Random observations, teachings and musings of a well trained cubicle superhero.

Friday, August 29, 2008

OpenTape test

Friday, August 08, 2008

August 8, 2008

It's patch time in Internetland

Tech Mate
Jay, a.k.a. “The Cubicle Superhero”, is a self-professed tech junkie with a passion for music and culture Email Jay

While it isn't the most enjoyable topic in the world, every now and then, we at Tech Mates have to sound the old virus alarm. This month we're hitting some pretty bad infection numbers, so you might want to pay close attention to this article.It's virus season

It seems the rainy summer has driven hackers into a frenzy over the past few months as the number of infections seem to have spiked. During the annual BlackHat security conference in Las Vegas last week, security researcher Dan Kaminsky revealed a serious worldwide security issue related to DNS, a critical Internet service. Over in San Jose, Secure Computing released their quarterly report indicating that although spam is dropping significantly, malware is on the loose. In the media, there has been recent coverage of a DNS exploit that could potentially bring the pain to every network if not patched, while MySpace and Facebook have been hit with their own special bugs.

Users beware!

The one that seems to be hitting hardest in the past few days is the bug spreading rapidly across social networking sites. Sent from one of your trusted friends, this seemingly benign message directs you to view a video. The site appears to be YouTube, but in actuality it's hosted on a Russian server. Just visiting this site is probably harmless, but when the victim attempts to view its video, the site redirects the user to run codecsetup.exe. The victim's Facebook contact list is copied, and the virus spreads. Nasty stuff! I've included a screenshot (Fig. 1) from one such message that I received. I have changed the friends name to TERRIBLE FRIEND, but in reality, the photo and name would appear much more convincing. Even the landing page itself copies the Facebook image from the user's profile, making it appear that their friend posted it.

Other (hilarious) variations of the message heading include:

  • Paris Hilton Tosses Dwarf On The Street
  • Examiners Caught Downloading Grades From The Internet
  • Examiners Caught Downloading Grades From The Internet
  • Hello; You must see it!!! LOL. My friend catched you on hidden cam
  • Is it really celebrity? Funny Moments and many others

    Norton (makers of the Rogers Online Protection) has issued a bulletin indicating that the virus itself is fairly old, and current LiveUpdate definitions should quarantine the offending files. Macafee, AVAST and AVG should pick this one up as well, so run your updates and scan your entire machine.

    Pop-up Pustules

    Let's not forget our old friend XPAntivirus, recently updated from 2008 to 2009. It has absolutely nothing to do with Norton Antivirus, or Windows XP, other than this virus seems to target machines running the Windows operating system. This is piece of rogue security software, written by criminals in the hopes of tricking you into purchasing their software. These types of fake security programs spawn pop-up messages when you open your browser, warning of dire security breaches and privacy exploits. It then directs you to purchase their "software" to eliminate the problem. In essence you are being blackmailed to remove their messages.

    Tech Mate
    Fig. 1
    The Anti-Spyware component of the Rogers Online Protection software has been good at catching these infections, but new variations are springing up daily, and no antivirus can catch them all. If you're not running any antivirus, I cannot stress enough how important it is to be protected. Give LiveCoach a call and we can make a recommendation based on your system specs.

    These programs cannot be removed using the traditional Add/Remove Programs area of the control panel. The best antidote for any virus is education and prevention. If you're on a website that is asking for an install, stop for a moment and ask yourself if you really trust this website. The two main points of infection for this exploit are fake security websites (I wont post the addresses here -- people click links). if you're directed there, and you already have an antivirus program installed, close the webpage using the X on the top right of your window. P2P file-sharing program users, understand that these services are untested, untrusted and generally illegal. Be aware!

    Cleaning up the mess

    If you think you're infected, the following tools have yielded some success:

  • MalwareBytes RogueRemover, discussed here
  • RogueFix tool, discussed here
  • Another tool some have had success with is the SmitFraudFIX

    To manage your expectations, however, the effectiveness of these tools are mitigated by the condition of your system, and the type of infection you have.

    Even the professionals have one slipped past them once in a while. The DNS exploit that Dan Kaminsky referred to at the Black Hat security conference affected machines across the globe! The DNS system is responsible for decoding the human language to the physical machine number that serves the page we're requesting. This exploit, if not patched, would have allowed hackers to redirect these requests and send users to any site they wished. In the scenarios he depicted, email could be intercepted, attachments stripped, and a virus payload send on.

    Recent reports indicate that over 85 percent of servers worldwide have already been patched, and the specific details of the exploit have been kept under wraps.

    Now is as good a time as ever to start looking at DNS alternatives like our personal favourite, OpenDNS. By browsing your Network Connections in Control Panel, and entering the OpenDNS server numbers, you'll avoiding any potential risk associated with this exploit, and benefit from a set of unique features.

  • Printable View Send to a friend
    Bookmark and share with:
    Yahoo! Del.icio.us Digg Reddit Facebook
    This page is powered by Blogger. Isn't yours?

    Support http://folding.stanford.edu/

    website statistics