Random observations, teachings and musings of a well trained cubicle superhero.
http://j1.ca
Friday, August 29, 2008
OpenTape test
Friday, August 08, 2008
August 8, 2008
It's patch time in Internetland
Jay, a.k.a. “The Cubicle Superhero”, is a self-professed tech junkie with a passion for music and culture 
Email Jay
While it isn't the most enjoyable topic in the world, every now and then, we at Tech Mates have to sound the old virus alarm. This month we're hitting some pretty bad infection numbers, so you might want to pay close attention to this article.It's virus season
It seems the rainy summer has driven hackers into a frenzy over the past few months as the number of infections seem to have spiked. During the annual BlackHat security conference in Las Vegas last week, security researcher Dan Kaminsky revealed a serious worldwide security issue related to DNS, a critical Internet service. Over in San Jose, Secure Computing released their quarterly report indicating that although spam is dropping significantly, malware is on the loose. In the media, there has been recent coverage of a DNS exploit that could potentially bring the pain to every network if not patched, while MySpace and Facebook have been hit with their own special bugs.
Users beware!
The one that seems to be hitting hardest in the past few days is the bug spreading rapidly across social networking sites. Sent from one of your trusted friends, this seemingly benign message directs you to view a video. The site appears to be YouTube, but in actuality it's hosted on a Russian server. Just visiting this site is probably harmless, but when the victim attempts to view its video, the site redirects the user to run codecsetup.exe. The victim's Facebook contact list is copied, and the virus spreads. Nasty stuff! I've included a screenshot (Fig. 1) from one such message that I received. I have changed the friends name to TERRIBLE FRIEND, but in reality, the photo and name would appear much more convincing. Even the landing page itself copies the Facebook image from the user's profile, making it appear that their friend posted it.
Other (hilarious) variations of the message heading include:
Paris Hilton Tosses Dwarf On The Street Examiners Caught Downloading Grades From The Internet Examiners Caught Downloading Grades From The Internet Hello; You must see it!!! LOL. My friend catched you on hidden cam Is it really celebrity? Funny Moments and many others
Norton (makers of the Rogers Online Protection) has issued a bulletin indicating that the virus itself is fairly old, and current LiveUpdate definitions should quarantine the offending files. Macafee, AVAST and AVG should pick this one up as well, so run your updates and scan your entire machine.
Pop-up Pustules
Let's not forget our old friend XPAntivirus, recently updated from 2008 to 2009. It has absolutely nothing to do with Norton Antivirus, or Windows XP, other than this virus seems to target machines running the Windows operating system. This is piece of rogue security software, written by criminals in the hopes of tricking you into purchasing their software. These types of fake security programs spawn pop-up messages when you open your browser, warning of dire security breaches and privacy exploits. It then directs you to purchase their "software" to eliminate the problem. In essence you are being blackmailed to remove their messages.
Fig. 1The Anti-Spyware component of the Rogers Online Protection software has been good at catching these infections, but new variations are springing up daily, and no antivirus can catch them all. If you're not running any antivirus, I cannot stress enough how important it is to be protected. Give LiveCoach a call and we can make a recommendation based on your system specs.
These programs cannot be removed using the traditional Add/Remove Programs area of the control panel. The best antidote for any virus is education and prevention. If you're on a website that is asking for an install, stop for a moment and ask yourself if you really trust this website. The two main points of infection for this exploit are fake security websites (I wont post the addresses here -- people click links). if you're directed there, and you already have an antivirus program installed, close the webpage using the X on the top right of your window. P2P file-sharing program users, understand that these services are untested, untrusted and generally illegal. Be aware!
Cleaning up the mess
If you think you're infected, the following tools have yielded some success:
MalwareBytes RogueRemover, discussed here RogueFix tool, discussed here Another tool some have had success with is the SmitFraudFIX
To manage your expectations, however, the effectiveness of these tools are mitigated by the condition of your system, and the type of infection you have.
Even the professionals have one slipped past them once in a while. The DNS exploit that Dan Kaminsky referred to at the Black Hat security conference affected machines across the globe! The DNS system is responsible for decoding the human language to the physical machine number that serves the page we're requesting. This exploit, if not patched, would have allowed hackers to redirect these requests and send users to any site they wished. In the scenarios he depicted, email could be intercepted, attachments stripped, and a virus payload send on.
Recent reports indicate that over 85 percent of servers worldwide have already been patched, and the specific details of the exploit have been kept under wraps.
Now is as good a time as ever to start looking at DNS alternatives like our personal favourite, OpenDNS. By browsing your Network Connections in Control Panel, and entering the OpenDNS server numbers, you'll avoiding any potential risk associated with this exploit, and benefit from a set of unique features.
Email JayIt seems the rainy summer has driven hackers into a frenzy over the past few months as the number of infections seem to have spiked. During the annual BlackHat security conference in Las Vegas last week, security researcher Dan Kaminsky revealed a serious worldwide security issue related to DNS, a critical Internet service. Over in San Jose, Secure Computing released their quarterly report indicating that although spam is dropping significantly, malware is on the loose. In the media, there has been recent coverage of a DNS exploit that could potentially bring the pain to every network if not patched, while MySpace and Facebook have been hit with their own special bugs.
Users beware!
The one that seems to be hitting hardest in the past few days is the bug spreading rapidly across social networking sites. Sent from one of your trusted friends, this seemingly benign message directs you to view a video. The site appears to be YouTube, but in actuality it's hosted on a Russian server. Just visiting this site is probably harmless, but when the victim attempts to view its video, the site redirects the user to run codecsetup.exe. The victim's Facebook contact list is copied, and the virus spreads. Nasty stuff! I've included a screenshot (Fig. 1) from one such message that I received. I have changed the friends name to TERRIBLE FRIEND, but in reality, the photo and name would appear much more convincing. Even the landing page itself copies the Facebook image from the user's profile, making it appear that their friend posted it.
Other (hilarious) variations of the message heading include:
Norton (makers of the Rogers Online Protection) has issued a bulletin indicating that the virus itself is fairly old, and current LiveUpdate definitions should quarantine the offending files. Macafee, AVAST and AVG should pick this one up as well, so run your updates and scan your entire machine.
Pop-up Pustules
Let's not forget our old friend XPAntivirus, recently updated from 2008 to 2009. It has absolutely nothing to do with Norton Antivirus, or Windows XP, other than this virus seems to target machines running the Windows operating system. This is piece of rogue security software, written by criminals in the hopes of tricking you into purchasing their software. These types of fake security programs spawn pop-up messages when you open your browser, warning of dire security breaches and privacy exploits. It then directs you to purchase their "software" to eliminate the problem. In essence you are being blackmailed to remove their messages.
Fig. 1
These programs cannot be removed using the traditional Add/Remove Programs area of the control panel. The best antidote for any virus is education and prevention. If you're on a website that is asking for an install, stop for a moment and ask yourself if you really trust this website. The two main points of infection for this exploit are fake security websites (I wont post the addresses here -- people click links). if you're directed there, and you already have an antivirus program installed, close the webpage using the X on the top right of your window. P2P file-sharing program users, understand that these services are untested, untrusted and generally illegal. Be aware!
Cleaning up the mess
If you think you're infected, the following tools have yielded some success:
To manage your expectations, however, the effectiveness of these tools are mitigated by the condition of your system, and the type of infection you have.
Even the professionals have one slipped past them once in a while. The DNS exploit that Dan Kaminsky referred to at the Black Hat security conference affected machines across the globe! The DNS system is responsible for decoding the human language to the physical machine number that serves the page we're requesting. This exploit, if not patched, would have allowed hackers to redirect these requests and send users to any site they wished. In the scenarios he depicted, email could be intercepted, attachments stripped, and a virus payload send on.
Recent reports indicate that over 85 percent of servers worldwide have already been patched, and the specific details of the exploit have been kept under wraps.
Now is as good a time as ever to start looking at DNS alternatives like our personal favourite, OpenDNS. By browsing your Network Connections in Control Panel, and entering the OpenDNS server numbers, you'll avoiding any potential risk associated with this exploit, and benefit from a set of unique features.
 Printable View  Send to a friend | Bookmark and share with:      |
| www.flickr.com |
Archives
- July 2003
- June 2004
- July 2004
- August 2004
- September 2004
- October 2004
- November 2004
- December 2004
- January 2005
- February 2005
- March 2005
- April 2005
- May 2005
- June 2005
- July 2005
- August 2005
- September 2005
- October 2005
- November 2005
- December 2005
- January 2006
- February 2006
- March 2006
- April 2006
- May 2006
- June 2006
- July 2006
- September 2006
- October 2006
- November 2006
- December 2006
- January 2007
- February 2007
- March 2007
- April 2007
- May 2007
- June 2007
- July 2007
- August 2007
- September 2007
- October 2007
- November 2007
- December 2007
- January 2008
- February 2008
- March 2008
- April 2008
- May 2008
- June 2008
- July 2008
- August 2008
- September 2008
- October 2008
- November 2008
- December 2008
- January 2009
- February 2009
- March 2009
- May 2009
- June 2009
- July 2009
- October 2009
- November 2009
- December 2009
- January 2010
- February 2010
- March 2010
- April 2010
- May 2010
- June 2010
- July 2010
- August 2010
- September 2010
- October 2010
- November 2010
- December 2010
- January 2011
- February 2011
- March 2011
- May 2011
- July 2011
- September 2011
- November 2011
- December 2011
- January 2012
- July 2012
- January 2013
- July 2014