Beware of a new anti-spyware package called PestTrap. You may hit a site that generates a popup with a message like this:

Attention! Your system is under control of remote computer
with IP address 227.4.167.118. The remote computer has access
to the following folders on your PC:
- \WINDOWS\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official anti-spyware software

You're putting your computer at risk if you go to the website, especially if you're running Internet Explorer.
[Read More!]

ZDNET reports this: "A new Trojan horse program was infecting PCs on Wednesday, exploiting a hole in Windows systems to sneak onto computers, then dropping adware or spyware or turning them into zombies, according to several Internet security companies."
[Read More!]

Here's one targeted at E-Gold users. The ploy is that the sender wants you to execute a special program attached to the email. Doing so will infect your computer with the PWS-Banker.k.gen trojan. Expected result is to lose the funds in your E-Gold account and I'd expect it'd manage to get other sensitive information from your computer.
[Read More!]

The Trojan.Kirvo.B (Symantec) or W32/Kelvir.worm.ea (McAfee) was discovered on July 19/20 and spreads itself via Microsoft's Messenger Service (MSN). This is kind of like those emails you receive from a friend where they really didn't send it. But your friend did allow their computer to get infected and now they're trying to give it to you.
[Read More!]

I just got this one and hadn't seen it before. The JS/Zerolin virus came out on 8/11/04 and is distributed by the spammers. With this little guy, you get 3 for the price of one (or should I say expense of one?).

[Read More!]

It's not the holes in Microsoft security that concerns me lately, it the blackhole that common sense gets sucked into. The rash of viruses that I've been seeing, Bagel, Netsky and MyDoom, play on users inability to recognize obvious attempts to attack their computers.
[Read More!]

The W32/Mydoom.A@mm virus is using some rather sly techniques to persuade you to open the attachment which will infect your computer. One of my old clients asked me about a message that he received. The message looked like it was a returned message (a bounce) that was refused because it contained the W32/Mydoom.A@mm virus. The virus was also sent along as an attachment. Anti-virus scanners do not return mail with the original virus included. They will eliminate it first.

Newsletter publishers may be at the most risk with this one. One, because their email addresses are probably in thousands of address books (their subscribers) and two, because publishers are always dealing with bounced emails and may actually open up the attachment to determine which email address returned the bounce. Instead of being able to remove the bouncing email address from their list, they're infected. Not a good thing, but further justification for publishers to start delivering their newletters via RSS feeds. This is a real email alternative that shouldn't be discounted. [Read More!]

This virus is now classified as a High-Outbreak virus by McAfee. It even merited mentioning on my local news station this morning. I've received several copies of it, yesterday and today(remember a lot of folks out there have my email addresses in their system, so I get this stuff alot).

This one will not only propagate over networks such as Kazaa (seems like a risky program to use these days) and via your email, but it also installs a back door program on your computer that would allow it to be used by spammers. Additionally, the virus help in conducting a Denial of Service attach agains t SCO.com (one of the Unix software companies).

Here's the link to McAffee to read all about this one:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100983

This one should be avoidable by most folks because it contains a suspicous attachment and no real deceiving message. BUT, I'm always surprised by how many folks open these things up. Come on now, if the message is blank or contains bad grammar... DON'T OPEN IT!

This one is definitely already out there. It's a variant of the Sobig virus and contains a potentially dangerous remote access component. Got 2 copies already in one of my information email accounts. McAfee's email alert system sent out a notice on this one which I received about 4 minutes before this one showed up. I'd say it's in the wild already. Anyway here's the tip:

Virus Email Subject: Hi (pretty obvious)
Text: Random characters like this:

Test =)
vttqdoigwhynt
--
Test, yep.

The attachment has a random filename. One had the ysrwls.exe and the other sagbt.exe (both exe's which should be a dead giveaway)

[Read More!]

After releasing a new version of the Mimail e-mail worm last week, virus authors are using a new tool this week to help it spread: spam e-mail containing a Trojan horse program that, once installed, retrieves and installs the worm. Click the title to go to the Infoworld article reporting this scam. The scum out there is definitely getting a little more devious. By playing on greed, they'll try to sucker some suckers in on this one. So much for the CAN-SPAM act slowing this junk down.

It all started this Saturday as I was trying to get my computer to read the DVD-RAM drive off my new digital camera. I was searching for a tool to help me decode the .vro files on the disk (the bundled software that came with the camera is not working right, but that's another story). I saw an article about ULead that said their software would read this file type, so off on a search for ULead. What I found was a website at http://cracks.st and I clicked on it --- bad mistake! For those of you who do not know, a "crack" is a term used to describe software code that will make copy protected software available for use freely (that means without registration or payment required). Sometimes is a piece of code that unlocks the copy protected software or sometimes it's the software itself.

I know what a crack is, before I clicked on this dastardly link. And I know that ULead software would not be found at this site (I found the right site). But being a computer weenie and always interested in what's going on elsewhere, my curiosity made me click on this site. I will tell you right up front that this website does contain code that will unlock software, but the penalty associated with going to this site would be disastrous for any novice. It caught me and it would catch you. So with one click, began my decent into computer hell.....
[Read More!]

I've been seeing some emails lately talking about DarkProfits.com. They claim to have charged my credit card some $200+. Didn't happen, but these emails may have been related to this particular Worm. The Mimail.C virus/worm apparently was programmed to conduct a Denial of Service attack on darkprofits.com and darkprofits.net domains this past Friday. [Read More!]

This one just tried to get me and McAfee caught it. I think this one tried to get through via a drive-by intallation. My wife was using my computer and got on one of those websites that popped up about 99 new windows. As I was closing them down, I clicked on the wrong X to close the window. I'm sure you've seen them, the graphic that looks like a window with the typical 3 icons on the top right corner. Looks just like a regular window and with about 10 popups open I was closing them too fast and clicked on a graphic instead of the real close window box.

Anyway this one was an infected file installed at C:\Program Files\Buddy Icons\NLNP057.exe. This file is infected by the IGetNet.dr trojan. This is not the first time I've seen IGetNet's alerts. Usually it's been caught by AdaWare, this time it's flagged as a virus.

Don't you think it'd be a good idea for the Anti-Virus Programs to treat these programs as viruses? If they don't ask for permission, in my book they are.

BTW, I don't use a popup killer. How could I find these critters if I used one?

Microsoft seemingly has a security update a week. Now they got one which according to them "Security issues identified in Microsoft Internet Explorer (IE) could allow an attacker to compromise systems with IE installed (even if IE is not used as the Web browser). For example, an attacker could run programs on a computer used to view the attacker's Website. Download this update from Microsoft to help protect your computer." The security update number is KB828750. [Read More!]

Dumaru is more of an irritant than anything else. If, however, you don't have an up-to-date virus signature, it could do you some damage. It's a WORM and it's a password stealer. The irritating details with this one is that with the McAfee Virus Scan (maybe others) and Outlook Express, your email will appear to be locked up. McAfee tells you the virus is there and you can delete it, however, it doesn't want to go away. Go to McAffee's site to read more about what this Dumaru virus can do: McAfee.com.

If your email program is locked up and you can't dump this little bug, I'd suggest a little tool that I use. Popcorn is little program that allows you to see what email is on your server. You can find this email and delete it before it ever gets to your computer. I've found this utility quite usefull on several occasions (you know those 5000MB movies that you're brother-in-law thinks is funny) to remove badly behaving emails.

Look for the suject of the email "Use this patch immediately !" and delete it. Gone!

[Read More!]