Forums

Storm is evolving into a very complex beast.

From rbnexploit.blogspot

Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff.

There are some interesting elements concerning which make this attack innovative:

# Although much of that detected is conventional spam, however there is also a large amount of spam which is getting through many anti-spam defenses due to the use of “fake” BlogSpot (Blogger) links

# Although most have identified as the Zhelatin Storm email worm or variant, it is also as the more recent fake codec downloads, dependent upon where the unfortunate user has come from. This now shows a “polymorphic” format, i.e. the virus or exploit has the ability to alter its signature in an attempt to combat anti-virus tools.

RBN – New and Improved Storm Botnet for 2008

Source: Harry Waldron

Intertwined. Malware on Google Blogspot

Users are getting infected every day with no interaction required.
Unlike some of these Zlob\Codec sites where users are duped into
downloading something. Or the current run of Storm variants being
pushed via Blogspot for that matter.

If you have the misfortune to be infected, I suggest you seek help at one of the sites listed in the right side column under “Security Forums”.

{ 0 comments }

Microsoft’s WGA server went down August 24th 2007, and installations were being flagged as counterfeit because they could not be validated.

Please see this topic:
ATTENTION - Vista Validation 0xC004C4A5 Errors - PLEASE READ (Or read the latest post for resolution steps) in the forums.

Until the situation is definitely resolved, I would advise against shutting down or rebooting your Vista machines.

{ 0 comments }

After months of silence from Creative Labs and stonewalling by their forum moderators.

“Based on the feedback received from Audigy users, this is the latest update from our developers:

ALchemy for Audigy Development Started

When we released the first beta of ALchemy for X-Fi, we hoped customers would appreciate our efforts. Within only a few months, the response from users and the press has been overwhelmingly positive. Many of our customers have asked if we could adapt ALchemy to Audigy series sound cards. The X-Fi and Audigy series sound cards are built on different hardware architectures, and therefore require separate development efforts. However, based on the requests to date, we are pleased to announce that we have begun development of an implementation of ALchemy for Audigy series sound cards, and hope to offer this product as a low-cost upgrade to interested Audigy owners later this year.”

Still no word on Drivers, and thanks, but by that time I will have built my new pc.

ALchemy for Audigy

“Low-cost Upgrade” - WTF - Alchemy for Audigy

This silence is answer enough…

Difficulties were obviously experienced by Creative Labs in trying to provide updated drivers that work in Vista. I expected that. However a little communication with your customers would have gone a long way.

{ 0 comments }

There are many Rogue antispyware programs, some of which will actually infect your machine rather than clean it. Or at the least, prove useless.

Countless victims seen in the help forums are infected by the Zlob trojan, which poses as a codec (compressor/decompressor) needed to view a video, often downloaded from websites with adult content.

Zlob installs a variety of fake malware and alerts users to download a rogue anti-spyware program to remove it, or installs the program on your computer without permission.

Rogue programs include those which rip off legitimate antispyware programs by playing on names.

As Bill Pytlovany blogged at “Bits from Bill”:
AntiSpyware Advertising Gets Nasty

I’m pretty confident, both Spywarebot ads are from the same company who have a couple dozen AntiSpyware products available under different names and domains. Neither are related to the popular “Spybot, Search and Destroy” program.

Doing one’s homework before downloading, can save you a much bigger headache than the time it takes to read.

Rogue/Suspect Anti-Spyware Products & Web Sites

Bill Pytlovany (WinPatrol) writes,

The AntiMalware market has grown into a multi-Billion dollar industry yet a number of solutions remain free to the public. A large number of online forums offer free help, thanks to caring volunteers. I have noticed that many of the free solutions have recently been coming under attack.

More at Bits from Bill.

First take a deep breath, help is at hand.

There are security forums where you can request assistance in cleaning up an infection on your computer, a few are listed to your right. Please start a topic at one site only so as not to waste precious volunteer resources.

You usually need to register in order to post, which doesn’t take much time. Choose a nickname to identify yourself in the forums, but do not use your email address as such.

Each site varies in it’s procedure so do be sure to look at the pinned ’stickies’ before you post.

Stickies are Topics/Faqs that your forum host ‘pins’ to the top of the forum so that it will not fall down the list.

Most malware removal forums will have a topic listing the titles of people who are authorised to offer assistance to users.

There is good reason for that rule, do not take advice from just anyone who may post in your topic, no matter how well meaning they are.

You can check who is helping you by looking at the title next to their avatar or name. Often it will say Helper, Expert, HJT Team etc.

Forums can be overwhelmed with people requesting help and it is possible you will have to wait awhile. Again, see if there is a ’stickie’ where you can post if you have waited a few days with no response.

Work with your helper and make sure s/he knows any moves you have taken, and always follow up with the final log requested to make sure the computer is really clean and you are good to go. Even if it appears to you that your computer is back to normal operation.

Besides it is a good time to thank your volunteer helper for guiding you through a clean up and giving you tips to avoid future infection.

Updated 12-31-07

{ 0 comments }

Perhaps you bought a new PC complete with anti virus and anti spyware software programs pre-installed, believing that would be all that was necessary to protect your investment.
But why has that computer slowed down to a crawl resembling a traffic jam in New York City and what are all those popups about anyway?

Too many people discover the meaning (or lack of) PC security once they have a system crippled by viruses, trojans, adware, and spyware generally termed under the heading Malware.

A little background about me:
I was one of those caught in the above scenerio some years ago.
One computer kept me happily surfing until it became clear something was awfully remiss and my local ISP’s techie had no clue what was wrong.

We were unaware of the malware explosion quickly taking hold of the World Wide Web.

Eventually I bought another PC with a software firewall and became curious about one particular nasty scanning the ports.

Looking for information led me to Spyware Info a help site for victims of malware infections.

I attended Classroom at Tom Coyote (now What The Tech) and Bootcamp at Spyware Info. both of which were established in order to train people to help others whose computers are infected with malware.

Four years later I enjoy being involved in the security field as an Administrator and researcher as well as actively assisting members in the forums.

There are terrific Blogs out there raising peoples awareness about Internet security.

It encouraged me to endeavour to do the same.

Note: You use any information found here at your own risk. Copyright © is the original authors.

{ 0 comments }