Category: Windows 7

Conficker Discussion Part 2 – Even more stuff to talk about

Paul

We’ve heard in the[intlink id=”3214″ type=”post”] coming days there will be an update for the Conficker.C Worm[/intlink] and Microsoft has Released even more information about it: For Instance:
[ad#cricket-right-ez]

Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.(was reported to Microsoft on February 20, 2009.)

Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker. (was reported to Microsoft on March 4, 2009.)

As you can tell, this seems to be two different Variants starting to emerge.  Now let’s go a little bit more deeper shall we.  According to US-CERT(United States – Computer Emergency Readiness Team) , They claim that this is Widespread infection and have posted about it on there website TA09-088A.

My one questions is Why is the US getting ready for this Conlicker worm, are they worried that what happened to the Parliament will happen to some branch of the White House.  This seems to be an even more hype building over this worm.  Everyone will tell you the same thing, they are not sure what will happen on April 1, 2009.  I think it will be a normal day and all because with all news about the Conficker worm, the person who wrote this won’t want the light shined on them before they get there foot hold in systems.  So you will most likely not notice anything special on April Fools day due the awareness of the worm.

But don’t forget to update your [intlink id=”2205″ type=”page”]Anti-virus software[/intlink] and also might be time to add a good [intlink id=”2205″ type=”page”]free firewall to help protect yourself[/intlink] from this worm.

Windows 7 Beta Second RC to be released in May

Paul

According to Arstechnica, the Next version of Windows 7 Beta will be Released In May.

[ad#cricket-right-ez]It looks like someone flipped the switch a little early. The Windows 7 Release Candidate download page on TechNet has made a premature appearance, much like the beta download page did before the beta was released to the public. The public RC will apparently be coming in May 2009, and not in April as previously rumored. The RC testing program will be available at least through June 2009, and the actual build will expire June 1, 2010. Both 32-bit and 64-bit versions will be available in English, German, Japanese, French, and Spanish.
[Via Arstechnica]

It will be available soon to download. According to Ars this will be good until 2010, I am guessing around February or March but that is just speculation on my part.

Remember:

  • This is a Beta and when it is over you won’t be able to use the OS anymore

  • This isn’t the complete OS, Knowing Microsoft this will be limited in some way to encourage your to buy the full version down the road.  Also they want to have some features for only Commercial Release.

  • There will always be security holes when it comes to Windows 7 so don’t use it exclusively, since this is a beta.  Microsoft will not keep it up to date until it goes Commercial!

I did a podcast on this OS and if you want to hear the two discussion we talk:

  1. Mike Tech Show Listener Round Table Topic:  Symantec issue, Security, Web Hosting, Windows 7 Beta

  2. Mike Tech Show Listener Round Table Topic:  Windows 7 Beta

Both of the podcast we had a really good discussion on features and what we thought of the OS.  In the future when The next RC comes out we will want to get back together to talk about what they did different.  Please join use and let us know what questions you have.  This will better help us connect with the listeners.

The April fools Joke, You’ve got a computer worm!

Paul

Cluely’s blog talks about this and I thought I would talk about it a little myself!!

[ad#cricket-right-ez]This is the newest version of the Conflicker/Downadup variant of the little worm.  There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.

Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

[Via Graham’s Cluely Blog]

Now let’s talk about this a little, this worm won’t do anything else but ask for updates on April 1, and we don’t know when the virus writers will implement the update it could be a month down the line.  You could[intlink id=”3171″ type=”post” target=”_blank”] Backup[/intlink] your software and use the free program [intlink id=”2883″ type=”post” target=”_blank”]Autopatcher[/intlink] to help make sure your system is completely up to date with windows security.  You can’t forward the to that date to find out what will it call home to.    We don’t know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009.  So you should install [intlink id=”2205″ type=”page”]Anti-virus and Firewalls[/intlink] where you think it is needed.

I am sure though this will be an really big April Fools Joke from the Virus Programmers, they will be laughing at the hysteria of people trying to find out all the important information on April 1, and yet it might not start to happen until much later!!  You are the first line of defense from getting a virus or any malware.  So let’s keep our heads on straight and not go over board!  Only time will tell, and I am sure what happens on Apr 1, 2009 will be a new day.


New spam Campaign — Casino Anyone?

Paul

Looks like there is a new Campaign going on with regards to having VIP access.

geocitiesspam

So I go to the site:

geocitiesspam1

[ad#cricket-right-ez]

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

  • This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]

  • It also Changes your Autoexec.bat file.  (Not good)

  • Changes access flags on several different program (not good either)

  • It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.

  • It looks like it connects to the servers every time you boot up!! (Not good either)

I don’t know what it is trying to do but everything I see about this file makes me think this is trying to avoid virus detection.  I ran Kasperky and Avast file check, it came up clean.   I think what happens is you download the virus after you install this software.  I wouldn’t download this or install it, even though it advertise you 800% free that has to be scam or just a flat lie to get you to install software.  Everything about this program doesn’t make me want to to install this software, although it doesn’t seem to be a virus.  It however does make me want to delete the file.  Remember to use[intlink id=”2205″ type=”page”] Anti-virus and Firewalls[/intlink], that is your first line of defense.

Are You and Your Friends Fine — Virus Spam

Paul

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

virusspam

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

fakesvideo

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan.  It blocked it, but  the file that it is downloaded called “save.exe” and I have talked about [intlink id=”2991″ type=”post” target=”_blank”]flash player fake updates[/intlink].  I have seen other blogs talking about dirty bomb news report leads to malware.  I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links.  It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans.  You should have a fiewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.