Forensics: “Unknown Flash Movie Virus”
For a friend….
ESTIMATE: Embedded Flash Movie Malware Payload
NOTE: Possible Network Attack Associated – Botnet/Botmaster
SEE: Common Types of Network Attacks – TechNet – Microsoft
(According to payload that executed, spoofed PC Identity apparent, unsuccessful)
DEVICE: Windows Vista HP (Home Premium) SP2 (Service Pack 2, Fully Patched) / IE9 (Internet Explorer Version 9) – on Home Network / Microsoft Security Essentials installed/running.
Viewing Flash Movie in embedded webpage player. Best description from user was sudden turbulence of browser and disconnection and system crashings and then the WGA (Windows Genuine Advantage) panel pop up on restart identifying PC as an illegitimate copy of Windows was running. Connectivity was not further possible.
A full payload forensics was suspended citing any in-the-wild attack or proof-of-concept – and is not being posted publicly. Operating System was reinstalled to Factory Fresh – wiping the disk – now fully patched to current operation.
HISTORY: New virus first to infect Macromedia Flash (January 8, 2002)
Apparently malware payload (not just a virus) executed on Windows Vista HP SP2 / IE9 while viewing flash movie in an embedded player at website. This was the only affected computer on a Home Network with other computers unaffected. Other peripherals and router were not affected. This may constitute as specific targeting of the IP via Network Attack. It seems possible a botnet infection was unsuccessful as connectivity was destroyed, yet the operating system was spoofed and identified as now a pirated copy of Windows via WGA technologies apparently. There were no ransomware activities observed http://en.wikipedia.org/wiki/Ransomware_(malware) …thus the spoofing of the Windows OS (operating system) itself as now a pirate copy indicates the WGA notification window/panel was valid and not a fake shell as some ransomware scam. Note it is possible it was simply a targeted payload to simply destroy the system from further use as the intended malware malicious intent.
Apparent multi-malware payload executed through infected flash movie possibly originating from Apple/Mac computer as possibly an iFrame Movie.
iFrame (video format)
Universally and historically Apple/Mac users are in ‘caveman’ days as not using antimalware. Recently things have changed, as infections have increased dramatically in infancy for this operating system. Linux even more so, their users are now told it is “polite” to use antivirus to protect uploading or exchanging any Windows infecting files from a Linux computer that do not affect Linux – but will infect Windows PCs. Newer Community guidelines. Years ago…..
Microsoft JPEG Vulnerability and the Six New Content Security Requirements
In November 2004, a critical Microsoft security vulnerability (MS04-028) was discovered which could allow attackers to embed malicious code inside JPEG image files. Until that time, JPEG image files were considered immune to attack. To effectively deal with this vulnerability, security and IT professionals need to incorporate six new and critical content security requirements into their networks.
…..so that this is the idea with an infected flash movie. Simply visiting a website with the infected picture (JPEG) would infect the unprotected PC. Same with infected flash files is apparent here as source of infection.
NOTE…. Was a novice user and is believed there were possible additional clicks not mentioned possible that caused the malware payload execution.
With a multi-malware payload as opposed to just a virus, the operating system was reinstalled / restored to Factory Fresh condition – wiping the disk first of all data. A much higher quality paid subscription antimalware product was installed and absolutely recommended! Note that Microsoft Security Essentials was the installed and active protection on the PC…. HOWEVER:
Is Microsoft Security Essentials adequate protection?
Review: Microsoft Security Essentials
Microsoft Security Essentials bombs AV-TEST, loses certification
Microsoft Security Essentials Fails Tests, Loses Antivirus Certificate
Microsoft Security Essentials fails AV-TEST again
Microsoft fights back on antivirus certification fail, claims malware tests …
PLEASE REVIEW THE FOLLOWING INFORMATION AND RECOMMENDATIONS….
How to Fix a Flash Virus | eHow.com
SWF (ShockWave Flash)
What Is a Flash Cookie?
Can Flash Extensions Be Harmful?
How to Check & Uninstall Flash Cookies
How to Clear Macromedia Flash Shared Objects
Website Storage Settings panel
Visit the Adobe Flash Player Settings Manager http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html
It is recommended to be aggressive here and deny all actually, especially noting that nefarious hackers break into microphones and webcams to spy. If having trouble after choosing to block all from being stored on computer go back and make adjustments. Any ‘faster’ use of allowing storage is antiquated and ancient as pertaining to 56K Dial Up years and years ago – as the vast majority have switched to broadband/dsl where available – not quite everywhere though (rural etc).
The BlueCollarPC.US (and former domain extensions) has always been a free Community Help Site and here is a mock severe billing if able to work from an official PC Repair Shop…… LOL
JOB BILL / TICKET #001
# Bench Charge………………….$75.00
# Forensics Basic / Suspended…….$25.00
(Normally $150.00 with full reporting)
# Reinstall Factory Fresh Windows…$50.00
# Fully Patched and Reinstalled
softwares, 18 hours (Vista SP2)….$100.00
Internet Explorer 8 Zero-Day,Microsoft Security Advisory (2847140)
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: Friday, May 03, 2013
Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.
Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly ……
[[[ Basically you can upgrade to version 9, or if you want to keep Version 8 then open Internet Options (Tools tab on browser or in Control Panel – click Classic View to see this) and click the Security Tab and shove the slide bar on left all the way up to HIGH which now stops all kinds of scripts at webpages and Active X and embedded autorun media players and etc etc etc. Keep quality antimalware installed and up to date as the only protection then – Real Time Protection heuristics or sometimes called HIPS etc. You can always retrograde back to Version 8 after an Emergency Out Of Cycle Patch/Fix is issued by Microsoft through Windows Updates and then Apply.
gerald philly pa usa ]]]
New Internet Explorer 8 Zero-Day Used in Watering Hole Attack …
6 hours ago … Symantec helps consumers and organizations secure and manage their
information-driven world. Our software and services protect against …
Microsoft admits zero-day bug in IE8, pledges patch – Computerworld
18 hours ago … Computerworld – Microsoft late Friday confirmed that a “zero-day,” or unpatched,
vulnerability exists in Internet Explorer 8 (IE8), the company’s …
Zero-Day Exploit Enabled Cyber-Attack on U.S. Labor Department – eWeekeWeek
In the latest incident of nation-state cyber-attacks, attackers slipped malware onto the agency’s site, apparently aiming to compromise nuclear-energy officials from the Department of Energy. Hackers compromised the U.S. Department of Labor’s Web site …
Internet Explorer zero-day exploit targets nuclear weapons researchers
Ars TechnicaAttackers exploited a previously unknown and currently unpatched
security bug in Microsoft’s Internet Explorer browser to surreptitiously
install malware on the computers of federal government workers involved
in nuclear weapons research, researchers …
What are Information – Data security threats?
By bluecollarpc – Last updated: Sunday, April 21, 2013
This is from an actual question I fielded as Antibotnet alternate Yahoo ID at yahoo Answers > Security….
Information security – threat? In information security what do we call a “threat” exactly? Hacker? or action itself aka eavesdropping/ system intrusion? Kinda confused about the concept http://answers.yahoo.com/question/index?qid=20130420123253AAJSqc2
MY ANSWER AS ANTIBOTNET YAHOO id (ALTERNATE id)
Best Answer – Chosen by Asker
Not sure if you mean general average user or actual IT Security ? The term threat to the average user computer is several fold.
Threat generally means malware such as a computer virus, worm, trojan, spyware etc. Malware can pose a threat to the actual operating system (Windows etc) as destrutive to the system and even hardware. It can destroy the operating system rendering it inoperable via corruption of files and/or actual deletion of system files such as by a worm.
Threats by spyware are generally referring to comprimising personal information generally always meaning financial information such as account numbers and pins etc that might be stored by a user in a document or text file etc. Another spyware category threat as “keylogger” can record everything being typed such as purchases online etc. Threat here means ultimately as an attempt as ID Theft, but also includes like personal photos and media etc that can be copied and transmitted in stealth from the infected unprotected computer. As well these threats to information includes all email contacts and any information there as a phone number, address, etc. – such as copy/transmitting these via spyware or even some viruses from the Contacts/Address Book information stored in the computer email programs contacts area. When you consider a broad term as “Social Engineering” you can place together additional areas of crime as stalking etc outside the computer system and worldwide web – robberies, kidnaps, and worst – due to threats to information or “data” stored in the computer.
Quality antimalware installed on the computer prevents these.
Threats also mean hackers trying to break into and take over a computer, and an acute looming threat if there is no personal software firewall installed.
Threat may also refer to security holes in the operating system and/or other softwares installed. These get patch/fix/update/upgrade through as example Windows Updates or similar in other operating systems as Linux, Apple/Mac etc.
It is on the enterprise corporate level in IT Security that refers to computer security for Home/Small Businesses all the way up to major companies/corporations etc. These are hired to address computing security for businesses against malware threats and much more. Computer forensics is an additional add-on or hired outside the/for the firm.
Biometrics security refers generally to physical type preventions as voice and retina and fingerprint recognition etc. to even gain entry into like a security firm as a major antivirus company as example. These too may include similar to even access a company computer. Threats to these areas are another area other than malware and an up to date fully patched computer.
SEE Zero Day threats…. also:
List of threats to PCs….
Challenges extending protection afforded to computer programs?
By bluecollarpc – Last updated: Friday, April 19, 2013
Challenges extending protection afforded to computer programs?
An actual good question put forth I fielded…. (handle “antibotnet” is a secondary one I use at Yahoo)
Q. What are some challenges with extending the extent of the protection afforded to computer programs? http://answers.yahoo.com/question/index?qid=20130418173109AALNJvq
Malware has become quite sophisticated over the years because of antimalware programs becoming the more. Briefly, the point is that cyber crimewares and their malicious users (generally for illicit profit) oft times seek “softer targets” then the usual drive-by infection or malware laced email attachments etc.
Some of these have been softwares installed on the PC affording a break in to the system and even install many malwares and to even attempt to disable existing antimalware installed to take over the computer for nefarious reasons.
Those creating software have had to include adding security to them – to create safer programs by code hardening etc.
There is a security company that has offered free to the community (for several years now) a program that completely automates updating softwares installed on the computer. Many times newer established software programs have Update buttons in them to manually check for and apply important updates. These may also include a program Upgrade to a newer version which will be safer security wise, and may include cosmetics/features upgrades or additions.
The “challenges” you ask, to me, would be learning about the computer system and all the many Settings it contains which includes Recommended Security Settings. In short, if you want to really get serious and tweak the system and softwares installed – you may ultimately run into a 100 settings to observe and change to preferences – security minded preferences as recommended.
The challenges as to keeping all installed softwares up to date with patch/fix/update/upgrade has been automated by a very durable program from Secunia – millions of users now. The PSI scans softwares and their creators for any issued. You can choose to automatically or manually update any available. You can choose to run it at start up or manually once every two weeks or monthly etc. Those challenges would be to comb every website the softwares were downloaded from – the product company – to see if there are any messages/notices about Updates available as opposed to Upgrades. These are issued time to time and not always posted on their websites. It becomes all too tedious unless using only a couple wares. Most users end up trying everything under the sun to have fun or productivity on their PCs – what you can do with them. That results in a too painstaking search for keeping things up to date.
I TOTALLY RECOMMEND …. (to automate the challenges safely) …..
Secunia Personal Software Inspector (PSI) The Secunia PSI is a free security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. http://secunia.com/vulnerability_scanning/personal/
“Free computer security Stay secure by updating insecure programs on your computer with the Secunia PSI
The Secunia Personal Software Inspector (PSI) is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can leave your PC open to attacks. Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it safe. The Secunia PSI even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC. Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.”
There is a total ongoing maintenance you learn by habit of manually “looking under the hood” – inspecting areas like Program Files, System32, Windows Registry, etc. Manually looking for malware entries. After first time spring cleaning of the PC and ongoing use of quality antimalware, this becomes a time to time task. It is good to know the PC like the back of your hand eventually.
Windows Updates of course are most times critical and important to install when issued. This should be set to automatic as recommended for the average user. You can check for missing Windows Updates with a click and quick scan using….
Microsoft Baseline Security Analyzer http://www.microsoft.com/en-us/download/details.aspx?id=19892
There are many more “power tools” to make you a “power user” . here are a few more….
Belarc Advisor http://www.belarc.com/free_download.html
jv16 PowerTools / PowerTools Lite http://www.macecraft.com/powertoolslite2011/
Microsoft Malware Prevention troubleshooter http://support.microsoft.com/kb/2534555
You will find a good short list here http://bluecollarpc.us/pc-help/ of the security technologies Microsoft has developed over the years and incorporated into the Windows Operating System.
Welcome all, archived blog installed….. We have imported our archived blog posts from our original BlueCollarPC @ WordPress security blog. This is located at https://bluecollarpcwebs.wordpress.com/
We will keep the free version and continue to post to it, as has been linked for years. I am the original webmaster of the BlueCollarPC .Net and .Org and lastly .US . The BlueCollarPC .Net originally began about year 2005 as a help and information site dealing with spyware as main course. There were many video help tutorials for download in several formats. This became a huge site trafficking about 2,700 to 3,000 Visitors monthly, and tolled in at just over 6 million by 2009. Those kinds of numbers are usually seen at small business sites, but I had just a simple personal website !
Being able to help that many people who found our site as a primary or a main additional site for help and instruction in PC security and malware removal outweighed any personal pride or egotism in hits counters. That is what it was launched for, genuine informed help – not a personality contest. It was humbling to see those kinds of numbers though.
Push come to shove, our site was attacked and there were several behind the scenes personal attacks against myself and equipment – attempts at destroying computers and mobile computer. These attacks were sophisticated dreaded botnet payload attacks and another as attempting circumventing Vista technology and destruction. So, my site theme being “BlueCollarPC” as a spyware removal site originally, now was upgraded to a full blown malware removal help and instruction site – all malware with heavy concentration into botnet detection and removal and restoration of damaged systems and I graduated through this all into Amateur Forensics (Computer Forensics). What did not kill us makes us stronger, and so it goes. All but the BlueCollarPC .US were closed with this new full malware removal site including information and help against all malware now as viruses, worms, trojans, rootkits, adware, spyware, botnets and bootkits. etc etc etc.
At the end of the decade (2000 to 2010) and into the new one, things seemed to be a ghost town at many help destinations as groups, forums, and lists, others. It seemed the whole “XP Generation” of the “XP Years” (Windows XP) had graduated and learned it all or enough to carry them through. Of course I invested into a Vista PC which was the actual crown jewel of the decade in security software – unprecedented as an operating system itself being the best security software available. To this day Windows Users are unaware that viruses could not run on Vista and neither the dreaded rootkit malware. UAC User Account Control was just one of these new security technologies in Vista. First hand, no lie, two or three times I saw a virus execute to install on my Vista (drive by hit – bad website, tried to install scareware fake antivirus programs). Sure enough and word for word from Microsoft – “viruses are not able to write to the disk in Vista”. They the payloads were in Temporary Internet Files. All I had to do was close the browser with the settings I had clicked to “Delete All Temporary Internet Files” etc. I also use and ran CCleaner offering a little more clean up. That was it. The virus was gone ! I then scanned with high quality antimalware to prove it. Zero infection. The point was, or joke, you did not even need antivirus with Vista – like “you’re kidding, you actually purchased antivirus for Vista ? What for ? ” Seeing is believing.
Windows 7 was the first time in history an operating system (Windows, Linux, Apple/Mac etc) was actually downgraded security wise. Users screamed about UAC. The security world kind of went with – what idiots, sorry to say. This did not make sense. It did not make sense worst, that Microsoft themselves accomadated them. LOL. You get what you pay for. They seemed to love no intrusion whatsoever on having a good time on the Net – utterly regardless of the dangers. It was like handing drunk teenagers the keys to the sports car. We all know how that ended. Many never made it home.
Enter Windows 8 with the new anti-rootkit / anti-bootkit technologies – the ‘secure boot’ Windows 8. Windows 8 is a gigantic leap forward from XP as blocking rootkits/bootkits from running before antimalware programs are able to boot to begin detecting malware attempting to run in the session. With XP, we all know if a rootkit was suspected it meant reinstalling Windows as the ONLY cure. The trouble was most anti-rootkit softwares were crap at detecting them and even worst at attempting to remove them. Enter Windows 8 new security technologies. THOSE DAYS are over with forever. Just before Windows 8 hit the streets there was hint at they could crack this. But as well there is new anti-malware softwares that can “cold boot” to detect this. Somewhat as being able to scan the system without even starting the computer and as it does start up. Bye bye, covered anyway.
Well back to re-launching BlueCollarPC.US – now in the WordPress format rather than the traditional website. Kind of all in one – blog and content, links. Spread the word – “We are back !” (StarTrekkies – Romulans and Enterprise Captain Picard in the Neutral Zone Confontation over Borg encroachments).
From our alternate back up website at https://sites.google.com/site/pcsecurityhelper/