Malware And Security Tips

LIZAMOON WEBSITE INFECTION

2011-04-09T10:30:00.000-07:00

LizaMoon Mass SQL Injection is an injection attack. Meaning you'll be redirected to a rogue website that tries to install a scareware file. What do you do if you’re in this situation? Clicking on the cancel box most likely will not work as the hackers want you to move on to their rogue website. Yep, it's a jungle out there!

Do a Control, Alt, Delete which will bring up the task manager. Next click on the Applications tab on the very left. Then look at your web browser ( Internet Explorer, Firefox or Google Chrome) click on it to highlight it. Click End Task.

Okay you're back on your Destop. Whew! To be on the safe side. To make sure your computer is NOT infected. Be sure and do a Quick Scan with Malwarebytes and your antivirus software.

Here's more on the LizaMoon virus:

Source:

"Warning : Hackers infect websites to dupe Internet users : 'LizaMoon' Mass SQL Injection Attack Escalates Out of Control
By Tip,Tricks & Warnings

SAN FRANCISCO (AFP) – Computer security firm Websense on Friday was warning that hackers have infected a huge number of websites with malicious code crafted to dupe Internet users.
Hundreds of thousands of legitimate websites have been boobytrapped to redirect visitors to "lizamoon" addresses where they are greeted with bogus warnings that their computers have been compromised, according to Websense.
The ruse is designed to frighten people into downloading and installing fake anti-virus software, referred to as "scare-ware," portrayed as a Windows Security Center.
People who fall for the ploy, perhaps even paying for downloads, are actually installing.
Millions of unique URLs have been infected with a rampant SQL injection attack Websense has dubbed “LizaMoon.” The SQL injection attack redirects users to a fake AV site.
A mass SQL injection attack that initially compromised 28,000 Websites has spiraled out of control. At the last count, more than a million sites have been compromised, with no end in sight.
Security firm Websense has been tracking the “LizaMoon” attack since it started March 29. The company’s malware researchers dubbed the attack LizaMoon after the first domain that victims were redirected to. At the redirected site, users saw a warning dialog that they had been infected with malware and a link to download a fake antivirus.
The users are shown a number of threats supposedly on their computer, but the fake AV, Windows Stability Center, won’t remove them until the user pays up, in a “very traditional rogue AV scam,” wrote Patrik Runald, the Websense researcher who has been following the attack over the past few days.
The list of redirect URLs has ballooned in the days since, as Websense updated its list March 31 with 20 additional sites, making this one of the biggest mass-injection attacks ever.
More than 500,000 URLs have been injected with LizaMoon, according to Runald. If all the domains used in the attack are considered, eWEEK found about 2.9 million results on Google Search that have been compromised.
“Google Search results aren't always great indicators of how prevalent or widespread an attack is as it counts each unique URL, not domain or site,” Runald said. It is safe to consider hundreds of thousands of domains have been hit, he said.
Websense researchers are still trying to figure out how the SQL injection attack is happening. Somehow, legitimate Websites have been compromised in a way that one line of code has been embedded on the site. That code is a simple redirect, and executes when the user loads the page. The bulk of the action happens on the redirected page, where a script containing Javascript code kicks off the fake AV scam.
Commenters asked Websense why researchers were so convinced it was a SQL injection on multiple Websites and not a mass cross-site-scripting attack. The researchers said they’d been contacted by people who have seen the code in their Microsoft SQL Server 2003 and 2005 databases. The vulnerabilities weren’t within the database software, but “most likely in the Web systems used by these sites, such as outdated CMS and blog systems,” Runald said.
Considering the large number of sites infected, users all around the world are affected, with victims in the United Kingdom, Kuwait, India, Australia, Turkey, Brazil, Israel, Mexico, Taiwan and Chile, among others, according to figures from Websense Threatseeker Network. The bulk of the victims, at 47 percent, appear to be from the United States.

The domains used in this attack, including the redirect URLs and the server where the malware is hosted, are all associated with one of four IP addresses, according to Dancho Danchev, an independent security expert. While the 20 or so domains being used as the redirect URL rotate between two IP addresses, Danchev has identified more than 120 India-based or Cocos Island-based domains all pointing to one malware host server, and 50 India-based domains going to another.

The domains have all been registered using automatically registered accounts at Gmail, Danchev said. The first domain on the list was registered as far back as October 2010, and new domains have been added since LizaMoon exploded, according to Runald.

First, the good news: Users are hit with the Windows Stability Center scam only once, so visiting the site repeatedly doesn’t repeat the attack.

The bad news: Not many antivirus programs seem to be able to detect the Windows Stability Center. VirusTotal is a service that checks malware samples against 43 major antivirus products to see which products can detect it. As of April 1, only 17 out of the 43 tested block Windows Stability Scanner. At least, security companies are moving on this threat: It was only 13 out of 43 March 31.

Please share this IMPORTANT POST !!

If these tips helped you, or if I helped you elsewhere, please help me to continue to fight malware by making a donation. Also, for me to donate to the authors of the tools we used to remove malware. Just click the PayPal Donation Button below:

Thank You Kenny (Kenny94)

Meat and Potatoes (Basic protection for your PC)

2010-03-21T10:44:00.000-07:00

Let's talked about Meat and Potatoes
(Basic Protection for your PC).

The most important way to protect your computer is to make backup copies of important documents, pictures of your love ones and files. This way if your computer should ever get hit by a virus/malware and corrupts your system and your PC blows a head gasket!

You'll have a back up copy available. I use an external hard drive. There cheap these days. So, please back up your stuff now.

Thanks goodness for antivirus software! Your PC can prevent most of the viruses from playing mayhem on your PC machine. They warn you about suspicious files and can detect and block viruses before they have a chance to cause any harm to your PC. Also, running weekly full system scan helps a lot.

Let's not forget to have Anti-Malware protection on your PC. Antivirus software alone is not enough these days! If your antivirus fails to block malware (that I see a lot today) Anti-Malware software will block any suspicious activity that your antivirus software missed. I use Malwarebytes anti-malware. The full version works well with most antivirus software.

Make sure you have a Firewall. A firewall can block malware as well. All Windows operating systems have firewalls built in that are turned on by default to block threats from the Internet. You should leave this feature turned on. Not all wireless routers come equipped with a built-in firewall. I use a router with built-in firewall for two levels of protection. If you’re on a home network that uses a wired or wireless router.

With new viruses and worms constantly being created, it is important to keep the Microsoft Windows operating system up to date. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

If these tips helped you, or if I helped you elsewhere, please help me to continue to fight malware by making a donation. Also, for me to donate to the authors of the tools we used to remove malware. Just click the PayPal Donation Button below:

Thank You Kenny (Kenny94)

What is Malware

2009-07-27T12:54:00.000-07:00

Malware stand for "malicious software" program. It has ominous names, such as viruses, Trojan horses, malicious keyloggers, Backdoors and Rootkits. Most malware ("malicious software") programs will reinstall themselves even after you think they have been removed. WOW! That's scaring. You thought you had removed malware from your computer and there's still Symptoms of Malware.

So, what's next, now that my computer is infected? First thing do to is download Malwarebytes.

Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes Launch Malwarebytes and click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Quick Scan then click Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. And reboot your computer.

I would recommend to purchase the full version of MalwareBytes. There Realtime Protection Module monitors all processes and stops malicious processes before they start, so your computer will be safe.

Malwarebytes Anti-Malware Download Instructions

Next, run a virus scan with your antivirus virus program. If you are still experiencing problems and/or symptoms of Malware, post it on one of the forums to the right.

In my next blog, we will talk about Prevention. How NOT to get infected by Malware

If these tips helped you, or if I helped you elsewhere, please help me to continue to fight malware by making a donation. Also, for me to donate to the authors of the tools we used to remove malware. Just click the PayPal Donation Button below:

Thank You Kenny (Kenny94)

ComboFix

2009-07-04T09:10:00.000-07:00

Is ComboFix a rootkit scanner? With Gmer and RootRepeal (beta or not it is an excellent tool for finding rootkits) that uses specialized techniques in finding Rootkits. ComboFix has a broad range for other infections and can not key in on a rootkit/rootkits and besides some of the rootkits entries are removed by a CFScript.

As some of you know, ComboFix is a very powerful tool intended by its creator (sUBs) to be "used under the guidance and supervision of an expert", NOT for private use.
So why use it for and a rootkit scanner? With Gmer and RootRepeal. And take a chance and do damage to your computer with ComboFix?

ComboFix was and used for QooLogic, Purity infection, SurfSideKick, QooLogic, Look2Me. These are old infections. The combo of this group is to remove these in one scan. Some Vundo as well. Now, ComboFix is mainly use today for Vundo and it has replaced Vundofix sometime back. ComboFix is use for a lot more infections including some rootkits. That's why ComboFix is updated every day for newer infections and other things as well. ComboFix will remove a lot of bad entries in one scan. What is not removed then a CFScript is done by the helper for the user to run. This is one of the things that are great about ComboFix. Note: Please read DO NOT USE COMBOFIX on your own without supervision!!!
I'll talk about Malware In my next Blog. But I had to post this about ComboFix. Because some end-users are posting ComboFix logs in the help forums without any guidance from a qualified helper. Saying they have a rootkit on their PC.

My next Blog, we'll talk about Malware.

If these tips helped you, or if I helped you elsewhere, please help me to continue to fight malware by making a donation. Also, for me to donate to the authors of the tools we used to remove malware. Just click the PayPal Donation Button below:

Thank You Kenny (Kenny94)

What is Spyware and how do I stop it?

2009-05-06T14:34:00.000-07:00

Spyware is the most intrusive use of cookies being used by the morons who customize the advertising a website displays. Companies, such as the Double-Click Network, use banner ads to record your visits to its client sites. Since, technically, all the ads come from a single source, no matter which website you are visiting, (Double-Click) can use these spyware/tracking cookies to track you across sites that display its banner ads. The best programs to stop this pest is SpywareBlaster. This program detects known spyware ActiveX controllers and prevents Web Pages from putting them on your system. Gator will never again ask you to download something. Xupiter and Bonzi Buddy will never again come knocking. All you have to do to keep SpywareBlaster aware of the latest threats is to regularly update the software's database.

No matter which you run, whether it's a free tool or one you purchased, you must remember to update it regularly. If you don't, the definitions it uses to scan your PC will be quickly out of date, and it won't be much good at rooting out spyware on your system.

Note: In my next Blog, we will talked about Malware....

If these tips helped you, or if I helped you elsewhere, please help me to continue to fight malware by making a donation. Also, for me to donate to the authors of the tools we used to remove malware. Just click the PayPal Donation Button below:

Malicious Software Tip

2009-03-28T16:03:00.000-07:00

Conficker has acquired more than its share of coverage as probably the most important malware in the last year, but this next week will see a whole lot more. The latest variant of the worm, Conficker.C, is programmed to do something on April 1.

We all know to keep your computer Antivirus Software updated with Windows Update and set your computer to receive security & critical "Updates" Also, Spyware/Malware protection. But here's a few security measures you can do:

"One of the many ways that your system can get infected in the first place is from the usual suspects: e-mail attachments, rogue links in e-mails or on malicious websites and from downloading files from P2P networks such as Limewire and KaZaa, but a most recent exploit seems to be where many folks are getting infected.

The popularity of online video and especially YouTube has created a new trick for malware writers to get into your system. If you click on a link that presents itself as a video, but when you go to play the video you get an alert stating that you need to update your “Flash Player” or you need a new ‘codec’, the chances are real good that it’s a trick.

If you routinely view online video and you are suddenly told you need something new to view online videos, especially from a no-name website, be suspicious.

If a message comes up saying you need a new version of the Flash Player, don’t accept the file that the website offers as an update. Instead, go to http://get.adobe.com/flashplayer to install the latest version of the free video player, then go back and try viewing the video again.

If the same message comes up with a prompt to download an updated Flash Player, you will know it’s a scam for sure.

In the same respects, if you get a message telling you that you need a new ‘codec’ to view a video, the safe response is to take a pass until someone technical you trust can see if you’re video playback software is really that old."

Posted by Ken of Data Doctors on March 26, 2009

If these tips helped you, or if I helped you elsewhere, please help me to continue to fight malware by making a donation. Also, for me to donate to the authors of the tools we used to remove malware. Just click the PayPal Donation Button below:

Cookies Tips

2009-03-16T15:47:00.000-07:00

What is a cookie?

A cookie is a little round or square thing - usually made with flour, sugar, eggs and stuff. They're really good. I used to gorge on them until I got a little chunky (no pun intended!). They will make you chunky too; if you eat too many of them. There are chocolate chip cookies (my favorite), oatmeal cookies (the health food of cookies) - Oh wait! You meant a computer "cookie". Sorry!

A cookie, in computer terms, is a small text (txt) file that a web page on another machine writes to your personal machine's disk to store various bits of information. Cookies have earned a undeservedly bad reputation. Cookies cannot cause your computer harm because they are nothing but text files. Most cookies are used by sites to keep count of "unique" visitors, to provide services to visitors, to save user settings, etc. Normally, a cookie can only be read by the site that placed it on your computer. Cookies are never spyware because the term "ware" indicates a program.

There are such things as "tracking cookies" where sites working together track your movement from one of their sites to another, but no cookie can track your movements across the Internet. Cookies, unlike spyware, can be quickly and easily deleted by clicking Tools / Internet Options on the Internet Explorer toolbar and clicking the "Delete Cookies" button. And use ATF Cleaner by Atribune.

Spyware Tips

2009-03-16T13:15:00.000-07:00

Watch out for those sneaky pop-up advertisements that look like a real window! I hate them. For just a second there, I see the window and it looks like a typical Windows error message. It says, "This computer may be infected with Spyware! Click below to scan." And it looks like a real dialog box, but it isn't. It's spam an annoying pop-up ad on the Internet. That will infected your computer. Do not be fooled! Do a Control, Alt, Delete which will bring up the task manager and you can end that process this way. Then do a Quick Scan with Malwarebytes to be on the safe side.

If you are offered to download or purchase any Spyware or Malware cleaning programs by way of pop-up advertising please DO NOT accept these invitations. These types of programs usually try to trick you into using them and are associated with malware themselves.

Let's talk a little about how such programs get onto your computer. An invitation to download them can arrive via spam. Or you could get a pop-up offering them. Either way, they should be refused. Remember what Mom said about accepting candy from strangers. The same rule applies here.

I'm not very high on Spybot or Ad-Aware by Lavasoft any longer, not because there is something wrong with the program. It just does not seem to be able to detect all the new variations of spyware (The bad guys constantly try out new ways to fool spyware programs.) If you're looking for a free solution, it's hard to beat Malwarebytes. I've found no anti-spyware which works better than Malwarebytes

If these tips helped you, or if I helped you elsewhere, please help me to continue to fight malware by making a donation. Also, for me to donate to the authors of the tools we used to remove malware. Just click the PayPal Donation Button below: