List of scareware sites for Oct 23, 2009

By Paul | Oct 22, 2009

Comments Off

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4047):

mypc-scanner11.com
mypc-scanner9.com
mypc-scanner7.com
yourmalwarescan9.com
yourmalwarescan1.com
yourspywarescan8.com
yourspywarescan1.com
yourspywarescan6.com
yourspywarescan15.com

Rogue Antivirus scareware sites:

windowsenterprisedefender.net

Fake Scanner Pages:

myscanonline.info
theprotectour.com
securedataprotect.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Malware Sites for Aug 14, 2009

By Paul | Aug 14, 2009

Comments Off

secure-spyware-scannerv3.com (Personal Antivirus Scareware Site)
secure-antispyware-scanv3.com (Personal Antivirus Scareware Site)
best-virus-scanner.com (Personal Antivirus Scareware Site)
homeantispywarescan.com (Personal Antivirus Scareware Site)
livetimeprotectionscan.com (Personal Antivirus Scareware Site)
beeves.info (Internet Antivirus Pro Scareware)
securitytoolworks.com (New Rogue Total Security Antivirus)

These sites gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

By Paul | Apr 2, 2009

Comments Off

Well, this had to happen sooner or later. It looks like Powerpoint can be exploited with a Remote Code Execution. So Microsoft today has issued an Advisory for KB969136.

In there post they say:

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren’t expecting either scan it good with a free anti-virus. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it’s an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don’t think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

Brace for Impact, Brace for Botnet! (Conflicker Worm)

By Paul | Jan 24, 2009

Comments Off

The Worm that has infected 6% of Personal Computers is starting to build into something totally different. According to some Researchers, they are saying this has to happen soon. And I’ll quote:

In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.

[Via F-secure]

Although this sounds like it has stopped, I don’t think so I am sure the worm will get even bigger. I don’t think it has been curbed we might have a rest period before the Worms tries again.

“Why is it taking so long?” asked Huger. “That’s what we’re all asking.” He couldn’t recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.

[Via PcWorld]

Now We know this exploit is being patched as quickly as possible in some areas of the industry but that leaves the question? What isn’t being patched, I am guess the next stage of this worm is mutant into a new worm much like the way it tries to communicate to download new software or instruction. I believe it will be using a newer exploit so that it can infect even more computers. I also think it will be a botnet and so does others.

Admins are shaking in there boots due to the Ms 09-001 Patch

By Paul | Jan 14, 2009

Comments Off

I have to talk about this because this is a big deal. According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems. According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials. The virus does not need to know any passwords or user names to gain access. Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

What is a Virus and Why do I have one

By Paul | Dec 12, 2008

View Comments

After seeing more and more the updates coming from the net. I wanted to talk about what a Computer Virus or Trojan is and how you get it. So how did you could of gotten a Virus in the first place. So here are some information to consider:

The vulnerability of operating systems to viruses

So what does that mean to you? Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit.

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit. Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems. You see if they can get on one system they can then find ways to get on other systems.

The Important Windows patches Released Today

By Paul | Dec 9, 2008

Comments Off

As many of you know we talked about the Non-critical patches that Microsoft will release today. IF you want to read those please go and check it out. I’ll be talking about the REALLY important ones that Microsoft has kept tight until now. These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

KB955839

KB957388

KB890830

KB905866

These are just the tip of the iceberg. although this list are not A lot. I’d wanted to let people know about what people coin “Exploit Wednesday“. I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible. Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates. I don’t suggest testing it more than a couple days. Here are some good Virtual Machine software to try out yourself:

Apple’s Immunity, Botnet sanctuary.

By Paul | Dec 3, 2008

Comments Off

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

Everything I’ve seen suggest that virus writers and Malware writers will MOST likely start targeting the Mac OS X, they know Apple sense of security is Vulnerable to attack and they will exploit it more and more. So what does that mean for Apple, it just means that soon every hacker who has a botnet will want a piece of the Apple Pie and is right now.

Some program Vulnebilities Detected!!

By Paul | Nov 25, 2008

Comments Off

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Vista has a new Vulnebility!

By Paul | Nov 20, 2008

Comments Off

According to Techworld.com, Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit. The talk from them is quite intriguing. I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista. Now we all know that Microsoft will release a patch quicker than 6 months away. According to this article, people are already looking for the exploit and want to know more about it. I would be willing to bet they will have a patch out sooner than later. Probably January or Febuary, which will be a big deal because no one will expect it. I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch. So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

Windows update is getting a revision!

By Paul | Nov 2, 2008

Comments Off

According to Computer World, dated Oct 31, 2008 and I’ll quote:

“Over the next couple of months, we’ll be rolling out another infrastructure update to the Windows Update agent (client code),” said an unidentified Microsoft employee on the Windows Update team’s official blog. “This update makes it possible for users to install more than 80 updates at the same time.”

[via Computer World]

Now if your like me and have several computers who need to be updated at a given schedule, you sometimes worry about these updates that come along that might just break your system. I have been using a program call Offline Updater, which does what Autopatcher does really nicely. So why is Microsoft sending out this patch? Two reasons, one they want you to be able to update your operating System without hurting your system integrity.

Now lets talk about the integrity of having to reboot your system. You see, every time you reboot the system, it causes the system hardware some strain. It is something like having starting up a car, sooner or later you will have the starter go out, because of to much start up.

Microsoft Releases MS08-062 to the Public a Month Early!

By Paul | Oct 29, 2008

Comments Off

Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (KB953155)

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

[via Microsoft Bulletin]

Now from what I understand, if you have a Network attached printer on your system this would make you more vulnerable to someone taking control over your system. So this patch is supposed to fix that. I am recommending to all to update this and fix this update ASAP. I do not know if you don’t have one what that would do so just install this update, because you will undoubtedly still be runing the Internet Printer Protocol even if you don’t have a printer.

Digg exchange gang busted !

By Paul | Oct 3, 2007

Comments Off

I was just surfing the DigitalPoint Forums today as usual when i saw something going on there. Some people starting frequent threads with titles similar to “Selling DiggBoss Points”, “DiggBoss Invites for free”. Find all of them here . I had a quick look at it what is this DiggBoss actually ? I took a invite from a guy there who sent me a link through PM to a site with URL http://www.diggboss.com. I was confused initially, but after I registered and logged in there, i was shocked to see whats happening. So many people, almost 100+ trading diggs and stumbles there. All they do is, look at the stories listed there and digg them. It works in this way – when a person diggs one story he gets one diggpoint. He can increase his diggPoints this way. When he has enough diggpoints, he can submit his own story and it will be listed there to be dugg by the other members. The system was working perfectly for both digg and stumbles. Not only this, i also find many people collecting diggpoints and selling them there for prices like 5$ for 30 DiggPoints. I thought of giving it a try to see whether it really works or not. I made a sample story and submitted it to digg. Find it by clicking here. purchased around 100 digg points from a guy there. I then added this story to the diggboss campaign, and the system showed they will trade me 50 diggs for 100 diggpoints. I submitted and waited for a few hours. WoW ! 50 diggs and it got the ball rolling. One after the other, it broke around 121 diggs and made to homepage for a few mins (the story was a bit funny, so it gots some natural diggs later). It made me around 1200 unique hits to my site.