Here is some good quick advice from my fellow blogger Debra Radcliff:

Panda Security reports increased spread and success of popup “security warnings.” These warnings popup when people surf the Web and hit a malicious or infected Website, and keep flashing their warnings until the user goes to the link, at which time they get infected.

No legitimate security company would do this to a computer, so don’t click the link. Instead, disconnect from the Internet, clear your browser history and restart your computer. If your browser is still flashing warnings, the system will need to be disinfected through anti-virus or a computer restoration service.

Usually these false security warnings are a symptom of something much worse. I’ve had some that will actually not allow you to do much of anything but click on the link in their fake pop-up. What I did was a system restore, but you can also boot in Safe mode and attempt to clean the system.

*verified with snopes.com and about anti-virus*

Emails with pictures of Osama Bin-Laden hanged are being sent and the
moment that you open these emails your computer will crash and you
will not be able to fix it!

1.) If you get an e-mail along the lines of ‘Osama Bin Laden Captured’
or ‘Osama Hanged’ , don’t open the Attachment!!!!

This e-mail is being distributed through countries around the globe,
but mainly in the US and Israel.

Be considerate & send this warning to whomever you know..

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS.

2.) You should be alert during the next few days:

Do not open any message with an attached file called ‘Invitation’
regardless of who sent it.

It is a virus that opens an Olympic Torch which ‘burns’ the whole hard
disc C of your computer!!!!

This virus will be received from someone who has your e-mail address
in his/her contact list, that is why you should send this E-Mail to all
your contacts.

It is better to receive this message 25 times than to receive the virus
and open it.

If you receive e-mail called ‘invitation’, though sent by a friend. Do
not open it!!! Shut down your computer immediately!!!!

This is the worst virus announced by CNN, it has been classified by
Microsoft as the most destructive virus ever.

This virus was discovered by McAfee yesterday, and there is no repair
yet for this kind of virus.

This virus simply destroys the Zero Sector of the Hard Disc, where the
vital information is kept.

This is a follow up to my post Why is Internet Safety Important

Dangers of the Internet are relative to the perspective of those accessing it. That is to say, on the Internet “dangers” are completely dependent on who is accessing what data from where and what their intentions are for accessing it. For example, researching a list of poisons could be a considered “dangers to the Internet” if a seriously disturbed person intends to kill his or her spouse. On the other hand, if a parent is just wondering what house hold products are poisonous with the intention of protecting her children, can that be considered a danger?

So protection from dangers on the Internet should be proactive and involve human judgment at some level. Policies must be written, planned and implemented in advanced or ad hoc to suit the environment and the users accessing the Internet. Children at a school with access from the classroom will more than likely be different from employees at a skating rink.

Even the items commonly considered dangers on the Internet relate directly to how much access individuals and organizations allow to and from the web. Common “dangers” may include (but should not be limited to) the following:

Accessibility to personal – applies to educating users on the dangers of putting personal information on the Internet and protecting organizational data bases

Sensitive data – For a school sensitive data is likely linked to the grades and personal information of staff and student, but for a business sensitive information could include proprietary information that would hurt the bottom line if it were leaked to competition.

Financial fraud & criminal hackers/scammers- This applies to educating users about criminal hacker techniques such as malware, social engineering, email and website phishing

The access of impressionable and/or psychologically disturbed individuals to potentially harmful and destructive information – This is rather subjective however it should be a concern to schools from elementary – colleges, rehabilitation facilities and mental institutions. There are ways to block certain obvious material with web-blocker type applications, but no one can stop them all. Monitoring is a must if this danger is to be handled seriously.

The risks and damage of these dangers are dependent on the environment & the users involved. It is up to the system owners to ensure that the policies are properly planned, implemented and maintained as exposure to any Internet danger can disrupt the safety, mission and/or values of an organization or individual.

The amazing freedom and availability of the Internet lends itself to a few major dangers: Pr0n, malware and how to perform illegal and/or dangerous activities.

Whether it is a curious person seeking these things out or the child accidentally clinking the wrong link and getting bombard with explicit pop-ups, the items lists can be harmful to an impressionable mind. Policies must be enforced.

There are a few groups that should have limited exposure to certain types of information on the Internet. Children, mentally handicapped or psychologically damaged people in settings such as schools, homes, rehabilitation or correctional facilities and group homes should be blocked, tracked and monitored while accessing the Internet. Certain information could destroy them if they don’t yet have the capacity to understand or put certain information in the proper context.

Protection from Pornography & Malware

In a professional setting there should be a written policy against accessing and/or downloading unacceptable material such as pornography. These items should be actively blocked whether in a working environment or at home among minors accessing the same system. Allowing impressionable or fragile minds unlimited access to certain graphic material is irresponsible. The law is also a good reason why Internet safety is important. If you are the owner or charged with immediate control of the system being used for illegal activity, you could be partially or wholly liable for the activity. An example is substitute teacher Julie Amero

On October 19, 2004, Julie Amero was substituting for a seventh-grade language class at Kelly Middle School in Norwich, Connecticut. The teacher’s computer was accessed by pupils while the regular teacher, Matthew Napp, was out of the room. When Julie took charge, the computer started showing pornographic images.

On January 5, 2007, Amero was convicted in Norwich Superior Court on four counts of risk of injury to a minor, or impairing the morals of a child. Her sentencing was delayed four times after her conviction, with both the prosecution and judge not satisfied that all aspects of the case had been assessed.[1] The felony charges for which she was originally convicted carry a maximum prison sentence of 40 years

– wikipedia

The Kelly Middle School systems were actually infected with malware that allowed the explicit pictures to pop up.

Access to Dangerous information

From the Columbine shooters to the Virginia Tech massacre, most of the killers had a recorded history of mental illness and/or psychologically instability. In many cases, they used public and/or home computers belonging to their parents to research bomb making or even purchase guns.

Controlling access is the best way to get on the Internet safely. Maintaining privacy of users is another important step in Internet safety, however that is a matter of educating users particularly if the frequent Social networks such as facebook or myspace. They need to be instructed about the dangers of stalkers, perverts and predators looking specifically for impressionable minds.

We are the keepers of these impressionable and fragile minds. That is the reason Internet safety is important and why we must be mindful of these subjects.

That which does not kill us makes us stronger.
-Friedrich Nietzsche

In the November 2002, Information Security Magazine article, Infosec’s Worst NightMares, Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002. Mr. Skoudis is the founders of Intelguardians Network Intelligence, LLC and is a handler of the very popular Internet Storm Center.

Mr. Skoudis mentions that the Top five major destructive attacks of 1998 – 2002 made many industries “battle-tested” and more likely to be proactive rather than reactive. The 5 year Worst Skoudis list is based on exploits that shook our very faith in the Internet and security of e-commerce.

1. Code Red (2001). July 13 2001, the worm attacked Microsoft IIS systems. By 19 July 2001, the worm had affected over 350,000 systems. SANS and Honeynet Project set up honey pots to capture the worm. But E-eye Digital Security Programmers did the most intense research on the worm and also named it. The worm exploited a vulnerability in the indexing software distributed with IIS, described in Microsoft’s MS01-033 patch. It was a buffer overflow attack. Some of the lessons learned: Keep systems patched, use of honey pots to capture malware, coordinated response helps to contain worms.

2. Nimda (2001). Shortly after 9/11, the Nimda worm was unleashed. It caused more damage financially than Code Red. There were rumors that it was China that released it to hurt the US further, but this is unlikely due to the nature of Nimda.

While it was bad, it had the appearance of a being written by a determined amateur, not a nation-state that spends $1 Billion annually on cyberwarfare capabilities. – Skoudis.

Nimda affected Windows 95, 98, Me, NT, or 2000 and servers running Windows NT and 2000. It was so affective because it attacked IIS, e-mail, browsers and network shares. This multi dimensional attack method could mark a trend in future cyberfare.

Lessons Learned: The importance of an incident response capability, disabling arbitrary scripts in e-mail and browsers.

3. Melissa (1999) & LoveLetter (2000). Both of these exploited malware through e-mail propagation. Melissa used Microsoft Word Macro virus and LoveLetter (I Love You Virus). The worm harvested the victims address book to forward itself to more victims which killed a lot of email servers. Lessons Learned: Many companies got serious about implementing anti-virus applications throughout the network.

4. Distributed Denial-of-Service (DdoS) attacks (2000). After all the panic of pre-Y2K, a completely new and unexpected storm hit major sites: Yahoo!, Amazon, CNN, E*Trade ZDNet and eBay. All by a single child hacker nicked named Mafiaboy. He had spread zombie flooding agents to hundreds of machines around the world and used them to attack sites with billions of useless packets. Lessons Learned: employ anti-spoofing filters.

5. Remote Control Trojan Horse Backdoors (1998 – 2000). In 1998, the Cult of the Dead Cow hackers group created the Trojan, Back Orifice which initially targeted Windows NT/9x. The tool allowed unskilled attackers to attack any vulnerable system. It also marked the rise of the “script kiddies” and produced a bunch of spin offs such as Subseven, Netbus and Hack-a-Tack.

Phlashing allows you to damage hardware over the Internet. This is something new and consists of flashing, as in changing the firmware, or computer code in chips on your motherboard, controller cards or other hardware. Since more modern systems allow flashing firmware over a network for quick updates, this is now an exploitable vulnerability. Previously, you had to “flash” those computer chips from the machine that contained them.

There are security features in hardware to prevent this kind of vandalism, but unfortunately some flaws enable hackers to flash destructively. Phlashing code has already been developed by security researchers and hackers. Phlashing attacks are not easy and will likely not be common, however its a possible glimpse of the coming storm of weapons of cyber destruction.

“Phlashing” attacks could render network hardware useless
Most computer security coverage focuses on the PC realm, but Rich Smith, head of HP’s Systems Security Lab, has identified a potential security flaw within a network’s physical hardware rather than a typical desktop or server system. Smith’s report focuses on a class of devices he refers to as Network Enabled Embedded Devices (NEEDS for short), and how such systems could be attacked at the firmware level through a process he refers to as “phlashing.” – more at Arstechnica

A friend of mine wanted me to do some work on her computer, but when I fired up the computer all I saw was Malware Alarm.

The computer was really slow and essentially un-usable. Malware alarm, I noticed, looks a lot like the scamware PS Guard and SpySheriff. These are applications that pretend to be anti-virus, anti-spam software that actually infect your system with spyware, mass-mailers, and backdoors into your system. This type of the malware is known as a trojan. As usual any attempts to shut this application down or minimized it are useless because even if you do manage to get anything else up, it will eat up so much system resources (CPU, memory, bandwidth) that the computer itself is close to useless. It you delete it in normal mode and miss a part of it, it will regenerate itself like a hydra.

After looking at the Task Manager (which took 20 minutes or so), I decided to reboot in “safe mode”. Unless your system has something like a Rootkit (malware that replaces the main component of your operating system) Safe Mode only turns what is needed and nothing else. I used system restore to remove Malware Alarm. And Spybot Search and destroy/Adaware to remove everything else.

System Restore should be used first because it is easiest and does require any additional software.

1) Reboot in Safe mode: Restart system, hit F8, select “Safe Mode”

2) Proceed in Safemode: When prompted (as in the picture above) Select “NO”

3) Restore Wizard: Select a date prior to when you recieved the malware (system restore does not delete newly downloaded files, only new changes in the registry)

W32 Myzor is a part of a family of “Scamware”. These are trojans that pose as anti-virus/anti-spyware appliations that actually install malware on to your computer (viruses, worms, mass emailers). They attempt to gather your personal information and scare you into purchasing some shitty malicious software (no offense to adds running on this site).

W32.Myzor.FK@yf virus. The warning are fake. Your system probably is infected but it is infected because a myzor variant put it there. The balloon about “You computer is infected”, is not real.

go to the following for more:

w32 myzor
w32 myzor fk
w32 myzor fk yf

“w32 flash almod” If you are looking for W32/Alemod here are some links to remove this potential virus:

– PCGeeks – W32/Alemod

– CommentComarche – Hijackthis files

You typed in w32/sober.@mm

You are looking for information on the W32.Sober@mm. W32 indicates that this malware affects Windows 32 systems. Sober is the family of malware it belongs to and “mm” stands for mass-mailing. The W32.Sober@mm virus is actually a mass-mailing worm. It uses a SMTP engine to spread itself. The subject of the email is in English or German. The name of the email attachment varies, and it will have a .bat, .com, .exe, .pif, or .scr file extension. It is written in the Visual Basic programming language and is compressed with UPX. W32.Sober@mm may display the fake error message “File not complete!”

More on virus w32 2fsober.k 40mm