<a href="http://www.hypersmash.com">HyperSmash</a>
Tuesday, 26 November 2013
Saturday, 6 April 2013
OK, a bit over-dramatic with the title, but literary license means I can, so I did.
Seriously now, on April 8, 2014, official support for Windows XP will end completely. This means no more updates, patches, fixes, or anything else from Microsoft for Windows XP.
Windows XP has stayed alive for almost 12 years now because quite a few people strongly said "NO!" to Windows Vista. But there is not going to be another reprieve for users that choose to hold on and stay with Windows XP.
This deadline does not mean that your computer running Windows XP will not work anymore, you will be able to use it just fine. But you will notice an eerily quite Patch Tuesday that you have become accustomed to.
Windows updates are a line of defense against not just malware, but system issues and problems as well.
I must say that I will be sad to see Windows XP go. I have fond memories of using it, of just looking at the wonderful default desktop wallpaper, of enjoying its simple to use nature.
For those whose computers cannot support a newer operating system, I am sorry. You need to buy a new computer. Most likely the new computer will run Windows 7 or 8.
I recommend Windows 7 because it is easy to use once you get the hang if it. It's faster, it has better graphics, and you are in control of a lot of things. This is just my personal preference over Windows 8 though, so you may want to test drive both to see what trips your trigger.
As always if you have any questions, comments, or you just want to tell me how awesome I am, be sure to comment below. It's free and always will be.
Seriously now, on April 8, 2014, official support for Windows XP will end completely. This means no more updates, patches, fixes, or anything else from Microsoft for Windows XP.
Windows XP has stayed alive for almost 12 years now because quite a few people strongly said "NO!" to Windows Vista. But there is not going to be another reprieve for users that choose to hold on and stay with Windows XP.
This deadline does not mean that your computer running Windows XP will not work anymore, you will be able to use it just fine. But you will notice an eerily quite Patch Tuesday that you have become accustomed to.
Windows updates are a line of defense against not just malware, but system issues and problems as well.
I must say that I will be sad to see Windows XP go. I have fond memories of using it, of just looking at the wonderful default desktop wallpaper, of enjoying its simple to use nature.
For those whose computers cannot support a newer operating system, I am sorry. You need to buy a new computer. Most likely the new computer will run Windows 7 or 8.
I recommend Windows 7 because it is easy to use once you get the hang if it. It's faster, it has better graphics, and you are in control of a lot of things. This is just my personal preference over Windows 8 though, so you may want to test drive both to see what trips your trigger.
As always if you have any questions, comments, or you just want to tell me how awesome I am, be sure to comment below. It's free and always will be.
Thursday, 4 April 2013
Despite its name, the word wall really is not a good way to describe a firewall unless you have the firewall set to block everything, good, bad, and indifferent. In that case it really would be a wall, but this also means no internet which means you can't read your favorite anti-malware blog. : (
A better way to think of it would be like a guard station, the guard checks all the internet and network traffic that comes in and goes out of your computer. And if anything shows up sketchy, it stops it until it knows what to do either by preset rules, or by telling you that something going on and asking you what you want to do. If you tell the firewall to block it, it will block the traffic and stop the network or internet connection. Some advanced firewalls can also think for themselves and decide to allow or block the traffic depending on how it looks.
There are three kinds of firewalls: There are inbound only firewalls which only scan inbound traffic. There are outbound firewalls which only scan outbound traffic, and there are firewalls that do both.
Firewalls are often included with high end antivirus software but they can also be standalone programs with just the firewall included.
Firewalls are used to block malware coming from the network. It also blocks programs from connecting to the internet if you do not want them to.
I would have to say that my favorite type of firewall is one that thinks for itself and is inbound and outbound. The ideal firewall should think for itself, because you do not want to be bothered with making all of the decisions. Why? Because an alert saying "something.exe is trying to connect to the internet. Allow or Deny?" is not very helpful to those that don't know a whole lot about computers. And if you deny everything, that again means no internet which again means you can't read your favorite anti-malware blog.
I hope that this post helps explain what a firewall is and what it does. If you have a question, comment, or you want to tell me how awesome I am, be sure to leave a comment in the box below. It's FREE and always will be.
A better way to think of it would be like a guard station, the guard checks all the internet and network traffic that comes in and goes out of your computer. And if anything shows up sketchy, it stops it until it knows what to do either by preset rules, or by telling you that something going on and asking you what you want to do. If you tell the firewall to block it, it will block the traffic and stop the network or internet connection. Some advanced firewalls can also think for themselves and decide to allow or block the traffic depending on how it looks.
There are three kinds of firewalls: There are inbound only firewalls which only scan inbound traffic. There are outbound firewalls which only scan outbound traffic, and there are firewalls that do both.
Firewalls are often included with high end antivirus software but they can also be standalone programs with just the firewall included.
Firewalls are used to block malware coming from the network. It also blocks programs from connecting to the internet if you do not want them to.
I would have to say that my favorite type of firewall is one that thinks for itself and is inbound and outbound. The ideal firewall should think for itself, because you do not want to be bothered with making all of the decisions. Why? Because an alert saying "something.exe is trying to connect to the internet. Allow or Deny?" is not very helpful to those that don't know a whole lot about computers. And if you deny everything, that again means no internet which again means you can't read your favorite anti-malware blog.
I hope that this post helps explain what a firewall is and what it does. If you have a question, comment, or you want to tell me how awesome I am, be sure to leave a comment in the box below. It's FREE and always will be.
Monday, 1 April 2013
The first big announcement is that my blog has reached 25,000 Pageviews! It's insane, right? The second announcement is that my blog is at this point being targeted by haters and imitators.
As for the first point, I have been subject to personal attacks on the web because I am sharing information on how to prevent you from being a victim. People calling me names, refusing to listen to reason when I tell them that the point that they are arguing is not the case at all.
As for the second point, I have noticed quite a few bloggers that have now been making posts quite like mine, they are attempting to actually imitate what I am doing. It's good that I am sparking interest, but this is dangerous and I will tell you why.
The people imitating me know very little about the subject they are trying to talk about, and while imitation is usually the highest form of flattery, it actually insults me here. This is because the imitators are sharing information and modifying it to claim it as their own. The problum? They are skipping steps, adding in steps that could ruin a computer. And the first rule in malware fighting is "First, do no harm." This translates that you should not be talking about something without knowing what you are talking about.
I don't know what I will do about any of this and likely will not know for some time. I don't even know about the fact that this blog post is an April Fools Day joke.
Wait.... What?
As much as you are laughing now, think about how my early drafts of this post must have been.
April Fools Everyone. Now get back to work! :D
As for the first point, I have been subject to personal attacks on the web because I am sharing information on how to prevent you from being a victim. People calling me names, refusing to listen to reason when I tell them that the point that they are arguing is not the case at all.
As for the second point, I have noticed quite a few bloggers that have now been making posts quite like mine, they are attempting to actually imitate what I am doing. It's good that I am sparking interest, but this is dangerous and I will tell you why.
The people imitating me know very little about the subject they are trying to talk about, and while imitation is usually the highest form of flattery, it actually insults me here. This is because the imitators are sharing information and modifying it to claim it as their own. The problum? They are skipping steps, adding in steps that could ruin a computer. And the first rule in malware fighting is "First, do no harm." This translates that you should not be talking about something without knowing what you are talking about.
I don't know what I will do about any of this and likely will not know for some time. I don't even know about the fact that this blog post is an April Fools Day joke.
Wait.... What?
As much as you are laughing now, think about how my early drafts of this post must have been.
April Fools Everyone. Now get back to work! :D
Thursday, 28 March 2013
For a reader special, we are taking a look at two pieces of malware, both of which are related in a way.
Bagle is a mass mailing worm which affects all versions of Windows. It opens a backdoor to allow hackers to access your computer and some variants contain the following text:
"Greetz to antivirus companies
In a difficult world,
In a nameless time,
I want to survive,
So, you will be mine!!"
Bagle also cereated a botnet which sent itself to other PCs via mail applications such as MS Outlook. It is estimated that Bagle was responsible for 14% of spam on January 1st, 2010.
Netsky is also a worm. It contained comments in the code of it that was meant to insult the writers of the Bagle worm. Some variants also played sound through the speakers of your computer at 5:00 AM each morning. So this would annoy you and depending on when you get up in the morning and how loud your speakers are, you could actually be woken up by this sound. This sound ceases at 9:00 AM and resumes again at 5:00 AM the next morning. This worm also spread by mass mailing itself to all your contacts.
Feel free to comment below if you have a question or you just want to tell me how awesome I am.
Bagle is a mass mailing worm which affects all versions of Windows. It opens a backdoor to allow hackers to access your computer and some variants contain the following text:
"Greetz to antivirus companies
In a difficult world,
In a nameless time,
I want to survive,
So, you will be mine!!"
Bagle also cereated a botnet which sent itself to other PCs via mail applications such as MS Outlook. It is estimated that Bagle was responsible for 14% of spam on January 1st, 2010.
Netsky is also a worm. It contained comments in the code of it that was meant to insult the writers of the Bagle worm. Some variants also played sound through the speakers of your computer at 5:00 AM each morning. So this would annoy you and depending on when you get up in the morning and how loud your speakers are, you could actually be woken up by this sound. This sound ceases at 9:00 AM and resumes again at 5:00 AM the next morning. This worm also spread by mass mailing itself to all your contacts.
Feel free to comment below if you have a question or you just want to tell me how awesome I am.
Monday, 25 March 2013
These days, you can't read, hear. or see anything about computer security without catching the phrase "Layered Defense" or something like that. Well, the first thing you want to know is, what is it?
First, let's start with one layer of defense. Let's say you have an antivirus program. This should be enough, right? But the issue is, some malware can sneak past your antivirus or even disable the antivirus entirely. That looks a little something like this.
The Antivirus blocks some attacks, but some get to the computer and cause havoc.
How can we fix this issue? By using more then one layer. You can use Safe Computing for one.
Safe Computing is being smart before you click. Like I have said before, once you start thinking with your other head, you are a big target. Don't click on anything suspicious, and make sure you know what's real and what's not real.
You can also use a firewall. Security orientated firewalls block malware that attempts to access your computer via the network.
With these two extra layers in place, your "Layered Defense" looks a little more like this.
So, the more layers you have, the less likely you are to get infected. If you still have trouble conceptualizing this, think of an onion. The more layers it has, the harder it is to get to the core.
And these three layers are just the beginning. You can add anything you like to increase your defenses based on your budget and your level of paranoia. And let us not forget that a little bit of paranoia when it comes to protecting what is important to you is a good thing. An example of top notch security would look a little like this.
Now I am not about to suggest that you need to get all of this stuff. And there are some things in here that you may not know about. Stay tuned and we will discuss all of these unfamiliar aspects in future blog posts.
First, let's start with one layer of defense. Let's say you have an antivirus program. This should be enough, right? But the issue is, some malware can sneak past your antivirus or even disable the antivirus entirely. That looks a little something like this.
 |
| OK Defense. Some attacks blocked. |
How can we fix this issue? By using more then one layer. You can use Safe Computing for one.
Safe Computing is being smart before you click. Like I have said before, once you start thinking with your other head, you are a big target. Don't click on anything suspicious, and make sure you know what's real and what's not real.
You can also use a firewall. Security orientated firewalls block malware that attempts to access your computer via the network.
With these two extra layers in place, your "Layered Defense" looks a little more like this.
 |
| Better Defense. More attacks blocked. |
And these three layers are just the beginning. You can add anything you like to increase your defenses based on your budget and your level of paranoia. And let us not forget that a little bit of paranoia when it comes to protecting what is important to you is a good thing. An example of top notch security would look a little like this.
 |
| Defense for the very paranoid. Most if not all attacks blocked. |
Friday, 22 March 2013
For the second part of my What's In A Name series, we take a look at the cornerstone of malware: Rootkits.
First, what is a rootkit?
A rootkit is a piece of malware that operates somewhat like an elite Special Forces unit. It gets in, communicates with headquarters, recons defenses, and messes stuff up so that the main strike force coming in later will have an easy time.
Rootkits are like Special Forces units in another way as well: Try to remove them, and they go wild. This is why every rootkit remover worth his or her salt warns that removing a rootkit could lead to problems with the operating system, to the point where it will not boot.
This is because the rootkit gets into the system and replaces critical system files with those under the control of the rootkit. And when these replaced files are removed along with the rootkit, the system can be rendered inoperable.
This is why rootkits are some of the most difficult malware to remove. Do one thing wrong, and you could break the computer you are trying to fix.
Hope this clears the issue of what a rootkit is up.
To look at Part One of What's In A Name, go here.
To look at my definition post which contains a brief summery of some of the terms used when talking about malware, go here.
If you have a question or just want to tell me how awesome I am, feel free to comment in the space below. It's FREE!
First, what is a rootkit?
A rootkit is a piece of malware that operates somewhat like an elite Special Forces unit. It gets in, communicates with headquarters, recons defenses, and messes stuff up so that the main strike force coming in later will have an easy time.
Rootkits are like Special Forces units in another way as well: Try to remove them, and they go wild. This is why every rootkit remover worth his or her salt warns that removing a rootkit could lead to problems with the operating system, to the point where it will not boot.
This is because the rootkit gets into the system and replaces critical system files with those under the control of the rootkit. And when these replaced files are removed along with the rootkit, the system can be rendered inoperable.
This is why rootkits are some of the most difficult malware to remove. Do one thing wrong, and you could break the computer you are trying to fix.
Hope this clears the issue of what a rootkit is up.
To look at Part One of What's In A Name, go here.
To look at my definition post which contains a brief summery of some of the terms used when talking about malware, go here.
If you have a question or just want to tell me how awesome I am, feel free to comment in the space below. It's FREE!
Sunday, 17 March 2013
You are a computer user concerned about malware, you have antivirus software, but you do not know if it is protecting you. What do you do?
One thing you could do is find a sample of malware and then scan the file and see if your antivirus program detects it. But if your program does not detect it you are infected with malware that may have already done its work to your computer.
Your second option is to buy the most expensive protection out there. because if it's expensive it has to be good.... right? Sorry, but no. Cost is not an indication by any means of how good an antivirus program is.
Your last option is to try to download a file on the internet called the EICAR Standard Anti-Virus Test File. This is a harmless file that has become the industry standard for testing antivirus software without actually infecting the computer with malware.
So, what's it going to be? The Test File? Excellent choice. But first, lets talk a little be about this test file.
This file was made by the European Institute For Computer Antivirus Research. This organization was founded in 1991, and it aims to further antivirus research and improve antivirus programs out there today. The file was developed in collaboration with the Computer AntiVirus Research Organization (CARO).
The file will not harm your computer in any way, shape, or form if your antivirus program does not pick it up after a scan.
Let me state for the record that this test file is NOT malware and will not harm any computer if downloaded. Please do not claim or report that I am distributing malware.
Go to This website and download eicar.com using the http protocol. Your antivirus should give off alarms if it is protecting you in real time. If your antivirus program is not designed to protect you in real time, you can run a custom scan for the location of the test file.
After detection, your antivirus program will either delete the file or quarantine it depending on your exact settings.
One thing you could do is find a sample of malware and then scan the file and see if your antivirus program detects it. But if your program does not detect it you are infected with malware that may have already done its work to your computer.
Your second option is to buy the most expensive protection out there. because if it's expensive it has to be good.... right? Sorry, but no. Cost is not an indication by any means of how good an antivirus program is.
Your last option is to try to download a file on the internet called the EICAR Standard Anti-Virus Test File. This is a harmless file that has become the industry standard for testing antivirus software without actually infecting the computer with malware.
So, what's it going to be? The Test File? Excellent choice. But first, lets talk a little be about this test file.
This file was made by the European Institute For Computer Antivirus Research. This organization was founded in 1991, and it aims to further antivirus research and improve antivirus programs out there today. The file was developed in collaboration with the Computer AntiVirus Research Organization (CARO).
The file will not harm your computer in any way, shape, or form if your antivirus program does not pick it up after a scan.
Let me state for the record that this test file is NOT malware and will not harm any computer if downloaded. Please do not claim or report that I am distributing malware.
Go to This website and download eicar.com using the http protocol. Your antivirus should give off alarms if it is protecting you in real time. If your antivirus program is not designed to protect you in real time, you can run a custom scan for the location of the test file.
After detection, your antivirus program will either delete the file or quarantine it depending on your exact settings.
Monday, 11 March 2013
By popular request, here is a look at the Conficker Worm. This worm is also known as Downup, Downadup, and Kido.
First, Conficker sounds like a weird name. Where did it come from you ask? The origin of the name is thought to be a portmanteau of the English term configure and the German pejorative term Ficker. Conficker comes in 5 flavors, all of which we will talk about separately. The five flavors have been dubbed A, B, C, D, and E.
The first variant of Conficker (A) was discovered in early November of 2008. It spread through the Internet by exploiting a vulnerability in a network service (specifically MS08-067) on Windows 2000 through Server 2008. Windows 7 could have been affected, but during that time Windows 7 was in beta and the beta was not publicly available until January 2009. Although Microsoft released an emergency patch on November 23, 2008 to patch the vulnerability, a large number of PCs still remained unpatched as of January 2009. The final thing that Conficker A does is update itself to Conficker B, C, or D.
The second variant (B), discovered in December, added the ability to spread over LANs through removable media. The second variant also disabled Windows AutoUpdate and blocked certain DNS lookups. The final thing that Conficker B does is update to Conicker C or D.
The third variant (C) which was discovered in early February 2009 did much of the same stuff as Conficker B did. The final thing that Conficker C did was update itself to Conficker D.
Conficker D is where things get a little more interesting. This variant was discovered in March of 2009. It did what Conficker C did, however, it also added a few extra features such as disabling safe mode, and searching for processes that are related to anti-malware programs and killing them at one second intervals. The final thing that Conficker D did was download and install Conficker E.
Conficker E was discovered 3 days after Conficker D. It protected itself in the same manner as D (disabling anti-malware) and had a very interesting final payload. The final action was downloading and installing a spambot and SpyProtect 2009. Conficker E also removed itself on May 3 of 2009, leaving the copy of Conficker D still on the computer.
That is it for this Spotlight On Malware blog post. Once again, this was by popular request.... Now stop requesting it.
First, Conficker sounds like a weird name. Where did it come from you ask? The origin of the name is thought to be a portmanteau of the English term configure and the German pejorative term Ficker. Conficker comes in 5 flavors, all of which we will talk about separately. The five flavors have been dubbed A, B, C, D, and E.
The first variant of Conficker (A) was discovered in early November of 2008. It spread through the Internet by exploiting a vulnerability in a network service (specifically MS08-067) on Windows 2000 through Server 2008. Windows 7 could have been affected, but during that time Windows 7 was in beta and the beta was not publicly available until January 2009. Although Microsoft released an emergency patch on November 23, 2008 to patch the vulnerability, a large number of PCs still remained unpatched as of January 2009. The final thing that Conficker A does is update itself to Conficker B, C, or D.
The second variant (B), discovered in December, added the ability to spread over LANs through removable media. The second variant also disabled Windows AutoUpdate and blocked certain DNS lookups. The final thing that Conficker B does is update to Conicker C or D.
The third variant (C) which was discovered in early February 2009 did much of the same stuff as Conficker B did. The final thing that Conficker C did was update itself to Conficker D.
Conficker D is where things get a little more interesting. This variant was discovered in March of 2009. It did what Conficker C did, however, it also added a few extra features such as disabling safe mode, and searching for processes that are related to anti-malware programs and killing them at one second intervals. The final thing that Conficker D did was download and install Conficker E.
Conficker E was discovered 3 days after Conficker D. It protected itself in the same manner as D (disabling anti-malware) and had a very interesting final payload. The final action was downloading and installing a spambot and SpyProtect 2009. Conficker E also removed itself on May 3 of 2009, leaving the copy of Conficker D still on the computer.
That is it for this Spotlight On Malware blog post. Once again, this was by popular request.... Now stop requesting it.
Thursday, 7 March 2013
Some of you that have read my blog and like it may say "Alright, I'm hooked. But when did this all start?"
Well, I have the answer for you.
The first piece of malware in my opinion was the Elk Cloner virus. This virus was written in 1982 by a 15 year old high school student named Rich Skrenta. The virus was originally written as a joke, created and put onto a game on a floppy disk. The virus attached itself to Apple II operating systems using a technique now known as a boot sector virus. It was attached to a game, the game was then set to play. On the 50th boot of the game, the virus was released. So instead of playing the game, the virus would change to a blank screen that read a poem about the virus known as Elk Cloner:
"Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!"
It may be worth mentioning that today's malware is spread by the fact that 1 out of every 8 flash drives are infected with malware. These infected flash drives pass from hand to hand with no one being the wiser, echoing the way Elk Cloner spread back in 1982.
That will wrap it up for this post. Be sure and comment below if you have a question, or you just want to tell me how awesome I am.
Well, I have the answer for you.
The first piece of malware in my opinion was the Elk Cloner virus. This virus was written in 1982 by a 15 year old high school student named Rich Skrenta. The virus was originally written as a joke, created and put onto a game on a floppy disk. The virus attached itself to Apple II operating systems using a technique now known as a boot sector virus. It was attached to a game, the game was then set to play. On the 50th boot of the game, the virus was released. So instead of playing the game, the virus would change to a blank screen that read a poem about the virus known as Elk Cloner:
"Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!"
It may be worth mentioning that today's malware is spread by the fact that 1 out of every 8 flash drives are infected with malware. These infected flash drives pass from hand to hand with no one being the wiser, echoing the way Elk Cloner spread back in 1982.
That will wrap it up for this post. Be sure and comment below if you have a question, or you just want to tell me how awesome I am.
Sunday, 3 March 2013
We've all had issues with software or hardware at one point in time, there is an argument that some software is even designed to fail at some point. But when we need help, who do we turn to? Tech Support can be offered in house for free, it can offer representatives who are quite knowledgeable and can help you with your issue. If you are not satisfied, you cancel or return the product or service. This translates to less money on the bottom line for the company offering the support, so they offer support for free, knowing that doing so is cheaper then trying to get a paying customer back.
However, some companies outsource Tech Support to a third party service. Those that work for these third parties often work on commission from service packages sold. Some even go as far as to refuse service unless you buy a support package even when you have already bought and paid for the software. Some claim that if you do not buy the support package, your product or service will stop working altogether. In the case of a computer: "Your hard drive will be physically damaged and you will lose all your data if you do not pay." Those who work for third party support have a "I do not care about your issue, now get off the line" mentality.
Sound shady to you? Well, some third party support companies and organizations are not like this. They do not use deceptive business practices in order to get a sale. What I have said to discredit third party support is not true for all third parties, but I will be honest: There are just too many bad apples in the bin. I am not trying to discredit any one company or organization, and this is only an opinion of someone who has gotten the runaround with tech support several times in the past. If you do not agree, that is fine by me.
I would like to call upon companies that outsource Tech Support to do it in house. I ask this because of two things.
1. Ultimately, outsourcing a service does not relieve a company of accountability for the results produced, no matter if positive or negative.
2. You make and maintain the product or service, you should know how to use it and fix it better then a third party.
However, some companies outsource Tech Support to a third party service. Those that work for these third parties often work on commission from service packages sold. Some even go as far as to refuse service unless you buy a support package even when you have already bought and paid for the software. Some claim that if you do not buy the support package, your product or service will stop working altogether. In the case of a computer: "Your hard drive will be physically damaged and you will lose all your data if you do not pay." Those who work for third party support have a "I do not care about your issue, now get off the line" mentality.
Sound shady to you? Well, some third party support companies and organizations are not like this. They do not use deceptive business practices in order to get a sale. What I have said to discredit third party support is not true for all third parties, but I will be honest: There are just too many bad apples in the bin. I am not trying to discredit any one company or organization, and this is only an opinion of someone who has gotten the runaround with tech support several times in the past. If you do not agree, that is fine by me.
I would like to call upon companies that outsource Tech Support to do it in house. I ask this because of two things.
1. Ultimately, outsourcing a service does not relieve a company of accountability for the results produced, no matter if positive or negative.
2. You make and maintain the product or service, you should know how to use it and fix it better then a third party.
Wednesday, 20 February 2013
Some of those reading may already know, but today, February 21st, is the birthday of a friend of mine: +Melissa Coast. So, as something that I hope she finds interesting when she reads this, I am going to talk about a macro virus from 1999 that shares her first name. So, +Melissa Coast, if you are reading this, Happy Birthday, and I hope you enjoy reading about a virus that shares your name. It may seem a bit offensive for me to talk about that, but remember that this is what I do best and it is not meant to be offensive in any way.
Now to the virus: Melissa (the virus) is a mass mailing macro virus, or a virus that can hide in the macros of documents. Some of you may already be thinking: "that sounds more like a worm then a virus." If you are, then leave a comment below for some brownie points, because under normal circumstances that is what it would be. But because Melissa is not a standalone program, it is not a worm. Melissa can spread on Microsoft Office 1997 and 2000. It can also spread on Excel 97, 2000, and 03. It can mass mail itself using Outlook 97 and 98. If a word document containing the virus is opened, it mass mails itself to the first 50 contacts in your Outlook address book. This virus also deletes Excel files after making backup copies to a remote drive and demands a payment of $100 into an offshore bank account in exchange for the files. A more destructive version of the virus deletes all data from a verity of destinations, including the C drive. Once finished deleting your files, the computer beeps three times and you get a message from the virus: "Hint: Get Norton 2000 not McAfee 4.02."
The least destructive version arrives in a document that is blank. At 10:00 AM and 10:00 PM on the 10th of every month, the virus adds the following text to the document: "Worm! Let's We Enjoy." Ironically the writer of this virus served 10 years in prison for his crime once he was found.
So, what do you readers think? Like it? Hate it? Sound off in the comments below. Again, Happy Birthday +Melissa Coast. Knowing you, you likely wanted to spend your day reading. In which case, I am sorry that this has prevented you from doing so in the time it takes to read this.
Now to the virus: Melissa (the virus) is a mass mailing macro virus, or a virus that can hide in the macros of documents. Some of you may already be thinking: "that sounds more like a worm then a virus." If you are, then leave a comment below for some brownie points, because under normal circumstances that is what it would be. But because Melissa is not a standalone program, it is not a worm. Melissa can spread on Microsoft Office 1997 and 2000. It can also spread on Excel 97, 2000, and 03. It can mass mail itself using Outlook 97 and 98. If a word document containing the virus is opened, it mass mails itself to the first 50 contacts in your Outlook address book. This virus also deletes Excel files after making backup copies to a remote drive and demands a payment of $100 into an offshore bank account in exchange for the files. A more destructive version of the virus deletes all data from a verity of destinations, including the C drive. Once finished deleting your files, the computer beeps three times and you get a message from the virus: "Hint: Get Norton 2000 not McAfee 4.02."
The least destructive version arrives in a document that is blank. At 10:00 AM and 10:00 PM on the 10th of every month, the virus adds the following text to the document: "Worm! Let's We Enjoy." Ironically the writer of this virus served 10 years in prison for his crime once he was found.
So, what do you readers think? Like it? Hate it? Sound off in the comments below. Again, Happy Birthday +Melissa Coast. Knowing you, you likely wanted to spend your day reading. In which case, I am sorry that this has prevented you from doing so in the time it takes to read this.
Wednesday, 13 February 2013
To all the readers on this fine February 14th, Happy Valentines Day. To celebrate, let's look at a worm that has the name ILOVEYOU.
The worm called ILOVEYOU, also called loveletter, arrived as an email attachment in 2000. This virus caused over 5.5 billion dollars in damage to business, the military, and to normal users. As a worm, it is infamous for not only causing that much damage, but also for the high number of modifications that could be made to it. Once infected, the worm overwrites files that have certain filenames. With a bit of programing knowledge, someone could make this worm more destructive by choosing to overwrite critical system files. If this is done, it makes your computer about as useful as a paperweight. It comes as a attachment claiming to be a text file from someone in your contacts, and the email claims that the "text file" is a letter professing the love of the sender to you. So you would likely trust this, you would wounder why your friend was professing his or her love to you. This is where both the names came from, the message title says ILOVEYOU, and the email claims that the file is a love letter. It is estimated that no business escaped the infectious charms of ILOVEYOU. If you are a victim, the virus spreads by mass mailing your email contacts the exact file that you thought was a love letter. And you were left cold, alone, and ashamed. *Tilts face down as if ashamed*
The email body said: "kindly check the attached love letter coming from me." So kindly comment below with any questions or comments and you may kindly get a response coming from me.*Smiles*
The worm called ILOVEYOU, also called loveletter, arrived as an email attachment in 2000. This virus caused over 5.5 billion dollars in damage to business, the military, and to normal users. As a worm, it is infamous for not only causing that much damage, but also for the high number of modifications that could be made to it. Once infected, the worm overwrites files that have certain filenames. With a bit of programing knowledge, someone could make this worm more destructive by choosing to overwrite critical system files. If this is done, it makes your computer about as useful as a paperweight. It comes as a attachment claiming to be a text file from someone in your contacts, and the email claims that the "text file" is a letter professing the love of the sender to you. So you would likely trust this, you would wounder why your friend was professing his or her love to you. This is where both the names came from, the message title says ILOVEYOU, and the email claims that the file is a love letter. It is estimated that no business escaped the infectious charms of ILOVEYOU. If you are a victim, the virus spreads by mass mailing your email contacts the exact file that you thought was a love letter. And you were left cold, alone, and ashamed. *Tilts face down as if ashamed*
The email body said: "kindly check the attached love letter coming from me." So kindly comment below with any questions or comments and you may kindly get a response coming from me.*Smiles*
Saturday, 9 February 2013
Before we jump right in here, did you read my blog post about the fact that Macs can get viruses? Because if not, now would be a good time to do so.
Got it? Good.
Mac Defender (also known as Mac Protector, Mac Security, Mac Guard, and Mac Shield) is a rogue antivirus program that can be installed by unwitting Mac users. This rogue was the first big malware attack to hit the Mac operating system, even though it did not damage any part of the operating system. Users typically encountered the program when clicking on an image found on a search engine. It appears as a pop-up informing you that "viruses" have been detected on your computer and suggests that you download a program which, if installed, provides your personal information to the writers of the rogue. Apple provided removal instructions for the rogue on May 24th 2011 which can be found here.
Thanks for reading. If you have a question, by all means, comment away.
Got it? Good.
Mac Defender (also known as Mac Protector, Mac Security, Mac Guard, and Mac Shield) is a rogue antivirus program that can be installed by unwitting Mac users. This rogue was the first big malware attack to hit the Mac operating system, even though it did not damage any part of the operating system. Users typically encountered the program when clicking on an image found on a search engine. It appears as a pop-up informing you that "viruses" have been detected on your computer and suggests that you download a program which, if installed, provides your personal information to the writers of the rogue. Apple provided removal instructions for the rogue on May 24th 2011 which can be found here.
Thanks for reading. If you have a question, by all means, comment away.
Tuesday, 5 February 2013
Alright, as you might have heard, I got my 1,000th pageview yesterday. I am really impressed that quite a few people are interested in this. But I am questioning why this is so interesting to you all. But I will keep writing blog posts, and we will just keep going on. Also, I would like to add that I have a nice spotlight on malware post coming up in two weeks, give or take about two days. So stay tuned.
Now for the actual post: In 2010, one of the meanest rogue antivirus programs I have ever seen shot up overnight. It's name was NavaShield. And this rogue was hardcore right from the start. The installer: 53 MB (very big for an installer.) Once NavaShield was installed, it wanted to be registered. So you could enter in a product key, or you could ask the program to generate it's own key that let you try the program for a week. At that point, Navashield told you that everything was protected, the User Interface was green, looked kind of friendly. But after a week, Navashield got mean. It asks to be registered, which of course requires you to buy it. If you did not do so, It gets real mean, real fast. What it did was play some sound though your speakers, and it started to "white-out" your desktop. If you are someone who wants to stop it via Task Manager, Task Manager is blocked by it. You can try to open a program, it just gets knocked down. And if you tried to restart (good luck,) It would come up again after a few minutes. Thankfully for those infected, it did not run in Safe Mode, and after a while the people that research these rogues had product keys ready. The product key stopped the rogue and allowed you to remove it.
Thanks For 1,000 pageviews guys, I really appreciate it. I'm going to be making more blog posts and then posting them on a schedule. Thank You, now go get on with your day or comment below.
Now for the actual post: In 2010, one of the meanest rogue antivirus programs I have ever seen shot up overnight. It's name was NavaShield. And this rogue was hardcore right from the start. The installer: 53 MB (very big for an installer.) Once NavaShield was installed, it wanted to be registered. So you could enter in a product key, or you could ask the program to generate it's own key that let you try the program for a week. At that point, Navashield told you that everything was protected, the User Interface was green, looked kind of friendly. But after a week, Navashield got mean. It asks to be registered, which of course requires you to buy it. If you did not do so, It gets real mean, real fast. What it did was play some sound though your speakers, and it started to "white-out" your desktop. If you are someone who wants to stop it via Task Manager, Task Manager is blocked by it. You can try to open a program, it just gets knocked down. And if you tried to restart (good luck,) It would come up again after a few minutes. Thankfully for those infected, it did not run in Safe Mode, and after a while the people that research these rogues had product keys ready. The product key stopped the rogue and allowed you to remove it.
Thanks For 1,000 pageviews guys, I really appreciate it. I'm going to be making more blog posts and then posting them on a schedule. Thank You, now go get on with your day or comment below.
Sunday, 3 February 2013
Before we get started here, I just want to say that I have nothing against Apple. I am not on a Microsoft payroll and there is actually a Mac in my home, I love Apple products and proudly use them.
Now for the actual content of this post: "Macs don't get viruses." How many times have you heard that? You might even believe so yourself. If so, sorry to burst your bubble, but Macs do get viruses. This post will provide proof that debunks the myth that has evolved from the fact that Macs are immune to Windows malware. We were led to believe that Macs do not get viruses. I know, because I did not know the truth myself until very recently.
The first big attack on Macs by malware was Mac Defender, first detected in May of 2011. This was a fake antivirus program that also went by the names Mac Protector, Mac Shield, Mac Guard, and Mac Security. The program "scans" your computer and comes back with a large number of "infections" that it then demands you pay for the removal of. The infections are not real and this program was really only designed to scare the user into paying for the "antivirus" so that the "threats" can be removed. It is not known how many Macs got infected with this (It's an illegal business, don't expect people to keep score.) But based on the number of calls to Apple's customer service hotline, the infections were likely in the tens of thousands. Apple representatives were told not to instruct customers on the removal of Mac Defender so that Apple would not confuse customers into believing that Apple could help them remove all malware in the future. Until May 31st, when a patch was released, Mac users got little help from Apple on removing this threat. For those that still hang on the myth that Macs don't get viruses, read this. Why would Apple make an update if Mac Defender was not a big problem? This rogue antivirus program blew a large hole in the myth that Macs don't get viruses.
But another piece of malware blew an even bigger hole in it. The Flashback Trojan, detected in September 2011, infected hundreds of thousands of Macs. This Trojan attempts to make the user believe that it is an update to Flash player (That's why the name of the Trojan is Flashback.) If the "update" is installed, the infected Mac becomes a part of the largest botnet of Macs ever made. This time Apple did not release a fix until April of 2012. This large amount of time can be excused because Flashback did not become an issue until late March of 2012.
So, now that we know better, what are we going to do about it? Well, we can keep our Macs updated, but there seems to be a lag between the bad guys putting something out and Apple patching the OS. The lag is noticeable and slow enough so that if you are a heavy internet surfer, these updates just might not be quick enough or good enough. For that there is one of my favorite Antimalware products for Macs. Intego Mac Internet Security 2013 helps protect your Mac from emerging threats, updates come often to stop the latest malware. And it also detects Windows malware so you do not spread anything to your friends that use Windows. For some users, it may seem a bit pricey. But you bought a Mac for a reason, why not protect your investment? This is the bare minimum protection that Macs should have in my opinoun, if you need more protection, you've got it right here.
That wraps it up for my first blog post about Macs. Like it? Hate it? Let me know in the comments, that's what the comment form is there for.
Now for the actual content of this post: "Macs don't get viruses." How many times have you heard that? You might even believe so yourself. If so, sorry to burst your bubble, but Macs do get viruses. This post will provide proof that debunks the myth that has evolved from the fact that Macs are immune to Windows malware. We were led to believe that Macs do not get viruses. I know, because I did not know the truth myself until very recently.
The first big attack on Macs by malware was Mac Defender, first detected in May of 2011. This was a fake antivirus program that also went by the names Mac Protector, Mac Shield, Mac Guard, and Mac Security. The program "scans" your computer and comes back with a large number of "infections" that it then demands you pay for the removal of. The infections are not real and this program was really only designed to scare the user into paying for the "antivirus" so that the "threats" can be removed. It is not known how many Macs got infected with this (It's an illegal business, don't expect people to keep score.) But based on the number of calls to Apple's customer service hotline, the infections were likely in the tens of thousands. Apple representatives were told not to instruct customers on the removal of Mac Defender so that Apple would not confuse customers into believing that Apple could help them remove all malware in the future. Until May 31st, when a patch was released, Mac users got little help from Apple on removing this threat. For those that still hang on the myth that Macs don't get viruses, read this. Why would Apple make an update if Mac Defender was not a big problem? This rogue antivirus program blew a large hole in the myth that Macs don't get viruses.
But another piece of malware blew an even bigger hole in it. The Flashback Trojan, detected in September 2011, infected hundreds of thousands of Macs. This Trojan attempts to make the user believe that it is an update to Flash player (That's why the name of the Trojan is Flashback.) If the "update" is installed, the infected Mac becomes a part of the largest botnet of Macs ever made. This time Apple did not release a fix until April of 2012. This large amount of time can be excused because Flashback did not become an issue until late March of 2012.
So, now that we know better, what are we going to do about it? Well, we can keep our Macs updated, but there seems to be a lag between the bad guys putting something out and Apple patching the OS. The lag is noticeable and slow enough so that if you are a heavy internet surfer, these updates just might not be quick enough or good enough. For that there is one of my favorite Antimalware products for Macs. Intego Mac Internet Security 2013 helps protect your Mac from emerging threats, updates come often to stop the latest malware. And it also detects Windows malware so you do not spread anything to your friends that use Windows. For some users, it may seem a bit pricey. But you bought a Mac for a reason, why not protect your investment? This is the bare minimum protection that Macs should have in my opinoun, if you need more protection, you've got it right here.
That wraps it up for my first blog post about Macs. Like it? Hate it? Let me know in the comments, that's what the comment form is there for.
Friday, 1 February 2013
OK, now that we know the types of malware, what are we going to do about it? For that, I provide the top 3 things you can do to prevent infection.
1. Use Antivirus Software.
One of the best things that can be done is to get good antivirus software and keep it updated. A lot of people have antivirus software, but some do not keep it updated. They say: "I will update it when I need it." This is akin to: "I will enable my airbag when I need it." Does this sound smart to you? Some estimates say that at least 100 unique viruses are sent out in the wild every day. Do I have your attention? Good, because antivirus software that is kept up to date can keep you from becoming a statistic. If you would like a recommendation for antivirus software, drop me a line in the comments with a basic description of what you use do online.
2. Use Antimalware Software.
To all the parents out there: If your child is sick, say running a 103 fever. And the doctor you take them to says that they are fine, would you want a second opinion? Antimalware software works the same way, it detects most of what your regular antivirus cannot. Because after all, no antivirus can detect 100% of all malware. My antimalware of choice is Malwarebytes Antimalware. It is fast, it is robust, and it does not slow down your computer. You can find it here.
3. Common Sense.
Did you think the last one was going to be complicated? Yeah, what now? Believe it or not, this can help you with what your antivirus and your antimalware cannot, avoiding threats before they become a problem. The websites you would not expect to be infected often do get infected for the very reasons you would not think it would get infected. But still, the infections on websites you would expect to be infected should be avoided. If you get a "document" from a friend that has an .exe (executable) file name, does that sound like a document to you? And going to unsavory websites can get you infected, so just avoid them. Remember that on the internet, if you are thinking with your other head, or not paying attention to what you are doing, you are a big target.
So what do you think about this blog post? Like It? Hate It? Drop me a line in the comments, what you like is what I will write more about.
1. Use Antivirus Software.
One of the best things that can be done is to get good antivirus software and keep it updated. A lot of people have antivirus software, but some do not keep it updated. They say: "I will update it when I need it." This is akin to: "I will enable my airbag when I need it." Does this sound smart to you? Some estimates say that at least 100 unique viruses are sent out in the wild every day. Do I have your attention? Good, because antivirus software that is kept up to date can keep you from becoming a statistic. If you would like a recommendation for antivirus software, drop me a line in the comments with a basic description of what you use do online.
2. Use Antimalware Software.
To all the parents out there: If your child is sick, say running a 103 fever. And the doctor you take them to says that they are fine, would you want a second opinion? Antimalware software works the same way, it detects most of what your regular antivirus cannot. Because after all, no antivirus can detect 100% of all malware. My antimalware of choice is Malwarebytes Antimalware. It is fast, it is robust, and it does not slow down your computer. You can find it here.
3. Common Sense.
Did you think the last one was going to be complicated? Yeah, what now? Believe it or not, this can help you with what your antivirus and your antimalware cannot, avoiding threats before they become a problem. The websites you would not expect to be infected often do get infected for the very reasons you would not think it would get infected. But still, the infections on websites you would expect to be infected should be avoided. If you get a "document" from a friend that has an .exe (executable) file name, does that sound like a document to you? And going to unsavory websites can get you infected, so just avoid them. Remember that on the internet, if you are thinking with your other head, or not paying attention to what you are doing, you are a big target.
So what do you think about this blog post? Like It? Hate It? Drop me a line in the comments, what you like is what I will write more about.
Sunday, 27 January 2013
The Reveton Trojan, also called the FBI MoneyPak Trojan, and the Police Trojan, is a screen locker Trojan that displays a warning from a "law enforcement agency" that claims that that user has preformed illegal activities such as downloading pirated software. This Trojan prevents you from doing anything on your computer until you pay the fine, up to $500, or remove the Trojan. The Trojan often demands payment though a prepaid, untraceable payment. Some recent versions show the view from your "webcam" and display your IP address to reinforce the claim that you are being watched. The "webcam" video shows up with no regard as to if you actually have a webcam or not. This Trojan is based on the Citadel Trojan, which is itself, based on the Zeus Trojan. There are several versions of this same Trojan which started out in the UK. These include versions for the FBI, the DOD, and the DOJ.
To remove, boot into Safe Mode with networking, go online and download Malwarebytes Anti Malware. Run the installer and say yes to all the regular options. Leave update and launch checked, and then it should start. After it has, choose Quick Scan, this quick scan will take anywhere from 1-15 minutes depending on how much stuff you have on your computer and how many files are infected.
To remove, boot into Safe Mode with networking, go online and download Malwarebytes Anti Malware. Run the installer and say yes to all the regular options. Leave update and launch checked, and then it should start. After it has, choose Quick Scan, this quick scan will take anywhere from 1-15 minutes depending on how much stuff you have on your computer and how many files are infected.
Monday, 21 January 2013
Greetings,
Because this is my first post, I ask that you understand if I have a hard time finding out what all these buttons do. My name is Hunter, and malware researching is a passion for me. I love learning new things about malware, and when a big threat arises, I make sure my friends know. "What's malware?" you ask? Why, it's malicious software. Any software that is written with the intent to cause harm.
There are perhaps hundreds of blogs about malware on the web, so why should you read my blog? I will tell you why.
1. I am independent.
I do not work for any organization or company that wants to sell you it's products. I will only review a security product if I trust it. I do not make money if I help others with malware removal. (Note: I do not claim to be an expert, I only claim to have a hobby that keeps me busy.) I do not personally accept money from anyone to plug a product no matter how much they offer, or how much I like or do not like it.
2. I have a wish.
I want there to be a time, sometime in my lifetime hopefully, when users do not worry about malware, when viruses, spyware, rogue antivirus software, and other malware simply does not exist anymore. I know that the "arms race" between those who are writing malware and those who wish to protect against malware has to stop. We have to win if we want the computer landscape to be ours. This wish drives my focus and keeps me from forgetting just what I am fighting for.
3. I stand on the shoulders of giants.
These giants are those that share my hobby as well, and when we are combined, our reach across the malware landscape is unparallelled. We, in our fight to give others information, help others give others information, and so on and so on.
I will be blogging to highlight malware, to educate those that want to know. To fight against malware until it can no longer function. Malware and malware removal is a hobby and a passion of mine, my hope is that there will be a time when I will not have to.
Because this is my first post, I ask that you understand if I have a hard time finding out what all these buttons do. My name is Hunter, and malware researching is a passion for me. I love learning new things about malware, and when a big threat arises, I make sure my friends know. "What's malware?" you ask? Why, it's malicious software. Any software that is written with the intent to cause harm.
There are perhaps hundreds of blogs about malware on the web, so why should you read my blog? I will tell you why.
1. I am independent.
I do not work for any organization or company that wants to sell you it's products. I will only review a security product if I trust it. I do not make money if I help others with malware removal. (Note: I do not claim to be an expert, I only claim to have a hobby that keeps me busy.) I do not personally accept money from anyone to plug a product no matter how much they offer, or how much I like or do not like it.
2. I have a wish.
I want there to be a time, sometime in my lifetime hopefully, when users do not worry about malware, when viruses, spyware, rogue antivirus software, and other malware simply does not exist anymore. I know that the "arms race" between those who are writing malware and those who wish to protect against malware has to stop. We have to win if we want the computer landscape to be ours. This wish drives my focus and keeps me from forgetting just what I am fighting for.
3. I stand on the shoulders of giants.
These giants are those that share my hobby as well, and when we are combined, our reach across the malware landscape is unparallelled. We, in our fight to give others information, help others give others information, and so on and so on.
I will be blogging to highlight malware, to educate those that want to know. To fight against malware until it can no longer function. Malware and malware removal is a hobby and a passion of mine, my hope is that there will be a time when I will not have to.
Subscribe to:
Posts (Atom)
