Detected – Paul's Tech Talk

Polymorphic w32/Scribble and what that is:

PaulFebruary 12, 2009

Having read the Graham Cluley’s Blog about “Court halted by fast-spreading virus“. I wanted to talk about this one because of the need to let people know about this little Virus and what you see when you are infected.

This virus modifies the Windows Host file so it redirects the host to a loopback address. It also uses the I-frame Injection into HTM, PHP or ASP file extensions. W32/Scribble-a, also known as Virus.Win32.Virut.ce, PE_VIRUX.A, or Virus:Win32/Virut.BM allows a users to control the machine through IRC.
[ad#ad2-right]

Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).

[Via Graham Cluley’s Blog]

Sopho’s Has a removal tool for this to help disinfect a system that is infected. I also want to remind people about the need for backups and the need for Anti-virus Software, including a free firewall, will not protect you 100% of the time but will help you identify and possibliy remove a virus, Trojan, and worm from you system. Just like the seriousness of the Conflicker Worm, this too should be taken seriously due to how it is easily spreading. And with Valentines Day just a few days and some Other Holidays that will be coming up, you can bet this virus will start infecting even more systems. You should also backup your data weekly if not monthly. I’d suggest doing a backup on a Early Sunday Morning before 4am so the system won’t be used. I’ll update you if there is anything else about this virus on my blog later. Just wanted to let people know to be watching for this little virus on and offline!!

Trojan.PWS.ChromeInject.A is not a Firefox plugin.

PaulDecember 5, 2008

A new type of malware designed to harvest web passwords has been detected in-the-wild by BitDefender’s antivirus research labs. This latest e-threat – called Trojan.PWS.ChromeInject.A – is intended to be delivered onto a compromised computer system by other malware for subsequent download into Mozilla Firefox’s Plugin folder. Once installed it gets to work every time Firefox is started.

[Via Bitdefender]

[ad#ad2-right]So having seen this I thought I’d come up with ways around this to better protect yourself. One way to prevent this from getting your sensitive data is to get a program like Sandboxie. You could stop using Firefox that would be silly, because right now Firefox is more secure than Chrome and Internet Explorer. I’d also suggest checking out my Anti-spyware page and Anti-Virus page and get some more protection.

The key to this virus protection is just be cautious of where you go and keep all you system update to date to prevent all this from happening. It is also advisable to not have your passwords saved on Firefox, you should use something like Roboform, it is free to download and try. It will encrypt your passwords so if they don’t know the master password then they are out of luck. Roboform is also good for coming up with some strong passwords. Just some suggestions to prevent from people seeing your sensitive data, you don’t want anyone to get that data.

Spying on Spyware.ISpynow!!

PaulNovember 29, 2008

[ad#digg-right]This is another Virus that is going around and thought I’d tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

[ad#ad2-left]Now this one isn’t to hard to figure out what happened. You have to manually install it on your system to get infected. Symantec has a great way on uninstalling this annoyance. I also suggest checking out my other program list just in case you don’t want to buy Symantec Anti-Virus programs. Some other things to check out is:

Avg detected Trojan Horse Generic 12.htc? – This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.

Some Important programs to prevent yourself from having viruses and Malware!! — This article gives you some other programs to use other than Symantec. You have a wide variety of choices on Anti-virus programs and Firewall Choices. You also have some choices on Spyware removal programs.

This is just the beginning in getting your system clean. You have to keep all you programs up to date and one way I do that is with Appsnap. This little program keeps you programs up to date from Virus to Firewall. I hope this helps people prevent and control spyware.

Some program Vulnebilities Detected!!

PaulNovember 25, 2008

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

[ad#ad2-right]iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.

These are the ones that I found and wanted to let you know about these so you can make your system even more secure. if I find any others I’ll let you know!!!

You have an undelivered UPS/FEDEX Package. (Virus)

PaulNovember 12, 2008

From what I’ve seen so far. There seems to be a new rash of email going around with the heading that makes it look and feel like either UPS or Fedex. Saying that you have an undelivered package from them and to either print the order confirmation or to click a link. I will say this once, if you get this delete it. Fedex and UPS will never hide the link and tell you have an package waiting in the email. They will leave a note your door. You must ask yourself how Fedex/UPS found out your email address to tell you have a package waiting? They don’t and they won’t, just a fact.

[ad#ad2-right]UPS/FedEx Delivery Failure : Snopes

TROJ_DLOADR.GG and TSPY_ZBOT.NM Trojan, which will Monitor and try to steal your data. The other one is a ZBot and will try to steal you data also. If you need help removing this virus, I’d suggest checking out my other virus article Avg detected Trojan Horse Generic 12.htc?. There are a lot of ways to remove this virus but the first step is never click on any links in your emails. I also wrote about Some Important programs to prevent yourself from having viruses and Malware!! This will help prevent and fix the common virus problems you might have.