TVCH FORUMS HOME . JOIN . FAN CLUBS . DONATE . CONTACT . CHAT  
 Wikia  Quick Links   TOPICS . TREE-VIEW . SEARCH . HELP! . NEWS . PROFILE
Beware of viruses!

The TVClubHouse: General Discussions ARCHIVES: Jan. 2007 ~ Mar. 2007: All Things Technical: The Help Desk: Beware of viruses! users admin

Author Message
Eeyoreslament
Member

07-20-2003

Friday, June 09, 2006 - 3:08 pm   Edit Post Move Post Delete Post View Post Send Eeyoreslament a private message Print Post    
OK so a guy I know forwarded this news story to everyone in our computer department, marveling at the people's ingenuity in infecting machines with trojans. I think it really is a new and smart way to screw with people's computers, and I just wanted to post this, to give people a heads-up, because even I would be fooled by this trick:

Security test reveals simple user flaw

A SECURITY outfit found the easiest way to crack into a company's systems was to leave a few Trojan laced USB drives scattered around the front door.

Secure Network Technologies was hired by a credit union to check the security of its network. However, employees knew that an attack was planned and were ready for it.

According to SNT boss Steve Stasiukonis it was decided to crack the company's security using social engineering. Social engineering is a hacker definition for the term "depending on the stupidity of the network users".

What SNT did was scatter 20 trojan filled USB drives around the front entrance. More than 15 of them were picked up by employees who took them inside and installed them on their machines to find out what was on them.

The specially written trojan that collected passwords, logins and machine-specific information from the user’s computer, and then emailed the company with the findings. Stasiukonis said that the attack was so simple and beat the hell out of hanging out with the smokers, sweet-talking receptionists, or commandeer a meeting room and jack into the network.

Writing here, Stasiukonis said "We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management". No security outfit ever got broke relying on the stupidity of users.


Texannie
Member

07-16-2001

Tuesday, August 22, 2006 - 3:20 pm   Edit Post Move Post Delete Post View Post Send Texannie a private message Print Post    
I think this might be one..got it in my email today

Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
Summary:
Who should receive this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege
Maximum Severity Rating: CRITICAL
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None
Tested Software and Security Update Download Locations:

Affected Software:

• Microsoft Windows 2000 Service Pack 4 – Download the update

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – Download the update

• Microsoft Windows XP Professional x64 Edition – Download the update

• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update

• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update

• Microsoft Windows Server 2003 x64 Edition – Download the update


Non-Affected Software:

• Microsoft Windows 95


Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Conclusion: We recommend that customers apply the update immediately.

© 2005 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement

Landi
Member

07-29-2002

Tuesday, August 22, 2006 - 4:35 pm   Edit Post Move Post Delete Post View Post Send Landi a private message Print Post    
GOOD CATCH ANNIE!

if microsoft wanted you to have an update it would not come in an email, it would go through their update system.

use www.microsoft.com for proof of updates!!!!!


Texannie
Member

07-16-2001

Tuesday, August 22, 2006 - 5:00 pm   Edit Post Move Post Delete Post View Post Send Texannie a private message Print Post    
thanks!

Jan
Moderator

08-01-2000

Tuesday, August 29, 2006 - 8:38 am   Edit Post Move Post Delete Post View Post Send Jan a private message Print Post    
Anti-spyware group gives AOL a telling-off
Tuesday, August 29 2006

AOL has come under fire from an anti-spyware group, which claims that some of the internet firm's software commits several of the cardinal sins of spyware.

According to Stopbadware.org's preliminary investigations into the free version of AOL 9.0, the programme can be classed as "badware" because it installs software without asking permission from the user.

"In our preliminary findings, we find that AOL 9.0 (free version) is currently badware because it installs additional software without telling the user; it forces the user to take certain actions; it adds various components to Internet Explorer and the taskbar without disclosure; it may automatically update without the user's consent and it fails to uninstall completely," the organisation said in a posting on its website.

The software installed with the AOL bundle includes AOL You've Got Pictures Screensaver, Pure Networks Port Magic, and Viewpoint Media. However, the anti spyware body said that it is not made clear enough to users that this software will be installed with the AOL programme.

It also adds favourites to the Internet Explorer list, and the AOL Deskbar to the Windows taskbar, which includes icons for AOL Instant Messenger and AOL Mail.

AOL has already responded to the charges, informing Stopbadware.org that it is reviewing the report and will take steps to address the issues raised by the anti-spyware group.

The internet firm blamed a design flaw in the uninstaller for the inability to completely remove the programme, and claimed that it was working on a fix for the problem. Reports indicate that the AOL software is a number of years old and is set to be overhauled in the near future.

This is not the first time supposedly legitimate software has fallen foul of anti-spyware organisations. In September last year, internet firm Yahoo found itself embroiled in a spyware row over its Yahoo Instant Messenger (YIM) software.

Users who downloaded the latest version of the messenger application, with voice functionality, found that they unknowingly downloaded Yahoo's Search Toolbar with anti-spyware and anti-pop-up software, desktop and system tray shortcuts, as well as Yahoo Extras, which inserted Yahoo links into the Internet Explorer browser. To avoid the extras, users needed to download the custom version of the software.

LINK

Jan
Moderator

08-01-2000

Wednesday, February 21, 2007 - 4:29 pm   Edit Post Move Post Delete Post View Post Send Jan a private message Print Post    
I just received this new virus warning by email - and I did check it out a Snopes. It is graded as real


REAL Virus warningDate: Tue, 13 Feb 2007 00:18:33 -0500


This is a REAL and Valid Warning!! Warn everyone you know through e-mail.


It is verified by http://www.snopes.com/ It surfaced Jan 29, 2007
."Warn everyone you know through e-mail not to open an e-mail with
"Mail Server Report" in the subject line. This one is real!This is a
Bad
Virus.....Please don't open!Any email with "Mail Server Report" in the
subject line is a new virus and should not be opened. It comes with an
attachment in 'zip format.' Apparently there is a Zip file attached,
so
be very leary of anything with a zip file on it. The message tells you
that a worm was detected in an e-mail that you sent out and asks you to
open and install the attachment to fix the problem.Only, it IS the
problem!DO NOT DO IT! Delete the e-mail. This is a real threat.You can
check it out at snopes:
http://www.snopes.com/computer/virus/mailserver.asp(This virus is called
Warezov W orW32.)


Costacat
Member

07-15-2000

Wednesday, February 21, 2007 - 4:50 pm   Edit Post Move Post Delete Post View Post Send Costacat a private message Print Post    
Just as an FYI... this is an older virus. It's been around since at least the fall of last year. It's offically known as W32.Stration.AC@mm at Symantec.

Two things... if you have updated your antivirus definitions, you'll be safe (you'll receive a notification that you've received a virus). This virus was identified and virus defs were updated in September.

Finally, although this virus is in the wild, it's got a relatively low infection rate.

Second, never EVER open a zipped file from anyone unless you know and trust that person, and are expecting a file.

Jimmer
Moderator

08-30-2000

Wednesday, February 21, 2007 - 9:53 pm   Edit Post Move Post Delete Post View Post Send Jimmer a private message Print Post    
Second, never EVER open a zipped file from anyone unless you know and trust that person, and are expecting a file.

Good advice and I think that is an important part of this statement. Even a trusted friend could accidentally pass along a virus to you, so make sure they are deliberately sending an attachment.