Tuesday, January 22, 2008

New Piece of Malware Hits Mac OS X!

Mac OS X was always described as a more secure alternative for Microsoft's Windows because most virus writers and hackers have focused on Windows infections, Trojan horses or other kinds of attacks. However, 2007 proved us that Mac OS X can be vulnerable as well, as a new type of threat was detected by security companies around the world. Today, a new report comes to support the idea that Mac OS X is not as safe as we know it: OSX_MACSWEEP.A, a new Mac infection, has been spotted in the wild. Security vendor Trend Micro set a low damage potential and a low distribution potential, so extra-care should be enough to remain on the safe side.

According to the security company's report, this new piece of Mac OS X malware can be deployed once a user visits an infected webpage. However, it can also be installed by another infection that already exists on your computer, Trend Micro explains. "It may arrive bundled with malware packages as a malware component."

The Mac OS X infections have never been too dangerous and this one is pretty similar to its predecessors. Trend Micro informs that OSX_MACSWEEP.A was designed to remove certain software installed on an affected system. "Once it finishes scanning for so-called dangerous files in the system, users can choose to remove these in the system but a window prompts them to purchase a product."

That's right, it acts like a rogue security solution, just like the old-fashioned infections targeting the Windows operating systems. Usually, these threats installed on people's computers provide fake security alerts, informing the users that certain viruses, Trojans or worms, were found running in the memory. In order to be removed, the user has to buy the full version of the 'fake' application, which is obviously useless and doesn't really remove any infection.
Diposkan oleh No comments:
Label:

Wednesday, January 9, 2008

Zlob.MediaCodec

Zlob.MediaCodec Description

Zlob.MediaCodec is a variant of the Zlob.Trojan malware. Zlob.MediaCodec is malicious and extremely dangerous. Zlob.MediaCodec installs itself secretly through deceptive mechanisms, such as browser security exploits, and opens up a backdoor security hole, allowing remote attackers to control your computer, execute programs, download additional malware, and steal personal data and credit card information. Zlob.MediaCodec may also install rogue anti-spyware programs and deliver excessive numbers of pop-up advertisements.

How can I get rid of Zlob.MediaCodec?

The most common spyware removal tactic is to uninstall Zlob.MediaCodec by using the "Add/Remove Programs" utility. However, as there may still be hidden Zlob.MediaCodec files, it's possible that Zlob.MediaCodec will reappear after reboot. Follow the Zlob.MediaCodec detection and removal methods below.

Zlob.MediaCodec Manual Removal Instructions

Below is a list of Zlob.MediaCodec manual removal instructions and Zlob.MediaCodec components listed to help you remove SpyCrush from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

Note: This manual removal process may be difficult and you run the risk of destroying your computer. We recommend that you use spyware detection tool to check for Zlob.MediaCodec.

Step 1 : Use Windows File Search Tool to Find Zlob.MediaCodec Path

  1. Go to Start > Search > All Files or Folders.
  2. In the "All or part of the the file name" section, type in "Zlob.MediaCodec" file name(s).
  3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
  4. When Windows finishes your search, hover over the "In Folder" of "Zlob.MediaCodec", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob.MediaCodec in the following manual removal steps.

Step 2 : Use Windows Task Manager to Remove Zlob.MediaCodec Processes

  1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  2. Click on the "Image Name" button to search for "Zlob.MediaCodec" process by name.
  3. Select the "Zlob.MediaCodec" process and click on the "End Process" button to kill it.
  4. Remove the "Zlob.MediaCodec" processes files:

  5. Read more about How to kill Zlob.MediaCodec Processes

Step 3 : Use Registry Editor to Remove Zlob.MediaCodec Registry Values

  1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
  2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
  3. To delete "Zlob.MediaCodec" value, right-click on it and select the "Delete" option.
  4. Locate and delete "Zlob.MediaCodec" registry entries:

  5. Read more about How to Remove Zlob.MediaCodec Registry Entries

Step 4 : Use Windows Command Prompt to Unregister Zlob.MediaCodec DLL Files

  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
  2. Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob.MediaCodec DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob.MediaCodec DLL file is located, use the "dir" command to display the directory's contents.
  3. To unregister "Zlob.MediaCodec" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.MediaCodec.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
  4. Search and unregister "Zlob.MediaCodec" DLL files:

  5. Read more about How to Remove Zlob.MediaCodec DLL Files

Step 5 : Detect and Delete Other Zlob.MediaCodec Files

  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
  2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
  3. To change directory, type in "cd name_of_the_folder".
  4. Once you have the file you're looking for type in "del name_of_the_file".
  5. To delete a file in folder, type in "del name_of_the_file".
  6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
  7. Select the "Zlob.MediaCodec" process and click on the "End Process" button to kill it.
  8. Remove the "Zlob.MediaCodec" processes files:

  9. Read more about How to Delete Harmful Files


Diposkan oleh No comments:
Label:

Friday, January 4, 2008

Windows XP Trojan Locks Your Vulnerable Computer

Remember that pay-by-phone exploit that attempted to infect your computer and steal your money? Well, it seems like it is much more dangerous than we've expected. Security company Trend Micro today published an advisory concerning TROJ_RANSOM.B, the Trojan horse that supports the entire attack, saying
that it affects all Windows versions, starting with '98 and ending with Server 2003. The high damage potential can only prove us that it is pretty dangerous and users must do anything it’s possible to defend their systems.

So, how can you get infected? It’s enough to visit a malicious website equipped with the Trojan and, in case the system is not protected, it will be infected in no-time. In addition, the Trojan horse can be deployed by other malware already installed on the computer, Trend Micro explained.

But what’s worse is that TROJ_RANSOM.B is able to lock people out of their computers and restrict the access to the system unless they pay for a rogue security application. As I said yesterday, the infection displays a security warning and demands the victim to send a SMS to a certain call number to purchase a security program that would be able to remove the infection. Today’s Trojan is doing exactly the same thing: it displays an image to lock the system and ask people to send a SMS in order to buy the application.

"It is capable of locking users out of vulnerable systems and demanding a pay-by-phone activation fee. After dropping all its components, it displays an image to lock the affected system. Affected users are then presented with the option of sending a text message to an SMS number or calling a phone number to obtain a 'license code' that ostensibly unlocks their compromised systems. The options are billed at different rates", the security company mentioned in the advisory.
Diposkan oleh No comments:
Label:

Thursday, January 3, 2008

Meet the First 2008 Windows XP Infection!

Trend Micro AntiVirus plus AntiSpyware 2008 may be the solution to defend your computer
Here we go again! If 2007 was a pretty busy year when it comes to computer infections, worms, Trojan horses and other types of threats, it seems like 2008 wants to
become at least as dangerous as its predecessor. January 1st came with the first Trojan horse of the year as security vendor Trend Micro noted in the last hours of December 31st. TROJ_DLOADER.CP is that kind of infection targeting most Windows versions including 98, ME, NT, 2000, XP and even Server 2003. But what’s worse is that it has a HIGH damage potential which underlines the Trojan’s capability to destroy your data.

In case you’re wondering how you might get infected, the answer is quite simple: all you need to do is to visit a malicious website specially built to drop the infection on your computer. In addition, TROJ_DLOADER.CP may be deployed by another malware already installed on the system.

"This Trojan may be downloaded from remote sites by other malware. It may also be dropped by other malware. It may arrive bundled with malware packages as a malware component. It may also be downloaded unknowingly by a user when visiting malicious Web sites," Trend Micro wrote in the advisory.

After the Trojan horse is successfully installed on your computer, it attempts to drop a huge number of other threats from several websites. As far I can see, most of them are hosted in China so I guess it would be safer to avoid suspicious Chinese pages these days.

"This Trojan then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It then deletes itself after execution," the security company added in the security notification.

That being said, I wish you a Happy New Year and don’t forget to update your antivirus. Just to be on the safe side…
Diposkan oleh No comments:
Label:

The Top Videos on YouTube in 2007

It’s not difficult to see why some people predicted that the end of the Internet will come via YouTube servers, the number of videos and even more, their size that will no longer suffer archiving and encryption are adding to infernal numbers for the bandwidth and the overall backbone of the World Wide Web.
Nevertheless, there are many videos that deserve to be up there for everybody to see and laugh at. Yes, that’s the category I’ll be addressing today, entertainment. Some of the best received clips are about somebody naming herself Obama girl, another about a crazed Britney fan (you just knew it) and the third about a herd of buffaloes attacking a pride of lions. The last one is very interesting to watch, but it’s about violence and I’m not a big fan of it.
The other two, however, are fodder for any media cannon that might be brought up front. The Obama Girl video portrays a young singer that has the presidential candidate at heart and "battles" another singer dubbing herself Giuliani Girl. The song is catchy and the ladies are fine, break out the wine and start talking politics after watching it. Just don’t become violent, as many resort to it when the discussion is had.
Chris Crocker a.k.a. the Queen of Ghetto (he is a male… well… not adult) has posted a video response to the press critiques of Britney Spears performance at MTV’s VMA. It’s filled with heart and soul, filled with tears and pleads. I’ll embed a not so dramatic variant to it, just for your personal amusement. The Alvin the Chipmunk voice does wonders, I'll have you know so you should really watch it, it’s rich. It’s also the fourth most commented on video in YouTube’s history and the one that made Crocker an instant YouTube star.

But, without further ado, I bring to you the two videos that made 2007 a lot better:
Diposkan oleh No comments:

Windows Worm Using Your Computer for Flood Attacks

WORM_RBOT.HBZ is the latest threat spotted in the wild that targets the Windows systems and attempts to drop its files on most versions of the Microsoft operating system including 98, ME, NT, 2000, XP and Server 2003. The worm was discovered by security company Trend Micro, which wrote that it could easily reach your system because it might be deployed by other malware, or directly, when a user visits a malicious website. Just like other similar worms, WORM_RBOT.HBZ attempts to create new registry entries to be sure its files are executed every time the operating system is fully loaded.

But what's more important is that it automatically scans the network shares to drop its files and spread itself on the network. "It searches the network for certain shares, into which it attempts to drop copies of itself", Trend Micro wrote in the advisory.

And this is not enough. The Windows worm wants to open a random port to enable the attacker to connect to the vulnerable system and access its files. This way, the attacker gets complete control over the system and remotely executes commands. "It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system", the security company explained.

The surprising fact is that WORM_RBOT.HBZ uses your computer to launch web attacks over various targets on the Internet. "It launches certain types of flood attack against target sites. It does the said routine to render target sites inaccessible."

Now, move your cursor over your antivirus icon placed in the System Tray, right click it and hit Update. This should be pretty useful if you intend to remain secure while browsing the web these days...
Diposkan oleh No comments:
Label:

The Top Worst Things on the Internet in 2007


It’s not something that you can dress up and present it like it’s something positive. It’s a Top Worst after all, or in another term, to make it look less gloomy and filled with black-capped and masked bytes, let’s call it "Top Incidents".

Royal Pingdom put this top together to note the year that passed in other ways than the classic concept floating around the holidays, that of "it was pretty good, next year will be better". Apparently, that makes them and other Grinch-like sites and people sick to their core. Ok, that might have been a slight exaggeration, but bare with me.

The Great Skype Outage caused by a Microsoft Windows update is there at the top and deservedly so, millions of users having had to suffer from it for almost two whole days. I don’t know why I compare this to a major city without running water for the same period of time. That’s how big communication has gotten to be nowadays.

After that comes a silly one, emphasis on stupid and unbelievable. A month ago a trucker lost control of his vehicle and rammed into a power transformer. As a result, RackSpace’s Dallas data center was in the dark because, when their backups kicked in, the chillers failed to start, forcing a lot of customers to go through the shut down procedure unwillingly.

Similar to that, a major San Francisco data center outage, in July, affected more big-name websites and services than any other incident happening in 2007: Craiglist, Technocrati, LiveJournal, TypePad, AdBrite, Second Life and Yelp to name a few. In the same "taking a short break" category, we find Google Analytics. The bad part about belonging to Google is that nothing goes unnoticed. Bad luck for Google, better luck next year, along with CISCO, who have also had major website trouble. Seeing as they are responsible for a large part of the Internet backbone… figure it out why they are here, in the "incidents" list.

Back to the "stupid incidents" category for a… flood. Not the bytes and download type of flood, but the honest to God rain pouring from the sky type. That happened to the T-Mobile main data center in Seattle, earlier in December, and had their website, activation portals and several other services going bye-bye. Eager beaver downloaders caused trouble for Ubuntu.com, when the 7.04 release first came out, back in April. I had this in the "stupid" category because if you know that you have what the crowd needs, you'll provide it. You gotta walk the walk if you claim that you can talk the talk. Bit of a stretch for that expression, but I think it fits. Other silly downtimes came on Black Friday from Sears.com and Macys.com. I guess they never thought that shoppers might use their PCs for the job on that particular day…

Speaking of downtime, the Media Temple grid, Registerfly and Twitter hold each others hands and dance on the respective stage for failing to provide for their users in the most annoying way possible.

And last, but not least, Google’s Blogger had a bit of a rough time in 2007 on several occasions. You already know about them, so I won’t twist the knife in the fresh wound. That concludes the top. Thanks for tuning in, we’ll see each others next year.
Diposkan oleh No comments:
Subscribe to: Posts (Atom)