Category: Windows Vista tips

Mikeyy Worms stills going around Twitter

Paul

It seems Mikeyy has spawned a new and improved little advertisement:

Twitter, hire Mikeyy! (718) 312-8131 🙂

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won’t direct you to it. I just hope this doesn’t keep up to much longer. If you’ve been infected with this worm I would refer to my other [intlink id=”3308″ type=”post”]post about removing the worm[/intlink]. I do know if you aren’t logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.

StalkDaily.com was the culprit afterall!!

Paul

In my previous post, [intlink id=”3308″ type=”post”]about StalkDaily[/intlink] I thought they were the innocent party in all this:
stalkdaily3

[ad#cricket-right-ez]Now he talks about how he did this and claims responsibility for the Twitter calamity. According to him he did this out of boredom, and needed a way to make money. I am wondering if Twitter will do some legal actions against him for the time it took to fix the problem and fact that it caused so much widespread panic for people to not trust Twitter makes me think that Twitter would have a real good case against a 17 year old who was trying to gain the system.

Then the people who have lost followers or have had problems with their twitter are going to be mad to, They were the innocent party and did not know about the Cross Site Scripting Vulnerability, although it doesn’t appear to have gotten any passwords or sensitive data.

Although It does prove a p0int that the no script addon in Firefox is looking to be more and more needed as people search through the web.

Online Episodes helps Adware Installer Zango

Paul

I was surfing the web hoping that Mythbusters would start putting there episodes online and I the first link that I get a website that looks like this:

mythbusterzangosite

This site even has the Theme music playing as if it was affiliated with Discovery Channel’s Mythbusters show.   If you look at the screen shot above you will see who someone has been keeping this site updated with the most current episodes of Mythbusters.   So I check out The Season 7 Episode 1 – Demolition Derby Special and I was curious as to what would happened if I clicked that link, and this screen pops up:

mythzango1

So I have to install this Zango Software to view this show?  So I find out go doing my research about Zango and Wikipedia says:
Zango, formerly ePIPO, 180solutions and Hotbar, produces software that provides access to partners’ games and DRM-restricted videos and software. Zango software is listed as adware by Symantec.[1] McAfee states, “this program may have legitimate uses”, but describes it as a “potentially unwanted program”, and an “adware downloader”

[Via Wikipedia]

I didn’t like the sound of this but I wanted to see what my AVG would say when I downloaded this software, and it pops up with:

zangowindowsdef

[ad#cricket-right-ez]Windows Defender comes back with Win32/Zangosearchassistant warning,  and thus I go around checking out this adware out around Google and I am seeing reports after reports on asking how to get rid of this Adware.  Some of the ones that I think would help people get rid of this program is:

If you haven’t installed [intlink id=”2205″ type=”page”]anti-virus or Firewalls[/intlink] this would be the first thing to do.   I’ve also read some reports about Zango that are quite disturbing like these:

Although these are just a few examples of what I found out just Googling Zango, I thought I would share these with you.  There are more examples like Zango’s Facebook Widget that I will say acts like adware and encourages you to send to 5 different users.  Although Facebook as Stopped this widget, we all know that Spyware and Malware is being used on social networks and will be undoubtedly be more and more in the future.   Remember you’re the only one to prevent having a virus.

A side not, if you did  try to install this software you would need to be and Administrator and that also concerns me because the type of stuff they are claiming in the EULA is Browsers stuff which shouldn’t need Administrator rights or at least I am not going to give Adware that right.   Zango is being Classified as Adware and I am only reporting that the software is being clasfied as Adware, but Zango claims it not.   This is where the End Users decide if it is or not, I however think it is!! I am also sure there are other sites like this that are trying to get you to install this software to view movies, and shows. Your best bet is to not install the software and go to Hulu or Fancast to find safe movies and shows.

Conficker Gets a new Look : Spyware Protector 2009

Paul3 Replies

Looks like the Conficker Worm has changed directions according to Viruslist:

One of the files is a rogue antivirus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido, detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[See Pictures of website at Viruslist.com]

[ad#cricket-right-ez]From my understanding of this worm, it seems to be trying to [intlink id=”3114″ type=”post”]scareware tactic[/intlink] trying to get you to pay $49.95 to remove these threats. F-secure has also seen this worm and thinks this is doing what the Waldec virus is doing by becoming a spambot. According to Eset, the botnet is larger than most and this could create a problem in the future.  It seems that it used the p2p to distribute this update so they could bypass the domain blocks that were in place.

I will tell you this, if you get the warnings you are infected by all means go to my [intlink id=”2205″ type=”page”]Malware resource page[/intlink] and do a scan from the trusted sources.   I will update as I get more information on this little development.

Microsoft released April Patch list for Patch Tuesday

Paul

aprilpatchtue

To see what systems are affected please see the bulletin for further details.   Some of the updates have to do with IE 6 and IE 7, maybe it is time to update to IE 8.  It looks like if you update to IE 8 you will not have to worry about the Remote Code Execution.  There also seems to be a remote code execution for DirectX 9.0A, B, and C.  This however doesn’t affect DirectX 10 and if you have a Vista machine please consider updating to DirectX 10.

[ad#cricket-right-ez]

The other one is a MSDTC program that has a vulnerability of Elevation of Privileges that needs to be fixed.  There will of course be more than this for April but these are the ones that Microsoft has determined to be release for Tuesday.  There are going to be at least 8 Different patches for Windows XP, and some For Vista.  Some will be only for XP and others will be for XP and Vista.

Then Microsoft Internet Security andAcceleration server will have an update to prevent a Denial of Service attack.  This will be needed to patch on the server side as soon as possible.  Then there is the Excel Remote Code execution that needs to be fixed.  It looks like CVE-2009-0238 is the one that this is being patched for but this is only a guess.

Now is the best time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] ready for this update because this will be quite a big update.  You should also update your [intlink id=”2205″ type=”page”]anti-virus software and Firewall[/intlink].