Thursday, December 18, 2008

Check virus secara percuma secara online

Kalini nak post gune bahase melayu plak.. Kalau ade antara kita yg terjumpa file .exe pastu takut2 nak run, kebetulan antivirus plak tak penah udate, inilah caranya nak tau file tu merbahaya or tak..

Kalau anda dah tau atau belum, kat internet tu ade satu web site menjalankan servis untuk menganalisa file-file yg disyaki dan juga menyediakan report yg lengkap dan cepat!! Dengar macam hebat dan memang hebat.. Website ni boleh mengesan virus, worms, trojans, dan segala jenis malware yg boleh dikesan antivirus. (sebab antivirus ni kdang2, jname laen dah detect, die tak detect lagi).. jadi, klau gune website ni, kite leh tau la file tu dah penah di detect oleh antivirus ape saje yg ade kat dunia ni.. klau takde, maknenye file tu selamat...

Menurut website die, virustotal ni:

* Free (tu yg sedap dgr tu)
* Gune pelbagai enjin antivirus
* Virus signature yang paling latest giler.
* Result yg detail bagi setiap antivirus.
* Statistik terkini.

dah sudah merapu, mari kite belajar gune.. tapi cam tkyah ajar sbb cam senang je gune.. tapi tulis jela bagi pnjang sket post kali ni.. lagipun, tak best plak asyik copy paste, tulis sendiri pus sket.. hehe..

1. snang je nak gune.. mule2 bukak je laman web dan kalau malas nak taip, klik je link tu..

2. Pastu akan kuar page camni..

3. Pastu apa lagi.. kita ramai-ramai klik butang browse dan pilih file yg kita ragui tadi.. pastu klik butang send file.. tu je.. pastu tunngu result.. senang bukan? Tapi perasan tak kat bawah textfield tu ade thickbox cakap "send over SSL", itu function untuk user yg ade masalah nak upload care biase.. macam saye penah kena, mase tu nak upload file kat kampus.. dah name pon file virus, firewall block untuk upload, jadi gune la sendover ssl tu.. dan berjaya upload..

4. Result die rupe camni..

dan ini..

amacam.. seronok tak.. jumpe lagii.. selamat mencuba..


Google sponsored links caught punting malware

Researchers from Websense have caught Google carrying ads punting rogue software that secretly installs malware on the PCs of its users.

Recent Google searches for Winrar turned up sponsored links that offer a "spyware free" copy of the widely used data-compression application. Google users unfortunate enough to download and install that software are soon exposed to a program that makes changes to their PC's hosts file. From then on, every time the users try to visit Google, Yahoo, and other popular sites, they are instead sent to an impostor site under the control of the attackers.

The operation is another testament to the resourcefulness of those running rogue software scams. Rather than relying on zero-day vulnerabilities or hard-to-execute website hijackings, they often find it easier to snare their victims through legitimate ads placed on Google or elsewhere.

"This raises some questions," Websense researcher Elad Sharf writes. "Is this problem Google's fault for not checking whether advertised links actually serve malware? Is it the miseducated user's fault for getting infected?"

Probably a little of both, but are we the only ones who find it ironic that Google's own anti-malware initiative imposes draconian punishments on smaller websites when they're caught doing the same thing? Websense, which first witnessed the scam last week, said the malicious Google links were still available when it posted this report on Sunday.

A Google spokesman said the company is in the process of removing the offending sites from its ad network. "Google is committed to ensuring the safety and security of our users and our advertisers," he said.

As a recent complaint filed by Federal Trade Commission shows, purveyors of rogue anti-virus and other software spend millions of dollars per year advertising their wares on legitimate sites - and go to great lengths to conceal their behavior. No doubt, Google isn't the only advertiser to be tricked into running malevolent ads, but as the do-no-evil company that's steam-rolling its competition in the ad industry, it's hard to believe these kind of links are still being sponsored.


Wednesday, December 17, 2008

Microsoft issues emergency patch warning for IE

Microsoft will push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.

Redmond issued advanced notice for tomorrow's fix, describing the out-of-cycle patch as protection from "remote code execution."

Unscheduled updates are pretty rare for Microsoft, stressing the potentially serious nature of the flaw. Although the last time Microsoft broke it's update cycle was in late October – it was the first time it had done so in about 18 months.

The latest zero-day vulnerability stems from data binding bugs that allows hackers access to a computer's memory space, allowing attackers to remotely execute malicious code as IE crashes, Microsoft has said.

Although the exploit was at first contained to warez and porn sites hosted on a variety of Chinese domains, the malicious JavaScript code has since spread to more trusted sites though SQL injection. The flaw is primarily being used to steal video game passwords at present, but could potentially be used to retrieve more critical sensitive data from users as well.

The vulnerability is specifically targeted at surfers running IE 7, but it's also known to affect versions 5, 6, and 8 of the browser as well. All IE users are advised to install the update.

Microsoft's emergency patch will become available Wednesday at 1 PM EST from auto-update and the Microsoft Download Center. A separate patch will be made available for those running IE8 Beta 2.


Tuesday, December 16, 2008

McColo Shutdown Lead to Malware Threat Reduction in November

Internet security firm Fortinet said that the online threats and spam level dropped significantly in the month of November 2008. The downward trend continued since September 2008 when both online threats and spam were at their peak.

According to the "November Threatscape Report" released by Fortinet, the slowdown in unsolicited e-mails and spam is not likely to continue for long and may reverse in the month of December 2008. The downward trend was initiated with the closure of ISP McColo, the biggest trend determiner. But once the malicious attackers find new replacements to host their spambots and sites, the number will increase again.

Moreover, security experts said that another reason for downfall in the number of spam and online threats during November 2008 was attackers were might busy in building and planning new attacks to launch during the holiday season when large number of people come online to shop. This planning will help in making a large number of unsuspecting users their victims.

Derek Manky, Project Manager, Fortinet, stated that spam and malware activities are expected to rise at a fast pace as the spam botnets find new hosts after closure of McColo, as reported by Security Watch on December 4, 2008. He further added that with the starting of new online shopping season, key-logging activities are likely to escalate. The upward trend has already come into the notice since the closing of November 2008.

The report also disclosed that out of 81 vulnerabilities detected in the month of November 2008, 25 were classified into high risk category. Among those 25 vulnerabilities, the top were Worm.Slammer and Trojan.Storm.Worm.Krackin.Detection, which together represented 60% of the total vulnerabilities.

Moreover, giving more details on keyloggers, Fortinet revealed that out of top five malware variants encountered in November 2008, three belonged to the family of Goldun. This family is mainly designed to track users' keystrokes which are used to steal their personal and financial details such as credit card and banking details.

The security firm further said that rising key-logging activities indicates to the preparations for online shopping during the holiday season.


Phishing Attacks Increased Alarmingly by 240%

The security firm Websense unveiled that out of every 50 e-mails, three are phishing e-mails sent by scammers, representing a month-on-month rise of 240%, or accounting for about 83% of all sent mails.

Websense observed that 90.5% of spam e-mails were containing an URL, a percentage that has never been seen earlier. Security experts justified this fact by stating that in recent times, scammers have started to deploy more sophisticated techniques to exploit the current financial crisis.

The security experts further stated that once again it is the work of a key gang of phishers that has led to this significant increase in the level of phishing attacks. Majority of the criminals use the phising kits, including a typical subdirectory dubbed "rock", designed to attract the unaware users towards the bogus websites. But once the phishing filters started seeking the word, the gang put an end to this technique.

The analysis also revealed that scammers are constantly pushing in various sophisticated packages of malicious codes, including "blended threats" that makes use of the phony images and links. These malicious contents can get installed secretly onto the victim's PC.

Further, the criminals have launched a phishing technique where an incomplete form is also able to reveal the sensitive data of the user, even if a user sends back the form to the fake website by filling in bogus details.

Earlier in August 2008, SecureWorks researcher Joe Stewart revealed the way in which an incomplete form, sent back to a site hosting Asprox botnet, resulted into further exploits of the user's browser.

Such attacks could be detected and restricted only with the help of professional expertise. They also warned the firms which are comprehensively dependent upon the internal security measures.

Moreover, the attacks are very devastating and highly sophisticated. So in lack of a strongly responding security solution, customers may witness storage capacity and bandwidth problems, slowdown in productivity, and exploitation of sensitive information.

Furthermore, a research by SANS Internet Security Centre shows that a well-designed phishing e-mail can attain a click-through rate of around 10% while that of a targeted one can exceed 80%.


Monday, December 15, 2008

Renungan Bersama

Rasulullah SAW bersabda : ".. Allah SWT telah berfirman: Aku adalah Allah. Tiada Tuhan selain Aku. Akulah Tuan dan Raja segala Raja. Aku memegang hati-hati raja di dalam tanganKu. Bila orang ramai (rakyat) mentaatiKu, Aku akan menukar hati raja-raja menjadi kasihan belas serta sayang ke atas mereka. Bila orang ramai (rakyat) mengingkariKu, Aku akan mengarahkan hati raja-raja ke arah kemarahan dan dendam ke atas mereka. Dengan demikian raja-raja akan meletakkan mereka dalam kesusahan dan penderitaan. Maka daripada kamu mengutuk mereka (pemimpin yang zalim), adalah lebih baik kembali mengingatiKu dan merayu kepadaKu supaya Aku melindungimu daripada kekejaman mereka."

Chinese researchers inadvertently release IE7 exploit code

Chinese security researchers have admitted that they inadvertently released code that might be misused to exploit an unpatched Internet Explorer 7 vulnerability.

Scripts to pull off the trick were already on sale in underground forums before the inadvertent release. Even so, anything that increases the likelihood of digital delinquents getting their hands on the exploit is unwelcome.

VeriSign's iDefense security division reports that attack code was up for sale at prices of up to $15,000 through underground forums. Prices are likely to slide following the escape of assault code from labs run by KnownSec.

Security tools firm eEye reckons the flaw has been the target of exploitation since 15 November.

According to iDefense, KnownSec made the code available after failing to realise that last Tuesday's Microsoft bulletins failed to fix the underlying vulnerability behind the bug, which revolves around IE7's handling of malformed XML tags. A explanation of what happened by KnownSec (in Mandarin) can be found here.

The flaw affects XP and Vista users, and creates a means to load Trojans or other forms of malware onto even fully patched Windows boxes simply by tricking surfers into visiting maliciously constructed websites. Thus far the attack method has been restricted to delivering game password stealers, the Internet Storm Centre reports.

Microsoft is investigating reports of attacks and considering its options. The timing of the attack in the run up to the holiday period and just after a bumper batch of eight bulletins suggests an out of sequence patch might be on order before the next scheduled Patch Tuesday, on 13 January. ®

Firefox plug-in Trojan harvests logins

Virus writers have latched onto the popularity of Firefox with a new variant on the established practice of stealing online banking passwords.

A password pinching Trojan that poses as a Firefox Plugin is doing the rounds, Romanian security firm BitDefender warns. ChromeInject-A is typically downloaded onto Windows PCs already compromised by other strains of malware.

Once installed, the Trojan sits in Firefox’s Plugin folder, activating every time the popular browser is started. The backdoor code looks for data exchanged between a compromised machine and a list of pre-programmed banking sites in Europe, Australia and the US.

Harvested login credentials are captured and subsequently posted to a server located in Russia.

More details on the bank sites targeted, along with the general behaviour of the Trojan, can be found in a write-up by BitDefender here.

BitDefender reports that incidents of the malware are “very low”, so the attack is more notable for its novelty than its potency. Malware that capitalises on the popularity of Firefox is rare, but not unprecedented.

Two years ago a spyware package that masqueraded as an extension to the Firefox web browser was spotted on the net. Like ChromeInject-A, FormSpy failed to do much harm.