TINYURL being used by scammers and hackers — How to prevent it!!

With Phishing attempts going on with the TINYURL redirect website, I thought I would show you how you could prevent from going to a site you don’t want. Tinyurl.com has a great little feature, although it is a feature based on your cookies. It however will help prevent you from going to a site that you don’t know anything that about. It’s called the Preview Feature, and is available to any user who wants to use it.

As you can see if you enable it and you go to a click on a tinyurl, you will see this:

http://tinyurl.com/6t7ukk

As you can see, if you click any TINYURL links you will automatically be told where that link is redirecting you to. This however only works with there being a cookie left behind in your system to let tell Tinyurl that is has to show the link first. So if you clean your cookies out from time to time, you will need to enable it every time after you clean the browser cookies. This will help prevent you from being phished because you will be able to tell if it is the right site in the first place. If not then you don’t have to visit that site. This should be enabled on all Short URL Sites, I hope they make it a mandatory for any site that redirects. This would help stop phishing and scammers because they can’t hide behind unknown url. Only time will tell though, these sites are always going to have problems but this would solve so many problems.

Removing Win32/Bagle.HE worm

Here is another virus that seems to be spreading lately.   From the looks of it, it sees to be another email worm.  Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

• Documents and Settings\All Users\Application Data\hidn\
  hldrrr.exe
• Documents and Settings\All Users\Application Data\hidn\
  hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

Signs of a Computer Infection!

So I was thinking this morning what I missed and I totally missed on how you might be able to tell if you have a computer virus. It does me no good to talk about a virus if you don’t know you’re infected. I was thinking of the times I had a client who had trouble but wasn’t what I thought.

So How do you know?

Some people would say it depends on factors but here are what I call clues that make me suspect a virus:

1. Slow or Sluggish computers –  Here is what I know if the computer is really slowing down and have a dual core or quad core.  If you are running a system and sees a lot of hard drive activity even when the computer is idle then it might be a virus or it could be a program doing what it is supposed to be doing.  So this is somewhat of an indication but not always.
2. Slow internet connection on the computer or on the network — Due to the fact that most people have a router that is connected to all the computers and if you internet connection on all your systems are slower than normal then you could have a virus.  I use Speed Test website to help determine this.

Uncovering a Virus/Trojan

Getting done with the first part really got my juices flowing. I was shopping looking and thinking about this next article. I came up to only one option turning this into a 3-5 length post due to all the content that I will have.  So where did we leave off?  Oh that is right figuring out if you have a virus/Trojan.  The instant I made a post about this 12 hours later someone make a comment and here is what he said:

Rene Van Belzen

I can’t wait to read part two of this article. I always wondered how you’d know you’re infected if a virus don’t want to be detected and no virus definitions are yet available, because the virus is so new.

Now the truth is anytime a Virus does something it usually leaves a footprint somewhere and somehow.   Even the hardest working hacker can’t plan for all possibilities and that is where we begin.   I have been helping people for a while with viruses and know that no matter how hard the virus tries to hide you can usually find it relatively quickly and easily do to virus check here are the ways I’ve done to figure out if they may or may not have a virus/Trojan.

Facebook: Virus Variant comes back from the dead!

In my recent post, I talked about a Virus that is circulating around on Facebook.  It is know as the Koobface virus and has been changed a little by the programers.   So I what is Techworld saying, just this:

In fact, Koobface is now using one of Facebook’s own features against it, Lovet said. The latest variant uses Facebook’s ability to redirect web links to drive users to malicious websites, often hosted on Geocities.com, Lovet said.

[Via Techworld]

If you have been victim to this little virus, you should check out my Virus removal page and download the programs that should fix this little virus for good on your system.  You should also check out my Previous post I also have some good tips and tricks to prevent the user(YOU) from getting hit by this virus in the first place. This virus is a Good social engineered virus, so please be careful.

Facebook : Beware Spam for breakfast. (Virus)

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”

[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

Facebook Virus strikes again

“Look you were filmed all naked!” read the subject header on one iteration of the virus-spreading message, which is being sent automatically from infected accounts to the “friend” list for that account. Clicking the link usually takes users to a page that looks like YouTube, and a pop-up message advises the user to download a Flash plug-in. The download contains the virus, which replicates by contacting everyone on the victim’s Facebook friend list and advancing the hoax.

[Via Boston Media]

This is a good social engineered attack, they seem to have you download a virus into your system.  I Keep talking about how you need to be careful with emails.  I also suggest that you do a complete Virus scan if you think you’ve been hit with this.  There is only one way to prevent yourself from getting this little facebook virus and that is not to click it. Some other things to consider if you found out this was a virus is to contact the person who sent this to them so they to could do a virus scan on their system.

Apple’s Immunity, Botnet sanctuary.

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

Everything I’ve seen suggest that virus writers and Malware writers will MOST likely start targeting the Mac OS X, they know Apple sense of security is Vulnerable to attack and they will exploit it more and more. So what does that mean for Apple, it just means that soon every hacker who has a botnet will want a piece of the Apple Pie and is right now.

Windows 7 will sport Direct X 10 Compliance!

The new feature is called WARP10, for “Windows Advanced Rasterization Platform,” and it’s essentially a DX10-compliant, software-only rasterizer that was written by Microsoft; it runs directly on the CPU. In a situation where a DX10 app needs to run but can’t find DX10-compliant hardware, it will run on WARP10, albeit very, very slowly. Ultimately, you can think of WARP10 as a “software DX10 GPU” that will exist as a fallback in Windows.

[via Arstechnica]

Not so, Antivirus2008

On F-secure blog they talk about this rogue antispyware.

OK, so let’s say the user (by some stroke of luckless chance, or courtesy of a trojan downloader) ends up with the demo installer of Rogue:W32/VirusRemover2008.C on their hands and it runs
[via F-Secure]

According to them, they have many different version of this rogue antispyware.  They have de, dk, es, fr, it, no, nl, and no, which are all attempting for you to buy this no so Virusremover2008 software.  They talk about how it tells you have a 9 infected viruses and that you need to remove them, but in truth, they use a text file to create this lie.  Check out all the details for further information.

Some program Vulnebilities Detected!!

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Microsoft kills a fake antivirus tool from 994,061 computers!

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update.  If you haven’t updated your system just yet you should.   This troublesome fake virus seems to have been killed  from several systems.  This could effectively make it harder for these guys who ever designed this program to make money.  I hope microsoft does even more virus removals in next month.  If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.

Google SearchWiki dies after two days!!

According to Techcrunch Google Pulls the Google SearchWiki.  Unsure as to way  but here’s what they said:

Users are reporting that the recent changes to Google’s search engine, called SearchWiki, have simply disappeared from the site. It’s certainly gone from my account.

User reactions were mixed but weighted heavily towards “this is lame,” and there was no way to turn off the features other than to conduct Google searches without being logged in. Another way to turn it off was to switch search engines.

[via TechCrunch]

I’ve got my theory on this, and it’s quite a good theory.   I think it was a making search results come up wrong or not at all.   The last two days they’ve had that going my page views have drop BIG time.    According to my Stats I’ve had 236 Unique Visits for Thursday, and 232 Wednesday.   My Friday stats show that I only got 185 Unique Visits, dropping 40 to 50 people.  My stats for today which is incomplete shows that I’ve only gotten 136 unique visits.  Although that is complete you can see where I dropped drastically.   I think Google was getting yelled at by websites due to the stats dropping.   I am guessing people could tell if they wanted to go to a site just by reading the comments.  This will hurt every site, including TechCrunch.   I will say this is only a theory and this might or might not be the case.

Memorex releases a cheaper Blue Ray player than a PlayStation 3.

According to there website It can do this:
* Progressive scan Blu-ray Disc player 1080p capability for higher definition video content
* Full HD 1080p, DVD up-conversion up to 1080p (480p, 720p, 1080i, 1080p), 24p, 60p video frame rate
* Multi-channel audio content (supports more advanced Dolby Digital Plus, Dolby TrueHD and DTS-HD)
* BD-ROM, DVD-ROM, DVD, DVD-R/-RW, DVD+R/+RW, DVD-R DL, DVD+R DL, CD-ROM, CD, CD-R/-RW
* 16:9 / 4:3 picture select
* On-screen graphical user interface
* Slow motion function (2x – 4x – 8x)
* RW/FF play function (2x – 4x – 8x – 16x)
* VFD display

The price of the unit at Memorex is 269.99$.   I think this is a great buy if all you need is a blue ray player.  Cheaper than buying a PS3.  Although if you want to buy a PlayStation 3 to play games and also watch movies on it that is still a good deal.   So why buy this player,  this will  not play games and keep your happy.

A good free VPN Client — OpenVPN & more

I’ve been doing some research on what might be good to use in case, I was away from my home network.  I was thinking how safe am I at Starbucks or other places that I might doing my web.  So I did a little looking around to see which one I liked and I came to the conclusions that only one I need right now is:

The nice thing about this was the simple installation of the software and how easy it was to set it up. This service is in beta but seems to be really well done with regards to the end users. When you install this software and want to connect it uses the OpenVPN software with there configurations. OpenVPN, is a open sourced SSL VPN solution and is free to use. The way this this free is of Ad Supported banners. Now it is cheaper than paying monthly for a VPN service. The ones I’ve found so far are these few:

• OpenVPN (FREE)(*advertisement)(Linux, and Windows)
• Always VPN (Prepay) (5 GB to 80 GB limit) (Linux, Mac and Windows)*Out of Beta
  
• Hotspot Shield (FREE) (*advertisement) (Windows) (3 gig Cap)
  

AVG Detected a False Positive

According to Security and The Net:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

[Via Security and The Net]

I bring this up because this is a false positive according to AVG. AVG since sent out another update to there Database and you can go and update the database to get rid of this problem. If you need to restore that DLL check out the article Security and The Net, they got some excellent suggestions on fixing the problem.

If you’ve not been affected by this yet, you probably won’t be. It is yet unknown how many people have been affected. I’m blogging about this to tell people about this and to warn people that not all of warnings from AVG are true and that is why you should always ask before you delete or do anything to your system. I always USE google when it comes to these types of questions

Windows update is getting a revision!

According to Computer World, dated Oct 31, 2008 and I’ll quote:

“Over the next couple of months, we’ll be rolling out another infrastructure update to the Windows Update agent (client code),” said an unidentified Microsoft employee on the Windows Update team’s official blog. “This update makes it possible for users to install more than 80 updates at the same time.”

[via Computer World]

Now if your like me and have several computers who need to be updated at a given schedule, you sometimes worry about these updates that come along that might just break your system. I have been using a program call Offline Updater, which does what Autopatcher does really nicely. So why is Microsoft sending out this patch? Two reasons, one they want you to be able to update your operating System without hurting your system integrity.

Now lets talk about the integrity of having to reboot your system. You see, every time you reboot the system, it causes the system hardware some strain.  It is something like having starting up a car, sooner or later you will have the starter go out, because of to much start up.

Microsoft reveals “Microsoft Azure”

Windows Azure is part of a set of new and existing technologies behind the Azure Services Platform, a development and execution platform that runs end-user and corporate software on Microsoft’s own servers, accessible over the web. It joins Google’s App Engine and Amazon’s EC2 in an increasingly competitive market.

[Via ZDnet]

Although,  There isn’t much more they have said I am quite curious how they will interegrate this into the cloud computing.  According to Microsoft, it won’t run on the company server but  Microsoft Datacenter.  Now this I can see is a big security problem.   Because most companies use what they call an Intranet and not the internet.  So that leaves questions on if companies are going to use this system or not.   Are you ready to let your information float somewhere over the inernet tht is SENSITIVE and CONFIDENTIAL?   These are the questions that Microsoft will have to Answer, before any company will use this on there systems.

Is Hulu encouraging people to watch shows illegally?

I’ve been scouring Hulu for the last few days and come up with some interesting observation.   I wanted to talk about Hulu’s commitment to its users.   I don’t say that lightly but just recently the distributors and the copyright holders only have been putting up a few episodes here and there on old shows like:

• The Pretender
• Stargate Atlantis
• Naruto
• Babylon 5
• Angel
• Sliders

Some of the comments I’ve seen have been talking about watching the rest of the shows from other sources:

• The Pretender – watch Season 3 for free
  
• Stargate Atlantis – Buy it through Itunes
• Naruto – Suggests that this user might of downloaded episodes
  
• Babylon 5 – AOL Video has Season 3
• Babylon 5 – Talks about Alternatives
• Angel – Suggest buying it
• Sliders – Netflix it