TechBlog

Back in November 2007, I’ve seen this technique used by one of the variant of Worm called W32/Drom. The technique was not to execute the malicious file or component of the worm but to prevent Antivirus Program from running. The Worm queries the following Antivirus registries to get the Installation Path, once acquired, it creates a folder named “ws2_32.dll” with Hidden and System attributes on that location. As I test this technique, it prevented the program from running as it first loads the “ws2_32.dll” folder in the current directory. ...

Sigh… The latest “exploit” that affects hundreds of programs and will be the end of the world as we currently know it is actually a well documented feature of Windows. It has actually been around since the DOS days. In the old days we used to call these Companion viruses. It worked by using a different file extension that will be executed before the real executable. For example if you had a “gwbasic.exe” you would create a “gwbasic.com” anywhere in the path and if the user just typed “gwbasic” he would execute the “gwbasic.com” and not the “gwbasic.exe”. If the author of the “gwbasic.com” was ‘nice’ he could execute the “gwbasic.exe” so as to make the existence of the “gwbasic.com” file harder to detect. ...

Microsoft’s web browser Internet Explorer was launched 15 years ago. While it had its ups and downs over the years – version 6 was plagued by countless security issues, which made it one of the most hated browsers around – it’s still the most popular browser in the world, with the last couple of versions improving dramatically on their troubled predecessor. The first version of the browser, Internet Explorer 1, debuted on August 16, 1995. It was based on Mosaic, a web browser Microsoft had licensed from a company called Spyglass Inc. Starting with version 3.0, Microsoft started bundling Internet Explorer with Windows, increasing its market share dramatically and ultimately squeezing once dominant browser Netscape Navigator out of the market completely. ...

Have you seen a message like this on Facebook? I just got the Dislike button, so now I can dislike all of your dumb posts lol!! If so, don’t click on the link. It’s the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”. ...

Until now, Facebook Notes has only supported text formatting through HTML, making formatting a challenging task for the majority of the site’s 500 million members. Today the social network has rolled out a refreshed version of Notes to remedy the problem. The Facebook Notes application has been overhauled with a new look and feel that includes an easier-to-use left-hand menu and a few notable new features. The most significant update to Notes is the addition of a text editor that includes standard formatting options that let Facebook users click to bold, italicize, underline, indent quotes and add bullet or numbered lists to their notes. Facebook Notes also now lets users tag Facebook Pages in their notes and more easily locate saved drafts. ...

Microsoft discontinued support for Windows XP Service Pack 2 on July 13th, and that means there is no SP2 update for the recent LNK shortcut vulnerability (KB2286198). If you review the comments from this SANS Diary post, you’ll see that there was some initial confusion regarding SP2 support, due to a typo in Microsoft’s Security Bulletin (MS10-046). The bulletin is now corrected. However, even today, the download for Windows XP still includes SP2 in the file properties. ...

Honestly, how many times have you won free stuff by clicking on links? And no… those spam, trojan, and spyware do not count as free stuff. We recently found a scam that promises a free iPad to application testers. Apparently, the site lures the person into joining an iPad application testing program while the site owner makes profit from SMS fee charges and affiliation programs. To enroll in the program, “testers” are required to complete two steps. ...

It should go without saying that the best way to deal with malware is of course, not to get infected in the first place. Being aware of what products are being targeted by the bad guys may help you as well, so it may be useful to know that at the moment Adobe products are virtually the number one target across the world with millions of PCs being hit by infected Adobe PDFs. Others are being pwned via Adobe Flash ads via Facebook and other social media web sites. ...

“What are you doing? “To join or to see who invited you, check the attachment.” Hmmm. That looked interesting. After I clicked on it (in virtual environment), Yahoo renamed the attachment from “Invitation+Card.zip” to “Neutral.gif” and gave a warning: Nice work Yahoo.

Toy Story 3 is romping across cinemas Worldwide, and rightly so – it’s the best of the series by far. I thought it might be worth pointing out that being a product aimed at children doesn’t exclude it from internet shenanigans. If you have young children online who are partial to searching for Toy Story material, you might want to warn them about some of the below scams. One of the most popular tactics is advertising the “full movie” on Youtube, but directing the end-user to a bunch of surveys instead: ...