Rogue Fake Codecs on the Rise

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

Time to update Adobe Flash Player 10.0.22.87

Adobe has issued a patch for some of the exploits in the wild. This should be installed on any system that isn’t up to the date with Adobe’s player. If you want to check your systems version you can go here and it will tell you what your version is and what the current version is.

If it doesn’t look like this:

Then your on the wrong website.   According to Adobe this fixes CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521.

This update resolves a buffer overflow issue that could potentially allow an attacker to execute arbitrary code. (CVE-2009-0520)

This update resolves an input validation issue that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com has been deployed to avoid a potential Clickjacking issue variant for Flash Player. The Settings Manager is a special control panel that runs on your local computer but is displayed within and accessed from the Adobe website. (CVE-2009-0114)

This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)

Microsoft Updates the Autorun Patch KB967715

The updates offered in this article correctly disable the Autorun features. These features were not correctly disabled if you followed previously published guidance. The updates that are offered in this article have been distributed to the following systems through the Windows Update and Automatic update distribution channels:

* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2

This will help with the Conflicker Worm, also known the new variant Conflicker B++. Microsoft released this patch to better help the Administrators deal with the problem at hand. That the Conflicker worm exploits the autorun feature in most system. The Administrators need to disable the Autorun feature the right way, or it will not prevent infections.

Microsoft releases the necessary registry keys to edit and how want updates are needed to make this work. This will make it much harder for any program to exploit the Autorun feature in Windows.

TINYURL being used by scammers and hackers — How to prevent it!!

With Phishing attempts going on with the TINYURL redirect website, I thought I would show you how you could prevent from going to a site you don’t want. Tinyurl.com has a great little feature, although it is a feature based on your cookies. It however will help prevent you from going to a site that you don’t know anything that about. It’s called the Preview Feature, and is available to any user who wants to use it.

As you can see if you enable it and you go to a click on a tinyurl, you will see this:

http://tinyurl.com/6t7ukk

As you can see, if you click any TINYURL links you will automatically be told where that link is redirecting you to. This however only works with there being a cookie left behind in your system to let tell Tinyurl that is has to show the link first. So if you clean your cookies out from time to time, you will need to enable it every time after you clean the browser cookies. This will help prevent you from being phished because you will be able to tell if it is the right site in the first place. If not then you don’t have to visit that site. This should be enabled on all Short URL Sites, I hope they make it a mandatory for any site that redirects. This would help stop phishing and scammers because they can’t hide behind unknown url. Only time will tell though, these sites are always going to have problems but this would solve so many problems.

Oh My I got the Presidents Attention!!

I just got an email telling me:

Barack H Obama (PresidentBarak) is now following your updates on Twitter.

So I go to the click the link and I see this:

Wow, I didn’t know I was this influental to get the Presidents attention(NOT).

http://www.economygrantprogram.com/

After checking out the profile I see that it has a link to a site that basically asking for your personal address and your email account. After I go check the site I see in really small catch you have to pay 3.95 for Shipping and Handling. Well You know what they say, nothing ever is Free. This looks to be a way to get email addresses to spam in the long run. I wouldn’t give them any information because this is looking to be a scam and I hate scams. You best bet is to go on with your life and report this spam to twitter. This however got my attention because of the who it was, and that is probably why they chose the name. It is however quite funny.

Days like today, I want to take off : GMAIL Down!!

It looks like they are having some troubles with Google MAIL today. This is one of those days I would love to actually go into work to day. If you want to check the status of Gmail You should visit there support page. I have checked it out and it does appear to have a problem with HTML and JAVASCRIPT, but the IMAP functionality seems to work just fine. I have been able to to receive email through IMAP although being kind of slower then normal but It is at least working. SO “DON”T PANIC”, the service will be up and running sometime today!!

*Update*

As Of 7:30am EST the service is back up on my network. So like I said no worries. Good Job Google!!

And the Oscar goes to . . . Not these guys!

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

You won’t make money from W32:Sality.ao

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

• PE_SALITY.JER (Trend Micro)

• Virus.Win32.Sality.aa (Kaspersky)

• Virus.Win32.Sality.y (Ikarus)

• Virus:Win32/Sality.AM (Microsoft)

• W32.Sality.AE (Symantec)

• W32/Sality-AM (Sophos)

• W32/Sality.AE (Norman)

• W32/Sality.AH (Panda)

• W32/Sality.AK (F-Prot)

• Win32.KUKU.a (Rising)

• Win32.Sality.OG (BitDefender)

• Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

Being a Bad BOT!

I had the strangest thing happen today, Seemed a Bad Bot was Crawling my pages. I was getting at least 60 page views an hour from this bad Bot!! The individual IP’s of this Bad Are:

65.208.151.112
65.208.151.113
65.208.151.114
65.208.151.115
65.208.151.116
65.208.151.117
65.208.151.118
65.208.151.119

After the first initial hour of this going on, I started wondering what this bot was doing.   I did some more research into this little bot.   I did find out it is owned by Kintiskton LLC.  (Twitter Search)

Anyways It bothers me that when you do a Google Search for this company, it comes back with no company.  Some people have already did there research and have come up with very little.

I dug even more and some are saying this might be Homeland Security, and I have my own thoughts on this.   I might be paranoid myself but if there is no company out there and the IP keeps coming back, I assume it is BAD mojo.  Some people worry that it is a hacker probing for vulnerabilities and that worried me.

I decided with the Help from Godaddy, to ban the lot of IPs.  I figure someone is trying to get information or trying something they shouldn’t, I’ll stop it myself.   If you have Wordpress and are also having problems with this ip, you can ban it by adding this to your HtAccess file:

PDF Zero Day Vulnerability in the Wild

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

Careless Facebook profiling can lead to Identity Theft!

I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn’t believe what I saw:

As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity.   You shouldn’t be broadcasting your DOB and who your married to to your friends, just in case they get hacked.

Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their “walls” – personalized message boards.

[Via Computing.Co.UK]

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

Tech Journalist breaks the silence — Journalist got Pwned!!

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam

[Click Picture to see the full story]

As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

Zero Day For IE7 Being used in the wild.

It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

[Image from TrendMicro Blog]

As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

Not safe to download a worm : Project Snowblind

It looks like I missed this one yesterday. There seems to be a rogue and probably somewhat of a warez version of the game Project Snowblind.

ccording to Sophos:

Project: Snowblind is a multi-player first-person shooter (in the same genre as Doom) released by Eidos Interactive a few years ago.

A closer examination reveals that the installation program comes with a little nefarious piece of malware (detected by Sophos as W32/Rbot-GXL) that will drop a file called vghhost.exe. This file is actually a network worm as well as an IRC backdoor Trojan.

I must also tell people that if you want to download the demo, you can download it from the EIDO website and Download.com website. I will say I didn’t know about this one until Technibble, published something about this.  Some of the things he publishes are great for the IT Professionals who want to start their own businesses.

I also suggest the Computer Repair Utility Kit, It can be used on a USB and has some good programs that you can use in Computer repair.

Polymorphic w32/Scribble and what that is:

Having read the Graham Cluley’s Blog about “Court halted by fast-spreading virus“. I wanted to talk about this one because of the need to let people know about this little Virus and what you see when you are infected.

This virus modifies the Windows Host file so it redirects the host to a loopback address. It also uses the I-frame Injection into HTM, PHP or ASP file extensions. W32/Scribble-a, also known as Virus.Win32.Virut.ce, PE_VIRUX.A, or Virus:Win32/Virut.BM allows a users to control the machine through IRC.

Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).

[Via Graham Cluley's Blog]

Figuring out the Hole for The USB Cricket Card? UM100C

So you bought and you see:

You probably wondering what that can be used for? Here’s what I know and from what I found out. That little can be used as an external Antenna. You could also use this to boost your signal and be able to use this for places that might not be getting a better speed upward and downward bandwidth. You see it all depends on where the Cell Towers are. Although this will likely help those who are either 1 to Almost Zero signal, it will not help those who are outside of the network. It might help and it might not, it depends on the location your at and the closest coverage area. If your on the edge of the coverage area and you buy this antenna it Should boost your signal and get you a better speed. I will not say it will help but in theory it could help. If you want to find out the other post that I have done on this subject please check my Cricket tag for more information.  Although it varies on person to person, and region to region this is going to be a variable that will always remain in the grey.   Only way to find out is to try it.

Patch Release information Feb 10, 2009

I just got the patches that were sent down from Microsoft., Here’s what I do know:

Cumulative Update for Media Center for Windows Vista (KB960544)

Download size: 12.0 MB
You may need to restart your computer for this update to take effect.
Update type: Recommended

Install this update to resolve issues with Media Center for Windows Vista. For complete list of the issues that are included in this cumulative update, see Microsoft Knowledge Base article 960544.  After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://go.microsoft.com/fwlink/?LinkId=137169

Help and Support:

http://support.microsoft.com

Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB961260)

(CVE-2009-075, and CVE-2009-076)Download size: 7.9 MB

You may need to restart your computer for this update to take effect.

Update type: Important

Security issues have been identified that could allow an attacker to compromise a computer running Microsoft Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

Internet Security Companies Warn about Patch Tuesday and Valentines Day.

With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

ThePirateBay might be blocked in the US

I was looking around on Google and thought I just for giggles check out the Piratebay complaints. I tried going to the site and here’s what Popups:

I tried on OpenVPN and my Local ISP, It keeps saying that. I then tried on my Cricket Modem and it tells me the connection has been interrupted, like something stops the connection in the first place. I can ping it and I can Tracert the Site but I can’t even view it. I would like to know if Anyone else is having this problem also. Although I’ve not checked Thepiratebay.org complaints for quite some time because I’ve been so busy with my website. If you want to watch your favorite shows check out these sites like Hulu, CBS, NBC, ABC, ABC FAMILY and TNT.TV for free. I am just curious as to what happened and does this have anything to do with Net Neutrality?   Anyway I wanted to talk about this and see what people are saying.  Anyone know what is going on?  Let’s talk about this and help everyone by saying what you know.   I don’t know if Thepiratebay.org is down but I do wonder if someone is preventing people from getting to the website.   I’ll update when I have more information.

Twitter Spammers are getting more smarter

I got an interesting email about someone following me. I went to go check out there profile and Guess what I see:

As you cann se this account only had one post but people seem to be following back due to the picture and the bio.   I checked the account about 30 mins later and here I will show you:

It seems that if people see it has a picture and a bio that doesn’t sound like it is is advertising anything, they will simply follow them back.  That really isn’t a good idea.   Sooner or later they will start sending out spam to people who are following just because they haven’t been caught.   I also checked out the Web site they have new there bio and it leads to http://www.squidoo.com/twittertipstricks. I hope the website knows their link is being used by a spammer. Although this could be a 2 for one deal for having there link also being used for spammer so they can get traffic to there site. I would be worried my ISP doesn’t cut my website due to THE TOS. Although I serious doubt it would happen I do know it could happen. So users are being fooled by spammers, and people aren’t looking hard enough into the account. Users should be warned they shouldn’t just follow back if it looks like it is a person. I know this is a robot and expect it soon to start sending out spam to all those people who are following.   I just thought I’d share what I found out.  If you clicked on the tinyurl.com it sends you to Partnerwithpaul.com website which talks about making money like all other spam.   Just be careful you don’t end up having regrets on following people who are bots.

Understanding Adsense for the Beginner

So you have a website and you’d like the site to pay for itself. That can be arranged it however depends on your website performance. You see you won’t make a lot of money if you don’t have several things going for you. I thought I share with you my experience with making money through Adsense. As you saw, I made enough money to pay for the website for 5 years. It isn’t hard to make money it is however very difficult to keep getting the money. Most people don’t know the tricks to making money with Google’s Adsense.

I’m here to help you out a little with understanding it and getting even more money from your adsense.   So here we are 3 months into to putting Adsense seriously on my site and let’s take a look shall we:

Upcoming Patch Tuesday for February 10, 2009

Microsoft Today has released the list of patches for February. Here’s the List of things they will patch:

• Internet Explorer — Remote Code Execution (Require restart) [ CVE-2009-0075 CVE-2009-0076 ]
• Exchange — Remote Code Execution (No Restart Required) [CVE-2009-0098 CVE-2009-0099]
• SQL — Remote Code Execution (May Require Restart) [CVE-2008-5416]
• Visio — Remote Code Execution (May Require Restart) [ CVE-2009-0095, CVE-2009-0096 and CVE-2009-0097]

The list of affected operating configurations includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), and Windows Server 2008 (x86 and x64). Microsoft Exchange Server 2000, 2003, and 2007, Microsoft SQL Server 2000 and 2005, as well as Visio 2002, 2003, and 2007 are also affected.
[Via Arstechnica]

We got several Non-critical updates.  Here’s the List of them, some of these are monthly updates and some are just interesting to look at:

• Update for Windows Mail Junk E-mail Filter [February 2009] (KB905866)
• Windows Malicious Software Removal Tool – February 2009 (KB890830)/Windows Malicious Software Removal Tool – February 2009 (KB890830) – Internet Explorer Version
• Cumulative Update for Media Center for Windows Vista (KB960544)

Scams about Stimulus Checks

It’s that time of year where people are hearing about the Stimulus Checks and some Phishing people are still trying to get people’s information for your bank account and steal your identity. One such one is sending out email for the 2008 Stimulus Program this email account looks to be “stumulusref@i-r-s.com”. As you can see this is a .com email address and not a .gov address.

The IRS will never send out email. The IRS will never ask you for your PIN or Any personal information. Don’t reply and don’t open any attachments, more like is if they send out any attachments they are going to be a virus and you will infect your system with any number of possible viruses out there. To protect yourself from virus you should consider installing one of the many free anti-virus softwares and also installing a firewall will help protect you. Only true way to prevent yourself from being a victim is YOU. No one else can keep your information private but you.

Offline Update 5.0, Clone of Autopatcher to Some!!

Offline updater 5.0 has been released a couple months ago and I just realized it now.  This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft.  The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections.  This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install.   You can take a DVD and update on the fly within Mins.   DVD being Cheap or buying them in bulk helps saves time and money for the company.   Less time spent downloading the updates and more time actually getting work done.  As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm.  This would help install the updates that it prevented you from doing in the first place.  I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again.  You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.

Superbowl 2009 Ad’s are on HULU

Now I don’t have to watch the Superbowl to see all the ads. The Day after the Superbowl, Hulu releases the ads that were at the half time. So here they are:

So what ones do I like:

• Firestone : Taters
• Star Trek Trailer — I can’t wait for the movie to come out.
• Monster’s VS Aliens (3D Glasses required) — Dreamworks is now only doing 3D.
• Transformers 2 Revenge of the Fallen Trailer
• Race to Witch Mountain Trailer
• Alec in Huluwood — Hulu gets even more people to come to their site.
• Up Trailer

These where the ones that I liked, they had some other ads for like Monster.com and Cars.com, and also Careerbuilder.com. I see they had some Budweiser advertising in there too but really don’t get me interested as for trailers and the really funny ones. Hope you get a laugh like I do.

Windows 7 UAC a Security Risk?

I just got done reading a blog post about how you could with an easy to make script disable UAC all together. According to Long Zheng, he states that how a malicious software could circumvent the UAC by turning it off.   I simply love the new look and feel of the UAC and hope they can come up with a way to fix the problem.

According to him there is a way to fix this and keep all the new features set.  He has provided the proof of concept for turning of UAC without having it ask. You can download it yourself and try it out, but be careful it will disable UAC.
I hope Microsoft fixes this little flaw and makes it more secure than Vista.  According to Microsoft though, they claim UAC functionality is “by Design“.  I don’t know if it is or isn’t but I do know that it could easily let more Malware into Windows 7 before it got enough people on board.  That is one of the reasons I don’t want Windows 7 Released now.  I don’t want this to become a failure in the minds of people.  I want to look back and see this being successful. Hopefully Microsoft fixes this and makes it even more secure in the future.