Computer Tips -Tech Info

Tag: virus

  • BIOS based rootkits coming soon….

    There have been a couple stories out of the “Blackhat federal” conference in the last couple days. Brian Krebs at the Security Fix gives a good overview. One of the more troubling notes is the possibility of creating a rootkit that can hide itself in a systems BIOS. Security Focus has some detail on this as well.

    (more…)

  • A Deeper look at Nyxem

    First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing some problems. Don’t wait until then to make sure you have current antivirus definitions. The Nyxem virus though does something else interesting.

    According to incidents.org

    (more…)

  • Nyxem.E virus delete files payload

    F-secure has some details on a dangerous payload for the Nyxem.E virus. (The Nyxem.E virus is very similar to the Email-Worm.Win32.VB.bi that was talked about earlier in the week.) In fact, this virus seems to be spreading fairly well (not the blockbuster spread of older email viruses, but it is spreading.) Anyway, according to f-secure it will on the 3rd of the month, delete all files matching the following patterns. *.doc *.xls *.mdb *.mde *.ppt *.pps *.zip *.rar *.pdf *.psd *.dmp *(on all accessible drives.)

    (more…)

  • New mass mailing virus

    F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it’s aliases are…. W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending on which AV vendor you check with. It’s a worm as well, in that it tries to spread through remote shares. It attempts to disable antivirus software as well. Here are some details from their writeup:

    (more…)

  • More Fake security sites

    More sites that claim to be windows security center or the like are popping up… a list:

    securitycaution(dot)com
    dnserror404(dot)com
    todaywarnings(dot)com
    updatesystempage(dot)com
    yoursecuritysystem(dot)com

    From sunbeltblog.

    (more…)

  • Sober virus watch…

    Well, antivirus vendors and IT security folks are waiting now for the expected activation of the sober.y worm searching for a new downloads and a new revision of the pest. kaspersky’s log indicates the expected activation time is 00:00 GMT January 6th, which means here in the EST zone that would be 7PM EST… Of course many of the expected sites have been shut down. It appears that the virus will look periodically for sites to “upgrade” from for some time.

    (more…)

  • The press covering the WMF bug

    It’s always a strange mix between comedy and frustration to see the main media outlets cover a tech news item. I usually wince and brace myself when I see any tv news outlet take on a computer issue and likewise when I read newspapers and non-tech publications take on anything of the sort. It’s kind of like movies that use extremely fake computers. Sometimes I think it’s because they’re trying to simplify things for the average viewer, but I usually find that approach somewhat condescending because I don’t think grown adults should be treated like little kids. Anyway, I digress… the coverage of this WMF exploit has been, well, interesting. There was…

    (more…)

  • Big block of blank space in Add/Remove Programs

    This isn’t an earth shattering issue, but as I was looking into some other problems on a Windows XP Pro system, I noticed a HUGE blank space in the Add/Remove programs area of the control panel. It was something like this, there were several entries (10 maybe) and then a huge block of blank space perhaps hundreds of “pages” long. I scrolled a bit with the mouse wheel and was not making quick progress, so just grabbed the scroll bar and pulled down to see the next 30-40 entries.

    (more…)

  • Too little time…

    I’ve just been back at appointments what – 2 days? And already I’ve got a ton of issues to detail. I usually don’t get into details of everything I run into because many times it’s rather tedious issues, memory install, fill in the blank virus removal for the nth time, etc. However I’ve already run across a few unique things that have taken some searching. One is still unresolved (time constraint.) That will get a revisit in the near future.

    (more…)

  • Lack of working exploit does not mean Windows 98 is safe

    I want to try to clarify a point. I’ve spent a couple days trying to get current exploits to work on a Windows 98 SE virtual machine. Not to prove that Windows 98 is safe, but to determine if current exploits affect Windows 98. Yesterday evening there were apocalyptic headlines saying that virus threatens every windows os shipped since 1990 which is overhyped. The current vulnerability exists in every windows operating system shipped since 1990. The current exploit for that vulnerability doesn’t seem to work on Windows 98 (you have to go a long ways to find a configuration that the current exploit works with… I haven’t yet.) This does not mean that Windows 98 is invulnerable. It simply means that this specific attack does not easily work. Tomorrow may be different, now that the problem is known, it may be just a matter of time before someone determines WHY windows 98 is not as affected and “correct” the problem.

    (more…)