Reviewing the Sunbelt Personal Firewall

This all came around because of Online Armor was giving me problems. So I decided to try to try the Sunbelt Personal Firewall instead. So I uninstalled Online Armor and installed this Sunbelt Personal Firewall. Once I had it running, I was amazed at all the options that it gave me!

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria.

[From Wikipedia]

As you can see when you install this software you get more than what you expected. You get Internet Filtering, Ad-blocking, Block Javascript, Block VBScripts, Block ActiveX, And Block Private Information. The Speed of it is extremely nice, it is really light weight on the system.

The nice thing about this is that you can throw out your other ad-blocking software and make your systems work easier, not having to load up so many programs will help reduce the loading of programs that are required to block Ads and JavaScript, and Even ActiveX. This will help protect your system even more if you are one of those who is really strict with not wanting to run scripts while browsing.

Consulting with a client

I had a consultation today with a client who wanted help with their new Acer AOD250-1962 10.1-Inch Pink Netbook – Over 3 Hours of Battery Life. So i went over email and the usual easy stuff. They aren’t really tech savvy so I had to slowly walk them over to how to get the most out of the of the system.    As I was working on the system and making sure it was running smoothly, I saw their broadband wireless  network was unencrypted, which is something you shouldn’t do.  So I had to talk to them about why it is ’so important’ to keep that encrypted.  You really don’t want people to be watching what you do on your wireless network do you?

So my client asked me to setup and secure there wireless broadband router.   I was being nice and decided, suffice it to say if they were having anyone borrowing their network for illegal stuff, they aren’t no more.

Facebook games having Scareware redirect Sites

I was on Facebook Yesterday doing my usually just playing one of my games when all of the sudennly this pops out:

As you can see this seems to be another site which is a scareware site, the site Powerantivirusscannerv2.com is trying to scare you into buying a fake antivirus.   I don’t know if it was Facebook doing this or if I got the redirect cookie somewhere else.    Although if you have downloaded the program that they want you to install or even think you have this fake antivirus installed, Spywareremove has the information needed to remove off your system.  It seems they are going to use social sites more and more and you should be careful.  I also have some good resources like Free Anti-virus and Free firewalls that would help protect you from this threat.

Somethings to consider when you see something like this pop up are?  Do you have antivirus or a firewall?  If so, then you shouldn’t be worried to much.   Always look to see if you can see if it is a webpage and not from the system.  This is something the scammers are always trying to do to get your money.  Remember these sites are not really a trustworthy site and should be avoided at all cost.  I also recommend using the Hijackthis software to look for these rogue softwares in your system to better protect your system.

Casino Spammers still user Yahoo for Spam : Could this be Malware?

It just shows you just how one Geocities was taken down by Yahoo who owns it, the spammers have to come up with more ways to get you to download there software.

In my previous post about Casino programs,  They were using Geocities to host the page for the link to the download.

It seems to be linking to “http://bestwinscasino.com/SmartDownload.exe“.  From previous post I talked about what that program did but I wanted to do another test with CWSandbox and see what has change. It looks like they must be having problems lately,  So If you want to do your own test and send me the link by all means.  I don’t know what is going on but, it probably is like the other post about wanting to do some bad things.  Virustotal has some anti-virus programs flagging this so I am unsure of the Harmlessness of this file but I wouldn’t install this software.  According to Avinti this program is a trojan dropper.  So Iwill let you decide on installing this software or not.

Mebroot becomes More Stealthier!!

Well Here is something we should all be on the look out for:

Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

Mebroot inserts program hooks into various functions of the kernel, or the operating system’s core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn’t been tampered with.

[Via Pcworld Magazine]

I will be updating my Malware Resource for the Prevx Software, but this looks to be a very bad root kit.  From my understanding most of the security related software.   It seems this little program will become even harder to detect and remove.   It also looks like this is ready to start infecting people with this root kit.   You should update every part of your system from Windows Patches to Browser.  Securnia once said that most people are not patched fully!!  Just like the Conficker Worm, if your not fully patched and keeping anti-virus and Firewalls on your system then you might as well be walking on nails.

Securing your Windows Machines

After a Long day at work, you sometimes feel like there isn’t much you want to talk about. Then this idea comes to me? Why do people blog and why do people talk about security?

I’ve come to realize something, I’m not one who was grew up understanding bits from bytes. I grew up as any family does fighting with my siblings.

Having been blogging the past few years, it seems like only yesterday that I started blogging. Cliche I know but still very much true. Most blogs do what they know, I aim to learn and teach each day I blog. Like days like this when the world is pretty much quite and the remnants of the conficker worm dies to a rumble.

So how do you secure your Windows Machine?

After a day long battle with  my wife’s system, I grow to wonder if there is something I should do differently with how to prevent Viruses and Worms on her system.  So I’ve groomed my Knowledge base and come up with 5 good points when it comes to locking down your Windows Machines:

Fake Scareware Sites Popup after the Pifts.EXE Conspiracy

There Seems to Be a Fake site that are popping up today right after what happened with PIFTS.EXE. I just happen to Google it to see what people are talking about and this appears on the front page.

As you can see this leads to a server in Poland and once you go to it you see:

I will be reporting this to Phishtank. This is scareware which means  there is no real VIRUS because and you
Should never believe the screens when you see something like this. According to Wikipedia:

Some websites display pop-up advertisement windows or banners with text such as: “Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below.” These websites go as far as saying that a user’s job, career, or marriage would be at risk. Products using advertisements such as these are often considered scareware. serious scareware applications qualify as Rogue software.
[Via Wikipedia]

I hate Snopes Spam

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

• Is it completely True?
• Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)

Rogue Fake Codecs on the Rise

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

And the Oscar goes to . . . Not these guys!

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

PDF Zero Day Vulnerability in the Wild

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

Tech Journalist breaks the silence — Journalist got Pwned!!

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam

[Click Picture to see the full story]

As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

Zero Day For IE7 Being used in the wild.

It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

[Image from TrendMicro Blog]

As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

Scams about Stimulus Checks

It’s that time of year where people are hearing about the Stimulus Checks and some Phishing people are still trying to get people’s information for your bank account and steal your identity. One such one is sending out email for the 2008 Stimulus Program this email account looks to be “stumulusref@i-r-s.com”. As you can see this is a .com email address and not a .gov address.

The IRS will never send out email. The IRS will never ask you for your PIN or Any personal information. Don’t reply and don’t open any attachments, more like is if they send out any attachments they are going to be a virus and you will infect your system with any number of possible viruses out there. To protect yourself from virus you should consider installing one of the many free anti-virus softwares and also installing a firewall will help protect you. Only true way to prevent yourself from being a victim is YOU. No one else can keep your information private but you.

Valentine’s Day Brings More Malware!

Panda Labs talks about this new technique where it tries to install W32/Waledac.C.worm under the thought of someone special. It sends out email to people hoping to click links such as:

• hxxp://goodnewsreview.com
• hxxp://worldnewseye.com
• hxxp://www.spacemynews.com
• hxxp://www.worldnewsdot.com
• hxxp://www.worldtracknews.com
• hxxp://www.wapcitynews.com
• hxxp://linkworldnews.com
• hxxp://goodnewsdigital.com
• hxxp://waleprojekt.com
• hxxp://expowale.com
• hxxp://topwale.com
• hxxp://waleonline.com
• hxxp://goodnewsdigital.com
• hxxp://wapcitynews.com
• hxxp://bestgoodnews.com
• hxxp://spacemynews.com
• hxxp://linkworldnews.com

Once your at the site,  clicking on the hearts you would then download an file that is the worm!!  SO here are some things to remember.

If you don’t know the person, then it’s probably spam.   If you know the person you need to ask them before you run the program.   You also need to scan any downloads before you run them.  Go to my Malware Page and get a free Anti-virus and Firewall.  For the likely possibility this worm seems to search the computer and harvest email addresses, you should also warn the person who email you the link to let them know that they are infected.

Microsoft issues 1 Major update 1-13-09

Well it has been release Microsoft issued an update to the system:

Vulnerabilities in SMB Could Allow Remote Code Execution

Microsoft Security Bulletin MS09-001 – Critical (KB958687)

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This is one of those updates you really need to install as soon as you can.   You should also get a free firewall or buy one.  I looks to be a vulnerability in the ports and if you’d have a firewall besides windows you should be safe but that is besides the point.   If you are security congenious then you should install this update ASAP.  If your worried this will effect you system then you will need to backup your system before you do this update.  If you feel you’ve might of been infected with this Vulnerability you could always go get a free antivirus program and scan your system.  This is the sure way of fighting a Virus and making sure your safe, although people argue that Paid virus programs are quicker to be updated with virus databases, it’s all in the matter of preferences.

Inside Generic Pup.Z

Infection Methods:

Potentially unwanted programs do not self-replicate. They spread manually, often under the premise that they are beneficial or wanted. They can either be stand alone applications, or come bundled along with other PUPs, Trojans or Rootkits.

Installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs.

Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Ways to prevent Infection:

In order to prevent these types of infections you need to understand that most of the time it is something you thought was useful but yet has a virus hidden inside of it.   Some of the things you can do to remove the virus is:

• Get an Anti-virus
• Update the Database
• Try uninstalling any programs that you might of installed that might of installed this virus.
• Removal Instruction from McAfee that might help.

You need to remember about security and how to counter any virus installation by having a firewall and Anti-virus.  I have also put an e-store to better make use of anything I see on Amazon that might help you out.  If you want to visit it, click here.

IE vulnerability in the Wild

Well this was bound to happen, hackers found this vulnerability and is using it for their own purposes. 

It seems they put a virus on your system.  Microsoft has issued an Recommendation and to check out Microsoft Security Bulletin MS06-055.

“What we’ve seen from the exploit so far is it stealing game passwords, but it’s inevitable that it will be adapted by criminals,” he said. “It’s just a question of modifying the payload the trojan installs.”

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

[Via BBC News]

I personally like to recommend a program that will do a better job at security and that is Firefox,  I also suggest people use the Thunderbird and not Microsoft mail program.  This will greatly reduce your likely hood of getting a virus or Trojan.   Most of the time hackers like to find new ways to infection to get into your system.  If you want to preven having a virus in the future, I’d recommend going to my Malware Resource and check out a good firewall and anti-virus.   This will prevent you from getting some of the viruses and other types of malware.

trojan.zlob removal tricks!!

Aliases:
Trojan-Downloader.Win32.Zlob.qyl (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzs (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzn (Kaspersky)
Trojan.Zlob.CPP (BitDefender)
Puper (McAfee)
SystemDefender (Symantec)

Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.

[Via Windows Live OneCare]

This one just popped up today on my radar it seems to be a very low threat on everyone’s radar according to my sources say “Trojan.Zlob.G is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page.”  So to remove this little Trojan you would want to download one an Anti-virus and firewall.   Once you install the software the program should fix the problem for you.   This one seems to be really easy to fix.   So Please read my post on how to better protect your self if you want to prevent this in the future.

Are you patched, Secunia Says NO

Think you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack.

So I wanted to talk about this a little and give you a few good ways to make sure you are patched.  There are several ways to get your system up to almost 100%.

Some things to do is make sure you have your Windows systems updated.  This is easy to make sure, if you have an internet connection you can just check for updates.  If you don’t know how to do it, it is quite simple, Just go here.    If you have Windows Vista all you have to do is hit Start and type in the search box “Windows Update” and hit Enter and you will be taken to the update page.

If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

Apple’s Immunity, Botnet sanctuary.

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

Everything I’ve seen suggest that virus writers and Malware writers will MOST likely start targeting the Mac OS X, they know Apple sense of security is Vulnerable to attack and they will exploit it more and more. So what does that mean for Apple, it just means that soon every hacker who has a botnet will want a piece of the Apple Pie and is right now.

Stop botnets in its tracks With a Firewall!

According to PC World and I’ll quote:

According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40 percent of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.

[via PC World]

Now let’s talk about this, having been seeing recent surges of people getting infected.  I’ve come to the conclusion that companies like AVG and other Anti-Virus companies are keeping up.   Now true if all you have is an Anti-virus and nothing else that greatly increases your likely hood of getting a virus.

In a recent virus storm, We have people finding my site because of a Good Firewall.   No if he didn’t have anything but Windows firewall then it would of gotten through and you would not of known about it.  So let’s talk about how to prevent botnet attacks.   This is relatively easy and if you follow some common rules.   You to could be less likely to be infected.  I will say this most people don’t do these common tips and they should do them.

Spying on Spyware.ISpynow!!

This is another Virus that is going around and thought I’d tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

Now this one isn’t to hard to figure out what happened.  You have to manually install it on your system to get infected.  Symantec has a great way on uninstalling this annoyance.  I also suggest checking out my other program list just in case you don’t want to buy Symantec Anti-Virus programs.  Some other things to check out is:

• Avg detected Trojan Horse Generic 12.htc? – This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.
  
• Some Important programs to prevent yourself from having viruses and Malware!! — This article gives you some other programs to use other than Symantec.   You have a wide variety of choices on Anti-virus programs and Firewall Choices.  You also have some choices on Spyware removal programs.

Vista has a new Vulnebility!

According to Techworld.com,  Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit.  The talk from them is quite intriguing.   I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista.  Now we all know that Microsoft will release a patch quicker than 6 months away.  According to this article, people are already looking for the exploit and want to know more about it.  I would be willing to bet they will have a patch out sooner than later.  Probably January or Febuary, which will be a big deal because no one will expect it.  I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch.   So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

Some Important programs to prevent yourself from having viruses and Malware!!

This post is in response to Alertscan.net and how many people have seen my page. If you would like to protect yourself from the possible hi-jacking of your internet or Computer there are some programs to consider using:

If you would like to scan your system right now without downloading any files go to:
Kaspersky Lab Free Virus Scan

Firewalls:

• Commodo Firewall
• ZoneAlarm For Vista
• ZoneAlarm for Windows 2000/Xp

Now these are free but I tell you. You will only need one firewall even though windows has a firewall this helps as a better protection to know what is coming in and going out.

Anti-Virus:

• Pctools Antivirus Free Software
• AVG Anti-Virus Free Edition 7.5.503
• Avast Home Edition
• Clamwin Free Antivirus

Again these files are free but you will only need one of these. If you install more than one you will most like start slowing your system down to much!!

Spyware Removal:

• SpywareBlaster
• Spybot Search and Destroy v1.5
• Ad-Aware 2007 Free Edition
• Hitman Pro

Enable Leopard’s Off-By-Default Firewall

Computer security firm publication Heise criticizes Mac OS X Leopard for shipping without its firewall enabled by default like Windows Vista and advises users to turn it on. To do so, in System Preferences’ Security area either block all incoming connections or set explicit exceptions for services that can communicate through the firewall, like file or screen sharing, as shown. (More on that in an upcoming post.)

Holes in Leopard’s firewall [CNET]

Enable Leopard’s Off-By-Default Firewall

Computer security firm publication Heise criticizes Mac OS X Leopard for shipping without its firewall enabled by default like Windows Vista and advises users to turn it on. To do so, in System Preferences’ Security area either block all incoming connections or set explicit exceptions for services that can communicate through the firewall, like file or screen sharing, as shown. (More on that in an upcoming post.)

Holes in Leopard’s firewall [CNET]