t they of asked or even made a simple site redirect to find that information, after all anytime you visit a site you have that information sent to the stats. I could in theory find out how many visitors are visiting from Macs and how many are on older systems. That would be very easy to do with Google Analytics.

Now with that said let’s talk about Why it took almost a whole day for them to release a public statement about what happened.  I might be wrong but if I was a stockholder, I’d of demanded them to send that out ASAP instead of waiting 20 to 24 hours.  Although I’m not trying to make any more conspiracy theories, I do think the Streisand effect came into effect and people are feeling like Norton did something they shouldn’t have.  In which case, Norton probably made “A fail whale” attempt of making it better when they started to delete the post.

I’ve been watching the Norton forums trying to make sense of all this, and I do know that Norton have lost people’s faith in them and people are removing their product off there systems if Norton doesn’t start answering questions that need to be answered.

Norton has released the information of PIFTS.EXE and what it does. Although I am sure people are going to argue about what it does or doesn’t. I wanted to post this for people to check out and consider for yourself.