Archive

Posts Tagged ‘Malware’

Your Computer is Infected, Call This Number (Scam)

Just a quick post as i received a call from a client saying that he had a message on his computer today “stating that his computer has a serious virus and then asked him to call 866-628-4936 or a UK number to remove the virus” which was a voice speaking to him!!

This is defiantly a SCAM “DO NOT CALL THE NUMBER”

If you require any help or support with this problem please don’t hesitate to contact us or visit our website Remote computer repair

Kind Regards

IT Solutions Site Support Team

PCs Come Pre-Installed With All Your Favorite Malware

Malware and viruses are bad, but so long as you’re careful, your PC will stay squeaky clean, right? Maybe not. Microsoft has found that many PCs from China are coming with malware pre-installed, as many as a fifth.

As if bloatware wasn’t bad enough, the four offending computers all run forged versions of  Windows, forged versions of Windows with all kinds of nasty functionality baked right in. Generally, the malware is designed to control the PCs for use in a botnet, In worse cases, the viruses could remotely engage cameras and microphones.

You’re probably safe; most of the computers that suffer from this come from relatively unregulated markets like China. Still, even if your laptop is clean having more infected computers out there isn’t going to be good for anyone. Microsoft has been trying to fix the problem with a lawsuit, but it’s a big problem to fix. For the time being, don’t buy a new computer in China if you can avoid it

Work-from-Home Scheme and Malware Served on Fake BBC Site

It’s not uncommon for us to find shady websites that replicate the ones of the BBC, or Channel 5 News in an attempt to advertise fake work-from-home jobs. However, it’s somewhat unusual to find such sites that bring something extra, such as the Blackhole exploit kit and a nasty Trojan. More on this story at Softpedia

Get a 30 day FREE trail VIPRE Anti-Virus

Google warns 20,000 websites they could be infected with malware

Google has warned 20,000 websites that they might be hacked and injected with JavaScript redirect malware, Google said.

In a message sent this week, Google said some pages of the website may be hacked. “Specifically, we think that JavaScript has been injected into your site by a third party and may be used to redirect users to malicious sites,” the Google Search Quality team said. The team said files are infected with unfamiliar JavaScript and warned that site owners should search for files containing “eval(function(p,a,c,k,e,r)” in particular. The code may be placed in HTML, JavaScript or PHP files.

Websites were also warned that server configuration files could have been compromised.”As a result of this, your site may be cloaking and showing the malicious content only in certain situations. It emphasized that it is important to remove the malware and fix the vulnerability to protect site visitors. Webmasters were also urged to keep their software up-to-date and to contact their Web hosts for technical support.

It is not the first time Google has warned website owners to look for malware infections, Google spokesman Mark Jansen said in an email. “It’s part of our ongoing mission to be transparent with webmasters and do our bit to help prevent spam,” he said. “In fact this isn’t a new phenomenon; we communicate very openly with webmasters and always have done.”

Google’s anti-malware campaigns can have a big impact. Last July Google excluded more than 11 million URLs from the “co.cc” domain, because they were regularly used by cybercriminals to spread antivirus programs and conduct drive-by attacks. Google explained in a blog post at the time that some bulk providers could host more than 50,000 malware domains, and that it could flag whole bulk domains in severe cases.

VIPRE Report Reveals Wide Range of Cybercrime Targets

GFI’s VIPRE Report for January 2012 reveals that cybercriminals took advantage of every single hot topic to launch their malicious campaigns, targeting gamers, small businesses and even government organizations.

Pro Evolution Soccer 2012 and the Halo video game series represented great opportunities that allowed crooks to spread their pieces of malware onto the computers of those who were looking for pirated editions or invites to test beta versions.

Phishing emails were also widely present in inboxes in the month that passed, the reputations of organizations such as the Better Business Bureau, Southwest Airlines, and even the US-CERT being used in the phony messages.
By relying on hot topics, malware writers and scammers launched a large number of successful campaigns to which they’ve attached dangerous pieces of malware.
An interesting typosquatting scam relied on the fact that users may still try to access the now defunct Megaupload site. Users who misspelled the site’s name ended up on domains that offered fake prizes in exchange for valuable personal information.

GFI found that most of the threats having targeted users in January were Trojans (35%), followed by the Yontoo Adware (2.23%) and a rogue security program identified as FraudTool.Win32.FakeRean. The omnipresent Autorun.inf Trojan also made the list, being identified in around 1.2% of attacks.

Get a FREE trial of Vipre ant-virus today!!

Amazon Gift Card Survey Scam Hits Facebook

Amazon seems to be the company for internet scammers, who have now launched a new survey scam using the online retailer’s name.
Amazon Gift Card Offer Spam Message

One Free Amazon.com Gift Card (limited time only)
amazonfree-giftcard.blogspot.com
Amazon is currently giving away gift cards to all facebook users. Click here to get one! http://

The scam offers a “free” Amazon.com gift card to anyone that’s willing to share the scam with their peers and post a comment on the page to help the scammer build credibility for the offer.

Of course, scammers are never satisfied with a measly share & comment!

Once you’ve completed step 1 and 2 on the initial landing page, you’re redirected to another website that starts off slow by asking for your zip code.

The cybercriminals behind this scam don’t benefit profit from their little setup until you complete 13 “reward offers” and convince three friends to repeat your mistakes.

According to the terms & conditions  that make up for about a third of the page, “Completion of reward offers most often requires a purchase or filing a credit application and being accepted for a financial product such as a credit card or consumer loan. “

And to no surprise, “Failure to submit accurate registration information will result in loss of eligibility.”

How to deal with the Amazon Gift Card Scam

If you’ve shared this scam:

  1. Remove the link from your Facebook wall by clicking the ‘x’ in the top right corner.
  2. Remove the history of your comment on the scam page from your Facebook wall.
  3. Warn your Facebook friends & family not to share this scam or complete any of the “reward offers” associated with it.

If you catch one of your Facebook friends sharing this scam:

  1. Let them know that it’s a scam and recommend that they follow the steps outlined above.

In addition to this new Facebook survey scam, cybercriminals are also using Amazon’s brand in numerous spam campaigns that contain malicious file attachments, attempt to steal financial information, or link the recipients to dangerous websites that deliver malware.

If anyone requires any help or support with a virus please don’t hesitate to contact IT Solutions Site Ltd

We also recommend Vipre anti-virus details can be found here

Regards

IT Solutions Site Support Team

Koobface Worm Wriggles Out of Social Networks and into BitTorrent

How many times have you been told that when one door closes, another one opens? Probably a whole bunch, but what no one ever bothered to disclose is that this idiom isn’t always an inspirational motivator to carry on with life and can sometimes apply to those with less scrupulous intentions. Case in point: a security firm warns that the Koobface worm is no longer spreading through social networks and is now slithering its way across BitTorrent sites.

According to Trend Micro’s research, the Koobface botnet is spreading through Trojanized torrent files and/or a new Koobface component called tor2.exe. Trend Micro detects the latter as WORM_KOOBFACE.AV, and once a user executes the file, the worm sends an HTTP request to its C&C to download a torrent file. That’s the first step. The next step involves firing up uTorrent unbeknownst to the user as a background process and proceeding to grab the dirty files referenced in the torrent file.

“Unwitting users looking for pirated copies of popular software such as games, PC utilities, or productivity software are in for a surprise, as these Trojanized software torrents are found on popular torrent sites,” Trend Micro warns.

Trend Micro says it’s discovered the Koobface worm lurking in pirated copies of WinRAR, Adobe Lightroom, Dark Ritual, and many more. Those who think they’re safe to download pirated software because they’re sitting behind an AV wall should think again. Trend Micro says Koobface uses several binaries and encryption to avoid detection by AV programs.

Back to School Special Offer – Buy VIPRE Antivirus get TuneUp Utilities FREE!

VIPRE Antivirus is the light-weight and highly effective antivirus program that does not slow down your PC. Using next-generation technology, VIPRE protects your computer from all types of malware threats including viruses, adware, spyware, worms, rootkits, and more.
And VIPRE is supported by a world-class team of experts, with toll-free support and free malware removal assistance! Get VIPRE today and get the peace of mind of the world’s most-loved antivirus product!

Buy today and get TuneUp Utilities FREE  www.it-solutions-site.co.uk/VIPRE-Antivirus.html

Speedy Malware Infects More than 6 Million Web Pages

In less than two weeks, a malware injection that targets e-commerce Web pages has ballooned from 90,000 infected pages to more than 6 million.

The malware, called willysy, exploits a vulnerability in a popular online merchant platform, osCommerce, according to Web application security provider Armorize, of San Francisco.

When the company initially reported the injection on July 24, it found 90,000 infected pages. When it took another look at the malware on August 3, it found the injection had spread to some 6.3 million pages.

Although the identity of the perpetrators of the attacks by the malware could not be identified by Armorize, the company did trace the forays to eight IP addresses, all located in the Ukraine.

The attacks exploit three known vulnerabilities in version 2.2 of osCommerce. The exploits allow the attackers to place an invisible frame (iFrame) on the page and then inject malicious code (JavaScript) into the page, where it will infect visitors to the online store.

Once the infection makes it to shopper’s computer, it targets vulnerabilities in Java, Adobe Reader, Windows Help Center and Internet Explorer. Although the flaws in those programs targeted by the infection are known and have been patched, the attackers are betting that the user hasn’t patched all the programs.

Even the exploitation of osCommerce itself depends on lax patch management by the shopping site, since the holes in the program used by the attackers were patched in version 2.3 of the software released in November of last year. Since that time, two versions of the offering have been released, 2.3.1 and 3.0.1.

According to osCommerce, the open source software is used by some 249,000 store owners, developers, service providers and enthusiasts.

Attacks like the one discovered by Armorize can be especially harmful to small and medium-size businesses (SMB), asserts Frank Kenney, a former Gartner analyst and vice president of Global Strategy at Ipswitch, a file transfer security company in Lexington.

Willysy’s progress (click to enlarge)Those companies typically don’t have the financial resources of larger firms so they’re attracted to open source programs like osCommerce and use off-the-shelf software in their operations. “Whenever you use off-the-shelf software, you have to understand there are data issues and all types of security vulnerabilities that exist.

While the makers of off-the-shelf software patch their programs often, he continued, the business still has to invest in the resources to insure that proper patch work is done.

Such lack of diligence can hurt a business in the long run, because security breaches can invite scrutiny from credit card companies, he explained. A credit card company may refuse to allow the business to use its services until it shows a certain level of security compliance that is out of the reach of the business from a financial or time and resource point of view.

Rootkit infection requires Windows reinstall, says Microsoft

IT Solutions – Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector.

A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group’s blog.

“If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,” said Feng.

A recovery disc returns Windows to its factory settings.

Malware like Popureb overwrites the hard drive’s master boot record (MBR), the first sector — sector 0 — where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks. Because it hides on the MBR, the rootkit is effectively invisible to both the operating system and security software.

According to Feng, Popureb detects write operations aimed at the MBR — operations designed to scrub the MBR or other disk sectors containing attack code — and then swaps out the write operation with a read operation.

Although the operation will seem to succeed, the new data is not actually written to the disk. In other words, the cleaning process will have failed.

Feng provided links to MBR-fixing instructions for XP, Vista and Windows 7

Rootkits are often planted by attackers to hide follow-on malware, such as banking password-stealing Trojans. They’re not a new phenomenon on Windows.

In early 2010, for example, Microsoft contended with a rootkit dubbed “Alureon” that infected Windows XP systems and crippled machines after a Microsoft security update.

At the time, Microsoft’s advice was similar to what Feng is now offering for Popureb.

If you need help and support with virus removal please don’t hesitate to contact us.

IT Solutions Support Team