IT Masala

Scammers all over are taking advantage of the knowledge of common people using Windows. They have adopted nice engineering tricks to trick ppl …

According to the Symantec Security Response Weblog:

Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical - it's really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate.

Here’s the scam. The Trojan installs itself onto a PC and presents the user with the following message:

“Your copy of Windows has been activated by another user.
To help reduce software piracy, please re-activate your copy of Windows now.
WE will ask for your billing details, but your credit card will NOT be charged.
You must activate Windows before you can continue to use it.
Microsoft is committed to your Privacy. For more information, www.microsoft.com/piracy.
Do you want to activate Windows now?”

Look at the screenshot:

Read the rest of this entry »

Too much digitalization leads to this !! donna where we are heading to !! 

The IC3 (Internet Crime Complaint Center) , a partnership betweeen the FBI and the NW3C (National White Collar Crime Center) issued a report for the year 2006.

It has come up with interesting statistics, including the Top 10 IC3 Complaint Categories:

A new Skype worm that displays an image of a scantily clad woman wearing stilettos (shown left) has been identified by security companies F-Secure and Sophos.

The worm has been named “IM-Worm:W32/Pykse.A” by F-Secure and Mal/Pykse-A by Sophos.

How Does it Affect ? 

Pykse-A is most likely to be installed by clicking on a link contained in a received Skype message. It sets the Skype user’s status to DND (do not disturb) before sending a message with a malware link to all online friends in the Skype contact list.

If the recipient clicks on the link, a Trojan dropper (detected as Troj/Dropper-OI) is downloaded. When Troj/Dropper-OI is executed, an enticing image(scantily clad model wearing stiletto heeled shoes) is displayed, and Pykse-A is dropped and silently executed.

The image of the woman is displayed in a bid by the malware creator to cover up the true purpose of the download.

Where does the link in the message lead to ? 

The link (contains ”The Living Africa” content , which has been ripped from a legitimate site: library.thinkquest.org.) also directs users to at least eight Web sites with information about Africa. It's not clear what type of scam or harm those pages intend, but some of the sites have advertising on them, indicating that it might be a click-fraud scam, said Graham Cluley, senior technology consultant for Sophos PLC.

Whats Click Fraud - Click fraud refers to the various tricks used to get clicks on advertising banners, which generate revenue for Web page owners.

Please follow the instructions for removing worms

A major Linux Wi-Fi driver contains a bug that can allow an attacker to take control of a laptop–even when it is not on a Wi-Fi network.There have not been many Linux Wi-Fi device drivers, and this is apparently the first remotely executable Wi-Fi bug.

It Affects : 

It affects the widely used MadWi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets, according to Laurent Butti, a researcher from France Telecom Orange.

Whats the threat ? 

The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a Wi-Fi network .

Note : "You may be vulnerable if you do not manually patch your MadWi-Fi driver," said Butti.

via [ pcworld ] 

The Storm Worm is back. The e-mail virus, which first attacked in January, has returned with a vengeance during the last 24 hours, boosting the amount of virus traffic on the Internet to as much as 60 times the normal amount. The Internet Storm Center reported detecting at least 20,000 infections today.

Detection :  Nine engines caught the virus, some of which are eTrust-Vet, Fortinet, F-Secure, McAfee and Webwasher-Gateway.

Effects of this Storm Virus:

Once installed on a personal computer, the virus takes control of the machine, sending personal information stored on the PC back to the online criminals who created the malicious program. It can also send itself out to the entire address book of the PC's owner, and turn it into a "zombie" machine sending out more spam.

Speciality : Unlike the original Storm malware, which was hidden in an executable file, this one is hidden in the encrypted zip file .So if they can't detect it , how can they stop it ?

Types of Spam Mails Sent : New Storm Worm variants showing up attached to e-mails with subjects such as "Virus Alert!" or "I dream of you".

Inside the e-mail is an image and an encrypted zip file. The image has the password needed to open the zip file.

Spreading : Only possibility of spreading is through peer-to-peer network, as a standalone pc cannot do any damage outside itself ! 

Caution : So don't open any unexpected e-mail attachments. Even if its sent from somebody you know , check before you open the attachments as the virus picks up email ids from the infected pc to send out spam mails.

Solution :  As this virus spreads only when a user opens an attachment , so it depends on the user , so cant patch all users mind , can we ? . So it solely depends on your common sense !

Anti-spam specialist maps the spam world

Sophos has published its latest report on the top 12 spam relaying countries during the first quarter of 2007.  Experts at SophosLabs have revealed that yet again, the U.S. relayed considerably more spam than other nations, producing just less than one-fifth (19.8%) of the world's spam.

According to Sophos, the overall volume of spam increased about 4.2% during Q1 2007, when compared to the same period in 2006.

The top 12 spam relaying countries are as follows:

 January to March 2007

 1. United States 19.8%
 2. China (including Hong Kong) 7.5%
 3. Poland 7.4%
 4. South Korea 7.0%
 5. Italy 5.0%
 6. France 4.1%
 7. Germany 3.7%
 8. Spain 3.5%
 9. Brazil  3.1%
 10. Russia 3.0%
 11. India 2.8%
 12. Taiwan 2.5%
 Other 30.6%

"Although the U.S. continues its reign over the dirty dozen, it has reduced its output in the past 12 months," said Ron O'Brien, senior security analyst at Boston-based Sophos. "It's likely that computer users in the U.S. are growing wiser and securing their computers more thoroughly."

"Mobile spamming represents a new method for crooked marketers – many people are used to ignoring unsolicited email spam, but they don't necessarily expect it to turn up on their mobile phones," said O'Brien. "Users who receive spam on their mobile phones should call or email their network providers immediately. Although this type of spamming is on the rise, it only represents a small problem compared to email spam." 

via [ Sophos ]

Related Picture :

A nice picture showing the type of spam we get daily …. 

If you think of any reasons that are missing, let us know  — via [ FSF ]  

The Russian security company Kaspersky Lab claims to have created the world's first "proof of concept" iPod virus. They provide exceptionally few details about the "virus" itself, but what they do provide tells us that the virus that they created doesn't really exploit that much. They named the virus "Podloso," which is—again—a proof-of-concept program and "does not pose a real threat," writes the company.

Security vendor Kaspersky Labs announced it has detected the first virus designed to infect iPod portable media players. Photo by Kaspersky Labs

Condition to be Affected :

Kaspersky says the iPod must have Linux installed. The company says that the user must put the virus' file onto the iPod's disk first . ( this is too much limitation..who the hell would do that..)

Virus Activity :

Once there, the virus installs itself into a folder that contains program demos on the iPod. It then allegedly scans the disk of the iPod in order to infect all .elf files, and if the user tries to launch any of these files, a mocking message will be displayed on the iPod's screen: "You are infected with Oslo the first iPodLinux Virus."

"Podloso has no malicious payload, and does not present a real threat; it simply demonstrates that it is, theoretically possible to create malicious programs for such devices," writes the company.

Note : But still Ipod users are not away from the threat of being affected severely by malicious programmers . So be careful when you install any third party softwares or any hacks to your little music player .

via [ novinite ] 

There are problems with the patch Microsoft released Tuesday for a critical .ANI vulnerability, and hackers have launched a new spam campaign to take advantage of the flaw.

There are problems with the update Microsoft released Tuesday for a critical .ANI vulnerability, and hackers have launched a new spam campaign to take advantage of the flaw by promising nude pictures of Britney Spears to lure users to malicious sites.

Deborah Hale, a handler with the Internet Storm Center, reported in the site's daily diary on Wednesday that researchers there are receiving reports of users having problems with the patch, which Microsoft pushed out a week earlier than its normal monthly Patch Tuesday release. Microsoft confirmed a problem with the patch and provided a hotfix, or a patch for the patch, when the patch was first released.

Hale noted that other issues have arisen, as well, and Microsoft is investigating them.

Sophos reported in an advisory that the malicious site contains the Iffy-A Trojan that points to another piece of malware, which contains the zero-day .ANI exploit. Sophos detects this Trojan as Animoo-L.

"The message is simple: You must patch your computers against this vulnerability now or risk infection," said Graham Cluley, senior technology consultant for Sophos, in a statement. "Hackers are exploiting people's tardiness in rolling out updates and looking to infect as many PCs as they can. Microsoft issued a patch for the problem yesterday, but the hackers will continue to take advantage of the critical security loophole for as long as they can."

Problem :

The .ANI vulnerability involves the way Windows handles animated cursor files and could enable a hacker to remotely take control of an infected system. The bug affects all the recent Windows releases, including its new Vista operating system. Internet Explorer is the main attack vector for the exploits.

Effects of that Problem : 

Users are being infected after visiting a malicious Web page that has embedded malware designed to take advantage of the flaw. They also can be infected if they open a specially crafted e-mail message or if they open a malicious e-mail attachment sent by a hacker.

Solution :

Meanwhile, security firm eEye Digital Security Inc. has brought out an unofficial and temporary fix for the problem.

Who is spreading the attack code :

It is suspected that several websites, including at least two hosted in China, are offering the attack code that exploits the bug. 

via [ IW ] 

Security update is released now and available for both the 2.1 and 2.0 branches of WordPress now available for immediate download. This update is highly recommend for all users of both branches.

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems. These security issues were reported by Sumit Siddharth and Alex Concha .

[ Download ] via [ WordPress ]