Be careful when you click on a re-tweeted tweet on twitter because it can be a twitter worm. The new threat is spreading in the form of tweets. You will not be able to recognize it by the URL as it short linked using the Google’s (goo.gl) URL shortening service. So, on the first glance it will look genuine.

But once you have clicked on the link it will redirect you to a Fake Antivirus called “Security Shield” after couple of domain re direction you will reach in a Ukrainian top level domain but that’s not the end ! Again you are re directed to an IP address and that will take you to the rogue anti-virus’s website.

After landing on the rogue AV website you are prompted with a warning saying that your machine is running malicious and you are exhilarated to run a free scan. If you say YES you are busted! The rouge antivirus named Security Shield will be loaded on your computer and start to scan. Finally it will show you a fake list of infected files, once you plan to go ahead with cleanup process it will prompt for a credit card purchase of the Fake Anti-virus.

The Fake Anti-virus uses RSA technology for code obfuscation. The RSA technology is widely used to deploy this type of threats.

How to secure your computer from these threats?

• Update your Anti-virus with latest patches available. (Use live-updates)
• Update windows with latest patches available.
• Try to use industry standard Anti-virus rather than going for free ones. (Because paid ones will have better support against new threats)

I could see people are in love with Mozilla Firefox than the Internet Explorer when I did a plain analysis on the web browser usage. Firefox was taking the first place while Internet Explorer moved to second place followed by Google Chrome on third and Safari on fourth. Faster response and useful Add-On features made the Firefox most favorite but still in many corporate companies are still forced to use the Internet Explorer because of some internal applications compatibility. It is a known problem that after using the internet explorer for a few months the browser will start slowing down and take longer time to load the applications. The reason behind this can be installing many internet explorer toolbar, installing unwanted application which adds BHO( Browser Helper Objects) to the internet explorer. In my previous post I have written about BHO’s.

I have seen this Google Toolbar in many computers and user does n’t has no idea about it. Once simple response from a user when I asked about Google Toolbar! “It came up when I open the Google”! Google toolbar is an example but there are thousands of toolbars available. Most of these will come up with certain application but you are provided option to uncheck if you do not want to install.

Deleting or disabling these BHO will give better performance improvement in Internet Explorer. When you install many toolbars it is also adding corresponding BHO entries to the Internet Explorer, so when ever you try to load the Internet Explorer it will become unresponsive and unusable. Certain BHO’s will get removed when you uninstall the application or toolbar. But in some cases we will require the applications (ITunes, Google, Adobe etc) but does not require the BHO.

In that situations we can make use of third party applications such as Spy BHO Remover to delete BHO entries in internet explorer. Spy BHO Remover is capable of detecting good and bad entries. It gives option to either Delete the BHO or Disable the BHO if you find the BHOs in red go ahead and delete it.

]]> http://www.hackstacks.com/a-simple-tweak-to-speed-up-the-internet-explorer-response-time/1179/feed 0 http://www.hackstacks.com/apple-quicktime-triggers-malware/868 http://www.hackstacks.com/apple-quicktime-triggers-malware/868#comments Sun, 01 Aug 2010 17:19:54 +0000 Sudeep http://www.hackstacks.com/?p=868 more »]]>

Trend Micro lab reports that Apple Quicktime’s  specifically crafted .mov files trigger the download of malware masquerading as a codec update and an installation file for another player when run in the latest (7.6.6) version of QuickTime Player.

Researcher Marco Dela Vega says that both files pretend containing Salt, the latest Angelina Jolie movie, but that his suspicion was aroused by the unusually small size of the files – small when compared to regular movie files, that is.Upon running the movie files in QuickTime, the “movie” does not start and the download windows for the malware pop up, asking you to save/run the codec update or the installation file.

Trend Micro is still investigating the matter and it’s not yet known if this attack is possible due to a vulnerability or feature of QuickTime. Apple has, of course, been notified of the occurrence.

Barracuda security labs have conducted study across Bing,Google,Twitter and yahoo and yet another reveals shocking news. They conducted a 2 month study over these search engines; the analysis reviews more than 25,000 trending topics and nearly 5.5 million search results. The purpose of the study was to analyze trending topics on popular search engines to understand the scope of the problem and to identify the types of topics used by malware distributors.

Results included:

• Google tops when when it comes to Malware distribution with its share of shocking 69%  as much as twice as Bing ,Yahoo,Twitter combined don’t match with Google.Yahoo has 18% ,Bing has 12.5 % and twitter 1 %.
• A vulnerable topic appearing in Google takes nearly 1.2 days,Bing 4.3 days and Yahoo 4.8 days.
• Timespan found with maximum exposure is 4.00 am and 10.00 am GMT (Means main business hours in different geo locations).

• The top 10 terms used by malware distributors include the name of a NFL player, three actresses, a Playboy Playmate and a college student who faked his way into Harvard.

Twitter threat!

Barracuda labs also analyzed more than 25 million Twitter accounts (Malicious and Legitimate)

Some not so good results:

• People gets more attracted to twitter accounts, activity increases, tweets increases thus malicious activity increases.
• Another revealing is only 29% of Twitter accounts are true Twitter users.(Barracuda stats)
• Exclusive crime rate of Twitter was for the first half of 2010 was 1.67 %

What is System Lookup?

Are you doubtful about a file or program which came in to your computer as uninvited? System lookup is a database provides information about legitimate files and programs which we call it as Malwares or Spywares! Currently System Lookup claims they have added over 85,000 items in their database. It is sustained by the great members of various forums.

It is maintained a data base of the below list.

CLSID – Browser Helper Objects (BHOs), Toolbars (TBs), SearchHooks (SHs), Explorer Bars (EBs).

Extra Internet Explorer Buttons – It can be extra buttons on the Internet explorer toolbar, or extra items in the ‘Tools’ menu.

Layered Service Providers – It is a DLL that use Winsock APIs to insert itself into the TCP/IP stack. It can capture and alter the Internet traffic.

ActiveX installers

Extra protocols and protocol hijackers – For hijacking various protocols.

AppInit_DLLs and Winlogon Notify – These are used by Trojans and Hijackers.

ShellServiceObjectDelayLoad – Unnecessary programs to start with Windows.

SharedTaskScheduler – This is only applied in NT/2000/XP.

Windows NT Services

So what happens when you find such bad files in your computer?

You can very much follow the manual deletion steps which are provided in various Antivirus provider websites. Symantec and McAfee like companies will provide you removal tools for such infections.

Search Info for Iehelper.dll file

System Lookup is providing you an option to contribute, if you find a file which is good or bad and not listed in their data base.

Official Website : http://www.systemlookup.com

]]> http://www.hackstacks.com/system-lookup-to-find-legitimate-programs-or-files/209/feed 0