List of Malware sites for Aug 24, 2009

These malware authors have made more domains to use for there fake Antivirus suites:

Personal Antivirus Scareware Site:

• antivirus-scannerv15.com
• professionalmalwarescanv7.com
• scan-your-computer-now.com
• bestantispywarescanv4.com
• removeallthreatsnow.com

Internet Antivirus Pro Scareware sites:

• osadwarekill.com
• cressy.info
• unowed.info
• fatted.info
• declin.info

Rogue Antivirus scareware sites:

• scanandsearch.net
• sponlinescan.cn
• scanspywaresonline.net
• scansponline.cn
• onlinequickscan.com
• antivirusdoktor.com
• antivirus-doktor.com
• antivirus-doktor-2009.com
• antivirusdoktor-2009.com
• antivirusdoktor.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Some more Malware Sites July 29, 2009

I’ve done my usual looking around and found some Rogue Antivirus sites that I call scareware:

• tb2car.com
• rundaqimao.com
• shuncheng2car.com
• dakbesy.cn
• befynru.cn
• scanworldwideweb.com

All these sites are scaring users into installing software that does nothing but bothers the users into registering this software. You should not visit these sites are active right now and are spreading the malware and getting people to install malware. If you have installed this scareware software, I would recommend removing with really Antimalware software and not pay for these fake products.

Threat to System : Moderate

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

Download SUPERAntiSpyware

Download Malwarebytes

SUPERAntiSpyware now has an ONLINE Scanner that you can use to help get rid of some of the malware that keeps you from running your anti-virus. You should give it a try....

List of fake Antivirus Sites for July 27, 2009

I have found some other sites that are fake Antivirus:

• anti-malware-pro.com (Rouge AntiMalware Software)
• allowsecurityshield.com (Scareware site)
• securedvirusproscanner.com (Personal Antivirus)
• antivirus-best-scannerv2.com (Personal Antivirus)

Most of these sites try to scare you into either installing software or buying their fake software.   Some of these sites have used exploits to install a Trojan or two to have your browser redirect to these sites.   This means that there might be more than one virus or Trojan on your system

Threat to System : Moderate

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

Download SUPERAntiSpyware

Download Malwarebytes

SUPERAntiSpyware now has an ONLINE Scanner that you can use to help get rid of some of the malware that keeps you from running your anti virus. You should give it a try....

If your current Anti Spyware software let an infection through, you may want to consider buying SuperAntiSpyware Pro for $29.95 or Buying Malwarebytes for $24.95 are two of the best anti-virus software in my opinion which features highly advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet.

(Both Malwarebytes and SuperAntiSpyware are trusted Vendors by CCSS Forums).

ThePirateBay might be blocked in the US

I was looking around on Google and thought I just for giggles check out the Piratebay complaints. I tried going to the site and here’s what Popups:

I tried on OpenVPN and my Local ISP, It keeps saying that. I then tried on my Cricket Modem and it tells me the connection has been interrupted, like something stops the connection in the first place. I can ping it and I can Tracert the Site but I can’t even view it. I would like to know if Anyone else is having this problem also. Although I’ve not checked Thepiratebay.org complaints for quite some time because I’ve been so busy with my website. If you want to watch your favorite shows check out these sites like Hulu, CBS, NBC, ABC, ABC FAMILY and TNT.TV for free. I am just curious as to what happened and does this have anything to do with Net Neutrality?   Anyway I wanted to talk about this and see what people are saying.  Anyone know what is going on?  Let’s talk about this and help everyone by saying what you know.   I don’t know if Thepiratebay.org is down but I do wonder if someone is preventing people from getting to the website.   I’ll update when I have more information.

Phishing sites pop up for IRS!

Well, this just came to light with The Spywareguide blog. I’ve seen some activity about Where’s my refund lately and I thought I tell you how to make sure you’re on the right site. If you’re expecting a refund check the OFFICIAL SITE. The Official Site is http://www.irs.gov and nothing else. If you want to find out about some of the most common Phishing attempts check out the Phishing advice from the IRS.

The Spyware Guide blog talks about sites that looks to be IRS but are actually just phishing for information.  Some of the ones they talk about are:

gicrisis.org/data/refundtax/SearchTAXERR.php

irs-2009.com/refund/refunds.html

collectrefund-irs.com/refund/refunds.html

cimaonline.ca/application/Internal/Revenue/Service/pas.php?certegy_vm=trueportlet_change_1_actionOverrideFchaseonlineFchangeFprocessDetails_windowLabel_portlet_process_pageLabel_page_process

jklabs.cz/phpayv2/admin/import/.secure/www.irs.gov/get-refund/refunds.php?Where_is_my_refund&Get_Refund

Although this list will most likely change this is just starting for people who filed there income tax. Some things to Remember are:

You can generally access information about your refund 72 hours after IRS acknowledges receipt of your e-filed return, or three to four weeks after mailing a paper return

Via IRS.GOV

Facebook : Beware Spam for breakfast. (Virus)

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”

[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

sinowal.trojan Problems.

Trojan-PSW:W32/Sinowal.CP drops and loads a password stealing component on the infected system and tries to steal account information from it. It also tries to steal information that is required to access certain online banks’ and online payment systems’ websites.

[via F-secure]

It seems to be a very hard virus to remove but there are ways to get rid of this virus.   Some tips and tricks to get rid are:

• Check out my Anti-Virus Page
• Computing.net
• The Geek Police
• How to Detect Sinowal

This are the beginning steps to get rid of a Virus but it will be a really hard virus because it wants to stay in your system.  You should also Restart in Safe mode and Try to remove that virus that one.   You will also want to disable your system restore due to the fact that it will be in there and might come back if you restore your system.  Just some simple tips to help keep you safe on the net.

Some good CyberMonday Sites to look at for 2008!

I was just getting done with that story about the Walmart Stampede, and thought I would encourage people to check these good sites for people to check out for great deals.   I have been looking through sites combing for some great sites to find the best deals and here they are:

• Dealio — Dealio will not only show you sneak peaks at Cyber Monday ads, but we will also send you directly to the store so that you can purchase the often limited inventory Cyber Monday deals before they disappear. Best of all, there is no need to hop from site to site – Dealio has all your Cyber Monday shopping covered.
• CyberMonday – Shop hot holiday deals from more than 500 merchants. All of Shop.org’s proceeds from CyberMonday.com support the Ray Greenly Scholarship Fund.
• Cybermonday Mahalo Deals — This Mahalo page collects links to websites offering information and discounted merchandise for Cyber Monday.
• Best Cyber Monday Sales –Well, I finally put together a list of the top retailers throughout the country with links directly to their Cyber Monday deals.

Some program Vulnebilities Detected!!

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Stargate Atlantis ends after the 5 Season!

After 5th season there will be no more weekly shows of Atlantis.   According to Gateworld:

Atlantis remains an extremely strong performer in DVR-delayed viewing, though, often building as much as 25 to 30 percent on its premiere night audience.

I kept saying Atlantis should of been on Hulu, just like every other show they would have a more solid audience and more  viewers to count.  The only reason Eureka and others got more ratings was because they could watch the latest shows on Scifi or Even Hulu.  Unlike Stargate Atlantis on Hulu, they only have small clips.   In order to build a fanbase, you need to build around the most current way to show the show off.   Granted it still did rather well with ratings and all but it could of done better by putting it on HULU.   There are sites out there that would like to Save Atlantis and I agree with them.  I would love to see more seasons of Atlantis, and see it on HULU.

Reports are coming in that WPA is no longer secure!

Sites that you need not Visit:

I’ve had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw.  So I did some research and found some sites that you should not go to, or download from.   These sites have been know to spread the fake anti-virus malware software.   So I wanted to warn people of some common websites that have been known to have viruses on them:

• hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.
• hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.
• hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube,   When you go to this site they say you need a special to play a video clip.  Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.