The 9th Soul

Obama-themed malware on the rise

Posted in internet news, security, technology by Fated Blue on November 7, 2008

 

One of the spam messages using Obamas election to entice people to download malware.

One of the spam messages using Obama's election to entice people to download malware.

Within hours of settling the U.S. presidential election on Tuesday, spam seen worldwide began incorporating the name and image of Barack Obama, according to various security vendors. The U.K.’s Sophos reported 60 percent of all spam seen by the lab on Wednesday was in some way Obama related.

One piece of spam alleges to contain a link to video of Obama’s acceptance speech. If you follow the video link within the e-mail message you will be taken to a Web page where you’ll be asked to update your Adobe Flash Player with a file, adobe_flash9.exe, first. This is not an official Adobe update file and downloading this file may in turn infect your computer with a Trojan.

Sophos named the Trojan Mal/Behav-027. F-Secure named it W32/Papras.CLSunbelt Software also has a blog about this particular piece of spam.

Meanwhile, Websense is reporting a separate threat. An e-mail appears to be an interview with the new president elect. The e-mail features embedded links to a video site that attempts to install a file, BarackObama.exe. Downloading this file may infect your computer with a Trojan.

10 Quick Fixes for the Worst Security Nightmares

Posted in security by Fated Blue on September 1, 2008

PCWORLD
Most security attacks are targeted at a few weak points on your PC that aren’t that hard to protect. Follow these simple tips, and you’ll suddenly be a whole lot safer.

Erik Larkin, PC World
Aug 5, 2008 1:01 pm

In the world of comic books, every bad guy is an evil genius. On the Web, hackers, spammers, and phishers may be evil, but they’re not required to be geniuses. They can make a healthy living just by exploiting known security holes that many users haven’t bothered to patch. Or by relying on the propensity of millions of people to do things they’ve been told over and over not to do.

The silver lining is that you don’t have to be a genius to avoid these common attacks either. Implement a few simple fixes, and you’ll avoid most of the bad stuff out there.

Fix 1: Patch Over the Software Bull’s-Eye

Have you turned off automatic updates for Windows and other programs on the rationale that “if it ain’t broke, don’t fix it?” Then consider this: Your programs may be very, very broken, and you don’t know it. The days of big splashy viruses that announce themselves to PC users are over. The modern cybercriminal prefers to invisibly take control of your PC, and unpatched software gives them the perfect opportunity to do so.

Today, a hijacked Web page–modern digital crooks’ attack of choice–will launch a bevy of probes against your PC in search of just one unpatched vulnerability that a probe can exploit. If it finds one, better hope your antivirus program catches the ensuing attack. Otherwise you likely won’t even notice anything amiss as it infects your system.

Luckily, you can completely block the majority of Web-based exploits by keeping all your programs–not just the operating system or your browsers–up-to-date. Attack sites ferret out holes in seemingly innocuous applications such as QuickTime and WinZip as well as in Windows and Internet Explorer. So turn on automatic update features for any software that offers the service–it’s your quickest and easiest option for getting patches.

Fix 2: Find the Other Holes

If every program used easy automatic updates–and we were all smart enough to use them–the thriving malware business would take a serious hit. Until then, a free and easy security app from Secunia can help save the day.

The Secunia Personal Software Inspector, available as a free download, scans your installed software to let you know which out-of-date programs might be making your PC unsafe. But it doesn’t stop there–for each old program it finds, it offers quick and easy action buttons such as one labeled Download Solution, which retrieves the latest software patch without you even having to open a browser.

The program also gives you links to the software vendor’s site as well as Secunia’s full report about the vulnerability on your system. You can choose to block future warnings about a particular program (but you should, of course, be careful before doing so).

Secunia PSI isn’t perfect, and doesn’t always make it easy to update unsafe program components. But for most apps it provides a quick–and very important–fix.

Fix 3: Let the Latest Browsers Fight for You
The most insidious hijacked Web pages are nearly impossible to spot. Tiny snippets of inserted code that don’t display on the page can nevertheless launch devastating behind-the-scenes attacks.

Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites–attacks against sites for Sony games and the Miami Dolphins are just two well-known examples. But new site-blocking features in the just-released Firefox 3 and Opera 9.5 browsers provide some shielding.

Both browsers expand on the previous version’s antiphishing features to block known malware sites as well, whether they’re hijacked pages on legitimate sites or sites that were specifically created by bad guys. Neither browser completely eliminates the risk of landing on such pages, but every additional layer of protection helps.

Microsoft plans to add a similar feature to Internet Explorer 8, but this version won’t be ready for prime time for a good while. For more on the browsers’ improved security, see “New Browsers Fight the Malware Scourge.

Fix 4: Sidestep Social Engineering

The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your own PC. Lots of social engineering attacks are laughably crude, with misspelled words and clumsy grammar, but that doesn’t mean you should dismiss the danger. Every now and then, a well-crafted attack can slip past your defenses and lure you into opening a poisonous e-mail attachment or downloaded file. A targeted attack might even use your correct name and business title.

To fight back, turn to a simple but powerful tool: VirusTotal.com. You can easily upload any file (up to 10MB) to the site and have it scanned by a whopping 35 different antivirus engines, including ones from Kaspersky, McAfee, and Symantec. A report tells you what each engine thought about your file. While some (such as Prevx) are prone to false alerts, if you get multiple specific warnings that include the name of the particular threat, then you almost certainly want to delete the file.

A lack of warnings doesn’t guarantee a file is safe, but it does give you pretty good odds. Use VirusTotal to check every e-mail attachment and download you’re not 100 percent sure about, and you’ll avoid insidious social engineering.

If using VirusTotal starts to become a habit (not a bad idea) and you want to make sending files for scanning to VirusTotal really easy, download the free VirusTotal Uploader. Once you’ve installed the utility, just right-click a file, and you’ll see an option (under Send To) to upload it to the VirusTotal site.

Fix 5: Get the Jump on Fast-Moving Malware

Traditional, signature-based antivirus software is getting snowed under by a blizzard of malware. Attackers try to evade detection by churning out more variants than security labs can analyze. So besides signatures, any antivirus program worth its salt today uses proactive detection that doesn’t require a full signature to spot sneaky malware.

One promising approach uses behavioral analysis to identify malicious software based solely on how it acts on your PC. But your antivirus software by itself may not be enough. ThreatFire, a popular free download from PC Tools, adds such a layer of behavior-based protection. In recent tests, it correctly identified 90 percent of malware based on its behavior alone.

PC World’s ThreatFire review provides a thorough analysis of the program and a quick download link (as well as a warning about installing too many security programs on one PC). And for more on behavioral analysis and proactive virus detection, see “When a Signature Isn’t Enough.

Note: If you use the AVG Free antivirus program, hold off on trying ThreatFire until PC Tools releases a new version. The current 3.5 version conflicts with AVG, but PC Tools says it’s working on a fix.

Fix 6: Rescue Your Inbox From Spam

Spam filters are getting better, but some junk still makes it through even the best of them. Instead of resigning yourself to hitting delete for all those hot-stock and Viagra come-ons, try disposable e-mail addresses.

Such an address is something you create every time you encounter an online shopping site, forum, or other service that requires you to enter an e-mail address. If that address gets flooded with spam, you can terminate it. That’s a better system than the alternative, creating a free Web mail account that you use only for purchases and Web signups. With a single separate account, you have to throw the baby out with the bathwater and cancel the whole account if it gets too much spam.

Yahoo Web mail users can opt for the $20-a-year Plus service, which includes the AddressGuard disposable e-mail service (among other benefits). With it, you can click a bookmark to create a new, disposable address for any given site in about 10 seconds.

Gmail users can simply append “+ whatever” to their regular e-mail address before handing it out, but if that address starts to receive spam you can’t simply turn it off. You’ll have to create a filter in Gmail to block all mail to that address.

For everyone else, we suggest a good, free service from Spamgourmet.com that’s quick and easy to set up and use; it allows you to create disposable addresses on-the-fly that will forward e-mail messages to your regular address.

Fix 7: Develop an Antiphishing Habit

The dastardly practice of phishing for personal information is still alive and well, and many fake sites can be hard to distinguish from the real ones. But a few simple practices can ensure you’ll never be snagged by a phishing hook.

The best approach, and the most straightforward, is never to click a link in any e-mail message to access your financial accounts. Instead, always type the URL or use a bookmark. That one habit will protect you from almost every phishing attack.

If you can’t make that change, then at least use the latest version of Internet Explorer, Firefox, or Opera to browse the Web. All have built-in features to block known phishing sites (and, as described in Fix 3, Opera and Firefox now also block known malware sites). Avoid Safari, which lacks any built-in antiphishing protection.

Finally, keep an eye out for the common phishing tactic of using URLs like “http://adwords.google.com.d0l9i.cn/select/Login.” If you glance at the URL (an actual recent example listed by Phishtank.com), you might think the site’s domain was google.com. In fact, it’s heading to d0l9i.cn, a site in China where operators are standing by to swipe your personal details.

Internet Explorer 8 will use an innovative feature called Domain Highlighting that will make spotting such trickery easy. But until it becomes available, watch URLs carefully.

Fix 8: Keep Your Own Site Safe

It’s not a good time to run a Web site. The Web may look like a digital wonderland, but behind the scenes it’s a war zone. And the guns are trained on your site.

Crooks use automated tools to search sites for the most common vulnerabilities. If they find one, they blow the hole wide open to plant harmful code that will attack your loyal visitors.

To help keep your site safe, start with some quick, free scans that ferret out the most obvious problems. First, fill out a form at Qualys.com to request a free scan of one IP address.

Next, download the also-free Scrawlr tool from HP. After a quick install, use Scrawlr to scan your site for SQL injection vulnerabilities (a type of hole targeted in a recent Sony site hack).

A clean bill of health from both scans won’t guarantee that your site is safe. For instance, neither will find problems with custom JavaScript code, another common type of attack. And while requesting or running either scan is easy, fixing a reported hole might involve a fair bit of work. But that job will still take far less work than repairing your site and your reputation after your site has been hijacked.

A clean bill of health from both scans won’t guarantee that your site is safe. For instance, neither will find problems with custom JavaScript code, another common type of attack. And while requesting or running either scan is easy, fixing a reported hole might involve a fair bit of work. But that job will still take far less work than repairing your site and your reputation after your site has been hijacked.

Fix 9: Make Your Passwords Secure–And Easy to Remember

Online passwords are starting to seem about as safe as tissue paper protecting a bank vault. The supply of stolen logins is now so huge that crooks can hardly make any money selling them unless they add other ripped-off data, like addresses or Social Security numbers, according to security researchers. And thieves don’t stop with stealing logins to financial accounts–the bad guys regularly pilfer access information for Web mail accounts as well. In one recent case, a scammer broke into Web mail accounts and sent messages to the victim’s friends asking for money.

Experts say we should use strong, unique passwords for all our accounts. But they don’t tell us how we’re supposed to remember them, so most of us end up using the same, not-so-safe password at all our accounts.

Here’s an easy fix that allows you to remember just one password, yet still have a strong, unique password for each site you use. The Password Hash (or PwdHash) add-on for Firefox and IE takes that simple password you type and runs it through an algorithm that uses the site’s domain name as part of the calculation. The utility subs in the resulting strong password before you send it to the site. All you have to do (after installing Password Hash) is hit the F2 key in a password box before you type.

For a download link and more info on this useful tool, head to the PC World Downloads page.

Fix 10: Get Extra Cleaning Help for Stubborn Infections

Sometimes even the best antivirus program misses an infection. And once a virus or Trojan horse gets in, removing it can be incredibly tough. If you suspect some nasty got past your defenses, then it’s time to bring in extra help.

Many antivirus makers offer free and easy online scans through your Web browser. The scan will take time, as the scanning service will need to download large Java or ActiveX components before it can get started, but they’re easy to kick off. You can run them in addition to your already-installed antivirus application for a second (or third, or fourth) opinion. Here’s the lowdown on your options.

Trend Micro HouseCall: Will detect and remove malware; works with both IE and Firefox.

BitDefender Online Scanner: Detects and removes malware; requires IE.

Kaspersky Online Scanner: Detects malware, but doesn’t remove it; works with IE and Firefox.

F-Secure Online Virus Scanner: Detects and removes malware; requires IE.

ESET Online Scanner: Detects and removes malware; requires IE.

Software Warning: Antivirus XP 2008

Posted in internet news by Fated Blue on September 1, 2008


XP Antivirus 2008 Description
XP Antivirus 2008 is a rogue anti-spyware program that uses scare tactics to get you to purchase the full version of the XP Antivirus 2008 program. XP Antivirus 2008, or XPAntivirus 2008, may be downloaded and installed through the Zlob Trojan infection which is found on fake video codecs used to view porn videos. Zlob may affect your System32 files and load with a process called winlogon.exe. Zlob may even have rootkit functionality which gives it the ability to hide files in the system. Zlob may hijack browsers, display pop up ads and disable key system functions.

XP Antivirus 2008, if installed, runs a scan on your computer and alleges to detect spyware on your computer. After the scan is complete, XP Antivirus 2008 will display false postives and pop up a fake warnings message with the option to remove the detected spyware. Computer users are urged to avoid downloading or purchasing XP Antivirus 2008 no matter how legitimate the program may look. XP Antivirus 2008 may recreate itself after reboot, continue to run in the background of your system without your knowledge and display fake warning messages to drive you to purchase the full version of XP Antivirus 2008. XP Antivirus 2008’s activities may generate a system slowdown.

How can I get rid of XP Antivirus 2008?
The most common spyware removal tactic is to uninstall XP Antivirus 2008 by using the “Add/Remove Programs” utility. However, as there may still be hidden XP Antivirus 2008 files, it’s possible that XP Antivirus 2008 will reappear after reboot. Follow the XP Antivirus 2008 detection and removal methods below.

XP Antivirus 2008 or XPAntivirus 2008 Automatic Detection (Recommended)
Is your PC infected with XP Antivirus 2008? To safely & quickly detect XP Antivirus 2008, we highly recommend you…

Spyhunter

SpyHunter’s free version is only for spyware detection. If SpyHunter’s spyware scanner detects XP Antivirus 2008 on your PC, you have the option of purchasing SpyHunter’s spyware removal tool to remove XP Antivirus 2008 and other spyware threats.

XP Antivirus 2008 Manual Removal Instructions
Below is a list of XP Antivirus 2008 manual removal instructions and XP Antivirus 2008 components listed to help you remove SpyCrush from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

Note: This manual removal process may be difficult and you run the risk of destroying your computer. We recommend that you use SpyHunter’s spyware detection tool to check for XP Antivirus 2008.

Step 1 : Use Windows File Search Tool to Find XP Antivirus 2008 Path
Go to Start > Search > All Files or Folders.
In the “All or part of the the file name” section, type in “XP Antivirus 2008” file name(s).
To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.
When Windows finishes your search, hover over the “In Folder” of “XP Antivirus 2008”, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete XP Antivirus 2008 in the following manual removal steps. Read more about How to Find XP Antivirus 2008 with File Search Tool

Step 2 : Use Windows Task Manager to Remove XP Antivirus 2008 Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the “Image Name” button to search for “XP Antivirus 2008” process by name.
Select the “XP Antivirus 2008” process and click on the “End Process” button to kill it.
Remove the “XP Antivirus 2008” processes files:

rhc9s8j0ec0t.exe
smchk.exe
erms.exe
agpqlrfm.exe
xpa2008.exe
install_v2.exe
xpa.exe
%program_files%\xp antivirus\xpa.exe
xpantivirus2008_v880187.exe
xpantivirus2008_v880019.exe
xpantivirus2008_v880339.exe

Step 3 : Use Registry Editor to Remove XP Antivirus 2008 Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the “OK” button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete “XP Antivirus 2008” value, right-click on it and select the “Delete” option.
Locate and delete “XP Antivirus 2008” registry entries:

HKEY_CURRENT_USER\software\xp antivirus\options billingurlapproved2
HKEY_CURRENT_USER\software\xp antivirus\options billingurl2
HKEY_CURRENT_USER\software\xp antivirus\options billingregurl
HKEY_CURRENT_USER\software\xp antivirus\options termsurl
HKEY_CURRENT_USER\software\xp antivirus\options securityvector
HKEY_CURRENT_USER\software\xp antivirus\options lastrun
HKEY_CURRENT_USER\software\xp antivirus\options scans

Step 4 : Use Windows Command Prompt to Unregister XP Antivirus 2008 DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the “OK” button.
Type “cd” in order to change the current directory, press the “space” button, enter the full path to where you believe the XP Antivirus 2008 DLL file is located and press the “Enter” button on your keyboard. If you don’t know where XP Antivirus 2008 DLL file is located, use the “dir” command to display the directory’s contents.
To unregister “XP Antivirus 2008” DLL file, type in the exact directory path + “regsvr32 /u” + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u XP Antivirus 2008.dll) and press the “Enter” button. A message will pop up that says you successfully unregistered the file.
Search and unregister “XP Antivirus 2008” DLL files:

kgxmotapktx.dll
jaxtcwfg.dll
ooiqyu.dll
dmngyvfc.dll
nrnnmb.dll
khfGvTMf.dll
iifgETLc.dll
hgGxXoMF.dll
sjdvhd.dll
fkaaejuc.dll
obmuxmov.dll
pmalmfly.dll
ddccBrSk.dll
xxyabcCs.dll
WinCtrl32.dll

Step 5 : Detect and Delete Other XP Antivirus 2008 Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the “OK” button.
Type in “dir /A name_of_the_folder” (for example, C:\Spyware-folder), which will display the folder’s content even the hidden files.
To change directory, type in “cd name_of_the_folder”.
Once you have the file you’re looking for type in “del name_of_the_file”.
To delete a file in folder, type in “del name_of_the_file”.
To delete the entire folder, type in “rmdir /S name_of_the_folder”.
Select the “XP Antivirus 2008” process and click on the “End Process” button to kill it.
Remove the “XP Antivirus 2008” processes files:

rhc9s8j0ec0t.exe.local
rhc9s8j0ec0t.exe
dssc32.exe.bat
bindsrv2.exe.bat
smchk.exe.bat
smchk.exe
scksexde.exe.bat
s1265.php.bat
winpu73.sys
erms.exe
kgxmotapktx.dll
agpqlrfm.exe
jaxtcwfg.dll
ooiqyu.dll
dmngyvfc.dll
nrnnmb.dll
khfGvTMf.dll
iifgETLc.dll
hgGxXoMF.dll
sjdvhd.dll
fkaaejuc.dll
obmuxmov.dll
pmalmfly.dll
ddccBrSk.dll
xxyabcCs.dll
WinCtrl32.dl_
WinCtrl32.dll
xpa2008.exe
install_v2.exe
xpa.exe
%startmenu%\xp antivirus 2008\uninstall xp antivirus 2008.lnk
%startmenu%\xp antivirus 2008\xp antivirus 2008.lnk
%program_files%\xp antivirus\xpa.exe
%desktopdirectory%\xp antivirus 2008.lnk
xpantivirus2008_v880187.exe
xpantivirus2008_v880019.exe
xpantivirus2008_v880339.exe

XP Antivirus 2008 Recommendation
RECOMMENDED: To avoid the unnecessary risk of damaging your computer, we highly recommend you use a good spyware cleaner/remover to track XP Antivirus 2008 and automatically remove XP Antivirus 2008 as well as other spyware, adware, trojans, and virus threats in your PC.

Writer’s Note: You can also use system restore if you’re in a hurry 😀