CURRENT – Paul's Tech Talk

And the Oscar goes to . . . Not these guys!

PaulFebruary 23, 2009

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

[ad#ad2-right]

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

A fan wants to Release Windows 7 Now : My Security Concerns

PaulJanuary 29, 2009

After reading about this from PcWorld, I’ve went to check this site out. I went to his twitter accoun(Kelly Poe) to find out the site he put up and I am quite impressed. Here are few things that I am concerned about starting with the website.

[ad#ad2-right]I love the idea and all but I am quite concerned with the privacy of my email account. I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.

Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account. You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!

Now my main concern is Windows 7 right now and Security. You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet. It uses the the Ms 08-067 Exploit and currently Windows 7 does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.

Some vendors are yet to develop for Windows 7 beta due to it being a beta. Some others like Security Vendors are offering protection for Windows 7 Beta. This is mainly the Anti-virus software group, I would like to see more people embrace windows 7 as much as the security groups. Although this is the first step it would need to be more open response from Manufacturers and dealers alike they would need to get it to work making sure their drivers and such will work good with Windows 7. This is where it takes time, that is why I am glad it is a beta, it allows vendors and Companies a like a chance to test out their software and Hardware and even their drivers before the release.

Before I support this, I would like to see more happen to Windows 7 in some areas. For instance I’d like to see more compatability and more drivers and software that works for Windows 7. I’d also like to see Microsoft to take Windows 7 Beta Serious and Keep the Security up on it and not let it lapse. I’d want Microsoft to send out patches for Vulnerabilities just like Vista and keep people’s system updated so you don’t have to update them manually. I just hope Microsoft takes Apple’s example to heart and release Windows 7 without having to have several versions of the same Operating System.

Some current Threats in December

PaulDecember 19, 2008

Win32/Mydoom.R

[ad#ad2-left]

Win32/Mydoom.R is an e-mail worm for Microsoft Windows systems. Its file is approximately 28 kilobytes long, compressed by UPX. After decompression, its size is about 40kB.

Upon execution the form copies itself in the %windir% using the name java.exe. It also saves a file called services.exe there. This file is a backdoor component, that operates on TCP port 1034.

The following Registry entries are set to point to worm executables:

HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\JavaVM
HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services

The first entry contains path to java.exe, and the other points to services.exe.

According to the information on all the website in order to fix this you must use some anti-virus software.

[ad#ad2-right]

WORM_AGENT.AHQV [Trend Micro], Dropper/Xema.189952.B [AhnLab], Dropper.Small.LQ [AVG], Trojan.Crypt.Delf.AC [Bit Defender], Worm.W32.Agent-1 [ClamAV], IRC.W.W32.ClickIt.D [Otros], W32/Trojan3.AS [Authentium], I-Worm.Agent.ez [Quick Heal], Win32.HLLM.MyDoom.134 [Doctor Web], Trojan:W32/Agent.GCK [F-Secure], W32/Basine.C [Fortinet], Trojan.Crypt.Delf.AC [G DATA], Trojan.Crypt.Delf.AC [Ikarus], Email-Worm.Win32.Agent.js [K7 Computing], Email-Worm.Win32.Agent.js [Kaspersky], Worm:Win32/Mytob.SD [Microsoft], Win32/Injector.BZ [ESET], W32/P2PWorm.AAK [Norman], Trojan.Delfinject.Gen.3 [PC Tools], Backdoor.Win32.IRCbot.apj [Rising], Mal/Basine-C [Sophos], Dropper.Delf.26624.B [Hauri], Email-Worm.Win32.Agent.js [F-Secure], Backdoor/W32.IRCBot.28160.C [Otros], AGENT.ARQB [PerAntivirus]

According to the information on all the website in order to fix this you must use some anti-virus software. This one is a variant and should be dealt with as if it it the actual worm. It seems to be spreading through P2p and Email fooling the person into running programs. So be careful out there.

Disaster preparation 101 — Data backup

PaulDecember 18, 2008

In this one I will talk about Disaster, it happens to all of us from time to time. A fire, a earthquake, a stolen laptop or any number of ways. So what happens to your data, is it stored on the laptop? Is it important very sensitive data? Could you get fired if you lost that data?

[ad#ad2-right]These are all questions you must ask yourself when you have laptop. How do you backup your data or even do you have a backup? Having seen this with my own clients, I must wonder if there are people out there who just don’t care. I had a client the other day who gotten a virus and this was a really mean virus. Deleted some very important files when you tried to clean the virus out. She called me in a panic because she couldn’t load up windows? I asked if she had any backups, she said “what’s a backup” . So I sat there discussing this with the client for over 20 minutes. Finally she started to understand, she said she had the OEM Backup DVD but nothing else. She also said she needed help with getting data off the computer. I told her that I would be able to come the next day and I was lucky the virus didn’t do anything else to her data. We were able to retrieve the data from her system. That is where I start my rant , Why would anyone not have backup of there most important data?

So How do you backup your data? This is controversial and somewhat depends on how much people want to spend to keep there data safe and not loose pictures or music. There are several ways to do it, each way has it’s pitfalls or short comings and requires a little more effort:

Kinds of Backup

Hard Medium – DVD, CD, External Hard drive

Wikipedia’s List of DVD backup Software — This is good for beginners who want to explore how to backup options.

Free Hard Disk Backups and Restore Software — Gives you a list of great free backups and restore software to help you backup your system.

GoodSync Backup — This isn’t free but helps you backup your software to an external drive and makes sure you have the most current files on your system.

Some other Backup Software — This is a variety of good backup software from Amazon.

Although, The hard medium is usually used that doesn’t mean you can have a backup other than hard. Here are some ways to back up on the internet.

Internet Medium:

Jungle Disk — Provides online storage through the Amazon s3 service. Only pay for what you use. It works well with most Operating system. I’ve used it on Vista so it is really nice.

Carbonite Online backup –Another good Online storage.

Some Other Online backup — Here a list from Amazon to better help you find the type of software that you might need.

These are just a few options, if you want to look for other you can. The important thing to do is BACKUP because if you need some data that gets wiped or destroyed. You will be kicking yourself for not backing up.

Removing Win32/Bagle.HE worm

PaulDecember 15, 200815 Replies

Here is another virus that seems to be spreading lately. From the looks of it, it sees to be another email worm. Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

[ad#ad2-right]Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

Documents and Settings\All Users\Application Data\hidn\
hldrrr.exe

Documents and Settings\All Users\Application Data\hidn\
hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

[ad#ad2-left]It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

[via 411 on PC Security]

According to this site you can remove it by doing some steps. I think Kaspersky has an easier way to remove it and it looks like most anti-virus software will remove this. You need to remember that only you can prevent this from the future. You should also update your windows update and make sure your system is up to date.