In a story from Sophos, some e-mails are going around saying that Barack Obama is not going to be president or that he will not be inauguration.   Sopho’s also makes a great comparison for the two sites and it does try to look like the official site.

Which if you click on the “Continue Reading” link it will try to send a file “Speech.exe” which is W32/Waled-Gen or Mal/WaledPak-A.   It is a fake site to look like the real site, it is never a good idea on clicking on links that looks real. For those of you who want to watch the Inauguration online I would suggest Hulu:

You can watch it happen when it happens. So sit back relax and enjoy the show!!

©2010 . All Rights Reserved.

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”

[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

Once you’ve done that, you’ll no longer have to worry for the most part about codecs. There will be times when you might have to visit that site and update them but that will be far less.

The other thing you must remember is if it says you must update your player. That should be a sign that there is something. I’ll always go to the site and check for example Adobe. If it says I need to update my flash I’ll manually type it into my browser. This way you will know you have the latest updates, if you need to update the flash player by all means go to here and update.

If you got the virus I’d check out my Anti-virus and Anti-Spyware page and that should show you will you need to get rid of the Virus. This virus is very easy to get rid of, just download any one of the anti-virus software and install it. Don’t forget to update the virus database while your at it. That should fix the problem pretty fast. Remember the only way to prevent from getting the virus is YOU.

©2010 . All Rights Reserved.

According to PC World and I’ll quote:

According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40 percent of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.

[via PC World]

In a recent virus storm, We have people finding my site because of a Good Firewall.   No if he didn’t have anything but Windows firewall then it would of gotten through and you would not of known about it.  So let’s talk about how to prevent botnet attacks.   This is relatively easy and if you follow some common rules.   You to could be less likely to be infected.  I will say this most people don’t do these common tips and they should do them.

Make sure you update Windows regularly.  Having seen this time and time again, if you don’t keep windows updated then you lose the battle.  If you have a system that needs updating, I suggest downloading the Clone to Autopatcher.  This little program will download the files needed to update your system without having to be online.  Although, you can have windows update automatically every month but that might not update the recommended updates only the ones that are hot.  It doesn’t matter which way you prefer to update, as long as you do to update regularly, Like every 2nd Tuesday of the Month.

One last tip you should also keep your Firewall and Anti-virus updated.  There is a little program that will do that, it’s call AppSnap.  If you follow all these recommendations you will greatly reduce your chances of getting a virus on your system.

©2010 . All Rights Reserved.

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update.  If you haven’t updated your system just yet you should.   This troublesome fake virus seems to have been killed  from several systems.  This could effectively make it harder for these guys who ever designed this program to make money.  I hope microsoft does even more virus removals in next month.  If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.

©2010 . All Rights Reserved.

Good afternoon!

We found your resume at _________________ and we would like to propose you a
position of Personal Shopping Assistant.

Imagine having an exciting job with incredible salary (up to $100,000/year) that
lets you use your creativity while being paid to shop. Welcome to the world of
personal shopping!

As we know shopping is the world’s favorite leisure activity, but in our busy
society an increasing number of people need to hire someone to do their
shopping. Thus personal shoppers are more in demand than ever before.

There are absolutely NO START-UP FEES and NO FEES for being employed at this
position. As long as you live in the USA, and you have a credit card or any
other line of credit, have 1 or 2 free hours during the day – you are eligible
for this job!

This is what you will have to do in short:
• Purchase the requested goods using your credit card.
• Send us receipts.
• Wait for us to issue a credit to your credit card in the amount of purchase
plus shipping fee plus your commission which comprises 10%.
• Ship out the goods.
• You are finished, come back for a new list of goods.

If you are interested in Personal Shopping Assistant position please fill in the
form below and send it to: Open2usa.job.dep@gmail.com
Our manager will contact you within two working days.

————————————————FORM————————————-
Full name ______________________
Residence country _____________________
Age _____________________
Contact phone ______________________
Availability time _______________________
————————————————FORM————————————-

This letter confirms your resume has been duly processed and your skills
completely meet our requirements for Personal Shopping Assistant Vacancy.

Thank You,
John Walker

I wanted to bring this up because of two things that I saw first off that made this look like a scam. One is they want to “CREDIT” your credit card and two they use a GMAIL account. I am going to say this is looking more and more like a scam. If anyone else has any other ideas about this just leave your comment.  I don’t see how this can be real.   I am thinking once they have your credit card information, they’ll start using it.

©2010 . All Rights Reserved.

We came across a rogue today called Antivirus Professional 2008 that uses GeoIP Lookup as part of its scare tactics. This site uses Flash and script to create the effect of an online scan, that then attempts to push an installer at the visitor. The NoScript extension for Mozilla Firefox is an excellent way to mitigate against this kind of garbage.

[Via F-secure]

It seems that there is a site out there, that seems to be trying to scare you into downloading there software. If you have any questions about this site please feel free to check out what I’ve found out:

Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: ANTIVIRUS-ONLINE-SCANNER.COM
Registrant:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Creation Date: 07-Jun-2008
Expiration Date: 07-Jun-2009
Domain servers in listed order:
ns2.antivirus-online-scanner.com
ns1.antivirus-online-scanner.com
Administrative Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Technical Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Billing Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732

Now as you can see this site is located in Russia, and if that’s the case it is probably some virus itself to take control of your system to do what they want with it. So you best advice is if you think you have a virus then check out my recommendations these are all free to download and try. Unlike this site, they are legitimate and actually do what they promise.  If you want to email them you can but It don’t think it will help.

*UPDATE on that Website*

According to F-secure that site is now Suspended.  Great job guys.  We are now fighting these people even better than I’d thought.

©2010 . All Rights Reserved.