eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
31 Ağustos 2012 Cuma
Other:W32/Generic
Microsoft: Critical Vista Patch Coming
nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
PeopleSoft founder seeks windfall in Workday IPO
5 takeaways from Las Vegas
Probably the two most important security conferences in the world are held in Las Vegas during the same week, gathering more than 15,000 attendees and offering dozens of talks. Even if you are here, you will find a situation where you want to attend 2 or 3 talks at the same time, or the frustration of attending one talk only to find there is no room left for you in the next one you wanted to attend. |
So I thought it would be useful, whether you were in Las Vegas or not, to highlight the most relevant things that happened there during these 2 weeks, in my opinion:
Romney Campaign Fundraises for Success With Square
In a sign that Mitt Romney's campaign is serious about digital innovation in politics, it used this past week's Republican National Convention to do a major roll out of its branded version of Square, the mobile credit card processing app and iPhone/iPad/Android accessory already popular with small businesses which the campaign is using for fundraising.
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
How To Skip Product Key When Installing Windows 8
Microsoft has released Windows 8 to MSDN/TechNet subscribers and few other channels starting from August 15th. Few weeks ago; I got lucky to lay hands on it and I noticed that Windows 8 doesn?t allow keyless installation, like Windows 7, by default.
But after doing some R&D I have found a way to bypass the product key wizard while performing the installation. And in this article, you?ll learn how to suppress product key prompt while installing Windows 8. Note: The following method is effective, legal, and does not requires a lot of technical expertise.
Prerequisites:
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Dorifel is much bigger than expected and it's still active and growing!
Yesterday it was a dark day for many companies in Europe, but especially in the Netherlands. A piece of malware known as Worm.Win32.Dorifel infected over 3000 machines globally, and 90% of infected users were both from public and business sector organizations based in the Netherlands. We have seen government departments and hospitals being victims. The other countries with a large amount of infections were detected in Denmark, the Philippines, Germany, the United States and Spain. All users running Kaspersky Lab�s Products are protected from this threat.
The malware is initially distributed via email to victims. It uses a �Right To Left� vulnerability to hide its original file extension. The malware then downloads another malware which encrypts documents and executes them on the infected computer. Dorifel also attempts to encrypt files found on network shares.
When I was sitting down and investigating the Dorifel malware I noticed that the servers hosting the Dorifel malware was not configured properly and allowed for example directory listing in certain directories. This triggered me to search for more interesting directories, which I did and to my surprise I noticed that the server was hosting a lot more malicious �components� and not just the Dorifel malware. It is very difficult to say if this scam is complex and advanced since it uses many different components with different complexity level. Some of the interesting things I found includes:
Trying to unmask the fake Microsoft support scammers!
I�m pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. They will then offer (for free) to verify if this is the case. If the victim agrees on this, they will ask the victim to perform certain actions, and also type certain commands, which will trick a non-experienced user that the output is actually showing that the computer is infected.
I just want to mention that there is no such department at Microsoft, and they would never call up customers offering this. So if you ever get a call �from Microsoft� stating that there are some indications that your computer is broken or infected - please hang up!
Well, they have called me several times, and finally Ii got fed up with this and started to play along. At the same time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to get hold of information such as their internal IP addresses, the PayPal accounts used to wire money and the numbers they are calling from.
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Using TS RemoteApp as an attack vector
So in today's session at SMBNation that I spoke at, I showed how to use TS RemoteApp with TS Gateway on SBS2008 to deliver remote applications through Remote Web Workplace. It is one of the most cool features in the Windows Server 2008 operating system. But we have to remember what its doing.
Part of the conversation we had was on the difference between local desktop display in TS RemoteApp vs just having a full desktop to the Terminal Server. One issue that came up was that as a RemoteApp, you can't run other applications.
Well, that is not actually true. If you think that, then a TS RemoteApp has the ability to be an attack vector for you. What do I mean? Well below is a screen shot of what happens if you hit CTRL-ALT-ENTER with the cursor focused on the RemoteApp window (in this case MS Paint running remotely):
At this point, you can run Task Manager.... then hit File->Run and run something else. In my case, I showed a few people afterwards how to start cmd and start exploring the network. Now, you will only have the privileges of the user account logged in as, but it is still something you have to be careful about. If you think a RemoteApp bundle prevents access to other application sor the network... you are wrong.
So is this bad? No. Is it really an attack vector? No. You just need to understand that when allowing ANY type of Terminal Services based access, you have to restrict the policies and access accordingly. No matter if its local or remote. Running a TS RemoteApp bundle of Office will display on the local desktop, but is STILL running on the Terminal Server. So it will be browsing the network the Terminal Server is connected to as the local net. It will also browse your own drives mapped via tsclient. So you have to remember that.
Hope thats useful. A TS RemoteApp bundle does NOT mean you won't have access to the TS desktop when displaying remotely on your personal desktop. And that's not a bad thing. TS Remote App is a convenient way to extend the workspace to your local machine, anywhere in the world. No pun intended. That's its power... and the benefit. Great remote productivity enhancement in Windows Server 2008. Use it. (Safely of course)
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Six ways to protect against the latest Java vulnerability
Security researchers have proposed several methods for users to protect their computers from ongoing attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7.
Most of the proposed solutions have drawbacks or are applicable only to certain system configurations and environments. However, the hope is that in the absence of an official patch from Oracle users will be able to use one or a combination of them in order to reduce the risk of their systems being compromised.
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
Anonymous hits U.K. government sites over Assange situation
Blackhat USA 2012 - Pushing Past Intrusion Tolerance, Cutting Edge Research
The Blackhat 2012 keynote started the event with Shawn Henry, former Executive Assistant Director of the Fbi, painting a grim, seemingly unspeakable picture of cyberespionage in the US. It was interesting that he continually spoke about the gravity of the situation and the need to apply what he learned at the Fbi to protecting digital assets, but he couldn't describe a single concrete example. At the same time, other than a weapon of mass destruction, he claimed that cyber threats are the single biggest problem facing this nation. This inability to convey concrete details during the Blackhat keynote only highlights some of the problem in understanding the cyber problem. And it's the problem of overclassification of computer network exploitation (CNE) incidents and a tangled set of dynamics that silence breach data sharing and exchange. There is a long way to go here to fixing it.
While parts of the talk were very interesting, especially discussion of creating a hostile network for your adversaries and taking intrusion tolerance a step further, it was criticized for being a bit self-promoting. All across the twittersphere, tweets like this one protested signs of this year's corporate influence.
The two days of talks explored some new territory. Day 1 included "Advanced ARM Exploitation", where Stephen Ridley and Stephen Lawler provided some more indepth Android exploitation details and the quirks in exploring the software and developing exploits on the platform. For example, ROP techniques are required even to perform the ancient ret2libc technique on Android. They poured over data manipulation on ARM and particular assembly level tricks, specifics of discovering ROP pivots and pushing data into the stack on ARM for control. The talk provided content from their hands-on, 650+ slides across 12 decks, 80 page lab manual, multi-day course "Practical ARM Exploitation".
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Second LulzSec hacker, Raynaldo Rivera, also surrenders
A second member of the global hacking collective ?LulzSec? has surrendered to US authorities for his help in the 2011 attacks on Sony Computer Corp.
20 year-old Raynaldo Rivera of Tempe, Arizona was indicted by a grand jury last week on charges stemming from his participation in the Sony hack, including charges of conspiracy and unauthorized impairment of a protected computer. The indictment was returned on August 22, but wasn?t unsealed until Tuesday, when Rivera surrendered to FBI agents. If convicted, he could face up to 15 years of prison time.
In the digital age, whither the campaign button?
Eugene Ola was on a street corner hawking some political buttons with phrases like "Believe in America" and featuring photos of a smiling GOP presidential nominee Mitt Romney and his running mate, Paul Ryan. But most passersby simply smiled and kept on walking, barely looking at the piece of cardboard he carted around with 50 buttons fastened to it.
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Critical TCP/IP Worm Hole Dings Windows Vista
You Can Write, But You Can't Hide: Big Data Knows Your Writing Quirks
As I wrote recently, data scientists have been able to decode unstructured data to accurately predict where violence will occur in Afghanistan. Now, they can also mine unstructured data to determine the identity of a document?s writer. All of us, it seems, have a ?write-print? as unique as our fingerprint.
Rootkit:W32/ZAccess
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
New Kaspersky appeals to your cash sense
30 Ağustos 2012 Perşembe
Exploit:W32/D-Encrypted.Gen
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Amazon Kindle Fire sold out as new model expected
Amazon.com Inc. says it has sold out of its Kindle Fire tablet computer amid expectations of a new model for the holiday season.
nod32 turkce nod32 full indir nod32 full download full nod32 download
Bastion tops iPhone Games of the Week
The Mystery of the Encrypted Gauss Payload
Perhaps the most interesting mystery is Gauss� encrypted warhead. Gauss contains a module named �Godel� that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.
The containers Infected USB sticks have two files that contain several encrypted sections. Named �System32.dat� and �System32.bin�, they are 32-bit and 64-bit versions of the same code. These files are loaded from infected drives using the well-known LNK exploit introduced by Stuxnet. Their primary goal is to extract a lot of information about the victim system and write it back to a file on the drive named �.thumbs.db�. Several known versions of the files contain three encrypted sections (one code section, two data sections). The decryption key for these sections is generated dynamically and depends on the features of the victim system, preventing anyone except the designated target(s) from extracting the contents of the sections. By the way, the 64-bit version of the module has some debug information left in it. The module contains debug assertion strings and names of the modules:.\loader.cpp NULL != encSection Path NULL != pathVar && curPos < pathVarSize NULL != progFilesDirs && curPos < progFilesDirsSize NULL != isExpected NULL != key (NULL != result) && (NULL !=str1) && (NULL != str2) .\encryption_funcs.cpp
The data The mysterious encrypted data is stored in three sections:nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
Patch Tuesday July 2012 - Focus on the Browser
This month's patch Tuesday brings a set of three "critical" bulletins focused on Windows/web browser component vulnerabilities and six other bulletins rated "important". In other words, two of the critical components are considered "Windows" components, but most likely would be attacked through the web browser. Also, the top priority bulletin patches the CVE-2012-1889 vulnerability being exploited not only by attackers targeting high value targets, but common-off-the-shelf/commodity exploit packs.
Kaspersky products detect malicious web pages exploiting CVE-2012-1889 with "HEUR:Exploit.Script.Generic". Addition of a working exploit targeting MSXML Core Services 3.0 within IE6 and IE7 XPSP3 to the Metasploit Framework on June 12th helped make this one more mainstream. While it may seem that targeting XP would limit its reach, it's important to note that various market share surveys and reports show that Windows XP continues to take major OS market share. Interestingly, the MS12-043 Bulletin addressing this vulnerability patches MSXML Core Services 3, 4, and 6, leaving out version 5. Versions 3 and 6 ship with Windows itself. Accordingly, msxml3.dll and msxml6.dll reside in c:\windows\system32 across all supported versions of Windows, while the other versions are installed by Microsoft Office and other software.
Also patching the potential for web client-side drive-by's, MS12-045 addresses an MDAC vulnerability, reminiscent of MS06-014, one of the longest lasting, reliable, most heavily targeted client-side vulnerabilities in Microsoft technology. It was taken advantage of for years by the Russian Business Network, purchasers of MPack, and later others, distributing Torpig and Rustock, while the nascent exploit kit market was solidifying back in 2006. It continues to be included in some of the live exploit pack control panels that we see. We'll see how this new MDAC issue compares.
The third of the bulletins fighting "critical" rated web client side vulnerabilities fixes a couple of newer vulnerability types being targeted ("Cached Object Remote Code Execution Vulnerability - CVE-2012-1522", "Attribute Remove Remote Code Execution Vulnerability - CVE-2012-1524") introduced by Internet Explorer version 9 itself. Versions 6, 7 and 8 do not maintain the vulnerable code.
With that, we leave you to your regularly scheduled patching.
nod32 turkce nod32 full indir nod32 full download full nod32 download
Vidro: How deep and mobile is the rabbit hole?
The appearance of a new Android malware family is not that surprising at all today. Especially when we talk about SMS Trojans which are one of the most popular and oldest type of threats created for extracting money from users. A new family of SMS Trojans named Vidro appeared a few days ago but we�ve already collected a lot of APK files with very similar functionality. At the moment all the samples we have found target users only from Poland.
Spreading
Trojan-SMS.AndroidOS.Vidro is spread via porn sites. The mechanism is very similar to the way the very first Android malware (Trojan-SMS.AndroidOS.FakePlayer) spread. If the user visits a porn site with a desktop browser he will see something similar to this:
But if the potential victim somehow visits the same website using an Android device, a porn web site will be �optimized� for the smartphone:
Anonymous hits U.K. government sites over Assange situation
Virus:W32/Ramnit.N
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
The Madi Campaign - Part I
Together with our partner, Seculert, we-ve thoroughly investigated this operation and named it the ?Madi�, based on certain strings and handles used by the attackers. You can read the Seculert analysis post here.
The campaign relied on a couple of well known, simpler attack techniques to deliver the payloads, which reveals a bit about the victims online awareness. Large amounts of data collection reveal the focus of the campaign on Middle Eastern critical infrastructure engineering firms, government agencies, financial houses, and academia. And individuals within this victim pool and their communications were selected for increased monitoring over extended periods of time.
This post is an examination of the techniques used to spread the Madi malware to victim systems, the spyware tools used, and quirks about both. In some cases, targeted organizations themselves don't want to provide further breach information about the attack, so some perspective into the parts of the campaign can be limited.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Gauss: Nation-state cyber-surveillance meets banking Trojan
Introduction
Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga. It was probably created in mid-2011 and deployed for the first time in August-September 2011.Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.
In 140 chars or less, �Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation�. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations.
Just like Duqu was based on the �Tilded� platform on which Stuxnet was developed, Gauss is based on the �Flame� platform. It shares some functionalities with Flame, such as the USB infection subroutines. In this FAQ, we answer some of the main questions about this operation. In addition to this, we are also releasing a full technical paper (HTML version and PDF version) about the malware�s functionalities.- Intercept browser cookies and passwords.
- Harvest and send system configuration data to attackers.
- Infect USB sticks with a data stealing module.
- List the content of the system drives and folders
- Steal credentials for various banking systems in the Middle East.
- Hijack account information for social network, email and IM accounts.
The modules have internal names which appear to pay tribute to famous mathematicians and philosophers, such as Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange.
The module named �Gauss� is the most important in the malware as it implements the data stealing capabilities and we have therefore named the malware toolkit by this most important component.
Variant | Path to project files |
---|---|
August 2011 | d:\projects\gauss |
October 2011 | d:\projects\gauss_for_macis_2 |
Dec 2011-Jan 2012 | c:\documents and settings\flamer\desktop\gauss_white_1 |
Inside Huawei, the Chinese tech giant that's rattling nerves in DC
nod32 full download full nod32 download est nod32 serial 64 bit nod32
Sprint lights up LTE in four new markets
Sprint (S) on Wednesday announced the expansion of both its 3G and 4G LTE networks. The company?s high-speed LTE network is now available in Baltimore, Md., Gainesville, Ga., Manhattan/Junction City, Kan., and Sedalia, Mo. In addition, locations in Baltimore, Boston and Washington, D.C will have now have access to Sprint?s ?all-new 3G service,? which the company claims will deliver better in-building coverage and fewer dropped calls. ?Our customers are enjoying new applications and devices that increase the demand for mobile data,? said Bob Azzi, senior vice president of Sprint. ?The network build-out ? that today is playing out in four new cities ? will provide nothing less than a state-of-the art network platform for the next generation of customers. Customers
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Gauss: Nation-state cyber-surveillance meets banking Trojan
Introduction
Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga. It was probably created in mid-2011 and deployed for the first time in August-September 2011.Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.
In 140 chars or less, �Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation�. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations.
Just like Duqu was based on the �Tilded� platform on which Stuxnet was developed, Gauss is based on the �Flame� platform. It shares some functionalities with Flame, such as the USB infection subroutines. In this FAQ, we answer some of the main questions about this operation. In addition to this, we are also releasing a full technical paper (HTML version and PDF version) about the malware�s functionalities.- Intercept browser cookies and passwords.
- Harvest and send system configuration data to attackers.
- Infect USB sticks with a data stealing module.
- List the content of the system drives and folders
- Steal credentials for various banking systems in the Middle East.
- Hijack account information for social network, email and IM accounts.
The modules have internal names which appear to pay tribute to famous mathematicians and philosophers, such as Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange.
The module named �Gauss� is the most important in the malware as it implements the data stealing capabilities and we have therefore named the malware toolkit by this most important component.
Variant | Path to project files |
---|---|
August 2011 | d:\projects\gauss |
October 2011 | d:\projects\gauss_for_macis_2 |
Dec 2011-Jan 2012 | c:\documents and settings\flamer\desktop\gauss_white_1 |
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Fired Toyota coder trashes systems, steals data
�After being fired last week, a contract computer programmer at Toyota Motor Manufacturing intentionally "sabotaged" and crashed the company's supplier computer network and downloaded highly confidential information, Toyota has alleged in a federal lawsuit.
In a complaint filed Friday in U.S. District Court in Lexington against Ibrahimshah Shahulhameed, the automaker said, "If this information were disseminated to competitors or otherwise made public, it would be highly damaging to Toyota and its suppliers, causing immediate and irreparable damage."
nod32 turkce nod32 full indir nod32 full download full nod32 download
New Java 7 exploit can potentially affect Macs
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
ISIS mobile payment service to finally debut in September
The joint mobile payment venture�known as ISIS�that is backed by AT&T (T), Verizon (VZ) and T-Mobile is on track to debut in September. The group initially planned to roll out its services in the first half of 2012, but various delays have pushed back the launch date. ?The focus has been: Get it right, make sure it?s secure,? Brad Duea, senior vice president of product management at T-Mobile USA, said in an interview with Bloomberg. ISIS uses NFC technology to allow users to make purchases with their smartphones, although it can also be used for other things as well. T-Mobile plans to use the technology to allow customers to download applications and content by tapping their phones against a special
29 Ağustos 2012 Çarşamba
Second accused LulzSec hacker arrested in Sony breach
eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri
Exploit:W32/D-Encrypted.Gen
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Cat videos get their moment at Minn. film festival
Warning: This is a story about online cat videos. If you're among the seemingly tiny minority of the general population not interested in watching a 1-minute clip of a cat in a T-shirt pounding on a keyboard, then move along.
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
The end of DNS-Changer
FBI's “Operation Ghost Click” was discussed earlier by my colleague Kurt here and here and now it comes to an end.
Next Monday, 9th of July, at 06:00 (MEZ) the temporary DNS-servers setup by FBI will be shut down. But still there are still thousands of infected machines - one can wonder, what will happen to them?
Computers in the internet have their own address - the IP-address. There are two versions:
- IPv4 which is a 32-bit address e.g. 195.122.169.23 and
- IPv6 which is a 128-bit address e.g. 2001:db8:85a3:8d3:1319:8a2e:370:7347
You clearly see that these addresses are not so easy to remember compared to e.g. “kaspersky.com”. Therefore the “Domain Name System” was created which translates domain-names as “kaspersky.com” to their respective IP-address to connect to the server.
The DNS-Changer malware replaces the DNS-servers on the infected system with its own. FBI Press Release
The reason they do this is because it facilitates “Click Hijacking”. This is a technique where infected users are redirected to advertisement websites from the criminals and “Advertising Replacement” where on legitimate websites the advertisements were exchanged with one from the criminals.
Luckily, the FBI caught the criminals and installed temporary DNS-Servers in order to avoid a “black-out” for the mass of infected computers.
This temporary solution will come to an end on Monday when the servers are shut down. When this happens, the infected machines will no longer able to resolve domain names in order to connect to e.g. a website.
Of course, if you know the address of the server you can still use it instead of the name e.g. 195.122.169.23 is “securelist.com” but this is not easy solution.
We would like to point out that despite the big noise around this topic, there is no need to panic. The solution is rather simple - read below for more.
First of all, it might be interesting to point out that in 2012 we detected 101.964 attempts by DNSChanger malware to infect our users.
The good news is that the infections were blocked and the number of infection attempts is going down.
For instance, this map of the past week shows that the amount of infection attempts/detections as decreasing. Of course, computers with no or old protection are still in danger of possible unspotted infections.
So, how to check if you are infected with DNSChanger?
The DNS Changer Working Group provides helpful information on their website - unfortunately, we previously mentioned that automatic websites setup for this purpose do not work 100% well. So, the manual solution of checking the DNS server IPs is better.
If you are infected, you can change your DNS entries to the free DNS-Servers from Google: 8.8.8.8 and 8.8.4.4. OpenDNS also offers two: 208.67.222.222 and 208.67.220.220, which we also recommend for additional security features.
The best solution is of course to install a security suite capable of detecting and cleaning the infection and fixing the DNS servers.
Since many DNSChanger infections are accompanied by TDSS, a rather nasty rootkit, you can also use our tool “Kaspersky TDSSKiller” in order to detect and delete the infection
nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Hacking humans: Building a better you
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
Trying to unmask the fake Microsoft support scammers!
I�m pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. They will then offer (for free) to verify if this is the case. If the victim agrees on this, they will ask the victim to perform certain actions, and also type certain commands, which will trick a non-experienced user that the output is actually showing that the computer is infected.
I just want to mention that there is no such department at Microsoft, and they would never call up customers offering this. So if you ever get a call �from Microsoft� stating that there are some indications that your computer is broken or infected - please hang up!
Well, they have called me several times, and finally Ii got fed up with this and started to play along. At the same time I had my virtual machines running and was recording everything that they were doing. The goal was to find out who they were and exactly what the scam was. Luckily I was able to get hold of information such as their internal IP addresses, the PayPal accounts used to wire money and the numbers they are calling from.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Chief creative officer leaves Zynga
Reforming the DisGrace Period
nod32 full indir nod32 full download full nod32 download est nod32 serial
Worm:W32/Morto.A
nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Television Fraud of Olympic proportions
London 2012 Live Streaming
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
DNSChanger - Last Call on Cleanup
UPDATE (7/9/2012):
Thank you Barry Greene and the DCWG. The DCWG-run DNS servers have been taken down:
"On 12:01 Eastern Time on Monday July 9th 2012, the DCWG stop responding to DNS queries from infected machines. This is in compliance with the US Justice Department Court Order authorizing the clean DNS servers.
At 12:23 Eastern Time on Monday July 9th 2012, the server started to reply to all DNS request with an ICMP Unreachable. This would help infected computers troubleshot their problem is they find they cannot access DNS servers."
Here we are. It's the last call on DNSChanger cleanup. On Monday, the Fbi-run replacement DNS servers are coming down because the court-ordered extension is coming to an end, and your systems may using these servers for resolution. There are a set of sites that may unreliably help you identify whether your machine or router continues to maintain DNS settings to the "DNSChanger" operators' servers. This unreliability is partly because upstream major internet backbone providers have created unintended confusion, and partly because of poor/ineffective web-side detection implementations.
In the US, 60k hosts are reported to require that their DNS settings remain to be changed. How many of those systems are truly "infected"? No one knows. And, the number could be inflated. It could be that none of these systems are infected. Or all of them could be infected. Perhaps all LAN-side systems behind home and corporate routers, or systems cleaned of malware that may still maintain artifacts of this infection, continue to use Rove Digital servers for DNS resolution.
In other words, it doesn't mean you have pneumonia, but you still have a cough. And it makes you extraordinarily more likely to get sick again. Some vendors' products, like here at Kaspersky, have been detecting the artifact DNSChanger settings on effected machines and offering to reconfigure these settings to a set of "clean" DNS servers. This DNS reset routine is presented by Kaspersky Endpoint Security 8.0 and 2010+ home products with this popup for "Trojan.Multi.DNSChanger.Gen":
Inside Huawei, the Chinese tech giant that's rattling nerves in D.C.
nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri
Singapore suffers from 'false sense of security'
Singapore's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontlines of online attacks have lulled local businesses into a "false sense of security" which leaves them vulnerable.
According to Ngair Teow Hin, founder and CEO of security firm SecureAge, the "vibrant" security scene in the city-state with more than 100 security companies here, and existing laws such as the Computer Misuse Act, help deter people from hacking into organizations here. This can be seen by the low number of reported security incidents, he added.
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Worm:W32/Todon.I
nod32 full download full nod32 download est nod32 serial 64 bit nod32
28 Ağustos 2012 Salı
Other:W32/Generic
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial
Reforming the DisGrace Period
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Prices of Facebook stock since long-awaited IPO
New ZitMo for Android and Blackberry
Ten months ago we�ve published an article about ZeuS-in-the-Mobile which contains an overview of everything we knew about ZitMo at that moment. The paper finishes with the following prediction: �they [attacks involving ZitMo] will become more specifically targeted against a smaller number of victims�. This prediction appears to have been correct. It�s not that often when we hear/find new wave of ZeuS-in-the-Mobile (or SpyEye-in-the-Mobile) attack. So every new piece of information about these types of malware and/or attacks involving them is very important and helps to understand the evolution of one of the most interesting threats in mobile space so far. Just a small reminder: ZeuS-in-the-Mobile is almost 2 years old. And this blog is about new samples (and probably new wave of attack)) of ZitMo for Android and Blackberry.
New samples overview
We�ve got 5 new files of ZitMo: 4 for Blackberry and 1 for Android. As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we�ve got a ZitMo dropper file for Blackberry.
As for Android, there is only one .apk dropper. But this ZeuS-in-the-Mobile for Android has been modified and now looks like a �classic� ZitMo with same commands and logic.
Countries and C&C numbers
All samples of ZitMo we�ve seen so far target users from various European countries (Spain, Poland, Germany, etc). This case is no exception. Here is a list of countries from which users are threatened by new ZeuS-in-the-Mobile with C&C number from the sample.
Blackberry:
- Germany +46769436094
- Spain +46769436073
- Italy +46769436073
- Spain +46769436073
Android
- Germany +46769436094
To summarize, there are 3 countries (Germany, Spain and Italy) and 2 C&C numbers (both are Swedish). We found out that these cell phone numbers belong to Tele2 mobile operator in Sweden.
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Adware:W32/ClickPotato.A
T-Mobile Adding microSIM Kits For iPhone 4/4S, Training Employees For 'Selling Against The iPhone'
Based on both pieces of information that just came into our inbox, we?re trying to draw two conclusions, one that T-Mobile isn?t getting the iPhone 5, which shouldn?t surprise anyone. The second is that with the receipt of new Monthly4G microSIM kits supporting the iPhone 4 and iPhone 4S, T-Mobile is close to announcing some news about their network refarm.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Can Curiosity Mars mission inspire like Apollo?
Neil Armstrong inspired millions with his moonwalk. Can a feisty robotic rover exploring Mars do the same for another generation? With manned missions beyond the International Space Station on hold, the spotlight has turned on machines.
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Trojan-Spy:W32/FinSpy.A
eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri
Samsung's Plan to Keep Its Phones on the Market
Following its�patent lawsuit victory, Apple�might want to�take your Samsung device off the market, but Samsung has vowed to take "all necessary measures" to prevent that from happening.�To do this, the Apply copy-cat has three options, according to a spokesperson talking with The Wall Street Journal's Evan Ramstad: Filing to stop the injunction, appealing if the judge grants it, and modifying products. ...
Trojan:Android/DroidKungFu.C
Singapore suffers from 'false sense of security'
Singapore's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontlines of online attacks have lulled local businesses into a "false sense of security" which leaves them vulnerable.
According to Ngair Teow Hin, founder and CEO of security firm SecureAge, the "vibrant" security scene in the city-state with more than 100 security companies here, and existing laws such as the Computer Misuse Act, help deter people from hacking into organizations here. This can be seen by the low number of reported security incidents, he added.
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial