Another Facebook Phishing going on again! (fbaction.net)

By Paul | Apr 29, 2009
Comments Off

facebookphish1

(Click image to enlarge it)

It looks like site fbaction.net (Don’t go there) is a phishing site for people today.  It looks like it would send out an Email with the Title being “hello’” and a link to this website.  This is being sent from people friends and should not login to Facebook through this site.  Remember the other Phishing sites that happen with Facebook.

Someone is wanting your password to either spam others or to use it for other nefarious means.   For the time being anyone sending your a link should be sent through facebook and you will examine them one at a time.   You should not got this site.

Some other things you can do if you have done this is to reset your password.  You could also change it manually but you might not be able to use your current password because the Nefarious person has changed the password.  This will allow you to change the password without the current password.   You should also consider using a good Password Manager, this will help you identify a fake Facebook site really easily.

Hijacked Accounts being used to spam

By Paul | Apr 29, 2009
Comments Off

I just read this from Security Fix and Thought I should talk about it some to better help people fix this:

Dear Friend,

New shopping new life!

How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.

Look forward to your early reply!

According to Security, they are advertising the Easylifeing.com domain and have compromised GMAIL and Yahoo Mail.  This resembles the ones that happen to some other Accounts.   Check Yahoo article and the Hotmail Article for other example of compromised accounts.

Adobe PDF Zero Day Warnings : Experts agree

By Paul | Apr 29, 2009
Comments Off

All the Security experts online are talking about The 2 Zero Day Adobe Vulnerabilities:

As you can see this seems to be one of those Adobe problems we had in the past with Javascript.   They seem to be having a major problem with Javascript vulnerability and the old saying is to just to disable Javascript in PDF’S again.   Adobe is calling this a Potential Adobe Reader issue and is suggesting that the users disable Javascript until this is fixed with a security update.

This is mostly affect the corporate world more than the private sector because of the fact corporate world will use PDF by sending them through emails.   I suggest installing another reader and these are all free.

Be advised the vulnerabilities affects Linux, Windows, and Macintosh systems.  This will most likely mean that even Macintoshes could be used to create even more botnets and will need to disable there Javascript until this issue is fixed or maybe they would like to find another reader themselves.  This also goes for Linux users but I have not heard of anything in the wild yet.

Don’t forget to install some free Anti-virus and Free Firewalls to help protect your system from becoming a botnet.

Microsoft sends out KB955430 to get ready for SP2

By Paul | Apr 28, 2009
View Comments

kb955430

This looks like it is to help with some problems with other issues of updates that they have been having.  I am unsure of why they are wanting to install this update but it doesn’t look to be harmful.  I am betting this is to fix a flaw that has been exploited by the warez community to make them either pay for there copy or go with another OS.   For the one fact that this “will enable future updates” and “This update may be required before selected future updates can be installed“.

I went to  KB9555430 support page:

Updates to the Windows Vista and Windows Server 2008 installation software are included in this update. The installation software is the component that handles the installation and the removal of software updates, language packs, optional Windows features, and service packs. This update is necessary to successfully install and to remove Windows Vista SP2 and Windows Server 2008 SP2 on all versions of Windows Vista and Windows Server 2008. This update is not necessary to successfully install the service pack if you install the full file version of the service pack. The full file version of the service pack includes this update.

Scareware sites to pop up with Swine flu epidemic

By Paul | Apr 27, 2009
Comments Off

This was to be expected when it comes to something that most people are worried about:

I’m sure it won’t be long before purveyors of rogue anti-virus products begin using search engine optimization techniques around the term “swine flu” to drive people to sites that try to scare people into buying the worthless software.

[Via Security Fix]

I am sure myself that this will undoubtedly start showing up in SEO routines.  This will most likely be like the Pifts.exe scareware that popped up after the scare.

This is just a matter of time before  someone tries to either sale you something or trick you into watching a video that supposed to be helpful.  The Video will most likely try telling you need to install a fake codec or update Flash.

Your best advice is if you get to a site that wants you to install something just to hit the back button or close down your browser.   Never install software from a site you just game to without doing a little research.

Reviewing the Cricket A600 RF Connector

By Paul | Apr 24, 2009
Comments Off

359921 - Cricket A600

359921 - Cricket A600 Connector

I also got two types of Antennas for this connector, ARC-FR0803R30 and AA-012 – Dual-Band Mini Magnetic Mount Cell Phone Antennas. Thanks to Wpsantennas for the chance to review them. I’ve found them to help reception and increase the response to load website. I also gained easily 1 bar of signal but in some cases I could gain 2 bars of signal with the ARC-FR0803R30. This product is useful because it can be used as an directional antenna and if you know the Cell towers and you can aim it, that way you get better signal.

I used the AA-012 around my area while my wife was driving and it helped keep the reception steady and not make it sluggish when you move from on tower to another. All in all, I find the Antennas from Wpsantennas.com to help signals. They have a full range of Antennas to use and also they have Amplifiers that will boost your signal, in case your on the edge of Cricket Broadband. This would give you a better chance at getting on the internet. The AWS (1700-2100 MHz) amplifier available yet but they assure me that they will be the first one to have it. I can’t wait to go on a long Highway drive and check out the Aa-012 on the Highway. In case you would like to know where the RF connector is just check out this post

Zango Shuts it doors for Good!

By Paul | Apr 23, 2009
Comments Off

In a post I did a few weeks ago about Zango and Mythbuster,  I talked about how the site wanted you to install Zango but Now it looks like they aren’t doing that anymore.

Although this isn’t unexpected by me because of the need to have a way to check the affiliates sites and installing some where even exploiting a vulnerability in Windows to install the software.   Some would call this a Notorious Adware Vending and I tend to agree in a quote from Computerworld:

Zango’s Smith saw it differently. “The bigger problem was that the vast majority of our installs received inadequate consent: the user technically had an opportunity to decline the install, but wasn’t presented with enough information to make an informed choice,” he wrote.

[Via Computer World]

In a blog Entry from Ken Smith the former Co-founder of Zango talks a lot about what was the prime reasons for the downfall of the Zango Name.  The Demise of Zango isn’t one that we will ever truly know the reason for the downfall but I am for one glad this Adware site is down for good and according Graham Cluely blog post so his.  Graham raises a glass and I say “Here here!!”

Suicide Threat Prompts Twitter users to Respond

By Paul | Apr 21, 2009
Comments Off

I saw this and had to talk a little about it:

suicidethreat1

As you can see people would worried about the Twitter Liquidwings, and I don’t blame them.   According to his post:

suicidethreat2

As you cans see is tweets (1,2,3,4,5,6, and 7) was posted on twitter  and people responded with the reqeust to find this person and try to help.   I hope more people do this if they find that someone is wanting to kill them or talks about killing people.

we should all be watching for that kinda of talk online and offline.   Although this isn’t really Security related this is a very important subject.

Please report any thing you think is real to @twitter And hopefully they will create an account for just that.   I would hope that people who thinking of suicide or killing will find professional help.   Although that is up to them to do ultimately.   I just have to say to the people who responded, Thank you for help this one person!! Keep it up.

A look behind SmartEcard.COM

By Paul | Apr 20, 2009
Comments Off

I saw that Graham Cluely Blog talked about the front page and How this ws used on twitter but Most people who did the IQ test still need to fix your Cell Phone account:

smartecardtest

If people didn’t scroll down in the other windows you would of never know there was something you need to watch for.  After you do the 5 questions , you will see this:

smartecard3

then you enter that information and hit continue and it comes up with this:

smartecard2

As you can see the people who put in there Cellular Numbers will want to send an text Message with STOP to short code 86455.  It looks like this is a Subscription service where you pay a monthly for something like this and that you don’t need it.   I would guess somehow someone is getting money for each and every person who signs up.  This is most likely a Commission based and the person tried to get people to sign up through the website by saying you have a Ecard or some other thing.

What would you do? No Electricy, No Phone, No Internet?

By Paul | Apr 17, 2009
Comments Off

World Net Daily published an Article that really made me think.

What would you do with your website if we had no Electricity?  That is a valid question?  Would it pay for itself or would you loost your domain and all because you couldn’t pay the website bill because you had no way to pay?  Just like Discovery, Mastercard, and Visa credit cards would become useless because there would be no way to use them in today’s technology.

If we had a Electromagnet Pulse explode over your country, there would be no clean water, no gas, no electricity, and you’d have to walk everywhere.   Plus this would cause industry to screech to a halt.   There would be no more food coming in for stores or packages being delivered.

It represents what MacGyver the show once talked about crippling the entire city.  The episode was Called “Easy Target” and was produced in 1989 quite a few years ago but still shows just how people have been talking about this for quite some time.

This all stems for the Doomsday Scenario, in which we all would have to struggle to live for several months or over a year.  Do you think you could survive that?  I ask these questions to make people think and come up with your own answers.  I’m going to buy the book and read it just because it is though provoking!!

Are you seeing the fail whale — Oprah to Kill Twitter!!

By Paul | Apr 16, 2009
Comments Off

I found Oprahs twitter account and this isn’t funny, every time I refresh her account it keeps getting bigger!!  I was going to search for her and I see this:

twiterfindpeople

According to people on twitter that she will talk about Twitter tomorrow, April 17, 2009.  So what does that mean there will be a whole influx of people joining Twitter and people following her so I would imagine tomorrow and the next few days, you will see the great white whale!!  Twitter will be sluggish and possible unresponsive the next few days also.

(USB Broadband A600 Modem card for Free after Instant online rebates and Mail in rebate Free shipping & first month free! Shop today.)

You best bet is not stress Twitter out to much but I am curious to see if this actually breaks Twitter.  Only time will tell but I am sure going to keep watch on this just because this is big news!!

*Update*
From the tweets I am seeing this all stems from:

ashtonkutcher

Just to let you know he has 977,307 as of current but that should change.  So this will be rocking Twitter tomorrow guys!!

A600 has an External RF Antenna

By Paul | Apr 16, 2009
Comments Off

After someone makes a comment on disqus about there being an external antenna plug and I found it:

As you can see the External antenna connector is on the back of the a600, I have talked to someone who says he thinks he knows which ones will work but I wanted to let people know who only have a bar who wants a better connection. I will be testing out some stuff later on next week and will post about it and how much of a difference they make in long run.

If you want to see it for yourself just take the rubber piece off the back right near the Cricket name, it looks to be easily taken off and put back on. I just used my fingernails to get it off, so it should be really easy to do!!

Mebroot becomes More Stealthier!!

By Paul | Apr 15, 2009
Comments Off

Well Here is something we should all be on the look out for:


Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

Mebroot inserts program hooks into various functions of the kernel, or the operating system’s core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn’t been tampered with.

[Via Pcworld Magazine]

I will be updating my Malware Resource for the Prevx Software, but this looks to be a very bad root kit.  From my understanding most of the security related software.   It seems this little program will become even harder to detect and remove.   It also looks like this is ready to start infecting people with this root kit.   You should update every part of your system from Windows Patches to Browser.  Securnia once said that most people are not patched fully!!  Just like the Conficker Worm, if your not fully patched and keeping anti-virus and Firewalls on your system then you might as well be walking on nails.

Dear Friend Spam Emails from Yahoo

By Paul | Apr 15, 2009
View Comments

The email from our old friend has come back into now compromising Yahoo accounts by sending out this email:

Dear friend:
What are u doing these days?I am going to recommend a Eshop to you.Yesterday I found a web of a large trading company from China,which is an agent of all the well-known digital product factories,and facing to both wholesalers, retailsalers,and personal customer all over the world. They export all kinds of digital products and offer really competitive and reasonable price and high quality goods for their clients,so i think you will make a big profit if you did business with them.And they promise they will provide the best after-sales-service.If you are interested to do business with them,in my opinion, you can make a trial order to test that.
Their Web address: www.nekcn.com

In what seems to be the way of this advertisment company, it seems they have been doing what they did with Hotmail.  Deleting your contact list and emailing your friends with this message.  Now I am thinking it is being done by them Phishing for the password and Account name, they probably set up an web page to look like Hotmail or Yahoo.  One thing to remember to do is check to see that you address bar looks like this:

Patch Tuesday List for April 14, 2009

By Paul | Apr 14, 2009
Comments Off

So Microsoft has released the patches for April and here they are:

  1. Vulnerabilities in Windows Could Allow Elevation of Privilege (KB959454) — This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
  2. Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (KB960803) – This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  3. Cumulative Security Update for Internet Explorer (KB963027) — This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker’s server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Small Towns are breeding grounds for Computer Viruses

By Paul | Apr 14, 2009
Comments Off

I grew up in a small town, at the time the population of the town was like 29,000.  That isn’t really that small some of you might say, you’ve probably gone through towns that only had 500 or 100 people in it.   Which brings me to my point, Small towns are always going to be behind large towns in technology.

Most of us who have worked on computers or even been in the field for some time knows how hard it is to explain to the uneducated why they need to keep their systems up to date.  It gets really hard explaining to companies in small towns why they need to worry about security.   You try to explain this to a company Representative and you see t he glassy eyed stare that tells you they aren’t even listening anymore.

I’ve been debating talking about this post from the Washington Post, Security Fix.  Now the reason I’ve been having trouble is that the article talks about a town that I grew up, I think of this town as a hometown for me.  I remember Hopkinsville, Ky as a great experience, because the teachers at my school was not comfortable with the computer nerds.  Most of the time, I am sure they felt woefully uneducated about computers.

Mikeyy Worms stills going around Twitter

By Paul | Apr 13, 2009
Comments Off

It seems Mikeyy has spawned a new and improved little advertisement:

Twitter, hire Mikeyy! (718) 312-8131 :)

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won’t direct you to it. I just hope this doesn’t keep up to much longer. If you’ve been infected with this worm I would refer to my other post about removing the worm. I do know if you aren’t logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.

StalkDaily.com was the culprit afterall!!

By Paul | Apr 12, 2009
Comments Off

In my previous post, about StalkDaily I thought they were the innocent party in all this:
stalkdaily3

Now he talks about how he did this and claims responsibility for the Twitter calamity. According to him he did this out of boredom, and needed a way to make money. I am wondering if Twitter will do some legal actions against him for the time it took to fix the problem and fact that it caused so much widespread panic for people to not trust Twitter makes me think that Twitter would have a real good case against a 17 year old who was trying to gain the system.

Then the people who have lost followers or have had problems with their twitter are going to be mad to, They were the innocent party and did not know about the Cross Site Scripting Vulnerability, although it doesn’t appear to have gotten any passwords or sensitive data.

Although It does prove a p0int that the no script addon in Firefox is looking to be more and more needed as people search through the web.

Stalkdaily worm strikes Twitter — Brings down the House!!

By Paul | Apr 11, 2009
Comments Off

twitter-stalkdaily

According to Techcrunch, this seems to of happened today where this worm has brought down twitter. I have been using the Twitter Client Tweetdeck and have not had any problems like they have had with this site. I wouldn’t visit the site in question because you would most likely get the worm. It seems to be a very good hack it sends out spam on your twitter account like this:

stalkdaily1

If you have been infected twitter is suggesting you password reset and requesting a new password. Some other removal information can be found here. I will update as necessary when I find out more.

*Update a Few hours*
It looks like Twitter had a Cross Site Scripting going on, and it wasn’t really Stalkdaily who did it rather someone injected code into twitter to grab peoples browser Cache. See this post for more information.

According to watch I am seeing Stalkdaily is now safe to surf to as long as you don’t click on links on twitter just yet. I have found that if you make sure you aren’t logged into twitter in your browser you are much better at preventing this type of attacks. You can see the screenshot of stalkdaily website and it looks like they are an innocent party.

stalkdaily2

Online Episodes helps Adware Installer Zango

By Paul | Apr 11, 2009
Comments Off

I was surfing the web hoping that Mythbusters would start putting there episodes online and I the first link that I get a website that looks like this:

mythbusterzangosite

This site even has the Theme music playing as if it was affiliated with Discovery Channel’s Mythbusters show.   If you look at the screen shot above you will see who someone has been keeping this site updated with the most current episodes of Mythbusters.   So I check out The Season 7 Episode 1 – Demolition Derby Special and I was curious as to what would happened if I clicked that link, and this screen pops up:

mythzango1

So I have to install this Zango Software to view this show?  So I find out go doing my research about Zango and Wikipedia says:
Zango, formerly ePIPO, 180solutions and Hotbar, produces software that provides access to partners’ games and DRM-restricted videos and software. Zango software is listed as adware by Symantec.[1] McAfee states, “this program may have legitimate uses”, but describes it as a “potentially unwanted program”, and an “adware downloader”

[Via Wikipedia]

I didn’t like the sound of this but I wanted to see what my AVG would say when I downloaded this software, and it pops up with:

Conficker Gets a new Look : Spyware Protector 2009

By Paul | Apr 9, 2009
View Comments

Looks like the Conficker Worm has changed directions according to Viruslist:

One of the files is a rogue antivirus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido, detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[See Pictures of website at Viruslist.com]

From my understanding of this worm, it seems to be trying to scareware tactic trying to get you to pay $49.95 to remove these threats. F-secure has also seen this worm and thinks this is doing what the Waldec virus is doing by becoming a spambot. According to Eset, the botnet is larger than most and this could create a problem in the future.  It seems that it used the p2p to distribute this update so they could bypass the domain blocks that were in place.

I will tell you this, if you get the warnings you are infected by all means go to my Malware resource page and do a scan from the trusted sources.   I will update as I get more information on this little development.

Microsoft released April Patch list for Patch Tuesday

By Paul | Apr 9, 2009
Comments Off

aprilpatchtue

To see what systems are affected please see the bulletin for further details.   Some of the updates have to do with IE 6 and IE 7, maybe it is time to update to IE 8.  It looks like if you update to IE 8 you will not have to worry about the Remote Code Execution.  There also seems to be a remote code execution for DirectX 9.0A, B, and C.  This however doesn’t affect DirectX 10 and if you have a Vista machine please consider updating to DirectX 10.

The other one is a MSDTC program that has a vulnerability of Elevation of Privileges that needs to be fixed.  There will of course be more than this for April but these are the ones that Microsoft has determined to be release for Tuesday.  There are going to be at least 8 Different patches for Windows XP, and some For Vista.  Some will be only for XP and others will be for XP and Vista.

Then Microsoft Internet Security andAcceleration server will have an update to prevent a Denial of Service attack.  This will be needed to patch on the server side as soon as possible.  Then there is the Excel Remote Code execution that needs to be fixed.  It looks like CVE-2009-0238 is the one that this is being patched for but this is only a guess.

Now is the best time to get Autopatcher ready for this update because this will be quite a big update.  You should also update your anti-virus software and Firewall.

Electric Company fear Mongering gone wrong!!

By Paul | Apr 9, 2009
Comments Off

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

Spam Messages go out with Fake Conficker Alerts

By Paul | Apr 8, 2009
Comments Off

Sopho’s blog is reporting:

This past weekend, SophosLabs noticed a new “Conficker” theme in the content of these spam messages. Instead of saying there is a critical windows update that needs to be applied, they say that “your Internet company” believes you to be infected, and to click the link to scan your computer

[Via Sophos]

As in previous post about fake Anti-virus Software sites trying to scare you into sending them free money.  You should always be cautious when it comes to these sites that make you think you have a virus.  Some things to consider when you visit sites that are claiming you have a virus:

  • Is this a true anti virus company?  If your unsure you can always google the company to better help you determine if this a fake site.
  • You also should consider going to the real deal on anti-virus there are several different companies that I know of off the top of my head but it should always be one that is not a fly by night type of anti-virus company.   The real companies have people and resources watching for the latest viruses, and other Maleware.

According to Sopho’s the Maleware site is detected as Mal/FakeAV-AH with there system.  Remember you don’t always have to buy anit virus software there are several good free versions out there that do a pretty good job at defending against a virus, Trojan, or a Computer Worm.  If you feel you might have a virus you can do a free anti-virus scans to make sure you are not infected.   I also suggest having a firewall installed if you have not done that yet, that will also greatly help prevent a virus or worm but remember you are the last line of defense with Maleware!!

Securing your Windows Machines

By Paul | Apr 6, 2009
Comments Off

After a Long day at work, you sometimes feel like there isn’t much you want to talk about. Then this idea comes to me? Why do people blog and why do people talk about security?

I’ve come to realize something, I’m not one who was grew up understanding bits from bytes. I grew up as any family does fighting with my siblings.

Having been blogging the past few years, it seems like only yesterday that I started blogging. Cliche I know but still very much true. Most blogs do what they know, I aim to learn and teach each day I blog. Like days like this when the world is pretty much quite and the remnants of the conficker worm dies to a rumble.

So how do you secure your Windows Machine?

After a day long battle with  my wife’s system, I grow to wonder if there is something I should do differently with how to prevent Viruses and Worms on her system.  So I’ve groomed my Knowledge base and come up with 5 good points when it comes to locking down your Windows Machines:

Hackers Jump onto Power Point Exploits : KB969136

By Paul | Apr 3, 2009
Comments Off

In my Previous post, we talked about Microsoft Advisory for KB969136 and the exploit was in the wild.  It looks like Trend Micro has published some new spam attempts to get the users to open up the Maleware for them to deposit TROJ_PPDROP.AB onto there systems.

Trend Micro has some screen shots of the most common Fake Presentations for you to see just how they try to get you to open the file.

Although these are some common tactics for  attackers to use such as  nude pictures, Earth Hour, or Celebrities without Makeup,  users who don’t normally use PPT should check the files out before you load them.  You also should remember to save them to a file and scan them with your Anti-virus software, also it wouldn’t hurt to have a firewall software.  It looks like these exploits tries to connect to the internet and you might be able to find out by the request from the firewall.

According to Internet Storm Center, the CVE place Holder for this is CVE-2009-0556 and hasn’t become live yet. I do not think they will release that information until they get a chance for Microsoft to patch the systems.

Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

By Paul | Apr 2, 2009
Comments Off

Well, this had to happen sooner or later.  It looks like Powerpoint can be exploited with a Remote Code Execution.   So Microsoft today has issued an Advisory for KB969136.

In there post they say:


At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren’t expecting either scan it good with a free anti-virus. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it’s an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don’t think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

Conficker maps of US!

By Paul | Apr 2, 2009
Comments Off

conficker_us_map

The Conficker Work Group has been busy the last few days compiling data of where the Conficker Worm is in the world.  I am just showing one of the many pictures they have compiled.

Now I must say this isn’t entirely accurate, but it gives a good impression of how many computers in the US have been infected and still need to be removed.   Giving that most of these are business that haven’t updated there Windows Machines, this isn’t surprising.  So I am guessing that if this map is close to what we expected, some of the companies didn’t do anything about Conifcker during the hype.

That being said, I would like people to answer this question?  Has any technicians had to disinfect systems that had the conficker worm?  Are you seeing a rise in repairs, in regards to conficker related problems?

I was look around there website, the Conficker Work Group, and I stumbled on a really good resource.  It is called Conficker Eye Chart.  If certain images don’t load then you might be infected.   If you want to find out if your infected go check the chart out for yourself.

The Register Goes down, People are asking is it the Conficker Worm?

By Paul | Apr 1, 2009
Comments Off

twitterregister1

I’ve heard stories from other Twitter Folks about it being Denial of Service attack:

twitterregister2

Now it is possible to have Conficker to all botnets to try to go to the site but I am not certian it is the Conficker.  It could be as simple as someone misconfigured a server and no one can get to it.  People who want to check out what people on twitter are saying can search for it and see for yourself.    I’ll update as needed when I find out more, but it will probably be a couple of hours before the site is back up, according to some reports.  I’ll know more later today, so keep tune.

Update at 6:30pm EST

We speculate that the source of the problem may have been a large scale Denial of Service attack against UltraDNS, or an internal operations problem. When we were able to sucessfully query UltraDNS servers, responses were slow to come back, or largely timed out. The problem began to clear itself up around 10:00 am Eastern, when we saw DNS responses returning quickly again, and our favorite sites coming back online.
[Via DynamicNetwork Service Inc.]

So it Is April 1, 2009 Now What?

By Paul | Apr 1, 2009
Comments Off

So you survived the April Fools Joke that most people were talking about. Are you more Mindful of what a Virus is and how to best defend against it.  If not let’s go back in the past and talk about some of the necessary Programs:

  • If you haven’t already installed a Free Anti Virus, this would be the time to.  Also install a Firewall to better protect you.
  • Never install any software from unknown site — This is most important even though they seem harmless enough there are sites that have fake adobe updates or even flash updates that will install Maleware into your system.  So if you have any doubt should visit the main site like Adobe.com to check for updates.
  • If something scares you, count to ten –  That is very useful when it comes to scareware sites that like to scare you into buying there fake anti virus software that doesn’t do anything.  I say count to ten because by the time you did you will go looking for information on either that site or that warning and come to the conclusion it was scareware.

Bad Behavior has blocked 887 access attempts in the last 7 days.

© 2009-2010 Tech-Linkblog.com All Rights Reserved -- Copyright notice by Blog Copyright

Tech-Linkblog.com is Digg proof thanks to caching by WP Super Cache

© 2007 Tech-Linkblog.com and Hosted by Justhost and domain through Godaddy, - WordPress Themes by DBT -- Who links to my website?