I got this email from a local classified. I have since contacted the classified agency to suggest they make it harder for spammers and malicious code writers harder to email me this is what was sent to my email box though:

From: jbosswlltng16@commportal.biz

If you need additional income, we have an open position as a local representative in your area, learn more at: www.getajobfromus.com , your access code is XXXX-XXXX-XXXX-XXXX

I tried to go the website but this is what AVG popped and said:

Obviously with the economy being such a low spot, the malware authors are using this for their nefarious reasons.   I did some research and on one Avast Forum they even talk about this one site.  I must say you should keep your system up to date by updating Windows and also getting some good Antivirus Software to prevent yourself from getting in this type of trouble.   If you went to this site and didn’t know better, I would recommend downloading one these applications and doing a full scan:

Download SUPERAntiSpyware

Download Malwarebytes

Please be safe and don’t go to sites without some kind a of protection. This is one way to be more web safe and not get in this type of trouble in the future!!

Have a Good Friday, See you Monday!!

©2010 . All Rights Reserved.

• mypc-scanner11.com
• mypc-scanner9.com
• mypc-scanner7.com
• yourmalwarescan9.com
• yourmalwarescan1.com
• yourspywarescan8.com
• yourspywarescan1.com
• yourspywarescan6.com
• yourspywarescan15.com

Rogue Antivirus scareware sites:

• windowsenterprisedefender.net

Fake Scanner Pages:

• myscanonline.info
• theprotectour.com
• securedataprotect.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Rating:

Advice : Make sure your system is free from any more malware, Trojans, or Viruses that are hidden. You may need to install this software after you boot in to safemode, it is also advised to scan in safemode.

Download SUPERAntiSpyware

Download Malwarebytes

©2010 . All Rights Reserved.

• secure-spyware-scannerv3.com (Personal Antivirus Scareware Site)
• secure-antispyware-scanv3.com (Personal Antivirus Scareware Site)
• best-virus-scanner.com (Personal Antivirus Scareware Site)
• homeantispywarescan.com (Personal Antivirus Scareware Site)
• livetimeprotectionscan.com (Personal Antivirus Scareware Site)
• beeves.info (Internet Antivirus Pro Scareware)
• securitytoolworks.com (New Rogue Total Security Antivirus)

These sites gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

Do a Full System with One of these Free Antivirus Software:

Download SUPERAntiSpyware

Download Malwarebytes

©2010 . All Rights Reserved.

Well, this had to happen sooner or later.  It looks like Powerpoint can be exploited with a Remote Code Execution.   So Microsoft today has issued an Advisory for KB969136.

In there post they say:

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren’t expecting either scan it good with a free anti-virus. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it’s an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don’t think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

According to Micrsoft the Windows Live One care picks this up as Win32 Exploit so I am sure other Anti-virus Software will do the same.   Just for the time being you will want to scan any presentations that come your way.  I will update the blog as more information becomes available!!

©2010 . All Rights Reserved.

The Worm that has infected 6% of Personal Computers is starting to build into something totally different.  According to some Researchers, they are saying this has to happen soon. And I’ll quote:

In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.

[Via F-secure]

Although this sounds like it has stopped, I don’t think so I am sure the worm will get even bigger.   I don’t think it has been curbed we might have a rest period before the Worms tries again.

“Why is it taking so long?” asked Huger. “That’s what we’re all asking.” He couldn’t recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.

[Via PcWorld]

Now We know this exploit is being patched as quickly as possible in some areas of the industry but that leaves the question?  What isn’t being patched, I am guess the next stage of this worm is mutant into a new worm much like the way it tries to communicate to download new software or instruction.   I believe it will be using a newer exploit so that it can infect even more computers.   I also think it will be a botnet and so does others.

But he also pointed out that the clock is ticking. “If they don’t hurry up and do it, someone else will,” he said, explaining that hackers must fend off not only security researchers, but also other criminals, who would like nothing better than to pinch a ready-to-use botnet.

[Via PcWorld]

So they are going to use this Downadup Worm soon, I am counting on it.   Somethings for IT professionals to prevent more infections are to make sure you have patched the latest security holes before they exploit that.   Like my favorite program, the Clone of Autopatcher, which you can create a month by month patch DVD to install on all important systems.   IT professionals must not start getting relax, because of people saying it is on the downfall. In nature there are always going to be periods of rest before growth. So I am sure something will happen rather quickly, and probably in the next week or two.

©2010 . All Rights Reserved.

I have to talk about this because this is a big deal.   According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems.  According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials.  The virus  does not  need to know any passwords or user names to gain access.  Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most  companies don’t patch there system as quickly as Microsoft would like them to.   You see most companies have quite a few computers depending on the size of the company it could be quite a lot.  So many in fact that it would have several IT personal just to keep the system going.

So why don’t they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems.  Some use really special programs or have a network going that is vital.  Even the smallest update to the system could bring the network or the program down.  Most companies liketo test it out on test machine for a while to make sure that the patch doesn’t  prevent the business from doing business.   Here are a few articles that prove why companies do not want to just install patches automatically:

• Windows patch is flawed (Dated March 31, 2005 8:31 AM PST)
• Stealth Windows update prevents XP repair (Dated Sept 27, 2007)
• Patch Tuesday security update causes problems with IE for some (Dated Dec 18, 2007)

Some companies are using older systems like Windows ME or some older Windows Operating systesm.   Although there isn’t anything we can do about those because Microsoft has stopped supporting them with updates and all.  I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don’t have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way.  I’ve recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves?  How do we update all of the systems we are responsible for?  There are no easy answers to this.

©2010 . All Rights Reserved.

After seeing more and more the updates coming from the net.  I wanted to talk about what a Computer Virus or Trojan is and how you get it.   So how did  you could of gotten a Virus in the first place.   So here are some information to consider:

The vulnerability of operating systems to viruses

So what does that mean to you?  Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit.

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit.  Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems.  You see if they can get on one system they can then find ways to get on other systems.

In the Old days, you’d ask

How Did I Get This Virus, Anyway?

You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document. How you copy the infected files is irrelevant: Viruses don’t care if you get them as an e-mail attachment, a download, or via a shared floppy disk, though e-mail attachments are the most prevalent (and easiest) mode of transport.

[via PcWorld] (Dated Oct 13, 2000 11:00 pm)

Viruses & Trojans try to Avoid detection

So you have a virus, it wouldn’t do a virus any good to be detected right after getting onto a system.   More and more, viruses are trying to avoid being seen and heard.  Most hackers who program are wanting to infect more than one system so they have to make really sure that you don’t find out your infected.    So with that said there are several ways  and I won’t try to explain them because I think the link talks about it better than I could.   It however will give people something to think about.

In the next few days there will be another post on How you will be able to figure out if you have a virus.  I had to talk about this first so people could understand how to figure out if you have in the next post.  So stay tuned for more

©2010 . All Rights Reserved.

As many of you know we talked about the Non-critical patches that Microsoft will release today.  IF you want to read those please go and check it out.   I’ll be talking about the REALLY important ones that Microsoft has kept tight until now.    These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

These are just the tip of the iceberg. although this list are not A lot.  I’d wanted to let people know about what people coin “Exploit Wednesday“.  I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible.  Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates.  I don’t suggest testing it more than a couple days.  Here are some good Virtual Machine software to try out yourself:

• Hyper-V (Microsoft Product)
• VMware Virtual Machine
• Virtual PC 2007 (Microsoft product)
• Virtual Box – Sun Microsystems (FREE)
• Kaffe Virtual Machine (Haven’t Tried this one)

Here is the list of updates that are critical that Microsoft released today.   Each one of these are quite important and should be considered installed when you get a chance.

This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-071 – Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (KB956802)

This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-075 – Critical
Vulnerabilities in Windows Search Could Allow Remote Code Execution (KB959349)

This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

KB952069
(not quite sure what this one is, when I go do a Google search this is what pops up. It was in German but Google translated it for me)

In the Windows Media Runtime to the default in Windows XP SP3 contains Windows Media Player (WMP) 9 were discovered vulnerabilities that could allow an attacker to compromise your Windows-based system and gain control over it. See Security Bulletin MS08-076 ( englisch bzw. deutsch ) See Security Bulletin MS08-076 (English or German)

These are just ones that I found and wanted to let you know, the others have been explained on the other article.  So check them all out and I suggest installing them quickly as possible.

©2010 . All Rights Reserved.

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

As PC Trojans go, the programming features of RSPlug.E look fairly basic. PC malware is more highly evolved and usually cleverer. But a programmer – probably a Russian – with knowledge of OSX had taken time to create a Trojan that hits Macs instead of PCs, James pointed out.

[via Techworld]

Which looks like it has already begun. So what can Mac users do, get an Anti-virus and maybe Apple will have to start backing down from the Virus commercials and actually admit it. Sooner or later someone will have to challenge Apple to get them to start admitting to it.

©2010 . All Rights Reserved.

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.

These are the ones that I found and wanted to let you know about these so you can make your system even more secure.   if I find any others I’ll let you know!!!

©2010 . All Rights Reserved.

According to Techworld.com,  Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit.  The talk from them is quite intriguing.   I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista.  Now we all know that Microsoft will release a patch quicker than 6 months away.  According to this article, people are already looking for the exploit and want to know more about it.  I would be willing to bet they will have a patch out sooner than later.  Probably January or Febuary, which will be a big deal because no one will expect it.  I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch.   So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

©2010 . All Rights Reserved.

According to Computer World, dated Oct 31, 2008 and I’ll quote:

“Over the next couple of months, we’ll be rolling out another infrastructure update to the Windows Update agent (client code),” said an unidentified Microsoft employee on the Windows Update team’s official blog. “This update makes it possible for users to install more than 80 updates at the same time.”

[via Computer World]

Now if your like me and have several computers who need to be updated at a given schedule, you sometimes worry about these updates that come along that might just break your system. I have been using a program call Offline Updater, which does what Autopatcher does really nicely. So why is Microsoft sending out this patch? Two reasons, one they want you to be able to update your operating System without hurting your system integrity.

Now lets talk about the integrity of having to reboot your system. You see, every time you reboot the system, it causes the system hardware some strain.  It is something like having starting up a car, sooner or later you will have the starter go out, because of to much start up.

What about stopping the update from effecting your system.  The only way that I know of is to prevent Windows from checking for updates.  Which is simple:

Windows XP Version:

[Category View and Classic View]

<Start> / Control Panel / Security / Click Windows Updates

For Windows Vista:

<Orb> / Control Panel/ Security Center/ Windows Update / click “change Settings”

With both ways, you will be able to control four ways to handle Windows updating and they are:

• Automatic - Will download all necessary updates and install them without your permission or knowledge.  Note some of the updates will automatically reboot your system.  Most commonly they are set to do this every day in the 12am to 4 am period of time.   So when you wake up you would see an log in screen.
• Download updates but let me choice which ones to install and when -  This is most commonly used by people who don’t want to bother having to check manually.  It will check and download, then it will let you know.




• Check for updates but don’t Download them -  This is like the previous one but this will only tell you.  The rest of the decision is in your hands not the computer.  This is good for people who have limited system resources, like Hard drive space.  It still reminds you like the previous one but won’t download any updates.




• Never check for updates -  This is used for people who don’t want to be bothered with updates and have a way to update manually.  This is commonly used by businesses who have several systems on and don’t want to risk an update causing trouble or weigh down the companies internet by downloading updates un-necessarily.   This option is not to be messed with because it leaves your system with quite a lot of vulnerabilities.  You do this one if you have a set schedule to update each and everyone system. (Extremely Dangerous to do)

With what I talked about, I am hoping you find this useful and to share your discoveries with other people who might want to be able to change how Windows updates are handled on other systems.  If you have comments or questions, please post them in the comment section and someone will be more than glad to help you out.

©2010 . All Rights Reserved.

Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (KB953155)

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

[via Microsoft Bulletin]

Now from what I understand, if you have a Network attached printer on your system this would make you more vulnerable to someone taking control over your system. So this patch is supposed to fix that. I am recommending to all to update this and fix this update ASAP. I do not know if you don’t have one what that would do so just install this update, because you will undoubtedly still be runing the Internet Printer Protocol even if you don’t have a printer.

©2010 . All Rights Reserved.

I was just surfing the DigitalPoint Forums today as usual when i saw something going on there. Some people starting frequent threads with titles similar to “Selling DiggBoss Points”, “DiggBoss Invites for free”. Find all of them here . I had a quick look at it what is this DiggBoss actually ? I took a invite from a guy there who sent me a link through PM to a site with URL http://www.diggboss.com. I was confused initially, but after I registered and logged in there, i was shocked to see whats happening. So many people, almost 100+ trading diggs and stumbles there. All they do is, look at the stories listed there and digg them. It works in this way – when a person diggs one story he gets one diggpoint. He can increase his diggPoints this way. When he has enough diggpoints, he can submit his own story and it will be listed there to be dugg by the other members. The system was working perfectly for both digg and stumbles. Not only this, i also find many people collecting diggpoints and selling them there for prices like 5$ for 30 DiggPoints. I thought of giving it a try to see whether it really works or not. I made a sample story and submitted it to digg. Find it by clicking here. purchased around 100 digg points from a guy there. I then added this story to the diggboss campaign, and the system showed they will trade me 50 diggs for 100 diggpoints. I submitted and waited for a few hours. WoW ! 50 diggs and it got the ball rolling. One after the other, it broke around 121 diggs and made to homepage for a few mins (the story was a bit funny, so it gots some natural diggs later). It made me around 1200 unique hits to my site.

But i was really shocked to see how these social networking sites are exploited. Not only this, i can also see people exchanging diggs openly on webmaster forums like DigitalPoint. See the following link -

Check this google search results

Its really disappointing to see exploitation of such social networks!. I guess digg must take serious action to stop this stuff.

Perhaps digg could easily see the above story and ban all those who dugg it, But the big problem is that, the gang was only used to get the ball rolling !.

I knew digg has it’s flaws but that shows you how many flaws they actually do have! : ( I wonder how many are actually done by those people!!

©2010 . All Rights Reserved.