Security

Here’s one of the latest Facebook phish attempts: videos of “beautifull” girls: It might look like the Facebook login page, but, check out the URL. I don’t think you want to log in to Facebook there.

Back in November 2007, I’ve seen this technique used by one of the variant of Worm called W32/Drom. The technique was not to execute the malicious file or component of the worm but to prevent Antivirus Program from running. The Worm queries the following Antivirus registries to get the Installation Path, once acquired, it creates a folder named “ws2_32.dll” with Hidden and System attributes on that location. As I test this technique, it prevented the program from running as it first loads the “ws2_32.dll” folder in the current directory. ...

Sigh… The latest “exploit” that affects hundreds of programs and will be the end of the world as we currently know it is actually a well documented feature of Windows. It has actually been around since the DOS days. In the old days we used to call these Companion viruses. It worked by using a different file extension that will be executed before the real executable. For example if you had a “gwbasic.exe” you would create a “gwbasic.com” anywhere in the path and if the user just typed “gwbasic” he would execute the “gwbasic.com” and not the “gwbasic.exe”. If the author of the “gwbasic.com” was ‘nice’ he could execute the “gwbasic.exe” so as to make the existence of the “gwbasic.com” file harder to detect. ...

Have you seen a message like this on Facebook? I just got the Dislike button, so now I can dislike all of your dumb posts lol!! If so, don’t click on the link. It’s the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”. ...

Microsoft discontinued support for Windows XP Service Pack 2 on July 13th, and that means there is no SP2 update for the recent LNK shortcut vulnerability (KB2286198). If you review the comments from this SANS Diary post, you’ll see that there was some initial confusion regarding SP2 support, due to a typo in Microsoft’s Security Bulletin (MS10-046). The bulletin is now corrected. However, even today, the download for Windows XP still includes SP2 in the file properties. ...

Honestly, how many times have you won free stuff by clicking on links? And no… those spam, trojan, and spyware do not count as free stuff. We recently found a scam that promises a free iPad to application testers. Apparently, the site lures the person into joining an iPad application testing program while the site owner makes profit from SMS fee charges and affiliation programs. To enroll in the program, “testers” are required to complete two steps. ...

It should go without saying that the best way to deal with malware is of course, not to get infected in the first place. Being aware of what products are being targeted by the bad guys may help you as well, so it may be useful to know that at the moment Adobe products are virtually the number one target across the world with millions of PCs being hit by infected Adobe PDFs. Others are being pwned via Adobe Flash ads via Facebook and other social media web sites. ...

“What are you doing? “To join or to see who invited you, check the attachment.” Hmmm. That looked interesting. After I clicked on it (in virtual environment), Yahoo renamed the attachment from “Invitation+Card.zip” to “Neutral.gif” and gave a warning: Nice work Yahoo.

Toy Story 3 is romping across cinemas Worldwide, and rightly so – it’s the best of the series by far. I thought it might be worth pointing out that being a product aimed at children doesn’t exclude it from internet shenanigans. If you have young children online who are partial to searching for Toy Story material, you might want to warn them about some of the below scams. One of the most popular tactics is advertising the “full movie” on Youtube, but directing the end-user to a bunch of surveys instead: ...

There is a well-respected and very useful site that everyone in the anti-virus industry uses – sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate: What it tries to download is detected as FraudTool.Win32.FakeRean (fs). Here’s what the real Virus Total site looks like. It basically runs your code sample or check sum against 41 anti-virus engines and displays the resulting detections. ...