Toy Story 3: Woody's Roundup of Scams and Fakeouts

Toy Story 3 is romping across cinemas Worldwide, and rightly so – it’s the best of the series by far. I thought it might be worth pointing out that being a product aimed at children doesn’t exclude it from internet shenanigans. If you have young children online who are partial to searching for Toy Story material, you might want to warn them about some of the below scams. One of the most popular tactics is advertising the “full movie” on Youtube, but directing the end-user to a bunch of surveys instead: ...

August 13, 2010 Â· 3 min Â· 474 words Â· Omid Farhang

What’s in a (rogue) name? VirusTotal 2010

There is a well-respected and very useful site that everyone in the anti-virus industry uses – sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate: ...

August 13, 2010 Â· 1 min Â· 135 words Â· Omid Farhang

Facebook Malware Attack Behind Distracting Beach Babes Video

A Facebook malware attack is on the loose this weekend, enticing users to click a “Distracting Beach Babes” video on their Facebook Walls. The Wall message reads: “this is hilarious! lol 😛 😛 😛 Distracting Beach Babes [HQ] Length: 5:32″. If you see this video on Facebook today, do not click the link: Doing so, and downloading a linked file, will result in malware being installed on your computer. ...

May 22, 2010 Â· 1 min Â· 106 words Â· Omid Farhang

Warning on Facebook worm "FBHOLE"

There’s a new Facebook worm out there. However, it doesn’t seem to be doing anything else than posting a message to people’s Facebook walls. The message that the worm posts is “try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]“ If you follow the link, you end up to a page looking like this: ...

May 21, 2010 Â· 1 min Â· 132 words Â· Omid Farhang

Russian ISP hosting Zbot C&C servers is taken down

Russian-based PROXIEZ-NET, which was known to allegedly host 13 Zbot command-and-control servers has been shut down by its upstream provider DIGERNET, according to the site The New New Internet (News story on Web Host Review here: “Alleged Russian Malware Host Cut Off By Upstream Provider”) Legitimate web sites hosted by PROXIEZ-NET many have been caught in the takedown, the Review said. Brick House Security said the Zbot-related servers on PROXIEZ-NET were used to collect PayPal, EBay and online banking passwords stolen by key logging malware. ...

May 19, 2010 Â· 1 min Â· 117 words Â· Omid Farhang

SEO poisoning: Rima Fakih photos

You might avoid looking for photos of Miss USA Rima Fakih for a while. There is a controversy about a certain pole-dancing incident in her past that is stirring up the talk show circuits and the adolescent inside every male on the planet. It also has stirred up a massive number of SEO poisoned links to photos. In 2007, Fakih won a “Stripper 101” contest sponsored by a Detroit radio show “Mojo in the Morning.” And, of course, she was no sooner crowned Miss USA than somebody resurrected the “Stripper 101” video. And, of course, everybody is searching for “Rima Fakih pole dancing.” ...

May 19, 2010 Â· 1 min Â· 124 words Â· Omid Farhang

What does PHP stand for? Probable Hacked Page?

Late last week, the wires were buzzing over news that the official site of PHP-Nuke “Professional Content Management System“ was serving malware. I am frankly amazed to see the site still infected 4 days later. We see hacked sites everyday and the majority are running PHP-driven applications such as Content Management Systems (CMS). The PHP-Nuke site is currently running PHP v. 5.2.9. ...

May 11, 2010 Â· 1 min Â· 164 words Â· Omid Farhang

A HijackThis Toolbar from Facebook?

Spam emails such as the one below have been doing the rounds on the Internet hoping to lure recipients into downloading a Facebook toolbar. If you download the file by clicking on “Download Here”, you’ll see a file with the icon shown below: If you take a closer look at the icon, “darkSector” is shown inside of it. How strange. Is this actually a Facebook toolbar? Let’s take a look at the property of the file since the file looks a bit fishy. In the file properties, you’ll see the following in the Details tab. ...

May 3, 2010 Â· 1 min Â· 195 words Â· Omid Farhang

Don’t play with Natural Disasters!!

We want to warn you of an email message in Spanish we’ve received with the subject ( Urgente ) Posible Terremoto y Tsunami con un 89 % de efectividad and that is of course false. The message consists of different images and informs users about an alert of earthquake and tsunami in Chile. Besides, it passes itself off as a warning of National Geographic, in order to make it more credible. ...

May 3, 2010 Â· 2 min Â· 354 words Â· Omid Farhang

A Trojan Adding Malicious Routing Entries

Backdoor.Rohimafo is a Trojan that has several back door functions. It not only opens a back door and performs the usual functions but it also can perform some decidedly unusual functions. It attempts to block users from connecting to remote servers; not only specific servers but also specific network segments by using PersistentRoutes in Windows. PersistentRoutes can be used to add a routing entry to a routing table persistently. The route.exe command can be used to add an entry like the following: ...

April 17, 2010 Â· 2 min Â· 297 words Â· Omid Farhang