lvit.com

Virus writing arrest in Japan

July 1st, 2009

It has been a long time coming, but a virus writer has finally been arrested by the Japanese authorities. According to security specialists Sophos law enforcement agencies in Kyoto, Japan, have arrested three men who stand accused of plotting to infect users of a popular P2P file-sharing network with a Trojan. The Trojan itself displays images of popular anime characters on-screen, all very lovely and Japanese, while at the same time deleting MP3 and movie files from the system: not so nice, obviously.

The malware which was targeted at Winny P2P users has been identified as ‘Harada’ in variousmedia reports and Sophos say this is related to the similar Pirlames Trojan horse which it first reported intercepting in Japan last year. According to Japanese media reports, the three men have admitted their involvement in the crime. One of the men is said to have written the malware, while the other two are believed to have distributed the malicious code via Winny.

“It isn’t illegal to write viruses in Japan, so the author of the Trojan horse has been arrested for breaching copyright because he used cartoon graphics without permission in his malware. Because this is the first arrest in Japan of a virus writer, it’s likely to generate a lot of attention and there may be calls for cybercrime laws to be made tighter,” said Graham Cluley, senior technology consultant for Sophos. “Malware is truly a global menace, impacting on every user of the internet, and it is good to see police around the world doing their bit to tackle the problem.”

Isamu Kaneko, the author of the Winny file-sharing program, was fined by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet. A survey conducted in 2006 by Sophos reflected the serious concern that uncontrolled applications are causing system administrators:

86.5 percent of respondents want to block P2P applications
79 percent say that blocking is essential

“Businesses are increasingly looking to control users’ access to P2P file-sharing software not just because they can eat up bandwidth or infringe copyright laws, but also because they can present a security risk to corporate data,” continued Cluley. “This music and movie-munching Trojan horse is a timely reminder of the danger malware can pose to a company’s network.”

Posted in Virus Protection | 1 Comment »

Firefox updating message misleads users

July 1st, 2009

Over the course of last weekend I was busy setting up some new systems.
During that process I came across an old virtual machine that I decided to fire up.

Upon launching Firefox on that machine I was greeted by the following:

Now what’s wrong with this picture? Quite a lot if you take a good look.

The issue of course is that Firefox 2.0.0.13 is nowhere near the latest version of Firefox. Even worse, the message is flawed in two ways. Not only are we at Firefox 3.x. but Firefox 2.0.0.13 isn’t even the latest release in the 2.x branch.

So the message is incorrect as regards both major and minor releases.
Now one could argue that the auto-update mechanism takes care of this problem. But that can be turned off for a whole variety of reasons. Fact of the matter is that this is plain sloppy on Mozilla’s end.

Sadly, launching such incorrect messages is not particularly a new issue for Mozilla, and in my opinion such carelessness about easy-to-fix issues does not send a good message. Since the page is actually being downloaded from Mozilla’s site, it really shouldn’t be too much work for them to fix.

However when checking the situation for the 3.x branch of Firefox a better result appeared.

This means that the Mozilla guys got around fixing this page for the latest release branch, but forgot about the earlier branch.

Let’s hope that Mozilla gets around to fixing this so that the pages will correctly show if a version is up to date or not. Even if it’s only the older branch being affected. After all, we all know that there are millions of people out there who take forever to update.

Posted in Virus Protection | No Comments »

Shortening URL Service compromised

July 1st, 2009

As pointed out by Stefan short URLs create big problems. How big those problems can get has been made very clear in an attack suffered by cli.gs. They claim to be the 4th most used shortening service on Twitter.

In a blog posting on their site the company says that they had been breached. This resulted in over two million shortened URLs pointing to the same page. The page is a blog posting from another site talking about hashtags on Twitter.

No malicious code has been found on that particular page. Put that together with the topic of the particular page leads and it appears that the attacker didn’t have too much harm in mind. S/he wanted to show that the site was vulnerable to attack, but didn’t want to install any malware onto the visitor’s machine. A welcome change. 😉

Having control to so many URLs makes these services a very attractive target. The fact that you can easily change the address to which a shortened URL leads with this particular service made it extra attractive.

Personally, I’ve abandoned URL shortening services on any of the social networks I’m on some time ago. If you strip out the “http://” portion such sites will no longer convert them into shortened URLs automatically. It’s certainly a bit less convenient, but at least the reader knows where I’m pointing to.

Posted in Virus Protection | No Comments »

Workgroups vs Domains

July 1st, 2009

What’s the difference between a workgroup and a domain?

Quite simply, a workgroup is defined as a network of multiple computers, configured to share resources, with out the use of a domain controller (primary sever).

A domain, on the other, is a network of computers, configured to share resources, but controlled by a centralized server or “domain controller”.

So, now let’s dig in a little deeper and contrast the two.

Workgroups are also called peer-to-peer networks ( P2P ) because each node on thew network is an equal peer. All user accounts, resources, and permissions are controlled on the local machine level. And each computer must be configured individually to reflect the settings of the other nodes on the peer-to-peer network.

Workgroups share resources, such as files, printers, and drives that are stored on each individual machine. Since administration for all computers on a workgroup must be setup and configured on each local machine, it makes the task of administration a nightmare. Too many computers connected to a workgruop can make it very difficult to keep track of the user accounts and permissions set forth on each node.

For this very reason, Microsoft recommends a maximum of 10 computers for any workgroup environment. Any more than that and you need to implement the use of a domain.

Domains have a primary server that is responsible for centralized administration of user rights, shares, access permissions, and all shared resources across the entire network.This helps to simplify administrative tasks by giving one central point of administration.

Domains are also more secure because they have a single repository for all of the user accounts and permissions stored on the domain controller, known as the Security Accounts Manager database ( SAM ).

Within a domain environment, the network administrator can make a single change on the domain controller and that change will propagate across the network and reflect the change on all nodes connected to the domain controller.

Generally speaking, a domain will have multiple servers, all acting in different roles for the network. Usually, the scenario is to have a primary domain controller and a backup domain controller to provide redundance and a fail-safe in the event of interrupt or catastrophic failure.

If you have over 10 computers to network together, then it is recommended that you incorporate the domain model architecture for the network.

Not only are domains more secure, but they are also easier to manage.

Computer networks are an awesome thing – when they are configured and managed properly. The main thing to remember is that it is a big waste of your time and energy to try and make a large network operate with the workgroup model. If you have more than 10 computers to connect together, then by all means, go out and get a server. You’ll be happy you did!

Posted in Virus Protection | 1 Comment »

System Security “Protect your PC”

June 8th, 2009

Scam. I just ran into two cases of this virus in the same day. In the first Case Alt+Ctrl Del was disabled as well as regedit and services.msc. So I booted up in safe mode login in as admin and ran combofix, Worked like a champ was out of there in 30 minutes. I left and went to my next call and same virus but when I tried to boot into safe mode I got the blue screen of death. Having a minipe disk I was able to boot into it and load regedit but the disableregedit was not in the policies. In the second case I had to run xp repair and then I was able to get into safe mode and fix it.

Posted in Virus Protection | No Comments »

New Malwarebytes is your solution!

June 3rd, 2009

We find alot of malware in the field of computer repair, though we can remove the malicious software, you can prevent a service call by keeping your system guarded by MalwareBytes. It is a free download and is updated frequently to stay current with new viruses.

Posted in Virus Protection | 1 Comment »