Monday, January 29, 2007
Sunday, January 21, 2007
New technology of rootkits: Unreal
There is report of new Rootkit technology that can bypass all known Anti-Rootkit. This rootkit can be downloaded for testing.
Check out the forum site from Sysinternal:
http://forum.sysinternals.com/forum_posts.asp?TID=9630&PN=1&TPN=1
Check out the forum site from Sysinternal:
http://forum.sysinternals.com/forum_posts.asp?TID=9630&PN=1&TPN=1
Thursday, January 18, 2007
Review on 6 Rootkit revealers from Informationweek
Check out full review from Informationweek.
They gives you some good background information that normal people can understand and reveals 6 well known Rootkit revealers. But they missed one more good program Sophos Anti-Rootkit (Which is best out of 6 rootkit revealers reviewed on below link).
Six reviewed anti-rootkit products:-
• F-Secure BlackLight• IceSword• RKDetector• RootkitBuster• RootkitRevealer• Rootkit Unhooker
Sophos Anti-Rootkit can be download from http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Full review from Informationweek:-
Link: http://www.informationweek.com/shared/printableArticle.jhtml?articleID=196901062
They gives you some good background information that normal people can understand and reveals 6 well known Rootkit revealers. But they missed one more good program Sophos Anti-Rootkit (Which is best out of 6 rootkit revealers reviewed on below link).
Six reviewed anti-rootkit products:-
• F-Secure BlackLight• IceSword• RKDetector• RootkitBuster• RootkitRevealer• Rootkit Unhooker
Sophos Anti-Rootkit can be download from http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Full review from Informationweek:-
Link: http://www.informationweek.com/shared/printableArticle.jhtml?articleID=196901062
Spyware causing your PC to host porn materials
Here is the video for untrained people on how spyware can turn your PC into porn host.
Link: http://www.youtube.com/watch?v=gSMz2aEXj8M
Remember, once your PC is turned into Porn junk or zombie, you can't stop them until your totally disable all infected spyware or malware. Try using PC Tools's Spyware Doctor, Webroot's SpywareSweeper and combination of some rootkit revealer from Sophos and good Antivirus software like Kaspersky/McAfee/Symantec/TrendMicro.
Link: http://www.youtube.com/watch?v=gSMz2aEXj8M
Remember, once your PC is turned into Porn junk or zombie, you can't stop them until your totally disable all infected spyware or malware. Try using PC Tools's Spyware Doctor, Webroot's SpywareSweeper and combination of some rootkit revealer from Sophos and good Antivirus software like Kaspersky/McAfee/Symantec/TrendMicro.
Monday, January 15, 2007
Porno popups - Big deal?
You guys recall report of school teacher was busted for 40 years in prison because of some spyware caused porno popups during class session.
Big deal, we all know all popups are caused by adware & spyware or even cookies & scripts that cause automatic popups by just visiting legitimate web sites. And porno popups are no exception, they are just another popups with porno pictures.
Even I gets porn popups just visiting some blogs and webcasting sites.
Links:
Teacher get busted - http://www.computerworld.com/blogs/node/4346
Some examples of popups - http://www.benedelman.org/news/062206-1.html
Big deal, we all know all popups are caused by adware & spyware or even cookies & scripts that cause automatic popups by just visiting legitimate web sites. And porno popups are no exception, they are just another popups with porno pictures.
Even I gets porn popups just visiting some blogs and webcasting sites.
Links:
Teacher get busted - http://www.computerworld.com/blogs/node/4346
Some examples of popups - http://www.benedelman.org/news/062206-1.html
Wednesday, January 10, 2007
Saddam malware
Have seen this Saddam's malware?, if you have copy of this virus file please send me a copy zip & encrypt it before you pasting to me directly or to http://www.pctools.com/mrc/submit/
More info on this w32/bandload virus:-
http://antivirus.about.com/b/a/257788.htm?nl=1
http://www.f-secure.com/weblog/archives/archive-012007.html#00001071
More info on this w32/bandload virus:-
http://antivirus.about.com/b/a/257788.htm?nl=1
http://www.f-secure.com/weblog/archives/archive-012007.html#00001071
Macworld 2007: Steve Jobs keynote
Apple computer have launch new iPhone, check out Steve Jobs keynote
From Apple: http://www.apple.com/iphone/
From Blogger: http://appleiphone.blogspot.com/
From Gadget news: http://www.engadget.com/2007/01/09/the-apple-iphone/
New sophisticated phishing tool
Zdnet reported that there is new sophisticated phishing tool use by cybercrooks. Check out the link below.
From Zdnet January 10, 2007, 11:47 AM PT
Security experts at RSA have come across a new tool that automatically creates sophisticated phishing sites, a sign that cybercrooks are getting increasingly professional.
The tool, which RSA calls the "Universal Man-in-the-Middle Phishing Kit," is available on underground online marketplaces for about $1,000, Jens Hinrichsen, RSA's product marketing manager for fraud auction, said in an interview Wednesday.
"Unlike other phishing kits which have been in existence for quite some time, this kit is unique because with a very simple user interface you can choose whatever site you'd like to spoof," Hinrichsen said. "The arms race continues; we on the security side have to continue to escalate resources and invest in technology."
Phishing scams are a prevalent online threat that typically use fraudulent Web pages and spammed e-mail messages to trick people into giving up personal information such as user credentials or credit card data.
Using the new kit, a fraudster only has to enter variables such as which site should be spoofed and where the fraudulent page will be hosted. The tool then produces a dynamic Web page in the PHP (hypertext preprocessor) scripting language. The fraudster hosts this page somewhere on the Web, typically on a compromised Web server or a free Web host, and lures people to it with spammed e-mail messages or other links.
Unlike traditional phishing Web sites that have static Web pages designed to look like a real online bank or other trusted site, the dynamic page created by the phishing kit actually pulls in the current Web site of the target organization and displays it. However, any data entered is captured by the miscreants, Hinrichsen said.
"Once you enter your credentials, it would be intercepted by that server where the PHP file is hosted," he said. At the same time, the victim is actually logged in to the legitimate site and may never know he's been phished.
Shrewd phishers monitor the log-in process to validate that the data they capture is legitimate, Hinrichsen said. An incorrect username and password combination would be discarded. Also, the man-in-the-middle-style attack lets the miscreants continue to eavesdrop on the victim's interactions with the legitimate Web site, according to RSA.
The most popular phishing targets are banks and online payment services such as PayPal. Auctioneer eBay is also a common target. Fraudsters run phishing scams to collect personal information that can be used for identity fraud.
Link: http://news.zdnet.com/2100-1009_22-6149090.html
From Zdnet January 10, 2007, 11:47 AM PT
Security experts at RSA have come across a new tool that automatically creates sophisticated phishing sites, a sign that cybercrooks are getting increasingly professional.
The tool, which RSA calls the "Universal Man-in-the-Middle Phishing Kit," is available on underground online marketplaces for about $1,000, Jens Hinrichsen, RSA's product marketing manager for fraud auction, said in an interview Wednesday.
"Unlike other phishing kits which have been in existence for quite some time, this kit is unique because with a very simple user interface you can choose whatever site you'd like to spoof," Hinrichsen said. "The arms race continues; we on the security side have to continue to escalate resources and invest in technology."
Phishing scams are a prevalent online threat that typically use fraudulent Web pages and spammed e-mail messages to trick people into giving up personal information such as user credentials or credit card data.
Using the new kit, a fraudster only has to enter variables such as which site should be spoofed and where the fraudulent page will be hosted. The tool then produces a dynamic Web page in the PHP (hypertext preprocessor) scripting language. The fraudster hosts this page somewhere on the Web, typically on a compromised Web server or a free Web host, and lures people to it with spammed e-mail messages or other links.
Unlike traditional phishing Web sites that have static Web pages designed to look like a real online bank or other trusted site, the dynamic page created by the phishing kit actually pulls in the current Web site of the target organization and displays it. However, any data entered is captured by the miscreants, Hinrichsen said.
"Once you enter your credentials, it would be intercepted by that server where the PHP file is hosted," he said. At the same time, the victim is actually logged in to the legitimate site and may never know he's been phished.
Shrewd phishers monitor the log-in process to validate that the data they capture is legitimate, Hinrichsen said. An incorrect username and password combination would be discarded. Also, the man-in-the-middle-style attack lets the miscreants continue to eavesdrop on the victim's interactions with the legitimate Web site, according to RSA.
The most popular phishing targets are banks and online payment services such as PayPal. Auctioneer eBay is also a common target. Fraudsters run phishing scams to collect personal information that can be used for identity fraud.
Link: http://news.zdnet.com/2100-1009_22-6149090.html
Thursday, January 4, 2007
Another Antivirus music band !
SecuriTeam blog reported another AV music band, it's from BitDefender, it's funny how Antivirus companies are trying to brain wash people with their music ;)
Check out their music from Youtube links;
http://www.youtube.com/results?search_query=bitdefender
And specifically:
http://www.youtube.com/watch?v=XLfNeYkgjpI
http://www.youtube.com/watch?v=NLHQknOP90c
http://www.youtube.com/watch?v=g-0IqmHiLRw
http://www.youtube.com/watch?v=-dhGZwinLrY
Now, go and watch the Symantec version: http://www.youtube.com/watch?v=x-UnYm6qfy8
Check out their music from Youtube links;
http://www.youtube.com/results?search_query=bitdefender
And specifically:
http://www.youtube.com/watch?v=XLfNeYkgjpI
http://www.youtube.com/watch?v=NLHQknOP90c
http://www.youtube.com/watch?v=g-0IqmHiLRw
http://www.youtube.com/watch?v=-dhGZwinLrY
Now, go and watch the Symantec version: http://www.youtube.com/watch?v=x-UnYm6qfy8
Wednesday, January 3, 2007
The TV 24 series: Jack Bauer - the next Chuck Norris?
Check out the top 100 facts about Jack Bauer (Fictional character from TV Series called 24 - season 6 ~will air on 14.15 January 2007). It's pretty funny :)Sunbelt blog's report on Gromozon.com
Sunbelt blog reported Gromozon attack, here is more info from Symantec.
Link:
http://www.symantec.com/enterprise/security_response/weblog/2006/08/gromozoncom_and_italian_spaghe.html
Looks like LinkOptimizer and Trojan.Gromp is back again. Did you know both LinkOptimizer & Trojan.Gromp is actually same threat?
The latest LinkOptimizer files are detected as Trojan.Gromp by most European AV vendors where as US vendors such as Symantec & Spysweeper detected as LinkOptimizer.
Just like Deluxe Communication & SurfSideKick (another same threat, just different names).
Links:
http://www.pchell.com/support/surfsidekick.shtml
http://affiliatefairplay.com/newsblog/2006/08/28/surfsidekick-now-dxcdirect/
http://www.anti-spyware-101.com/remove-deluxecommunications/
Removal info for Deluxe Comminication & SurfSideKick:
http://www.spywareremove.com/removeDeluxeCommunications.html
Link:
http://www.symantec.com/enterprise/security_response/weblog/2006/08/gromozoncom_and_italian_spaghe.html
Looks like LinkOptimizer and Trojan.Gromp is back again. Did you know both LinkOptimizer & Trojan.Gromp is actually same threat?
The latest LinkOptimizer files are detected as Trojan.Gromp by most European AV vendors where as US vendors such as Symantec & Spysweeper detected as LinkOptimizer.
Just like Deluxe Communication & SurfSideKick (another same threat, just different names).
Links:
http://www.pchell.com/support/surfsidekick.shtml
http://affiliatefairplay.com/newsblog/2006/08/28/surfsidekick-now-dxcdirect/
http://www.anti-spyware-101.com/remove-deluxecommunications/
Removal info for Deluxe Comminication & SurfSideKick:
http://www.spywareremove.com/removeDeluxeCommunications.html
Rockband for Checkpoint, Symantec & IBM
Check out another Rockband for company.
Link: http://www.ranum.com/editorials/corporate-songs/index.html
Including
The Checkpoint song
Symantec Revolution
Ever Onward I.B.M
Followup from Symantec Rockband http://www.rockdotrock.com/
Link: http://www.ranum.com/editorials/corporate-songs/index.html
Including
The Checkpoint song
Symantec Revolution
Ever Onward I.B.M
Followup from Symantec Rockband http://www.rockdotrock.com/
Tuesday, January 2, 2007
Happy New Year ! The year of the Golden Pig ! Wow
According to Chinese mythology, which is also believed by Koreans, the year of the golden pig arrives every 600 years, and it is considered extremely propitious, especially in terms of monetary wealth. Thus, couples all across Asia are giving it their best to bring in babies within the next lunar year which starts on Feb. 18, 2007.
Granted, folklore scholars dispute the existence at all of a golden pig year. They say that further research will likely debunk the myth just as it did the myth of 2006 as the "year of the two springs," an extremely favorable year for marriages, according to The Korea Times, an English-language newspaper published out of Seoul.
But the legend has gained widespread popularity, regardless, especially among young couples looking to have their first or second child. South Korea, for example, is expected to see a 10 percent increase in the birth rate, primarily because of the rumor, according to The Korea Times.
Retailers are also capitalizing on the trend by printing golden-pig-year calendars, baby clothing and a whole array of toys to meet the sudden demand. Marriage halls during 2006 saw just as significant an increase in business last year, because of the myth about that propitious year.
Granted, folklore scholars dispute the existence at all of a golden pig year. They say that further research will likely debunk the myth just as it did the myth of 2006 as the "year of the two springs," an extremely favorable year for marriages, according to The Korea Times, an English-language newspaper published out of Seoul.
But the legend has gained widespread popularity, regardless, especially among young couples looking to have their first or second child. South Korea, for example, is expected to see a 10 percent increase in the birth rate, primarily because of the rumor, according to The Korea Times.
Retailers are also capitalizing on the trend by printing golden-pig-year calendars, baby clothing and a whole array of toys to meet the sudden demand. Marriage halls during 2006 saw just as significant an increase in business last year, because of the myth about that propitious year.
Mark Russinovich's video on malware detection and cleaning!
Check out some interesting video on Rootkit hunting
http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=359
http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=359
Subscribe to:
Posts (Atom)
Global Virus Map
