Search results for 'app:weblogs' matching tags 'News' and 'virus'

“Here You Have” Virus Email

Anonymous — Fri, 10 Sep 2010 05:00:00 GMT

If you receive an email with the subject “Here you have” or “Just for you” don’t open it because it can contains links to a virus. The email looks like this: Subject: Here you have or Just for you Body: Hello: This is the document I told you about, you can find it here. [ [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2010. Rich Robinson | “Here You Have” Virus Email

Conficker worm sends new instructions: grow botnet, then die

siljaline — Thu, 09 Apr 2009 05:00:00 GMT

The Conficker worm has begun to update the machines it has infected with a new set of instructions to spread to other machines and then self-destruct, security experts say.

Security researchers tracking the worm said some of the infected computers began receiving instructions on April 7 from other infected machines. Conficker is able to send updates to computers it has infected either by directing the computers to visit websites or through a peer-to-peer network of infected machines.

Last week Conficker had computer and internet organizations worldwide up in arms against it because it was known that a variant of the worm would begin accelerating the speed with which it reached out to websites on April 1.

It was thought the worm might send out instructions that day, but instead it appears to have waited a week before doing so, and rather than sending the instructions through a website, it sent them over the peer-to-peer network.

The instructions tell the computers to attempt to contact other computers and exploit a vulnerability in older Microsoft Windows products — Windows 2000, Windows XP and Windows Server 2003 — that would allow the worm to take over the computer and expand its network of infected machines.

The instructions had appeared on previous versions of the worm but were removed in the Conficker C variant, leading security experts to believe the people behind the virus were trying to temporarily slow its growth to make it harder to track.

The new instructions also direct computers to visit established websites such as myspace.com, msn.com, ebay.com, cnn.com, and aol.com, but once there no code is downloaded or weaknesses are exploited, leading some firms to suggest the worm is simply checking to confirm the computer is connected with the internet.

The instructions also appear to have a time limit, Symantec reports. On May 3, 2009, the new instructions will not only stop running, but the worm will activate a self-removal program, although it's not known when it does this whether it will leave behind some legacy of the worm or perhaps another, different worm.

Kevin Haley, director of Symantec Security Response, said the self-destruction instruction is unique, and may be the virus writer's way of making it harder for users to track its progress.

"Conficker is the name on everybody's lips right now, so if you remove the traces of Conficker but leave something else behind, users won't know what to look for," he said.

Symantec has speculated Conficker might be connected to another spam bot, called Waledac.

http://www.cbc.ca/technology/story/2009/04/09/conficker-active.html

Conficker botnet remains dormant - for now

siljaline — Wed, 01 Apr 2009 05:00:00 GMT

Conficker changed the way parts of the botnet communicated overnight, but little else of note has happened so far.

The malware is far from an April Fool's joke, but it's obviously a long way from the Skynet botnet, as depicted in Terminator 3, that some of the more fevered imaginings of the media hinted at. The main activity that accompanied the run-up to the activation date was the registration of dozens of new domain names designed to advertise rogue security packages in the guise of Conficker clean-up tools.

As widely predicted by security vendors beforehand, Conficker and its 1 April activation was more about hype rather than havoc. As F-Secure notes, worms with triggers have consistently failed to do anything on that date. Previous damp squibs include the Michelangelo virus (1992), CIH (1999), SoBig (2003), and MyDoom (2004).

Nonetheless, Conficker remains implanted on many computers, anywhere between 1-4 million, according to the latest estimates.

Conficker first began spreading in November, using a variety of techniques including the exploitation of a well-known Windows vulnerability. Once it secured a foothold on infected networks the worm is capable of spreading across network shares by exploiting weak password security. The malware is also capable of spreading using infected USB drives.

Early versions of Conficker called home to 250 different domain names every day to see if updates were available. From Wednesday, machines infected by the latest version of Conficker began to poll a sample of 500 out of 50,000 domains a day, making attempts to interfere with the update process more difficult. Most compromised machines are thought to be infected by the earlier B variant, whose behaviour has not changed.

Still earlier versions of the worm include peer-to-peer functionality, so that infected computers can communicate between themselves without the need for a server. This functionality might be used to pass around software updates or initiates malicious activity without the need for update servers. And the new call home routine of the latest variant of the worm is due to take place from now on, so that "sleeper" botnet could be unleashed at any future date.

http://www.theregister.co.uk/2009/04/01/conficker_activation/

As Conficker activation looms, scammers seek to profit off fear

siljaline — Tue, 31 Mar 2009 05:00:00 GMT

Online scammers are trying to profit from fear of the latest big name in internet viruses by creating and promoting links to fake security software, according to security firms.

The scams are hoping to capitalize on consumer fear over the Conficker worm, a version of which is set to activate on April 1, 2009, according to internet security firms Trend Micro and F-Secure, among others.

Search requests on websites such as Google that include terms like "Conficker" and "Nmap" — an open-source scanning tool capable of detecting the worm — are coming up with links to ineffective security programs, according to the security firms.

F-Secure said one domain, registered on Monday, advertises a tool called MalwareRemovalBot that costs $39.95 but did not remove the worm in tests.

"If you need malware removal tools, type the URL of your vendor of choice directly into the browser bar and use links on their website," wrote Trend Micro's Rik Ferguson on Monday. "Do not rely on Google search results at this time."

The Conficker worm, also known as the Downandup worm, has been spreading through the internet since the fall, and a group of internet groups and businesses led by Microsoft has offered a $250,000 US reward for information leading to the arrest of those responsible.

The latest variant of the worm, Conficker C, which was noticed in early March, is expected to on April 1 direct machines it has already infected to connect to 500 web URLs a day from a group of 50,000 in an effort to run an update program and possibly receive instructions.

Security experts have advised PC users to make sure their computers are not infected with the worm, but said they do not know what, if anything, will happen on April 1 beyond the C variant's increased effort to connect for an upgrade.

http://www.cbc.ca/technology/story/2009/03/31/conficker-scams.html

Conficker Domain Information

siljaline — Fri, 13 Feb 2009 06:00:00 GMT

http://blogs.technet.com/msrc/archive/2009/02/12/conficker-domain-information.aspx

Microsoft offers $250,000 to nab author of Conficker worm

siljaline — Fri, 13 Feb 2009 06:00:00 GMT

Microsoft has announced a $250,000 reward for information leading to the arrest of those responsible for an internet worm that has been infecting more than two million computers a day for the past five days.

http://www.cbc.ca/technology/story/2009/02/12/tech-conficker.html

Windows virus spreading quickly, but may be a dud

siljaline — Mon, 19 Jan 2009 06:00:00 GMT

A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the U.S., Europe and Asia, already infecting close to nine million machines, according to a private online security firm.

http://www.cbc.ca/technology/story/2009/01/19/windows-virus.html

Ad-aware "SE" SE1R285

siljaline — Thu, 04 Sep 2008 05:00:00 GMT

http://www.lavasoft.com/support/securitycenter/blog/
http://www.lavasoft.com/single/mirror_download.php?f=948DEWk12
http://download.lavasoft.com/public/defs.zip

0118.0000 is now available, new definition file for Ad-Aware 2008.

siljaline — Thu, 04 Sep 2008 05:00:00 GMT

New definitions:
====================
XLGPrivacyControlCenter
Win32.Backdoor.Dreamy
Win32.Trojan.Emo
Win32.Trojan.Feutel
Win32.Trojan.Jakuz
Win32.Trojan.Renpwl
Win32.Trojan.Virtl
Win32.Trojan.Worldonline
Win32.TrojanDownloader.JKFQ
Win32.TrojanDownloader.JKNX
Win32.TrojanProxy.Osewlone
Win32.Trojan-PWS.IMMultiPass
Win32.TrojanSpy.Ayolog
Win32.Worm.Dropper
Win32.Worm.Gael

Updated definitions:
====================
Adware.Baidu
Adware.BHO(generic)
Adware.EShoper
Adware.IEHlpr
Adware.Kitsune
Adware.Sahat
Adware.SuperJuan
Adware.VB
Antivirus XP 2008
AntivirusDoc
Ardamax Keylogger
Dialer
FakeAlert
MSAntivirus
PC Protection Center 2008
Perflogger
PurityScan
SCKeyLog Trojan
SecureExpertCleaner
SpyLocked
Toolbar.Softo
Trojan.BAT.KillFiles
Win32.Adware.OneStep
Win32.Backdoor.Agent
Win32.Backdoor.AimBot
Win32.Backdoor.Bifrose
Win32.Backdoor.Bot
Win32.Backdoor.Cakl
Win32.Backdoor.Delf
Win32.Backdoor.DsBot
Win32.Backdoor.DSNX
Win32.Backdoor.Frauder
Win32.Backdoor.GGDoor
Win32.Backdoor.HacDef
Win32.Backdoor.Hupigon
Win32.Backdoor.Inject
Win32.Backdoor.IRCBot
Win32.Backdoor.IRCZapchast
Win32.Backdoor.Joleee
Win32.Backdoor.Lanfiltrator
Win32.Backdoor.Litmus
Win32.Backdoor.MiniKeyLog
Win32.Backdoor.Nepoe
Win32.Backdoor.Netbus
Win32.Backdoor.Nuclear
Win32.Backdoor.PcClient
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.RBot
Win32.Backdoor.Rizo
Win32.Backdoor.Robobot
Win32.Backdoor.Rukap
Win32.Backdoor.Rustock
Win32.Backdoor.SDBot
Win32.Backdoor.Shark
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.SubSeven
Win32.Backdoor.Turkojan
Win32.Backdoor.VanBot
Win32.Backdoor.VB
Win32.Backdoor.VBbot
Win32.Backdoor.Webdor
Win32.Backdoor.Wollf
Win32.Backdoor.WootBot
Win32.Dialer.Trojan
Win32.DoS.VB
Win32.FakeAlert.PCHealthCenter
Win32.Flooder.Agent
Win32.Generic.PWS
Win32.Generic.Worm
Win32.Hacktool.Brontok
Win32.Hoax.Bravia
Win32.Hoax.Fera
Win32.P2PWorm.Agent
Win32.P2PWorm.Kapucen
Win32.P2PWorm.SpyBot
Win32.Rootkit.Agent
Win32.Trojan.Agent
Win32.Trojan.AntiAVG
Win32.Trojan.Atraps
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Crypt
Win32.Trojan.Delf
Win32.Trojan.Disabler
win32.Trojan.Dnschanger
Win32.Trojan.Downloader
Win32.Trojan.ExplorerHijack
Win32.Trojan.Gendal
Win32.Trojan.Genlot
Win32.Trojan.Hijacker
Win32.Trojan.Inject
Win32.Trojan.Keylogger
Win32.Trojan.KillAV
Win32.Trojan.KillFiles
Win32.Trojan.LowZones
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Obfuscated
Win32.Trojan.Pakes
Win32.Trojan.Peed
Win32.Trojan.PWS.PassViewer
Win32.Trojan.Qhost
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Spy
Win32.Trojan.StartPage
Win32.Trojan.Tibs
Win32.Trojan.Trash
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.VB
Win32.Trojan.WGAPatch
Win32.TrojanClicker
Win32.TrojanClicker.Delf
Win32.TrojanClicker.Small
Win32.TrojanClicker.VB
Win32.TrojanClicker.XMedia
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.CWS
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Exchanger
Win32.TrojanDownloader.Firu
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Gaso
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.NSIS.Agent
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Pendix
Win32.TrojanDownloader.Peregar
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Tibs
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Winlagons
Win32.Trojandownloader.Zlob
Win32.TrojanDownloaderSwf.Agent
Win32.TrojanDropper
Win32.Trojan-Dropper.Delf
Win32.Trojan-Dropper.Dorn
Win32.TrojanDropper.EESbinder
Win32.Trojan-Dropper.KillAV
Win32.Trojan-Dropper.MuDrop
Win32.TrojanDropper.Parsi
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Small
Win32.Trojan-Dropper.Tiny
Win32.TrojanDropper.VB
Win32.Trojan-Dropper.Xbinder
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Daemonize
Win32.TrojanProxy.Delf
Win32.TrojanProxy.Horst
Win32.TrojanProxy.Ranky
Win32.TrojanProxy.Redbind
Win32.TrojanProxy.Slaper
Win32.TrojanProxy.Small
Win32.Trojan-PSW.Delf
Win32.Trojan-PSW.Hangame
Win32.Trojan-PSW.Nilage
Win32.TrojanPWS.Delf
Win32.Trojan-PWS.Firefox
Win32.Trojan-PWS.Horse
Win32.Trojan-PWS.IcqSmiley
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Magania
Win32.Trojan-PWS.Mapler
Win32.TrojanPWS.Maran
Win32.Trojan-PWS.MMmtask
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.Trojan-PWS.PdPinch
Win32.TrojanPWS.QQPass
Win32.Trojan-PWS.Stealer
Win32.TrojanPWS.Steam
Win32.Trojan-PWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.WebMoner
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Fearless
Win32.TrojanSpy.Flux
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.Small
Win32.TrojanSpy.Sters
Win32.TrojanSpy.VB
Win32.TrojanSpy.Zbot
Win32.Worm.Agent
Win32.Worm.Alcaul
Win32.Worm.Allaple
Win32.Worm.Anilogo
Win32.Worm.Anker
Win32.Worm.Antinny
Win32.Worm.AutoIt
Win32.Worm.Autorun
Win32.Worm.Bagle
Win32.Worm.Brontok
Win32.Worm.Cult
Win32.Worm.Dedler
Win32.Worm.Downloader
Win32.Worm.Fujack
Win32.Worm.Gaobot
Win32.Worm.IRCBot
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Lentin
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Otwycal
Win32.Worm.Polip
Win32.Worm.Rbot
Win32.Worm.Rokut
Win32.Worm.Runouce
Win32.Worm.SDBot
Win32.Worm.Sobig
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.Warezov
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Zhelatin
Virtumonde
WistaAntivirus
XPAntivirus
XPSecurityCenter

Ad-aware "SE" SE1R284

siljaline — Tue, 02 Sep 2008 05:00:00 GMT

http://www.lavasoft.com/support/securitycenter/blog/
http://www.lavasoft.com/single/mirror_download.php?f=948DEWk12
http://download.lavasoft.com/public/defs.zip