|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|May the source be with you, but remember the KISS principle ;-)|
October 09, 2011 | Moon of Alabama
As the Chaos Computer Club, a 25 year old hacker organization which promotes privacy, found, the "Federal Trojan" software the police uses for sniffing into Skype calls allows full manipulation of the hosting PC. The software can install additional programs and it can upload, download and manipulate files."This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."
Even worse, the software is written on an amateur level, uses unsecured communication methods and, once installed, leaves the computer open to be manipulated by anyone on the Internet.
October 11, 2011 | Slashdot
CSHARP123 writes "In a move that's sure to raise some eyebrows, Microsoft today debuted a new web site designed to raise awareness of security issues in web browsers. When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you're using. Only IE, Chrome, or Firefox are included - other browsers are excluded. Not surprisingly, Microsoft's latest release, Internet Explorer 9, gets a perfect 4 out of 4. Chrome or Firefox do not even come close to the score of 4. Even though the web site makes it easy for users to upgrade to the latest version of their choice of browser, Roger Capriotti hopes people will choose IE9, as it blocks more malware compared to Chrome or Firefox." Of note in the Windows Team post is that the latest Microsoft Security Intelligence Report discovered that 0-day exploits account for a mere tenth of a percent of all intrusions. Holes in outdated software and social engineering account for the majority of successful attacks.
NoScript blocks more malware than either.
I've seen the same data from Mcafee, and it was really something. For every computer exploited using a Windows flaw, 100 are exploited using Flash. Acrobat Reader and Java are the other major culprits.
In a lot of ways, browser security itself has never been better. There's several highly capable ones out there in this area. The weak link is some truly terrible plugins.
It might have been informative. Seriously, when you accuse Chrome of not meeting the requirement, "Does the browser help protect you from websites that are known to distribute socially engineered malware?" when google's anti-malware service is the basis for at least two browsers, and predates IE's effort by at least a year (probably more like 2), it sort of hampers your credibility.
Get Adobe Flash player
This page requires Flash Player version 10.2.0 or higher.
My browser only scored a 2 out of 4, yet was able to keep me from seeing most of the malicious content on the linked page.
NoScript and AdBlockPlus, thank you.
My browser: 1 Microsoft FUD: 0
Moving along, now... so much more internet to see, so little time.
Why does everyone fall back on attacking Microsoft for press releases like this? Statistically, IE HAS been safer than other browsers in certain respects nowadays. It's silly to dismiss their complete turnaround in taking security seriously just because it's fun to hate on the company.
Of course there's going to be some marketing thrown into it as well. But what company doesn't? Why isn't everyone attacking Apple when they claim Safari is the fastest and safest browser? Or Mozilla, which has made the same claims for years too? It's not true for either of those, and they certainly can't both be right at the same time. Everyone lets that slide, because it's not cool to hate on them, despite their own terrible histories with security/vulnerability problems.
I haven't used IE for years (stopped for security reasons, in fact), but that doesn't change the fact that I can still offer them kudos for helping keep the web a safer place, especially when they still provide the dominant browser. The less infected machines on the internet is beneficial to ALL of us.
Even though the site is the usual mix of MS inaccuracies, one thing it does do a good job pointing out is that Firefox is the odd man out right now when it comes to sandboxing. IE has it, Chrome has it, Safari on the Mac has it. Yet Firefox as the #2/#3 browser in the world lacks it. And while it's of limited use in protecting against attacks on plugins (which are the most common vector), it means it's easier to exploit the browser itself.
The FF devs should be working on getting Firefox appropriately sandboxed, even if it's Windows-only at the start. It would go a long way towards bringing it up to par with Chrome, which is Firefox's real competition.
The malware seems to have been on a Linux machine @ Badgered
The answer to your question is in the link provided by Vaughan-Nichols.
The term 'malware compromised PC' is something that Vaughan-Nichols simply made up (as he tends to do), unless he's posted the wrong link. The link he posted makes no reference to a PC. Rather, it states that a trojan was discovered on 'HPA's personal colo machine' -- a 'personal machine', not a 'PC'.
More importantly, the source also states that a 'trojan startup file was added to rc3.d'. As anyone familiar with Linux will know, 'rc3.d' is a directory containing start-up scripts for run level 3. The Linux run level scheme was copied from Unix, and as anyone familiar with Windows will know, Windows does not use run levels, nor has it ever.
In short, what Vaughan-Nichols calls a 'malware compromised PC' was apparently a 'personal co[-]lo[cation] machine' running Linux. It was apparently infected, along with several other Linux machines, by a trojan that targets Linux. It was Linux malware, full stop.
Anyone who's puzzled by a high-profile infection of Linux systems should consider the following:
1. Every production operating system contain bugs
2. Every user/administrator makes mistakes (much more important than 1)
3. Containing user/administrator mistakes and managing problems caused by bugs requires considerable resources
4. It's exceedingly unlikely that the Linux Kernel Organization, a non-profit, can match the resources of large commercial firms
5. Despite the myths spread by the technically inept, Linux isn't inherently more secure than Windows (indeed, as Charlie Miller has pointed out, Linux desktops are probably easier to hack than Windows desktops)
To those who haven't the first clue about security and think Linux is magically protected by pixies (i.e. most Linux zealots), the fact that hackers were able to compromise kernel.org and apparently remain undetected for some time must come as a shock. To anyone who actually understands the Linux, Unix and Windows security models, however, it isn't the least bit surprising.
Security Threat Research News
...Typosquatting is a popular Internet behavior that generates domain names based upon misspelling famous brand names. It is often abused by scammers to host malware and phishing content on these misspelled domains. Apparently, the Anticybersquatting Consumer Protection Act(ACPA) was enacted in 1999 to fight against any illegal intention of registering or using a domain confusingly similar to a trademark or famous name. As we know, it has been 13 years since Google was founded in1998.
Scammers have taken this opportunity to spread spyware through typosquatting on google.com, claiming that you can win an iPad on Google's 13th birthday.
Here is an example of a Google typosquatting: googole.com. Users will happen to get to the fake domain if they mistype google.com.
NEW YORK - Google is issuing this warning to people who try to click on links to sites with spyware and other malicious code: "The site you are about to visit may harm your computer!"
Users can search again, learn more about malicious code at the site StopBadware.org or proceed to the suspect site anyhow - at their own risk, of course.
Google Inc. said its initiative is just starting and is by no means comprehensive.
"To begin we'll only be identifying a small number of sites, but we'll be expanding our coverage over time," the company said in a statement. "Finding new and better ways to protect our users is a perpetual project, and we'll continue to work hard in this area."
Google is one of the main sponsors of StopBadware.org, a project that researchers from Harvard and Oxford universities are hoping to turn into a clearinghouse for information on spyware and other malicious software.
So far, StopBadware has identified only one site as malicious, and efforts to reach that site from Google worked normally Wednesday. But Google has identified other sites as problems and is offering warnings for those.
The company said the sites have been identified using software algorithms and verified with outside experts.
XP Antivirus 2012 is a fake anti-spyware program that is well known for promoting purchase of a full edition of XP Antivirus 2012 through vigorous Windows attention notifications. The XP Antivirus 2012 pop-up messages look very convincing which is why many PC users have succumb to the XP Antivirus 2012 program by paying upwards of $80 for it not knowing that it will not live up to its promises.
What does XP Antivirus 2012 do?
XP Antivirus 2012 was created with the main purpose of extorting money from computer users. This process is accomplished after the installation of XP Antivirus 2012 occurs. The installation of XP Antivirus 2012 may come automatically through a Trojan horse that is installed on a PC user's system without their knowledge. Sometimes surfing a free porn site will allow this to happen. In other cases PC users may have downloaded some type of software from a P2P (peer 2 peer) network not knowing it was laced with malware.
After XP Antivirus 2012 starts to load during startup of Windows, it presents users with a plethora of alert notifications that look rather legitimate to the untrained eye. These notices along with system scan results, are all fabricated by the XP Antivirus 2012 program. After the trust of XP Antivirus 2012 is gained through these bogus messages and system scan results, the computer user is apt to click on one which may redirect them to a purchase site for XP Antivirus 2012. If purchased, XP Antivirus 2012 will not remove any type of malware nor will it resolve previously stated PC issues. The best thing to do when presented with XP Antivirus 2012 is to take immediate action to remove it.
How Can You Remove XP Antivirus 2012?
XP Antivirus 2012 can be very difficult to manually remove if you are an inexperienced computer user. Not to mention, XP Antivirus 2012 has been known to populate the Windows Registry with many different entries and removing the wrong entries could render a PC damaged or useless
Feb 28, 2010 | AntiVirus Software
Akaashath Member Join Date: Feb 2010 Posts: 360
Re: What is Mega antivirus 2012 and how to remove it
Mega Anti Virus 2012 is a rogue security program that is supported by the use of the Trojan, which are as bright updates or video codecs to mask that requires to be considered on an on-line video. If Mega Antivirus 2012 runs, it scans your PC and non-existing virus identified, but you are not allowed to try to remove it unless you first purchase the program. These acknowledged malware files do not survive even from your PC. Please do not purchase Mega Anti Virus 2012, when it is just a trick.
#4 23-02-2011 Aashirya Member Join Date: Feb 2010 Posts: 359
Re: What is Mega antivirus 2012 and how to remove it
Mega Antivirus 2012 shows fake security warnings and windows on your desktop while you use the computer. These security alerts comprise notifications stating that your computer is under attack from a remote PC, or that frequent malware has been noticed. Like the forged scan results, these alerts and cautions, if all are ignored. Mega Anti Virus 2012 chunks task manager and additional utilities also. As you can observe, Mega Antivirus 2012 was intended to allow you believe that your PC is infected. If you have previously bought the program, contact credit card corporation name and talk about the charges. Make use of your physical removal directions from any website otherwise search Mega Anti Virus 2012 and related malware removal tool.
[Jul 17, 2011] Remove XP Antivirus 2012, removal instructions
They mention kdn.exe process, but the name can be any combination of three letters. Also registry keys mentions does not correspond those that I observed.XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer's system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally. Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer's protection!
XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user's knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don't buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012.
Fanbox.com, formerly known as sms.ac, is one of the most annoying and sleaziest spams and misrepresentations going right now. Here's how to stop receiving this spam.
If you are receiving email list this, we urge you to forward them to the federal Trade Commission. If they receive enough complaints, perhaps they'll get off their lazy government backsides and do something about the scum behind this scam:
How to Block Fanbox Emails or Cancel Your Account
Don't click on the link to cancel your account. That will only confirm to these scum that your email address is being used and ensure MORE spam. And since you never signed up for it, you haven't got an account to cancel. They are just trying to trick you into clicking on a link and confirming your information!
Instead, put fanbox.com, fanboxapps.com, and sms.ac in your junk / blocked senders, junk email or spam list in your email program (eg., Outlook junk mail list)
Report these spammers to the government:
To forward unwanted or deceptive spam to the Federal Trade Commission; send it to email@example.com,
Also see the FTC and here to Report Porn Spam. In California, also use firstname.lastname@example.org. In Missouri, use email@example.com. In Virginia, use firstname.lastname@example.org.
If you think you have been taken advantage of by a spam scam, file a complaint with the FTC online at www.ftc.gov. Complaints will help the FTC find and stop people who are using spam to defraud consumers.
How their scam works:
When you sign up for FanBox, it asks for your permission to email everyone in your address book. After you give them your password (DON'T do it!) it will start spamming everyone in your contact list / address book. It will send them these stupid ":____ asked you a question" spams.
We've received them here; and verified that the senders had no intention of sending them to us, or "asking" a question. They felt victimized.
For detailed discussion of this scam see these links:
1. Fanbox is the new plaxo
2. Spamhuntress.com: sms.ac turns into fanbox/
3. Steve Riley: faxbox, the latest in password scams
4. Fanbox: do not touch it
Rocky my boyfrend received faxbox invitation from a girl into hotmail account. This invitation was relating to his fanbox login. He says that he did not register himself in fanbox. His fanbox nickname is like his skype name or hotmail messanger nickname. Is that possible that he did not registered himself or he is lying?
He almost certainly did not register with Fanbox/Faxbox. According to this article, they get people's names and addresses from other victims, and then spam the new victims. They try to make it look like they have an account, and it can be canceled/unsubscribed/shut down. But, they ignore your request for removal and add you to a verified "good email account" list.
First you get a letter from one of your friends that looks innocent and pretty plausible, for example
I set up a profile where I can post photos, connect and share.
Do me a favor and confirm our relationship here .
<name of your friend>
If you click the link (very bad idea :-) it will propose you to login to this social networking site using any of your existing Webmail accounts (hotmail, gmail, yahoomail, etc). It also asks you to send an invitation to your friends.
What it does next is harvesting all your emails addresses in Web address book (it understands various formats) and send invitation to those on the list like regular email virus does. Pretty neat trick... Sending fake invitations to all addresses collected from your account address book make them a dangerous spammers.