worm – Page 4 – Paul's Tech Talk

A fan wants to Release Windows 7 Now : My Security Concerns

PaulJanuary 29, 2009

After reading about this from PcWorld, I’ve went to check this site out. I went to his twitter accoun(Kelly Poe) to find out the site he put up and I am quite impressed. Here are few things that I am concerned about starting with the website.

[ad#ad2-right]I love the idea and all but I am quite concerned with the privacy of my email account. I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.

Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account. You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!

Now my main concern is Windows 7 right now and Security. You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet. It uses the the Ms 08-067 Exploit and currently Windows 7 does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.

Some vendors are yet to develop for Windows 7 beta due to it being a beta. Some others like Security Vendors are offering protection for Windows 7 Beta. This is mainly the Anti-virus software group, I would like to see more people embrace windows 7 as much as the security groups. Although this is the first step it would need to be more open response from Manufacturers and dealers alike they would need to get it to work making sure their drivers and such will work good with Windows 7. This is where it takes time, that is why I am glad it is a beta, it allows vendors and Companies a like a chance to test out their software and Hardware and even their drivers before the release.

Before I support this, I would like to see more happen to Windows 7 in some areas. For instance I’d like to see more compatability and more drivers and software that works for Windows 7. I’d also like to see Microsoft to take Windows 7 Beta Serious and Keep the Security up on it and not let it lapse. I’d want Microsoft to send out patches for Vulnerabilities just like Vista and keep people’s system updated so you don’t have to update them manually. I just hope Microsoft takes Apple’s example to heart and release Windows 7 without having to have several versions of the same Operating System.

‘Life Owner’ won’t delete your data!

PaulJanuary 27, 20091 Reply

I received this email from a friend and wanted to talk about this:

VERY IMPORTANT , PLEASE READ THIS

Anyone-using Internet mail such as Yahoo, Hotmail,
AOL and so on.

[ad#ad2-right]This information arrived this morning,
Direct from both Microsoft and Norton

Please send it to everybody you know who has
access to the Internet.

You may receive an apparently harmless e-mail titled ‘Mail Server Report’

If you open either file, a message will appear on your screen saying:
‘It is too late now, your life is no longer beautiful.’

Subsequently you will LOSE EVERYTHING IN YOUR PC,
And the person who sent it to you will gain access to your
name, e-mail and password.

This is a new virus which started to circulate on Saturday afternoon.
AOLhas already confirmed the severity, and the anti virus software’s are not capable of destroying it.

The virus has been created by a hacker who calls himself
‘life owner’.

PLEASE SEND A COPY OF THIS E-MAIL
TO ALL YOUR FRIENDS, And ask them to
PASS IT ON IMMEDIATELY!

THIS HAS BEEN CONFIRMED BY SNOPES.

http://www.snopes.com/computer/virus/mailserver.asp

After doing my little research, I’ve come to the conclusion that this is nothing more than a warning that someone went over board on. I’ve check this on Snopes and it says that:

This latter version is difficult to classify as either “true” or “false”: The virus it references (i.e., the Mail Server Report worm) was a real one, but it’s neither new nor currently rampant (as claimed in the warning text), nor does it manifest itself in the fashion described (since the “symptoms” provided in the warning are merely a reworking of the text of an earlier virus hoax). All in all, that message doesn’t really merit the dire warning to “SEND A COPY OF THIS TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!”

I decided to send a reply to my friend who email me this “Warning” and tell him this:

[ad#ad2-left]Although, This is a real worm. It however is over hyped and under no circumstances will it delete your files. I’ll quote from F-secure:

Warezov.W is a mass-mailing worm that sends itself as e-mail attachments to addresses found on the infected computer.

Typically, a mass-mailer arrives on a computer with an infected e-mail message. In some cases, the infected attachment can start automatically. In other cases, the system is infected when the user opens the attachment. When a typical mass-mailer is activated, it installs itself to the system and creates a startup key for itself in the Windows registry. It then stays active in the system’s memory. While active, the mass-mailer searches for specific files (HTML files for example) on all available hard disks for e-mail addresses. Finally, it connects to an available mail server and sends itself to all the addresses it has found.

Aside from this, Warezov.W also downloads another worm variant from a specified website on the Internet.

According to all my sources is if you are worried about this worm, then I highly recommend a good Anti-virus and Software firewall. This worm is easily detected by all the free anti-virus software out there. I like AVG because it scans all incoming emails before you even touch the email. Please don’t forward that to anyone else it seems to be an old email warning that isn’t really a warning anymore. It seems to be a scare email where there is no real chance of your data going bye bye. Just thought you’d like to know!!

So I tell you this, if you have any question of the likely hood of any emails you happen to come buy, you best best it to google it or ask your friend before you open the email up. It is best also to scan all email attachments before even considering opening them.

Valentine’s Day Brings More Malware!

PaulJanuary 26, 2009

Panda Labs talks about this new technique where it tries to install W32/Waledac.C.worm under the thought of someone special. It sends out email to people hoping to click links such as:

hxxp://goodnewsreview.com

hxxp://worldnewseye.com

hxxp://www.spacemynews.com

hxxp://www.worldnewsdot.com

hxxp://www.worldtracknews.com

hxxp://www.wapcitynews.com

hxxp://linkworldnews.com

hxxp://goodnewsdigital.com

hxxp://waleprojekt.com

hxxp://expowale.com

hxxp://topwale.com

hxxp://waleonline.com

hxxp://goodnewsdigital.com

hxxp://wapcitynews.com

hxxp://bestgoodnews.com

hxxp://spacemynews.com

hxxp://linkworldnews.com

Once your at the site, clicking on the hearts you would then download an file that is the worm!! SO here are some things to remember.

If you don’t know the person, then it’s probably spam. If you know the person you need to ask them before you run the program. You also need to scan any downloads before you run them. Go to my Malware Page and get a free Anti-virus and Firewall. For the likely possibility this worm seems to search the computer and harvest email addresses, you should also warn the person who email you the link to let them know that they are infected.

Alarming results are coming from the Conflicker Worm

PaulJanuary 22, 2009

[ad#digg-right]Today I’ve been doing research because I surprised how many people have searched for the Conflicker Worm/Virus and I wanted to point just how bad this is getting. I was looking on Twitter about this some more and here is what I found out:

Over a million conflicker hosts: Are you responsible for any of them? (http: //tinyurl.com/awpeep

[Via twitter Hevnsnt]

Now I went there and he seemed to of added “)” to the URL so I took that out and here’s the URL to check this out. I went there and saw all these IP(Internet Protocols) and it claims that it is over a MILLION. I don’t know if it is true because I stopped the list of IP’s due to the size of list.

I also wanted to talk about the rate at which people are finding this site due to the conflicker virus/worm infecting their systems. As you can see it is steadily increasing as more and more people are trying to find out how to get rid of this very pesky infestation. See below for some good resources to get this annoyance.

I went back to twitter and some other places to find out what people are saying about this virus and I found this interesting comment:

Conflicker Virus has locked out my work account again…. slightly upsetting it keeps trying to break my account password

[via Twitter twitpaul]

[ad#ad2-right]According to one blog post, they seem to think this is a test worm trying the waters out to see how well it works. I tend to agree with this blog post because of the unlikely hood of just infecting systems for fun. I also think they are going to use this worm/virus for a Botnet. There have been several post about this being a possible Botnet setup. Acording to Computeworld, They claim this is building a Botnet and I tend to wonder if this was a bad deployment or if they are just reading to start this up after so many computers are infected.

I don’t know what to call the Conflicker a Virus or a Worm. So I’ve decided to just use both. I’ve been telling people to patch there system as soon as possible. I’d also tell people that you need a good AV and a Good Firewall. Although this sometimes won’t prevent you from getting a virus you will undoubtedly need to disable Auto run. Here are some good resources to better help you get this virus off your system:

F-secure Downadup Removal Tool

Symantec 32.Downadup Removal Tool

Bit Defender Removal Tool

Malware Resource

As you can see there are several different options to help remove this virus and I thought I would list them here. I have heard how hard this virus is to remove and I want to help people remove this virus. Some other things to consider is disabling your restore points before you remove the worm, or it will just come back.

Apple’s Not immune after all

PaulJanuary 21, 2009

In a recent post from the San Internet Storm Center:

Apple

APPLE-SA-2009-01-21 QuickTime 7.6: Multiple vulnerabilities all them referencing “arbitrary code execution”. (CVE-2009-0001, CVE-2009-0002, CVE-2009-0003, CVE-2009-0004, CVE-2009-0005,CVE-2009-0006, and CVE-2009-0007)

APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component: arbitrary code execution. (CVE-2009-0008)

[ad#ad2-right]Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac’s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

In Any case It is time to update the software and maybe think about installing anti-virus software also. Although the Mpeg-2 Playback Component vulnerability is for Windows Vista, XP SP2 and SP3. You can see where a hacker would use that for a windows system very easily. So you must be careful what you click on and remember that your no longer safe. You know how they will want to test out the waters for OSX just because they could so this year I predict Apple will start having even more Malware and Viruses than ever before.