Are You and Your Friends Fine — Virus Spam

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan.  It blocked it, but  the file that it is downloaded called “save.exe” and I have talked about flash player fake updates.  I have seen other blogs talking about dirty bomb news report leads to malware.  I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links.  It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans.  You should have a firewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.

Is Google the ultimate news source?

As you know We had a big problem Monday Night and All day Tuesday. If you are a regular reader of this blog, you would of noticed either a 503 or lag. It was due to an article that I released late Monday night about the PIFTS.EXE and the so call conspiracy.

At the time, I was wondering and quite disturbed about what Norton Symantec was doing to the forums. So I blogged about this and wouldn’t you know my site was Held Hostage by Google. I kid you not, I had so many people come to my site in under an hour it wasn’t even funny.

So I sit here, asking a really good question is Google the News? I don’t know exactly when but according to Wikipedia Google was formed in 1998. The Google Motto is Don’t Be Evil, and I guess it makes them look like a news source. When did they get past the news site? I would hazard a guess that it was in late 2004 they started when they when Google gave people the first chance to own the stock on August 19, 2004, when Google became a publicly held company.

I got hit hard by Slashdot, Reddit.com, and Google.  In truthfulness, It was more of searches and people coming from Google than anywhere else. I would say Google was the 90% and and Slashdot and Redidit was 8% and the rest was from other websites for this one article. Now don’t get me wrong the 2% of people was my normal amount of people for the day. So you can imagine how many people actually came to my site over this fiasco.

Thinking back to PIFTS.EXE.

Thinking to this very incident looks to something out of the movie “Lemony Snicket’s A Series of Unfortunate Events“.  I won’t go into much detail but here is what I want answers to about the PIFTS.EXE.  You see after I have read a great article talking in detail about this, I have also come to the conclusion something isn’t right.

The blog owner known as Anshar in the forums on the Symantec points out some key events. He wanted to point out that the users who were posting were not violating the TOS and was posting questions that look to asking about this file. See screen capture of what I took. This one picture doesn’t prove his theory in whole, but does bring up some suspicions. This actually might be them trying to find a ’scapegoat’ so to speak. He also talks about what others are asking? What is PIFTS.EXE? People seem to still have not be answered that question.

Although, in Norton’s defense there seems to be a lot of information that they have to sort through. I’ll admit this information people are asking should be really simple to find in the Symantec Databases somewhere. I will not say they are hiding anything major but I do think something is going on that we are not aware of. Here’s some other thoughts to considers? If Norton needed to find out who was using Windows 7, couldn’t they of asked or even made a simple site redirect to find that information, after all anytime you visit a site you have that information sent to the stats. I could in theory find out how many visitors are visiting from Macs and how many are on older systems. That would be very easy to do with Google Analytics.

Conspiracy theories run rampent due to PIFTS.EXE

(Looks like some of this was a 4chan gag, check my other post about it)

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it. Here what I do know:

Here’s some information I pulled from my Zone Alarm Logs. Does this make sense to anyone?

2009/03/09 18:26:44 — New Program — PIFTS.exe — Destination IP: 67.134.208.160:80 — outgoing — blocked — Destination: ping.lifecycle.norton.com

2009/03/09 18:47:52 — Program Access — PIFTS.exe — Destination IP: — outgoing — blocked — Destination:

2009/03/09 18:48:28 — Changed Program — Windows Explorer — 207.46.248.249.80 — outgoing — blocked — Destination: sa.windows.com
[Via The Symatec Forums]

This indicates that the program tried to change tactics to go out on the net.  I look a look for this and it is SwapDrive.  So this must be an update to Swapdrive but I am unsure as to why it pops up that way.  The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP.  (It looks to my mistake in that little part, “to error is human” Check out this  post about it)  Although just recently Norton Decides to Delete that thread and people are really worried about why?  Is this a cover up of some sort because there is a exploit in the Wild that we don’t know about?  These are good questions that need to be answered.   Here is what one posted about this just after they deleted the forum thread:

I hate Snopes Spam

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

• Is it completely True?
• Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)

Microsoft Releases the Patch Information for March

Microsoft Has Released the Patch information For march and This is what is expected to be patch on March 11, 2009:

• Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Kb949029) — This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)

Cracking and Warez sites are Host of Trouble!!

It is nothing to laugh at and should be understood that gamers have no freedom right now.   That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan.  It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:

The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: “Crack Sites Distribute VIRUX and FakeAV“

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

• No-CD Crack (This is good for those who want to play the game without the CD)
• Key Gen Cracks (This is used for pirated version of a game)
• Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

Rogue Fake Codecs on the Rise

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

The Next big Wave of Layoffs is Sony. (9,000 workers)

In a report from Engadget, there seems to be more Layoffs going on.   One such one is Sony.  Here is what Engadget said:

The bad news from the Japanese consumer electronics industry continues. Sony just announced plans to cut about 8,000 global jobs from its beleaguered electronics business while making unspecified reductions to its seasonal and temporary workforce. The move, as Sony explains it, comes “in response to the sudden and rapid changes in the global economic environment.” Ominously, it looks like Sony will also be raising prices in the countries where “Sony makes significant sales” (read: US and Europe) if we’re reading this statement correctly:

[Via Engadget]

In Today’s economy, you need to be prepared.  So I thought I bring back some old Favorites of mine and talk about them.  To see the other layoffs that I’ve talked about CLICK HERE.   If you wanted to know what you can do to be prepared here are some great resources for people who are worried about there jobs:

• 5 ways to improve your chance of getting hired.
• Are you asking to be scammed? (Don’t get scammed while finding a job)
• Google : Job Resources
  

Are you patched, Secunia Says NO

Think you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack.

So I wanted to talk about this a little and give you a few good ways to make sure you are patched.  There are several ways to get your system up to almost 100%.

Some things to do is make sure you have your Windows systems updated.  This is easy to make sure, if you have an internet connection you can just check for updates.  If you don’t know how to do it, it is quite simple, Just go here.    If you have Windows Vista all you have to do is hit Start and type in the search box “Windows Update” and hit Enter and you will be taken to the update page.

If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

sinowal.trojan Problems.

Trojan-PSW:W32/Sinowal.CP drops and loads a password stealing component on the infected system and tries to steal account information from it. It also tries to steal information that is required to access certain online banks’ and online payment systems’ websites.

[via F-secure]

It seems to be a very hard virus to remove but there are ways to get rid of this virus.   Some tips and tricks to get rid are:

• Check out my Anti-Virus Page
• Computing.net
• The Geek Police
• How to Detect Sinowal

This are the beginning steps to get rid of a Virus but it will be a really hard virus because it wants to stay in your system.  You should also Restart in Safe mode and Try to remove that virus that one.   You will also want to disable your system restore due to the fact that it will be in there and might come back if you restore your system.  Just some simple tips to help keep you safe on the net.

Viacom and ATT layoff some people. (12,850 People)

Today, we are announcing a company-wide restructuring plan that includes staffing reductions in all divisions. This will result in a reduction of our worldwide workforce of approximately 7 percent, or about 850 positions. We are also suspending salary increases for the Company’s senior level management in 2009. In addition, after a comprehensive review of our operations, we will write down certain programming and other assets. These three actions will bring us significant cost savings and other efficiencies.

[via Gawker]

This is a Sad day for the telecommunications industry both AT&T and Viacom are laying off people. According to reports Viacom will lay off around 850 people. ATT will layoff 12,000 Jobs. Here’s the quote from Associated Press:

AT&T Inc. joined the recession’s parade of layoffs Thursday by announcing plans to cut 12,000 jobs, about 4 percent of its work force.

[Via Associated Press]

So in all today total that is 12,850 people who are going to be laid off. This is another set of layoffs but isn’t the last to see the whole list of of Layoffs in the Tech industry that I’ve talked about please click this link. You may find some usefull tidbits if you search my blog enough, I’ve got some great tips on getting hired and what you should do to be prepared.

Vista Sp2 Beta Still not up yet!

In my vista-sp2-dec-42008.html/”>Previous article I talked about how you could be in the Beta, and I just checked this morning. It looks like they took that article down. I don’t know if they are changing it around or what but it will be. I hope they fix this soon. I would like to start testing this on my Virtual Machine first before I install it on my real machine!!  I will update this when they do get it up and running.

Is this Windows 7?

As you can see that looks to be the final release of the start screen. In the past they haven’t change the start screen, it looks to be really polished and ready for use with Windows 7. If anything, I think the boot screen will be permanent and definitely not temporary. On a Side note, I found this video as well:

macromedia.com/go/getflashplayer” flashvars=”c=v&v=60e5f8c6-09f3-4a09-bac0-355b8a7b7dcc&ifs=true&fr=shared&mkt=en-US”>oembed>Video: Windows 7 Demo 1

This video I almost suspect is the release they did at the Professional Developers Conference and is probably going to have the beta in hand. Although I could be wrong this looks to be almost like Vista? Why is Microsoft trying to make Vista turn into Windows 7, probably due to the fact that Vista had such a rotten launch they are hoping people will see Windows 7 as if Windows Vista didn’t even exist.

I also found one more little Video that looks to be promising, it’s called Windows 7 Super bar. This little Video looks convincingly like this will be kept in Windows 7 but you know how Microsoft is on beta’s. Any how, Here’s this one:

Windows 7 Super Bar from Paul Jenkins on Vimeo.

Hello Twitter, Goodbye Pounce!

In a move that feels more like a cruel prank than a financial strategy, Six Apart has purchased Pownce–only to shut the company down. The blogging company acquired the micro-blogging site for an undisclosed sum before announcing that it would shut Pownce in a mere two weeks.

[via PcMag]

Although This is nothing to big because those who use Pownce was using just o play around with.  People who are using Pownce will have to go back to Twitter or something other like Twit Army.   If you have an account there you will need to start looking around for another social outlet.   Some of the ones I like are on my About me page and should give you some ideas on where you look.

Although if Six Apart was smart they should of tried to Monitize the service but I guess they just wasted there money in buying Pounce.   They wanted something else from the company that owned Pounce but not sure what.

Vista To release Service Pack 2 in April 2009

Some sources are reporting that Vista SP2 will be out in April.   According to Engadget they claim TechARP is a bunch of Malaysian Kids that like to boast about how they broke the Vista SP1 and XP SP3 release schedules to the world.  They claim though that Vista Release candidate is to be out around February.Microsoft has indicated that this SP3 will include Windows Search 4, Bluetooth 2.1 wireless support, faster resume from sleep when a wireless connection has been broken and support for Blu-ray.   I personally think it will include some of Windows 7 features to better get people accustomed to Windows 7 when they come out.

Although this is speculation and no hard evidence I think it has some merit due to the fact that Microsoft has admitted in the past that Vista was a big Letdown.  I don’t think they can any more to damage than they have already done.   If anything Windows 7 will be a easy Success if they pull it off in the right way!!!  Although with WIndows 7 be leaked online there is no telling what will happen. I am sure what ever happens will be interesting to say the least!!!

Podcasters are in up in arms over Ustream.tv

REVISED:

Podcasters and LifeCasters alike are not so happy with Ustream.tv right now. They have started to introduce there own ads overlay to where the lifecaster or podcast involved doesn’t get any revenue. One such Podcast right now is Mike Smith, Host of the Miketechshow Podcast, and Also Todd Cochrane, Host of Geeknewscentral.  In a Recent post from Todd, he stated he is going to leave Ustream.tv.

Mike Smith in his last Podcast talked about this subject and why he is really unhappy with Ustream.tv.  He says that the ads could possible violate his TOS with Techpodcast Network.  He also would like to share the revenue because he was one of the founding podcasters that started to use Ustream.tv.   He’s worried that there will be adult theme ads showing on his video stream and that He wants this to be family friendly.  He’s said before the show if he has to he’ll go to other networks.   Some of the networks that might help him out:

• Mogulus
• Stickam
• Ustream.tv
• Blogtv

Technorati Officially laysoff 6 people!!

Technorati released today they are going to Lay off 6 people and I will quote: