User Rating Poll

Wednesday, June 20, 2012

Microsoft has issued an emergency security patch (Flame malware)


Microsoft has issued an emergency security patch (Flame malware)

June 4, 2012 — bluecollarpc


Microsoft has issued an emergency security patch (Flame malware) (FIX LINK!)

DOWNLOAD FIX: (OR at RUN Windows Updates)
Microsoft Knowledge Base Article 2718704
http://support.microsoft.com/kb/2718704

Fw: US-CERT Current Activity – Unauthorized Microsoft Digital Certificates
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1777
This document can also be found at
http://www.us-cert.gov/current/#microsoft_unauthorized_digital_certificates

INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128

——–
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2718704
Published: Sunday, June 03, 2012
Version: 1.0
Affected Software and Devices
This advisory discusses the following affected software and devices.
Operating System
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Affected Devices
Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5
———-

WARNING!
Flame malware hijacks Windows Update to spread from PC to PC
Ars Technica
The Flame espionage malware targeting Iranian computers contains code that can completely hijack the Windows update mechanism that Microsoft uses to distribute security patches to hundreds of millions of its users, security researchers said Monday….
http://arstechnica.com/security/2012/06/flame-malware-hijacks-windows-update-to-propogate/

INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128

Homeland Security warns businesses about new cyber weapon
Examiner.com
Webroot said they first encountered a sample of Flame malware in December 2007. Researchers believe Duqu may have been created in August 2007. The first variant of Stuxnet did not appear on computers until June 2009. Cyber security experts at Kaspersky …
http://www.examiner.com/article/homeland-security-warns-businesses-about-new-cyber-weapon

Microsoft certificate used to sign Flame malware, issues warning
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980

=========

Cover Story: Cyber spy program Flame compromises Microsoft security system
http://news.yahoo.com/cyber-spy-program-flame-compromises-key-microsoft-security-170651458–abc-news-topstories.html

Microsoft certification authority signing certificates added to the Untrusted
Certificate Store
3 Jun 2012 5:55 PM
IN FULL:
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
“Today, we released Security Advisory 2718704, notifying customers that
unauthorized digital certificates have been found that chain up to a Microsoft
sub-certification authority issued under the Microsoft Root Authority. With this
blog post, we’d like to dig into more technical aspects of this situation,
potential risks to your enterprise, and actions you can take to protect yourself
against any potential attacks that would leverage unauthorized certificates
signed by Microsoft
We’d also like to share how this issue relates to a complex piece of targeted
malware known as “Flame”. As many reports assert, Flame has been used in highly
sophisticated and targeted attacks and, as a result, the vast majority of
customers are not at risk. Additionally, most antivirus products will detect
and remove this malware. That said, our investigation has discovered some
techniques used by this malware that could also be leveraged by less
sophisticated attackers to launch more widespread attacks. Therefore, to help
protect both targeted customers and those that may be at risk in the future, we
are sharing our discoveries and taking steps to mitigate the risk to
customers….. “
IN FULL
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx

RELATED LINK
Security Advisory 2718704,
http://technet.microsoft.com/en-us/security/advisory/2718704

=========
Microsoft certificate used to sign Flame malware, issues warning
ZDNet (blog)
By Zack Whittaker | June 4, 2012, 6:04am PDT
Summary: Microsoft has issued a security advisory warning and a high-priority update after parts of the Flame malware were signed with Microsoft-issued certificates. Microsoft has issued an emergency …
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980
=========

OLDER

Term of the Day: Flame Virus
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1743

Flame Malware: All You Need to Know
Network World
Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a …
http://www.networkworld.com/news/2012/053012-flame-malware-all-you-need-259713.html?hpg1=bn

FAQ: Flame, the “super spy”
The H
by Jürgen Schmidt The spyware worm Flame is being billed as a “deadly cyber weapon”, but a calmer analysis reveals it to be a tool by professionals for professionals that doesn’t actually have that many new features compared to, say, the widespread …
http://www.h-online.com/security/features/FAQ-Flame-the-super-spy-1587063.html

Flame: Trying to Unravel the Mystery of ‘Sophisticated’ Spying Malware
PBS
Reportedly capable of taking computer screenshots, logging keystrokes and even listening in on office conversations, malware known as “Flame” is grabbing international attention after appearances in Iran and elsewhere in the Middle East….
http://www.pbs.org/newshour/bb/science/jan-june12/theflame_05-30.html

New malware Flame said to be “the most complex threat ever discovered”
allvoices
By arkar
If reports are to be believed, a malware identified as Flame has, for the past two years, been collecting private data from such countries as Iran and Israel and is being described as “one of the most complex threats ever discovered…..
http://www.allvoices.com/contributed-news/12267165-new-malware-flame-detected-said-to-be-the-most-complex-threat-ever-discovered

Flame ‘first Windows-based malware ever observed to use Bluetooth’
CSO (blog)
Despite all the hype I’ve complained about these last few days regarding Flame, there is some interesting research from the vendor community worth noting here,
including the malware’s affinity for Bluetooth. Symantec sent me the details in an email …
http://blogs.csoonline.com/malwarecybercrime/2203/flame-first-windows-based-malware-ever-observed-use-bluetooth

Don’t Get Burned By ‘Flame’ Malware Attack
PCWorld
Weighing in at 20 megabytes, and somewhere around 750000 lines of code, Flame is much closer to a commercial application like Microsoft Word, or Intuit’s Quicken than it is to the vast majority of malware attacks out there. The question is should you …
http://www.pcworld.com/article/256499/dont_get_burned_by_flame_malware_attack.html

UPDATE EDIT…..
Flame malware made to self-destruct after discovery —Symantec
GMA News
Shortly after it was discovered and made public, the “Flame” (or “Flamer”) malware, which security vendors have described as a potent super cyber-weapon, received a command from its creator to self-destruct. According to security vendor Symantec, …
http://www.gmanetwork.com/news/story/261076/scitech/technology/flame-malware-made-to-self-destruct-after-discovery-mdash-symantec
 
Flame authors order infected computers to remove all traces of the malware
Computerworld
By Lucian Constantin IDG News Service – The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis …
http://www.computerworld.com/s/article/9227876/Flame_authors_order_infected_computers_to_remove_all_traces_of_the_malware
 
Flame gets suicide command
Register
By Richard Chirgwin 
The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command. According to Symantec, some command-and-control machines have sent …
http://www.theregister.co.uk/2012/06/07/flame_suicide_command/

Posted by at No comments:

Users Asks: Signs of a backdoor Trojan ?


Users Asks: Signs of a backdoor Trojan ?

March 28, 2012 — bluecollarpc
Hello all…. I go by the handle of ‘antibotnet’ at Yahoo Answers > Security. Here is a helpful question and answer I thought to share…

QUESTION:
Signs of a backdoor Trojan?
If i had a backdoor intruder on my machine what would i notice to make me suspicious?
http://answers.yahoo.com/question/index?qid=20120328132628AA1JHMk

MY ANSWER:
In older days going back at least five years ago and more, malware was practically always obvious as to “something seems to be running in the background”. This is because computers were much smaller and specifically with RAM Memory which is kind of a cache of memory used by like all the start up programs you see the little icons for down in the lower right system tray and running programs. RAM Memory was very small at the release of Windows XP (2001) which it was common as from the factory at 256K RAM. This led to the famous coined phrase “512M RAM Upgrade” which was simply adding another 256M RAM memory stick inside the computer, a snap in.

Today it is common to see 1Gig RAM as small and inefficient and probably on now legacy left over com puters for sale. Most new ones are beginning at 2Gig RAM which is 8 times the size as the above XP example at 256M RAM. 3Gig of RAM is quite common place now in new PCs and 4Gig RAM but with expandable to a whopping 8 Gigs !! !

That being said – and adding the upgraded processors that are now dual and quad processors with much higher speeds as standard equipment and being on broadband leaving dial up in the dust as a 56K connection compared to 1M and up to 4G broadband/dsl connectivity speeds – all that being said, it is not that easy at all to ‘SUSPECT SOMETHING RUNNING IN THE BACKGROUND because the PC navigation has bogged down time to time when you are not running stuff.

((NOTE: What of malware bogs down the system ? Spyware that is broadcasting out – copied files, screen snapshots, keylogger data, etc. Mass-mailing worm. Downloader Trojan or Rootkit that are installing more malware. Full blown Botnet Infection that may contain all of the above plus has added some P2P (peer to peer) software and is using the machine to not only download and upload piracy software and files – but also is continually spewing illegal crimewares as viruses and worms and spywares etc.)))

Like you are not mega multi-tasking with like 4 programs open and running. You might have one thing open you are doing and in older days when you additionally where navigating around the system like opening another program or additionally starting up a new email – suddenly the whole system almost would go to a crawl – bogged down navigation, terribly.

THAT was a sure sign there was malware running in the background and generally as spyware or a worm such as a spam worm emailing everyone in an address book of email addresses on the computer.
Backdoor threats as Trojan Downloaders are actually more newer in malware somewhat well after the middle of this past decade. As comparison, these were virtually unheard of going back 7 years and further. Again, because of the larger computer sizes and upgrades – it is much, much more difficult to simply sense a malware as these running in stealth, not naked to the visible eye.

The best thing to do is simply install and use quality antimalware that has both antivirus and antispyware and Real Time Protection processes. Adding a personal software firewall aids that too. Perform Full Scans at least once a week !

What would make you suspicious ? IDTheft, new malware installed and not knowing how – are two suspicious symptoms of backdoor threats. This is what they do.

SEE:
Glossary of Malware
http://www.westcoastlabs.org/
Backdoor – A Backdoor is a secret or undocumented way of gaining access to a program, online service, computer or an entire computer network. Most Backdoors are designed to exploit a vulnerability in a system and open it to future access by an attacker. A Backdoor is a potential security risk in that it allows an attacker to gain unauthorized access to a computer and the files stored thereon.

Source(s):
Threats FAQs
Threats Frequently Asked Questions
http://bluecollarpc.us/Threats_FAQs.html
How to Remove a Backdoor Trojan Computer Virus
http://www.ehow.com/how_5164888_remove-backdoor-trojan-computer-virus.html
Backdoor Santas
http://www.bleepingcomputer.com/tutorials/tutorial41.html
Backdoor.Trojan | Symantec
http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99
Trojan Downloader Featured Articles
http://www.ehow.com/trojan-downloader/

Posted by at No comments:

User Question: Should I disable updates then update programs when necessary?


User Question: Should I disable updates then update programs when necessary?

March 28, 2012 — bluecollarpc
Hey all…. I go by the handle of “antibotnet @ yahoo.com” at Yahoo Answers > Security. Here is a new question I am blogging as answer contents are pretty standard ven as a “form answer” for these type standard questions you meet over and over again, all slightly different:

Should I disable updates then update programs when necessary?
“I’m a rookie network administrator. I sysprep my machines twice a year on a schedule. I’m thinking this time I should lock down the usual but also disable all updates from all software and Windows 7. When an update comes along that is worthy I can then update the machines individual. Last time I used GPO it uninstall all the programs instead of installing them. Very odd. I’ve heard it is “unsafe’ to not always update your OS but I’m thinking almost everything were using is web-based. What do you all think?
Note: I will always let AVG update. “
FULL:
http://answers.yahoo.com/question/index;_ylt=AnyXcm_aRycJOo1WdNm9.Ksw5XNG;_ylv=3?qid=20120328130039AAzYR2o

This is very specific to your network usage in security and allowances. Anywhere from a Home Network all the way up to Home/Small Business (and anything in between) is indicated and you were not specific. Generally, I don’t know anyone that would give away this type consultation for free, as generally IT Security et al freelancing can start with a preliminary environment evaluation at price, (which is what I do) adding hourly flat fee starting at $150.00 and then a contract price for specific services rendered — which is apparently what you are seeming to ask for free – a Preliminary Environment Evaluation, or onsite impression of existing set up.

TIP: Basically as far as computer security, the general recommendations are all things up to date all the time. Security Updates are not eye candy. They are for specific necessary defense which left undone can cause a liability for you personally according to whatever the network usage is. SEE the infamous JiffyLube case whereby they were held responsible. That should put you in the right frame of mind and away from bad disingenuous advice.

TIP: Windows Updates have historically not been found at fault at all when applied when some programs/softwares may have been “broken”. This has been historically the software creator(s) fault – NOT Microsoft Windows Updates. That is one example of less than acceptable IT people that ignorantly always chronically blame Microsoft for all the “woes” that are, in reality, virtually always self made or lax third party softwares faults.

TIP: Security wise – ALL softwares are to be up to date ALL the time with vendor updates. Secunia PSI is excellent. Installed softwares are a “SOFT TARGET” for cyber criminal crimewares now to gain entry into the system or network.

Have Hardware Firewalls been activated additionally – and as well in modems ?

NOTICE: Security Updates via Windows Updates are ONLY sent out each Second Tuesday of the month (if any, usually are) which has been dubbed “Patch Tuesday”. If there is an Emergency Patch such as for a new “zero day threat” – these are issued as soon as ready – immediately – as an “OUT OF CYCLE PATCH” as an emergency patch.

IMPORTANT: It is difficult to determine your “twice yearly” updating mentioned as you did not give specifics. Try and be very particular and clear about items with detail. If you meant Windows Updates – well as you can see, and as you mentioned, you are definitely a “rookie network administrator ” as you say and the PCs in network are most likely in severe need of upgrading immediately.

If you meant OS (operating system) Upgrades twice yearly – that does not make sense as these Upgrades have been the releases of XP, Vista, Windows 7 and then 8 – as example and years apart, not occurring ” twice yearly”.

ADVICE: Considering cyber events as corporate “Blended Threats” , CEO type Phishing targeting, bots, I would re-evaluate your “security solution” mentioned as bi-yearly patching and AVG Business. There are a good handful of products well above in quality and documented defense such as Trend Micro for one. You can be polite to a mutt – but will it defend you as completely as a well trained thorough bred ? Or run away squealing and yelping ?

Source(s):
http://en.wikipedia.org/wiki/Group_Policy
http://support.microsoft.com/kb/302577

Posted by at No comments:

How To Use HiJackThis to find Malware infection Part One


How To Use HiJackThis to find Malware infection Part One

March 16, 2012 — bluecollarpc
How To Use HiJackThis to find Malware infection Part One


HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17

RUNNING A HJT LOG ANALYSIS PART ONE
There is always this need to review this magic utility – how to use it responsibly and SAFELY.
( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )
If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.

HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.

IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH
If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.
This may delete the executable file and possibly a “run” registry key, etc.
It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.

In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.

That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.

Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.

PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File

Posted by at No comments:

Friday, February 24, 2012

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)
February 23, 2012 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2012/02/23/dnschanger-malware-removal-notes-show-all-internet-goes-dark-march-8/


DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

BELOW IS MOST OF WHAT THE AVIRA TOOL IS DOING WITH A CLICK ….

Tool available for those affected by the DNS-Changer
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199
The Truth About the March 8 Internet Doomsday
http://www.pcworld.com/article/250296/the_truth_about_the_march_8_internet_doomsday.html#tk.nl_spx_t_cbintro
US-CERT Current Activity – DNSChanger Malware
http://www.us-cert.gov/current/index.html
http://www.us-cert.gov/current/index.html#operation_ghost_click_malware

Hi all….. one area that is common with this area of malware changes is malware getting into the PC and changing “Hosts Files” for a redirect usually to more malicious websites for nefarious reasons. There are more key words for search such as “IP Spoofing” and “DNS Cache Poisoning” …
http://www.webopedia.com/TERM/I/IP_spoofing.html
http://en.wikipedia.org/wiki/DNS_cache_poisoning

This is off the cuff but from years of experience with the “badware” as it is sometimes called for a universal term covering all and all they do. I am throwing an educated guess at the payload involved and may even involve some variants or residuals on individual basis per handfuls here and there of hundreds to thousands of personal computers. A Botherder or Botmaster is a Command and Control console type arrangement the culprit (s ) runs and attempts clandestine contact to infected computers that can go into the millions – but to partially set some aside to test out how their malware payload is holding up against detection. They may have purposely infected the handfuls with variants of the payload in an attempt to resurrect the whole episode all over again. They (cyber criminals) have become very, very sophisticated anymore. Any phrase like “doomsday” today can actually be no exaggeration anymore.

The measures taken here by the FBI et al are unprecedented and on the scale of “State Sanctioned”. It has been obviously a measure not only to attempt correction and for protection of all infected computers and their users private data – but to keep internet commerce itself alive, as the loss of millions would obviously have a large effect.

I admittedly only perform some amateur forensics and would need probably days upon days upon days to do a write up for full manual removal and correction of an affected system. I most likely could find the actual payload, as there are handfuls of company online search engines for just that. But, if one has a little savvy and wants to attempt further manual removal of the malware to avoid cost at a PC Repair Shop – here are some tips. Mind you, in this case a Shop will obviously advise to reinstall Windows after completely wiping (erasing) the disk first – a common automatic procedure with a Windows CD/DVD or if you have made an Emergency CD Repair CD/DVD. (I would advise do NOT hit “Repair” but go ahead and back up all files first you wish to save and the completely reinstall Windows and THEN also scan the backed up files for malware before reinstalling to the PC now in Factory Fresh condition. )

REVIEW THIS FOR HOSTS FILES….
Blocking Unwanted Parasites with a Hosts File
http://winhelp2002.mvps.org/hosts.htm
(In other words in this area you are looking for how to Restore your Hosts Files before infection that changed them.)

How can I reset the Hosts file back to the default?
http://support.microsoft.com/kb/972034
MICROSOFT FIX IT TOOL ***** HOSTS FILES

ALSO….
How to reset Internet Protocol (TCP/IP)
http://support.microsoft.com/kb/299357

A Point of Entry and Attack is the firewall that may even have been circumvented.
Tunneling to circumvent firewall policy
http://en.wikipedia.org/wiki/Tunneling_protocol#Tunneling_to_circumvent_firewall_policy
You may want to uninstall it and clean up left over files and registry
entries (Registry Cleaner) … Here is about the best and indeed they have finally released a free home version ….
PowerTools Lite 2011 [Genuine Freeware] - The Freeware Registry and System Cleaner
http://www.macecraft.com/powertoolslite2011/
(Which is of course by the famous jv16 PowerTools – by far the top recommended for a decade, about. )

YUCK… one more area to review….
TCP reset attack
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/TCP_reset_attack

Bottom line….Above was posted for review, and hastily, if there are still problems and if need be to mention in the event of a necessary trip to the PC Repair Shop. Attempt recommended Avira Tool in these emails as advised. Check out the US CERT links if needed or as double check after Avira clean up – there is a link for detection at the FBI sight for anyone fearing infection I believe. (Avira has consistently had one of the best detection/blocking/removal ratings for years – visit VirusTotal).

AS I SUSPECTED THERE ARE MANY VARIANTS …… LIST (omg There are 23 variants presently ! ! ! – (Absolutely a Shop will advise to reinstall Windows without batting an eye)

*COMPUTER ASSOCIATES*
SOURCE / ONLINE SEARCH ENGINE AND TYPE IN “DNSChanger” as malware payload
look up…
CA Spyware Information Center (Search Engine)
http://www3.ca.com/securityadvisor/pest/
CA Spyware Information Center search engine (ComputerAssociates, makers of PestPatrol and many security wares)
(*Malware search engine look up is top right)

SEARCH RESULTS: (hot links at results link for each below)
http://www.ca.com/us/search/default.aspx?q=dnschanger&sk=findthreat&backUrl=http%3A%2F%2Fwww.ca.com%2Fus%2Fspyware.aspx

1 DNSChanger B – CA Technologies Quick View
Description: DNSChanger B
Size: 36 KBDate: 01/09/20072 DNSChanger P – CA Technologies Quick View

Description: DNSChanger P
Size: 36 KBDate: 02/22/20123 DNSChanger P – CA Quick View
Description: DNSChanger P
Size: 50 KBDate: 11/20/20094 DNSChanger G – CA Technologies Quick View

Description: DNSChanger G
Size: 37 KBDate: 02/19/20125 DNSChanger C – CA Technologies Quick View
Description: DNSChanger C
Size: 36 KBDate: 04/19/20076 DNSChanger S – CA Technologies Quick View

Description: DNSChanger S
Size: 36 KBDate: 02/22/20127 DNSChanger U – CA Technologies Quick View
Description: DNSChanger U
Size: 36 KBDate: 01/29/20108 DNSChanger T – CA Technologies Quick View

Description: DNSChanger T
Size: 36 KBDate: 01/29/20109 DNSChanger M – CA Technologies Quick View
Description: DNSChanger M
Size: 36 KBDate: 02/21/201210 DNSChanger L – CA Technologies Quick View

Description: DNSChanger L
Size: 36 KBDate: 07/17/200911 DNSChanger – CA Technologies Quick View
Description: DNSChanger
Size: 36 KBDate: 06/14/200612 DNSChanger r – CA Technologies Quick View

Description: DNSChanger r
Size: 36 KBDate: 02/21/201213 DNSChanger I – CA Technologies Quick View
Description: DNSChanger I
Size: 36 KBDate: 02/20/201214 DNSChanger azf – CA Technologies Quick View

Description: DNSChanger azf
Size: 36 KBDate: 02/20/201215 DNSChanger H – CA Technologies Quick View
Description: DNSChanger H
Size: 36 KBDate: 02/19/201216 DNSChanger E – CA Technologies Quick View

Description: DNSChanger E
Size: 37 KBDate: 11/26/200717 DNSChanger D – CA Technologies Quick View
Description: DNSChanger D
Size: 37 KBDate: 02/19/201218 DNSChanger k – CA Technologies Quick View

Description: DNSChanger k
Size: 36 KBDate: 08/04/200819 DNSChanger A – CA Technologies Quick View
Description: DNSChanger A
Size: 36 KBDate: 07/29/200820 DNSChanger ayy – CA Technologies Quick View

Description: DNSChanger ayy
Size: 36 KBDate: 02/05/201221 DNSChanger arn – CA Technologies Quick View
Description: DNSChanger arn
Size: 36 KBDate: 03/11/200822 DNSChanger aum – CA Technologies Quick View

Description: DNSChanger aum
Size: 36 KBDate: 03/11/200823 DNSChanger F – CA Technologies Quick View
Description: DNSChanger F
Size: 37 KBDate: 02/19/2012

——–>
BASIC PAYLOAD…..

DNSChanger
Date Published:
Wednesday, June 14, 2006
Alias
W32/Backdoor.KGE [F-Prot Antivirus]
Overall Risk : HIGH
Category
Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user’s account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Date of Origin
date of origin: Variants from September, 2009 to September, 2009
Operation
DNSChanger: at least DNSChangerKB

Files:
[tn]dnschanger.exe
2701526
hgqhp.exe
kdrgh.exe
virtue_7884154
kdrgh.exe
hgqhp.exe
[tn]dnschanger.exe

WEBMASTER / http://www.bluecollarpc.us/



PS – a quality real time protection antimalware installed no doubt would have blocked this infection and variants to date. Cyber Crime Units have about the rest of all information needed no doubt by now with professional forensics performed.


Rate this: Share this: Twitter

Like this:LikeBe the first to like this post. Posted in ANNOUNCE, BlueCollarPC WordPress Blog. Tags: antispyware, antivirus, bluecollarpc blog, botherder, botmaster, botnet, botnet infection, Computer Health, computer maintenance, Council of Europe Treaty on Cybercrime, crimeware, cybercrime, DNSChanger, DNSChanger detect, DNSChanger fix, DNSChanger remove, fix, Forensics, IDTheft, infection, novice user, optimum performance, patch fix update, patches, pipelining, rogue, security, security products, zombie, zombie network. Leave a Comment »
Posted by at No comments:

Wednesday, February 22, 2012

Recommended Settings and use of CCleaner – Temporary Internet Files Clean Up Browsers, Applications

Recommended Settings and use of CCleaner – Temporary Internet Files Clean Up Browsers, Applications
January 14, 2012 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2012/01/14/recommended-settings-and-use-of-ccleaner-temparary-internet-files-clean-up-browsers-applications/

Recommended Settings and use of CCleaner – Temporary Internet Files Clean Up Browsers, Applications

TO CLEARN TEMPORARY INTERNET FILES IN ALL BROWSERS GET CCLEANER….

CCleaner – Wikipedia, the free encyclopedia (very popular, safe, freeware/donate)
CCleaner supports the cleaning of temporary and unneeded files from certain …
http://en.wikipedia.org/wiki/CCleaner
CCleaner http://www.ccleaner.com/

ADD FOR FIREFOX….
BetterPrivacy :: Add-ons for Firefox
https://addons.mozilla.org/en-US/firefox/addon/6623
Customize Firefox, Thunderbird, and other Mozilla products with thousands of … Better Privacy serves to protect against not deletable long term cookies,…. http://addons.mozilla.org/
 ….deletes flash cookies that none others generally delete. Cookies
should only be given session cookies permissions as a privacy and security issue (cookies have been broken into by malwares) and only if necessary.

CCLEANER SETTINGS / RECOMMENDED CLICKS

( CCleaner is for newbies and is indeed a Power User software utility for the advanced user as well ! )

****THERE ARE TWO SETTINGS COLUMNS – REVIEW *****

**** WINDOWS TAB / TOP

WINDOWS….
# Check all for Internet Explorer (ALL ! )

WINDOWS EXPLORER
# Recent Documents, Search Autocomplete, Other MRUs
(Do NOT click Network Passwords as no doubt this will keep deleting any Router type passwords in the system and you will have to keep typing in the Network Security Key (router password) each use.

SYSTEM
# Empty Recycle Bin (IF you are sure you do not need to recover mistaken deletions here. Be sure or do NOT check and simply open Recycle Bin and delete manually)

# Clipboard
# TEMPORARY FILES IS SPECIAL….. CCleaner only deletes these after they show as 2 DAYS OLD or older. IT IS BEST TO NOT CHECK THIS UNTIL THERE HAS BEEN AT LEAST A COUPLE AND MORE DAYS AFTER EACH SOFTWARE INSTALLATION OR MAJOR CHANGES TO THE SYSTEM SUCH AS WINDOWS UPDATES.

Instead you can click this and then DO NOT CLICK RUNCLEANER BUT RATHER CLICK “ANALYZE” which will not delete anything but scan and present what is available for deletion. If you see anything under around 100M size of files you are okay. UNLESS you have the Windows Updates icon in the bottom tray that says you have Updates to install – THEN anything over 100M size files total present may indicate malware present and has been running for awhile creating these.

PLEASE READ THIS ENTIRE BLOG TO KNOW WHAT AND HOW TO USE THIS….
Temporary Internet Files – Windows Temp Files, Safe To Delete ?
January 14, 2010 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2010/01/14/temporary-internet-files-windows-temp-files-safe-to-delete/

ADVANCED
# DO NOT CHECK ANYTHING IN ADVANCED OR YOU MAY CAUSE SERIOUS DAMAGE TO
THE SYSTEM.


****APPLICATIONS TAB TOP
FIREFOX/MOZILLA
# CHECK ALL EXCEPT “Compact Databases”

APPLICATIONS
# CHECK ALL (According to what you have installed – example: Adobe Reader history)

INTERNET
# CHECK ALL (histories)

MULTIMEDIA
# CHECK ALL (histories)

WINDOWS
# OPTIONAL – You can check these or not if you wish to review using these and do not want the histories (logs) deleted.

CCLEANER – SOME MORE POWER USE CLICKS
{TIP: When using ANALYZE make sure you have clicked Run Cleaner and THEN add the items you wish to check without deleting with ANALYZE. Otherwise you will be looking at all the junk files you would normally delete anyway and will muddy the results of an Analyze scan as then you will just see the particular files you wanted to investigate WITHOUT all the other junk files added in the Analyze results.}

WINDOWS TAB TOP
—————–
SECTIONS:

WINDOWS EXPLORER
# RUN IN START MENU MAY NESS WITH START UP ORDER APPARENTLY AND WOULD BE BEST LEFT UNCHECKED

SYSTEM
# Memory Dumps, Chkdsk File Fragments
…. both of these should be left UNCHECKED as they will invariably only come into play at the rare Computer Crash event. This will inevitably create some special helpful information files of the event (annonymous) that will help Microsoft (or others involved – softwares, browsers, causes – annonymous) that may send out invisibly at the next computer start up. (There are settings in the Control Panel to turn these off or on – reports – RECOMMENDED to leave ON to be a help to all computer users for causes of these undesirable events that they may create patch/fix/updates to prevent the occasion from occurring again for all) .
(After the computer seems to be working again okay – you may want to check these and then click ANALYZE to see if there are any items here available per scan to delete safely. They would be really small no doubt in size not really affecting overall performance memory wise.)

# Windows Log Files …..are safe to delete, DO NOT click this as a regular clean up each time. These Logs are created automtically by Windows and can contain some information recent events that may be EXTREMELY HELPFUL to discover problems that can be easily fixed. Time to time the computer has been working fine would THEN be a time to ADD THIS to the Run Cl;eaner clean up. It will save nominal disk space as these are never really that big and in text only. The first clean up of these may be a large clean up as to 1M to 10M even at first run and if the computer is a couple years old. (They do pile up needlessly. ) TRY the CCLeaner Analyze first to see files size as example. OTHERWISE LEAVE UNCHECKED ! ! !

# DNS Cache, Font Cache ….. LEAVE UNCHECKED and do not use unless directed to by an at least Advanced User or Tech professional.

# Shortcuts…. DO NOT use this and simply delete those manually as many normal icons you use will suddenly disappear be using this to delete them. For power users building their own custom systems , this may be a desirable action to use this deletion feature.

ADVANCED
# NEVER USE ANY OF THESE UNLESS YOU ARE AN ADVANCED USER OR TECH PROFESSIONAL ! ! ! YOU HAVE BEEN WARNED ! ! !

AS MENTIONED CCLEANER IS NOT JUST FOR NOVICES AND VETERAN WINDOWS USERS – IT IS ALSO A PREMIUM SOFTWARE FOR ADVANCED AND TECH PROFESSIONALS USAGE (free tech help at forums, groups , lists etc. )


SENDER:
Webmaster/malware removal help
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Posted by at No comments:

How To Delete Java Temporary Files – Avoid Java Malware Exploits

How To Delete Java Temporary Files – Avoid Java Malware ExploitsJanuary 14, 2012 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2012/01/14/how-to-delete-java-temporary-files-avoid-java-malware-exploits/

As well in security it is also recommended to go to Start > Control Panel > Java and open the Java panel and click “Do Not Store Temporary Files On This Computer” ….

….Malware as well has used Java to infect computers (AND FIREFOX ! ) and can hide in these temporary files in the system. This will not affect navigation at all. These are like Temporary Internet Files and are stored for re-visit to a website to load it just a tad faster as the Temporary Internet Files are used for and stored for those reasons. These are junk/trash files completely safe to delete. (In other words when going to a website – any images and pictures and some text items are stored on the computer as well as the cookies files. When re-visiting that same website – these are uploaded from the computer rather than re-downloading then over the internet each time which makes the loading of the website page a tad faster. In real world – it is like nano seconds of no real noticeable speed to the naked eye. )
Posted by at No comments:

Delete ALL cookies ALL the time EVERY time Facebook malware reminds us

Delete ALL cookies ALL the time EVERY time Facebook malware reminds us

December 27, 2011 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2011/12/27/236/


Delete ALL cookies ALL the time EVERY time Facebook malware reminds us

Having an e-convo with a friend reminds us to always delete ALL cookies ALL the time EVERY time and all histories and temporary internet files. Simply if you are kind of new just get CCleaner which does it all and is Genuine Freeware (no ads, no adware, no spyware) and has been downloaded and used by millions and millions. You can also donate to them (freeware/donateware). LINKS AT BOTTOM….

DANGERS – - – COOKIES HAVE BEEN BROKEN INTO BY MALWARE / HACKERS HALF A DECADE AGO AND RECENTLY TOOK OVER MANY COMPUTERS THROUGH FACEBOOK COOKIES….. READ ON….

Although I am becoming an ol’ timer (LOL) without being an old timer on PC – I began at the release of XP Home Edition in the Fall, 2001. At that time, spyware and antispyware where virtually unheard of. As well, the same with personal software firewalls. All in all – of all the days and efforts and intrusions of having to install and maintain a security suite (all three – antivirus, antispyware, personal firewall) and all the great rise of infected websites and phishing and pharming sites and all the combative browser technologies – all tripping over themselves scanning everything all the time just to use a computer — well it has been quite a diminished experience of joy of use and strictly because of security. The threat of of infection continually with every breath is the annoyance of the world web, the dangers, and the earned term of cyber ghetto.

The point here – more inconvenience – is that it has been taught by the prudent in security a couple of years ago, including myself as webmaster of the BlueCollarPC.US (originally .Net), and forward to absolutely delete ALL internet tracks and cookies EVERY session of browsing per particular activity – and now to NEVER go outside of Facebook when logged into account and when logging out to completely delete ALL cookies before proceeding ANY further as Facebook connects through cookies to ALL sites that have their little plug-ins such as “Like This” everywhere on the world wide web and broadcasts EVERYTHING from your account to them in all variance.

All things considered you maintain an attitude that it is like “Pinball Wizard” – you are playing against the worst case scenario – botnets – as automatic machines. By thus shredding all possible personal information that at any time an infection may occur, is thus minimizing ANYTHING that can be immediately broadcasted by the botnet or virus or worm. As well this is minimizing their chances of malicious entry and take over. It HAS to be done.

The added “clean internet tracks” scenario of deleting ALL cookies along with surf history and temporary internet files stored from browsing is one more complete inconvenience. A couple of years ago there started the reports and findings that cookies were being broken into by malware. Recently of course has been the great catastrophe of the Facebook cookies break in and hijacking by the major botnet/worm ‘Koobface’ ….. no doubt the affected are those that play dumb ostrich with security information, alerts, and advice and recommendations – or are oblivious to events around them on the world web such as complete newbies as we all were, and there are those that refuse security products as loss of speed and those that live by the attitude that it is all phony stuff for a dollar bill or they (security products) are like internet mafia charging “milk money” (protection extortion) as the hoodlums they are to allow you on the internet and not infected for a price. Others simply refuse to spend a dime on security and try to live with the free products that offer no real time protection.

COOKIES NIGHTMARES
Koobface Variant Hits Facebook, Targets Other Social Networks…2009-03-02
Mar 2, 2009 Once installed, the worm searches for cookies created by a number of social networking sites, including MySpace.com, Hi5 Networks, …
http://www.eweek.com/c/a/Security/New-Koobface-Variant-Hits-Facebook-Targets-Other-Social-Networks/

How the Koobface Botnet Made $2 Million in a Year – Security …
http://www.eweek.com/c/a/Security/How-the-Koobface-Botnet-Made-2-Million-in-a-Year-247376/

Worms Wriggling Their Way Through Facebook
Aug 27, 2011 Malware Blog >
Worms Wriggling Their Way Through Facebook … these worms search for a string or set of strings in cookie files related to the…
http://blog.trendmicro.com/worms-wriggling-their-way-through-facebook/

Koobface Variant Hits Facebook
Mar 3, 2009 Now the Koobface worm is back again, with an eye toward stealing cookies for … Once installed, the worm searches for cookies created by a number of social … Koobface Now Using Christmas Theme – Facebook botnet risk …
http://www.pcsympathy.com/2009/03/03/koobface-variant-hits-facebook/

Facebook Cookies Work Even If You’re Logged Out
Sep 26, 2011 ….The only solution to Facebook not knowing who you are is to delete all Facebook cookies. (MORE: How the European Cookies Are Crumbling …
http://techland.time.com/2011/09/26/facebook-cookies-work-even-if-youre-logged-out-for-your-own-good/

New Web Order – Logging out of Facebook is not enough
Sep 25, 2011 The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions. Here is what is …
http://nikcub.appspot.com/posts/logging-out-of-facebook-is-not-enough

Facebook explains why it tracks you even when you’re logged out …
Sep 26, 2011 This is possible because when you log out of Facebook the associated cookies are not deleted off your machine. So, any site you visit that has …
http://www.geek.com/articles/geek-pick/facebook-explains-why-it-tracks-you-even-when-youre-logged-out-20110926/

The bottom line here is in real world when we go back to years 2001,2,3 — when a large majority of XP users and others went practically berserk over and witchhunt on spyware – we at that time would have defined Yahoo as an adware network and now we would have described Facebook as a spyware network. You visit them, use them, log into them – you get what you get, tracked – spammed – infected. As practically all decided to continue at Yahoo – well they are worst now and stay with Facebook. The practical use Safe Practices and hope for the best.

I myself have set up websites with their own lawful legal protected email list services and chat rooms too after finding out about Yahoo years and years ago – read their policies. A handful of people joined up – respecting their own privacy. Most others it seems gave it an evil eye and imagined I was some evil person with their own agenda. So I am guilty myself in returning to Yahoo and with the idea that I used to help as best I could with the very popular Yahoo destinations were so many have flocked to for help and questions (Yahoo Groups, Yahoo Answers – Yahoo Boards kind of got spammed to death). It was the only place to help people because it is where they flocked to for help being ignorant of Yahoo policy of like web beacons et al.

If this seems tooooo long or stringent on “what’s your point or trying to make” —- the whole point is especially if you have already been hit by worst offenders – by botnets and destruction of equipment or worst – ID Theft scenarios — then you go back to your first love of understanding and completely avoid these and remain as invisible as possible in the internet for the rest of your life. The flip side of that coin is the warriors and how about all the businesses. You decide to stay and help and fight your butt off against them all and take it personal that cyber crime is trying to make the world wide web their territory forever and we just ain’t gonna let that happen ! ! ! with a vengeance.

I used to use a phrase in some security podcasts I did….. “It is my soap box and I’m keeping it”.

Ooops – forgot the other point about cookies and staying logged in – “Remember Me”…..

That was a convenience that came out a decade ago. Security-wise, is the same. It is living in cave man days since about 2003-5 if actually using it (they should remove this feature worldwide). If a hacker gains entry, or malware that is remotely controlled (such as wost case scenario – botnets as “Command and Control live) – then they are already logged into your accounts conveniently and may do as they please obviously. That is why you NEVER leave any account logged into by saving log-in cookies (Remember Me) on the computer/browser. If they do not have the passwords – obviously they can not log into the accounts. You treat ALL accounts as if you were on public internet is one view to keep which you would not leave your account logged into for the next person to access.

You leave the internet the way you start up and engage it. Nothing logged into automatically or remotely. You do your session and COMPLETELY log out everywhere and erase all history. Now you can leave the internet and shut down the computer for the day – no histories, NO cookies. About ALL browsers have added this feature to completely delete histories and cookies and temporary internet files several years ago with a click to delete all when closing browser. Internet Explorer via Microsoft have unfortunately temptingly left that click that preserves favorite sites log-in cookies and delete all else. Again they have condescended from common sense and security because soooo many middle and upper middle class users bidch about it all. They allow them to sacrifice personal security for ease and convenience of use rather than loose a sale of Windows on that next computer they buy. That IS the entire Windows 7 creation and release because of all THEIR bidching over Vista and its fantabulous security abilities.

These are the dark little secrets of a majority of users in security circles and also this knowledge by the cyber criminals who coined the phrase “Socially Engineered”. Security circles still try common sense use with them including Microsoft. Such laziness…. just shaking the head.

CCleaner Links….
CCleaner – Wikipedia, the free encyclopedia (very popular, safe, freeware/donate)
CCleaner supports the cleaning of temporary and unneeded files from certain …
http://en.wikipedia.org/wiki/CCleaner
CCleaner http://www.ccleaner.com/

ADD FOR FIREFOX….
BetterPrivacy :: Add-ons for Firefox
https://addons.mozilla.org/en-US/firefox/addon/6623
Customize Firefox, Thunderbird, and other Mozilla products with thousands of … Better Privacy serves to protect against not deletable longterm cookies,…. http://addons.mozilla.org/ 
….deletes flash cookies that none others generally delete. Cookies should only be given session cookies permissions as a privacy and security issue (cookies have been broken into by malwares) and only if necessary.
SENDER:
Webmaster/malware removal help
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Posted by at No comments:

How Do I Know The Disk Has Been Fully Wiped (Privacy/Security Disk Wiper Software)

How Do I Know The Disk Has Been Fully Wiped (Privacy/Security Disk Wiper Software)
December 20, 2011 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2011/12/20/how-do-i-know-the-disk-has-been-fully-wiped-privacysecurity-disk-wiper-software/


How Do I Know The Disk Has Been Fully Wiped (Privacy/Security Disk Wiper Software)

Good orientation here …… we are talking….

Data remanence
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Data_remanence

This all depends on what and why you want to do this. If simply passing the PC on to a family member or friend and want all your data wiped off – you can use any disk wiper. It is assumed they are not going to go snooping in some manner with a file recovery software in other words. Simply erase the disk is the procedure without security being a concern.

If you are going to donate the PC or recycle it – then you should absolutely only use a military grade disk wiper (eraser). This guarantees your data is NOT recoverable. I don’t know your sources to the contrary, but that is apparently indisputable. No data period – using military grade wiping software. That’s why it is called military grade. The best available to the public is a military grade software disk wiper. [ 35-pass Gutmann uber-paranoid erasure ]

The paranoia stops here……
(Has this been circumvented ? Not to knowledge)….

“UltraSentry was designed to delete file and folder data to United States Department of Defense standards, which is why we call it a military-grade cleaning application. What does this mean? Well, many electronic files and data are highly-sensitive or private, and when deleted, the data itself still remains on the disk, making it recoverable or accessible by anyone. UltraSentry eliminates that risk by overwriting the file data repeatedly, completely destroying all traces of the sensitive file data, making it completely unrecoverable. The standards to which the data is overwritten are compliant with Department of Defense standards, and are the same standards the U.S. military and government use when deleting top-secret or proprietary electronic information.” http://www.ultraedit.com/products/ultrasentry.html

Mac PCs have this type utility built in I have read.

If you are seeking other, than I think it goes into the area of manually doing things. This is an interesting subject and I am kicking it around on some sites for information.

Of course the oldest security joke about how to never get an infection is to not plug in the computer. Along the same lines, paranoia has to enter the picture somewhere here – such as any type disk wiper can be thought to be performing a “hex dump” of the erased material to be recoverable either for the OS owner (Windows) or the Law or the actual software writer to capture any data involved as of interest for whatever reason. Paranoia can lead to manually performing the task and perhaps with a hex editor. Simply using ” 00 ” overwrite seems less than thorough enough as I have seen it recommended to use three different passes with two different sets the 00 first and last.

IF YOU ARE TALKING DISPOSAL….. PHYSICALLY DESTROY THE COMPUTER DISK…. HEALTH RISK ! …..

Learn how to effectively delete all of the data on your hard drive – and permanently

IN FULL
http://www.digitaltrends.com/how-to/how-to-completely-erase-your-hard-drive/

“….. Get Physical
Another brutally effective way to destroy data on your hard drive is to properly destroy the internal parts of the drive itself. There are several ways to do this, each of which requires physical methods of destruction that can be dangerous and may expose particles or chemicals hazardous to your health. If you are not able to maintain a safe environment, do not attempt these methods. Find a qualified company to assist.

Your data is stored on the spinning platters inside the drive. It is these platters that need targeting. Popular and effective methods for destroying the platters are: 1) industrial shredding, whereby the entire hard drive is fed into a powerful automobile-sized shredder that makes mincemeat of the drive; 2) drilling through the platters a few times with a titanium drill bit (easily found at Home Depot).

Of course, if the CIA, FSB and Mossad are all after your data, you may want to
a) selectively nuke folders and files,
b) write zeros at least seven times,
c) physically disable the drive and
d) get a safer, calmer life.

Summary

Protect your Social Security number and credit card e-bills from getting into the hands of 8-Ball Ernie down at the rehab center. Do not ruin the innocence of those kids at the community center by accidentally exposing them to the contents of your intentionally mislabeled though ineffectively deleted “Personal Budgets” folder. Make your donation of an old computer truly a win-win, good-karma situation for everyone involved. Free tools exist to perform even the most thorough cleaning of a hard drive. Use them. ….”

MORE

http://en.wikipedia.org/wiki/Anti-computer_forensics
http://en.wikipedia.org/wiki/Data_remanence
Posted by at No comments:

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)
December 9, 2011 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2011/12/09/new-portable-microsoft-releases-windows-defender-offline-tool-beta-create-bootable-cddvdusb-flash-drive/

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

Microsoft releases Windows Defender Offline tool beta
The H
Users can choose to create a bootable CD, DVD or USB flash drive
Microsoft has published a public beta of an offline version of its
Windows Defender spyware removal software, formerly known as Microsoft
AntiSpyware. Using the Windows Defender Offline …
http://www.h-online.com/security/news/item/Microsoft-releases-Windows-Defender-Offline-tool-beta-1392853.html

GET IT FREE HERE ……

What is Windows Defender Offline Beta?
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

NOTES…. A big plus here is the antimalware product runs before a bootkit can apparently, which coincides with the new security technology in Windows 8 which unfortunately has already been cracked….
” Windows 8 Boot Security Cracked”
http://www.crn.com/news/security/231903295/windows-8-boot-security-cracked.htm;jsessionid=NZjzL4QedChUWf+VUz6Tyg**.ecappj02

THREAT http://en.wikipedia.org/wiki/Bootkit#bootkit

\sarcasm\ …So Micro$oft will be passing out a free Windows Defender Anti-Bootkit USB Drive stick and a Norton CD with each new Windows 8 purchase ? ! LOL ….sounds eerily like a Microsoft apology or the
opposite being offering the same type technology for XP users as conceivably a bootkit can not run on Vista because rootkits can not.

Since Vista UAC has reportedly been cracked
https://bluecollarpcwebs.wordpress.com/2011/08/26/vista-user-account-control-uac-finally-cracked/ ;
…THEN it would seem this is indeed the next attack vector as creating the bootkit to then circumvent Vista security to attempt running the very first rootkit on Vista which means a payload described as a
“blended threat” http://en.wikipedia.org/wiki/Blended_threat ; as massive, is necessary, and will no doubt be tracked back by Cyber Security agencies (FBI et al) and the antimalware industry and possibly private citizen groups that go botnet hunting. BUT the obvious question is hot to upload the payload to Vista ? Only those that could care less about security or love to run Vista without UAC (turning it into a XP or 98 0r ME) are the ones that can even be infected with the payload to even attempt to deliver the payload and attempt reports back as to how well they did. Massive hit and miss circumstances for this ever to become reality. Since Vista has not climbed too much above 10 to 12 percent of sales seems it would be missed by this pipe dream to date.
Still, food for thought – and I am still in the “I love my Vista” crowd for life ! ! ! She will be most secure even over and above Windows 8.

REFERENCE ….

Techworld.com – Vista’s UAC spots rootkits, tests find
http://www.techworld.com/security/news/index.cfm?newsid=101583

I personally called Vista as the crown of security software for the decade (2000-2010) as the operating system itself achieving what NO other defense software did…..
QUOTES
AV-Test.org, which set out to find out how well anti-virus programmes fared against known rootkits….
The answer was not particularly well at all, either for Windows XP, or Vista-orientated products. Of 30 rootkits thrown at XP anti-malware scanners, none of the seven AV suites found all 30, a similar story to
the six web-based scanners assessed. Only four of the 14 specialised anti-rootkit tools managed a perfect score. The best of the all-purpose suites was Avira AntiVir Premium Security Suite, which found 29 active rootkits, with Norton finding as few as 18.
The anti-rootkit tools fared better, with AVG Anti-Rootkit Free, GMER, Rootkit Unhooker LE, and Trend Micro Rootkit Buster achieving perfect scores. The scores for removal were patchy, however, with all failing to remove 100 percent of the rootkits they had found.

The results for Vista products were harder to assess because only six rootkits could run on the OS, but the testers had to turn off UAC to get even this far. Vista’s UAC itself spotted everything thrown in front of it.
Only three of the 17 AV tools for Vista managed to both detect and successfully remove them, F-Secure Anti-Virus 2008, Panda Security Antivirus 2008, and Norton Antivirus 2008. That UAC can tell a user when a rootkit is trying to install itself is not in itself surprising, as Vista is supposedly engineered from the ground up to intercept all applications requests of any significance.

OTHERS ——–>
Emsisoft Emergency Kit 1.0 [FREE]
http://www.emsisoft.com/en/software/eek/
[Software collection]
Version 1.0.0.25 – 6/8/2011
Your emergency kit for infected PCs!
Detects and removes Malware
>4 million known dangers
100% portable – perfect for USB sticks
HiJackFree and BlitzBlank included

ClamWin Portable (Antivirus, more) [FREE]
http://portableapps.com/apps/utilities/clamwin_portable
Antivirus to go…. ClamWin Portable is the popular ClamWin antivirus packaged as a portable app, so you can take your antivirus with you to scan files on the go. You can place it on your USB flash drive, iPod, portable hard drive or a CD and use it on any computer, without leaving any personal information behind.
NEWS: ClamWin Portable 0.97.1 (anti-virus) Released PortableApps.com …
ClamWin Portable 0.97.1 (anti-virus) Released. Submitted by John T.
Haller on June 17, 2011 – 7:46pm. logo ClamWin Portable 0.97.1 has been released. …
http://portableapps.com/news/2011-06-17_-_clamwin_portable_0.97.1_released

Microsoft Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper
Note “beta” means it is actually still a test version with ability of feedbacks from the community for any bugs found they need to correct. It then is released as normal “alpha” version.
NEWS: Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712


SUPERAntiSpyware Portable Scanner (Antispyware) [FREE]
http://www.superantispyware.com/portablescanner.html
Follow the instructions below to download the SUPERAntiSpyware Portable Scanner. The scanner features our complete scanning and removal engine and will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. The scanner contains the latest definitions so you DO NOT need Internet Access on the infected system to scan.

Comodo Cleaning Essentials
Comodo Cleaning Essentials is a set of portable antivirus tools that will help you to detect and remove malware from an infected PC.
http://www.comodo.com/business-security/network-protection/cleaning_essentials.php
(DESKTOP http://www.comodo.com/  )

ESET SysInspector is a powerful, portable security tool that will inspect your system’s files, running processes, Registry keys and more, looking for and highlighting anything that could be a sign of malware.
(Makers of famous Eset NOD32 Antivirus – most awarded in history)
http://www.downloadcrew.com/article/20672-eset_sysinspector_12026_32-bit
(DESKTOP http://www.eset.com/us/  )

Norman Malware Cleaner is an interesting portable antivirus tool which will scan your PC, detecting and removing any malware that it uncovers.
http://www.downloadcrew.com/article/23283-norman_malware_cleaner
(DESKTOP http://www.norman.com/en-us  )

The AVG Rescue CD is a portable environment that comes with a range of tools to help you clean up a virus-infected PC, fix hard drive problems, and get an unbootable system working again. This variant of the rescue CD is intended for installation on a USB flash drive. After downloading, you should extract the archive contents directly to the root folder of the USB drive you’d like to use. (If you don’t have a tool that can read RAR files, then try 7-ZIP).
http://www.downloadcrew.com/article/4650-avg_rescue_cd_usb_flash_drive_edition
(DESKTOP http://www.avg.com/us-en/homepage


CCleaner Portable (Internet Tracks Cleaner, More)
CCleaner Portable is a compact version of CCleaner that you can store on a CD, USB flash drive, microSD, or even two floppy disks if you still use those.
http://www.softpedia.com/get/PORTABLE-SOFTWARE/Security/Secure-cleaning/Windows-Portable-Applications-CCleaner-Portable.shtml
(DESKTOP http://www.piriform.com/ccleaner )

SENDER:
Webmaster/malware removal help
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Posted by at No comments:

Unbelievable! – Windows 8 Boot Security Cracked already before released (Bootkit malware)

Unbelievable! – Windows 8 Boot Security Cracked already before released (Bootkit malware)

November 18, 2011 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2011/11/18/unbelievable-windows-8-boot-security-cracked-already-before-released-bootkit-malware/


Unbelievable! – Windows 8 Boot Security Cracked already before released (Bootkit malware)
Windows 8 Boot Security Cracked
CRN
By Antone Gonsalves, CRN
An Austrian security analyst has built the first known bootkit that bypasses Windows 8′s defenses against installing malware while the operating system is booting.
Peter Kleissner, an independent programmer and recognized …

http://www.crn.com/news/security/231903295/windows-8-boot-security-cracked.htm;jsessionid=NZjzL4QedChUWf+VUz6Tyg**.ecappj02

( HATE TO BE I TOLD YOU SO BUT THE BLUECOLLARPC.US PREDICTED THIS THAT WINDOWS 8 BOOT UP SECURITY FEATURE WILL BE CRACKED AS FAST AS IT HITS THE STREETS….. LOOKS LIKE WE WERE A LITTLE OFF – IT HAS BEEN CRACKED EVEN BEFORE IT HIT THE STREETS ! ! ! …..LOL )

We can expect Windows 8 to be launched sometime in mid-late 2012, however, it’s too early to predict the Windows 8 release date, since it is still under development. Nevertheless, the only question that haunts each and every one of us – Will Windows 8 win the battle against Apple which it had lost several years back? SOURCE http://www.thetechlabs.com/tech-news/windows-8-features/

Bootkits http://en.wikipedia.org/wiki/Bootkit#bootkit

"A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems, for example as in the “Evil Maid Attack”, in which a bootkit replaces the legitimate boot loader with one controlled by an attacker; typically the malware loader persists through the transition to protected mode when the kernel has loaded.[35][36][37][38] For example, the “Stoned Bootkit” subverts the system by using a compromised boot loader to intercept encryption keys and passwords.[39] More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.[40]
The only known defenses against bootkit attacks are the prevention of unauthorized physical access to the system—a problem for portable computers—or the use of a Trusted Platform Module configured to protect the boot path.[41]...."

HISTORY TO DATE…..
Windows 8 Spells Trouble for Linux, Hackintosh Users and Malware Victims
http://tech.groups.yahoo.com/group/LinuxDucks/messages/523
Windows 8 won’t dual-boot Linux?
http://tech.groups.yahoo.com/group/LinuxDucks/message/539
Microsoft, Red Hat Spar Over Secure Boot-loading Tech
http://tech.groups.yahoo.com/group/LinuxDucks/message/541
Windows 8 Dual Boot Possible If ‘Secure Boot’ Disabled
http://tech.groups.yahoo.com/group/LinuxDucks/message/544
How to change the boot order of a dual-boot Linux PC
http://tech.groups.yahoo.com/group/LinuxDucks/message/550
Linux Licensing in Conflict with Secure Boot Support
http://tech.groups.yahoo.com/group/LinuxDucks/message/565
FSF warns of Windows 8 Secure Boot (Sign Petition)
http://tech.groups.yahoo.com/group/LinuxDucks/message/626
Linux Foundation, Canonical and Red Hat Weigh In On Secure Boot
http://tech.groups.yahoo.com/group/LinuxDucks/message/650
The right to dual-boot: Linux groups plead case prior to Windows 8
http://tech.groups.yahoo.com/group/LinuxDucks/message/662
Linux Foundation: Secure Boot Need Not Be a Problem
http://tech.groups.yahoo.com/group/LinuxDucks/message/671
Linux Community Offers Secure Boot Ideas
http://tech.groups.yahoo.com/group/LinuxDucks/message/672
Leading PC makers confirm: no Windows 8 plot to lock out Linux
http://tech.groups.yahoo.com/group/LinuxDucks/message/673
Linux Advocates protest ‘Designed for Windows 8′ secure boot policy
http://tech.groups.yahoo.com/group/LinuxDucks/message/679
Linux Community Counters Microsoft’s Windows 8 Secure Boot Mandate
http://tech.groups.yahoo.com/group/LinuxDucks/message/696
SENDER:
Webmaster/malware removal help
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Posted by at No comments:

Medical Entities as targets of malware

Medical Entities as targets of malware
November 15, 2011 — bluecollarpc

Medical Entities as targets of malware….

Another disturbing report of how malware can affect our very lives at Medical Facilities and related operations (paramedic transport etc. ) …..

Malware disables ambulance response systems
An unspecified malware variant recently disabled the automated response systems of a New Zealand-based ambulance service. The service – which provides 90% of the emergency and non-emergency …..

FULL http://www.tgdaily.com/security-features/59635-malware-disables-ambulance-response-systems

Well the one view is Bill Gates has ruined the world with software computers. Defenses for this type attack – intentional or otherwise – are very complex and the future holds a couple security upgrades which one is that Microsoft plans to completely dump the Windows Operating System and create an entire new one at the 25 year anniversary. The other is one towards some of my recommendations and views in security for entities I hold and have recommended - to move towards setting up their own servers and be their own ISP (Internet Service Provider like AOL, MSN, Earthlink, Juno etc) even using dimished special ”web applicances” with limited access (i.e. set up for database access only etc.
SEE DEFINITION http://www.pcmag.com/encyclopedia_term/0,2542,t=Internet+appliance&i=45195,00.asp#fbid=mZ9KI5RdBTu  …..as opposed to business computers . The servers would be the major investment but American upper class shareholders are to greedy most likely for profit’s sake to ever invest.

But, being their own ISP owning and operating their own servers leaves out all other internet traffic and being at the mercy of the defense abilities of the current world wide web servers and ISPs – which we plainly see are responsible for this fiasco that has occurred. YES they did have a “default” manual system they were able to fall back to very very very luckily.

QUOTED “Back-up systems immediately took over when it was detected and the workload was managed manually.”

Had it not been the medical system, no doubt the malware attack would have targeted and comprimised many personal data accounts for purposes of ID Theft and may have been the actual target of the malware but was an ooops by malware dummies.. These type attacks when intentional many times direct intentional attacks at entities and is frightening as they can move towards like the past “interstate shooters” in Maryland I think it was a couple years ago where the two, father and son, were shooting and killing people on the interstate and then called into Police to demand ransom to stop it. There is not enough Agency (internet cops) in America yet to police these things with hard sentences and even death penalties where deserved such as this one where obviously lives were put at risk by them – and all in all if death (s ) had occurred and because of them with precoignitive malice for illicit profit via murder and voluntary and involuntary manslughter.

QUOTED “Although the malware did not seem to specifically target the ambulance service, the incident is obviously not the first time a medical entity has been affected by viruses or worms.

As Sophos security expert Graham Cluley notes, the Mytob worm hit a number of London hospitals in 2008, while the Northwest Hospital and Medical Center in north Seattle was affected by a 2005 attack which shut down computers in the facility’s intensive care unit and prevented pagers from working properly. “


webmaster http://bluecollarpc.us/
BlueCollarPC.US Malware Removal / Amatuer Forensics / Since 2005
Posted by at No comments:

Saturday, November 5, 2011

Dishonest Windows Product Bashing By Linux Users Hurts Themselves, Others

Dishonest Windows Product Bashing By Linux Users Hurts Themselves, Others

https://bluecollarpcwebs.wordpress.com/2011/11/01/dishonest-windows-product-bashing-by-linux-users-hurts-themselves-others/
November 1, 2011 — bluecollarpc
Dishonest Windows Product Bashing By Linux Users Hurts Themselves, Others
The following is actually a summed up response to this type of activity that has pissed us off for years. I have finally pursued a suspected instance, a real incident actually, and gave intelligent somewhat lengthy informed repsonse to these ongoing users and their deceitful posts and portayed a main portion here as example for making Informed Decisions in Computing Security and EXPOSING dishonest Product Bashers to give that FALSE SENSE OF SECURITY to computer users everywhere.
Help end it, compose your own in advance ! Make your own type Form Reply to save the anguishing time it takes with them (generally they are intentional and have been around for at least five years almost everywhere on the Net. Sickening. They have made soooo many sick ! SEE Vista Bashing as another prime example. These are the same using Linux, Apple/Mac, and Firefox with all the same product bashing lies and misinformation. It must be determined if they are plain ignorant of the truth or intentionally being so miserable as unfaithful to the community of computer users worldwide. Remember dishonest Product Bashing is generally always against Group Rules in any respectable group/list.
NOTE, IDENTIFIABLE INFORMATION REMOVED TO REMAIN AS ANNONYMOUS / ORIGINAL AT BOTTOM…..
MY REPLY / WEBMASTER BLUECOLLARPC.US AKA G.LINUXDUCKS….
WEB http://linuxducks.webs.com/

——————–

PUBLIC MESSAGES / SOURCE…..
http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30032
Well and back to you….. I must say either you are very uninformed in Security or either than you are an intentional “product basher”. I will not go further but to explain my statement….
Your proponent is your advice of the Linux alternative to all this and here…. (quoted)
<<>>

…. is you doing exactly that. I remind you that Linux and Firefox have both been legally listed as riskware in official legal reports not too long ago, and have corrected greatly. Windows has never been listed as riskware. Internet Explorer is rated as the safest browser worldwide since Version 8 and including newer version 9. Microsoft Internet Explorer is part of the Windows Operating System and ergo has already been rated as secure and stable so it goes as being the ONLY browser worldwide to ever achieve “Unix Certification” because Microsoft Windows has been the only Operating System to achieve “Unix Certification” and therefore Internet Explorer being a part of that has been rated that. It is not a separate part of Windows as some add on software or in any bloatware package. It is part of the Windows Operating System. In that Linux has not been able to achieve Unix Certification is just one fact and legally that it is not more safe or more secure than Microsoft Windows – and neither Apple/Mac.
Linux has never denied or disputed these FACTS though you have by offering the alternative in the light of untrue product bashing. Linux speaks for itself. It does not have to lie about other products to make a dishonest buck. I have not known persons involved in Linux to be of such ill repute as one may believe by your promotion of it. You are not promoting Linux but rather dishonesty as false advertising and doing Linux or Windows Users ANY favor at all by your dishonesty or ignorance – as you have not made clear which yet. Ask anyone at Linux in other words and they will say No Thanks we don;t use or need that kind of Product Promotion and neither would we employ such an individual to do so. Linux ezines must stand on their own merit as you must by their posts.
You are spreading a delusion in security by ‘product bashing’ and your facts are less than laughable when examined. This is what “product bashing” generally refers to – based on a foundation of mistruths and open lies. Sometimes it is disallowed at a handful of forums I have noticed and for obvious reasons.
NOT TRUE…. quoted
<<>>

That is illegal. No one may post legally any such code as proof of concept or otherwise that is destructive to networks, equipment, personal or company/corporate computers, etc. on the world wide web for public or private view. My source is a friend who is employed by MalwareBytes.Org in malware research whom I reported to an exact episode of same and was immediately removed from the world web and actions taken by Agencies.
NOT TRUE…. quoted
<<>>

You are OBVIOUSLY product bashing or have made up a COMPLETE FANTASY about Microsoft Windows or are simply completely ignorant of the truth. The vast majority of Windows Users are well aware that through the beginning to mid “XP Years” that Windows Updates were released immediately after testing. This changed a few years ago, to as well accommodate IT on corporate levels, to every Second Tuesday of the month dubbed “Patch Tuesday”. Any CRITICAL or ZERO DAY PATCH/FIX is released IMMEDIATELY as OFFICIALLY called an OUT-OF CYCLE Microsoft Windows Critical Update.
NOT TRUE…..quoted
<<>>

I just posted correction to your mistruths. The Microsoft “Out Of Cycle” Windows Update immediately patches security holes and/or code hardens. Botnets are not known as primary culprits in these exploits. “Scareware” as term for fake, rogue, pirated rebranded faulty malware infested antimalware products are the primary attackers. The American FBI has listed this as many many many others have. In fact the infamous SpyAxe was about first to do so in the WMF Metafile zero day in Windows half a decade ago. Using ignorance or mistruths via product bashing is NOT helping Linux. You may be even HURTING new Linux users as thinking that’s the way ALL Linux people are – completely dishonest liars and product bashers, what good could the product be ? You don;t want to do that do you ? ! Then don’t !
NOT TRUE …..quoted
<<>>

Again, if you are product bashing via number of Security Updates to Windows by calling it “swiss cheese” meaning full of security holes the nefarious can exploit then we look to Linux Updates and as well your mention of them being published…. If we use your analogy of what constitutes “swiss cheese” let’s look at how many holes Linux has as compared to Windows (which has had a handful in the last year – and I run both a XP and Vista computer…..
http://tech.groups.yahoo.com/group/LinuxDucks/message/9
http://tech.groups.yahoo.com/group/LinuxDucks/message/10
http://tech.groups.yahoo.com/group/LinuxDucks/message/11
http://tech.groups.yahoo.com/group/LinuxDucks/message/13
http://tech.groups.yahoo.com/group/LinuxDucks/message/233
http://tech.groups.yahoo.com/group/LinuxDucks/message/234
Fwd: [USN-1137-1] Eucalyptus vulnerability
http://tech.groups.yahoo.com/group/LinuxDucks/message/292
Fwd: [USN-1138-1] DBus-GLib vulnerability
http://tech.groups.yahoo.com/group/LinuxDucks/message/294
Fwd: [USN-1138-2] NetworkManager and ModemManager update
http://tech.groups.yahoo.com/group/LinuxDucks/message/295
Fwd: [USN-1140-1] PAM vulnerabilities
http://tech.groups.yahoo.com/group/LinuxDucks/message/302
Fwd: [USN-1139-1] Bind vulnerabilities
Fwd: [USN-1146-1] Linux kernel vulnerabilities
http://tech.groups.yahoo.com/group/LinuxDucks/message/318
Fw: [USN-1147-1] GIMP vulnerability
http://tech.groups.yahoo.com/group/LinuxDucks/message/324
Fwd: [USN-1151-1] Nagios vulnerabilities
http://tech.groups.yahoo.com/group/LinuxDucks/message/330
Fwd: [USN-1152-1] libvirt vulnerabilities
http://tech.groups.yahoo.com/group/LinuxDucks/message/336
Fwd: [USN-1153-1] libxml2 vulnerability
http://tech.groups.yahoo.com/group/LinuxDucks/message/337
Fwd: [USN-1154-1] OpenJDK 6 vulnerabilities
http://tech.groups.yahoo.com/group/LinuxDucks/message/338
Fwd: [USN-1155-1] NBD vulnerability
http://tech.groups.yahoo.com/group/LinuxDucks/message/351
OKAY THAT IS IN ABOUT ONE MONTH’S TIME ! ! ! Quazillions of Updates. Windows has NEVER had such a caseload of Windows Updates. No need to look it up or go ahead and google it. As source, I have been on Windows with one of the very first Windows XP computers sold in Nov. 2001 to present and Vista and 7 as well – and have had two or three offers from some important security firms actually to boot (I am disabled and declined).
Now via YOUR definition of “SWISS CHEESE” – we are looking at it ! ! ! Linux would be that and NOT Windows. Neither has Linux been attacked on the level Windows has been since it all began around the beginning of this last decade…. 2000 to 2010. Frankly there security departments have not had the level of attack and defense and will NOT achieve their sophistication until the next decade after 2020 IF they were attacked like Windows was/is starting tomorrow. Again experience is the best teacher in some cases. In security you gain a “nose” and can sniff trouble and were as, or before, it happens. These are the top employees in security.
And the truth is, as I said Linux speaks for itself, here we see how busy they are and produce their equivalent of Windows Critical Security Updates through Update Manager. The ORIGINAL security argument came (and from many people as you speak here) about 2006 to 2008 that Linux, Apple/Mac, and Firefox were virtually malware immune and make Windows look like a joke. This lying and unfaithful and mistruths have been shown as the basis of dishonest or uninformed and sometimes even called “newbie hype” – basis or foundation and platform for “product bashing” and why this is frowned upon and most times actually disallowed by all honest users in the Community of computer operators on the worldwide web.
The truth in the above argument was based upon that 90 percent of all world computer ran Windows and was “were the money” is for those committing cyber theft via cyber crimewares such as password stealing viruses that also ran through Firefox via Java exploits, spyware installations, other crimewares as ransomware. It is too risky and costly for the cyber criminal underground to go “social engineering” hunting in tiny ponds where there is little internet financial transaction occurring – the other 10 percent of operating systems including Linux and Apple/Mac. THIS was and still is the truth about Windows being attacked so heavily and we have not even touched on Botnets via Botherders, Botlords, Botmasters committing corporate cyber crime via their botnet attacks in the form of Denial of Service Distribution Attacks (DDoS) holding corporations worldwide for illegal extortion ! Windows computers.
When the level of attacks happen to Linux and Apple/Mac that have occurred to Windows we will see how they fair. They will either do as good a job or a horrible one being way behind the patch/fix/updates immediately necessary. From what I have seen I would say their first incidents will be as awkward as it was for Windows.
Remember that just very recently both Linux Kernel Org and the Linux Software Repository have been hacked. This has NEVER occurred with Windows save the one incident of the Windows Updates website itself blocked by hackers temporarily during a zero day keeping slothful users from getting the Critical Update/Patch to block them out. These slothful users either by apathy or bad directions from bad or uninformed user helpers or simple ignorance of not knowing did not have Windows Updates set to Automatic Install as instructed and recommended to by Microsoft and the vast majority of responsible informed Windows users as we are and know to be.
NOW I do not wish to take back some compliments I made towards you but I think I SHOULD as I now suspect in your several answers together as I very slightly suspected that you are doing NOTHING but your little PRODUCT BASHING of Windows skit for all Linux Users. I feel the Owner/Moderator of this group should take action for same. I have made the case I feel for that.
The discussion here was not Linux or Windows – but SECURITY – which is what you have dishonestly or ignorantly given what you called…. (quoted)

<<>>

You have given such delusion as to condemn yourself as dishonest in your product bashing portrayal of your position as being security correct with and for Linux to at least all the users in this group and all RSS Visitors to the group worldwide via RSS Readers of Public messages.
I will NOT post again and will maintain my position – and well spelled out – that I feel you have been dishonest and are nothing more than a Windows Product Basher as dishonest mistruths. In security we teach truth to the public so that they are enabled and EMPOWERED to make INFORMED DECISIONS as to computer security and their own security solutions for the same. Product Bashers do their best to misguide this most times as self aggrandizing but are very hurtful to uninformed followers. This is the main reason product bashers in security are immediately disallowed to continue further.
The only way I could not believe you are performing Windows Product Bashing is perhaps for you to read some, and study some, and verify some, and come back with some reply to admit you were ignorantly wrong in your statements. (I am a group owner and would have banned you already ! )
Otherwise I need NOT reply further. My reply of information to you is quite sufficient as just a little more than ‘surface’.
gerald philly pa usa
Amateur Forensics (computer)
Webmaster http://bluecollarpc.us/
IF YOU WISH TO HONESTLY PROMOTE WONDERFUL LINUX WITH THE REST PLEASE DO NOT RESORT TO DISHONEST DECEITFUL PRODUCT BASHING. YOU ARE HURTING NO ONE BUT YOUR OWN REPUTATION AND PERHAPS THE MINDS OF THE NOVICES. THANK YOU !
–a concerned, VERY concerned Linux User and contributor !



On 11/1/2011 6:58 AM, R———- wrote:

> I meant in a broader context. Windows users will only know that Windows

> sucks and that it is part of the problem, if they experience it for what it

> is. If we assist them in living in the delusion that they are in a

> safe environment, then we do them no favours. Aside from that I have become

> a bit jaded about it all. It does not affect me and so why should I care if

> others persist in using an OS made of Swiss cheese.Those Russian botnets

> exploit XP machines and while they are doing harm they would not be able to

> to it as effectively if Microsoft was on the ball.

>

> Here is an example. Someone will find an exploit and announce it publicly

> so that users will know and expect MS to patch it. So, MS goes all quiet

> first. Then they deny it when asked directly. Then they say they are

> looking into it. Then they admit it and say that they are working on a fix.

> Then they say the fix will be available next patch Tuesday which is two

> weeks away. A month has passed and those botnets have been busy and the

> problem has travelled aroud the world affecting millions of MS customers.

> That would be bad if it happened just once, but it is the script.

>

> So, little old me, using Linux thinks, if MS does not care, why should I?

> MS has denied that the said botnets use Windows or exploit Windows, but

> they also say that the world will be safer when XP is closed down. We live

> in a world of contradictions. My contradiction is that using Linux to help

> Windows users is like peeing on a forest fire when the forest ranger is

> asleep and the arsonists know it. As I said, I have been around the block a

> few times and have lost my enthusiasm for helping those who do not want it.

> So I handle the contradiction of not seeming to care, by using something

> that is far safer and trying to spread the word that it does not have to be

> this way, rather than saving people who do not know they are in trouble and

> are not asking for my help.

>

> Using an AV for me is not a good use of my time. I would rather be typing

> long messages to you.

>

> R———–

>

> Using Kubuntu 11.10, 64-bit

>

>

> On 31 October 2011 23:11, G.LinuxDucks wrote:

>

>> **

>>

————-cut—————-cut———————– /

Rate this: Share this: Twitter

Like this:LikeBe the first to like this post. Posted in BlueCollarPC WordPress Blog. Tags: bluecollarpc, bluecollarpc blog, zombie, security, scam, security products, newbie, novice user, false sense security, patches, security hole, patch fix update, Linux, Ubuntu, Vista Bashing, product bashers, forum trolls, false enviroment. 1 Comment »One Response to “Dishonest Windows Product Bashing By Linux Users Hurts Themselves, Others”

bluecollarpc Says:
November 2, 2011 at 12:03 am

BASIC FULL CONVERSATION IN CONTEXT….
http://tech.groups.yahoo.com/group/LINUX_Newbies/message/29992

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/29993

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/29994

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/29995

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/29996

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/29997

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30002

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30003

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30004

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30009

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30010

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30012

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30020

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30021

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30022

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30024

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30032

http://tech.groups.yahoo.com/group/LINUX_Newbies/message/30033


Log in to Reply
Posted by at No comments:
Subscribe to: Posts (Atom)