The Internet Safety Database Official Blog

How to Send Anonymous Email and Encrypt Messages | eHow.com

2009-09-02T10:20:00.001-07:00

How to Send Anonymous Email and Encrypt Messages | eHow.com

Shared via AddThis

Makes you wonder.....

2009-04-18T12:56:00.000-07:00

According to Sophos anti-virus more than one in ten Windows users have not updated their systems with the Conficker patch. Says Sophos, "We would have hoped that computer users would have woken up to the threats and installed this patch." Seriously people, what are you waiting for? Conficker is no joke.

Take what just happened in Texas as an example. The newest variation of Conficker, Conficker e caused the Texas Department of Public Safety's computer network to crash. It can effect vulnerable individual users just as easily.

A common, and potentially dangerous misconception that people have is that the makers of Conficker intended to do their worst on April first and since nothing major happened that the threat is over. The significance of April first to the virus was only that it should have begun checking for updates on that date. Keep in mind that it's creators can wreak havoc on any given date via their bot-network and affiliated spam networks.

Amazingly, recent Twitter worm author Michael "Mikey" Mooney has been offered jobs from two Internet security firms so far. This brings to mind the troubling trend of employers encouraging hackers by offering them jobs.

The Conficker bot-net may be smaller than initially thought, according to Kaspersky Labs. When scanning the P2P network for Conficker chatter recently only 200,652 unique IPs were detected. I would caution however that this does not mean that the network is actually that small. It's more likely that the IPs communicating are infected with the latest strand of Conficker, Conficker e. If you need more info on these updates there is a Google Search bar to the right for your convenience.

News agencies, sigh

2009-04-15T09:25:00.000-07:00

So many news agencies repeat incomplete information these days. I think it's because they don't really understand the content that they are trying to get across. One good example of this is here. Gretchen Ross, a reporter from the Tri-State area actually told readers of her news blog that "Champion Computers suggests investing in spyware like AVG...". How many readers is she confusing by misquoting an expert? Sure, the vast majority of users would understand that it's a typo but the article as is would still give the creators of Conficker a good chuckle.

In other news, here's a list of scareware programs that Conficker can download to an infected computer and/or that swindlers have created to take advantage of the Conficker epidemic. These programs will pretend to do a scan of your computer and will then ask for money. The complete list (as of now) is:
Spyware Protect 2009
Antivirus 2009
Malwarecore
Xp Defender
WinSpywareProtect
XPDefender

These programs, if you have them, will give off almost constant pop up alerts that your computer is infected and is ironical a sure sign that you are indeed infected with Conficker. If this is happening to you DO NOT give these people money. For an in depth article on how to scan your computer for Conficker for free, click here. For a good article on how to determine whether your computer or network is infected by Conficker, if your anti-virus software is not working, click here.

Conficker Bot Net Spewing Spam

2009-04-14T10:10:00.000-07:00

According to Russian anti-virus firm Kapersky Lab the Conficker bot-net has begun sending millions of spam messages to unsuspecting users of the world wide web. So far the ads are for pharmaceuticals and subject lines read as follows:
"She will dream of you days and nights!", and
"Hot life -- our help here. Ensure your potence today"

Almost every message is using a unique domain which means that these messages will likely get through your spam filter. Remember to use disposable emails whenever filling out Internet forms to reduce the number of new sources of spam. This is very important. More on how to do that here.

Interestingly most of the domain's are located in China, according to Kapersky spokesperson Alex Gostev. The new version of Conficker, being labelled "Conficker e" is installing the spam bot Waledec, which is responsible for the great flood of spam. Waledec is a large bot-net in it's own right and it now appears as if the two virus networks are working in conjunction.

Conficker's newest instruction, which include orders to connect to Ebay, MySpace, MSN,CNN, and AOL for purposes unknown is time based. Apparently the new instructions are set to expire on May 3rd. The reasoning for the date is unknown.

The new binary was introduced into Conficker's bot-net via an encrypted P2P transmission, indicating that the network can indeed spread and receive instructions in this manner. This update instructs the bot-net to scan for more computers that have not been patched. Users of pirated Windows versions are especially vulnverable.

I know this is a long shot but if you know who is behind the attacks you can send the authorities an anonymous and encrypted email. Learn how to do here.

This video is a bit dated at two weeks old but it is still very informative. There is a Google search bar to the right if you need quick access to more information.

They call you Google Dorks..

2009-04-13T09:54:00.000-07:00

Google Dorks. That's what they call you if you've left sensitive data available for Google's bot to see and index. These "Google Hackers" use long, complex and very specific search strings in Google's search engine to find this information right in Google search results. While fortunately it is very difficult to find data for specific individuals this way they can find passwords, bank account numbers, credit card numbers, etc for random individuals. These data miners don't need to find many victims to show a huge profit.

Don't believe me? I'll give you a few search strings to try out.

intitle:”Index of” .mysql_history

This search string reveals commands that were executed against a mysql database. These files can contain passwords and other sensitive data. These webmasters don't even realize that they have allowed Google to crawl and index this file. Here's another one:

“SnortSnarf alert page”

SnortSnarf is an intrusion detection software. Snort has the distinct bad habit of creating web pages that show exactly what the hacker tried to do and when, and from what IP. A savvy Google Hacker can find these reports with Google Search. In all circles tactical it is considered a bad play to let the enemy know exactly what you know about them. All that this is going to do is allow the hacker to fine tune his attacks. Why give the hacker feedback? Here is a page from Snort showing a logged attack.

One more example? Ok. Try this:
inurl:phpSysInfo/ “created by phpsysinfo”

This statistics program allows the admin to view critical webserver data. If the admin is foolish enough to allow Google to index this page then the hacker can get data on the actual server IP address, hard drive brands, server memory usage, bandwidth use, what type of USB device is used, etc. This is an example of an actual report gleaned from inputting the above search string to Google.

So how do you ensure that sensitive data is not being indexed by Google? Just stick around, I'm currently writing an article for Ehow that will show exactly why this happens and how to prevent it. You may want to subscribe so that you don't miss it. I'll be linking to it via the Internet Safety Database. You'll find a link to the I.S.D to the right of this post.

The video below shows some harmless 'hacks' that are more commonly done for fun. I've posted some more videos at the Internet Safety Database.

The hackers that you should be aware of are not using these harmless search strings. They are using more like the one's I've outlined above. Stay tuned, I'll show you how to ensure that you aren't leaking sensitive data in no time.

StalkDaily worm created by 17 year old

2009-04-12T17:01:00.000-07:00

That's right, according to LiveCrunch 17 year old Mickey Mooney admitted to writing and releasing the worm out of boredom. You can search Google via the search bar to the right for more information.

Virut is still circulating in the wake of conficker. This virus has been circulating around the web for a few weeks now. Though not viewed as being as dangerous as Conficker, Virut can still cause serious problems. The primary effect that Virut has on an infected system is that it causes executables to fail. An infected program will no longer function. You can catch Virut by simply visiting a web page so be sure to have your web guards on. Avast! seems especially adept at catching it on the way in. Once infected, a computer can spread Virut to any vulnerable computer on your network.

Conficker has infected Twitter!

2009-04-12T13:51:00.000-07:00

According to many media outlets the virus has infected the Twitter network and is infecting thousands of unsuspecting users. It is being reported that the source of the virus is the website Stalkdaily.com. If you are using Twitter DO NOT click on any links from this website. Be aware that you can also be infected by visiting the profile page of infected users according to TechCrunch.

The worm is using Twitter as a relay server, sending out tweets to it's members with links to the infected site. Best advice is to clear your cookies, change your password and then log out of Twitter. I'd stay away from it for at least a few days. Once you do re-enter the site delete any messages that refer to Stalkdaily.com to help stop the spread of the worm. See the post below for a link to an article on how to scan your computer and network for free. You can also use the Google Search bar to the right to get more info on this.

Conficker strikes again

2009-04-12T13:11:00.000-07:00

Sigh, more than 700 computers at the university of Utah are confirmed infected with Conficker. I'm thinking that they probably had the patch from Windows installed; this really underscores the importance of limiting access to your systems via thumb drives and other removable media. Conficker C can spread this way quite easilly.

Interestingly enough news is trickling in that supports my theory about the makers of conficker being the same people that are creating these fake anti-virus software programs. Researchers have found a fake program in Conficker infected computers. The fake program is called Spyware Protect 2009 and it offers to clean the infected system for a $50. You can read the full story here.

The nasty worm finally updated today. According to the researchers it's aim is to infect another 3 million within the next few days.

First Post-Fake Anti-Virus Products In The News

2009-04-12T11:48:00.000-07:00

That's right, apparently companies are springing up left and right to take advantage of fear generated by conficker and worms like it. Sometimes I wonder if these worms are created just for that purpose, so their creators can make some money on the back end. Anyway you can find out how to get the latest anti-conficker/anti-virus scanner from the guys at McAfee here. And oh yeah, it's free. It was released as an emergency measure to help stop the spread of the worm. You can get the full story about the fake anti-virus programs here.