Archive

For the Security category

Jul 01

New PC and laptop security warning for ‘indestructible’ botnet

By adminNo Comments

More than four million PCs have been enrolled in a botnet security experts say is almost “indestructible”.

The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down.

Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.

Security researchers said recent botnet shutdowns had made TDL’s controllers harden it against investigation.

The 4.5 million PCs have become victims over the last three months following the appearance of the fourt.h version of the TDL virus.

“The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies.

A botnet is a network of home computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims’ PCs or use the machines to send out spam or carry out other attacks.

The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files.

It is one of the most sophisticated botnets out today

The virus installs itself in a Windows system file known as the master boot record. This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.

Apr 12

Phishing Alert: Hackers targeting AlertPay and PayPal users via Fake Facebook Pages

By adminNo Comments

Today I got one Facebook message from an unknown person. In that message he is asking to participate in AlertPay “own0” contest. For this I need to login in my AlertPay account.

Apr 06

Photoshopped image scam used in rogue Facebook app

By adminNo Comments

Facebook users were put under fire on Monday by a brace of new threats, one of which spreads through a link disseminated through the Facebook Chat application.

An estimated 600,000 people have already clicked onto the link, which falsely promises to show them a funny Photoshopped image of themselves. In reality users install a rogue application which sends messages to their contacts via the social network’s IM feature, thus continuing the infection cycle.

Users are taken to a fixed gallery of 45 photoshopped images (such as the image of someone’s features morphed onto a dog’s head), none of which feature the person who followed the link. M86 Security reports that the scam, whose purpose is unknown, is spreading quickly, attracting new victims at the rate of around 90,000 clicks per hour.

Separately, a slew of various rogue applications offer the false promise of letting Facebook members known “how many times their profile has been viewed”. Some of these apps give a breakdown of male and female profile viewers.

Interested parties are asked to complete a survey, the real purpose of the ruse, before getting access to the “locked away” content, which in reality doesn’t exist.

Such survey scams are all too common on Facebook. Previous ruses have falsely offered access to an “unlike” application, for example.

Apr 03

Websites hit in massive web attack

By adminNo Comments

Websites hit in massive web attack

Hundreds of thousands of websites appear to have been compromised by a massive cyber attack.

The hi-tech criminals used a well-known attack vector that exploits security loopholes on other sites to insert a link to their website.

Those visiting the criminals’ webpage were told that their machines were infected with many different viruses.

Early reports suggested that the attackers were hitting sites using Microsoft SQL Server 2003 and 2005 and it is thought that weaknesses in associated web application software are proving vulnerable.

Ongoing analysis of the attack reveals that the attackers managed to inject code to display links to 21 separate domains. The exact numbers of sites hit by the attack is hard to judge but a Google search for the attackers’ domains shows more than three million weblinks are displaying them.

Security experts say it is the most successful SQL injection attack ever seen.

Apr 01

Have you got StarLogger spyware on your machine?

By adminNo Comments

A security researcher revealed that he had purchased two new laptops from Samsung, and discovered both of them to be infected with the StarLogger (download) keystroke-recording program. While there’s very little that can be done about keystrokes already recorded, checking your own laptop for such software is actually quite simple–if you’re familiar with mucking about in your system directories and Registry.

Because it’s a keylogger, most often used for spying on employees and children, StarLogger cannot be accessed from your Start menu.

The easiest way to find StarLogger is to look for its Registry key, which is used to load it when Windows is started. To see if this has occurred, open a command prompt and type “Run Regedit”. Then go to the Menu bar, select Edit and then Find. You want to search for “winsl”, without the quotes. If it’s installed, you should see a Registry key that looks like this:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winsl

You can also look for the following files on your hard drive, although keyloggers are designed to hide themselves. Open Windows Explorer, and then hit the Alt key to bring up the Menu bar. Go to Tools, Folder Options, and View. Under Advanced Settings, you’ll see an option for Hidden Files and Folders. Make sure that Show is checked.

If you have StarLogger, its files will be located in your Windows root directory, in a subdirectory labeled “SL”. A list of files you can expect to see is below:

  • iv.ini
  • WinSL.dat
  • WinSL.exe
  • WinSLH.dll
  • ImgView.exe
  • SL-Test.txt
  • unins000.dat
  • unins000.exe
  • StarLogger.url
  • WinSLManager.exe
  • StarLogger.url
  • Uninstall StarLogger.lnk
  • StarLogger.lnk
  • StarLogger on the Web.lnk
  • WinSLManager.exe
  • WinSLH.dll
  • WinSL

You can also check your Task Manager for WinSLManager.exe.

if you think you may have keyloggger contact us today for a quick removal

Mar 31

Spotify ads hit by malware attack

By adminNo Comments

Earlier in the month we warned of a new virus that was been reported to us. Now a well know website Spotfy has been hit, the BBC new websites is now reporting it

Spotify has apologised to users after an advertisement containing a virus was displayed to some users of the music-streaming service.

The advertisement, which appeared within Spotify’s Windows desktop software, did not need to be clicked on in order to infect a user’s machine.

The exploit would install a bogus ‘Windows Recovery’ anti-virus program.

If any one uses this website or thinks they are infected, please call us to arrange a full virus scan of your machine.

Mar 31

IT Security issues found in McAfee website

By adminNo Comments

IT engineers the YGN Ethical Hacker Group have researched the Internet site of IT company McAfee and they found three IT security vulnerabilities in it. However, a perfect solution for businesses of any size would be IT outsourcing. After warning McAfee in February about these flaws, the researchers published the security holes on the Internet. A McAfee spokesperson said that “It is important to note that these vulnerabilities do not expose any of McAfee’s customer, partner or corporate information. Additionally, we have not seen any malicious exploitation of the vulnerabilities. We are investigating how these particular vulnerabilities were not identified in our screening process and will adjust our processes if necessary.”

Mar 07

FAKE email scam alert

By adminNo Comments

Another scam that is currently doing the rounds is like the in below. Basically the scammers want your bank details to rip you off. Delete the message straight away and ignore. If you are still unsure forwrad the message on to us and we will take a look at it for you

*******

CENTRAL BANK OF NIGERIA

TELEX/COMPUTER DEPARTMENT

Tinubu Square, Lagos.

FROM THE PRIVATE DESK OF:           

MR. MICHAEL WILLIAMS (CONFIDENTIAL NUMBERS)  

EMAIL: michaelwilliams0010@yahoo.com.

       michaelwilliams0020@yahoo.com

ATTN.: BENEFICIARY, 

I AM SENDING THIS PRIVATE EMAIL BASED ON THE CONFIDENTIAL NATURE THAT THIS TRANSACTION REQUIRES AND PLEASE I WILL LIKE TO ADVISE THAT IF AFTER GOING THROUGH MY SUBMISSION TO YOU AND YOU DO NOT ACCEPT IT, KINDLY KEEP IT TO YOURSELF.

I AM STILL IN SERVICE WITH THE CENTRAL BANK OF NIGERIA (CBN) AND I WOULD NOT LIKE TO LOSE MY JOB.  I FOUND OUT THAT YOU HAVE ALMOST MET ALL THE STATUTORY REQUIREMENTS OF THE CBN IN RESPECT OF YOUR INHERITANCE PAYMENT BUT YOUR PROBLEM IS THAT OF INTEREST GROUPS. A LOT OF PEOPLE ARE INTERESTED IN YOUR PAYMENT AND THOSE PEOPLE ARE MERELY DOING PAPER WORK WITH YOU AND THAT EXPLAINS WHY YOU RECEIVE FAX AND PHONE MESSAGES FROM DIFFERENT PEOPLE IN NIGERIA EVERYDAY. FROM ALL INDICATION, YOU HAVE LOST TRUST ON WHOM TO BELIEVE TO BE GENUINE.

I CAN ASSURE YOU THAT THIS MAY LAST FOR YEARS, YET NOTHING HAPPENS TO SUM IT UP. I WISH TO ASSURE YOU THAT WITH MY POSITION HERE IN THE TELEX DEPARTMENT I CAN PUNCH THE COMPUTER AND CREDIT YOUR ACCOUNT STRAIGHT.  I CAN ACCOMPLISH THIS UNDER THREE DAYS, BUT WE HAVE TO REACH AN AGREEMENT, FIRST OF ALL, YOU HAVE TO LET ME KNOW HOW MUCH YOU WILL GIVE ME AT THE CONSUMMATION OF THIS DEAL. SECONDLY, YOU WILL HAVE TO OPEN ANOTHER BANK ACCOUNT WHERE YOUR FUND WILL BE TRANSFERRED TO IMMEDIATELY IT HITS YOUR ACCOUNT. THIS IS TO AVOID ANY CALL BACK OF THE FUND.

CONSEQUENTLY, YOU WILL BE REQUIRED TO PROVIDE FUNDS TO FACILITATE THE COMPLETION OF THIS PROCESS UNDER THE STIPULATED TIME FRAME. THIS IS TO ENABLE US COVER ALL TAXES AND CLEARANCE DOCUMENTS THAT MAY ARISE AS AN IMPEDIMENT TO THE SUCCESSFUL TRANSFER OF FUNDS.

FINALLY, YOU WILL HAVE TO ACCEPT TO KEEP THIS TRANSACTION STRICTLY CONFIDENTIAL, IF YOU ACCEPT MY SUBMISSION, KINDLY GET BACK TO ME IMMEDIATELY ON MY ABOVE PRIVATE EMAIL ADDRESS.

YOU CAN REACH ME VIA MY EMAIL ADDRESS ANYTIME. PLEASE CONFIRM YOUR PARTICULARS ON REPLY.

REGARDS,

MR. MICHAEL WILLIAMS.

Director, Telex/Computer Dept.

Central Bank of Nigeria (CBN).

Mar 07

Fake email alert *** DHL notification ***

By adminNo Comments

if you get an email with “DHL notification” in the subject and an attachment, then this is a potential threat

The Virus threat is  HIGH.

Pleased scan this email or deleted

Mar 07

New Virus threat – HardDrive virus

By adminNo Comments

We have been alerted to a new virus that is causing major issues. A screen print of the infection is below

harddrive-small-virus

[/caption]

If you get this infection please shutdown your machine immediatley, so further damage is not caused.

This virus is difficult to remove as often the machine will not boot normally or in to safe mode.

However here at ARC iT we can remove the virus manually, before running through our scanning machines to totally clean your machine.

We can also offer AVG Internet Security 11 for half price, when having a virus removed.

< Older
Blue Taste Theme created by Jabox