Windows 8 and 8.1 gives malicious code the boot

Windows 8 and 8.1 gives malicious code the boot….

The following article needs some updating about today’s quality antimalware that has the new protections working with Windows 8 and 8.1….

Windows 8.1 gives malicious code the boot(s) TechRepublic The Windows operating system has a number of security controls, and most users have some sort of anti-malware security suite installed on their …
http://www.techrepublic.com/article/windows-81-gives-malicious-code-the-boots/

FOLLOW UP:

Threats/infection that launch before system:

Rootkit (definition) http://en.wikipedia.org/wiki/Rootkit

BOOTKITS Bootkits http://en.wikipedia.org/wiki/Bootkit#bootkit
A kernel-mode rootkit variant called a bootkit can infect startup code like the Master Boot Record (MBR), Volume Boot Record (VBR) or boot sector, and in this way, can be used to attack full disk encryption systems. An example is the “Evil Maid Attack”, in which an attacker installs a bootkit on an unattended computer, replacing the legitimate boot loader with one under his control.  Typically the malware loader persists through the transition to protected mode when the kernel has loaded, and is thus able to subvert the kernel. For example, the “Stoned Bootkit” subverts the system by using a compromised boot loader to intercept encryption keys and passwords. More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.

Today’s quality Antimalware products:

Early Launch Anti-Malware http://www.techopedia.com/definition/29079/early-launch-anti-malware-elam-windows-8?utm_source=tod_newsletter&utm_medium=email&utm_content=tod_more&utm_campaign=newsletter
What does it mean? Early Launch Anti-Malware (ELAM) is a Windows 8 security technology that evaluates non-Microsoft Windows boot time device/application drivers for malicious code. It is the first system kernel driver that starts in Windows 8 operating mode, before any third party software or driver. Techopedia Explains As a component of Secure Boot – also introduced in Windows 8 – ELAM is a detection driver used to identify malware, root kits or other malicious code/drivers initiated at system Read more »

(((Note …. newer technology for Windows 8 in antimalware (antivirus plus antispyware). Some additional links….)))

Windows 8 Early Launch Anti-Malware from Third-Party AV Vendors http://news.softpedia.com/news/Windows-8-Early-Launch-Anti-Malware-from-Third-Party-AV-Vendors-226789.shtml

Managing early launch anti-malware (ELAM) detections http://www.symantec.com/business/support/index?page=content&id=HOWTO81107

Windows 8 ELAM: too late, too little! http://www.virusbtn.com/conference/vb2012/abstracts/KulkarniJagdale.xml

How to configure Early Launch Anti-Malware Protection in Windows 8 http://www.bleepingcomputer.com/tutorials/configure-early-launch-antimalware-protection/

How to disable Early Launch Anti-Malware Protection http://www.bleepingcomputer.com/tutorials/disable-early-launch-antimalware-protection/

Understanding Early Launch Anti-Malware (ELAM) technology in Windows 8 http://www.thewindowsclub.com/earlylaunch-antimalware-elam-technology-windows-8

[Hot Fix] B0006 – The Early Launch Anti-Malware of Titanium 2013 does not load properly http://esupport.trendmicro.com/solution/en-US/1095123.aspx

Windows 8: Trusted Boot: Secure Boot – Measured Boot http://blogs.msdn.com/b/olivnie/archive/2013/01/09/windows-8-trusted-boot-secure-boot-measured-boot.aspx

-- 
SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Advertisements

Q: Computer trouble please help – MyPC backup

Fw: Yahoo! Answers: Your answer has been chosen as the best answer

http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/3260

Q: COMPUTER TROUBLE PLEASE HELP?
http://answers.yahoo.com/question/index?qid=20130722185843AA2oMp9
ok so ever since this MyPC backup thing has been on my computer my computer has been messing up lately iv been getting ads on every website that i have been on and this hasnt happened before it all started when the pc thing came and its been making me really angry and i downloaded adobe flash player so i could watch videos and it says i downloaded it and then it says you need adobe flash player to watch this video and i downloaded the latest one and then ads just come up everywhere like now on yahoo there are alot of ads just popping up all over my computer and on youtube and on every website please help me i dont know what to
do
http://answers.yahoo.com/question/index?qid=20130722185843AA2oMp9

MY ANSWER AS ANTIBOTNET YAHOO ID

Best Answer – Chosen by Asker
You will probably be shocked to find it that it is malware itself…
MyPC Backup.exe Description
http://www.enigmasoftware.com/mypcbackupexe-removal/
MyPC Backup.exe is a dangerous executable file, which is related to malware, specifically adware programs. MyPC Backup.exe can cause data loss on an affected computer system or even damage the whole PC. MyPC Backup.exe is installed on the infected computer  without the PC user’s permission and knowledge. MyPC Backup.exe makes the targeted computer vulnerable to other security threats. MyPC Backup.exe can steal valuable confidential information and information about the browsing history of the victim. MyPC Backup.exe may change search results in any legitimate search engine with web addresses of sponsored websites and and divert victims to these doubtful websites. MyPC Backup.exe may also replace the homepage and default search egnine with the suspicious URL. MyPC Backup.exe repeatedly displays numerous bogus alerts/ warning messages on the screen of the corrupted PC about a variety of security threats and even advertise rogue security programs in order to remove supposed malware infections.
Type: Malware

Because you were able to install and run this it means you do not have quality antimalware (antivirus plus antispyware) installed on the computer or it would have immediately quarantined it to keep it from running and spying on you and running adware.

TYPE INTO SEARCH ENGINE…. “MyPC backup adware malware” and you will see valid reports fom known legitimate security sites reporting it as malwar as well as other sites such as security forums etc were other users have same problems.

RECOMMENDED you immediately install quality antimalware program and perform a full scan of the computer and remove all threats found in results. Becasue “MyPC backup” is rated as a high risk malware it may even block you from installing antimalware. The way around that is to either set the computer into Safe Mode With Networking and try installing and then perform scans. In Safe Mode only the few neccessary Windows processes load and nothing else which as well stops malware from running and allows for it to be removed. There is also the portable antimalware you can install on a USB Drive (not USB media stick – DRIVE – that is same price). You then run the antimalware from that to remove malware. SAFE MODE …. TURN OFF PC OR HIT RESTART. AS IT IS STARTING UP – KEEP TAPPING THE F-8 KEY TOP OF KEYBOARD. The PC will produce the black screen with options and choose Safe Mode. Do what you need to do – install scan, remove – and simply Restart the PC and will automatically start up in Normal Mode as regular use.

Check Threats and what they are here… http://bluecollarpc.us/threats-faqs/
Check all kinds of good well known and trusted antimalware products here …
http://bluecollarpc.us/help-center/
There are the many Genuine Freeware home versions of antivirus and antispyware but they do not have Real Time Protection (Sometimes called HIPS) activated like the full pay program which is about 40-50 USD (US Dollars) yearly. However there are just a couple free ones with Real Time Protection activated like pay products if money is issue. Real Time Protection (heuristics) blocks all malware from installing on the computer in the first place 24/7 – always running.
Malware is the term for all threats as virus, worm, trojan, adware, spyware, rootkit etc. Antivirus blocks/deletes viruses, worms, rootkits and most trojans. Antispyware blocks/deletes adware, spyware, keyloggers, dialers, etc and many other trojans antivirus misses. Spyware itself can have in its payload (malware package installed) – keyloggers which record all keystrokes on the keyboard. It can perform snapshots of your computer screen – what you are looking at. It can copy make copies of your files (photos, media, documents, etc) and altogether all things it is recording is broadcasted out to cyber criminals owning it which in turn generally go right to trying to perform an IDTheft from gathered stolen data from the PC including even financial stuff like logging into pay bills or buy stuff with cards etc any like passwords and pin numbers stored on the computer or recorded by keyloggers when signing in.

TRY ….
30 day fully working free Eset Antimalware (about best in world)
Free 30-day Trial of ESET NOD32 Antivirus 6
http://www.eset.com/us/download/home/detail/family/2/?trl=ea
After 30 days it will stop working. You can buy it or then uninstall it after 30 days.

ALSO Emergency tries if things are blocked….
MalAware 1.0 http://www.emsisoft.com/en/software/malaware/
Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/eek/

FULL PROTECTION FREE ONES:
http://antivirus.comodo.com/
http://www.microsoft.com/security_essentials/

Source(s):
http://www.enigmasoftware.com/mypcbackupexe-removal/
http://en.wikipedia.org/wiki/ESET_NOD32
http://www.betterantivirus.com/nod32-and-virus-news/archives/1456-December-2009-ESET-antivirus-scoops-59th-VB100-Award.html
http://www.microsoft.com/security_essentials/
http://antivirus.comodo.com/

— On Tue, 7/23/13, Yahoo! Answers <answers-alert@…> wrote:

> From: Yahoo! Answers <answers-alert@…>
> Subject: Yahoo! Answers: Your answer has been chosen as the best answer
> To: antibotnet@…
> Date: Tuesday, July 23, 2013, 12:54 PM
>
> Take me to
> Yahoo! Answers. I want to answer more questions!
> Hey,
> AntiBotnet, look what you got!
> Congratulations,
> you’ve got a best answer and 10 extra points!
> Your answer to the following question really hit the spot and has been chosen as the best answer:
> COMPUTER TROUBLE PLEASE HELP?
> Go ahead, do your
> victory dance. Celebrate a little. Brag a little.
> Then come back and answer a few more questions!
> Thanks for sharing what you know and
> making someone’s day.

trimmed!

How And Where To Report Cyber Crime

How And Where To Report Cyber Crime

REPORT CYBER CRIME

Internet Crime Complaint Center (IC3)
http://ic3.gov/
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3’s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes. read more >> http://ic3.gov/

Federal Trade Commission (USA) Complaint Input Form
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
If you believe you have been the victim of identity theft, you may use the form below to send a complaint to the Federal Trade Commission (FTC). The information you provide is up to you. However, if you don’t provide your name or other information, it may be impossible for us to refer, respond to, or investigate your complaint or request. To learn how we use the information you provide, please read our Privacy Policy.

Federal Bureau of Investigation – Cyber Investigations – Cybercrime
http://www.fbi.gov/cyberinvest/cyberhome.htm

Computer Crime & Intellectual Property Section
http://www.cybercrime.gov/

WiredSafety.Org
http://www.wiredsafety.org/911/
Our Cyber911 Help tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement…

ReportCybercrime.Com (Private)
http://www.reportcybercrime.com/
Also, through our interactive forum you can get opinion of specialist attorneys and lawyers. Each lawyer in practice will give his opinion on matters, which are raised in the forum. You Can post queries view answers from experts and improve upon your knowledge base…

How to Report Cybercrime
http://www.katiesplace.org/report_cybercrime.html
WiredSafety’s Cyber911 Emergency tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement.

Take a Bite Out of Cyber Crime
ByteCrime.Org
http://www.bytecrime.org/

Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , . Comments Off on How And Where To Report Cyber Crime

Forensics: “Unknown Flash Movie Virus”

(((FORENSICS~BUILD)))

Forensics: “Unknown Flash Movie Virus”

For a friend….

ESTIMATE: Embedded Flash Movie Malware Payload
NOTE: Possible Network Attack Associated – Botnet/Botmaster
SEE: Common Types of Network Attacks – TechNet – Microsoft
http://technet.microsoft.com/en-us/library/cc959354.aspx
(According to payload that executed, spoofed PC Identity apparent, unsuccessful)

DEVICE: Windows Vista HP (Home Premium) SP2 (Service Pack 2, Fully Patched) / IE9 (Internet Explorer Version 9) – on Home Network / Microsoft Security Essentials installed/running.

SYMPTOMOLOGY:
Viewing Flash Movie in embedded webpage player. Best description from user was sudden turbulence of browser and disconnection and system crashings and then the WGA (Windows Genuine Advantage) panel pop up on restart identifying PC as an illegitimate copy of Windows was running. Connectivity was not further possible.

SUSPENDED FORENSICS:
A full payload forensics was suspended citing any in-the-wild attack or proof-of-concept – and is not being posted publicly. Operating System was reinstalled to Factory Fresh – wiping the disk – now fully patched to current operation.
HISTORY: New virus first to infect Macromedia Flash (January 8, 2002)
http://news.cnet.com/New-virus-first-to-infect-Macromedia-Flash/2100-1023_3-803829.html

SYNOPSIS:
Apparently malware payload (not just a virus) executed on Windows Vista HP SP2 / IE9 while viewing flash movie in an embedded player at website. This was the only affected computer on a Home Network with other computers unaffected. Other peripherals and router were not affected. This may constitute as specific targeting of the IP via Network Attack. It seems possible a botnet infection was unsuccessful as connectivity was destroyed, yet the operating system was spoofed and identified as now a pirated copy of Windows via WGA technologies apparently. There were no ransomware activities observed http://en.wikipedia.org/wiki/Ransomware_(malware) …thus the spoofing of the Windows OS (operating system) itself as now a pirate copy indicates the WGA notification window/panel was valid and not a fake shell as some ransomware scam. Note it is possible it was simply a targeted payload to simply destroy the system from further use as the intended malware malicious intent.

DIAGNOSIS:
Apparent multi-malware payload executed through infected flash movie possibly originating from Apple/Mac computer as possibly an iFrame Movie.

iFrame (video format)
http://en.wikipedia.org/wiki/IFrame_(video_format)

Universally and historically Apple/Mac users are in ‘caveman’ days as not using antimalware. Recently things have changed, as infections have increased dramatically in infancy for this operating system. Linux even more so, their users are now told it is “polite” to use antivirus to protect uploading or exchanging any Windows infecting files from a Linux computer that do not affect Linux – but will infect Windows PCs. Newer Community guidelines. Years ago…..

Microsoft JPEG Vulnerability and the Six New Content Security Requirements
http://whitepapers.silicon.com/0,39024759,60129423p-39000575q,00.htm
In November 2004, a critical Microsoft security vulnerability (MS04-028) was discovered which could allow attackers to embed malicious code inside JPEG image files. Until that time, JPEG image files were considered immune to attack. To effectively deal with this vulnerability, security and IT professionals need to incorporate six new and critical content security requirements into their networks.

…..so that this is the idea with an infected flash movie. Simply visiting a website with the infected picture (JPEG) would infect the unprotected PC. Same with infected flash files is apparent here as source of infection.

NOTE…. Was a novice user and is believed there were possible additional clicks not mentioned possible that caused the malware payload execution.

REMEDY:
With a multi-malware payload as opposed to just a virus, the operating system was reinstalled / restored to Factory Fresh condition – wiping the disk first of all data. A much higher quality paid subscription antimalware product was installed and absolutely recommended! Note that Microsoft Security Essentials was the installed and active protection on the PC…. HOWEVER:

Is Microsoft Security Essentials adequate protection?
http://bluecollarpc.us/2013/04/21/is-microsoft-security-essentials-adequate-protection/
Review: Microsoft Security Essentials
http://www.expertreviews.co.uk/software/1295698/microsoft-security-essentials
Microsoft Security Essentials bombs AV-TEST, loses certification
http://www.geek.com/articles/geek-pick/microsoft-security-essentials-bombs-av-test-loses-certification-20121129/
Microsoft Security Essentials Fails Tests, Loses Antivirus Certificate
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft Security Essentials fails AV-TEST again
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft fights back on antivirus certification fail, claims malware tests …
http://www.zdnet.com/microsoft-fights-back-on-antivirus-certification-fail-claims-malware-tests-arent-realistic-7000009998/

PLEASE REVIEW THE FOLLOWING INFORMATION AND RECOMMENDATIONS….

How to Fix a Flash Virus | eHow.com
http://www.ehow.com/how_5998536_fix-flash-virus.html

Adobe Flash
http://en.wikipedia.org/wiki/Adobe_Flash

SWF (ShockWave Flash)
http://en.wikipedia.org/wiki/SWF

What Is a Flash Cookie?
http://www.ehow.com/info_10020896_flash-cookie.html

Can Flash Extensions Be Harmful?
http://www.ehow.com/info_12229878_can-flash-extensions-harmful.html

How to Check & Uninstall Flash Cookies
http://www.ehow.com/how_5943906_check-uninstall-flash-cookies.html

How to Clear Macromedia Flash Shared Objects
http://www.ehow.com/how_6182429_clear-macromedia-flash-shared-objects.html

Website Storage Settings panel
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Visit the Adobe Flash Player Settings Manager http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html

It is recommended to be aggressive here and deny all actually, especially noting that nefarious hackers break into microphones and webcams to spy. If having trouble after choosing to block all from being stored on computer go back and make adjustments. Any ‘faster’ use of allowing storage is antiquated and ancient as pertaining to 56K Dial Up years and years ago – as the vast majority have switched to broadband/dsl where available – not quite everywhere though (rural etc).

WEBMASTER BLUECOLLARPC.US
http://bluecollarpc.us/

The BlueCollarPC.US (and former domain extensions) has always been a free Community Help Site and here is a mock severe billing if able to work from an official PC Repair Shop…… LOL

————

JOB BILL / TICKET #001

# Bench Charge………………….$75.00

# Forensics Basic / Suspended…….$25.00
(Normally $150.00 with full reporting)
Discounted!

# Reinstall Factory Fresh Windows…$50.00
…Discounted !

# Fully Patched and Reinstalled
softwares, 18 hours (Vista SP2)….$100.00

TOTAL ……..$250.00

Welcome all, archived blog installed

Welcome all, archived blog installed….. We have imported our archived blog posts from our original BlueCollarPC @ WordPress security blog. This is located at https://bluecollarpcwebs.wordpress.com/

We will keep the free version and continue to post to it, as has been linked for years. I am the original webmaster of the BlueCollarPC .Net and .Org and lastly .US . The BlueCollarPC .Net originally began about year 2005 as a help and information site dealing with spyware as main course. There were many video help tutorials for download in several formats. This became a huge site trafficking about 2,700 to 3,000 Visitors monthly, and tolled in at just over 6 million by 2009. Those kinds of numbers are usually seen at small business sites, but I had just a simple personal website !

Being able to help that many people who found our site as a primary or a main additional site for help and instruction in PC security and malware removal outweighed any personal pride or egotism in hits counters. That is what it was launched for, genuine informed help – not a personality contest. It was humbling to see those kinds of numbers though.

Push come to shove, our site was attacked and there were several behind the scenes personal attacks against myself and equipment – attempts at destroying computers and mobile computer. These attacks were sophisticated dreaded botnet payload attacks and another as attempting circumventing Vista technology and destruction. So, my site theme being “BlueCollarPC” as a spyware removal  site originally, now was upgraded to a full blown malware removal help and instruction site – all malware with heavy concentration into botnet detection and removal and restoration of damaged systems and I graduated through this all into Amateur Forensics (Computer Forensics). What did not kill us makes us stronger, and so it goes. All but the BlueCollarPC .US were closed with this new full malware removal site including information and help against all malware now as viruses, worms, trojans, rootkits, adware, spyware, botnets and bootkits. etc etc etc.

At the end of the decade (2000 to 2010) and into the new one, things seemed to be a ghost town at many help destinations as groups, forums, and lists, others. It seemed the whole “XP Generation” of  the “XP Years” (Windows XP) had graduated and learned it all or enough to carry them through. Of course I invested into a Vista PC which was the actual crown jewel of the decade in security software – unprecedented as an operating system itself being the best security software available. To this day Windows Users are unaware that viruses could not run on Vista and neither the dreaded rootkit malware. UAC User Account Control was just one of these new security technologies in Vista. First hand, no lie, two or three times I saw a virus execute to install on my Vista (drive by hit – bad website, tried to install scareware fake antivirus programs). Sure enough and word for word from Microsoft – “viruses are not able to write to the disk in Vista”. They the payloads were in Temporary Internet Files. All I had to do was close the browser with the settings I had clicked to “Delete All Temporary Internet Files” etc. I also use and ran CCleaner offering a little more clean up. That was it. The virus was gone ! I then scanned with high quality antimalware to prove it. Zero infection. The point  was, or joke, you did not even need antivirus with Vista – like “you’re kidding, you actually purchased antivirus for Vista ? What for ? ” Seeing is believing.

Windows 7 was the first time in history an operating system (Windows, Linux, Apple/Mac etc) was actually downgraded security wise. Users screamed about UAC. The security world kind of went with – what idiots, sorry to say. This did not make sense. It did not make sense worst, that Microsoft themselves accomadated them. LOL. You get what you pay for. They seemed to love no intrusion whatsoever on having a good time on the Net – utterly regardless of the dangers. It was like handing drunk teenagers the keys to the sports car. We all know how that ended. Many never made it home.

Enter Windows 8 with the new anti-rootkit / anti-bootkit technologies – the ‘secure boot’ Windows 8. Windows 8 is a gigantic leap forward from XP as blocking rootkits/bootkits from running before antimalware programs are able to boot to begin detecting malware attempting to run in the session. With XP, we all know if a rootkit was suspected it meant reinstalling Windows as the ONLY cure. The trouble was most anti-rootkit softwares were crap at detecting them and even worst at attempting to remove them. Enter Windows 8 new security technologies. THOSE DAYS are over with forever. Just before Windows 8 hit the streets there was hint at they could crack this. But as well there is new anti-malware softwares that can “cold boot” to detect this. Somewhat as being able to scan the system without even starting the computer and as it does start up. Bye bye, covered anyway.

Well back to re-launching BlueCollarPC.US – now in the WordPress format rather than the traditional website. Kind of all in one – blog and content, links. Spread the word – “We are back !” (StarTrekkies – Romulans and Enterprise Captain Picard in the Neutral Zone Confontation over Borg encroachments).

From our alternate back up website at https://sites.google.com/site/pcsecurityhelper/

Welcome to the BlueCollarPC Security Helper!
SPECIAL NOTE: Our Main Domain BlueCollarPC.US is being closed June 2012.
For the record….. I began the BlueCollarPC Computing Security Community Website in 2005 at the original .Net website. I believe at that time, the .Com website was actually a PC Repair Shop which I was not connected with. Towards the end of 2009, the BlueCollarPC .Net created by me had enjoyed just over 6 Million Vistors/Users! – are proud to have been a part of it all and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find.

Catch Up With Java Malware Information

Catch Up With Java Malware Information….. Day after day seemingly, week after week, for about 100 days or more it seems cyber crime has declared war on Java a handful of ‘zero days’ as well have been suffered. For security reasons it has been actually advised to disable Java in ALL browsers and even uninstall Java from the computer. This has been no joke if you have not been keeping up with all the security warnings and actual INFECTIONS occurring via exploiting Java ! READ ON TO CATCH UP IF YOU MUST ! ! ! FOLLOW THE TIMELINE TO DATE….

CLICK THE MESSAGE LINKS TO GO TO THE WEBSITE AND FULL STORY DETAILS….

 Aug 29, 2012

US-CERT Alert – Oracle Java 7 Security Manager Bypass Vulnerability
Fw: US-CERT Alert TA12-240A – Oracle Java 7 Security Manager Bypass Vulnerability…System US-CERT Alert TA12-240A Oracle Java 7 Security Manager Bypass Vulnerability…Yet * Let’s start the week with a new Java 0-day in Meta…..

Critical Java 0-day flaw exploited in the wild
Critical Java 0-day flaw exploited in the wild Posted on Aug 27, 2012 06:11 pm Researchers…security firm FireEye have discovered targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims…

Aug 30, 2012

Unpatched Java exploit spreads like wildfire
Unpatched Java exploit spreads like wildfire Naked Security Sophos customers are proactively protected against the malware payload as Troj/Agent-XNE and the malicious Java applet as Mal/JavaKnE-H. Sophos endpoint customers using our web protection…

Java 7 Under Attack: Researchers Advise It Be Disabled During The Interim
Java 7 Under Attack: Researchers Advise It Be Disabled During The Interim CRN…thereof. “IT administrators’ only defense at the moment is to limit the use to Java,” wrote Wolfgang …

Disable Java NOW, users told, as 0-day exploit hits
web

Disable Java NOW, users told, as 0-day
exploit hits web Register The vulnerability allows…keylogger or some other
type of malware . The payload does not need to be a Java app itself. In
the form in which it …

Java 0-day exploit added to Blackhole kit, still no news
about patch

Java 0-day exploit added to Blackhole kit,
still no news about patch Posted on Aug 29, 2012 12:20 pm The recently
discovered Java zero-day flaw that has been spotted being used in limited
targeted attacks in…

Aug 31, 2012

Zero-day Java flaw exploited in targeted tax email malware attack
Zero-day Java flaw exploited in targeted tax email malware attack by Paul Baccas on August…cybercriminals have taken advantage of the critical zero-day flaw vulnerability in Java, sending out malicious emails which pretend to come from an accountancy firm…

Java Zero-Day Malware Attack: 6
Facts

Java Zero-Day Malware Attack: 6 Facts
InformationWeek Businesses are growing worried about drive-by infections by
malware that exploits two zero-day Java vulnerabilities. Attackers,
apparently operating from China, chained the two…

Java is Insecure and Awful, It’s Time to Disable It, and
Here’s How

Java is Insecure and Awful, It’s Time to
Disable It, and Here’s How As usual, there’s yet another security hole in the
Java Runtime Environment, and if you don’t disable your Java
plugin, you’re at risk for being infected with malware. Here…

Sep 1, 2012

Java 0-day exploit served from over 100 sites
Java 0-day exploit served from over 100 sites Posted on Aug 30, 2012 03:23 pm The problem of the two unpatched Java zero-day vulnerabilities that are actively exploited in the wild by attackers…

US-CERT Releases Oracle Java JRE 1.7 Security Advisory
Fw: US-CERT Current Activity – US-CERT Releases Oracle Java JRE 1.7 Security Advisory —–Original Message—– From…Awareness System US-CERT Current Activity US-CERT Releases Oracle Java JRE 1.7 Security Advisory Original release date: Tuesday…

Oracle releases patches for Java vulnerability CVE-2012-4681
http://thehackernews.com/2012/09/oracle-releases-patches-for-java.html
21
hours ago – Oracle has released a new patch which kills off a
vulnerability
in Java 7 that was being exploited by malware developers. “Due
to the high
severity of these …

Encyclopedia entry:
Exploit:Java/CVE-2012-4681.DM – Learn more
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2012-4681.DM
12
hours ago – Summary. This threat is detected by the Microsoft
antivirus
engine. Technical details are not currently available for this
threat. Top

Unpatched Java Vulnerability Exploited in Targeted
Attacks, Researchers Say

Unpatched Java Vulnerability Exploited in
Targeted Attacks, Researchers Say PCWorld (blog…has been … 

Oracle fixes Java 7 web browser flaw
Oracle fixes Java 7 web browser flaw IT PRO Software giant Oracle has finally released a patch…malware . The US government warned end users to be on their guard against Java 7 zero-day vulnerabilities … 

Oracle provides early patch for
Java

Oracle provides early patch for Java iTWire
The next Java update was scheduled for October 16…also includes fixes
for two other vulnerabilities affecting Java running …

Update Java in Control Panel ! Oracle releases security
patch for Java vulnerability

Oracle releases security patch for
Java vulnerability Siliconrepublic.com Before now, the only way to
protect computers from potential malware attacks exploiting this…

Sep 3, 2012

Oracle patches Java 0-day, researchers say there is
another one

Oracle patches Java 0-day, researchers say
there is another one Posted on Aug 31, 2012 02:09 pm Oracle has finally issued
an update for Java 7 (v 1.7.0_07) which solves the problem of the
CVE-2012-4681 vulnerability…

After patch, researchers find another Java vulnerability
After patch, researchers find another Java vulnerability SC Magazine Australia Hours after the company that maintains…

Oh No Not Again! New Java Vulnerability Uncovered In
Latest Java Update

Oh No Not Again! New Vulnerability Uncovered In
Latest Java Update Forbes Adam Gowdiak, CEO and founder of Security
Explorations, has…

Sep 5, 2012

Fake Amazon emails open the way for
malware

Fake Amazon emails open the way for malware Posted
on Sep 04, 2012 01:15 pm The CVE-2012-4681 Java zero-day vulnerability
might have been patched, but because it was added to the popular Blackhole
exploit kit and because most…

Fw: Another Java Security Flaw Appears After Oracle Patch
Another Java Security Flaw Appears After Oracle Patch TechWeekEurope…Researchers have uncovered another potentially Java security flaw, which could be used by hackers…Current Activity – US-CERT Releases Oracle Java JRE 1.7 Security Advisory ….

Rogue Microsoft Services Agreement emails lead to latest Java exploit
Rogue Microsoft Services Agreement emails lead to latest Java exploit Computerworld IDG News Service – Hackers are distributing…

Article: Thanks ever so much Java, for that biz-wide
rootkit infection

Thanks ever so much Java, for that biz-wide
rootkit infection Register Shortly after I awoke to…client called to inform me
his computer had contracted some malware . Java has, if you’ll forgive
the anthropomorphization of a bytecode virtualization…

Sep 14, 2012

Oracle confirms existence of another critical Java
flaw

Oracle confirms existence of another critical
Java flaw Posted on Sep 11, 2012 03:45 pm When Oracle finally patched the
CVE-2012-4681 Java 0-day that was being actively exploited…

Nov 2, 2012

Jacksbot Java malware can take control of Windows, Mac,
and Linux systems

Jacksbot Java malware can take control of
Windows, Mac, and Linux systems The Next Web…software company Intego
discovered malware which it classified as “a new Java backdoor trojan
called Java/Jacksbot.A.” New threats are discovered all…

Nov 24, 2012

Warning out vs new cross-platform
malware

…vendors warned computer users over the weekend
against a new malware that can potentially affect various platforms that support
Java. In a blog post, Trend Micro pointed out …

Jan 3, 2013

Java server malware targets Windows systems
Java server malware targets Windows systems SC Magazine Researchers have discovered a backdoor delivered by a malicious JavaServer Page (JSP), which targets vulnerable Java-based HTTP servers and allows an attacker to hijack infected systems. The malware…

Jan 12, 2013

New malware exploiting Java 7 in Windows and Unix systems
New malware exploiting Java 7 in Windows and Unix systems CNET The malware has currently been seen…OS X, may be able to do so given OS X is largely similar to Unix and Java is cross-platform. Additionally, the exploit is currently being …

Java flaw poses malware threat to PC users
Java flaw poses malware threat to PC users Financial Times A serious flaw in the Java software found on most personal computers could expose the machines to being…

New Java 0-day exploited in the wild
New Java 0-day exploited in the wild Posted on Jan 10, 2013 04:45 pm A new Java zero-day being exploited in the wild has been found. With the files we were…

Disable Java! Recent 0-day exploit is included in exploit kits
Disable Java! Recent 0-day exploit is included in exploit kits Posted on Jan 11, 2013 06:00 pm The Java zero-day that has recently been spotted being exploited in the wild has turned…

Jan 13, 2013

US-CERT Releases Oracle Java 7 Security
Advisory

Fw: US-CERT Current Activity – CERT Releases Oracle
Java 7 Security Advisory…Vulnerability Note VU#625617 to address a
vulnerability in Oracle Java Runtime Environment (JRE) 7 and earlier that
is currently…

Jan 15, 2013

Week in review: Java 0-day wreaking havoc, hiding
messages in Skype silences, Apple prevents popular app scam
tactic

Week in review: Java 0-day wreaking havoc,
hiding messages in Skype silences, Apple prevents popular app scam tactic Posted
on Jan 14, 2013 06:00 am…

US-CERT – Out-of-Band Patch to Address Java 7
Vulnerability Released

…Current Activity – Oracle Releases Out-of-Band
Patch to Address Java 7 Vulnerability…band patch to address the
recently announced vulnerability in Java Runtime Environment (JRE) 7.
US-CERT encourages users and…

Security: Homeland Security Warns About Java
Malware

Homeland Security Warns About Java Malware
DrJays.com Live A newly-discovered vulnerability
in…

How To disable Java in my web
browser

How do I disable Java in my web browser?
http://www.java.com/en/download/help/disable_browser…Macintosh OS X
•Browser(s): Internet Explorer, Firefox, Chrome, Safari •Java version(s):
7.0, 7u10+ FULL INSTRUCTIONS (easy) …..

Jan 16, 2013

Oracle patches critical 0-day with new Java
update

Oracle patches critical 0-day with new Java
update Posted on Jan 14, 2013 01:05 pm Oracle has released Java 7 Update
11, the computing platform’s newest version that patches…

Oracle delivers 86 security
fixes

…fixes Posted on Jan 16, 2013 10:06 am Oracle has
had two major updates in the last 2 days. On Sunday, Jan. 13 a new version of
Java 7 was released that addresses the 0-day vulnerability that has been
exploited in the wild. The Oracle C…

Surprised? Old Java exploit helped spread Red October
spyware

Surprised? Old Java exploit helped spread Red October spyware Register Unpatched Java installations…October on
Monday, …

Malware masquerades as patch for
Java

Malware masquerades as patch for Java
ITworld.com Hackers often disguise their malware as a legitimate…

Jan 21, 2013

Java Security ‘Fix’ Is Disguised Malware
Attack

Java Security ‘Fix’ Is Disguised Malware
Attack InformationWeek The malware may be…against browsers. The attack begins
with a Web page warning that a newer version of Java is required to …

Newest Java update doesn’t fix fresh critical
vulnerabilities

Newest Java update doesn’t fix fresh
critical vulnerabilities Posted on Jan 21, 2013 03:26 pm Another week, another
zero-day threatening millions of Java users. As you might remember, last
week Oracle released Java 7 Update 11, which…

Jan 28, 2013

Beware of fake Java
updates

Beware of fake Java updates CNET January 22,
2013 9:30 AM PST. Following recent security vulnerabili…vulnerabilities in
Java, malware developers are taking a new approach to exploit the
Java platform by issuing false updates that pose as legitimate updates
for the…

Java’s new “very high” security mode can’t protect you
from malware

Java‘s new “very high” security mode can’t
protect you from malware Ars Technica Security researchers have uncovered a
newly discovered bug in Oracle’s Java framework that allows attackers to
bypass important security protections designed…

Feb 2, 2013

US-CERT- Oracle Releases Out-of-Band Patch to Address
Java 7 Vulnerabilities

…Current Activity – Oracle Releases Out-of-Band
Patch to Address Java 7 Vulnerabilities —–Original Message—– From:
Current…out-of-band patch to address multiple vulnerabilities in the
Java Runtime Environment (JRE) 7 Update 11 and earlier. These
vulnerabilities…

Security: Firefox will block by default nearly all
plugins

Firefox will block by default nearly all plugins
Posted on Jan 30, 2013 08:08 pm Following the recent debacle of the critical
Java 0-day that was being actively exploited in the wild, in an attempt
to minimize its users’ attack surface Mozilla has enabled “Click…

Feb 6, 2013

Oracle rushes out emergency Java
patch

Oracle rushes out emergency Java patch
Posted on Feb 04, 2013 01:44 pm If you’re still among the users…computer, be
advised that Oracle has released a critical patch update for Java SE
(Java 7 Update 13) on Friday. …

Feb 18, 2013

Facebook disables Java after
hack

Facebook disables Java after hack
VentureBeat The malware came through another issue with Java…Department
of Homeland Security even recommended that people uninstall Java since
hackers were finding new …

Feb 20, 2013

Apple issues malware removal tool today,
attacked

…tool today The Verge “Apple has identified
malware which infected a limited number of Mac systems through a vulnerability
in the Java plug-in for browsers,” the company said in its statement.
“The malware was employed in an attack against Apple and other companies…

Apple victim of malware
attack

…malware attack. A small number of systems inside
the company were compromised. The malware attack was tied to a vulnerability in
a Java plug-in for browsers, Apple said in a statement sent via email.
“There is …

Feb 22, 2013

US-CERT Updated Release of the February 2013 Oracle Java
SE Critical Patch Update

…Current Activity – Updated Release of the
February 2013 Oracle Java SE Critical Patch Update —–Original
Message—– From…an updated February 2013 Critical Patch Update for Oracle
Java SE to address a vulnerability. This vulnerability could allow…

Apple Releases Code To Remove Java Hack
Malware

Apple Releases Code To Remove Java Hack
Malware Fast Company In the wake of this attack Apple…malware. The Apple hacks
happened when a vulnerability in Java, …

Latest Mac malware attack shows that Windows 8 is more
secure ?

…blog) Apple has admitted that Macs inside the
company were recently victimized by a malware attack. They were hacked in a
drive-by Java exploit. In response, Apple patched the security hole in
older systems vulnerable to the attack, and also released a tool …

Uninstalling the Terrible Ask
Toolbar

…your computer, don’t be ashamed – it could
happen to anybody. Especially considering that is bundled with the equally awful
Java runtime. Those people should be ashamed of themselves. ….

Mar 2, 2013

Java malware sets its sights on your Minecraft
passwords

Java malware sets its sights on your
Minecraft passwords Geek This piece of malware is quite a bit more
sophisticated, too. It’s made of multiple Java applets that are hidden
after being dropped onto a compromised system. The tool…

New Java 0-day exploited in ongoing
attacks

New Java 0-day exploited in ongoing attacks
Posted on Mar 01, 2013 03:48 pm FireEye has detected yet another Java
zero-day vulnerability being exploited in attacks in the wild. Affected
updates…

How To Use HiJackThis to find Malware infection Part One

How To Use HiJackThis to find Malware infection Part One

HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17

RUNNING A HJT LOG ANALYSIS PART ONE

There is always this need to review this magic utility – how to use it responsibly and SAFELY.

( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )

If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.

HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.

IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH

If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.

This may delete the executable file and possibly a “run” registry key, etc.

It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.
 
In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.

That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.

Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.

PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File

Webmaster:
Malware Removal / Amateur Forensics
Membership/Join List:
Free Malware Removal Help / A Community Website Since 2005
%d bloggers like this: