21
Jun
by Jeber
Security sites are warning web users to beware fake Twitter invites in their email inboxes. The reports, based on an alert on Wednesday from Symantec, say the emailed invites come with a malicious attachment which, if downloaded, harvests email addresses from your computer and copies itself to removable drives and shared folders. 
The emails carry the subject line “Your friend invited you to twitter!”, while the sender’s address is spoofed as “invitations@twitter.com”. Unlike a typical Twitter invite, however, the email contains no invitation link: instead it carries the attached file Invitation Card.zip, tempting the receiver to download it. The attachment, of course, contains W32.Ackantta.B@mm – a nasty, email address-harvesting worm.
Read more on this at Mashable.
01
Apr
by Jeber
Surely by now you’ve heard of the potential threat by the Conficker.B worm. Here’s what Microsoft has to say and what they suggest to avoid infection and what to do if you think you may be infected.
Aliases:
TA08-297A (other)
CVE-2008-4250 (other)
VU827267 (other)
Win32/Conficker.A (CA)
Mal/Conficker-A (Sophos)
Trojan.Win32.Agent.bccs (Kaspersky)
W32.Downadup.B (Symantec)
Confickr (other)
Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.
Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords.
How do I know if my computer is infected?
System Changes
The following system changes may indicate the presence of this malware:
- The following services are disabled or fail to run:
Windows Update Service
Background Intelligent Transfer Service
Windows Defender
Windows Error Reporting Services
- Users may not be able to connect to websites or online services that contain the following strings:
virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate
Recovery Instructions
Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067immediately.
Note: Computers infected by Conficker may be unable to connect to web sites related to security applications and services that may otherwise assist in the removal of this worm (for example, downloading antivirus updates may fail). In this case users will need to use an uninfected computer in order to download any appropriate updates or tools and then transfer these to the infected computer.
Microsoft Help and Support have provided a detailed guide to removing a Conficker.B infection from an affected computer, either manually or by using the MSRT (Malicious Software Removal Tool).
For detailed instructions on how to manually remove Conficker.B, view the following article using an uninfected computer:
Additional information on deploying MSRT in an enterprise environment can be found here:
Preventing infection
Take the following steps to help prevent infection on your system:
-
Enable a firewall on your computer.
-
-
Use up-to-date antivirus software.
-
Use caution when opening attachments and accepting file transfers.
-
Use caution when clicking on links to web pages.
-
Protect yourself against social engineering attacks.
(Source-Microsoft)
