Category: Virus

And the Oscar goes to . . . Not these guys!

Paul

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

[ad#ad2-right]

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

You won’t make money from W32:Sality.ao

Paul

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

  • Virus.Win32.Sality.y (Ikarus)

  • W32/Sality.AE (Norman)

  • W32/Sality.AH (Panda)

  • W32/Sality.AK (F-Prot)

  • Win32.KUKU.a (Rising)

  • Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

Careless Facebook profiling can lead to Identity Theft!

Paul

I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn’t believe what I saw:

Something users shouldn't do!!!As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity.   You shouldn’t be broadcasting your DOB and who your married to to your friends, just in case they get hacked.

Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their “walls” – personalized message boards.

[Via Computing.Co.UK]

This deservese a little mind and a lot of understanding.   By the spammers hacking into facebook accounts they have the chance to scam or spam people with links to possibly have a virus or trojan installer.

[ad#ad2-right]For example This one blog talks about the Virus:

Symantec’s Norton Antivirus software has flagged this as a “high risk” Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is “low,” since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)

You might be inclined to click on this link because it’s from a friend, but they did not intentionally send it to you — and yes, their Facebook photo is attached, too.

[Via Sync-blog]

facebookident2Now I went searching through my friends list and also found this little bit of information.  As you can see this one is asking for people to use there account to scam people out of money.  They could use this to find out even more information of the Other partner and make you believe your talking to the real deal.   Saying they need money because they are stuck over seas or something like that.   I’ve seen this on other blogs where people have sent money to “friends” but are actually people who are the scammers.  Then if you send the money you are out of luck with your money and possibly your friends to.  I am sure there are more but this is prime examples of what you shouldn’t do and why.

So what can you do to prevent Identity Theft and/or being scammed?

    [ad#cricket-right-ez]

  • Roboform Review — A Password Manager that will help protect your passwords from key loggers and other such phishing sites.    I strongly recommend it to to all who are security minded. (Never use the same password for all your accounts)

  • Are you worried about your identity? — This is good information in checking out sites that might be questionable.  You can find out what type of site it by using your brains.

  • Old Phish Become New again — This is blog post about twitter and what may happen if you did give out your password.   This is a good example of why you never should give out your password to third party websites.

  • Twitter Spammers a getting more smarter — This is also good example of what happens when you see become friends with someone who isn’t real.   You could be the next to be spammed and/or impersonated.

If you follow some common steps you to could prevent from being the victim or getting your Identitiy stolen.   Some things to remember is Never tell anyone your Birthday the whole date like someone did on twitter a few days ago.  It’s nice that they are growing older but that gives people that much more information to use to steal your money or your idenitiy.   Think before you give out any personal information like Age, Married, who your married to and anything that might be used to be able to access your account or your impersonate you.  Remember only you can prevent from being scammed or lossing your identity, you wouldn’t want to have to pay for your mistakes.

Zero Day For IE7 Being used in the wild.

Paul

It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

How the IE7 Exploits are being used

[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP.  So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.

Not safe to download a worm : Project Snowblind

Paul

It looks like I missed this one yesterday. There seems to be a rogue and probably somewhat of a warez version of the game Project Snowblind.

[ad#ad2-right]ccording to Sophos:

Project: Snowblind is a multi-player first-person shooter (in the same genre as Doom) released by Eidos Interactive a few years ago.

A closer examination reveals that the installation program comes with a little nefarious piece of malware (detected by Sophos as W32/Rbot-GXL) that will drop a file called vghhost.exe. This file is actually a network worm as well as an IRC backdoor Trojan.

I must also tell people that if you want to download the demo, you can download it from the EIDO website and Download.com website. I will say I didn’t know about this one until Technibble, published something about this.  Some of the things he publishes are great for the IT Professionals who want to start their own businesses.

I also suggest the Computer Repair Utility Kit, It can be used on a USB and has some good programs that you can use in Computer repair.