FreeDriverSiteBlog - Viruses and Hoaxes

Bogus SPAM email about settings that have changed. "SMTP and POP3 servers for" user@domain.com "mailbox are changed"

FreeDriverSiteAdmin — Mon, 10 May 2010 18:11:44 GMT

There is a newer spam/virus email circulating (seems to be mostly corporate domains) the tries to entice the recipient to click on an http: link that links to a viral zip file.

Here are examples:

From: domain.com support
Sent:
To: User
Subject: [SPAM (Non-existent user)] - setting for your mailbox user@domain.com are changed

SMTP and POP3 servers for user@domail.com mailbox are changed. Please carefully read the attached instructions before updating settings.

http://creterx.googlegroups.com/web/setup.zip> >

________________________

From: domain.com support [mailto:user@domain.com]

Sent:

To: User

Subject: setting for your mailbox user@domain.com are changed - Email contains a url listed on "multi.surbl.org"

SMTP and POP3 servers for user@domain.com mailbox are changed.

Please carefully read the attached instructions before updating settings.

"http://mamapapabrat.googlegroups.com/web/setup.zip"

> >

How a BOTNET works - what is a BOTNET - What is the purpose of all of these silly viruses? The Importance of a Clean Machine. A great simple explanation...

FreeDriverSiteAdmin — Thu, 25 Feb 2010 22:56:07 GMT

Just wanted to share this. Below is a great low-level illustration of what actually happens when a computer is infected by a virus.

The latest viruses are those pesky ones that try to tell you there is a virus on your machine and try to get you to buy software, etc. These are all FAKE and intended to get you to put in your credit card number so it can be STOLEN. However, some people are under the false assumption that if they ignore the issue, it will go away. This is horribly wrong. ANY (I said ANY) piece of rouge software installed on your machine is dangerous. This illustration shows just one of the things that the rouge software can can do - it can turn your machine into a remote-controllable BOT intended to be used to send out SPAM or do other large-scale attacks often without you ever even knowing. If you ignore these issues you leave yourself wide open for Identity Theft, data theft, etc. We all store information on our computers and most if not all of us in the modern world use the computer to do some sort of financial transactions on the Internet. If one of the components of the rouge software is a keylogger, without knowing, you are sending every single letter you type to an off-site location to be collected, indexed, and inappropriately used by cyber criminals. This all happens in "a blink of the eye". I just watched a Sophos web seminar on the latest rouge/fake antivirus viruses. There are reports that these viruses are now mutating at a rate of 10,000 - 20,000 TIMES A DAY. The engine at the core of these viruses can enter your machine and search for 15-20 application vulnerabilities (Adobe, Microsoft Windows, Internet Explorer, Microsoft Office, etc) and attack any one of the vulnerabilities that it finds within seconds - all because you viewed a "safe" web page that had malicious code injected into it.

What can you do? Get Clean, Get Protected, Stay Clean.

Get clean - hire someone competent to professionally clean and check your computer. Viruses hide everywhere and the only way to ensure a successful clean is a multi-pass scan solution using several different scanning products. Your cousin, neice, son, nephew, neighbor, husband, wife, etc is NOT sufficient unless they are in the industry and are constantly studying these viruses and how to clean/prevent them. Its YOUR DATA. It HAS VALUE. Do NOT COMPROMISE.

Get protected - purchase an AntiVirus solution or use one of the free solutions provided by Avast, AVG, etc. These programs are changing almost daily - use the Internet to search for reviews of the latest "top 10" or hire a professional to consult you on what is best for you.

Stay clean - Even the best Anti-Virus may not catch everything because of the high volume of mutations. If you notice any infections or weird pop-ups, etc, - chances are, your computer is infected. DO NOT IGNORE IT - it will only get worse. Once a small piece of any rouge software has infiltrated Windows, it will talk back to its "home-base" and teach itself how to hide from even the best AntiVirus programs, inform "homebase" that it has conquered a machine and wait for "homebase" to send additional software, etc to the machine, or to remote control the machine, or to gather data from the machine and send it back to "homebase". One small rouge piece of software can be the pin-hole in any security strategy that allows more and more malicious software to be installed.

Total Security Malware removal

FreeDriverSiteAdmin — Fri, 18 Sep 2009 16:46:46 GMT

I recently ran accross a new MalWare variant posing to be an AntiVirus program. The program was called Total Security. It actually integrated tight enough to alert Windows Security Center that it was out of date.

So far, Malware bytes and SuperAntiSpyware is not detecting this variant.

To remove - Open Task Manager and find TSC.EXE and Kill the process.

Then, locate the file on the hard drive (usually at c:\program files\ts). Delete the TS directory.

Reboot. Fixed. Run your favorite scanner to clean up any residual crud.

Facebook Fan Check virus or hoax? How to remove Facebook Fan Check virus? Is it real?

FreeDriverSiteAdmin — Mon, 14 Sep 2009 21:27:06 GMT

I was on Facebook today and started seeing a lot of people posting that the Facebook Fan Check application was virus and to remove it.

After doing some research, I found that the application is probably not a virus. The spin to the apparant hoax is that there are several malware sites that have the keywords "Fix Fan Check virus" in their portfolio. So, people use the app, see the posting that it was a virus, search google on how to fix it, then end up on an infectuous site that tricks them into installing malware on their computer which claims to fix the problem that never really existed.

Interesting social study for sure.

In my opionion, all of the apps and quizzes, etc, on Facebook are meant to drive advertising dollars by driving up usage and page impression counts. I will admit I play MobWars and FarmTown occasionally, but I ignore nearly ever other quiz, test, app, etc. The smaller my footprint on Facebook, the better in terms of possibility of contracting malicious software from the site. Its called safe FaceBooking maybe.

Additional reading and sources:

http://features.csmonitor.com/innovation/2009/09/14/is-facebook-fan-check-a-virus-careful-whom-you-ask/

http://news.softpedia.com/news/Fan-Check-Developer-Rebuts-Malware-Claims-121319.shtml

http://www.techradar.com/news/internet/web/facebook-fan-check-virus-rumours-are-driving-users-to-more-danger-633935

http://mashable.com/2009/09/07/facebook-fan-check-virus-hoax/