And the Oscar goes to . . . Not these guys!

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

A fan wants to Release Windows 7 Now : My Security Concerns

After reading about this from Kelly Poe) to find out the site he put up and I am quite impressed.    Here are few things that I am concerned about starting with the website.

I love the idea and all but I am quite concerned with the privacy of my email account.  I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.

Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account.   You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!

Now my main concern is Windows 7  right now and Security.   You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet.  It uses the the Ms 08-067 Exploit and currently Windows 7  does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.

Some current Threats in December

Win32/Mydoom.R

Win32/Mydoom.R is an e-mail worm for Microsoft Windows systems. Its file is approximately 28 kilobytes long, compressed by UPX. After decompression, its size is about 40kB.

Upon execution the form copies itself in the %windir% using the name java.exe. It also saves a file called services.exe there. This file is a backdoor component, that operates on TCP port 1034.

The following Registry entries are set to point to worm executables:

HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\JavaVM
HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services

The first entry contains path to java.exe, and the other points to services.exe.

According to the information on all the website in order to fix this you must use some anti-virus software.

WORM_AGENT.AHQV [Trend Micro], Dropper/Xema.189952.B [AhnLab], Dropper.Small.LQ [AVG], Trojan.Crypt.Delf.AC [Bit Defender], Worm.W32.Agent-1 [ClamAV], IRC.W.W32.ClickIt.D [Otros], W32/Trojan3.AS [Authentium], I-Worm.Agent.ez [Quick Heal], Win32.HLLM.MyDoom.134 [Doctor Web], Trojan:W32/Agent.GCK [F-Secure], W32/Basine.C [Fortinet], Trojan.Crypt.Delf.AC [G DATA], Trojan.Crypt.Delf.AC [Ikarus], Email-Worm.Win32.Agent.js [K7 Computing], Email-Worm.Win32.Agent.js [Kaspersky], Worm:Win32/Mytob.SD [Microsoft], Win32/Injector.BZ [ESET], W32/P2PWorm.AAK [Norman], Trojan.Delfinject.Gen.3 [PC Tools], Backdoor.Win32.IRCbot.apj [Rising], Mal/Basine-C [Sophos], Dropper.Delf.26624.B [Hauri], Email-Worm.Win32.Agent.js [F-Secure], Backdoor/W32.IRCBot.28160.C [Otros], AGENT.ARQB [PerAntivirus]

Disaster preparation 101 — Data backup

In this one I will talk about Disaster, it happens to all of us from time to time. A fire, a earthquake, a stolen laptop or any number of ways. So what happens to your data, is it stored on the laptop? Is it important very sensitive data? Could you get fired if you lost that data?

These are all questions you must ask yourself when you have laptop. How do you backup your data or even do you have a backup? Having seen this with my own clients, I must wonder if there are people out there who just don’t care. I had a client the other day who gotten a virus and this was a really mean virus. Deleted some very important files when you tried to clean the virus out. She called me in a panic because she couldn’t load up windows? I asked if she had any backups, she said “what’s a backup” . So I sat there discussing this with the client for over 20 minutes. Finally she started to understand, she said she had the OEM Backup DVD but nothing else. She also said she needed help with getting data off the computer. I told her that I would be able to come the next day and I was lucky the virus didn’t do anything else to her data. We were able to retrieve the data from her system. That is where I start my rant , Why would anyone not have backup of there most important data?

Removing Win32/Bagle.HE worm

Here is another virus that seems to be spreading lately.   From the looks of it, it sees to be another email worm.  Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

• Documents and Settings\All Users\Application Data\hidn\
  hldrrr.exe
• Documents and Settings\All Users\Application Data\hidn\
  hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.