NOVELL GROUPWISE BUG THREATENS MASS EMAIL THEFT

A mole’s dream

Security researchers have identified two critical holes in Novell’s GroupWise WebAccess, the web front end for the company’s email and employee collaboration package, that allow malicious hackers to steal user messages with ease. All supported versions of the program are vulnerable.

One vulnerability allows an attacker to forward all of a user’s email simply by sending a specially crafted email, according to Adrian Pastor, an employee for ProCheckUp, a penetration testing firm based in London. The cross-site request forgery bug allows attackers to add new forwarding rules simply by tricking a user into opening the email, no clicking of links necessary.

Keep reading “Novell GroupWise bug threatens mass email theft” »

TEXAS LAWYER SUES CITIBANK OVER FAKE CHEQUE SCAM

‘I’m a capital ‘D’ Dumbass’, admits fleeced victim of Lads from Lagos

A Houston lawyer is suing Citibank after being taken for $182,500 by email scammers claiming to be a debt-chasing Japanese company, Texas Lawyer reports.

Richard T Howell Jr, of Buckley, White, Castaneda & Howell, fell for a classic cheque fraud scam. His “Japanese” contacts claimed they were pursuing four outstanding debts in the US - a total of $3.6m of which Howell would collect a healthy percentage for helping process the funds.

Keep reading “Texas lawyer sues Citibank over fake cheque scam” »

US SCHOOL IN TOOTHLESS OBAMA WORM INFECTION

Round up the dweebiest suspects

Security experts reckon a new low-threat worm that displays the image of President Obama on infected desktops is the work of technically-knowledgeable pranksters.

Infections of the worm appear to be confined to scores of desktops at the same (unnamed) Illinois high school, which contacted its anti-virus supplier. The outbreak puzzled security US reseller Walling Data, which in turn brought in the expertise of AVG’s Roger Thompson.

Keep reading “US school in toothless Obama worm infection” »

How I removed W32.Downadup.B/Conficker

I have just been infected by W32.Downadup.B - AKA Conficker and have spent all night removing it, so now I am going to share the quick way to remove W32.Downadup.B.

First make sure you are infected with W32.Downadup.B/Conficker. The biggest sign is going into My Computer and double clicking your hard drive. If you get an error message about “RECYCLER\S” then you are infected.

Be on the lookout for the “RECYCLER” folder as W32.Downadup.B/Conficker puts this on any drive on your computer. It is launched when autorun runs and is responsible for installing the infection. If your computer is infected with W32.Downadup.B/Conficker, you cant remove the RECYCLER folder as it is just put straight back on. RECYCLER is in the main directory “[YourDriveLetter]:\RECYCLER” so it is easy to find.

There are alot of sites out there showing you how to manually remove W32.Downadup.B/Conficker. Most of these files have the word [Random] in it meaning it could be anything. Don’t bother trying to manually remove it, it’s time consuming and you could do more harm than good.

To get rid of W32.Downadup.B/Conficker you have to use an antivirus/anti-spyware program, I just don’t see any other way around it. Microsoft recommends using their Malicious Software Removal tool. If you can’t access that link, it’s because W32.Downadup.B/Conficker is blocking it. Even if you were able to download it, W32.Downadup.B/Conficker stops the Malicious Software Removal tool from being executed.

I did have some limited success using Microsoft’s Conficker manual removal instructions.. Surprisingly W32.Downadup.B/Conficker allowed me to view the page however it didn’t allow me to download or even install the patches.

Although I used Spyware Doctor to remove W32.Downadup.B/Conficker, this post applies to all antivirus/anti-spyware programs. Even if you are able to download and purchase an antivirus/anti-spyware program, it is next to useless as Conficker will prevent it from downloading the necessary updates. Beceause of this, get whatever antivirus/anti-spyware program you want from an uninfected friends computer. When you have the program, manually download the updates from a website. Most antivirus/anti-spyware programs allow you to do this.

Now BURN THE ANTIVIRUS/ANTI-SPYWARE TO A CD. I cannot stress this enough. DO NOT USE A PENDRIVE/USB DEVICE. It will be infected as soon as you plug it into your computer. This is how I was infected in the first place.

Once on a CD/DVD, install the program onto your computer, put in your registation details and install the manual updates you downloaded. Now let it do a full scan and say goodbye to W32.Downadup.B/Conficker.

After you have removed W32.Downadup.B/Conficker, be sure to install this Microsoft patch. It prevents hackers from taking over your system using W32.Downadup.B/Conficker. Those of you are uninfected will want to install it anyway for safety.

Good luck.

UPDATE: Conficker B++ & Conficker C has recently been released. This is just Conficker that has been modified with different ways to communicate with hackers. It’s impact on your computer is the same as it’s twin brother. As before don’t bother trying to manually remove it but use Spyware Doctor to remove Conficker B++ and Conficker C instead.

Conficker is scheduled to start doing something on April 1st. No one is exactly sure what it will do the general consensus is that it will connect to a server and get further instructions like download a Trojan.

SysAntivirus 2009

SysAntivirus 2009 is the latest fake anti-spyware that wants to con you out of your money.

Once it is on your computer, SysAntivirus 2009 will make your life hell by bombarding you with fake security alerts to trick you into buying the “full” version of Adware Eradicator.

You probably got SysAntivirus 2009 from a Trojan disguised as legitimate file that you downloaded; luckily you should be able to remove SysAntivirus 2009 with these instructions.

SysAntivirus 2009 is reported to generate the following popups:

“Spyware Alert! Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of SysAntivirus 2009 and remove spyware threats from your PC.”

“SysAntivirus 2009 alert
INFILTRATION ALERT: Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
DETAILS: Attack from: 46.252.39.218, port 23272; Attacked port: 37481; Threat: Dealbar Toolbar
Do you want SysAntivirus 2009 to block this attack?”

“Insecure Internet Activity. Threat of virus attack!
Due to insecure Internet browswing your PC can easily You may be infected with viruses, worms and trojans without your k nowledge, which can lead to system slowdowns, freezes and crashes. Unprotected Internet browsing can result in your personal information being revealed without your knowledge or permission. To get full advanced real-time protection for PC and Internet activity, register SysAntivirus 2009.”

“Spyware alert! You are trying to download a file. This file may contain dangerous code and seriously damage your compuer. Downloading and running files from Internet may be dangerous. If you do not trust this download, do not open this program without activated antivirus software! It is strongly recommended to activate your seceity software to prvent malicious code execution and your private information damage.
Activate SysAntivirus 2009 Now [or] Stay unprotected.”

IE8 SUGGESTED SITES SUGGESTED TO BE SNOOPY

Privacy activists cry Phorm on Redmond

Privacy activists are crying foul over the “Suggested Sites” feature in IE8, but Microsoft insists concerns about the feature, such that it might be used to serve up targeted advertising or that it poses a browser risk, are misplaced.

The optional component in the next version of Microsoft’s browser software “discover websites you might like based on sites you’ve visited”. Collecting a user’s browser history and using it to create profiles that steer users towards one website or another may seem like a useful pointer to Microsoft’s developers, but the feature is giving some privacy-conscious surfers the fear.

Keep reading “IE8 Suggested Sites suggested to be snoopy” »

KASPERSKY LABS DENIES PANIC MONGERING

The papers just made it up

A mild warning from anti-virus labs Kaspersky has been inflated into a full-blown panic by the Australian press that is warning of an imminent meltdown once infection reaches Australian shores.

The Couriermail even quotes a Kaspersky representative as stating that “it would only take one call to an Australian mobile from an infected handset for the virus to spread”, which is obviously bollocks, while The Daily Telegraph explains that the “virus code … secretly texts a premium number run by cyber criminals,” which is also bollocks.

Keep reading “Kaspersky Labs denies panic mongering” »

FEDS: IT ADMIN PLOTTED TO ERASE FANNIE MAE

‘Server Graveyard’ narrowly averted

A fired computer engineer for Fannie Mae has been arrested and charged with planting a malicious software script designed to permanently destroy millions of dollars worth of data from all 4,000 servers operated by the mortgage giant.

Rajendrasinh Babubahai Makwana, 35, of Virginia, concealed the Unix script on Fannie Mae’s main administrative server on October 24, the same day the Unix engineer was terminated, according to court documents made public Tuesday. His script was programmed to remain dormant for three months, when it would greet administrators with a login message that read “Server Graveyard” and systematically replace all data with zeros on every production, administrative, and backup server in the company.

Keep reading “Feds: IT admin plotted to erase Fannie Mae” »

‘ANONYMOUS’ PWNS DIGITAL CAMERA MAG WEBSITE

‘This forum is now 4chan’s bitch’

Updated  The website of Digital Camera Magazine was taken offline on Wednesday morning following an attack by denizens of 4chan.

Malefactors subverted the DC forum admin to send an abusive message. Members of the 4chan image board have been responsible for formulating and popularising internet memes such as lolcats and rickrolling. The site was also the breeding ground for the Anonymous collective, whose Project Chanology campaign has fought a year-long campaign against Scientology.

Keep reading “‘Anonymous’ pwns Digital Camera Mag website” »

MYBARACKOBAMA PROFILE HACK PUNTS MALWARE

Inaugural Trojan

Virus authors are exploiting a website associated with President Barack Obama in order to distribute a Trojan.

The new president’s use of Web 2.0 technologies is being misused in a fake video codec scam centered around My.BarackObama.com, an online community for supporters of the new president.

Keep reading “MyBarackObama profile hack punts malware” »

Next Page »