Computerworld - About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, a security researcher said Wednesday.

The bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs, said HD Moore, the chief security officer of Rapid7 and creator of the open-source Metasploit penetration testing toolkit. Moore did not reveal the names of the vulnerable applications or their makers, however.

Each affected program will have to be patched separately.

Moore first hinted at the widespread bug in a message on Twitter on Wednesday. “The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,” he tweeted, then linked to an advisory published by Acros, a Slovenian security firm.

That advisory detailed a vulnerability in iTunes for Windows that hackers could exploit by persuading users to download and open a malformed media file, or by duping them into visiting a malicious Web site, where they would fall to a drive-by attack.

Read the article here

Any guesses on the affected applications?

My take is that there are plenty of web browsers included in this research assessment. Other apps could possibly be Microsoft Office,  Adobe products, and Oracle.

Source: By Gregg Keizer, Computerworld

A new series of mass SQL injection attacks has planted links to malware sites and hidden iframes in over a million webpages, including parts of Apple’s website. The technique is similar to a standard SQL injection attack, but uses obfuscation to disguise the data in hopes of routing around any rudimentary input checking.

The attack was detailed earlier this week by security researcher Manuel Humberto Santander Peláez. The attacks rely on a series of SQL commands stored as hexadecimal data preceded by a CAST command. When decoded, it attempts to inject iframes into data tables, which then end up being rendered in webpages that use the tables to build its HTML code dynamically. The attacks lead to Russian top-level domains that appear to be sources of malware.

Read the article here

Source: By Chris Foresman, ars technica

Cyber-criminals have created a new version of the Zeus crimeware toolkit.

Zeus 3 is far more selective in the banks that it targets. Two different flavors are available:

1. Target banks located in Spain and Germany
2. Target financial institutions located in the UK and US

The updated features are making it very difficult for security researchers to figure out because the malware is now operating on a need to know basis.

“It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose.” –John Leyden, The Register

Source: Zeus baddies unleash nasty new bank Trojan • The Register

SANS study: One in five mobile devices running malware | Malware – InfoWorld.

Ask a painful question, get a painful answer: That was the lesson the SANS Institute’s Internet Storm Center (ISC) learned recently when it surveyed its membership on the subject of malicious programs that target mobile devices like iPhones and BlackBerrys. –infoworld.com

LIGATT, The World’s #1 Hacker

World’s self-proclaimed #1 Hacker LIGATT e-book has been plagued by plagiarism and a whole lot more. Gregory Evans, a convicted felon and owner of Ligatt Security (Pennystock value high of $0.0002) continues to promote himself and his company as a prominent and ethical security source.

Ben Rothke, CISSP PCI QSA, senior security consultant with BT Global Services was able to expose LIGATT’s #1 Hacker e-book as a plagiarized product by using the iThenticate plagiarism checker stating that “The iThenticate scan of the book confirmed what was obvious.  In fact, some sections averaged as high as a 95% plagiarism rate, with one chapter coming in at 100%.”

The Register: “How to Become the World’s No. 1 Hacker is purportedly written by Gregory D. Evans, an animated felon who went on to become CEO of Ligatt Security International, a publicly traded company worth about 0.0002 cent per share that bills itself as a full-service computer security firm.”

Attrition.org further elaborates“Every press release, every video cast, every public communication is full of discrepancies, half-truths and outright lies.”

The world’s #1 hacker is also a hot topic within the infosec community on Twitter. Follow hashtag #LIGATT

Gregory Evans bio claims the following professional Affiliations & Awards

The Association of Certified Fraud Examiners - not found!

Legal history and Court docket.  Gregory D. Evans Lies About Being CISSP.  Gregory D. Evans Lies About Being a Certified Ethical Hacker (CEH.)  Gregory D. Evans Lies About Being CISA/CISM.

It appears that LIGATT CEO Gregory Evans is the World’s #1 Scammer. A mediocre hacker with fake credentials, currently under heavy examination from the Infosec community. Mr. Evans has been lying about his company, his affiliations, and his certifications too.

–Perhaps LIGATT should be appropriately renamed LIEDAT.

Be sure to check out Attrition.org for more LIGATT information.

——————————

Two teenagers busted running World’s largest international Cybercrime forum

The PCeU, (Police Central e-Crime Unit, of Scotland Yard) arrested two teenagers for their alleged involvement in the world’s largest international cybercrime forum.

“The forum has 8,000 members, according to the Met Police, and officers found evidence that it was “promoting and facilitating the electronic theft of personal information, credit and debit card fraud, buying and selling of personal information (including passwords and PINs), the creation and exchange of malicious computer programs (malware) and tutorials providing advice on how to commit such offences, including how to evade and frustrate law enforcement activity and exchanging details of vulnerable sites”. –David Neal, V3.co.uk

Tom Espiner, ZDNet UK reporter stated “The police investigation into the forum has recovered more than 65,000 compromised credit card numbers…Malware kits traded on the forum included the password-stealing Zeus Trojan, and compromised data from computers infected with the Zeus bot.”

During the eight month investigation, officers found evidence of the forum buying and selling personal information, along with logon credentials, password, and PIN disclosures. The forum also provided access to malicious computer programs (malware) and tutorials on how to commit electronic theft and evade law enforcement intervention.

——————————

Kraken botnet rises again

Machines infected by Kraken malware primarily are being used to send spam, and a single member of the botnet is capable of sending more than 600,000 unwanted emails in a 24-hour period, he said. All of the spam is promoting male enhancement or erectile dysfunction products.  –SCMagazine

Read more about the Kraken botnet at Dark Reading.

——————————

Who are the Russian Spies?

One of them is a beautiful 28-year-old Russian with an IQ of 162, a diplomat father and a taste for the high life. –Bharat Chronicle

Read more at the Washington Post

See the criminal complaints from the Justice Department

——————————

Until nest time — Stay safe online!

Below you will find 12 steps that you can take today to reduce email spam.

The word “Spam” as applied to Email means “Unsolicited Bulk Email”. Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. –Spamhaus

1. Do not post your email address online in clear text.  If you must post it online be sure that your address is munged so that the bots will not see it.
2. Never respond to suspicious emails.
3. Do not unsubscribe to spam email.
4. Do not use your personal email address for public use. Instead, use a disposable email address and set it up to forward messages to your personal email account.  If you begin to receive spam in a disposable account –simply delete the disposable account and sign up for a new one.
5. Do not open suspicious attachments, links, or images. This could lead to malware downloading on your computer.
6. If you are using a software email program (and not a web-based one) be sure to disable the preview pane.
7. Use spam-blocking tools and filters.
8. If you need to forward email to groups of people use a disposable email address in the TO: field and add all recipients to the BCC: field.  This will shield the email address from others as well as from spam harvesters.
9. Be sure to have antivirus software installed on your computer, run a full scan every week, and keep it updated!  You should run some form of an anti-malware software each week too, such as Malwarebytes.
10. When you sign up for something on the web, be sure to uncheck the box that says “YES, I want to be contacted by select third parties concerning products I might be interested in.”
    
11. Be sure to take advantage of reputable and free computer scans such as the firewall leak and ShieldsUP tests over at Gibson Research Corporation.
12. Report spammers.  Register for free spam reporting service at SpamCop.

Check over at Software Candy for more tips here.

Some helpful Links:

Federal Trade Commision FTC

If you are a victim of a financial solicitation contact
the Internet Crime Complaint Center

Medical fraudulent claims (devices or products)
Email: webcomplaints@ora.fda.gov

Investment-related email- *Copy headers and forward to:
Email: enforcement@sec.gov

*How to copy email headers

One of the content monitoring services that I subscribe to is Google Alerts, which only provides content from the Google search engine itself. I use a combination of RSS and email alerts, generally set to deliver as it happens. I tend to pay a great deal of attention to alerts that come from sources that lack professional credentials. My specific area of concentration is with affiliates who participate in the distribution of harmful or bogus applications, otherwise known as rogueware.

A general template for many rogueware-affiliates is to offer a catchy title that will pique your interest.  A recent Google malware email alert was titled: “What Malware And Grayware Are And What You Can Do About Them.”

The affiliate article will likely give you accurate and timely security-related information. The writer will also hook you into believing that the author knows what she or he is talking about, while sporting juicy paragraphs such as this:

“The more sophisticated kinds of rootkits will actively prevent you from deleting them. It may, for instance, duplicate itself several times, and replace those copies whenever they’re removed, making it difficult to get rid of them all and also harder to identify the original problem files.”

Then the affiliate will add a highly credible source to the article content:

“Since it is virtually impossible to prevent malware from installing itself on your system, it is best to create a routine check on your system for malware by using an anti-malware system such as Microsoft’s Malicious Software Removal Tool. This program is compatible with Windows Vista, Windows XP, Windows 2000 and Windows Server 2003, and can determine the nature of specific malware installations while also being able to assist you in removing them from your system.”

This particular rougeware-affiliate marketing plan is highly versed in SEO and Google page ranking placement:

Both McAfee SiteAdvisor and W.O.T. (Web of Trust) have security concerns with Spyware Removal Doc.  It is also listed at hp-hosts as FSA, otherwise known as: sites engaged in the selling or distribution of bogus or fraudulent applications.

Spywareremovaldoc[]com is currently on the auction block for 15K USD with a current bid of $100 USD. You won’t be able to download their “free software” until you complete one of the trial options over at trialpay.com.

The current marketing plan is exceptionally cunning. I can credit them with some pretty ingenious and well thought out social engineering techniques too. They also have a number of first page rankings with Google and are able to market their product as highly credible to those who are not well versed in the realm of security software.

In a 2009 PandaLabs Report The Business of Rogueware, PandaLabs reveals “how the rogueware business works. Not unlike a traditional business, the rogueware business model consists of two major parts: program creators and distributors. The creators are in charge of making rogue applications, providing the distribution platforms, payment gateways, and other back office services. The affiliates are in charge of distributing the scareware to as many people and as quickly as possible.”

• Cybercriminals are earning approximately $34 million per month through rogueware attacks
• Approximately 35 million computers are newly infected with rogueware each month
• Rogueware is being distributed through Facebook, MySpace, Twitter, Digg and targeted blackhat SEO attacks  –PandaLabs

I believe that 2010 is going to introduce a few additional components to the distribution module of the rogueware business model:

1. Rogue marketing plans will include pairing(bundling) rogueware with credible software that people trust.
2. More rogueware will cease to become directly down-loadable and will be featured “behind-the-scenes” at third-party sites that have solid SEO reputations.

Until next time — Stay safe online!

Serial killer Fred West created a Facebook Fan Page for Graham Cluley  – should he be worried?

Two years ago someone posted a mock up photograph of Graham (Security expert from Sophos) along with offensive materials on Facebook indicating that he might be a pedophile.

As a consequence of the perpetrators actions some people threatened to burn down Graham’s house and even issued a death threat against his wife.

Read the rest of this article at Graham Cluley’s Blog and don’t forget to watch the video.

IRS uses Facebook, Twitter for tax audits
Government uses social networking sites for investigations

Advocacy group the Electronic Frontier Foundation has obtained documents showing how law enforcement agencies and the Internal Revenue Service are gathering information from social networking sites for their investigations.The documents were obtained via a Freedom of Information Act (FOIA) lawsuit filed last December by the EFF and the University of California, Berkeley’s Samuelson Clinic. The lawsuit was filed against six federal agencies and sought information on their use of social networking sites for data collection and surveillance purposes.

Read the rest of this article at computerworld

Mafia don suspect tracked down via Facebook
Capo gets poked and cuffed

Italian police successfully used Facebook to track down a Mafia suspect.

Pasquale Manfredi, 33, who reportedly calls himself Scarface and allegedly runs the ‘Ndrangheta mafia, was captured in Calabria using intelligence gleaned from the social networking site. Manfredi, who used the alias Georgie on Facebook, is suspected of using social networking to exchange coded instructions and stay in contact with other mobsters.

Manfredi, who was caught despite attempting to flee across the roof of an apartment building, faces charges of murder and drug trafficking, the BBC reports.

Read the rest of this article at The Register

Cybercrooks use anti-piracy tools to protect malware
Anti-piracy provisions similar to those of Microsoft’s Windows are being used to protect Zeus an anti-piracy kit responsible for millions of dollars in losses to businesses and consumers.

The newest version of Zeus, a do-it-yourself crimeware kit responsible for millions of dollars in losses by consumers and businesses, comes with anti-piracy provisions similar to those used by Microsoft’s Windows, a researcher said today.  And that’s a good thing.

Like Windows, Zeus 1.3 ties itself to a specific computer using a key code based in part on the machine’s hardware configuration, said Kevin Stevens, a security researcher with Atlanta-based SecureWorks, and a co-author of a report on Zeus published last week. “It’s just like a Windows licence,” said Stevens as he explained how the key code is generated.

Read the rest of this article at itbusiness.ca

Computer forensics tool for banks aims to trace Trojans

Transaction security firm Trusteer has launched a remote forensics service designed to allow banks to diagnose if a client’s PC has been infected with malware following incidents of suspected fraud.

The Flashlight service is designed to allow strains of malware to be quickly identified without having to physically examine a possibly compromised computer. The service can also be used to collect samples, identify cybercrime command servers and block further attacks.

Read the rest of this article at The Register

DroidSecurity Selected by 10,500 Users Within 24 Hours of Malware Found on Mobile Phones

DroidSecurity, a pioneer in smartphone security, today announced that 10,500 new users downloaded their mobile device security solution within 24 hours of the discovery of the Conficker and Mariposa viruses on new Vodafone HTC Magic smartphones. DroidSecurity customers were preemptively protected against the malware through its cloud-based malware detection technology.

The Android-based Vodafone HTC Magic smartphone was sold with the Mariposa and Conficker viruses pre-installed. Once a user plugs the smartphone into a PC using a USB connection, the malware immediately phones home to the malware writer, steals personal information and the system is converted to a bot. A Lineage password stealer was also found on the device. Specifically, the autorun.inf and autorun.exe files were infected.

Read the rest of this article at BUSINESS WIRE

Until next time — Stay safe online!

Disclaimer: This blog post is in relation to my collection of spam. I am not a spam expert.

The past few weeks have elicited all manner of spam at Teksquisite, and also at Gmail and Yahoo accounts.  Spammers often collect email addresses from customer lists, chatrooms, email chain letters, forums, newsgroups, websites, and viruses. Current email accounts that are receiving spam have connections to prior chain mails, forums, and newsgroups. Spam or junk email is almost always unsolicited and unwanted.

“Increasingly, e-mail spam today is sent via “zombie networks”, networks of virus- or worm-infected personal computers in homes and offices around the globe; many modern worms install a backdoor which allows the spammer access to the computer and use it for malicious purposes. This complicates attempts to control the spread of spam, as in many cases the spam doesn’t even originate from the spammer.” –Wikipedia

Most common email spam:

1. Chain mail – Gordon Brown Hoax 
2. Trojans – botnets, bredolab, Pushdo
3. Phishing – Please log into your financial account and confirm
4. You are a winner – congratulations, lotteries
5. Offers – Viagra, educational, OEM software
6. Personals – find true love here
7. Scam news – generally will contain a link to malware

With an increase in botnet-related spam (mainly Bredolab,) a sharp rise in educational and pharmaceutical/medical spam, and definitely far more activity in the arena of phishing spam regarding financial accounts – you really should pay close attention to what lands in your inbox, because Trojans in the form of zipped files do not always end up in your spam folder.

I find it inconceivable, and somewhat disturbing that I collected almost 900 spam emails last week.  This is quite a jump in spam, considering, that during the first week of January spam for all accounts leveled slightly below 300.

Over the past three weeks I have seen a sharp rise in UPS Postal Support email that always contains an attachment “invoice” that is spoofed from some.address@ups.com with signatures such as:
Postal Support RANDOM NAME
UPS Manager, RANDOMNAME

The attachment currently arrives as a ZIP file: 

My advice to you is to KEEP IT ZIPPED AND DELETE IT!

Spam Examples

• Chain Mail: Gordon Brown Virus

Chain mail claiming that if you receive a picture of British Prime Minister, Gordon Brown smiling, your computer will become infected with a virus.

You can read more about this hoax over at Graham Cluley’s Blog.

• Trojans: Trojan.Downloader, Bredolab, Pushdo, Zeus [botnets]

Once the zip file is extracted, an exe file (disguised as an Excel file) downloads Pushdo (a malacious bredolab downloader.) In an article at cnet News, Joe Stewart, director of malware research at SecureWorks stated:

“Pushdo downloads different Trojans onto infected machines and has been used to send spam as part of the Cutwail spambot…”It’s a typical pay-per-install system,” used to distribute banking Trojans, password stealers, ad clickers, and search hijackers”

“For those unfamiliar, Bredolab is a simplified botnet – a loader which simply connects to a remote server to report and receive files to download/execute. Apart from rogue antivirus software (”scareware”), Bredolab’s other favorite download is Pushdo.” –Fortinet

Since Pushdo is not written to disk and is memory resident, botnet owners frequently change the code and behaviors of Pushdo, which further makes it difficult to classify variants over time.  What I have posted here today, may not be applicable tomorrow!

For a better understanding of Bredolab see You Scratch My Back…BREDOLAB’s Sudden Rise in Prominence by David Sancho, Senior Threat Researcher at Trend Micro.

• Phishing – Please log into your account

1. This type of spam requests that you verify your account via a spoofed link where your personal details will be captured for the phishers
2. HSBC Bank will never send an email asking you to verify details.
3. There are all types of variations in these spoofed emails.  If you receive e-mail claiming to be from HSBC, call HSBC at 1-800-975-4722. Follow the instructions regarding fraudulent email here.

• You are a winner – congratulations, lotteries

Never reply to this type of email because you will end up on a global spammer list.  Delete it.

• Offers: OEM Software (Original Equipment Manufacturer)

OEM software is NOT FOR RESALE (NFR) and always includes licensing along these lines: “For distribution with a new personal computer only. This software may not be sold independently.” OEM software must be sold with hardware.

Some spam email often links to ebay where you can purchase OEM software. The seller appears compliant with the hardware requirement by advertising to remove hardware from the original system (or so they claim!)

“In accordance with eBay policy, I offer the HDD that came with the system (it currently has bad sectors and is not usable), which I can ship at the buyer’s request.”

Many recent OEM emails that I received are claiming to be a company located at 1100 South State Rd 7, Suite 501 in Margate, FL 33068.  Their website is registered to a Russian domain.  Thanks to Twitter folks @ChrisMuncy, @dckovar and @Lisa827 for advice on contacting the tax office in order to find out about the building that the business is located in.  In this particular case, the City of Margate, Florida was unable to find any records for a business registered at Suite 501 at the above address.  They will be sending out a code officer today to inspect the location since they only have four active businesses registered at this building.

Also be sure to stop by SIIA (Software & Information Industry Association) and brush up on
What You Need to Know About OEM and Academic Software.

12 steps to less spam:

1. Do not post your email address online in clear text.  If you must post it online be sure that your address is munged so that the bots will not see it.
2. Never respond to suspicious emails.
3. Do not unsubscribe to spam email.
4. Do not use your personal email address for public use. Instead, use a disposable email address and set it up to forward messages to your personal email account.  If you begin to receive spam in a disposable account –simply delete the disposable account and sign up for a new one.
5. Do not open suspicious attachments, links, or images. This could lead to malware downloading on your computer.
6. If you are using a software email program (and not a web-based one) be sure to disable the preview pane.
7. Use spam-blocking tools and filters.
8. If you need to forward email to groups of people use a disposable email address in the TO: field and add all recipients to the BCC: field.  This will shield the email address from others as well as from spam harvesters.
9. Be sure to have antivirus software installed on your computer, run a full scan every week, and keep it updated!  You should run some form of an anti-malware software each week too, such as Malwarebytes.
10. When you sign up for something on the web, be sure to uncheck the box that says “YES, I want to be contacted by select third parties concerning products I might be interested in.”
    
11. Be sure to take advantage of reputable and free computer scans such as the firewall leak and ShieldsUP tests over at Gibson Research Corporation.
12. Report spammers.  Register for free spam reporting service at SpamCop.

If you plan on using this service often, consider making a donation!

Some helpful Links:

Federal Trade Commision FTC

If you are a victim of a financial solicitation contact
the Internet Crime Complaint Center

Medical fraudulent claims (devices or products)
Email: webcomplaints@ora.fda.gov

Investment-related email- *Copy headers and forward to:
Email: enforcement@sec.gov

*How to copy email headers

Until next time — stay safe online!

There has been chattering the past few days about unknown rogue software available for download on the Internet that lets you view private Facebook profiles. I can assure you that this new software called FacebookAgent is old news wagging a new wrapper. This is not just another scam! This rogue application also has a back door along with Trojans droppers put together by cyber-criminals to elicit financial information via social engineering techniques. Prior to examining FacebookAgent on a VM earlier today I ran Malwarebytes and had a clean scan with no infected files. After installation of Facebook Agent and testing in a VM I ran Malwarebytes again and had 159 infected files! (the results will be posted at the end of this article.) Domain: www.facebookagent[DOT]com Current IP: 74.208.137.211 131 1&1 Internet Inc PA

Facebookagent.com website provides this Disclamer:

“Facebook Agent is an automated help manual that guides you through the process of gaining a legal view of the desired profile. This process is completely legal and is achieved through the other party’s aproval and acknowledgement. This software and/or methods should not be used in any other case that is not mentioned above. All facebook trademarks are copyrighted to facebook.com. All actions taken through and in this application are on full responsibility of the user. Facebook Agent is in no condition responsible of any harm, damage or violations done while using this application. If at any stage of the process any party will find violation of law against them, the process should immidiately be terminated and reported to the administration team of the application. By clicking the Start button you agree to take full responsibility of the actions done by this application. All rights are copyrighted to facebook Agent 2009 – 2010. All trademarks found in this application belong to facebook Agent apart from facebook trademarks which are copyrighted to facebook.com. By clicking on the Start button you accept this terms and conditions.”

Most of the links at the FacebookAgent website result in saving or downloading setup.msi. The msi installer loads Facebook Agent.exe and a database file in the Program Files directory. The installer also loads Perflib_Perfdata640.dat into the local user profile temp directory and runs the database file under svchost.

When you first run Facebook Agent there is no exit from the program. Bad code and even worse downloads and toxic URLs await you. Since I did not choose to install the IWON toolbar featuring the MyWebSearch default search provider I had to participate in the Green Card Scam that is listed below.

According to the flimsy interface above you have to click to claim what you have won! Your prize is located at: hXXp://html.usagc[DOT]org/step1landing_eng[DOT]html?afk=ranygnewcplcmp0309eng. Then you have to fill out a form that includes your full name, email address, country of birth, marital status, and telephone number. You also have to answer this dropdown menu question:

After I filled out the online form with false information, I received this response:

Canada, Mexico, and the United States are ineligible. On the same page I was also given the option to select another country if I were a native of a qualifying country or if my parents were born in a qualifying country. I opted for Australia and was quickly promoted to step 2 in the process!

I had a good smirk over the warning “using a stolen or fraud credit card number will automatically disqualify you from participating forever!! USAGC will immediately cancel your application and pursue legal remedies.”

USAGC is a scam! Don’t fall victim to this Green Card lottery scam! The DV-2011 Diversity Visa Lottery( run by The U.S. Department of State) online entry registration period ended on November 30, 2009

I was soon bored with the Green card lottery scam so proceeded to install the IWON Toolbar and failed.

After finishing the installation of IWON, I had to go to iwon.com to register for a free account. Overall, you can only get to step 1 in Facebook Agent because you can’t get to step 2 without filling out credit card information.

Finally I ran Malwarebytes again to see what nasties Facebook Agent had installed.

Proper use of English could get a virus past security

Hackers could evade most existing antivirus protection by hiding malicious code within ordinary text, according to security researchers.

One of the most common ways of hijacking other people’s computers is to use “code-injection” attacks, in which malicious computer code is delivered to and then run on victims’ machines. Current security measures work on the assumption that the code used has a different structure to plain text such as English prose.

Now a team of researchers has highlighted a potential future theatre in the virus-security arms race by working out how to hide malware within English-language sentences.

Hackers call the part of a code-injection attack that is used to gain control of a vulnerable computer “shell code”. Because this is usually written in machine code, Mason and colleagues dubbed their technique “English shell code”.

They presented their research (PDF) at the ACM Conference on Computer and Communications Security in Chicago earlier this month, being careful to leave out some of their methodology to avoid helping malicious hackers. –New Scientist

@Newscientist on Twitter

Hacker to be sent to face trial in US despite relatives’ suicide fear

LONDON: A British computer hacker who has Asperger’s syndrome is at serious risk of suicide, relatives say, after a last-ditch attempt to prevent his extradition to the US was rejected.

In a letter the Home Secretary, Alan Johnson, ordered Gary McKinnon’s removal to the US on charges of breaching American military and NASA computers, despite claims by his lawyers that extradition would make the 43-year-old’s death ”virtually certain”.

The decision, described by lawyers as callous, has prompted fresh fears about Mr McKinnon’s wellbeing. Thursday’s letter rejected new expert medical evidence that Mr McKinnon’s health had deteriorated dramatically since he lost his case in the High Court in July, and meant that extradition would
violate his right to life.  –Guardian News & Media

@GuardianNews on Twitter

Please follow computer engineer @Brian_Howes on Twitter who fights illegal extradtion for All to the DEATH.

Vendor rages after iPhone hacker given job
The code was rubbish too, says Sophos.

A security firm has expressed incredulity at the news that the Australian prank hacker who wrote a program targeting Apple iPhone users has been given a job by an application developer.

The writer of the Ikee worm, Ashley Towns, sprang to prominence only two weeks ago after his creation was found to be changing the desktop wallpaper on some ‘jailbroken’ or unlocked iPhones to display a picture of 1980′s British pop-star Rick Astley. Now, fellow-Australian software company mogeneration is reported to have offered Towns a paid job after hearing of his efforts.

“Yey, I got the job. I’m now an iPhone application developer,” says the 21-year old’s Twitter feed, adopting a nonchalant attitude that has seriously annoyed more than one security company. Currently, only one is willing to go on the record.

“What disheartens me is that Towns has shown no regret for what he did. He admitted specifically infecting 100 iPhones himself, letting his worm loose in the process. Now his utterly irresponsible behaviour appears to have been rewarded,” said Graham Cluley of software outfit Sophos, in an emailed press statement. –Techworld

John E. Dunn/@dourscot on Twitter

Shadowserver to Take Over as Mega-D Botnet Herder

An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour.  The infected computers are part of a botnet called Ozdok or Mega-D, which at one time was sending out around 4 percent of the world’s spam messages.

Last week, security vendor FireEye launched a drive to dismantle the botnet. The infected computers receive instructions and information for new spam campaigns through command-and-control servers. FireEye contacted network providers which hosted those servers, and most were shut down.

That meant that the people controlling the hacked PCs, known as botnet herders, couldn’t contact most of their bots anymore. Spam from Mega-D almost stopped entirely. FireEye also cut off a second redundancy mechanism the herders programmed into Mega-D…FireEye has now handed control of those bots over to Shadowserver, a volunteer-run organization that tracks botnets.

Shadowserver has taken over the administration of a “sinkhole,” or a computer running custom software that acts as a command-and-control server that the Mega-D bots will call on, said Andre’ M. DiMino, Shadowserver’s co-founder.– Networkworld

@networkworld on Twitter

Until next time — Stay safe Online!

Today I received a friendly little email purportedly from someone that had a question about my business, and who also wanted me to add them to my friends list from the supplied link in the email.  The email address that the sender used immediately raised a red warning flag because I currently use this particular email address specifically to monitor iffy stuff on the Internet. 

Analysis at ThreatExpert exposed some pretty serious threats:

There were five .js links on the Facebook landing page <REMOVED>

Canonical name: gateway02.websitewelcome.com -all IP’s consistent with that of a Mail Server.
Addresses:
69.41.248.84
69.56.142.20
69.56.159.20
69.56.170.20
69.56.176.20
69.56.184.20
69.56.212.20
69.56.216.20
69.56.224.20
69.56.236.20
69.93.106.20
69.93.115.20
69.93.126.20
69.93.136.20
69.93.139.20
74.52.222.226
67.18.36.20
67.18.53.20
67.18.62.20
67.18.65.20
67.18.66.20
67.18.80.20
67.18.81.20
69.41.242.20
69.41.247.20
69.41.248.20

That is about all I know for today!  If any security expert needs more info – just ask!

Update:  10-22-2009 7:05 PM

Until Next time — one-off, security terrior here, and I never let go of a bad guy (wink)

Jeff Hexter is an Independent Computer Consultant based in Cleveland, Ohio,
and daddy to a couple of very busy little girls. Since 1997, his company:
Always Keep Computing Inc. has provided Macintosh, PC, and
Internet technical support for small businesses and individuals who lack
their own dedicated tech support staff.  Jeff specializes in teaching these
groups to support themselves.

Lately, his work has consisted of: fixing the weird problems that no one else
seems to know how to fix, cleaning malware infected PCs, implementing disaster
recovery systems (backup!), and training people how not to be phished. Oh, and
chauffeuring the two girls to their various activities…

Malware Hunting:

Cain and Abel for simple password recovery

Spacemonger for looking for files on drives taking up weird amounts of space

Adaware by Lavasoft (Free) an anti-spyware proactive malware removal tool with advanced Genotype detection.

AVG Free Edition (now testing Microsoft Security Essentials to replace it)

a-squared Free 4.5 –> 2 Cleaning Scanners in 1: Anti-Virus + Anti-Spyware

Belarc advisor Free personal PC audit!

Malwarebytes Anti-Malware – Identifies and removes malicious software from your computer

Spybot Search and Destroy – searches entire computer for badware missed by anti-virus programs.

SuperAntispyware – detects and removes all malware

Whats Running - gives you an inside look into your windows system

Data Backup:

EMC Retrospect (commercial software)

CrashPlan — (I use the free software, not the off-site service)

Gladinet — I’m experimenting with this as well Microsoft SyncToy (good, quick data transfer from a damaged drive to a working one, NOT RELIABLE ACROSS A NETWORK)

2BrightSparks SyncBack – (similar to SyncToy, but more features)

Acronis True Image Home 2010 –  (I use the demo, testing for disk backup)

Microsoft LiveSync — (this is an amazing lifesaver… I use it as part of my software tools collection routine. More on that later)

Troubleshooting Tools:

CPU-Z – freeware that gathers information on some of the main devices of your system.

Daemon Tools Lite — (for mounting CD and DVD ISO image files, often easier to carry with my than a bunch of CDs and DVDs)

GPU-Z 0.3.6 – information about your video card and GPU.

Inssider – see all RF activity affecting your network

IPscan — IP and port scanner

LScan –fingerprint an application or file to verify its integrity

Networx bandwidth monitor — Measure bandwidth and track down suspicious network activity

Prio — This is REALLY neat if you like to tweak your processes

Vistumbler — find wireless access points

WireShark — Network protocol analyzer

General Software Updates (for those things many people seem to have):

Secunia Personal Software Inspector - secure your computer against vulnerabilities is the operating system and in applications

FileHippo Update checker sort of like Windows Update, but for lots of applications.

I also keep a large list of the actual installers for things like Adobe Reader, Adobe Flash, and other freeware applications that clients always tend to need updated. I used to download the updater every few weeks, but I was always looking for a better way and found one!

More technical advice:

Filehippo.com is a GREAT repository for most of this stuff. But that was not the end of my looking. I found it, in a program called Ketarin (pronounced Caterin’, like “Catering”). It can be downloaded at http://ketarin.canneverbe.com/ and it keeps your setup packages up-to-date. Ketarin is a little difficult to configure, but once it is properly configured, you can just run the program and it updates the installers for most of the programs on the list above. It is also configurable to remove the old version number and update the new version number of the file name.

I use Windows Live Sync to share the directory of installers and updaters across several of my own machines and a couple of my client’s computers. I also copy these directories to an 8GB USB drive to carry on site (beats carrying the large CD case I used to have). Plug in, copy updaters to computer (or upload to a server), install updates. Saves tons of time and bandwidth (and client money, since I typically charge by the hour).

In conclusion, I backup multiple computers to a server with lots of hard drives running EMC Retrospect. I also backup certain other data using Crashplan software (free), just for testing purposes so far, but it seems to work as advertised. I’m always looking for free or inexpensive solutions to common problems for myself and my clients (small businesses and individuals). I’ve experimented with freenas and other NAS solutions too.

I am considering off-siting my data with http://www.onlinestoragesolution.com/ (but they seem too good to be true   – $20/year, unlimited storage). Have you heard of them? I’m trying to live by the adage “A file does not really exist until it exists in at least two places”

Oh, and my first line of network defense is an old Pentium III 933Mhz running the linux IPCop firewall distribution… Though as of last night I am considering moving to Astaro Security Gateway (since their free license just increased from 10 to 50 computers).

-Jeff Hexter
Always Keep Computing Inc.
jeffhex@gmail.com
Follow @jeffhex on Twitter!

The dark side of the Internet is darker than it has ever been at any point in history .  Economic downturns tend to breed new tactics, and cybercriminal organizations now have the knowledge, tools, and capability to directly impact global financial systems.  Everyone needs to become part of a Solid Internet Security Solution by making a concerted effort to proactively protect data, whether on an individual computer or a corporate network.

The use of  Microsoft’s operating system leaves you vulnerable to possible infections and reinfections if your system is not patched.  Security software can’t update definitions if the threat is under-reported and still in-the-wild.If you use a security suite that includes an anti-virus, anti-spyware, firewall, privacy/parental/phishing controls, — you are not protected against ALL Internet threats.

“Few will have the greatness to bend history itself; but each of us can work to change a small portion of events, and in the total of all those acts will be written the history of this generation.”  — Robert F. Kennedy

Before connecting to the Internet you should make sure that your computer is safe to surf  the Internet via a layered approach.  Aside from using a good anti-virus suite you should also use browser security add-ons such as Finjan Secure Browsing, McAfee SiteAdvisor 2.9, and W.O.T. If you frequent social networking sites, you should become familiar with current security threats and take precautions seriously in order to avoid becoming infected.  If you constantly connect to sites via shortened URLs, download and install AVG free LinkScanner, ( a free security tool that can detect malicious pages.)

If you use Twitter, download and install Immunet Protect:  “The solution is clever. It leverages the idea of safety in numbers. Every time someone in the Immunet Protect network encounters a virus, the threat is identified, logged, and blocked on a centralized server platform. Instantaneously, because of the way Immunet works, everyone in the network can be protected from that identified virus.”   –venturebeat.com

More recommended security tools to add to your arsenal

Secunia Software Inspector

Be sure to check your computer system and application software with Secunia Software Inspector as part of your regular security maintenance routine.

Secunia Software Inspector will detect vulnerable applications and provide you with the link to the update site.  After you update your operating system or  application software, be sure to re-scan to validate that the vulnerabilities have been corrected.

The Adobe Reader 9.x example screenshot listed below includes the application that is vulnerable, current version, and the version that you should update to in order to correct the problem.

If you want even better security update advice for your computer system(s) then you should use:

Home User,  Personal Desktop:

Business User:

If you don’t have a regular security maintenance routine,  be sure to stay tuned to this blog and I should have one available for download by the end of this month. If I forget about it, please tweet me up @teksquisite.

Trend Micro: RUBotted

The next uber cool security tool that I highly recommend is RUBotted: an anti-botnet detection tool from Trend Micro that sits silently in your desktop tray, while watching for incoming botnet activity.  RUBotted co-exists comfortably with current AV software.

Update [10-18-2009]: This tool could use a bit of tweaking to give more information than “Detected DNS query of malicious domain.”  (It would be nice to get the domain name and IP number too.)  RUBotted only has one solution available, and that is to go toTrend Micro’s Housecall site to get it cleaned. The solution may become part of the problem for this particular tool, as more Internet security sites become blocked by malware.

“RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.” –Trend Micro

This tool is a worthwhile tool to include in your security toolbox…

Using a “layered approach” is the suggested method to better secure your system(s).  It is a dog-eat-dog Internet when we are dealing with the $$$ bad boys from the dark side over yonder.  Being part of a “Solid Internet Security Solution” or SISS,  is the ability to take responsibility for policing your own Internet security FIRST.

On a holistic level, what goes around comes around — don’t share your viruses or botnet connections with other Internet users.  Stay tuned for Part II of Intruder Defense SISS in November!  Comments are welcome at this blog

I will close with my new Twitter #FF recommendation signature gratis Rik Ferguson, Senior Security Advisor at Trend Micro:

Until Next time — one-off, security terrior here, and I never let go of a bad guy (wink)

Comcast

Comcast Corp, a U.S. high-speed Internet service provider recently released a ‘pop-up, in-browser automated alert service’ known as “Constant Guard.“   The trial system (currently available in Denver, Colorado) warns customers of potential virus infection, if their computer behaves as though it has been compromised by malware.  Aside from the automated alert, the customer will also receive email verification of the alert at their primary Comcast email account.

The alerts are triggered “when we see computers on our network that are doing things that are known bot activities–say, a computer is spewing out thousands of spam e-mails,” said Jay Opperman, senior director of security and privacy at Comcast. — cnet news

“As the nation’s largest residential Internet service provider, our goal is to provide a safe and secure Internet experience for our customers,” said Mitch Bowling, senior vice president and general manager of online services at Comcast. “The Constant Guard Security Program is the result of many years of working to assemble the right people, technologies and resources to help ensure our customers are protected from hackers and bots in real time.” –PR-Inside.com

Comcast customers currently have free access to McAfee Internet security software.  Overall, Comcast Corp is a major ISP leader and shining example of how an Internet Service Provider (ISP) can be supportive of Internet security initiatives, embrace social responsibility at the gateway, and stay proactive in the continuous fight against cybercrime.

Comcast has been ranked as one of the TOP 5 ISPs in Shadowserver.orgs Hall Of Fame “for going the extra mile in helping us rid the world of malware.”

ISPs in General

During a keynote presentation at the Virus Bulletin conference 2009, Head of Google’s anti-malvertising team,  Eric Davis, wanted ISPs to become more proactive in their approach in dealing with malware-infested computers on their networks.

“The ISPs are in the best position to detected [SIC] infected machines. They’re in the best place to do something about malware.  They already have monitoring systems that could be used to identify signs of malware and botnet activity…However, because ISPs have no monetary incentive to notify and help disinfect machines, the botnets live and thrive within ISP networks.”

Eric also recommended ISPs use the Australia Internet Security Initiative (AISI) as a model to fight malware.  The AISI group mandates minimum customer security levels and isolate infected machines into “walled gardens” until the malicious software is removed. Clap, clap, bravo Eric!

Finjan’s Malicious Code Research Center (MCRC) research reveals that malware is installed on computers when visiting compromised websites serving malicious code. Cough. Hey Twitter. Let’s not suspend the account of a prominent  researcher who helps thwart botnets and malware, why not just suspend the account of @softwaregenius who pushes malware urls to MALWAREREMOVALBOT?

“The sophistication of the malware and the staggering amount of infected computers proves that cybergangs are raising the bar,” said Yuval Ben-Itzhak, CTO of Finjan. “As big money drives today’s cybercrime activities, organizations and corporations need to protect their valuable data to prevent theft by these kind of sophisticated cyberattacks.” –PR Hub

Pekka Andelin, a Malware Analyst at Lavasoft asked this question earlier this year: “Should Internet Service Providers (ISPs) supply their customers with an Internet connection over a network feed that is clean from illegal Web content and malware – programs that could cause network lag, compromise system security and threaten user privacy? — ISP Level Malware Filtering, An Extended Clean Feed?

Pekka used the analogy of how a water company has to make sure that the water they provide via pipes is “uncontaminated and flows securely all the way to their customers’ water taps.”

Conclusion

Comcast, walled gardens, and water pipes, oh my!  What do they all have in common?  They are all a part of  the anti-botnet cornerstone that is pivotal in securing the foundation of our financial systems .  The Internet can no longer be stymied within the context of wild, wild west discourses.  Globally, there is too much at stake.  The old Internet is no more.

We now sit on the verge of a SUPER Internet that has the potential to bring down our financial systems worldwide.  Every time we get one step ahead of the bad guys, they reinvent, they morph, and they grow bigger. We have to learn to grow bigger too.  We must learn to embrace  social responsibility. In order to keep the new Internet safe, we have to let go of me, Me ME and work toward the good of the whole.

Until next time — Stay safe online!

Update: 10/06/2009

Though this was not an obvious phishing campaign that takes your money, McAfee Site Advisor Rating:

Phishing or other scams

This site uses your Twitter account info to send spammy messages to your followers. Here is an example:
“I got 100 followers using http://TwitPWR.com/swf/ . Check it out!”

This is a clear case identity theft. I advise you to not fill your twitter username and password in this site.
Posted at 09/23/2009-08:49:43 PM by Alexis Kauffmann

Ryan Johnson is currently running another spam campaign on Twitter via Followersquick<>info [IP:124.217.246.188] .

Toxic URLs on Twitter can get me fired up faster than any other social networking site.  I think it is because the time it takes for Twitter to notice that there is a problem, and then for Twitter to act on it —  leaves a huge security hole and enables the bad guys to maximize and control the dark side of Twitter.

I’ve been watching the dark side of Twitter for over 7 months now, and there is a lot of malware stories that do not unfold at my blog.  There are also security experts outside of Twitter who follow up and have become just as frustrated with Twitter Internet security as I have become.

For the record, I am highly vocal about the fact that I think Twitter has a social obligation to the Internet community as a whole.   I think that they need to act upon social networking threats that transpire at their site immediately, and to have a rapid response system in place to confirm or deny the validity of reported offenses and offenders.

Current keyword culprits that have gone viral are [note that all are posted via API abuse]:

“This site just gave me 100 followers using hxxp://xrl<>us/bfosj8″

“I just got 100 followers using hxxp://TwitPWR<>com/swb/”

“I got 100 followers using http://is<>gd/3BP6e Go check it out”

“This site is great I got 100 followers in a day using hxxp://twi<>cc/Bjry”

“Hey Get 100 followers a day using xxtp://yumurl<>com/9yPYKZ.  Its super fast!”

“You should check this site out if you want 100 followers a day” hxxp://tinyurl<>com/n3oeal

“If you want 100 followers a day use” hxxp://alturl<>com/kdqj

“I use hxxp://TwitPWR<>com/swg/ to get 100 followers a day. It work great”

“If you trying to get more followers go to hxxp://shorten<>ws/bee0c2.You will get 100 followers fast!”

tweeterfast<>com Originates from IP: 124.217.246.188.

tweeterfast<>com
tweeteradder<>com
www.tweeteradder<>com
www.tweeterfollow<>com
www.tweeterpro<>com

tweeterfast<>com has a 301 from quick-followers<>com

Whois Information for tweeterfast.com

Registar ENOM, INC.
Registration Data:
Registered on 2009-09-23
Last updated on 2009-09-23
Expires on 2010-09-23

Nameservers:
ns1.tweeterfollow.com: 124.217.246.188
ns2.tweeterfollow.com: (DOES NOT EXIST)

Owner:
Admin:
Tech:
ryanjohnson2007hotmail.com
Ryan Johnson
+1.4103563433
+1.5555555555
Deadly Is Great
1533 Blue St.
Baltimore, Maryland 21217
US

Current nameservers are listed under tweeterfollow<>com. Check out this interesting archived page.
Rest assured that before this campaign is done — TWEETERFAST will give you more than 100 followers…

Don’t forget to check out their rules. When you sign up for an account at Tweeterfast, you are giving them the login and password to your account to further promote their site and your Twitter account will be hijacked.

Stay tuned for continued updates on Twitter as they become available.

Until next time — Stay Safe Online!

With the advent of banking Trojans  such as the Clampi virus spreading like wildfire across the Internet, the security of online banking and financial transactions needs to be addressed more so than at any other time in history.   The virus, called Clampi, “is pretty scary,” says Tim Wilson, editor of DarkReading, a technology security news site. “It’s worth worrying about.”  –USA Today

In mid-July 2009, an account manager at Ferma Corporation in Mountainview, CA logged in to the company bank account to pay bills online and within minutes his session was hacked in real time, forcing the company to suffer a devastating financial loss.  Why? Computer forensics revealed that the account manager had initially visited an infected website;  malicious malware was able to download to his PC while the malware secretly conducted 27 transactions totaling $447,000 loss to Ferma Corporation.

Windows operating systems are precariously dominant in securing infection via malware drive-by downloads, and consistently targeted by cyber-criminals.    Contracting a banking or financial Trojan is as simple as clicking on a tainted web page –  if your operating system has been  compromised or is vulnerable to attack.  With all the new malware variants morphing on a daily and sometimes hourly basis, Microsoft Windows continues to be the most vulnerable operating system on the planet.

A small business can minimize the risk of Internet fraud by:

Following the seven ways to secure your computer as outlined at Telegraph.co.uk and installing an extra layer of security such as Zemana AntiLogger.

Uber paranoid methods of protecting your financial transactions online:

Locking down and dedicating one windows workstation (fire-walled) that is isolated from the local network and is only able to access specific financial sites that are necessary to conduct financial transactions for the company.

Using a different operating system such as Ubuntu to perform all financial transactions for the company.  Let the OS handle all security, login to a limited account,  and always have the computer connected to a hardware firewall.

Until next time — Stay safe online!

Malware Basics

Malware is a composition of the words “malicious” and “software” and, simply put, is unwanted software that someone else wants to run on your computer.

Malware encompasses a wide range of damaging software such as Adware, Botnets, Crimeware (phishing), Rootkits, Spyware, Trojans, Viruses, and Worms. Malware is always intrusive, often hostile, and can operate secretly in stealth mode (eg:  rootkits) or out in the open with annoying pop-ups and fake system alerts (eg: fake anti-virus warnings).

The bad guys use many tricks to try and get their malware onto your computer. This includes methods such as: fake anti-virus alerts and software, web browser hijacking, and tricking you into clicking on a web or email link and downloading malware from an unscrupulous website. Malware can also come bundled in software packages from p2p file sharing, freeware, music files, and warez sites.

Read the rest of this article over at The MidPhase Blog

Until Next Time — Stay Safe Online!

Update for July 3, 2010: Malware Removal Bot is currently being promoted by @cbkidsoftware on Twitter.

——————

Malwareremovalbot is a malicious and ROGUE anti-spyware application.  Malwareremovalbot is not designed to resolve registry, spyware, or malware woes.  Though you can download this malicious Rogueware from what appears to be a legitimate site, it is anything BUT a legitimate site!  Once you have downloaded the trial and installed it, this particular rogueware will bombard you with fake pop-ups insisting that you purchase the full version of their product in order to remove myriad security alerts and overzealous pop-ups  .  The threats detailed in this rogue application are quite dramatic, but entirely false.  It is merely social engineering enlisted to prey upon your fears and to rip you off financially. 

You can also find Malwareremovalbot  on social networking sites such as Twitter, and in sponsored ads at Google and  Bing

@evilfingers (twitter) stated at his blog in Campaign scareware propagation MalwareRemovalBot

“Registering multiple domains on a single IP address, is one of the methodologies used for the propagation of scareware programs because it allows a consistent positioning web unethical by the way, expanding the horizon of possibilities that a desperate user reaches web that promises, through its false product, its magical way of solving problems or implement a so-called security layer to your computer to potential infections.” [Be sure to go to evilfingers blog to read the rest of this article.]

At the List of Known Malicious Sites /Rogue Software, a very hearty warning appears:  “These programs and related sites are so dangerous that I have specifically  ensured that readers CANNOT click any links and be redirected to them. This has been done for your safety.”

Recent Tweets from Twitter about malwarereovalbot:

@garyscrook  hXXp://twitter.com/garyscrook
http://adslurper.malremov…MalwareRemovalBot Malware Removal Tool. Designed Specificlly For Malware Related.

MalwareRemovalBot Malware Removal Tool. hXXp://bit.ly/CAzot
hXXp://www.malwareremovalbot<>com/?hop=cmedaily

IP for malwareremovalbot.com [August 2009]
Canonical name: 2.a9.354a.static.theplanet.com
Addresses:
74.53.169.2

Some other sites hosted on the same server:

adwarefree<>com
affiliates.adwarefree<>com
affiliates.malwareremovalbot<>com
affiliates.registryfox<>com
malwareremovalbot<>com
registryfox<>com
winregpro.com
www.malwareremovalbot<>com
www.registryfox<>com

Look at all the affiliate subdomains!

Lo and behold! An entirely AWESOME press release posted on July 20, 2009. Then we end up at
hXXp://malwareremovalbot<>repairandsecure.com IP: 74.52.151.178

Then wget exposes hXXp://www2.repairandsecure<>com/ and McAfee Site Advisor confirms that the site  promotes Rogue Software.

Mcafee siteadvisor has some interesting reviews…

“None of these “companies” offer legitimate products. They are part of an affiliate marketing machine, whose spread has been enabled by the web. Thanks to the web, anyone, anywhere, can promote a scam. These crapware promoters share common characteristics that make it easy to separate them from legitimate developers of software, including:

• Their domain registration is hidden or fabricated
• Unsubstantiated claims like “award-winning”
• A total lack of credible CONTACT information
• Promotion of the same software on numerous clone sites
• The use of bogus testimonials by their affiliates on SiteAdvisor and C|Net
• Encouraging affiliates to relentlessly promote the software, resulting in numerous bogus “review” web sites like this one.”  –Dean, McAfee Experienced Reviewer

hXXp://www2.repairandsecure<>com/ claims to be a Microsoft Gold Certified Partner
Repair & Secure endorses: Cyber Security Alliance (CSA) & Stay Safe Online (SSO)
Rogue scareware ENDORSES CSA and SSO – I’m so impressed!

From the malwareremovalbot web site:

Affiliates paid 75%

The Malwareremovalbot FAKE Press Release:

“Malware Removal BOT software provides dynamic protection for any PC. Once installed, it protects a computer by finding and removing Malware on the spot. Then, thanks to Malware Removal BOT’s automatic update feature, user’ computer is protected from future…”

And at the end of they are still:

Is Google & Bing helping Antispyware LLC to push rogueware?  Is Microsoft a GOLD partner?  Do affiliates really earn 75%?

Would you want this guy to manage your IT department?

Until Next time – Stay Safe!

Earlier today I discovered quite a few poisoned links in a user profile @twitter- 16 URLs to be exact, and every one of them included “Trojan-Downloader.JS.Iframe.atl.”  So I hash-tagged my discovery to #spam and #malware.  Then I performed a twitter search under #malware to make sure that the information about this serious exploit in this particular twitter profile would be acknowledged by twitter.

No tweets from @teksquisite were included in the initial twitter search that i performed,  nor under the hash tag of #malware, or #spam.  It was at this point in the time-line that I noted something was quite amiss!  It was very odd that there was no teksquisite posts under #malware search (which happens to be my # of expertise.)

So what do you do if you become twitter-search-banned for posting information about twitter malware links or you have posted duplicate links (due to tweetdeck choking?)  Try to find the support link over at twitter help – it is not very intuitive but I was finally able to post a request.

Currently waiting for an answer…

Update July 7, 2009 6:55 pm

I finally got back in the twitter time-line.  Long story and not enough time here to write it all out.  Suffice it to say that it took a lot of work to figure it out.

Update February 28, 2010

Open up a Twitter Support Ticket here: http://twitter.zendesk.com/requests/new