Bay Geeks Computer Repair Services

August 29, 2009

Hackers serve up pre-release malware to Mac fanboys

Filed under: Antivirus, Malware, apple — admin @ 8:01 am
0
Digg me

Virus slingers are taking advantage of the release of Apple’s Snow Leopard operating system by offering malware from sites touting operating system upgrades.

Dodgy sites supposedly offering Snow Leopard were rigged to push an Apple-specific DNS changer Trojan, detected by Trend Micro as JAHLAV-K. The malware is a MAC OS X mountable Disk Image file (.DMG) that comes contaminated with various malicious scripts, as explained here.

Users infected with the Apple specific malware would find their internet connections redirected to phishing sites and other fraudulent endeavours. Some of these bogus sites hosted scareware (fake anti-virus) packages.

Fake sites offering the Mac malware were in operation in the run-up to the release of Snow Leopard on Friday. There are more details in a blog on Trend Micro’s website, here.

A similar attack, detected earlier this week, offered malware in the guise of Foxit PDF Reader software for Apple Macs. The pirated version “Foxit Reader for Mac” comes loaded with the Jahlav Trojan horse, anti-virus firm Sophos warns.

Foxit Reader is not yet officially available for Apple Macs. When it does come out, prospective users ought to use the official Foxit website, Foxit advises.

“While imitation may be the sincerest form of flattery, we are not happy about the recent malware attacks masquerading as our Foxit Reader,” said George Gao, vice president of sales and marketing at Foxit Corporation. “Foxit has always striven to insure that our solutions are secure for our users, and remains committed to address any Foxit product security issue in a professional and timely manner.”

Source

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

August 5, 2009

Glenn Beck: Cash For Clunkers is a government scam to gain access to your computer

Filed under: Computer Advice, General, Malware, Security, Uncategorized — Alden @ 2:59 pm
0
Digg me

Very interesting and scary news article about the Governments wide reaching privacy policy on the cash for clunkers website.

Basically, what’s happening here is by signing up for the cash for clunkers program: you’re authorizing the feds to view, copy, transfer and more… basically your data is their data. Plus as an added bonus, when you are connected to their systems… your computer and all of the data contained on it become property of…. (drum roll anyone?)… you guessed it! Uncle Sam! Woo Hoo!!!

So, they can view, intercept, read, analayze any data with the use of some really sophisticated spyware that apparently exploits some vulnerabilities that Microsoft hasn’t closed for some unknown reason.

Check it out here and remember, Big Brother’s Always Watching!

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

June 1, 2009

WARNING: Juste Best Videos Attack Jumps from Twitter to Facebook

Filed under: Malware, viruses — admin @ 1:02 pm
0
Digg me

Juste (dot) ru, the video scam that’s been spreading rapidly on Twitter, is actually a double-headed beast.

We’re now getting reports of the same video links being spammed through user accounts on Facebook, too - a screenshot of such a mail is below. If you get a Facebook message with a link to Juste.ru, DO NOT click the link or visit the site - it appears to steal your credentials for both Twitter and Facebook, then abuse them to spread the scam further. Your Facebook friends get spam messages, and your Twitter followers get sent malicious Tweets.

This is perhaps the most vicious of social networking scams we’ve seen, affecting two networks simultaneously. Given that it’s able to grab logins from both sites, we’re assuming that it works by installing malware on the host machine, rather than simply asking for login details. We’ll continue to update once we have more information.

Current advisory: do not click links to “juste (dot) ru” on either Twitter or Facebook today. Also avoid any links on Facebook that simply say “Video” or “Best Video” - I’ve seen at least one example where it seems the link is hidden behind a short URL.

If you think you might be affected (ie. your Twitter or Facebook accounts are sending out spam links), run a full virus and spyware scan, clear your browser cookies and change your passwords on both services.

Source

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

April 10, 2009

Conficker Update: Creating Spam-Spewing Drones?

Filed under: Antivirus, Malware, Security, spam, viruses — admin @ 8:06 pm
0
Digg me

More than a week after its April 1 deadline, the Conficker C worm released an update that could activate the botnet to deliver spam and turn infected PCs into zombies.
Researchers say that the latest update could include a connection between the Conficker worm to the active spam bot W32.Waledac. Specifically, researchers said they have seen circumstantial evidence that the latest strain of Conficker, known as Downadup E, might drop a Waledac binary on machines infected with Conficker C. That binary is designed to steal information and turn infected PCs into spam-spewing drones under the control of the malware authors, experts say.

“We got a first look at the payload and we’re still looking at this one, a worm or Trojan called Waledac associated with tons of spam,” said Vincent Weafer, vice president of Symantec (NSDQ:SYMC) Security Response. “Ultimately it’s about information stealing.”

More Conficker updates could include widespread distribution of Trojans, keystroke loggers and other malware designed to grab user credentials and steal personal and financial information later down the road, Weafer said. “And then what’s left is a very robust botnet,” he added.

April 1 marked the day the Conficker worm was scheduled to undergo an update that provided a new domain generation algorithm allowing the infected computers to “call home” to about 500 of the 50,000 newly generated domains, possibly for new instructions.

The new strain of the Conficker worm updates machines infected with Conficker C to the new strain, known as Downadup E via peer-to-peer techniques.

Researchers said that they’ve seen a few differentiators from the previous Conficker C.

The updated Conficker prefers to travel through peer-to-peer networks to distribute its new version E. However, researchers say that the new sample doesn’t appear to include new infection vectors that might allow it to propagate faster or onto new machines.

The latest version also incorporates a previously unseen self-removal functionality that is programmed with the ability to eliminate itself from infected hosts on May 3, and reaches out to a new list of high-profile domains.

Before its update April 1, Conficker C was renowned for exhibiting an array of sophisticated self-preservation techniques, which included blocking access to security vendor sites, dodging numerous antivirus products, and disabling Windows automatic updates. In addition, Conficker C has the ability to patch its own vulnerability once it has infected a machine, presumably to prevent competing malware from attacking the same host.

The earliest Conficker variants, Conficker B, and its predecessor Conficker A, had unique abilities to replicate and spread rapidly, infecting millions of PCs with techniques that ranged from brute force password guessing to transmission through USB sticks and peer-to-peer networks. Experts say that the highest rates of infections were found primarily in Latin America and other markets that rely on pirated Windows software, which doesn’t receive security updates.

Meanwhile, the entire upgrade is anticipated to take weeks to months, Weafer said.

“We describe this as step five of a 1,000-step chess match. This is going to go on for a while,” Weafer said. “This is not going to be an overnight upgrade.”

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

February 14, 2009

Kaspersky denies leaks after SQL hack

Filed under: Antivirus, Malware, Security, viruses — admin @ 7:15 pm
1
Digg me

Russian antivirus vendor Kaspersky Labs’s US website was hacked over the weekend, exposing the company’s customer database, but Kaspersky has denied data was compromised and says the vulnerability wasn’t critical.

 

An unidentified hacker reported over the weekend that he was able to access a complete profile of the company’s databases, revealing its clients’ names, activation codes, list of bugs the company tracks and client email addresses.

 

The hacker claimed to have hacked Kaspersky Labs’s databases using an SQL injection attack, which exploits a vulnerability in an application’s database layer.

 

The method has become a popular means to gain information via web-facing applications or as a way to use popular websites to spread malicious software.

 

Microsoft’s UK website came under a similar attack in 2007 when hackers used an SQL injection to inject HTML code which seemingly defaced its web pages.

 

The Kaspersky hacker, who published their finding on the Hackersblog.org website, has since said that confidential data would not be released.

 

“[The] Kaspersky team doesn’t need to worry about us spreading their confidential stuff. Our staff will never save or keep any confidential data. We just point our fingers to big websites with security problems,” they reported.

 

Kaspersky Labs has admitted that a subsection of its usa.kaspersky.com domain was vulnerable last Saturday when a hacker “attempted an attack on the site”.

 

“The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site,” a spokesperson for the company said in a statement.

 

This article was originally posted on ZDNet Australia.

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

Microsoft slaps US$250,000-00 bounty on Conficker worm

Filed under: Malware, Security, viruses — admin @ 12:46 pm
1
Digg me

Microsoft announced it has formed a technology industry posse and put a bounty of $US250,000 on the heads of those responsible for a vexing computer worm.

The nasty computer code known as “Conficker” or “Downadup” has been spreading quickly, wriggling into millions of computers worldwide and threatening to commandeer or crash systems.

Microsoft is working with computer security specialists and the Internet Corporation for Assigned Names and Numbers (ICANN) to track down whoever unleashed Conficker.

“The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together,” said ICANN chief Internet security advisor Greg Rattray.

Microsoft promised to pay 250,000 dollars for information that leads to the capture and conviction of the people that launched the malicious code on the Internet.

“We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable,” said George Stathakopoulos, general manager of Microsoft’s Trustworthy Computing Group.

 Source

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

February 10, 2009

Email Alert - New Spam Threat

Filed under: Computer Advice, Emails, Malware, Security, spam — admin @ 4:59 pm
0
Digg me

You may be aware of the debate going on in this country over the development of a stimulus package to aid in our economic recovery.  Unfortunately all of those dedicated spammers out there are using this as an opportunity to defraud the general public.  There are now emails circulating that appear to be from the US Internal Revenue Service and promising an “Economic Stimulus Payment”.    They are designed to facilitate the theft of your identity.  They generally contain links to online forms where you will be asked to submit personal information or they will ask you to reply to the email with sensitive information.  They may appear authentic as they include official looking seals however the IRS other US federal agencies never make unsolicited contact with citizens via email.

 If you receive one of these messages, delete it immediately.  Do not reply to it or click on any links in the body of the message.

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

January 20, 2009

Simple, Proper Avira Anti-Virus Configuration

Filed under: Antivirus, Computer Advice, Computer Repair, General, Malware, Tutorials, viruses — Tags: , , , , — admin @ 7:46 am
0
Digg me

As computer consultants, we at Bay Geeks are constantly answering this question: “Which Anti-virus program do you recommend?”

Our answers change based on a variety of factors including our experience, technical articles and feedback from our clients.

We’re always on the look out for high quality, low cost solutions we can offer our clients. One of the latest up and comers has been Avira. We’ve seen this product more and more over the last year and some of the recent research results we’ve reviewed has brought this product into our favor, (assuming you don’t mind two pop-ups per day {for the free version}… once when it updates and once when it scans).

According to www.av-comparatives.org Avira has been beating out the best Anti-virus products, by albeit a small margin… but they’re winning none the less.

For an in depth look at the research, installation and configuration details… please check out this Avira Anti-Virus Research, Installation and Configuration Tutorial (2.64 MB).

We hope this helps!

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

January 18, 2009

No end in sight for massive Windows worm outbreak

Filed under: General, Malware — admin @ 8:07 pm
0
Digg me

The largest corporate malware outbreak in more than seven years may be affecting organizations that are fully patched, researchers said Friday.

Nearly nine million machines worldwide have been infected with the Downadup, or Conficker, worm — including some 6.5 million in the past four days alone, said Mikko Hypponen, the chief research officer of anti-virus firm F-Secure. That makes this the biggest corporate virus outbreak since Nimda unleashed its fury in 2001.

What makes the malware particularly viable, he said, is that it can spread in three distinct ways, only one of which can be closed off by applying an emergency fix (MS08-067) that Microsoft issued in October for a Windows Server Service vulnerability.

At the start of this month, the exploit morphed into a worm that can propagate through removable media devices or by copying itself to network shares, through brute-force password-guessing, Hypponen said. It bucks the trend of modern malware, which largely is spread via the web or through email.

“The user doesn’t have to be on the computer,” he told SCMagazineUS.com on Friday. “He can be away and still get infected.”

As soon as this worm correctly guesses the password of a user who belongs to the administrator group, the malware will browse the network shares of other machines, mount the C-drive and then use its privileges to schedule a task, in this case, infect that share with a copy of itself.

“Once the worm is able to crack the password of any user who belongs to an admin group, then it’s game over,” Hypponen said. “Once you have one infected machine in house…it can spread like wildfire. It can happen even if every single machine is patched.”

At this point, it remains unclear what the motive is of the malware writers, Hypponen said. Even though the worm has capabilities to “phone home” to receive additional instructions from a command-and-control center, researchers have not spotted any botnet traffic.

The only tangible impact on businesses is that employees may be unable to reach certain websites and may get locked out of their accounts, a product of the worm trying to guess passwords, he said. Also, the virus turns off Windows updates.

Either way, the individuals behind the attack are amassing an enormous botnet, researchers said. IP addresses from across the globe are affected, with the most victim machines residing in China, Brazil, Russia and India, according to F-Secure. But there are thousands of compromised computers in the United States.

To stop the spread, organizations, among other things, should ensure end-users are not using local administrative rights, Hypponen said.

A Microsoft spokesperson could not be reached for comment, but the software giant has said its Malicious Software Removal Tool will detect and eliminate the malware. But Hypponen warned that anti-virus solutions may not always work because the malware is constantly changing to evade detection.

Source

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com

December 29, 2008

Santa left a virus under the Christmas tree

Filed under: Malware, viruses — Tags: , , — admin @ 9:14 am
0
Digg me

Amazon has warned its customers that one of Samsung’s digital picture frames shipped to customers infected with a virus. While Samsung has some egg on its face, malware that ships on consumer hardware is not as serious of an issue as it may seem.

Earlier this week Amazon alerted its customers to an issue affecting the installation CD that shipped with the Samsung SPF-85H 8 inch Digital Picture Frame. Apparently the CD shipped with a copy of the W32.Sality.AE virus. Amazon is recommending that people download a recent copy of the application directly from Samsung’s website rather than using the CD.

So yes, this is embarrassing for Samsung. It shows that either they or the subcontractor who cut the CD need to tighten up their processes surrounding manufacturing systems. There is no reason for those machines to be exposed to malware, let alone not run up-to-date anti-virus to catch these infections.

The customers have a pretty low likelihood of being infected by this malware, though. Any system running up-to-date anti-virus would have been guaranteed to spot the potential infection, as the delay between when the CD was first cut and when the customer attempted to install the application was far longer than the average amount of time it takes for a piece of malware to be detected by an anti-virus package. If the system wasn’t running an up-to-date anti-virus package, well, it probably had oodles of malware already, and the marginal cost of one more infection is pretty small.

I suspect next year Samsung will be asking Santa for security people who are tightwads about compliance.

Adam J. O’Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.
By Adam J. O’Donnel, Ph.D.
Source

Add This! Blinkbits Blinklist Blogmarks BlogMemes BlueDot BlogLines co.mments Connotea del.icio.us de.lirio.us Digg Diigo DZone Facebook FeedMeLinks Folkd.com Fleck Furl Google Google Reader icio.de IndianPad Leonaut LinkaGoGo Linkarena Linkter Magnolia Mister Wong MyShare Ask.com MyStuff Ask.com Yahoo! MyWeb Netscape Netvouz Newsgator Newsvine Oneview.de RawSugar reddit Rojo Segnalo Shadows Simpy SlashDot Smarking Sphere Spurl Startaid StumbleUpon TailRank Technorati ThisNext yigg.de Webnews.de ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com Plugin by Dichev.com
Older Posts »

Powered by WordPress

Copy Protected by WP-CopyProtect Thanks to Chetan.