Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Softpanorama Malware Protection Bulletin, 2011

Malware 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010
2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Oct 30, 2011] German Government Trojan Will Help The Pirates

"Bundestrojaner". Nice...
October 09, 2011 | Moon of Alabama

As the Chaos Computer Club, a 25 year old hacker organization which promotes privacy, found, the "Federal Trojan" software the police uses for sniffing into Skype calls allows full manipulation of the hosting PC. The software can install additional programs and it can upload, download and manipulate files.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

Even worse, the software is written on an amateur level, uses unsecured communication methods and, once installed, leaves the computer open to be manipulated by anyone on the Internet.

[Oct 12, 2011] Microsoft Says IE9 Blocks More Malware Than Chrome

"For every computer exploited using a Windows flaw, 100 are exploited using Flash. Acrobat Reader and Java are the other major culprits. "
October 11, 2011 | Slashdot

CSHARP123 writes "In a move that's sure to raise some eyebrows, Microsoft today debuted a new web site designed to raise awareness of security issues in web browsers. When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you're using. Only IE, Chrome, or Firefox are included - other browsers are excluded. Not surprisingly, Microsoft's latest release, Internet Explorer 9, gets a perfect 4 out of 4. Chrome or Firefox do not even come close to the score of 4. Even though the web site makes it easy for users to upgrade to the latest version of their choice of browser, Roger Capriotti hopes people will choose IE9, as it blocks more malware compared to Chrome or Firefox." Of note in the Windows Team post is that the latest Microsoft Security Intelligence Report discovered that 0-day exploits account for a mere tenth of a percent of all intrusions. Holes in outdated software and social engineering account for the majority of successful attacks.

Hatta:

NoScript blocks more malware than either.

Tridus:

I've seen the same data from Mcafee, and it was really something. For every computer exploited using a Windows flaw, 100 are exploited using Flash. Acrobat Reader and Java are the other major culprits.

In a lot of ways, browser security itself has never been better. There's several highly capable ones out there in this area. The weak link is some truly terrible plugins.

LordLimeca:

It might have been informative. Seriously, when you accuse Chrome of not meeting the requirement, "Does the browser help protect you from websites that are known to distribute socially engineered malware?" when google's anti-malware service is the basis for at least two browsers, and predates IE's effort by at least a year (probably more like 2), it sort of hampers your credibility.

znerk:

Get Adobe Flash player
This page requires Flash Player version 10.2.0 or higher.

My browser only scored a 2 out of 4, yet was able to keep me from seeing most of the malicious content on the linked page.

NoScript and AdBlockPlus, thank you.

My browser: 1 Microsoft FUD: 0

Moving along, now... so much more internet to see, so little time.

FyberOptic:

Why does everyone fall back on attacking Microsoft for press releases like this? Statistically, IE HAS been safer than other browsers in certain respects nowadays. It's silly to dismiss their complete turnaround in taking security seriously just because it's fun to hate on the company.

Of course there's going to be some marketing thrown into it as well. But what company doesn't? Why isn't everyone attacking Apple when they claim Safari is the fastest and safest browser? Or Mozilla, which has made the same claims for years too? It's not true for either of those, and they certainly can't both be right at the same time. Everyone lets that slide, because it's not cool to hate on them, despite their own terrible histories with security/vulnerability problems.

I haven't used IE for years (stopped for security reasons, in fact), but that doesn't change the fact that I can still offer them kudos for helping keep the web a safer place, especially when they still provide the dominant browser. The less infected machines on the internet is beneficial to ALL of us.

rsmith-mac:

Even though the site is the usual mix of MS inaccuracies, one thing it does do a good job pointing out is that Firefox is the odd man out right now when it comes to sandboxing. IE has it, Chrome has it, Safari on the Mac has it. Yet Firefox as the #2/#3 browser in the world lacks it. And while it's of limited use in protecting against attacks on plugins (which are the most common vector), it means it's easier to exploit the browser itself.

The FF devs should be working on getting Firefox appropriately sandboxed, even if it's Windows-only at the start. It would go a long way towards bringing it up to par with Chrome, which is Firefox's real competition.

[Jul 17, 2011] Spyware celebrates Google's 13th birthday!

The problem is wider then using misspellings for propagating spyware. Spyware authors can buy Google keywords and present their sites pretty high is certain searches. This is how XP Antivirus 2012 and other extortion oriented fake antivirus programs operate. It makes perfect sense to add Google to Restricted sites in IE.
Security Threat Research News

...Typosquatting is a popular Internet behavior that generates domain names based upon misspelling famous brand names. It is often abused by scammers to host malware and phishing content on these misspelled domains. Apparently, the Anticybersquatting Consumer Protection Act(ACPA) was enacted in 1999 to fight against any illegal intention of registering or using a domain confusingly similar to a trademark or famous name. As we know, it has been 13 years since Google was founded in1998.

Scammers have taken this opportunity to spread spyware through typosquatting on google.com, claiming that you can win an iPad on Google's 13th birthday.

Here is an example of a Google typosquatting: googole.com. Users will happen to get to the fake domain if they mistype google.com.

[Jul 17, 2011] Google sponsors spyware warning project

It looks like that initiative did not went too far, and Google is still speading malware...
msnbc.com

NEW YORK - Google is issuing this warning to people who try to click on links to sites with spyware and other malicious code: "The site you are about to visit may harm your computer!"

Users can search again, learn more about malicious code at the site StopBadware.org or proceed to the suspect site anyhow - at their own risk, of course.

Google Inc. said its initiative is just starting and is by no means comprehensive.

"To begin we'll only be identifying a small number of sites, but we'll be expanding our coverage over time," the company said in a statement. "Finding new and better ways to protect our users is a perpetual project, and we'll continue to work hard in this area."

Google is one of the main sponsors of StopBadware.org, a project that researchers from Harvard and Oxford universities are hoping to turn into a clearinghouse for information on spyware and other malicious software.

So far, StopBadware has identified only one site as malicious, and efforts to reach that site from Google worked normally Wednesday. But Google has identified other sites as problems and is offering warnings for those.

The company said the sites have been identified using software algorithms and verified with outside experts.

[Jul 17, 2011] XP Antivirus 2012 – how to get rid manually

[Jul 17, 2011] What is XP Antivirus 2012 and How to Remove XP Antivirus 2012 Rogue Anti-Spyware Application from Your PC

Full restore of C-partition works well with this rogue ;-). Pretty nasty staff -- redefines exe extention to make execution of programs from Explorer dfficult.
Automotive Addicts

XP Antivirus 2012 is a fake anti-spyware program that is well known for promoting purchase of a full edition of XP Antivirus 2012 through vigorous Windows attention notifications. The XP Antivirus 2012 pop-up messages look very convincing which is why many PC users have succumb to the XP Antivirus 2012 program by paying upwards of $80 for it not knowing that it will not live up to its promises.

What does XP Antivirus 2012 do?

XP Antivirus 2012 was created with the main purpose of extorting money from computer users. This process is accomplished after the installation of XP Antivirus 2012 occurs. The installation of XP Antivirus 2012 may come automatically through a Trojan horse that is installed on a PC user's system without their knowledge. Sometimes surfing a free porn site will allow this to happen. In other cases PC users may have downloaded some type of software from a P2P (peer 2 peer) network not knowing it was laced with malware.

After XP Antivirus 2012 starts to load during startup of Windows, it presents users with a plethora of alert notifications that look rather legitimate to the untrained eye. These notices along with system scan results, are all fabricated by the XP Antivirus 2012 program. After the trust of XP Antivirus 2012 is gained through these bogus messages and system scan results, the computer user is apt to click on one which may redirect them to a purchase site for XP Antivirus 2012. If purchased, XP Antivirus 2012 will not remove any type of malware nor will it resolve previously stated PC issues. The best thing to do when presented with XP Antivirus 2012 is to take immediate action to remove it.

How Can You Remove XP Antivirus 2012?

XP Antivirus 2012 can be very difficult to manually remove if you are an inexperienced computer user. Not to mention, XP Antivirus 2012 has been known to populate the Windows Registry with many different entries and removing the wrong entries could render a PC damaged or useless

[Jul 17, 2011] What is Mega antivirus 2012 and how to remove it

Feb 28, 2010 | AntiVirus Software

Akaashath Member Join Date: Feb 2010 Posts: 360

Re: What is Mega antivirus 2012 and how to remove it

--------------------------------------------------------------------------------

Mega Anti Virus 2012 is a rogue security program that is supported by the use of the Trojan, which are as bright updates or video codecs to mask that requires to be considered on an on-line video. If Mega Antivirus 2012 runs, it scans your PC and non-existing virus identified, but you are not allowed to try to remove it unless you first purchase the program. These acknowledged malware files do not survive even from your PC. Please do not purchase Mega Anti Virus 2012, when it is just a trick.

#4 23-02-2011 Aashirya Member Join Date: Feb 2010 Posts: 359

Re: What is Mega antivirus 2012 and how to remove it

--------------------------------------------------------------------------------

Mega Antivirus 2012 shows fake security warnings and windows on your desktop while you use the computer. These security alerts comprise notifications stating that your computer is under attack from a remote PC, or that frequent malware has been noticed. Like the forged scan results, these alerts and cautions, if all are ignored. Mega Anti Virus 2012 chunks task manager and additional utilities also. As you can observe, Mega Antivirus 2012 was intended to allow you believe that your PC is infected. If you have previously bought the program, contact credit card corporation name and talk about the charges. Make use of your physical removal directions from any website otherwise search Mega Anti Virus 2012 and related malware removal tool.

[Jul 17, 2011] Remove XP Antivirus 2012, removal instructions

They mention kdn.exe process, but the name can be any combination of three letters. Also registry keys mentions does not correspond those that I observed.
XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer's system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally. Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer's protection!

XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user's knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don't buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012.

[Feb 22, 2011] Scams Welcome to FanBox - How to Cancel - Block Fanbox.com

Sending fake emails is a pretty good indication that they are crooks. They run a pretty annoying password collecting scam. When you sign up for FanBox, they ask for your permission to email everyone in your address book (FanBox knows how to talk to most webmail systems). To do this, of course, FanBox needs your password. Most people, sigh, willingly supply their passwords to any seemingly innocuous service. You should inform your correspondents about the problem and change password immediately.

Fanbox.com, formerly known as sms.ac, is one of the most annoying and sleaziest spams and misrepresentations going right now. Here's how to stop receiving this spam.

If you are receiving email list this, we urge you to forward them to the federal Trade Commission. If they receive enough complaints, perhaps they'll get off their lazy government backsides and do something about the scum behind this scam:

How to Block Fanbox Emails or Cancel Your Account

Don't click on the link to cancel your account. That will only confirm to these scum that your email address is being used and ensure MORE spam. And since you never signed up for it, you haven't got an account to cancel. They are just trying to trick you into clicking on a link and confirming your information!

Instead, put fanbox.com, fanboxapps.com, and sms.ac in your junk / blocked senders, junk email or spam list in your email program (eg., Outlook junk mail list)

Report these spammers to the government:

To forward unwanted or deceptive spam to the Federal Trade Commission; send it to spam@uce.gov,

Also see the FTC and here to Report Porn Spam. In California, also use caspam@doj.ca.gov. In Missouri, use spamcomplaint@ago.mo.gov. In Virginia, use cybercrime@oag.state.va.us.

If you think you have been taken advantage of by a spam scam, file a complaint with the FTC online at www.ftc.gov. Complaints will help the FTC find and stop people who are using spam to defraud consumers.

How their scam works:

When you sign up for FanBox, it asks for your permission to email everyone in your address book. After you give them your password (DON'T do it!) it will start spamming everyone in your contact list / address book. It will send them these stupid ":____ asked you a question" spams.

We've received them here; and verified that the senders had no intention of sending them to us, or "asking" a question. They felt victimized.

For detailed discussion of this scam see these links:

1. Fanbox is the new plaxo

2. Spamhuntress.com: sms.ac turns into fanbox/

3. Steve Riley: faxbox, the latest in password scams

4. Fanbox: do not touch it

[Feb 21, 2011] Scams Welcome to FanBox - How to Cancel - Block Fanbox.com

Please be aware that there is a snowballing spam generation scheme in the US run by company called SMS.ac,_Inc. The company behind it is based in California and has approx 200 employees. That's right: two hundred). They run a social network called fanbox.com. See
http://en.wikipedia.org/wiki/SMS.ac,_Inc.
To lure people to their network they invented a neat social engineering trick based on popularity of social networks that allow them to collect millions of email addresses and claim membership of an order of 3.5 million people.
The scheme works something like this:

First you get a letter from one of your friends that looks innocent and pretty plausible, for example

Hi,

I set up a profile where I can post photos, connect and share.

Do me a favor and confirm our relationship here .

Thanks,
<name of your friend> 

If you click the link (very bad idea :-) it will propose you to login to this social networking site using any of your existing Webmail accounts (hotmail, gmail, yahoomail, etc). It also asks you to send an invitation to your friends.

What it does next is harvesting all your emails addresses in Web address book (it understands various formats) and send invitation to those on the list like regular email virus does. Pretty neat trick... Sending fake invitations to all addresses collected from your account address book make them a dangerous spammers.

Windows XP(SP3) Firewall Slow To Startup - Windows XP Support

Some Linux Foundation crack attack details emerge

ZDNet

The malware seems to have been on a Linux machine @ Badgered

The answer to your question is in the link provided by Vaughan-Nichols.

The term 'malware compromised PC' is something that Vaughan-Nichols simply made up (as he tends to do), unless he's posted the wrong link. The link he posted makes no reference to a PC. Rather, it states that a trojan was discovered on 'HPA's personal colo machine' -- a 'personal machine', not a 'PC'.

More importantly, the source also states that a 'trojan startup file was added to rc3.d'. As anyone familiar with Linux will know, 'rc3.d' is a directory containing start-up scripts for run level 3. The Linux run level scheme was copied from Unix, and as anyone familiar with Windows will know, Windows does not use run levels, nor has it ever.

In short, what Vaughan-Nichols calls a 'malware compromised PC' was apparently a 'personal co[-]lo[cation] machine' running Linux. It was apparently infected, along with several other Linux machines, by a trojan that targets Linux. It was Linux malware, full stop.

Anyone who's puzzled by a high-profile infection of Linux systems should consider the following:

1. Every production operating system contain bugs

2. Every user/administrator makes mistakes (much more important than 1)

3. Containing user/administrator mistakes and managing problems caused by bugs requires considerable resources

4. It's exceedingly unlikely that the Linux Kernel Organization, a non-profit, can match the resources of large commercial firms

5. Despite the myths spread by the technically inept, Linux isn't inherently more secure than Windows (indeed, as Charlie Miller has pointed out, Linux desktops are probably easier to hack than Windows desktops)

To those who haven't the first clue about security and think Linux is magically protected by pixies (i.e. most Linux zealots), the fact that hackers were able to compromise kernel.org and apparently remain undetected for some time must come as a shock. To anyone who actually understands the Linux, Unix and Windows security models, however, it isn't the least bit surprising.

FanBox Is The New Plaxo

Hello,
Rocky my boyfrend received faxbox invitation from a girl into hotmail account. This invitation was relating to his fanbox login. He says that he did not register himself in fanbox. His fanbox nickname is like his skype name or hotmail messanger nickname. Is that possible that he did not registered himself or he is lying?

He almost certainly did not register with Fanbox/Faxbox. According to this article, they get people's names and addresses from other victims, and then spam the new victims. They try to make it look like they have an account, and it can be canceled/unsubscribed/shut down. But, they ignore your request for removal and add you to a verified "good email account" list.

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

...



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September, 19, 2017