Donna's SecurityFlash - All Comments

re: Malware SPAM: We have hijacked your baby

Alan Y. — Fri, 29 Aug 2008 01:34:28 GMT

Well, as far as the success rate, I can't tell. But it's definitely a broad email, sent out by the Rustock botnet (1 of 2 of the worlds top spam disros sent 60% of all spam in the world this last week)

I've been getting notifications from gmail telling me that they've been receiving such emails, and that they won't forward them to me, because the scanners found the malware.

Normally the botnet is just a spam producer, but recently they've resorted to malware, that turns your computer into a zombie, and basically makes it act as a spam server, which sends out more spam without you knowing.

Somehow though, someone on our network last night opened it, and it installed the rustock.c rootkit which just in a matter of minutes, spread through our entire network... so I come in to work this morning and see 125 bluescreens... what a sight... I have not yet been able to remove the rootkit at all... everything i've read and tried, has been blocked by the rootkit. such as running tools or executable's or apps that are supposed to remove it... i get different violations..

O_o one of them i ran, came up with a cmd error that said some kind of error, then said "Good Luck! press any key to continue" ?!?! o_O

Anyways, I'd recommend gmail, as they will block anythign malicious they find in emails, and they won't send the emails to you. however they do send you a notification regarding the email and who it's from, letting you know there was malware attached.

I also would recommend barracuda firewalls, as other networks i happen to administrate, use them, and have never had any spam emails at all, or any regarding issue's.

Good Luck!

Press any key to continue...

re: Rogue Software using ImageShack to spread itself

Randy Knobloch — Thu, 28 Aug 2008 13:08:24 GMT

I use photobucket, Donna - but lately, it's gotten /much/ worse.

re: New Rogue Program: AndromedaAV

TeMerc — Wed, 27 Aug 2008 15:03:36 GMT

Not sure who found it first, but Meikienoes wrote about it on Aug 25:

miekiemoes.blogspot.com/.../andromeda-av-and-antivirus-pro-2008-new.html

re: Malware SPAM: XP Official Update 2008

donna — Tue, 26 Aug 2008 22:21:33 GMT

Hi Brenn,

Please use any removal tools below:

Malwarebytes Antimalware - www.malwarebytes.org/mbam.php

A-squared Free - http://www.emsisoft.com

SUPERAntispyware - www.superantispyware.com

re: Malware SPAM: We have hijacked your baby

J.Janson — Tue, 26 Aug 2008 16:09:00 GMT

yes, i have received this email at least once a day over the past 2 days. Thankfully my Avast scanner is able to detect and delete it before downloading the email. I just wonder what is the rate of success for such spam malware emails.

re: Malware SPAM: XP Official Update 2008

brenn — Tue, 26 Aug 2008 14:59:59 GMT

how to remove this

re: A news and a malware: Journalists shot in Georgia - Georgia.zip (joined.exe)

robert — Wed, 20 Aug 2008 21:07:07 GMT

I have received this also. One with the news story about journalist. And about 10 samples with a story about Britney Spears and Anna Smith. All contain Georgia.zip with password 123

re: Another Rogue domain of Antivirus XP 2008

donna — Wed, 20 Aug 2008 04:34:44 GMT

Hi Shea and Jonathan,

Please use the following free scanner and removal:

Malwarebytes Antimalware - www.malwarebytes.org/mbam.php

a-squared Free - www.emsisoft.com/.../free

SUPERAntispyware Free - www.superantispyware.com

re: Another Rogue domain of Antivirus XP 2008

Jonathan Fenn — Tue, 19 Aug 2008 08:59:54 GMT

Any idea how to get it off my computer?

re: Another Rogue domain of Antivirus XP 2008

Shea — Mon, 18 Aug 2008 20:59:46 GMT

How do I delete this off of my pc it always popu up

re: Malware SPAM: CNN Alerts: My Custom Alert is link to adobe_flash.exe

Dagda — Thu, 14 Aug 2008 05:25:44 GMT

BTW: they are now coming from MSNBC alerts.

re: Malware SPAM: CNN Alerts: My Custom Alert is link to adobe_flash.exe

Tony ng — Wed, 13 Aug 2008 08:21:12 GMT

I want to the CNN Alerts sender IP address

re: Malware SPAM: CNN Alerts: My Custom Alert is link to adobe_flash.exe

donna — Tue, 12 Aug 2008 20:15:46 GMT

Guys,

Run a scan using any of the following:

SUPERAntispyware: www.superantispyware.com

Malwarebytes Antimalware: www.malwarebytes.org/mbam.php

A-squared Free: http://emsisoft.com

You can also use online scanners. Most antivirus should detect this malware already so please update your antivirus then run a full system scan.

re: Malware SPAM: CNN Alerts: My Custom Alert is link to adobe_flash.exe

Ale — Mon, 11 Aug 2008 18:00:04 GMT

hi! but how can i remove it? it's so annoying :S

re: Malware SPAM: CNN Alerts: My Custom Alert is link to adobe_flash.exe

emerson gareca — Mon, 11 Aug 2008 13:50:10 GMT

Peter, that email address means nothing. You can set that data when you send an e-mail, even if it's not real.

The true identifier is the sender ip address.

re: Malware SPAM: CNN Alerts: My Custom Alert is link to adobe_flash.exe

Peter — Fri, 08 Aug 2008 18:59:02 GMT

for some stupid reason, when I look at the email address, it comes from fedex.com. gee, I didn't know they teamed up, how nice of them to do this!

re: NextAdvisor.com Launches Guide to Internet Security Software Providers

Ric:^D. — Fri, 08 Aug 2008 06:35:17 GMT

Donna. Although it is nice to see another comparison of security services, I feel there is not enough info. Looking at their chart it looks like all I need is one of the top ones and all wiil be wonderful!! Oh boy, hope no newbif goes here and thinks like I do. WHEW!

re: Malware SPAMs: CNN.com Daily Top 10, Your order and Yourlettercard

Roger Chiu — Fri, 08 Aug 2008 03:57:20 GMT

So far no removal tool available, but you can refer to malware-test-lab.blogspot.com/.../fake-cnncom-daily-top-10-malware.html.

re: Microsoft released Virtual PC 2007 Service Pack 1

AW — Thu, 07 Aug 2008 13:00:30 GMT

Windows Updates install keep failing in Virtual PC 2007 service pack 1 with the host windows xp sp3. Does anyone out there know how to fix it please?

Rogue Antispyware Adware-Download

Hosts News — Thu, 07 Aug 2008 10:51:55 GMT

Following up on a post at Donna's SecurityFlash regarding several new Rogue Antispyware programs