Inside understanding of win32.netsky.q

By Paul | Dec 12, 2008

Comments Off

Netsky.Q is a worm that spreads through e-mail. It is distributed as a 28,008 byte Win32 executable, compressed with PEtite, which drops a 23,040 byte DLL file. It also distributes itself inside ZIP archives.

I saw this on on the net and through we should talk about and let people know how you could get that the worm off your computer. It seems to be a self-replicating worm, it will continue to send out fake messages to people with the subject lines Like:

Delivery Error
Delivery Failure
Delivery
Mail Delivery failure
Mail Delivery System
Mail System
Delivery
Delivered Message
Error
Status
Failure
Failed
Unknown Exception
Delivery Failed
Deliver Mail
Server Error
Delivery Bot

And with each message there is the reciepts email address at the end. This worm seems to be spreading like wildfire today. It is because people have not install

NPR Laysoff 85 people

By Paul | Dec 10, 2008

Comments Off

This is really a sad day for people, According to NPR themselves they are laying off 64 position and 21 other positions. I’ll quote:

Companywide, NPR is laying off 64 people and eliminating 21 other positions that are currently vacant. NPR News will still have more than 800 employees on staff, including about 300 journalists.

[Via NPR]

This is another Layoff that people don’t want to hear about but will. NPR isn’t laying off a lot of people but they have been doing the news for quite some time. I feel bad for all the people that are getting laid off and had to tell people about this little development. If you like what you see, I’ve got some great tips and tricks for people looking to get hired.

The Important Windows patches Released Today

By Paul | Dec 9, 2008

Comments Off

As many of you know we talked about the Non-critical patches that Microsoft will release today. IF you want to read those please go and check it out. I’ll be talking about the REALLY important ones that Microsoft has kept tight until now. These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

KB955839

KB957388

KB890830

KB905866

These are just the tip of the iceberg. although this list are not A lot. I’d wanted to let people know about what people coin “Exploit Wednesday“. I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible. Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates. I don’t suggest testing it more than a couple days. Here are some good Virtual Machine software to try out yourself:

Facebook: Virus Variant comes back from the dead!

By Paul | Dec 8, 2008

Comments Off

In my recent post, I talked about a Virus that is circulating around on Facebook. It is know as the Koobface virus and has been changed a little by the programers. So I what is Techworld saying, just this:

In fact, Koobface is now using one of Facebook’s own features against it, Lovet said. The latest variant uses Facebook’s ability to redirect web links to drive users to malicious websites, often hosted on Geocities.com, Lovet said.

[Via Techworld]

If you have been victim to this little virus, you should check out my Virus removal page and download the programs that should fix this little virus for good on your system. You should also check out my Previous post I also have some good tips and tricks to prevent the user(YOU) from getting hit by this virus in the first place. This virus is a Good social engineered virus, so please be careful.

Some program Vulnebilities Detected!!

By Paul | Nov 25, 2008

Comments Off

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Microsoft kills a fake antivirus tool from 994,061 computers!

By Paul | Nov 25, 2008

Comments Off

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update. If you haven’t updated your system just yet you should. This troublesome fake virus seems to have been killed from several systems. This could effectively make it harder for these guys who ever designed this program to make money. I hope microsoft does even more virus removals in next month. If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.

Get your Cricket Broadband to Activate Manually!

By Paul | Nov 18, 2008

Comments Off

I recently bought a Cricket Broadband USB for 40$ a month. I tried to get the system to activate it automatically but that kept on failing. Finally called the tech support and found out this little tip. So here is how you manually activate it:

Once your are to the Quicklink Mobile Menu you will want to hit Control-D:

It will bring up this:

The Password to get into manually activate your Broadband USB card is six zeros no more no less!!

Once your enter the password your will get this screen:

Activation Code : Same from above Six Zero’s

Phone Number : The Phone number that is your broadband card

The IMSI (Min) Code : You will find that in the Indirect Dealer Copy. It will be the one telling you another number. In mine it said this:

“In order to program your phone, you will also need the following number (###)###-#### (MIN)”

Enter that number in there without any special characters it would be ########## and then press enter. Close out the Quicklink Mobile menu and reload it. Then click Connect and you should be ready to go!!!