Circuit City Support forum serving up trojan….

Thursday, June 1st, 2006

Embarrasing…. and a big pain in the neck for any of their visitors… It seems as though if you’ve visited Circuit City’s Support Forum with an unpatched Internet Explorer, you likely have a trojan/backdoor of some sort on your pc. (Assuming Explorer hasn’t been patched since January. In reality – if you haven’t updated explorer […]

Zero-day ( 0-day) Microsoft Word exploit

Friday, May 19th, 2006

There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, […]

The spammers win a round

Wednesday, May 17th, 2006

There is a company (well, unfortunately, WAS a company) called Blue Security. They had an innovative approach to stopping spam. A small download essentially sent opt-out return emails that were junk back to the REAL spam sender (clever concept huh? bouncing to the person that REALLY sent the message… Of course what was clever here […]

Interesting spyware push download tactic…

Thursday, May 11th, 2006

Incidents.org has another interesting post about a spyware site. One of the handlers ran across it while doing a search for an educational institution. (They’ve used a wildcard in the dns record so that they can get traffic to {fillinkeyword}.nastydomain.com) Anyway… the main page tries to install WinAntiSpyware2006FreeInstall.cab from WinSoftware Corporation, Inc. It gives the […]

Cleaning up after WMF Exploit – summary

Thursday, December 29th, 2005

Can I say enough times that after a bad trojan infestation you should format and reinstall? I’ve cleaned up the infested image that I “sacrificed” to the WMF exploit and as I’ve said you’re pestware install will likely be somewhat different. An exploit is just the road, the spyware and viruses are the cars. Once […]

Cleaning up after WMF exploit – is it clean?

Thursday, December 29th, 2005

So, I’ve got most of the baddies cleaned out and I’m not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in particular) that could be legitimate windows file names. Am I running the good one, or the trojan? That […]

WMF 0-day exploit

Wednesday, December 28th, 2005

There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.    Send article as PDF   

Disinfecting a PC… part 2

Thursday, December 15th, 2005

Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network. (There is no network card […]

Microsoft Security Bulletin Email

Monday, December 12th, 2005

There is a trojan making the rounds that is acquired by clicking on links in an email. That’s not necessarily new, however…. this email represents itself as an authentic-looking Microsoft security bulletin and the links are supposedly to updates (sorted by Windows version.) It’s important to point out that Microsoft does not send registered users […]

Another interesting spyaxe note

Saturday, December 10th, 2005

Incidents.org has a note on a recently noted trojan.spaxe.exe, that when on a system will mimic the windows notification dialogue “bubble” near the system tray with the following text. “Your computer is infected! Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and […]

Google
 
Web www.averyjparker.com