List of Scareware Sites for Dec 1, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4047):

• prointernetdefence2.com
• royaldefensescan.com
• royalprotectionscan.com
• msprotectionscan0.com
• titansecure002.com
• titansecure001.com
• allinonesecurity0.com
• allprotection6.com
• allprotectiona2.com
• allprotectiona3.com
• royaldefencescana.com
• royaldefensescana.com

Rogue Antivirus scareware sites:

• smartmechanic.net
• topspeeds.cn
• defenderav.com
• secsoft-estore.com
• security-estore.com
• vir-curemypc-now.com
• vircheckpc.com

Internet Antivirus Pro Scareware

• ewezyod.cn

Fake Scanner Pages:

• bluesecurityutility.net
• bestsecurityutility.net
• farmsecurityutility.net
• freesecurityutility.net
• newsecurityutility.net
• securityexternaltools.ne
• securityintelligencetools.net
• securitytoolsediting.net
• securitytoolslisted.net
• securitytoolsuser.net
• securityutilitybelt.net
• securityutilityblog.net
• securityutilitydisc.net//li>
• securityutilityonline.net
• securityutilitys.net
• securityutilityshop.net
• securityutilitystore.net
• securityutilitytoday.net
• securityutilitytool.net
• thesecurityutility.net
• securitytoolsprior.net
• best-scan.biz
• pc-scanner.us
• pc-scanner.info
• malware-scaner.info

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Fake Scareware sites for Nov 13, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4047):

• guidetosecurity3.com
• virus-pcscan2.com
• 3gsoftstore.com
• allsecuritysoft.com

Internet Antivirus Pro Scareware

• pc-safe2009.com
• pcdoctor2010.com
• spydetect2009.com
• spywaredetector24.com
• viruseliminater2009.com
• virusidentifycenter.com
• webpcdoctor.com
• webspydetect.com
• webantispysoft.com
• webantispyware.com
• anti-spyware24.com
• anti-spywarenet.com
• pcsafetyonline.com
• anti-spywarecenter.com
• anti-spywarenet.com
• antispycenter.com
• antispywaretop.com
• antispyworldwide.com
• bestantispysoft.com
• bestvirusidentify.com
• webanti-spyware.com
• webpcprotect.com

Rogue Antivirus scareware sites:

• antiaid.com
• systemwarrior.com
• pcprotect2009.com
• pcsafety2009.com
• fast-zonescannow.com
• fast-zonescannow.net
• fastzonescan-now.com
• fastzonescannow.com
• fastzone-scannow.net
• fastzone-scannow.com
• fastzonescannow.net
• Antiviraprof2009.Microsoft.com (Modified Host file)
• Antiviraprof2009.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Scareware sites for Oct 29, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4047):

• topantimalwarescan5.com
• best-anti-virus6.com
• activate-antivirus.com
• best-topscanner.com
• best-antimalware-1.com
• mycomputerupdate01.com
• mycomputerupdate5.com
• updatesystem00.com
• internetprotectectionscan.com
• liveantivirusproscanner.com
• tophotpc-check.com
• detect-spyware9.com
• detect-spyware3.com
• detect-spyware5.com
• detect-spyware7.com
• detect-spyware1.com
• good-antispyware8.com
• good-antispyware7.com
• kill-virusa.com
• onlinesecurityscanv15.com
• winscanner16.com
• winscanner11.com
• winscanner18.com
• kill-viruse.com

Rogue Antivirus scareware sites:

• antimalware-software.org
• av-pro-2010.com
• a-vpro21.com
• cyberstrongstore.com
• windesktopdefender.com
• avprotectioncenter.com

Fake Scanner Pages:

• secmodify.com
• bestscanonline.info
• checkonlinenow.info
• checkonlineonline.info
• checkonlinesite.info
• checkonlinestore.info
• checkonlinetoday.info
• freecheckonline.info
• freescanonline.info
• mycheckonline.info
• newcheckonline.info

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Fake Scareware Adviser from Malware-domain.com

This is an example of what you might see if you did have it!!

This site now matter how real looking is a URL Hijacker and is what we call a scareware Sponsor for Alpha Antivirus a Clone of Personal Antivirus. This is a new scareware rogue antivirus software. It claims that sites have a malware and you need to activate the security software. Doing this will not help you because this is what they call Ransomware, in which you are prompted to buy their software in order to clean your system. If you follow links from these websites you will be directed to buying the software. It has every makings of some old techniques like Yourbrowserprotection.com it is exactly the same.

These sites gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

List of scareware sites for Oct 23, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4047):

• mypc-scanner11.com
• mypc-scanner9.com
• mypc-scanner7.com
• yourmalwarescan9.com
• yourmalwarescan1.com
• yourspywarescan8.com
• yourspywarescan1.com
• yourspywarescan6.com
• yourspywarescan15.com

Rogue Antivirus scareware sites:

• windowsenterprisedefender.net

Fake Scanner Pages:

• myscanonline.info
• theprotectour.com
• securedataprotect.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Fake Antivirus Sites for Oct 2, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4047):

• mycompinfo17.com
• myvirusscanner25.com
• computervirusscanner31.com
• liveantimalwareproscanv2.com
• myantispywarecheck17.com
• myantispywarecheck11.com
• pc-scanner16.com
• myantispywarecheck07.com

Rogue Antivirus scareware sites:

• tiposoft.info (Total Security)

Fake Scanner Pages:

• best-scanpc.org
• onlinescanxppro.com
• testavrdown.com
• fastestonlinescan.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Malware Sites for Sept 14, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4047):

• online-antivir-scan06.com
• best-virus-scanner5.com
• online-antivir-scan08.com
• best-spyware-scan09.com
• best-spyware-scan04.com
• best-spyware-scan01.com

Internet Antivirus Pro Scareware sites:

• plazec.info

Rogue Antivirus scareware sites:

• guardsearch.net
• my-officeguard.com
• my-officeguard.net
• pc-antispyware2010.com
• my-systemguard.com
• my-systemguard.net

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

SuperAntiSpyware Pro Is it Worth 29.95?

I have a couple people ask me “is SUPERAntiSpyware worth it?” when I am working on clients computers and I thought I would show you just how good SuperAntiSpyware works with removing scareware:

Part 1

Part 2

Part 3

Part 4

Thanks to Matt from www.remove-malware.com for posting these videos.

As you can see SuperAntiSpyware with the Real time Blocking can help block and remove malware on your system. Some of the key differences from free to Pro are easy to see. Now I can’t make the decision for you but I hope these videos help your decide if it is worth it. I do know I recommend Pro to all my clients and customers who want to have the cheapest possible Antivirus And Spyware. You can visit my Review of AVG 8.5 Free and SuperAntispyware Pro for further details. This is what I recommend to my clients and customers who want to keep it cheap. I hope this helps you decide when it comes to buying it. The nice part of about Buying SuperAntispyware is that it is 29.95 and if you buy it with the Lifetime Subscription you get it for $39.90 and you don’t have to pay for it anymore.

List of malware sites for Sept 1, 2009

Well with it being the end of the month it was to be expected here is a long list of sites.   So please read these carefully.

Personal Antivirus Scareware Site and How to Remove them:

• live-virus-scanner9.com
• tryantivirusscan.com
• antispyware-scanner2.com
• bewareofvirusattacks2.com
• antivirus-scanner6.com
• valueantivirusshop1.com

Internet Antivirus Pro Scareware*SUPERAntispyware gets rid of these too*

• adjudg.info
• atwain.info
• caretz.info
• gaudad.info
• krapen.info
• nevils.info
• outliv.info
• penvie.info
• stampo.info
• ticedu.info
• unwept.info
• gelded.info
• dolchi.info
• figgle.info
• botled.info

Rogue Antivirus scareware sites:

• securepcshield.com
• myprotectedzone.net

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

How to know if the scareware warning is real or not:

I got an email from someone who wants not to be named asking how do I know if these sites that I have talked about like Defenderpageblock.com, Spywaredomainlist.com, adwaredomainlists.com, badwaredomainlists.com, browserdefenderlist.com, malicioussitesblock.com, and browserliveprotection.com are fake warning sites because of how the site handles the URL presented.   Let me give you a few example urls to see what I mean:

http://defenderpageblock.com/block.php?id=2006-54&url=http://tech-linkblog.com/scareware-adviser-from-defenderpageblock-com/

http://browserliveprotection.com/block.php?id=2024-4&url=http://tech-linkblog.com/2008/12/microsoft-readys-to-layoff-around-15000-workers.html/

http://malicioussitesblock.com/block.php?id=2006-54&url=http://tech-linkblog.com/2009/08/list-of-malware-sites-for-aug-24-2009.html/

http://spywaredomainlists.com/block.php?id=2018-2&url=http://tech-linkblog.com/2009/08/scareware-adviser-from-spywaredomainlists-com.html/

http://adwaredomainlists.com/block.php?id=2031&url=http://tech-linkblog.com/2009/04/pc-speedscan-pro-a-bad-idea.html/

Now as you can see al these have an identification number probably like an affiliate link and then the url of the site that is supposed to be bad or have malicious in some way.  So what do you do when you see these types of warning pop up and you would like to know if this real.   Here are some things to try to see if it is real or not:

• change the url it is going to, try Google or some other site that you know isn’t malicious and see what happens.   You will notice it will say the same exact same thing.
• Check out Stopbadware.org –  Google uses this service for there search results so this would be more reliable and check out the warning domain to see what it says then also check out the domain and website in question.

AVG 8.5 Free Version Best on my system

Pcworld has a released there top free Antivirus software picks.     Now let’s be clear on this, I am an a average user, and have tested these products out on my own laptop plus others and here is what I find.

According to Pcworld, Avira Antivir Personal is the top pick and claims to block 98.9 percent of samples:

Such less-than-friendly default behaviors make Avira AntiVir Personal a better choice for tech-savvy users who know how to muck about in the settings. If you’re willing to put up with a somewhat clumsy interface and the recurring pop-up ads, in return you’ll enjoy top-notch, free protection against malware. It’s not a bad trade-off by any means.

[Via Pcworld : Avira Antivir Personal Antivirus]

Now with Pcworld saying it isn’t a bad trade-off to have the Pop-ups and the default behaviors of this program, it doesn’t make me want to use this program since I am a gamer and the pop-ups would interfere with playing online games, not to mention if your not that tech savy person you’d have a lot of head scratching to  figure out this program.

List of Fake AV sites for Aug 22, 2009

If you know anything about the Malware writers they are always registering new domains and here is the newest ones they are using:

Personal Antivirus Scareware Site:

• antispywarebestscanner.com
• professionalvirusscanv3.com
• professionalcomputerscanv2.com
• scan-your-pc-now.com
• professionalspywarescanv8.com

Internet Antivirus Pro Scareware:

• hopest.info
• suffic.info
• cressy.info
• unowed.info
• inclin.info

Rogue Antivirus scareware sites:

• securitytoolsite.com (Fake Scanner)
• webscansecurepc.com (Fake Scanner)

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Malware sites for Aug 21, 2009

It has been kinda busy today for the Antivirus scareware sites but here they are.

Personal Antivirus Scareware Site:

• check-for-malwarev3.com
• safeonlinescannerv4.com

Internet Antivirus Pro Scareware:

• fatuus.info

Rogue Antivirus scareware sites:

• antivirusplus2010.com
• mybestantivirusplus.com
• internetantivirusplus.com
• antivirusplus09.com
• antivirus-plus-now.com
• yesantivirusplus.com
• goodantivirusplus.com
• i-antivirusplus.com
• nextantivirusplus.com
• antivirusplus-ok.com
• getavplusnow.com
• antivirusplusnow.com
• getantivirusplusnow.com
• realantivirusplus09.com
• freeantivirusplus09.com
• addedantivirusstore.com
• addedantivirusonline.com
• myplusantiviruspro.com
• yourcountedantivirus.com
• easyaddedantivirus.com
• addedantiviruslive.com
• addedantiviruspro.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Malware Sites for Aug 13, 2009

• spyware-scannerv2.com (Personal Antivirus Scareware Site)
• homespywarescanner.com (Personal Antivirus Scareware Site)
• curtle.info (Internet Antivirus Pro Scareware)
• securityread.com (Like (Internet Antivirus Pro Scareware)

These sites gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

Do a Full System with One of these Free Antivirus Software:

Malware sites for July 30, 2009

I just got some news about a few sites:

• husger.info (Scareware, Rogue Antivirus)
• antivirus-quickscanv5.com (Personal Antivirus)
• safe-online-scanner.com (Personal Antivirus)

These sites are either claiming you have a virus and are considered either URL Redirects or URL Hijackers.   If these sites keep appearing on your web browsing maybe it is time to do a complete system scan and get that spyware off your system.   Some of these Rogue Antiviruses  may even have a security adviser claiming random sites are infected with viruses or Trojans and claiming they are unsafe.  These sites are either wanting you to isntall the software or trying to sell you the fake product, which will do nothing but harm your system.

Threat to System : Moderate

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

Download SUPERAntiSpyware

Download Malwarebytes

SUPERAntiSpyware now has an ONLINE Scanner that you can use to help get rid of some of the malware that keeps you from running your anti virus. You should give it a try....

Computer Security : important caveat not all websites are safe

Everyday we’ve seen people get infections on there systems and most don’t understand that they’ve been duped and have installed the software themselves.

In this article we will talk about how most people will willingly install these Trojans and virus themselves for several different reasons.

ineluctable truth about Human Nature

These malware authors know all about how people think.    It usually happens when people think they are seeing something provocative and something you can watch in your private homes.   There are several different ways to do this:

• News stories –  Alas this is always being used to spread malware.   For example Erin Andrews Peephole malware.
• Fake photos files — This is also a very common ploy, to make people think it is a Photo but in reality it is an Executable.  Example : MichealJackson.JPG.EXE
• Fake Codecs — You visit what you think is a popular movie and it says you need to install a codec.  This is another way for people to get infected with a Trojan, or a Virus.   For example : Harry Potter and the Half Blood Prince malware.

Fake Security Adviser from explorersecurityhelper.com

I saw this come in my way and I thought I would share it:

Here is a site that is another scareware attempt from the makers of Personal Antivirus.   They do this to get money from unsuspecting users who think this will protect there system but the truth of the matter, they are either trying to get you to install even more Malware or buy a program that doesn’t do what it claims.   You should never buy from a site you do not know anything about and you should never install software from a site you have no knowledge of

Threat to System : Critical

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware. This has altered your browser and can be monitoring your system and should be taken off your system. You should consider your system compromised until you clean your system.

I recommend :

Download SUPERAntiSpyware

Download Malwarebytes

SUPERAntiSpyware now has an ONLINE Scanner that you can use to help get rid of some of the malware that keeps you from running your anti-virus. You should give it a try....

Updated list of scareware Sites 7/24/09

As you have read in my Previous post:

• More Fake Antivirus Sites Pop up
• Don’t Take it Personal, It’s just Fake Antivirus
• More Personal Antivirus Fake or Scareware sites

I figured we would update those list with some more that came out yesterday or Wednesday.   I will probably be keeping this up. This will help people find out domains that should be avoided.

So here are a few that I’ve found:

1. personalfolderscanv2.com
2. onlineantispywarescanv6.com
3. onlinevirusscanv9.com
4. privatevirusscannerv2.com
5. Windowssecurityinfo.com

All those are Personal Antivirus scareware sites that try to convince you that you have a virus and tries to get you to buy a registered copy of this fake Antivirus which does nothing.  They make money by not doing anything.  These sites might also try to get you to install the fake software which in reality is a Trojan, Virus, Or just Malware all together.  You should never install software from sites you don’t know anything about.

Threat to System :Moderate

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

Why you can’t run Antivirus or Taskmanager!

As you know there has been more and more virus writers and scammers who don’t want you to interfere with the ultimate plan.   You see the two major plans these people have are:

1. To use your computer as a Botnet –  This is most common because the Command and Control server is where they tell these other computers what to do weather send spam or do a denial of Service attack on a website.  Although this is the most common it isn’t however the easiest to get rid of rid.   Far be it from being easy these virus writers want to keep a foot hold on your system.   This is like the SG-1 the “Foothold” Situation, they try to look like there is nothing wrong.
2. Fake Antivirus software — This is the other common reason why you can’t load up Taskmanager or SUPERantispyware/Malwarebytes.   It could even prevent AVG,  Norton Antivirus, and Other Antivirus software from being loaded at boot up.  Because most Antivirus software can detect this type of scareware.   The scammers want to make as much money as they can so they don’t want the End user to be able to stop the program from scaring you into buying the fake product.  It could also have a Scareware Adviser trying to get you to buy the fake product!

Michael Jackson Malware on the Rise

In the last 24 hours the spammers and scammers have begun to distribute spam with the guise to:

• Harvest Email Addresses –  This seems to used to ask users to respond to the email to get “top secret” information about how he died.  Security experts believe this is an attempt to verify email addresses for future spam attempts.   Although it isn’t wise to reply to people you don’t know about it at least has very little risk with your computer for the time being.
• Fake Codecs and Hidden Trojans –  Seems this is the main thing they are doing right now to get personal computers on their networks.   So you should never visit a site you don’t know about without having an Anti-virus software and A firewall to better protect your system.
• Extortion Ware — This one is very interesting, and According to Webroot.  You should avoid sites that you don’t know anything about.   With News of anything major you should keep with the trusted news sites.  This one looks to be the bad guy type.

Mac Malware on the Rise drive by Downloads

More and more there seems to be a building trend with Malware writers are developing ways to find both Mac systems and PC Systems. In a diary talking about that one mans journey leads to a site that can detect which system you are on and offer up Malware for that system. He also has some other examples of this on a Mac Trojan in the wild.

Now more and more Apple users think they are not vulnerable to the types of antics that the PC users have to deal with day by day.  This however proves they are “WRONG”.   I will keep telling people whether PC or Mac that you need to have Anti-virus and Firewalls installed to help protect yourself from be victim to this type of stuff.  Just a last week Sopho’s issued the OSX/Tored-Fam worm to their databases.   Sopho’s even talks about this in detail on their blog.

Harry Potter and the Half Blood Prince Movie Spreads Malware

It seems in anticipation of the release of Half Blood Prince the Malware authors are starting to send for the movie. For example:

As you can see they really try to fool you into think your are going to be able to watch it for free.    They even put it the movie poster to try to get you to click that link. It is on a blogspot page and has a few Google followers, which I am amazed at because what I have found it.   If you were to click that play link (usa-top-news.info) it will redirect your to (world-news-scandals.com) and then to the final destination (tubes-portal.com). Each site is surprisingly in the US and tries to look like it is a real site. It sends you a file called streamviewer.40018.exe, which I am surprised AVG hasn’t picked this up so I went to see if this was a virus and Virustotal showed me this:

Not going to Twittertrain.net, just a Phishing attempt!!

So you want to have even more followers, but you don’t know how to do it?   I’ve talked about Getting more followers and tips and tricks to get the people you want.  Now let’s talk about this to a point.

There seems to be automatic post going out with:

“OMG WOW Im getting 100s of followers a day, Check out this site: http://twittertrain.net”

Now going to the site and giving out your password is always a bad idea.   It seems to some people think it is easy to get followers but those who have built up your followers will know just how hard it is sometimes to get more.

I would be willing to guess this is a phishing attempt to get passwords and twitter names for later on.   Some would guess this will just become another way the spammers will use this to spread Scareware.  I am thinking they want to get your password and save it for later use like this or others where they can get more people to click links and buy there fake products.

MobileMe Who me? Could this be Phishing?

Casino Spammers still user Yahoo for Spam : Could this be Malware?

It just shows you just how one Geocities was taken down by Yahoo who owns it, the spammers have to come up with more ways to get you to download there software.

In my previous post about Casino programs,  They were using Geocities to host the page for the link to the download.

It seems to be linking to “http://bestwinscasino.com/SmartDownload.exe“.  From previous post I talked about what that program did but I wanted to do another test with CWSandbox and see what has change. It looks like they must be having problems lately,  So If you want to do your own test and send me the link by all means.  I don’t know what is going on but, it probably is like the other post about wanting to do some bad things.  Virustotal has some anti-virus programs flagging this so I am unsure of the Harmlessness of this file but I wouldn’t install this software.  According to Avinti this program is a trojan dropper.  So Iwill let you decide on installing this software or not.

Twitter Spam attempt: “See the NSFW pics twitter deleted from my profile here”

Looks like this might have been a improper adult content or maybe a Malware attack:

If people are wonder what NSFW means:

Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]

It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install Free Anti-virus and Free Firewalls to help prevent from getting Viruses or Malware.

The April fools Joke, You’ve got a computer worm!

Cluely’s blog talks about this and I thought I would talk about it a little myself!!

This is the newest version of the Conflicker/Downadup variant of the little worm.  There seems to be people who are worried that April 1, there will be a major wake up in security no holds bar problems.

Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

[Via Graham's Cluely Blog]

Now let’s talk about this a little, this worm won’t do anything else but ask for updates on April 1, and we don’t know when the virus writers will implement the update it could be a month down the line.  You could Backup your software and use the free program Autopatcher to help make sure your system is completely up to date with windows security.  You can’t forward the to that date to find out what will it call home to.    We don’t know what it will do when they update to the conficker.c program all we know it starts to try to call to certain domains on April 1, 2009.  So you should install Anti-virus and Firewalls where you think it is needed.

The Seriousness of the Twitter Vulnerability?

The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

We’ve seen that there have been twitter phishing in the past, and Facebook phishing have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the URL redirects could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

New spam Campaign — Casino Anyone?

Looks like there is a new Campaign going on with regards to having VIP access.

So I go to the site:

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

• This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]
• It also Changes your Autoexec.bat file.  (Not good)
• Changes access flags on several different program (not good either)
• It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.
• It looks like it connects to the servers every time you boot up!! (Not good either)

Malicious Spammers target Bank of America

I’ve saw two different security firms talking about Bank of America and I wanted to share with you:

Picture from F-secure

The two sites are F-secure and Pandalabs who are talking about Bank of America and how they try to get you to install malware.  With Adobe having just sent out the new updates last month it looks like spammers are using this to get people to install Malware.

It is also been known to be floating around in Facebook this spam.  So if you get a link going to a site you don’t know about to see a video and it says you need a codec or the Adobe update you should turn right around and leave site. You should always type in the url of Your Bank and not go there through links.

From what they are saying it monitors Network traffic and Steals ICQ, POP3, and IMAP passwords.  If you find network traffic going to Hong Kong IP, then it is time to check to make sure all your Virus definitions are up to date and you’ve installed an Anti-virus and Firewall.  I would encourage  users to report it to Phishtank so that any other unsuspecting user or person going to that site will be warned.