News

Only warnings are placed here or other important information. When you want to see what was updated on the site goto the forum.

22-02 Good news for all of you getting annoyed by those nigerian money scam emails sent out the last five years or so. Yesterday 12 Nigerians were arrested in the dutch cities of Amsterdam and Zaandam. The scam, also know as the 419-scam cost hundreds of people all their savings, or a part of it. The victims were mostly Americans so the U.S. has asked Holland to extradite four of the Nigerians. The victims were offered large sums of money, too large to be true. The only thing they had to do was give out all their personal account data and the money would be deposited but instead, you see it coming, their account was plundered. Or, the other part of the scam, victims needed to pay large fees to go ahead with the transaction, not once or twice, but the paying of the fees was stretched over time untill the victim got suspicious and the Nigerians had their money.

Sources: News

10-02

"Google today announced a new "feature" of its Google Desktop software that greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new "Search Across Computers" feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password.

"Coming on the heels of serious consumer concern about government snooping into Google's search logs, it's shocking that Google expects its users to now trust it with the contents of their personal computers," said EFF Staff Attorney Kevin Bankston. "Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files."

The privacy problem arises because the Electronic Communication Privacy Act of 1986, or ECPA, gives only limited privacy protection to emails and other files that are stored with online service providers—much less privacy than the legal protections for the same information when it's on your computer at home. And even that lower level of legal protection could disappear if Google uses your data for marketing purposes. Google says it is not yet scanning the files it copies from your hard drive in order to serve targeted advertising, but it hasn't ruled out the possibility, and Google's current privacy policy appears to allow it.

"This Google product highlights a key privacy problem in the digital age," said Cindy Cohn, EFF's Legal Director. "Many Internet innovations involve storing personal files on a service provider's computer, but under outdated laws, consumers who want to use these new technologies have to surrender their privacy rights. If Google wants consumers to trust it to store copies of personal computer files, emails, search histories and chat logs, and still 'not be evil,' it should stand with EFF and demand that Congress update the privacy laws to better reflect life in the wired world."

Source: EFF
Related Articles: News.com 1 2 Boston.com Sfgate.com

02-02 Who didn't see this one coming: The first bug in IE7 beta 2 has been discovered, witheen 15 minutes of the release *sigh. Read all about it here

30-01 The Emailvirus Nyxem.E will become active as of February 3rd.

The virus contains the following characteristics and is sent by mail using:

Subject:

*Hot Movie*
A Great Video
Arab sex DSC-00465.jpg
eBook.pdf
Fuckin Kama Sutra pics
Fw:
Fw: DSC-00465.jpg
Fw: Funny :)
Fw: Picturs
Fw: Real show
Fw: SeX.mpg
Fw: Sexy
Fwd: Crazy illegal Sex!
Fwd: image.jpg
Fwd: Photo
give me a kiss
Miss Lebanon 2006
My photos
Part 1 of 6 Video clipe
Photos
Re:
Re: Sex Video
School girl fantasies gone bad
The Best Videoclip Ever
You Must View This Videoclipe!

Body:

----- forwarded message -----
>> forwarded message
forwarded message attached.
Fuckin Kama Sutra pics
hello, i send the file. Bye
Hot XXX Yahoo Groups
how are you? i send the details.
i attached the details. Thank you.
i just any one see my photos. It's Free :)
Note: forwarded message attached. You Must View This Videoclip!
Please see the file.
Re: Sex Video
ready to be FUCKED ;)
The Best Videoclip Ever
VIDEOS! FREE! (US$ 0,00)
What?

Attachment name:

007.pif
04.pif
3.92315089702606E02.UUE
677.pif
Attachments[001].B64
document.pif
DSC-00465.Pif
DSC-00465.pIf
eBook.PIF
eBook.Uu
image04.pif
New_Document_file.pif
Original Message.B64
photo.pif
School.pif
SeX.mim
WinZip.BHX
Word_Document.hqx
Word_Document.uu

Once launched, masking its main functionality, the worm creates and opens a ZIP archive in the Windows system directory. The ZIP archive has the name as the original executable file, e.g.>%System%\Sample.zip

>When installing, the worm copies itself to the Windows root, system and start up directories under the following names:
%System%\New WinZip File.exe
%System%\scanregw.exe
%System%\Update.exe
%System%\Winzip.exe
%System%\WINZIP_TMP.EXE
%User Profile%\Start Menu\Programs\Startup\WinZip Quick Pick.exe
%Windir%\rundll16.exe

The worm then registers itself in the system registry, ensuring it will be launched each time Windows is rebooted on the victims machine: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="scanregw.exe /scan"

The worm also modifies the following registry keys:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"WebView"="0"
"ShowSuperHidden"="0" >

In addition the worm deletes files from the following subfolders in the Program Files folder:

\DAP\*.dll
\BearShare\*.dll
\Symantec\LiveUpdate\*.*
\Symantec\Common Files\Symantec Shared\*.*
\Norton AntiVirus\*.exe
\Alwil Software\Avast4\*.exe
\McAfee.com\VSO\*.exe
\McAfee.com\Agent\*.*
\McAfee.com\shared\*.*
\Trend Micro\PC-cillin 2002\*.exe
\Trend Micro\PC-cillin 2003\*.exe
\Trend Micro\Internet Security\*.exe
\NavNT\*.exe
\Kaspersky Lab\Kaspersky Anti-Virus Personal\*.ppl
\Kaspersky Lab\Kaspersky Anti-Virus Personal\*.exe
\Grisoft\AVG7\*.dll
\TREND MICRO\OfficeScan\*.dll
\Trend Micro\OfficeScan Client\*.exe
\LimeWire\LimeWire 4.2.6\LimeWire.jar
\Morpheus\*.dll

In addition the worm reads location of certain programs from Windows Registry and deletes certain files in these locations. The affected software is:

VirusProtect6
Norton AntiVirus
Kaspersky Anti-Virus Personal
Iface.exe
Panda Antivirus 6.0 Platinum

On the 3rd of each month, 30 minutes after the victim computer is rebooted, the worm will rewrite files with the following extentions:.doc
.xls
.mdb
.mde
.ppt
.pps
.zip
.rar
.pdf
.psd
.dmp

>Files corrupted by the worm contain the following text:DATA Error [47 0F 94 93 F4 F5]

Removal instructions:

There is no removal tool yet, though using an online scanner, see the other sections of this site, will remove the virus when you're infected

06-01 A nice surprise from Microsoft, though still late, the WMF vulnerability has been patched.

1. Reboot your system to clear any files from memory
2. Download and apply the new patch
3. Reboot
4. Uninstall the unofficial patch
a. Start->control panel->Add/Remove Programs. Look for "Windows WMF Metafile Vulnerability HotFix"
b. or at a command prompt:
"C:\\Program Files\\WindowsMetafileFix\\unins000.exe" /SILENT
c. or, if you used msi to install the patch on multiple machines you can uninstall it with this: msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn
5. Re-register the .dll if you previously unregistered it (use the same command but without the "-u"):
regsvr32 %windir%\\system32\\shimgvw.dll
6. Reboot
7. Go here to see whether you're protected. The link will open a WMF image trying to start the calculator. when it doesn't start, or when your virusscanner blocks access, you're safe and sound. when it does, contact Microsoft Support

05-01 For all those people using firefox for more secure surfing who are getting annoyed by having to start IE to enter the windows updatesite check this Firefox extension. It allows you to start IE as a tab in Firefox. Using the options of the extension you can also specifiy certain sites which should be opened in IE via Firefox. Nice when you encounter a site created for IE only.

05-01 Certain variants of the Sobervirus will, today and tomorrow, get out of a sort of 'hibernation', activating themselves, contacting websites containing malicious code used to spread the virus. The 'awakening' Sobervariants will be found when your virusscanner is up-to-date

04-01 The site of Ilfak Guilfanov has now been taken down, probably by it's host due to exceeding the bandwidth. A msi installer for the patch can be found here Edit: it's up and running again

03-01 The ISC (Internet Storm Center) has advised everyone using windows XP or to install the unoffical, unsupported WMF patch made by Ilfak Guilfanov (website unreachable most of the time due to the high number of visitors) . This is big news since the author of the patch has no ties with Microsoft and the patch still remains unsupported even though microsoft hasn't put a patch on their updatesite on 'patch tuesday'. File mirrors/translations/instructions:

To read all info about the WMFvulnerability go here

02-01 In Response to the big WMF security hole in windows XP a custom made patch has been posted. You can find it here but be very carefull since the patch is NOT supported by Microsoft

01-01-06 Everyone is waking up slowly today after a long long loooong night of celebrating. A happy spyware, adware and virusfree new year to everyone. Today everyone can rest but tomorrow be aware because, it's cliche' those threats are looking for an opportunity to enter your system

31-12 A Happy New Year to all of you allready in the year 2006, and best wishes to all of those still in 2005, like myself. Some more news about the tracking cookies mentiond 29-12. As it turns out the White House.gov website also uses cookies, implemented by a third party, namely Webtrends. The usage of cookies isn't prohibited, d'oh (!), but the usage of cookies on offical government websites is, unless they're needed for the normal functioning of the site (let users log in and out for example).

VIRUSWARNING! Especially for Dutch users. A 'Christmas Greeting' picture sent via MSN contains a dangerous worm which installs a keylooger. That way all the data you enter an be monitored, like creditcard numbers, passwords etc. Raise the MSN security options to the max and don't DON"T click on the link. when you've been infected go here

Older news:

If you have any info you think belongs on this site, a personal review of a program, virus information, surfing tips, or have additions, found dead links etc. Please contact the webmaster.