Why you shouldn’t mess with your registry!

You going along and Windows seems to be slow and not so responsive. You go and start messing around with the Registry and later when you reboot your systems becomes frozen and nothing you do will get it back.

What is the Windows Registry used for?

The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the Registry. The registry also provides a means to access counters for profiling system performance.
[Wikipedia]

What programs can I use to repair or Clean the Registry?

There are several different programs that can be used to help fix the registry or remove the unnecessary registry entries.  I can suggest a few good utilities to help you fix or repair Windows Registry:

• Registry Utilities Professional –  This is good program for repairing small registry problems.   This won’t fix major problems but it might help you get Windows back and running.

How to read MiniDumps

What are Minidumps??

Minidumps are what Microsoft Windows like to use to store all the important information about what you were running, and what caused the problem. It can even show you what drivers and what you were doing at the time to cause the problem, but that sometimes can be hard to figure out with all the codes and stuff that comes along with the Minidump.  If you would like to read more about Minidumps please check out Wikipedia, they could tell you more about it.

How do I read a Minidump??

Microsoft has a tool that will read minidumps and let you try to figure out why you had a Blue Screen of Death and some have it call it Blue screen of Doom.  Most of time when you have a Blue Screen of Death (BSOD), it usually means something unexpected happened and Windows can’t recover from it.    Some of the common problems are Memory Corruption, Program Corruption and Hard Drive Corruption.   Although these are not all them you can also have Driver issues, and program issues, which in part is a wide range of possibilities that could of caused it in the first place.

List of Malware sites for Dec 10, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4349):

• update-protection-z4.cn
• update-protection-z6.cn
• lenovosecurity01.cn
• lenovosecurity51.cn
• new-antimalware01.cn
• update-protection-z1.cn
• ferrari-scan9.cn
• radius-protect-c1.cn
• radius-protect-a1.cn
• radius-protect-b1.cn
• intel-secure10.cn
• intel-secure20.cn
• intel-secure90.cn
• intel-secure02.cn
• intel-secure01.cn
• atomantispyware11.cn
• atomantispyware21.cn
• atomantispyware31.cn
• atomantispyware51.cn
• atomantispyware61.cn
• pc-antispy013.cn
• pc-antispy999.cn
• pc-antispy051.cn
• pc-antispy001.cn
• windefscanm9.cn
• windefscanm0.cn
• vip-protectionv9.cn
• vip-protectionz4.cn
• windefscanm1.cn
• vip-protectionv8.cn
• top2009security.cn

Internet Antivirus Pro Scareware

• ewiali.cn
• ewiaguh.cn
• inb6sh.com
• divyza.cn
• jynuroh.cn
• jypebgi.cn
• diwehym.cn
• enoihup.cn
• kanjiur.cn

Fake Scanner Pages:

• scan.dewesan.cn

Rogue Antivirus scareware sites:

• siteadware.com
• antitroy.com
• letmeguard-yourzone-pc.com
• systempc-scan-check.net
• livepcguard.com
• downloadavr13.com
• clean-vironmypc.net
• cleanvir-onmypc.net
• cleanviron-mypc.net
• cleanvironmypc.net
• internal-scanforpc.com
• internal-scanforpc.net
• internalscanforpc.com
• internalscanforpc.net
• safetyantispywareshop.com

Sneak Peak : Wi-Fire USB WiFi adapter from hField

I will be Reviewing the Wi-Fire USB WiFi adapter from hField in the next couple weeks. Here is what they sent me and I will be testing this out in the future.

The Wi-Fire multiplies the effectiveness of any 802.11 b/g wireless networks and eliminates those nasty dead spots that plague users. It allows users to connect to a WiFi network from up to 1,000 feet-more than three times the range of other 802.11 adapters-often at significantly higher speeds, and even in locations where no wireless signal could be detected previously. Independent testing has shown the Wi-Fire outperforms 802.11n adapters at distance; delivering greater throughput and a more stable connection.

Wi-Fire gives Windows, Linux and Macintosh users worldwide the freedom to connect to WiFi networks when they want, where they want.

As you can see this is going to be a very interesting little device. They have also offered to give two of my readers a chance to get one of these antenna’s. So I will be testing this out and giving my opinion and it will talked about and there will be a contest.   I will come up with a contest in the coming weeks.

Ahhh Yes I treat WordPress Like Windows

In one of my previous blog posts we talked about Robert Scoble’s problem with a Hacker. I wanted to talk about treating Wordpress like Windows. Now after a few days of watching what people are saying it looks like it is a worm that is infecting blogs.    Now’s let’s be clear about this I am using Windows and want to remind that every month which is Today, the Second Tuesday of each month to be more exact I upgrade almost immediately.   I don’t wait a day or two to see what others are saying about it, I just upgrade.

Why is that so important, like Virues and Malware authors who use known exploits to gain a foothold on your system for the end results to have your system for what ever they want like a Botnet or even  just to scare you into buy a fake or fraudulent product.   I’ve have seen many systems where the home users who those who think they are savy enough not to upgrade instantly and think their systems will be fine for a couple of days to weeks without upgrades.  This is simply not true, You’ve heard of Patch Tuesday from Microsoft talking about this from time to time.  Maybe you heard that from a friend what to expect this Patch Tuesday.   I would like to introduce  exploit Wednesday in which you can bet there are going to be Malware Authors who will of figured out what was patched and why and take advantaged of that Vulnerability on older systems who haven’t yet patched and use that for their own Nefarious reasons.

List of malware sites for Sept 1, 2009

Well with it being the end of the month it was to be expected here is a long list of sites.   So please read these carefully.

Personal Antivirus Scareware Site and How to Remove them:

• live-virus-scanner9.com
• tryantivirusscan.com
• antispyware-scanner2.com
• bewareofvirusattacks2.com
• antivirus-scanner6.com
• valueantivirusshop1.com

Internet Antivirus Pro Scareware*SUPERAntispyware gets rid of these too*

• adjudg.info
• atwain.info
• caretz.info
• gaudad.info
• krapen.info
• nevils.info
• outliv.info
• penvie.info
• stampo.info
• ticedu.info
• unwept.info
• gelded.info
• dolchi.info
• figgle.info
• botled.info

Rogue Antivirus scareware sites:

• securepcshield.com
• myprotectedzone.net

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

How to know if the scareware warning is real or not:

I got an email from someone who wants not to be named asking how do I know if these sites that I have talked about like Defenderpageblock.com, Spywaredomainlist.com, adwaredomainlists.com, badwaredomainlists.com, browserdefenderlist.com, malicioussitesblock.com, and browserliveprotection.com are fake warning sites because of how the site handles the URL presented.   Let me give you a few example urls to see what I mean:

http://defenderpageblock.com/block.php?id=2006-54&url=http://tech-linkblog.com/scareware-adviser-from-defenderpageblock-com/

http://browserliveprotection.com/block.php?id=2024-4&url=http://tech-linkblog.com/2008/12/microsoft-readys-to-layoff-around-15000-workers.html/

http://malicioussitesblock.com/block.php?id=2006-54&url=http://tech-linkblog.com/2009/08/list-of-malware-sites-for-aug-24-2009.html/

http://spywaredomainlists.com/block.php?id=2018-2&url=http://tech-linkblog.com/2009/08/scareware-adviser-from-spywaredomainlists-com.html/

http://adwaredomainlists.com/block.php?id=2031&url=http://tech-linkblog.com/2009/04/pc-speedscan-pro-a-bad-idea.html/

Now as you can see al these have an identification number probably like an affiliate link and then the url of the site that is supposed to be bad or have malicious in some way.  So what do you do when you see these types of warning pop up and you would like to know if this real.   Here are some things to try to see if it is real or not:

• change the url it is going to, try Google or some other site that you know isn’t malicious and see what happens.   You will notice it will say the same exact same thing.
• Check out Stopbadware.org –  Google uses this service for there search results so this would be more reliable and check out the warning domain to see what it says then also check out the domain and website in question.

AVG 8.5 Free Version Best on my system

Pcworld has a released there top free Antivirus software picks.     Now let’s be clear on this, I am an a average user, and have tested these products out on my own laptop plus others and here is what I find.

According to Pcworld, Avira Antivir Personal is the top pick and claims to block 98.9 percent of samples:

Such less-than-friendly default behaviors make Avira AntiVir Personal a better choice for tech-savvy users who know how to muck about in the settings. If you’re willing to put up with a somewhat clumsy interface and the recurring pop-up ads, in return you’ll enjoy top-notch, free protection against malware. It’s not a bad trade-off by any means.

[Via Pcworld : Avira Antivir Personal Antivirus]

Now with Pcworld saying it isn’t a bad trade-off to have the Pop-ups and the default behaviors of this program, it doesn’t make me want to use this program since I am a gamer and the pop-ups would interfere with playing online games, not to mention if your not that tech savy person you’d have a lot of head scratching to  figure out this program.

List of Fake AV sites for Aug 22, 2009

If you know anything about the Malware writers they are always registering new domains and here is the newest ones they are using:

Personal Antivirus Scareware Site:

• antispywarebestscanner.com
• professionalvirusscanv3.com
• professionalcomputerscanv2.com
• scan-your-pc-now.com
• professionalspywarescanv8.com

Internet Antivirus Pro Scareware:

• hopest.info
• suffic.info
• cressy.info
• unowed.info
• inclin.info

Rogue Antivirus scareware sites:

• securitytoolsite.com (Fake Scanner)
• webscansecurepc.com (Fake Scanner)

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

List of Malware sites for Aug 21, 2009

It has been kinda busy today for the Antivirus scareware sites but here they are.

Personal Antivirus Scareware Site:

• check-for-malwarev3.com
• safeonlinescannerv4.com

Internet Antivirus Pro Scareware:

• fatuus.info

Rogue Antivirus scareware sites:

• antivirusplus2010.com
• mybestantivirusplus.com
• internetantivirusplus.com
• antivirusplus09.com
• antivirus-plus-now.com
• yesantivirusplus.com
• goodantivirusplus.com
• i-antivirusplus.com
• nextantivirusplus.com
• antivirusplus-ok.com
• getavplusnow.com
• antivirusplusnow.com
• getantivirusplusnow.com
• realantivirusplus09.com
• freeantivirusplus09.com
• addedantivirusstore.com
• addedantivirusonline.com
• myplusantiviruspro.com
• yourcountedantivirus.com
• easyaddedantivirus.com
• addedantiviruslive.com
• addedantiviruspro.com

Most of the time, These sites are injected into one's browser by way of a Trojan taking over the system. If left untreated these sites will become more and more profound trying to get you to install them. Most of the time these are installed in unsuspecting computers by way of exploits, backdoors, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in mind but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

Scareware Site — Internet Antivirus Pro

I was checking out the site unmast.info and this came up:

As you can see this try to scare you into doing two things.  It tries to Mimic the look of your hard drive and also tries to get you to download a program.  The Program is called Install.exe.  Downloading this file causes AVG and Windows Defender to Pop up with the Warning:

As you can see this isn’t a good program to install and if you have then I recommend you doing a full system scan and removing this Trojan which I am sure has also installed other Malware like a botnet or something along that lines. Your Privacy isn’t safe on that computer so you should do these things as soon as possible.

Threat to System : Severe

Rating:

Advice : Do a Complete system scan and Remove this Trojan and any others that have been installed.

I recommend :

Do a Full System with One of these Free Antivirus Software:

Download SUPERAntiSpyware

Download Malwarebytes

Microsoft Get Ready for Patch Tuesday. 6 Bulletins

According to Arstechnica there will be 6 Bulletins and each of them are very interesting:

• Bulletin 1: Critical (Remote Code Execution), Windows
• Bulletin 2: Critical (Remote Code Execution), Windows
• Bulletin 3: Critical (Remote Code Execution), Windows
• Bulletin 4: Important (Elevation of Privilege), Virtual PC, Virtual Server
• Bulletin 5: Important (Elevation of Privilege), ISA Server
• Bulletin 6: Important (Remote Code Execution), Office

It looks like there will be another Directx Patch for those who have Directx 7 through 9.0c.  It also seems they will be Patching the Virtual PC and Server and ISA Server.    Microsoft will also be patching 2007 Microsoft Office System Service Pack 1.  They will also Be Releasing 14 different patches for non Critical status.

The vista-users-unaffected.ars” target=”_blank”>Directx Flaw that was reported in May is reportedly being patched and that is why we have these Directx updates that are comming down from Microsoft.

So Now is the time to get Autopatcher updated to the lastest updates and schedule a time next week for you to test and install these updates.   I would recommend updating your anti-virus and Firewall software if you have any, if not it is time to get them and install them.

Ms Patch Tuesday For June 2009

Microsoft has released the upcoming patch information for this Tuesday, and boy does it look like a big one. It looks like there will be 10 bulletins this time around:

• Bulletin 1: Critical (Remote Code Execution):   Windows
• Bulletin 2: Critical (Remote Code Execution):   Windows
• Bulletin 3: Critical (Remote Code Execution):   Windows, Internet Explorer
• Bulletin 4: Critical (Remote Code Execution):   Office
• Bulletin 5: Critical (Remote Code Execution):   Office
• Bulletin 6: Critical (Remote Code Execution):   Office
• Bulletin 7: Important (Elevation of Privilege):        Windows
• Bulletin 8: Important (Elevation of Privilege):        Windows
• Bulletin 9: Important (Elevation of Privilege):        Windows
• Bulletin 10: Moderate (Information Disclosure):    Windows

It will also include one or more updates on WSUS and Windows update, and Microsoft Windows Malicious Software Removal Tool.   This looks to be quite a big set of updates.   Each one is very serious and will probably be a big download.   If your in corporate IT you may want to get ready the Autopatcher program this will help update all the important files on each system without having to have a internet Connection.

Microsoft makes Firefox more insecure with the .NET 3.5 Framework (KB951847)!

In February, Microsoft quietly installed .NET Framework Assistant (ClickOnce) Firefox Extension. This extension is a bad idea because of what this could do.

This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

[Via Annoyances.org]

As you see, this is a way to make Firefox less secure and almost like Internet Explorer.   We’ve seen the problems with all the Malware exploits that people have used in the past.   If you want to uninstall it, well you can’t.   Microsoft as went out if its way to prevent users from uninstalling.    Here is what Brad Abrams talked about on his blog:

We added this support at the machine level in order to enable the feature for all users on the machine.Seems reasonable right? Well, turns out that enabling this functionality at the machine level, rather than at the user level means that the “Uninstall” button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components.

Microsoft to Release One Crictical update for Tuesday

Microsoft has release the information for May’s Patch Tuesday and it looks like there is one major update for Power point:

The Affected software is MS Office 2000, MS office Xp, MS Office 2003, Ms Office 2007, Power point viewer, and MS compatibility pack for Word, Excel, and Power point 2007.

What will be coming out for Tuesday is as Followers for Non-security Releated:

• Windows PowerShell 1.0 for Windows Vista (KB928439)
  
• Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)
• Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
• Windows Malicious Software Removal Tool – May 2009 (KB890830)/Windows Malicious Software Removal Tool – May 2009 (KB890830) – Internet Explorer Version
• Update for Windows Mail Junk E-mail Filter [May 2009] (KB905866)

Although some of this is usual like the Malicious software removal tool, and Windows Junke e-mail filter, we won’t know what else will be released until Tuesday.  Some of the updates will be minor like the Powershell, I am guessing tis will help get ready for SP2, and the SP1 for the .NET framwork also looks to be getting ready for SP2.  So I will keep you updated if i find out what else is released on Tuesday!

Deciding the need for a Full backup or backing up your important files

This weekend I talked about Backups on the Mike Tech Show listener Round table, and I heard from one or two people saying you can’t do a full backup with Allwaysync, and to a point that is true but I really don’t need a full back and some have said the program is only good for Synchronization and not backup.

I could debate that last point because what is a backup?  Wikipedia defines it as “backup refers to making copies of data so that these additional copies may be used to restore the original after a data loss event”.   So backing up and Synchronizing are essentially the same thing.  Some users will argue that it is getting every file on your hard drive but I don’t think so.   I however will tell you that Most files on your hard drive don’t need to be copied.   Due to the fact that if you get a complete backup of your windows directory you will most ly end up where you left off, Viruses or some file that corrupt.   I don’t make copies of the windows for that one reason, I have all OEM systems and don’t need to worry about the Windows because when I do a system restore, I get my system back to the Factory default.

Miketechshow Listener Roundtable : #242 Backups

We had a great time talking about backing up our system. On a side note, I’d like to tell people that During the Round table, I was restoring my system due to a major network issue. The system wouldn’t stay connected at all to my network or my USB A600 Cricket Modem.  I used the A600 Modem during the podcast with Skype, so the quality isn’t as good as it should but that is due to two different factors.  One I had a cheap headset and two the bandwidth limitations.  This however shows that this is possible and works really well.  I also used the Antenna for the Skype meeting.   It actually seems like a stable connection.   Although Mike has told us in his email this might be the last Round Table, so if you want this to continue you can either email him or twitter him telling him you want to keep seeing these podcasts.  I also talk about Roboform and how I make sure the passwords are backed up.   We did talk about making sure to test our backups, so we know if the backup process works.   I have to say my backup procedure was without doubt working for me.   Even though I had some issues with Vista security updates after the restore, my restore to laptop didn’t take more than an hour to get the programs that I wanted back on the system.
Mike Tech Show Listener Roundtable #242 Backups

Twitter Spam attempt: “See the NSFW pics twitter deleted from my profile here”

Looks like this might have been a improper adult content or maybe a Malware attack:

If people are wonder what NSFW means:

Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]

It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install Free Anti-virus and Free Firewalls to help prevent from getting Viruses or Malware.

Adobe PDF Zero Day Warnings : Experts agree

All the Security experts online are talking about The 2 Zero Day Adobe Vulnerabilities:

• F-secure
• Graham Cluely’s Blog
• Sans Internet Storm

As you can see this seems to be one of those Adobe problems we had in the past with Javascript.   They seem to be having a major problem with Javascript vulnerability and the old saying is to just to disable Javascript in PDF’S again.   Adobe is calling this a Potential Adobe Reader issue and is suggesting that the users disable Javascript until this is fixed with a security update.

This is mostly affect the corporate world more than the private sector because of the fact corporate world will use PDF by sending them through emails.   I suggest installing another reader and these are all free.

Be advised the vulnerabilities affects Linux, Windows, and Macintosh systems.  This will most likely mean that even Macintoshes could be used to create even more botnets and will need to disable there Javascript until this issue is fixed or maybe they would like to find another reader themselves.  This also goes for Linux users but I have not heard of anything in the wild yet.

Don’t forget to install some free Anti-virus and Free Firewalls to help protect your system from becoming a botnet.

Mebroot becomes More Stealthier!!

Well Here is something we should all be on the look out for:

Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

Mebroot inserts program hooks into various functions of the kernel, or the operating system’s core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn’t been tampered with.

[Via Pcworld Magazine]

I will be updating my Malware Resource for the Prevx Software, but this looks to be a very bad root kit.  From my understanding most of the security related software.   It seems this little program will become even harder to detect and remove.   It also looks like this is ready to start infecting people with this root kit.   You should update every part of your system from Windows Patches to Browser.  Securnia once said that most people are not patched fully!!  Just like the Conficker Worm, if your not fully patched and keeping anti-virus and Firewalls on your system then you might as well be walking on nails.

Electric Company fear Mongering gone wrong!!

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

Securing your Windows Machines

After a Long day at work, you sometimes feel like there isn’t much you want to talk about. Then this idea comes to me? Why do people blog and why do people talk about security?

I’ve come to realize something, I’m not one who was grew up understanding bits from bytes. I grew up as any family does fighting with my siblings.

Having been blogging the past few years, it seems like only yesterday that I started blogging. Cliche I know but still very much true. Most blogs do what they know, I aim to learn and teach each day I blog. Like days like this when the world is pretty much quite and the remnants of the conficker worm dies to a rumble.

So how do you secure your Windows Machine?

After a day long battle with  my wife’s system, I grow to wonder if there is something I should do differently with how to prevent Viruses and Worms on her system.  So I’ve groomed my Knowledge base and come up with 5 good points when it comes to locking down your Windows Machines:

Hackers Jump onto Power Point Exploits : KB969136

In my Previous post, we talked about Microsoft Advisory for KB969136 and the exploit was in the wild.  It looks like Trend Micro has published some new spam attempts to get the users to open up the Maleware for them to deposit TROJ_PPDROP.AB onto there systems.

Trend Micro has some screen shots of the most common Fake Presentations for you to see just how they try to get you to open the file.

Although these are some common tactics for  attackers to use such as  nude pictures, Earth Hour, or Celebrities without Makeup,  users who don’t normally use PPT should check the files out before you load them.  You also should remember to save them to a file and scan them with your Anti-virus software, also it wouldn’t hurt to have a firewall software.  It looks like these exploits tries to connect to the internet and you might be able to find out by the request from the firewall.

According to Internet Storm Center, the CVE place Holder for this is CVE-2009-0556 and hasn’t become live yet. I do not think they will release that information until they get a chance for Microsoft to patch the systems.

The Seriousness of the Twitter Vulnerability?

The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

We’ve seen that there have been twitter phishing in the past, and Facebook phishing have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the URL redirects could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

Onlive? Could that be the downfall of Unlimited Internet?

As most of read from Engadget, Cnet, and IGN, this is the the beginning to the end for unlimited internet access.  As you know

according to Wikipedia, there is 8.9 Million at least having XBOX 360 and according to Engadget there are 71% have DSL speeds, so that would be a possible 5.6 million I am guessing. Just on one Console, I could go through each console and see but I know it is a big number. It could out sell all these other consoles really quickly.

Now we have had console wars for some time and this might or might not work depending on the streaming of Onlive and also the FPS(Frames Per Second).  If they don’t do it right, this will never catch on and if they do it right which they might I see there will become a scenario where the ISP will want to regulate bandwidth.  Time Warner has been looking into for some time.  IF enough people buy this and use the service then all the ISP will have more reasons to regulate bandwidth.  So is this the downfall of Unlimited Internet Access?  All these kids wanting to play the most recent games, who knows how this will work out but this will be a bandwidth issue in the coming months as we see who wants to use this.  If Onlive sells these for $99 then I see it becoming the winner, I’d also like to see unlimited subscriptions like Netflix but We will have to wait and see!!

Are You and Your Friends Fine — Virus Spam

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan.  It blocked it, but  the file that it is downloaded called “save.exe” and I have talked about flash player fake updates.  I have seen other blogs talking about dirty bomb news report leads to malware.  I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links.  It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans.  You should have a firewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.

Free Syncronization and Backup programs

So I talked about finding some free backup utilities on the Mike Tech Show Listener Roundtable Show # 234.

I said I would publish some good free ones programs to backup your system files and I think I have done it.  Here’s are some great ones that I recommend for anyone who doesn’t want to pay for a backup program:

Allway Sync –  Works with Windows Vista/XP.  It supports : Hard Drives, Removable Hard Drives, Network Drives, Amazon S3, FTP Server, Offsitebox.com, and WEBDAV Folder.  This program is also quite portable and can be used on more than one computer with the portable version.(A600 USB Broadband Modem for Free after Instant online web only rebate + Mail in rebate. First month free and free shipping. Buy now!)

ViceVersa — Windows 98, Me, 2000, XP, Vista. Vice Verse FREE will compare files in two folders (source and target) and synchronize file differences.  There isn’t much else you can do with this but It does look to be good for small backups and older system.

Acebackups — is a powerful tool to create completely secure backups of your data. Store your data on any local storage device, on CD, DVD or on your remote FTP server!

Malicious Spammers target Bank of America

I’ve saw two different security firms talking about Bank of America and I wanted to share with you:

Picture from F-secure

The two sites are F-secure and Pandalabs who are talking about Bank of America and how they try to get you to install malware.  With Adobe having just sent out the new updates last month it looks like spammers are using this to get people to install Malware.

It is also been known to be floating around in Facebook this spam.  So if you get a link going to a site you don’t know about to see a video and it says you need a codec or the Adobe update you should turn right around and leave site. You should always type in the url of Your Bank and not go there through links.

From what they are saying it monitors Network traffic and Steals ICQ, POP3, and IMAP passwords.  If you find network traffic going to Hong Kong IP, then it is time to check to make sure all your Virus definitions are up to date and you’ve installed an Anti-virus and Firewall.  I would encourage  users to report it to Phishtank so that any other unsuspecting user or person going to that site will be warned.

Is Google the ultimate news source?

As you know We had a big problem Monday Night and All day Tuesday. If you are a regular reader of this blog, you would of noticed either a 503 or lag. It was due to an article that I released late Monday night about the PIFTS.EXE and the so call conspiracy.

At the time, I was wondering and quite disturbed about what Norton Symantec was doing to the forums. So I blogged about this and wouldn’t you know my site was Held Hostage by Google. I kid you not, I had so many people come to my site in under an hour it wasn’t even funny.

So I sit here, asking a really good question is Google the News? I don’t know exactly when but according to Wikipedia Google was formed in 1998. The Google Motto is Don’t Be Evil, and I guess it makes them look like a news source. When did they get past the news site? I would hazard a guess that it was in late 2004 they started when they when Google gave people the first chance to own the stock on August 19, 2004, when Google became a publicly held company.

I got hit hard by Slashdot, Reddit.com, and Google.  In truthfulness, It was more of searches and people coming from Google than anywhere else. I would say Google was the 90% and and Slashdot and Redidit was 8% and the rest was from other websites for this one article. Now don’t get me wrong the 2% of people was my normal amount of people for the day. So you can imagine how many people actually came to my site over this fiasco.

Thinking back to PIFTS.EXE.

Thinking to this very incident looks to something out of the movie “Lemony Snicket’s A Series of Unfortunate Events“.  I won’t go into much detail but here is what I want answers to about the PIFTS.EXE.  You see after I have read a great article talking in detail about this, I have also come to the conclusion something isn’t right.

The blog owner known as Anshar in the forums on the Symantec points out some key events. He wanted to point out that the users who were posting were not violating the TOS and was posting questions that look to asking about this file. See screen capture of what I took. This one picture doesn’t prove his theory in whole, but does bring up some suspicions. This actually might be them trying to find a ’scapegoat’ so to speak. He also talks about what others are asking? What is PIFTS.EXE? People seem to still have not be answered that question.

Although, in Norton’s defense there seems to be a lot of information that they have to sort through. I’ll admit this information people are asking should be really simple to find in the Symantec Databases somewhere. I will not say they are hiding anything major but I do think something is going on that we are not aware of. Here’s some other thoughts to considers? If Norton needed to find out who was using Windows 7, couldn’t they of asked or even made a simple site redirect to find that information, after all anytime you visit a site you have that information sent to the stats. I could in theory find out how many visitors are visiting from Macs and how many are on older systems. That would be very easy to do with Google Analytics.