W32/MSNworm.EI.worm, which spreads via the MSN Messenger and displays a funny picture of a little pig sending you a kiss while it is infecting your computer.
MSNworm.EI is a worm whose main objective is to spread and affect as many computers as possible. The means it uses to spread is the instant messaging program MSN Messenger.
Additionally, it downloads the backdoor detected as IRCBot.BWB to the affected computer. The variants belonging to the IRCBot family are designed to connect to several IRC servers and receive remote control commands.
MSNworm.EI is easy to recognize, as it reaches the computer via the instant messaging program MSN Messenger, in an instant message which contains a file.
When the file is run, the following image is displayed:
source: www.pandasecurity.com | pandalabs.pandasecurity.com
You’ve taken this course in internet safety and learnt all that there is to learn about how to avoid viruses and worms. You have installed advanced virus scanners, so nothing can pass through your email program and infect your Operating System, nor be downloaded from the internet or from a removable medium. You have installed the latest and the greatest in firewalls, so no worm can take advantage of open ports on your system. You are careful not to download, execute or use programs from any source other than well known, trusted groups or companies, like the vendor of your Operating System, or maybe the Free Software Foundation. All in all, you have got your system locked down very tightly, and fully expect to remain free of malware for the rest of your days.
The scams rely on a technique known as social engineering to trick computer users into divulging personal information that the cybercriminals or their customers can use to bilk unwary taxpayers.
The new phishing scams use spam e-mails to gull prospective refund recipients into providing their bank account information and other personally identifiable data via a fraudulent form that is attached to the original message by a hyperlink.
“To convince consumers to reply, the e-mail warns that a failure to complete the form in a timely manner will delay the issuance of the rebate check,” the bureau said in a warning.
The bureau urged people to use caution when dealing with e-mail from unknown senders, repeating the frequently heard warning that such electronic messages often include malware. The FBI notice also included examples of the types of deceptive wording the phishing e-mails have used.
The latest FBI warning about the online flood of fraudulent tax refund e-mails comes on the heels of a rising tide of IRS-related online fraud, as reported by GCN. The recent notice follows earlier warnings on the same topic by MX Logic, which predicted the fraud tactic earlier this year.
The bureau’s fraud notice also echoes IRS’ own anti-phishing warnings and actions against IRS spoof sites. The IRS recently stated that the number of bogus IRS sites has increased twelvefold this year over last year.
source:
FBI Warns of Phishing Scam Related to Economic Stimulus Checks
IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting
Panda Labs posted a report about a string of Phishing kits discovered recently, which unlike some of their better known counterparts are free to use. The news is not groundbreaking, but it does serve as a reminder that nowadays anyone can get in to the act of performing criminal activities online.
Panda Labs is reporting on the discovery of free Phishing kits that allow criminals, both professional and script kid in nature, to spoof bank pages and emails, online pay platforms, GMail and Yahoo accounts, online games (Xbox password theft) and blogs (Fotolog access credentials).
Upon accessing a URL that contains the kits, users obtain the files to create a fraudulent mail; one file allows them to spoof mails of banks, pay platforms etc., and the other allows them to create a fraudulent page that resembles the original. Additionally, the kit includes a PHP program, which is also free, to send emails from the spoofed page.
“The really amazing thing is, these kits are free,” explains Luis Corrons, Technical Director of PandaLabs. “Due to the simplicity of the tools, the number of Phishing attacks increases, causing companies and consumers large losses. According to a study conducted by Gartner, Phishing attacks caused U.S. consumers losses for US$3.2 billion in 2007.”
source:
http://pandalabs.pandasecurity.com/archive/Scampages.aspx
thetechherald.com/article.php/200820/948/Panda-Labs-locates-phree-Phishing-kits
Sometimes even the most protective phalanx of antivirus, antispyware and antiphishing programs is not enough to shield a computer from online dangers. Check Point Software’s ZoneAlarm ForceField provides an extra defensive layer by cloning your Web browser to catch dangerous software before any damage can be done.
Rather than providing a magic bullet to stop online attacks by itself, ForceField augments traditional security software. While using ForceField, your browser looks and feels normal, but the program creates an encrypted virtual browsing zone that blocks malicious software at the first hint of an online threat. ForceField looks for malware signatures and a range of suspicious activities; it also uses heuristics to identify and block phishing. The software also can block dangerous downloads and spyware while keeping Web sites from recording your computer’s keystrokes or screen images.
ZoneAlarm ForceField Features:
While traditional security, such as firewalls, antivirus, and security suites, protects your PC, ZoneAlarm ForceField protects your browser and everything you do on the web. Anytime you open your browser, ZoneAlarm ForceField goes to work, shielding you from browser exploits, blocking phishing and spyware sites, jamming keyloggers and screen grabbers, and preventing malicious downloads.
Virtual Browsing – Builds a protective shield around your web browser. It creates a temporary clone of your browser so that anything you do on the web runs in a protected shell, sealed off from your PC.
Browser Threat Immunity – Immunizes your browser against security holes in Internet Explorer and Firefox. Prevents web sites from installing spyware and other malicious software onto your computer without your knowledge.
Private Browser – Erases all cache, cookies, history and passwords from the current session when you close the browser. This prevents the next person who uses the computer from seeing where you’ve been.
Keylogger & Screengrabber Jamming – Keeps your keystrokes and click trails private. Discovers and blocks silent spyware from stealing your identity.
Dangerous Download Detection – Detects dangerous downloads and alerts you to problems before they begin. You can download files safely, and free from worry that they might harm your computer.
Anti-Phishing – Click where you want, your personal information remains secure. Dual-engine anti-phishing identifies and stops fraudulent websites that trick you into revealing personal data.
Spy Site Blocking – Prevents spyware from infiltrating your PC by detecting and blocking websites known to distribute spyware.
Website Safety Check – Checks the credentials on every website you visit, so you know if the website is a safe place to enter data and download files.
Spyware Flushing – Auto-cleans your Web browser memory each time you close it, wiping away spyware and other dangers.
On-The-Fly Encryption – Temporary file encryption protects the data you enter online from spyware for an additional measure of security.
Seamless Integration – Compatible with all popular web browsers, including Internet Explorer and Firefox on XP and Vista.
Security Software Compatibility – Run ZoneAlarm ForceField with your current antivirus or security suite, for an essential level of critical web protection you would not have otherwise. It is compatible with all security software currently on the market.
Fast and Easy to Use – Installs in seconds and runs fast so it won’t slow you down. You can surf the web like always, knowing your PC is protected. ZoneAlarm ForceField runs automatically, without any setup or training.
source:www.zonealarm.com
A new type of spam focuses on consumers’ frustrations with high gas prices, according to McAfee Avert Labs.
The emails begin by complaining about the rising cost of gas and then direct the reader to a website, with the promise the “product” will save the user 70 cents per gallon. The spam also mentions this gas saver was highlighted on news channels and online videos.
Gasoline-related spam is still relatively new, however. McAfee stated that so far it makes up only 0.2 percent of all spam being circulated.
Zango is an adware which monitors the web sites and URLs that you visit, and generates popup adverstiments every few minutes.
Instruction to remove Zango from your pc
1. Go to Start > Settings > Control Panel > Add or Remove Programs
2. Find Zango on the list
4. Click the Change/Remove button
5. Check the component(s) you wish to remove, click Next and follow on-screen instructions
6. Restart your computer
or download uninstaller from Zango
http://corporate.zango.com/support/faqs.aspx#a2
Since Vista’s release last year, Microsoft has hailed the operating system’s security features. Some have even claimed the operating systems would make anti-virus software obsolete.
PC Tools took that opportunity to examine Microsoft’s claims, and conducted research over six months with 1.5 million of its customers using its ThreatFire Anti-Virus Software.
If a threat occurred on the machines, it was sent to a back-end service of PC Tools, which was then ran through a third party anti-virus company to check the validity of the threat.
The research found that while Vista had improved upon XP’s ratio of 1,021 per 1,000 machines, there were still 639 threats per 1,000 machines running Vista.
Strangely enough, some of Vista’s biggest security problems may actually stem from features that were supposed to increase security.
“Macs and Vista have similar security prompts that pop up when you install software,” said PC Tools CEO Simon Clausen.
“On Macs, those prompts come up a lot less often, usually for really big procedures, but on Vista, they come up a lot more frequently.”
“I think after a while, Vista users just get tired and become blasé about their security, and either ignore the prompts or turn them off- people don’t want to have to be a security guard for their PC.”
Clausen stressed that although Vista boasted somewhat of a security improvement over XP, there were less threats to Vista as it has a smaller distribution base.
source:http://www.itnews.com.au/News/75846,research-suggests-microsoft-overestimated-vista-security.aspx
A new contest running at the DefCon hacker conference this year (held in Las Vegas in August) is already stirring up controversy. It will challenge hackers to design malware that can’t be detected by anti-virus programs such as ones offered by Symantec and McAfee.
The contest is dubbed Race to Zero, which refers to zero-day exploits — malware that is so new that protection against it doesn’t exist yet.
Contestants aren’t being asked to create new viruses but to modify existing ones to see if the anti-virus programs can catch them.
The contest has been criticized by anti-virus vendors for encouraging hackers to thwart their products and teach virus writers new tricks. But the contest organizers say it’s actually a test to show how poorly anti-virus products work and to demonstrate that not all anti-virus shields are equal.
“Poorly performing antivirus vendors should be called out,” say the contest organizers on their web site.
“The majority of the signature-based antivirus products can be easily circumvented with a minimal amount of effort,” they write.
source:blog.wired.com/27bstroke6/2008/04/hacker-challeng.html
Web surfing offers many different kinds of experience – the useful and the redundant, the profitable and the idle, the regular and the bizarre. And certainly one of the strangest experiences is when you try to visit a familiar page and suddenly find yourself on a completely different one, related or unrelated to the page you were trying to reach. What happened? Has the website changed its business?
Actually, the page got jacked. Perhaps you were searching for the page in a search engine, and got a link which you thought should be what you were looking for. But when you clicked on the link, you found that you were in the wrong place. Even wrong enough to get you embarrassed when there are other people nearby. Search engines do not make that kind of mistake, so what happened was the page go jacked, which fooled the search engine into thinking that it was relevant for your search.
You know how the internet works. There are banner ads and other kinds of ads which earn revenue for that site, and that is how they make a profit. Websites and businesses for alliances among themselves, and carry each other’s ads on their sites. When you got to a particular site and click on an ad that you find interesting, the original website gains some amount of money from the site to which your click takes you. So it’s possible for websites to make a profit from your visit. Naturally, they want you to visit their page.
That all fine and acceptable, as long as they use legitimate means of bringing you to their site. Like optimize their site for search engines, or promote their site in some other way. But when they become too eager, they sometimes cross the line between what’s acceptable what what isn’t. And sometimes they use pagejacking.
Sometimes in order to increase the rating of some visitor-starved website, the whole content of a popular site is copied by an unscrupulous webmaster and duplicated on his own site. This is done merely in order to fool the search engines into thinking that it was the original item. And when this ploy works, the duplicate site appears among the top results returned by a search engine on a search made using the relevant key words or phrases.
This increases the chance that users will click on that link on the results page, without looking to carefully at the address to which it leads. And when they do, they will be taken to the duplicate site briefly, before being automatically redirected to another site – the one that could use some visitors to generate revenue. This is known as pagejacking.
As a user, there is little you can do in order to prevent this kind of nuisance, except be more careful about the actual URL of the link you’re clicking on the search engine results page. If you are opening asite from your bookmarks, or typing in the URL directly, there’s no chance of your being duped by a pagejacker.
If you’re the owner or the maintainer of the website that got jacked, however, it’s a different story. The main way you can hit back against the offenders is by suing them or threatening to sue under the copyright law. The content and design of your website is copyright material, and they’re violating you copyright by reproducing it without your permission. So send them a formal letter asking them to cease and desist, and follow it up with a letter from your lawyer. Pagejackers are normally sniveling cowards, and this should suffice to solve the problem. If it doesn’t, however, do not hesitate to go to court – you’re sure to win this one, and also get compensation for the business you lost because of this obstruction.
