Star Trek Based Anti-Virus: Klingon Anti-Virus (KAV)

Sophos put out a Star Trek Based Anti-Virus. Pure genius. The downloads for it are off the charts. Its free. Its fun and its increbibly smart marketing. Like many brilliant ideas it was an accident. Well, it was put out as an accident. But I for one am glad it was.

The Star Trek movie was awesome by the way! Great move for a franchise that deserves a larger commercial audience. I’m anxious for more movies and shows.

Popularity: 4% [?]

derad: Malicious “Security Warning” Popups

Here is some good quick advice from my fellow blogger Debra Radcliff:

Panda Security reports increased spread and success of popup “security warnings.” These warnings popup when people surf the Web and hit a malicious or infected Website, and keep flashing their warnings until the user goes to the link, at which time they get infected.

No legitimate security company would do this to a computer, so don’t click the link. Instead, disconnect from the Internet, clear your browser history and restart your computer. If your browser is still flashing warnings, the system will need to be disinfected through anti-virus or a computer restoration service.

Usually these false security warnings are a symptom of something much worse. I’ve had some that will actually not allow you to do much of anything but click on the link in their fake pop-up. What I did was a system restore, but you can also boot in Safe mode and attempt to clean the system.

Popularity: 15% [?]

Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002

That which does not kill us makes us stronger.
-Friedrich Nietzsche

In the November 2002, Information Security Magazine article, Infosec’s Worst NightMares, Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002. Mr. Skoudis is the founders of Intelguardians Network Intelligence, LLC and is a handler of the very popular Internet Storm Center.

Mr. Skoudis mentions that the Top five major destructive attacks of 1998 – 2002 made many industries “battle-tested” and more likely to be proactive rather than reactive. The 5 year Worst Skoudis list is based on exploits that shook our very faith in the Internet and security of e-commerce.

1. Code Red (2001). July 13 2001, the worm attacked Microsoft IIS systems. By 19 July 2001, the worm had affected over 350,000 systems. SANS and Honeynet Project set up honey pots to capture the worm. But E-eye Digital Security Programmers did the most intense research on the worm and also named it. The worm exploited a vulnerability in the indexing software distributed with IIS, described in Microsoft’s MS01-033 patch. It was a buffer overflow attack. Some of the lessons learned: Keep systems patched, use of honey pots to capture malware, coordinated response helps to contain worms.

2. Nimda (2001). Shortly after 9/11, the Nimda worm was unleashed. It caused more damage financially than Code Red. There were rumors that it was China that released it to hurt the US further, but this is unlikely due to the nature of Nimda.

While it was bad, it had the appearance of a being written by a determined amateur, not a nation-state that spends $1 Billion annually on cyberwarfare capabilities. – Skoudis.

Nimda affected Windows 95, 98, Me, NT, or 2000 and servers running Windows NT and 2000. It was so affective because it attacked IIS, e-mail, browsers and network shares. This multi dimensional attack method could mark a trend in future cyberfare.

Lessons Learned: The importance of an incident response capability, disabling arbitrary scripts in e-mail and browsers.

3. Melissa (1999) & LoveLetter (2000). Both of these exploited malware through e-mail propagation. Melissa used Microsoft Word Macro virus and LoveLetter (I Love You Virus). The worm harvested the victims address book to forward itself to more victims which killed a lot of email servers. Lessons Learned: Many companies got serious about implementing anti-virus applications throughout the network.

4. Distributed Denial-of-Service (DdoS) attacks (2000). After all the panic of pre-Y2K, a completely new and unexpected storm hit major sites: Yahoo!, Amazon, CNN, E*Trade ZDNet and eBay. All by a single child hacker nicked named Mafiaboy. He had spread zombie flooding agents to hundreds of machines around the world and used them to attack sites with billions of useless packets. Lessons Learned: employ anti-spoofing filters.

5. Remote Control Trojan Horse Backdoors (1998 – 2000). In 1998, the Cult of the Dead Cow hackers group created the Trojan, Back Orifice which initially targeted Windows NT/9x. The tool allowed unskilled attackers to attack any vulnerable system. It also marked the rise of the “script kiddies” and produced a bunch of spin offs such as Subseven, Netbus and Hack-a-Tack.

Popularity: 11% [?]

Malware Alarm

A friend of mine wanted me to do some work on her computer, but when I fired up the computer all I saw was Malware Alarm.

The computer was really slow and essentially un-usable. Malware alarm, I noticed, looks a lot like the scamware PS Guard and SpySheriff. These are applications that pretend to be anti-virus, anti-spam software that actually infect your system with spyware, mass-mailers, and backdoors into your system. This type of the malware is known as a trojan. As usual any attempts to shut this application down or minimized it are useless because even if you do manage to get anything else up, it will eat up so much system resources (CPU, memory, bandwidth) that the computer itself is close to useless. It you delete it in normal mode and miss a part of it, it will regenerate itself like a hydra.

After looking at the Task Manager (which took 20 minutes or so), I decided to reboot in “safe mode”. Unless your system has something like a Rootkit (malware that replaces the main component of your operating system) Safe Mode only turns what is needed and nothing else. I used system restore to remove Malware Alarm. And Spybot Search and destroy/Adaware to remove everything else.

System Restore should be used first because it is easiest and does require any additional software.

1) Reboot in Safe mode: Restart system, hit F8, select “Safe Mode”

2) Proceed in Safemode: When prompted (as in the picture above) Select “NO”

3) Restore Wizard: Select a date prior to when you recieved the malware (system restore does not delete newly downloaded files, only new changes in the registry)

Popularity: 14% [?]

What is W32 Myzor?

W32 Myzor is a part of a family of “Scamware”. These are trojans that pose as anti-virus/anti-spyware appliations that actually install malware on to your computer (viruses, worms, mass emailers). They attempt to gather your personal information and scare you into purchasing some shitty malicious software (no offense to adds running on this site).

W32.Myzor.FK@yf virus. The warning are fake. Your system probably is infected but it is infected because a myzor variant put it there. The balloon about “You computer is infected”, is not real.

go to the following for more:

w32 myzor
w32 myzor fk
w32 myzor fk yf

Popularity: 10% [?]

w32 flash almod

“w32 flash almod” If you are looking for W32/Alemod here are some links to remove this potential virus:

- PCGeeks – W32/Alemod

- CommentComarche – Hijackthis files

Popularity: 7% [?]

w32 serflike a

I have never heard of any virus called "w32 serflike a", however if you believe you have this or any other malware a good place to start investigating this is to use Autoruns

Autoruns is the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

More on w32 serflike a

Popularity: 5% [?]

virus w32 2fsober.k 40mm

You typed in w32/sober.@mm

You are looking for information on the W32.Sober@mm. W32 indicates that this malware affects Windows 32 systems. Sober is the family of malware it belongs to and “mm” stands for mass-mailing. The W32.Sober@mm virus is actually a mass-mailing worm. It uses a SMTP engine to spread itself. The subject of the email is in English or German. The name of the email attachment varies, and it will have a .bat, .com, .exe, .pif, or .scr file extension. It is written in the Visual Basic programming language and is compressed with UPX. W32.Sober@mm may display the fake error message “File not complete!”

More on virus w32 2fsober.k 40mm

Popularity: 7% [?]

recuperar informacion malograda por w32 pawur

information on Riparare file dnsrslve da w32 spybot worm

W32@pawur is a worm. More information on pawur

Nombre: W32/Pawur.A
Nombre NOD32: Win32/Pawur.A
Tipo: Gusano de Internet
Alias: Pawur.A, Tasin.A, Anzae, I-Worm.Pawur.A, I-Worm.Pawur.a, I-Worm.VB.w, I-Worm/Pawur.A, NewHeur_PE, W32.Inzae.A, W32/Anzae.Worm, W32/Tasin.A.worm, Win32/Inzae.A.Dropper, Win32/Pawur.A, WORM_ANZAE.A, W32/Anzae-A, W32/Insae.A@mm, Email-Worm.Win32.Pawur.a, Win32.HLLM.Pawur
Fecha: 22/nov/04
Plataforma: Windows 32-bit
Tamaño: 49,331 bytes

Popularity: 4% [?]

Netdrvr Ext W32 Spybot Worm

Those looking for “Netdrvr Ext W32 Spybot Worm”

You typed “Netdrvr Ext” Did you mean “netdrvr.exe”?

If you meant “netdrvr.exe” then you definitely have malware. More than likely you have a virus running in a critical system folder of Windows: C:\Windows\System32\netdrvr.exe. This virus looks like it might be a device driver (Network DRV) but it is like a cancer to your system resources and privacy.

This virus can be removed with free tools such as Adaware, HijackThis or Microsoft’s Autoruns (recommended).

Popularity: 7% [?]

Next Page »