Page 38 of 68 FirstFirst ... 2834353637383940414248 ... LastLast
Results 556 to 570 of 1011
  1. #556
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Quote Originally Posted by Ned Slider View Post
    Nero 7.7.5.1

    More news to follow as we get it
    Looks like this is a flase positive, although BitDefender and eSafe are still detecting it.

    Quote Originally Posted by Nero
    No Virus Threat in Nero 7.7.5.1

    As part of the development of Nero 7, we are using innovative methods to display pictures and videos. Some of these methods were used for the first time in version 7.7.5.1 and adapted to Windows Vista. As these methods were previously unknown to antivirus software manufacturers, this resulted in a virus warning being displayed in some antivirus software during the installation of Nero 7.7.5.1.

    In the meantime, these methods have been examined by some manufacturers, have been classified as harmless, and the relevant updates of the virus definitions have been carried out. Once the antivirus software has been updated, virus warnings should no longer appear during the installation of Nero 7.7.5.1.

    Warnings in spyware and mailware which appeared while initially installing Nero should also no longer appear after updating the relevant software (e.g. Adaware, Spybot Search & Destroy).

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  2. #557
    Joined
    Jan 2007
    Posts
    1

    Re: Virus Alerts/Security Warnings/Solutions

    Guys, have you heard of Myspace phishing?

  3. #558
    Joined
    Aug 2001
    Posts
    74,684

    Re: Virus Alerts/Security Warnings/Solutions

    Daylight Savings Time is different this year.
    May want to read this or your world may get confused

    From our friends at SANS

    http://isc.sans.org/diary.html?storyid=2142

  4. #559
    Joined
    Aug 2001
    Posts
    74,684

    Re: Virus Alerts/Security Warnings/Solutions

    Too good not to repeat.

    From SANS

    http://isc.sans.org/diary.html?storyid=2148


    Simon says: download backdoor.exe (or using Vista Speech Command for fun and profit)
    Published: 2007-02-01,
    Last Updated: 2007-02-01 11:49:20 UTC
    by Arrigo Triulzi (Version: 1)
    Once in a while security researchers ask themselves simple questions to which they sincerly hope the answer is "of course not!".

    This is the story of a question to which the answer is "oh my, this is fun!".

    On January 30th Sebastian Krahmer asked himself (out loud on the Dailydave mailing list) if Windows Vista Speech Command function could be used by a malicious website feeding a wav file which would speak commands to download malware. The idea is deceivingly simple: the wav file plays through the speakers, the microphone picks up the commands and the Speech Command happily executes them.

    A fascinating discussion ensued, George Ou went off to research the concept and, at the risk of spoiling the surprise, here is the result in George's fine words:

    "I recorded a sound file that would engage speech command on Vista, then engaged the start button, and then I asked for the command prompt. When I played back the sound file with the speakers turned up loud, it actually engaged the speech command system and fired up the start menu. I had to try a few more times to get the audio recording quality high enough to get the exact commands I wanted but the shocking thing is that it worked!"
    Oh dear.

    There are obviously a few obstacles to overcome to make this a viable attack like having to spell out a long URL so George tried to use the "tinyurl" service and indeed that worked just fine. The next question was whether it would work with untrained voices and George reported that it would happily work.

    The best picture in my mind of this attack vector is a large trading room, in the middle of the night, and one computer shouting out loud "start listening", "start", "internet explorer", "download <some tinyurl>", etc.

    So, how about prevention? Well, the answer is that you should disable Speech Command for the time being or use it carefully and wait for Microsoft to issue a patch which ignore output from the computer's own speakers.

    For those who are old enough to remember: about 15 years ago Apple introduced voice commands for MacOS and it was great fun to shout behind someone's back "shutdown" to see the Mac happily go into its shutdown routine. This was patched a while back on MacOS, as you can probably imagine, but it was a great prank.

    Thanks to Gerrit Rothmaier for bringing it up at 08:42 this morning and dramatically improving my second espresso of the day.
    Last edited by jimzinsocal; 02-01-2007 at 08:44 AM.

  5. #560
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Antivirus products for Vista tested:

    http://forums.pcper.com/showthread.php?t=435177

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  6. #561
    Joined
    Dec 2002
    Location
    Blaine, WA
    Age
    61
    Posts
    30,989

    Re: Virus Alerts/Security Warnings/Solutions

    Thanks, Ned! I'm looking at installing Vista first of next week!
    Main Rig: EVGA 141-BL-E769-A1 LGA 1366 Intel X58 CLASSIFIED/WATERCOOLED ED. cooled by the Monster Water Cooling Setup
    HTPC One BIG Case Asus 8 CORE Monster
    ASUS: 5 * BIOSTAR: 1 * CHAINTECH: 1 * EVGA: 3 * GIGABYTE: 5 * SUPER MICRO: 1 *TYAN: 2
    180+ GHZ total power for PC Perspective Killer Frogs Rosetta @ Home Team as The Uncle B's!!




    Spoiler!

    I'm the Uncle your Aunt won't talk about. Go ahead and pull my finger!

  7. #562
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Malicious Website: Super Bowl XLI / Dolphin Stadium

    *** Do not visit this site ***

    Quote Originally Posted by Websense® Security Labs™
    Websense® Security Labs™ has discovered that the official website of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium is currently experiencing a large number of visitors, as it is the home of Sunday's Super Bowl XLI. The site is linked from numerous official Super Bowl websites and various Super Bowl-related search terms return links to the site.

    A link to a malicious javascript file has been inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

    The file that is downloaded is a NsPack-packed Trojan keylogger/backdoor, providing the attacker with full access to the compromised computer. The filename is w1c.exe and its MD5 is ad3da9674080a9edbf9e084c10e80516
    http://www.websense.com/securitylabs...hp?AlertID=733

    Detections for this are pretty poor at the moment (see below). In addition, colleagues have identified further malicious files that are downloaded with equally poor detection rates:

    Code:
    Complete scanning result of "w1c.exe", received in VirusTotal at 02.02.2007, 19:13:55 (CET).
    
    Antivirus Version Update Result
    AntiVir 7.3.1.34 02.02.2007 HEUR/Crypted
    Authentium 4.93.8 02.02.2007 Possibly a new variant of W32/PWStealer.gen1
    Avast 4.7.936.0 02.01.2007  no virus found
    AVG 386 02.02.2007  no virus found
    BitDefender 7.2 02.02.2007  no virus found
    CAT-QuickHeal 9.00 02.02.2007 (Suspicious) - DNAScan
    ClamAV devel-20060426 02.02.2007  no virus found
    DrWeb 4.33 02.02.2007  no virus found
    eSafe 7.0.14.0 02.02.2007 suspicious Trojan/Worm
    eTrust-InoculateIT 30.4.3364 02.02.2007  no virus found
    eTrust-Vet 30.4.3364 02.02.2007  no virus found
    Ewido 4.0 02.02.2007  no virus found
    Fortinet 2.85.0.0 02.02.2007 suspicious
    F-Prot 4.2.1.29 02.01.2007 W32/PWStealer.gen1
    Ikarus T3.1.0.31 02.02.2007 Backdoor.Win32.PcClient.GV
    Kaspersky 4.0.2.24 02.02.2007  no virus found
    McAfee 4955 02.02.2007  no virus found
    Microsoft 1.2101 02.02.2007  no virus found
    NOD32v2 2030 02.02.2007 probably unknown NewHeur_PE virus
    Norman 5.80.02 02.02.2007  no virus found
    Panda 9.0.0.4 02.02.2007 Suspicious file
    Prevx1 V2 02.02.2007  no virus found
    Sophos 4.13.0 02.02.2007 Mal/Packer
    Sunbelt 2.2.907.0 02.01.2007  no virus found
    Symantec 10 02.02.2007 Trojan.Zlob
    TheHacker 6.0.3.162 02.02.2007  no virus found
    UNA 1.83 02.01.2007  no virus found
    VBA32 3.11.2 02.02.2007 suspected of Backdoor.Hupigon.180 (paranoid heuristics)
    VirusBuster 4.3.19:9 02.02.2007 novirus:Packed/NSPack
    
    Aditional Information
    File size: 56151 bytes
    MD5: ad3da9674080a9edbf9e084c10e80516
    SHA1: 7f1f29fca5022f466bc466caf808f3620ad5b4a7
    packers: NSPACK, UPX, NSPACK 
    
    ----------------------------------------------
    
    STATUS: FINISHEDComplete scanning result of "msmsgs.exe", received in VirusTotal at 02.02.2007, 20:03:01 (CET).
    
    Antivirus Version Update Result
    AntiVir 7.3.1.34 02.02.2007  no virus found
    Authentium 4.93.8 02.02.2007  no virus found
    Avast 4.7.936.0 02.01.2007  no virus found
    AVG 386 02.02.2007  no virus found
    BitDefender 7.2 02.02.2007  no virus found
    CAT-QuickHeal 9.00 02.02.2007  no virus found
    ClamAV devel-20060426 02.02.2007  no virus found
    DrWeb 4.33 02.02.2007  no virus found
    eSafe 7.0.14.0 02.02.2007 suspicious Trojan/Worm
    eTrust-InoculateIT 30.4.3364 02.02.2007  no virus found
    eTrust-Vet 30.4.3364 02.02.2007  no virus found
    Ewido 4.0 02.02.2007  no virus found
    Fortinet 2.85.0.0 02.02.2007  no virus found
    F-Prot 4.2.1.29 02.01.2007  no virus found
    Ikarus T3.1.0.31 02.02.2007  no virus found
    Kaspersky 4.0.2.24 02.02.2007  no virus found
    McAfee 4955 02.02.2007  no virus found
    Microsoft 1.2101 02.02.2007  no virus found
    NOD32v2 2030 02.02.2007  no virus found
    Norman 5.80.02 02.02.2007  no virus found
    Panda 9.0.0.4 02.02.2007  no virus found
    Prevx1 V2 02.02.2007  no virus found
    Sophos 4.13.0 02.02.2007  no virus found
    Sunbelt 2.2.907.0 02.01.2007  no virus found
    Symantec 10 02.02.2007 Trojan.Zlob
    TheHacker 6.0.3.162 02.02.2007  no virus found
    UNA 1.83 02.01.2007  no virus found
    VBA32 3.11.2 02.02.2007 suspected of Backdoor.Hupigon.180 (paranoid heuristics)
    VirusBuster 4.3.19:9 02.02.2007 no virus found
    
    Aditional Information
    File size: 20992 bytes
    MD5: 9b36413b0a8b7e483df5bed95410c8d1
    SHA1: 8ca5995e089ce53f6901801a0413fcea88686e14
    packers: UPX
    packers: UPX
    packers: UPX
    
    ----------------------------------------------
    
    STATUS: FINISHEDComplete scanning result of "ADupdate.exe", received in VirusTotal at 02.02.2007, 20:07:50 (CET).
    
    Antivirus Version Update Result
    AntiVir 7.3.1.34 02.02.2007 TR/Crypt.FKM.Gen
    Authentium 4.93.8 02.02.2007 Possibly a new variant of W32/PWStealer.gen1
    Avast 4.7.936.0 02.01.2007  no virus found
    AVG 386 02.02.2007  no virus found
    BitDefender 7.2 02.02.2007 DeepScan:Generic.Malware.FPBPk!g.11674FE3
    CAT-QuickHeal 9.00 02.02.2007 (Suspicious) - DNAScan
    ClamAV devel-20060426 02.02.2007  no virus found
    DrWeb 4.33 02.02.2007  no virus found
    eSafe 7.0.14.0 02.02.2007 suspicious Trojan/Worm
    eTrust-InoculateIT 30.4.3364 02.02.2007  no virus found
    eTrust-Vet 30.4.3364 02.02.2007  no virus found
    Ewido 4.0 02.02.2007  no virus found
    Fortinet 2.85.0.0 02.02.2007 suspicious
    F-Prot 4.2.1.29 02.01.2007 W32/PWStealer.gen1
    Ikarus T3.1.0.31 02.02.2007 Backdoor.Win32.PcClient.GV
    Kaspersky 4.0.2.24 02.02.2007  no virus found
    McAfee 4955 02.02.2007  no virus found
    Microsoft 1.2101 02.02.2007  no virus found
    NOD32v2 2031 02.02.2007 probably unknown NewHeur_PE virus
    Norman 5.80.02 02.02.2007  no virus found
    Panda 9.0.0.4 02.02.2007 Trj/Lineage.CIF
    Prevx1 V2 02.02.2007 Dropper.Payload
    Sophos 4.13.0 02.02.2007 Mal/Packer
    Sunbelt 2.2.907.0 02.01.2007  no virus found
    Symantec 10 02.02.2007 Trojan.Zlob
    TheHacker 6.0.3.162 02.02.2007  no virus found
    UNA 1.83 02.01.2007  no virus found
    VBA32 3.11.2 02.02.2007 suspected of Backdoor.Hupigon.180 (paranoid heuristics)
    VirusBuster 4.3.19:9 02.02.2007 novirus:Packed/NSPack
    
    Aditional Information
    File size: 31046 bytes
    MD5: 5f50dc701c90cc85b8fcb0e549e564e3
    SHA1: d1d6f8f98fb332b172f89c20504c92bef32cca66
    packers: NSPACK 
    
    ----------------------------------------------
    
    STATUS: FINISHEDComplete scanning result of "1.exe", received in VirusTotal at 02.02.2007, 20:16:01 (CET).
    
    Antivirus Version Update Result
    AntiVir 7.3.1.34 02.02.2007  no virus found
    Authentium 4.93.8 02.02.2007  no virus found
    Avast 4.7.936.0 02.01.2007  no virus found
    AVG 386 02.02.2007  no virus found
    BitDefender 7.2 02.02.2007  no virus found
    CAT-QuickHeal 9.00 02.02.2007  no virus found
    ClamAV devel-20060426 02.02.2007  no virus found
    DrWeb 4.33 02.02.2007  no virus found
    eSafe 7.0.14.0 02.02.2007 suspicious Trojan/Worm
    eTrust-InoculateIT 30.4.3364 02.02.2007  no virus found
    eTrust-Vet 30.4.3364 02.02.2007  no virus found
    Ewido 4.0 02.02.2007  no virus found
    Fortinet 2.85.0.0 02.02.2007  no virus found
    F-Prot 4.2.1.29 02.01.2007  no virus found
    Ikarus T3.1.0.31 02.02.2007  no virus found
    Kaspersky 4.0.2.24 02.02.2007  no virus found
    McAfee 4955 02.02.2007  no virus found
    Microsoft 1.2101 02.02.2007  no virus found
    NOD32v2 2031 02.02.2007  no virus found
    Norman 5.80.02 02.02.2007  no virus found
    Panda 9.0.0.4 02.02.2007  no virus found
    Prevx1 V2 02.02.2007  no virus found
    Sophos 4.13.0 02.02.2007  no virus found
    Sunbelt 2.2.907.0 02.01.2007  no virus found
    Symantec 10 02.02.2007 Trojan.Zlob
    TheHacker 6.0.3.162 02.02.2007  no virus found
    UNA 1.83 02.01.2007  no virus found
    VBA32 3.11.2 02.02.2007 suspected of Backdoor.Hupigon.180 (paranoid heuristics)
    VirusBuster 4.3.19:9 02.02.2007 no virus found
    
    Aditional Information
    File size: 20992 bytes
    MD5: 9b36413b0a8b7e483df5bed95410c8d1
    SHA1: 8ca5995e089ce53f6901801a0413fcea88686e14
    packers: UPX
    packers: UPX
    packers: UPX
    Files purport to be genuine Microsoft or Kaspersky Labs files, but are not.

    Mitigation:

    It is at present unclear if the site owners have fully cleaned the site. It is also unclear if they are aware how they were hacked to begin with and whether they are currently able to prevent further infection. Users are strongly advised to avoid the site(s) completely.

    The exploit appears to target two existing MS vulnerabilities, MS06-014 and MS07-004. Ensuring your system is fully patched will help mitigate the risk. Further, disabling javascript from within your browser may help mitigate risk.

    Administrators are advised to block affected domains at their perimeter firewall. Affected (and potentially affected) domains (on 63.251.159.232) include:

    Dolphinsstadium[dot]com
    Dolphinstadium[dot]com
    Proplayerstadium[dot]com
    Miamidolphinsphotos[dot]com
    Miamidolphinsphototicket[dot]com

    The inserted javascript is calling exploit code from dv521[dot]com (205.209.149.93), so this domain should also be blocked.

    -------------------------------------------------------------------------

    Update: It looks like the source, dv521[dot]com, has been taken offline - at least for now, so panic over for the time being
    Last edited by Ned Slider; 02-02-2007 at 09:04 PM.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  8. #563
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Wireshark

    For those into packet sniffing/analysis...

    Wireshark 0.99.5 has just been released that fixes a couple of DoS vulnerabilities whereby a malformed packet could cause the computer to crash:

    http://www.wireshark.org/security/wnpa-sec-2007-01.html

    I've never actually seen an exploit in the wild against Wireshark (Ethereal), but that's no reason not to upgrade

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  9. #564
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Microsoft Advanced Notification

    Next Tuesday Microsoft will be releasing 12 patches as detailed in their advanced notification released earlier today:

    http://www.microsoft.com/technet/sec...n/advance.mspx

    Write it in your diaries now... ooh, I can hardly wait!

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  10. #565
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Virus gangs attacking each other

    There are reports that the two groups behind the recent Storm worms and Warezov viruses are partaking in a little infighting:

    http://www.f-secure.com/weblog/archi....html#00001109
    http://www.secureworks.com/research/...eat=storm-worm

    This is generally not good news and such activities often result in an upsurge of malicious activity as each group tries to establish dominance over the other. Be on the lookout for a flurry of new activity from these two groups, and expect to see new variants not initially detected by antivirus solutions.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  11. #566
    Joined
    Aug 2001
    Posts
    74,684

    Re: Virus Alerts/Security Warnings/Solutions

    Another "gem" to be aware of...

    http://isc.sans.org/diary.html?storyid=2217

  12. #567
    Joined
    Aug 2001
    Posts
    74,684

    Re: Virus Alerts/Security Warnings/Solutions


  13. #568
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Microsoft Patch Tuesday

    12 Critical updates this month from Microsoft:

    https://www.microsoft.com/technet/se.../ms07-feb.mspx

    Be sure to head on over to Microsoft Updates...

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  14. #569
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Valentine's Day Viruses

    OK, you know they're coming so don't get caught out!

    F-Secure's blog has details of one such Valentine's Day scam currently circulating by email:

    http://www.f-secure.com/weblog/archi....html#00001111



    ...and don't forget to get the wife a card and some flowers/chocolates otherwise you'll probably wish you'd got that virus instead
    Last edited by Ned Slider; 02-13-2007 at 07:11 PM.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  15. #570
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Virus Alerts/Security Warnings/Solutions

    Funny

    US prepared to bomb cyber attackers:

    http://www.f-secure.com/weblog/archi....html#00001113

    It seems, that with the use of GeoIP and Google Earth, researchers can pinpoint cyber attackers with sufficient accuracy to bomb them, with Presidential approval first of course

    Best thing for 'em, I say (TM)

    / I know we try and keep it serious in this thread, but I couldn't resist this one.../

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •