Personal Antivirus just scareware

I was going through checking a site brought to my attention from a reader and I went there and yep he told me it might be scareware and it was:

If you click “Cancel” or “Ok” you will still get to this page:

It is on the Malicious site : http://maleware-live-pro-scanv1.com.  You can also see it tries to scare you with the tactic of  knowing your IP address and where you are in the world, it’s called Geo-ip Location.   It tries to convince you have a virus, but in reality it is just trying to scam you out of money.   Although if you go to the site you will see that there is no company information.  That is the first clue this is a scam or scareware.

Personal Antivirus gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices.   This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by.   This software is fake ware, it tries to tell you have a virus and that they can get rid of it.   In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question.   Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

MobileMe Who me? Could this be Phishing?

Casino Spammers still user Yahoo for Spam : Could this be Malware?

It just shows you just how one Geocities was taken down by Yahoo who owns it, the spammers have to come up with more ways to get you to download there software.

In my previous post about Casino programs,  They were using Geocities to host the page for the link to the download.

It seems to be linking to “http://bestwinscasino.com/SmartDownload.exe“.  From previous post I talked about what that program did but I wanted to do another test with CWSandbox and see what has change. It looks like they must be having problems lately,  So If you want to do your own test and send me the link by all means.  I don’t know what is going on but, it probably is like the other post about wanting to do some bad things.  Virustotal has some anti-virus programs flagging this so I am unsure of the Harmlessness of this file but I wouldn’t install this software.  According to Avinti this program is a trojan dropper.  So Iwill let you decide on installing this software or not.

Scareware sites to pop up with Swine flu epidemic

This was to be expected when it comes to something that most people are worried about:

I’m sure it won’t be long before purveyors of rogue anti-virus products begin using search engine optimization techniques around the term “swine flu” to drive people to sites that try to scare people into buying the worthless software.

[Via Security Fix]

I am sure myself that this will undoubtedly start showing up in SEO routines.  This will most likely be like the Pifts.exe scareware that popped up after the scare.

This is just a matter of time before  someone tries to either sale you something or trick you into watching a video that supposed to be helpful.  The Video will most likely try telling you need to install a fake codec or update Flash.

Your best advice is if you get to a site that wants you to install something just to hit the back button or close down your browser.   Never install software from a site you just game to without doing a little research.

Mebroot becomes More Stealthier!!

Well Here is something we should all be on the look out for:

Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

Mebroot inserts program hooks into various functions of the kernel, or the operating system’s core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn’t been tampered with.

[Via Pcworld Magazine]

I will be updating my Malware Resource for the Prevx Software, but this looks to be a very bad root kit.  From my understanding most of the security related software.   It seems this little program will become even harder to detect and remove.   It also looks like this is ready to start infecting people with this root kit.   You should update every part of your system from Windows Patches to Browser.  Securnia once said that most people are not patched fully!!  Just like the Conficker Worm, if your not fully patched and keeping anti-virus and Firewalls on your system then you might as well be walking on nails.

Securing your Windows Machines

After a Long day at work, you sometimes feel like there isn’t much you want to talk about. Then this idea comes to me? Why do people blog and why do people talk about security?

I’ve come to realize something, I’m not one who was grew up understanding bits from bytes. I grew up as any family does fighting with my siblings.

Having been blogging the past few years, it seems like only yesterday that I started blogging. Cliche I know but still very much true. Most blogs do what they know, I aim to learn and teach each day I blog. Like days like this when the world is pretty much quite and the remnants of the conficker worm dies to a rumble.

So how do you secure your Windows Machine?

After a day long battle with  my wife’s system, I grow to wonder if there is something I should do differently with how to prevent Viruses and Worms on her system.  So I’ve groomed my Knowledge base and come up with 5 good points when it comes to locking down your Windows Machines:

Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

Well, this had to happen sooner or later.  It looks like Powerpoint can be exploited with a Remote Code Execution.   So Microsoft today has issued an Advisory for KB969136.

In there post they say:

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren’t expecting either scan it good with a free anti-virus. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it’s an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don’t think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

Just Google Conficker and you’d be surprise

Countdown to March First is on it’s way or already depending on your location and People have been sending tweets about the 60 Minutes coverage of the Conficker:

As you can tell over the last week Google trends is showing a mountain of people looking for this information.  I am so glad the media has talked about this but it has mad a hysteria or frenzy of people trying to find information on this little worm or some are calling a virus.

Now I must remind you that Conficker.a, Conflicker.B, Conficker.C, and Conficker.D are the only worms or viruses out there and that you should really protect yourself from every virus because there are more viruses or worms out there than this one.

There are several Free Anti-virus options Available:

• Clamwin — I’ve been trying this one out over the past month and it seems to work just as good as the others.
• Avast Home Edition — AVG does better than this one but people seem to like this so I have to add this for people who like this better than the others.

Hotmail accounts get compromised!!

I received an email on a list and wanted to warn people:

Dear friend,
i would like to introduce a good company who trades mainly in electornic products. Now the company is under sales promotion, all the products are sold nearly at its cost. They provide the best service to customers,they provide you with original products of good quality,and what is more,the price is a surprising happiness to you! It is realy a good chance for shopping.just grasp the opportunity,Now or never!
The web address: http://www.nekcn.com

Seems this is being sent from Hotmail accounts. There are a number of ways someone could be getting a hold of your email address. According to Microsoft forums this seems to delete your email contacts and also send out this in the same time. This seems to be a new spam campaign for this one company. I would guess someone bought advertising from this company and the advertiser is doing some really unmoral things.

Let’s Clear this up — PIFTS.EXE

I just wanted to clear up some things about PIFTS.EXE.  I read a Most Interesting Article about this over at Bleeping Computers.  He talks about how tested this on his system and I’ll quote:

After reading about this file here and here, I asked around on BleepingComputer.com for one of our users to submit a sample of the file to me. Once I received the file, I ran it on a test box while running a file monitor, to see what it accesses, and Wireshark, to see what it does on the network. What I found was that the program appears to be quite innocent, and from the hostname it connects to, we could have guessed as to what it does. It appears that when you update Norton it connects to stats.norton.com and lets the server know someone has installed an update, what the update was, what program it was for, and whether it was successful. Now, I am not saying that Norton should be contacting one of their servers and reporting this type of information without a user’s permission or even knowledge, but there is no conspiracy theory between Norton, Google, Microsoft, African Nations, and little green men.

Fake Scareware Sites Popup after the Pifts.EXE Conspiracy

There Seems to Be a Fake site that are popping up today right after what happened with PIFTS.EXE. I just happen to Google it to see what people are talking about and this appears on the front page.

As you can see this leads to a server in Poland and once you go to it you see:

I will be reporting this to Phishtank. This is scareware which means  there is no real VIRUS because and you
Should never believe the screens when you see something like this. According to Wikipedia:

Some websites display pop-up advertisement windows or banners with text such as: “Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below.” These websites go as far as saying that a user’s job, career, or marriage would be at risk. Products using advertisements such as these are often considered scareware. serious scareware applications qualify as Rogue software.
[Via Wikipedia]

Conspiracy theories run rampent due to PIFTS.EXE

(Looks like some of this was a 4chan gag, check my other post about it)

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it. Here what I do know:

Here’s some information I pulled from my Zone Alarm Logs. Does this make sense to anyone?

2009/03/09 18:26:44 — New Program — PIFTS.exe — Destination IP: 67.134.208.160:80 — outgoing — blocked — Destination: ping.lifecycle.norton.com

2009/03/09 18:47:52 — Program Access — PIFTS.exe — Destination IP: — outgoing — blocked — Destination:

2009/03/09 18:48:28 — Changed Program — Windows Explorer — 207.46.248.249.80 — outgoing — blocked — Destination: sa.windows.com
[Via The Symatec Forums]

This indicates that the program tried to change tactics to go out on the net.  I look a look for this and it is SwapDrive.  So this must be an update to Swapdrive but I am unsure as to why it pops up that way.  The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP.  (It looks to my mistake in that little part, “to error is human” Check out this  post about it)  Although just recently Norton Decides to Delete that thread and people are really worried about why?  Is this a cover up of some sort because there is a exploit in the Wild that we don’t know about?  These are good questions that need to be answered.   Here is what one posted about this just after they deleted the forum thread:

I hate Snopes Spam

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

• Is it completely True?
• Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)

Rogue Fake Codecs on the Rise

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

You won’t make money from W32:Sality.ao

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

• PE_SALITY.JER (Trend Micro)

• Virus.Win32.Sality.aa (Kaspersky)

• Virus.Win32.Sality.y (Ikarus)

• Virus:Win32/Sality.AM (Microsoft)

• W32.Sality.AE (Symantec)

• W32/Sality-AM (Sophos)

• W32/Sality.AE (Norman)

• W32/Sality.AH (Panda)

• W32/Sality.AK (F-Prot)

• Win32.KUKU.a (Rising)

• Win32.Sality.OG (BitDefender)

• Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

PDF Zero Day Vulnerability in the Wild

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

Tech Journalist breaks the silence — Journalist got Pwned!!

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam

[Click Picture to see the full story]

As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

Internet Security Companies Warn about Patch Tuesday and Valentines Day.

With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

Apple’s Not immune after all

In a recent post from the San Internet Storm Center:

Apple

• APPLE-SA-2009-01-21 QuickTime 7.6: Multiple vulnerabilities all them referencing “arbitrary code execution”. (CVE-2009-0001, CVE-2009-0002, CVE-2009-0003, CVE-2009-0004, CVE-2009-0005,CVE-2009-0006, and CVE-2009-0007)
• APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component: arbitrary code execution. (CVE-2009-0008)

Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac’s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

Microsoft issues 1 Major update 1-13-09

Well it has been release Microsoft issued an update to the system:

Vulnerabilities in SMB Could Allow Remote Code Execution

Microsoft Security Bulletin MS09-001 – Critical (KB958687)

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This is one of those updates you really need to install as soon as you can.   You should also get a free firewall or buy one.  I looks to be a vulnerability in the ports and if you’d have a firewall besides windows you should be safe but that is besides the point.   If you are security congenious then you should install this update ASAP.  If your worried this will effect you system then you will need to backup your system before you do this update.  If you feel you’ve might of been infected with this Vulnerability you could always go get a free antivirus program and scan your system.  This is the sure way of fighting a Virus and making sure your safe, although people argue that Paid virus programs are quicker to be updated with virus databases, it’s all in the matter of preferences.

Inside Generic Pup.Z

Infection Methods:

Potentially unwanted programs do not self-replicate. They spread manually, often under the premise that they are beneficial or wanted. They can either be stand alone applications, or come bundled along with other PUPs, Trojans or Rootkits.

Installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs.

Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Ways to prevent Infection:

In order to prevent these types of infections you need to understand that most of the time it is something you thought was useful but yet has a virus hidden inside of it.   Some of the things you can do to remove the virus is:

• Get an Anti-virus
• Update the Database
• Try uninstalling any programs that you might of installed that might of installed this virus.
• Removal Instruction from McAfee that might help.

You need to remember about security and how to counter any virus installation by having a firewall and Anti-virus.  I have also put an e-store to better make use of anything I see on Amazon that might help you out.  If you want to visit it, click here.

Virus Handbook — 39.95$ Shows you the theory behind E-mail Virus.

Amazon reviews this book and says:

E-mail Virus Protection Handbook : Protect your E-mail from Viruses, Tojan Horses, and Mobile Code Attacks (Paperback)

The authors of this volume (and there are several) begin by explaining how and why e-mail viruses work–they point the finger mainly at software that’s designed for slick presentation of mail instead of for security, as well as at uninformed end users. Then, they begin to explain what various countermeasures, including antivirus software and firewalls, can do, and offer specific configuration advice. They also explore means of configuring popular e-mail servers and clients for maximum resistance to viruses. Overall, this book is carefully researched and should provide system administrators with the information–both practical and background–that they need to protect their systems from some of the more insidious threats around. –David Wall

Price: $39.95

If your like me and your curious how these viruses work. This book is good for those who want to learn how to fight or combat viruses that usually come with E-mails. You have to know why there are viruses and why you need Anti-virus software. Although I’ve only read some of this, it makes my head spin. I’d recommend people read it at least twice. This is good for technicians who have to fight with viruses a lot, will give you so many good ideas on how to combat them.

IE vulnerability in the Wild

Well this was bound to happen, hackers found this vulnerability and is using it for their own purposes. 

It seems they put a virus on your system.  Microsoft has issued an Recommendation and to check out Microsoft Security Bulletin MS06-055.

“What we’ve seen from the exploit so far is it stealing game passwords, but it’s inevitable that it will be adapted by criminals,” he said. “It’s just a question of modifying the payload the trojan installs.”

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

[Via BBC News]

I personally like to recommend a program that will do a better job at security and that is Firefox,  I also suggest people use the Thunderbird and not Microsoft mail program.  This will greatly reduce your likely hood of getting a virus or Trojan.   Most of the time hackers like to find new ways to infection to get into your system.  If you want to preven having a virus in the future, I’d recommend going to my Malware Resource and check out a good firewall and anti-virus.   This will prevent you from getting some of the viruses and other types of malware.

Tools for Virus Removal : The ones I like to use!

In this post I want to talk about virus removal tools that I like to use when I need to remove a virus.   Some thing to consider when using these tools are:

• Is it a Rootkit?
• Is it Spyware?
• Is it a Virus?
• Is it a Trojan?
• Is it a Worm?

Each of these have to be dealt with differently because each requires something different.  Like rootkits if you have one installed and know that it is a rootkit you only options are to download some rootkit removers like:

• Sopho’s Anti-rootkit remover –  This is good for those more known viruses and can remove several types of rootkits.   This isn’t the only one I use, but it is a part of group that does the rootkit removing for me.
• Microsoft Rootkit Revealer –  This is good for proving there is a rootkit.  I’ve not seen it not detect a rootkit.  Most of the time when I find a rootkit from the other rootkit revealers this one actually dos better with information.
• Panda Anti-Rootkit Remover — This one is another one I use when the other ones can’t remove it.  Each one does remove certain rootkit differently and works better than the other.

Internet Explorer still has a Vulnerability after Tuesday Patch!!

I just read this on several blogs and thought I’d share the details with you, it seems that Microsoft didn’t know there was a problem with this Bug/Vulnerability.   Computer world has a great article and  says this:

“The updates Microsoft released yesterday do not address this possible vulnerability,” a Microsoft spokesman said today in an e-mail reply to questions, “but I can tell you that Microsoft is investigating these new public claims of a possible vulnerability in Internet Explorer.”

[Via ComputerWorld]

I can only hope that Microsoft fixes this Vulnerability soon, I would take a guess that they will try to get this out on the patch cycle if not they will push it out after.   Some things to remember with IE(Internet Explorer) is only use it with Microsoft Updates.   I also Suggest downloading FireFox and checking out my Anti-virus and Anti-Spyrware Page for ways to prevent from getting a virus.

trojan.zlob removal tricks!!

Aliases:
Trojan-Downloader.Win32.Zlob.qyl (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzs (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzn (Kaspersky)
Trojan.Zlob.CPP (BitDefender)
Puper (McAfee)
SystemDefender (Symantec)

Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.

[Via Windows Live OneCare]

This one just popped up today on my radar it seems to be a very low threat on everyone’s radar according to my sources say “Trojan.Zlob.G is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page.”  So to remove this little Trojan you would want to download one an Anti-virus and firewall.   Once you install the software the program should fix the problem for you.   This one seems to be really easy to fix.   So Please read my post on how to better protect your self if you want to prevent this in the future.

Trojan.PWS.ChromeInject.A is not a Firefox plugin.

A new type of malware designed to harvest web passwords has been detected in-the-wild by BitDefender’s antivirus research labs. This latest e-threat – called Trojan.PWS.ChromeInject.A – is intended to be delivered onto a compromised computer system by other malware for subsequent download into Mozilla Firefox’s Plugin folder. Once installed it gets to work every time Firefox is started.

[Via Bitdefender]

So having seen this I thought I’d come up with ways around this to better protect yourself.  One way to prevent this from getting your sensitive data is to get a program like Sandboxie.   You could stop using Firefox that would be silly, because right now Firefox is more secure than Chrome and Internet Explorer.   I’d also suggest checking out my Anti-spyware page and Anti-Virus page and get some more protection.

The key to this virus protection is just be cautious of where you go and keep all you system update to date to prevent all this from happening.  It is also advisable to not have your passwords saved on Firefox, you should use something like Roboform, it is free  to download and try.  It will encrypt your passwords so if they don’t know the master password then they are out of luck.  Roboform is also good for coming up with some strong passwords.  Just some suggestions to prevent from people seeing your sensitive data, you don’t want anyone to get that data.

sinowal.trojan Problems.

Trojan-PSW:W32/Sinowal.CP drops and loads a password stealing component on the infected system and tries to steal account information from it. It also tries to steal information that is required to access certain online banks’ and online payment systems’ websites.

[via F-secure]

It seems to be a very hard virus to remove but there are ways to get rid of this virus.   Some tips and tricks to get rid are:

• Check out my Anti-Virus Page
• Computing.net
• The Geek Police
• How to Detect Sinowal

This are the beginning steps to get rid of a Virus but it will be a really hard virus because it wants to stay in your system.  You should also Restart in Safe mode and Try to remove that virus that one.   You will also want to disable your system restore due to the fact that it will be in there and might come back if you restore your system.  Just some simple tips to help keep you safe on the net.

Apple’s Immunity, Botnet sanctuary.

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

Everything I’ve seen suggest that virus writers and Malware writers will MOST likely start targeting the Mac OS X, they know Apple sense of security is Vulnerable to attack and they will exploit it more and more. So what does that mean for Apple, it just means that soon every hacker who has a botnet will want a piece of the Apple Pie and is right now.