And the Oscar goes to . . . Not these guys!

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

You won’t make money from W32:Sality.ao

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

• PE_SALITY.JER (Trend Micro)

• Virus.Win32.Sality.aa (Kaspersky)

• Virus.Win32.Sality.y (Ikarus)

• Virus:Win32/Sality.AM (Microsoft)

• W32.Sality.AE (Symantec)

• W32/Sality-AM (Sophos)

• W32/Sality.AE (Norman)

• W32/Sality.AH (Panda)

• W32/Sality.AK (F-Prot)

• Win32.KUKU.a (Rising)

• Win32.Sality.OG (BitDefender)

• Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

Tech Journalist breaks the silence — Journalist got Pwned!!

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam

[Click Picture to see the full story]

As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

Internet Security Companies Warn about Patch Tuesday and Valentines Day.

With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

Scams about Stimulus Checks

It’s that time of year where people are hearing about the Stimulus Checks and some Phishing people are still trying to get people’s information for your bank account and steal your identity. One such one is sending out email for the 2008 Stimulus Program this email account looks to be “stumulusref@i-r-s.com”. As you can see this is a .com email address and not a .gov address.

The IRS will never send out email. The IRS will never ask you for your PIN or Any personal information. Don’t reply and don’t open any attachments, more like is if they send out any attachments they are going to be a virus and you will infect your system with any number of possible viruses out there. To protect yourself from virus you should consider installing one of the many free anti-virus softwares and also installing a firewall will help protect you. Only true way to prevent yourself from being a victim is YOU. No one else can keep your information private but you.

What is a Virus and Why do I have one

After seeing more and more the updates coming from the net.  I wanted to talk about what a Computer Virus or Trojan is and how you get it.   So how did  you could of gotten a Virus in the first place.   So here are some information to consider:

The vulnerability of operating systems to viruses

So what does that mean to you?  Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit.

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit.  Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems.  You see if they can get on one system they can then find ways to get on other systems.

Are you patched, Secunia Says NO

Think you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack.

So I wanted to talk about this a little and give you a few good ways to make sure you are patched.  There are several ways to get your system up to almost 100%.

Some things to do is make sure you have your Windows systems updated.  This is easy to make sure, if you have an internet connection you can just check for updates.  If you don’t know how to do it, it is quite simple, Just go here.    If you have Windows Vista all you have to do is hit Start and type in the search box “Windows Update” and hit Enter and you will be taken to the update page.

If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

Apple’s Immunity, Botnet sanctuary.

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.

[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

Everything I’ve seen suggest that virus writers and Malware writers will MOST likely start targeting the Mac OS X, they know Apple sense of security is Vulnerable to attack and they will exploit it more and more. So what does that mean for Apple, it just means that soon every hacker who has a botnet will want a piece of the Apple Pie and is right now.

Spying on Spyware.ISpynow!!

This is another Virus that is going around and thought I’d tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

Now this one isn’t to hard to figure out what happened.  You have to manually install it on your system to get infected.  Symantec has a great way on uninstalling this annoyance.  I also suggest checking out my other program list just in case you don’t want to buy Symantec Anti-Virus programs.  Some other things to check out is:

• Avg detected Trojan Horse Generic 12.htc? – This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.
  
• Some Important programs to prevent yourself from having viruses and Malware!! — This article gives you some other programs to use other than Symantec.   You have a wide variety of choices on Anti-virus programs and Firewall Choices.  You also have some choices on Spyware removal programs.

Not so, Antivirus2008

On F-secure blog they talk about this rogue antispyware.

OK, so let’s say the user (by some stroke of luckless chance, or courtesy of a trojan downloader) ends up with the demo installer of Rogue:W32/VirusRemover2008.C on their hands and it runs
[via F-Secure]

According to them, they have many different version of this rogue antispyware.  They have de, dk, es, fr, it, no, nl, and no, which are all attempting for you to buy this no so Virusremover2008 software.  They talk about how it tells you have a 9 infected viruses and that you need to remove them, but in truth, they use a text file to create this lie.  Check out all the details for further information.

Microsoft kills a fake antivirus tool from 994,061 computers!

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update.  If you haven’t updated your system just yet you should.   This troublesome fake virus seems to have been killed  from several systems.  This could effectively make it harder for these guys who ever designed this program to make money.  I hope microsoft does even more virus removals in next month.  If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.

You have an undelivered UPS/FEDEX Package. (Virus)

From what I’ve seen so far. There seems to be a new rash of email going around with the heading that makes it look and feel like either UPS or Fedex. Saying that you have an undelivered package from them and to either print the order confirmation or to click a link. I will say this once, if you get this delete it. Fedex and UPS will never hide the link and tell you have an package waiting in the email. They will leave a note your door. You must ask yourself how Fedex/UPS found out your email address to tell you have a package waiting? They don’t and they won’t, just a fact.

UPS/FedEx Delivery Failure : Snopes

TROJ_DLOADR.GG and TSPY_ZBOT.NM Trojan, which will Monitor and try to steal your data. The other one is a ZBot and will try to steal you data also. If you need help removing this virus, I’d suggest checking out my other virus article Avg detected Trojan Horse Generic 12.htc?. There are a lot of ways to remove this virus but the first step is never click on any links in your emails. I also wrote about Some Important programs to prevent yourself from having viruses and Malware!! This will help prevent and fix the common virus problems you might have.

Sites that you need not Visit:

I’ve had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw.  So I did some research and found some sites that you should not go to, or download from.   These sites have been know to spread the fake anti-virus malware software.   So I wanted to warn people of some common websites that have been known to have viruses on them:

• hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.
• hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.
• hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube,   When you go to this site they say you need a special to play a video clip.  Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.

What’s with Google trends?

Having been going to the Google Trends and keeping watching.  I am starting to wonder something?  Take a look at this and you tell me?

Can you see how someone might use this to create a Goog-411 and use it to promote there website? It is all about the hits and getting what publishers like to say the eyes on a website. Now is that going to confuse people or make people not want to come to a site.  So how would people abuse this?

Very Simple, they’d watch what is trending and post accordingly.  Now you as a reader would click on the website expecting to see what you want to see but instead it would popup with advertisements and maybe malware?  Check these links to better understand it:

• Skype isn’t always safe!
• Some Important programs to prevent yourself from having viruses and Malware!!

Now even though these are just a few.  You can see how someone might want to abuse it and get there site up on Google trends and be able to infect several to even millions of computers before Google sees that or stops.  You could in theory take over a website high in Google rankings and do exactly that.

Fixing the Adobe Problem!!

If your have been having problems with Flash Players stoping after 2 seconds of playing.  I have a few ideas to try to get rid of the problem.  It used to happen all the time with Vista in the early days.  Here’s what I did to occasionally get the flash player to work:

• Cleaning out the Prefetch Directory! — Having seen this from time to time. If you have programs startup that might need to be refreshed this will refresh them so that they run like new. You occasionally can get programs that will load in a odd way and this will fix that also.

• You want to be more anonymous? — Cleaning out your cache on your browser can sometimes fix the problem. It’s like anything else it can sometimes be corrupted.

• Some Important programs to prevent yourself from having viruses and Malware!! — Having seen this with my own two eyes, if you have a viruses or malware on your system that too can cause problems with playback of flash media.  So just double check making sure you don’t have any viruses.