Category: Virus

Polymorphic w32/Scribble and what that is:

Paul

Having read the Graham Cluley’s Blog about “Court halted by fast-spreading virus“. I wanted to talk about this one because of the need to let people know about this little Virus and what you see when you are infected.

This virus modifies the Windows Host file so it redirects the host to a loopback address. It also uses the I-frame Injection into HTM, PHP or ASP file extensions. W32/Scribble-a, also known as Virus.Win32.Virut.ce, PE_VIRUX.A, or Virus:Win32/Virut.BM allows a users to control the machine through IRC.
[ad#ad2-right]

Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).

[Via Graham Cluley’s Blog]

Sopho’s Has a removal tool for this to help disinfect a system that is infected. I also want to remind people about the need for backups and the need for Anti-virus Software, including a free firewall, will not protect you 100% of the time but will help you identify and possibliy remove a virus, Trojan, and worm from you system. Just like the seriousness of the Conflicker Worm, this too should be taken seriously due to how it is easily spreading. And with Valentines Day just a few days and some Other Holidays that will be coming up, you can bet this virus will start infecting even more systems. You should also backup your data weekly if not monthly. I’d suggest doing a backup on a Early Sunday Morning before 4am so the system won’t be used.  I’ll update you if there is anything else about this virus on my blog later.  Just wanted to let people know to be watching for this little virus on and offline!!

Patch Release information Feb 10, 2009

Paul

I just got the patches that were sent down from Microsoft., Here’s what I do know:

Cumulative Update for Media Center for Windows Vista (KB960544)

Download size: 12.0 MB
You may need to restart your computer for this update to take effect.
Update type: Recommended

[ad#ad2-right]Install this update to resolve issues with Media Center for Windows Vista. For complete list of the issues that are included in this cumulative update, see Microsoft Knowledge Base article 960544.  After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=137169

Help and Support:
http://support.microsoft.com

Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB961260)

(CVE-2009-075, and CVE-2009-076)Download size: 7.9 MB

You may need to restart your computer for this update to take effect.

Update type: Important

[ad#ad2-right]Security issues have been identified that could allow an attacker to compromise a computer running Microsoft Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=139814

Help and Support:
http://support.microsoft.com

Update Rollup for ActiveX Killbits for Windows Vista (KB960715)

Download size: 44 KB

You may need to restart your computer for this update to take effect.

Update type: Important

[ad#robo-right-120×90]Security issues have been identified in ActiveX controls that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=139076

Help and Support:
http://support.microsoft.com
MS09-004: Vulnerabilities in Microsoft SQL Server could allow remote code execution
(KB959420) (MS09-004)
(CVE-2008-5416)(Exploit code publicly available since December 2008)

This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.

MS09-003: Vulnerability in Microsoft Exchange could allow remote code execution
(KB959239)(MS09-003)

(CVE-2009-0098 CVE-2009-0099)

This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

Each One of these Updates is either important or recommended.  As you can see on all of them it is time to load up Clone of Autopatcher and start downloading these patches.  If you start now you should be able to keep the bad guys away this weekend.  I just loaded it up and it downloaded all the new patches rather quickly.

Now on to the good stuff, As you can see each of these are important to patch your system and each of these patches need to be installed before someone makes a worm or virus to compromise systems.  I can just see people sending out fake emails that would compromise the Media Center trying to install some  Malware.  I can also see people trying to use the IE Vulnerability also, and the Active X.  These should be taken serious and installed before the week is over.  Some other things to consider is having a good Anti-virus and Firewall setup to prevent infection in the first place.  It’s up to us IT guys to keep the employees from doing something they shouldn’t.  Only you can prevent a Virus infection. (I’ll update when more information is available for a week)

Internet Security Companies Warn about Patch Tuesday and Valentines Day.

Paul

With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.
[ad#ad2-right]

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

So which ones will likely be the exploits they will use? I have a few theories on that and One of them is the INTERNET EXPLORER vulnerability that will be patched and will try to get you to launch the link and will most likely try to launch it in Internet explorer, That would be my guess.    It seems to be Internet Explorer 7 and Below which will be patched so if you want to try out the IE 8 Beta,  You should be safe on that.  Although the best bet is to prevent users from clicking links in emails and also warning them not to open any attachments they are not expecting.    I’d also have the AutoPatcher ready to install the lastest patches for this Tuesday and schedule a time this week to update all the possible systems involved with the Databases.  Although this isn’t one that tries to steal your data it is however a chance the writers to look at what you have and you know how that can be call a data breach.   So if your the IT for the department I’d suggest sending out warnings so they can keep from being caught with their pants down.   I’d also suggest having Anti-Virus and free Firewall installed on all the major systems and it wouldn’t hurt to have the installed on minor systems if at all possible.

Understanding Adsense for the Beginner

Paul

So you have a website and you’d like the site to pay for itself. That can be arranged it however depends on your website performance. You see you won’t make a lot of money if you don’t have several things going for you. I thought I share with you my experience with making money through Adsense. As you saw, I made enough money to pay for the website for 5 years. It isn’t hard to make money it is however very difficult to keep getting the money. Most people don’t know the tricks to making money with Google’s Adsense.

I’m here to help you out a little with understanding it and getting even more money from your adsense.   So here we are 3 months into to putting Adsense seriously on my site and let’s take a look shall we:

My earnings for 3 months

As you can see I started off quite slowly as I figured out how to best do it but gained momentum after that.    First Month I made $17.19 and the Second Month I made $45.57, the last month I made $64.99 totaling $127.75 leaving me with 16.75$ from the few previous months that I tinkered with Adsense.   So where do you start?  I found that to be the hardest part, because of the complexity of where I could put the ads.   I tried having strips breaking up the text in my blog post that really didn’t get me hardly any clicks.  Then I started to incorporate the Adsense into the posts.  I learned how to do it through a great blog post and I’ll talk about that later.   Here’s what you need to know right now though:

    [ad#ad2-right]

  • Create good content —  This goes without saying that if you don’t have good content people will never find your site.   There are a multitude of ways to create content.   Some of the most useful for me is How-to, finding a Niche, and Also just blogging about what you passionate about.   These will often draw people to your website.

  • Gjaylaramieet people to link to your post —  This will help with search engines because they do some math to figure out if your a real site and how trustworthy your site is on the internet.

  • Use Microblogging —  It is well known people use Twitter, Friendfeed, and others a like to tell people what they post about.   It can be great place to help promote your blog and get people to come more and more to your site.

  • Try not to annoy the users with Ads — This is the most important if you want people to come back to your site you should make sure you don’t send people away from your site.  People will not want to come back if you annoy them to much.   So it is essential that you keep them happy.

  • Find a good blog theme — A good theme helps bring people to your site by making it easier to read and find what they are looking for.  You might also consider making a sneeze page to keep people coming back to your site.  This will help your readers and make it more of your own.  You might also want to buy a theme for your blog sooner or later.

With These tips and tricks you too could be on your way to having a great blog.   I would be willing to bet that soon I will be triple that amount if I keep up with what I am doing.   I hope you tell people about this blog and let people know how good this blog is for you.   Remember only you can prevent virus infections.

People coming from Sites that don’t exist

Paul

So I woke up today checking out my sites, and looking outside.   So As I was checking my Stats for my blog.  I cam across a referring site that brought Supposedly Two people to my site.  I looked at the URL for the site:

  • http://trojan.fiftystatesclassifiedads.com/index.php

[ad#ad2-right]So after seeing the “trojan” Prefix and I am wondering if this was an attempt by Malware to infect my domain.   So I go check this domain out.   I got to it and I get a 404.  I then do a Cache Check with OPENDNS.  I also Then decided to see if it was even Registered domain by the doing a Whois.  So I am opening this up to people who might know.   I did do some research and here’s wha I’ve found out so far.

According to How2hack, they talk about how people want privacy and that it might be someone who does not want to be found.  I tend to agree with them, Privacy for Privacy sake is good but if you want to be private you would you even be checking out websites knowing people will want to find out who really is coming to your site.  The How2Hack site also talks about how this might happen and I see where they are coming from.

This was the only site I could find that even looked like it was relevant to what I was searching for.  I don’t see how someone can come to my site saying they were referred by another site and that site does not exist?  Anyone want to try to answer this question and give insight as to why this would happen?