Figuring out the Email-Worm Win32.Zafi.b

By Paul | Dec 13, 2008
Comments Off

This is another just I just saw on the web and wanted to talk about what this little Worm does and what it’s known Aliases:

Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)

This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.

This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe

It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.

It also attempts to conduct DoS attacks on the following sites:

www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu

Fix Shutdown Problems in Vista!

By Paul | Dec 10, 2008
Comments Off


In the Patch Tuesday update, Microsoft quietly released the patch to fix Windows Vista machine shut problems. This patch should of came sooner.

KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

This was not a critical update and it seems to resolve so many issues with compatibility.  One thing it seemed to fix on my system has been the shutdown time.  It is now quite fast, it would normally take me 2 to 3 mins to shutdown, now it does it in less than a Minute.   So if you’ve not installed this update please install it soon.   I would like to know if people are seeing the same thing I am.   I’ve found a great resource on fixing it if you are still having problem, it talks about how to check your system performance. Although this is been doing it lately with these programs not loaded or even running, they still seem to cause problems so now I get the feeling it has to do with legacy programs.  This should fix most of the problem with older programs.

sinowal.trojan Problems.

By Paul | Dec 4, 2008
Comments Off


Trojan-PSW:W32/Sinowal.CP drops and loads a password stealing component on the infected system and tries to steal account information from it. It also tries to steal information that is required to access certain online banks’ and online payment systems’ websites.

[via F-secure]

It seems to be a very hard virus to remove but there are ways to get rid of this virus.   Some tips and tricks to get rid are:

This are the beginning steps to get rid of a Virus but it will be a really hard virus because it wants to stay in your system.  You should also Restart in Safe mode and Try to remove that virus that one.   You will also want to disable your system restore due to the fact that it will be in there and might come back if you restore your system.  Just some simple tips to help keep you safe on the net.

Spying on Spyware.ISpynow!!

By Laforge129 | Nov 29, 2008
Comments Off

This is another Virus that is going around and thought I’d tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

Now this one isn’t to hard to figure out what happened.  You have to manually install it on your system to get infected.  Symantec has a great way on uninstalling this annoyance.  I also suggest checking out my other program list just in case you don’t want to buy Symantec Anti-Virus programs.  Some other things to check out is:

Some good CyberMonday Sites to look at for 2008!

By Laforge129 | Nov 28, 2008
Comments Off

I was just getting done with that story about the Walmart Stampede, and thought I would encourage people to check these good sites for people to check out for great deals.   I have been looking through sites combing for some great sites to find the best deals and here they are:

  • Dealio — Dealio will not only show you sneak peaks at Cyber Monday ads, but we will also send you directly to the store so that you can purchase the often limited inventory Cyber Monday deals before they disappear. Best of all, there is no need to hop from site to site – Dealio has all your Cyber Monday shopping covered.
  • CyberMonday – Shop hot holiday deals from more than 500 merchants. All of Shop.org’s proceeds from CyberMonday.com support the Ray Greenly Scholarship Fund.
  • Cybermonday Mahalo Deals — This Mahalo page collects links to websites offering information and discounted merchandise for Cyber Monday.
  • Best Cyber Monday Sales –Well, I finally put together a list of the top retailers throughout the country with links directly to their Cyber Monday deals.

Not so, Antivirus2008

By Laforge129 | Nov 28, 2008
Comments Off

On F-secure blog they talk about this rogue antispyware.

OK, so let’s say the user (by some stroke of luckless chance, or courtesy of a trojan downloader) ends up with the demo installer of Rogue:W32/VirusRemover2008.C on their hands and it runs
[via F-Secure]

According to them, they have many different version of this rogue antispyware.  They have de, dk, es, fr, it, no, nl, and no, which are all attempting for you to buy this no so Virusremover2008 software.  They talk about how it tells you have a 9 infected viruses and that you need to remove them, but in truth, they use a text file to create this lie.  Check out all the details for further information.

Technorati Officially laysoff 6 people!!

By Laforge129 | Nov 25, 2008
Comments Off

Technorati released today they are going to Lay off 6 people and I will quote:


Unfortunately, this means sacrifices. Technorati’s management team members are taking pay cuts ranging from 15-25% and employees are taking 10% cut. This also includes the reallocation of staff. We’re laying off six employees today – including two executives — and there are two additional departures we won’t replace. These are high performers who have worked long hours to get us where we are now. They’re also friends, and we’re very sad to see them go. We simply need a leaner and reconfigured mix to get us through 2009.

[via Technorati Weblog]

They will also be taking pay cuts all through the company.  So the recession is hitting them also.  I am sure CEO Richard Jalichandra has the company interest in mind.  According to Techchunch, they have added these recent layoffs ticker.   You can also search my blog for other layoffs that have happened or will happen.

Some program Vulnebilities Detected!!

By Paul | Nov 25, 2008
Comments Off

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Looks like a scam to me : Personal Shopping Assistant!

By Paul | Nov 14, 2008
View Comments

Good afternoon!

We found your resume at _________________ and we would like to propose you a
position of Personal Shopping Assistant.

Imagine having an exciting job with incredible salary (up to $100,000/year) that
lets you use your creativity while being paid to shop. Welcome to the world of
personal shopping!

As we know shopping is the world’s favorite leisure activity, but in our busy
society an increasing number of people need to hire someone to do their
shopping. Thus personal shoppers are more in demand than ever before.

There are absolutely NO START-UP FEES and NO FEES for being employed at this
position. As long as you live in the USA, and you have a credit card or any
other line of credit, have 1 or 2 free hours during the day – you are eligible
for this job!

This is what you will have to do in short:
• Purchase the requested goods using your credit card.
• Send us receipts.
• Wait for us to issue a credit to your credit card in the amount of purchase
plus shipping fee plus your commission which comprises 10%.
• Ship out the goods.
• You are finished, come back for a new list of goods.

Sony recalls 340,000 batteries.

By Paul | Oct 31, 2008
Comments Off


Sony Recalls Notebook Computer Batteries Due to Previous Fires

The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.

Name of Product: Rechargeable, lithium ion batteries containing Sony cells used in Fujitsu Computer Systems Corporation, Gateway Inc., Sony Electronics Inc., and Toshiba America Information Systems Inc. notebook computers.

Units: About 340,000 batteries (an additional 3,080,000 battery packs were sold worldwide)

Battery Cell Manufacturer: Sony Energy Devices Corp., of Japan

Hazard: These lithium ion batteries can overheat, posing a fire hazard to consumers.

Incidents/Injuries: There have been 16 reports of notebook computer batteries overheating, causing minor property damage and two minor burns. All of these reported incidents and injuries have been associated with earlier recalls of notebook computer batteries containing these Sony cells. There have been no incidents involving batteries sold by the notebook manufacturers participating in this announcement.


[via U.S. Consumer Product Safety Commission]

Microsoft Releases MS08-062 to the Public a Month Early!

By Paul | Oct 29, 2008
Comments Off


Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (KB953155)

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

[via Microsoft Bulletin]

Now from what I understand, if you have a Network attached printer on your system this would make you more vulnerable to someone taking control over your system. So this patch is supposed to fix that. I am recommending to all to update this and fix this update ASAP. I do not know if you don’t have one what that would do so just install this update, because you will undoubtedly still be runing the Internet Printer Protocol even if you don’t have a printer.

What’s with Google trends?

By Paul | Oct 20, 2008
Comments Off

Having been going to the Google Trends and keeping watching.  I am starting to wonder something?  Take a look at this and you tell me?

Oct 20,2008 Google Trends

Can you see how someone might use this to create a Goog-411 and use it to promote there website? It is all about the hits and getting what publishers like to say the eyes on a website. Now is that going to confuse people or make people not want to come to a site.  So how would people abuse this?

Very Simple, they’d watch what is trending and post accordingly.  Now you as a reader would click on the website expecting to see what you want to see but instead it would popup with advertisements and maybe malware?  Check these links to better understand it:


Now even though these are just a few.  You can see how someone might want to abuse it and get there site up on Google trends and be able to infect several to even millions of computers before Google sees that or stops.  You could in theory take over a website high in Google rankings and do exactly that.

Bad Behavior has blocked 952 access attempts in the last 7 days.

© 2009-2010 Tech-Linkblog.com All Rights Reserved -- Copyright notice by Blog Copyright

Tech-Linkblog.com is Digg proof thanks to caching by WP Super Cache

© 2007 Tech-Linkblog.com and Hosted by Justhost and domain through Godaddy, - WordPress Themes by DBT -- Who links to my website?