Botnets: Everything Afraid To Ask Answered

Botnets: Everything Afraid To Ask Answered ….

This is a really good article covering about all the bases:

HTG Explains: What is a Botnet?
Botnets are networks made up of remote-controlled computers, or “bots.” These computers have been infected with malware that allows them to be remotely controlled. Some botnets consist of hundreds of thousands — or even millions — of computers. ….
http://www.howtogeek.com/183812/htg-explains-what-is-a-botnet/

Q: Computer trouble please help – MyPC backup

Fw: Yahoo! Answers: Your answer has been chosen as the best answer

http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/3260

Q: COMPUTER TROUBLE PLEASE HELP?
http://answers.yahoo.com/question/index?qid=20130722185843AA2oMp9
ok so ever since this MyPC backup thing has been on my computer my computer has been messing up lately iv been getting ads on every website that i have been on and this hasnt happened before it all started when the pc thing came and its been making me really angry and i downloaded adobe flash player so i could watch videos and it says i downloaded it and then it says you need adobe flash player to watch this video and i downloaded the latest one and then ads just come up everywhere like now on yahoo there are alot of ads just popping up all over my computer and on youtube and on every website please help me i dont know what to
do
http://answers.yahoo.com/question/index?qid=20130722185843AA2oMp9

MY ANSWER AS ANTIBOTNET YAHOO ID

Best Answer – Chosen by Asker
You will probably be shocked to find it that it is malware itself…
MyPC Backup.exe Description
http://www.enigmasoftware.com/mypcbackupexe-removal/
MyPC Backup.exe is a dangerous executable file, which is related to malware, specifically adware programs. MyPC Backup.exe can cause data loss on an affected computer system or even damage the whole PC. MyPC Backup.exe is installed on the infected computer  without the PC user’s permission and knowledge. MyPC Backup.exe makes the targeted computer vulnerable to other security threats. MyPC Backup.exe can steal valuable confidential information and information about the browsing history of the victim. MyPC Backup.exe may change search results in any legitimate search engine with web addresses of sponsored websites and and divert victims to these doubtful websites. MyPC Backup.exe may also replace the homepage and default search egnine with the suspicious URL. MyPC Backup.exe repeatedly displays numerous bogus alerts/ warning messages on the screen of the corrupted PC about a variety of security threats and even advertise rogue security programs in order to remove supposed malware infections.
Type: Malware

Because you were able to install and run this it means you do not have quality antimalware (antivirus plus antispyware) installed on the computer or it would have immediately quarantined it to keep it from running and spying on you and running adware.

TYPE INTO SEARCH ENGINE…. “MyPC backup adware malware” and you will see valid reports fom known legitimate security sites reporting it as malwar as well as other sites such as security forums etc were other users have same problems.

RECOMMENDED you immediately install quality antimalware program and perform a full scan of the computer and remove all threats found in results. Becasue “MyPC backup” is rated as a high risk malware it may even block you from installing antimalware. The way around that is to either set the computer into Safe Mode With Networking and try installing and then perform scans. In Safe Mode only the few neccessary Windows processes load and nothing else which as well stops malware from running and allows for it to be removed. There is also the portable antimalware you can install on a USB Drive (not USB media stick – DRIVE – that is same price). You then run the antimalware from that to remove malware. SAFE MODE …. TURN OFF PC OR HIT RESTART. AS IT IS STARTING UP – KEEP TAPPING THE F-8 KEY TOP OF KEYBOARD. The PC will produce the black screen with options and choose Safe Mode. Do what you need to do – install scan, remove – and simply Restart the PC and will automatically start up in Normal Mode as regular use.

Check Threats and what they are here… http://bluecollarpc.us/threats-faqs/
Check all kinds of good well known and trusted antimalware products here …
http://bluecollarpc.us/help-center/
There are the many Genuine Freeware home versions of antivirus and antispyware but they do not have Real Time Protection (Sometimes called HIPS) activated like the full pay program which is about 40-50 USD (US Dollars) yearly. However there are just a couple free ones with Real Time Protection activated like pay products if money is issue. Real Time Protection (heuristics) blocks all malware from installing on the computer in the first place 24/7 – always running.
Malware is the term for all threats as virus, worm, trojan, adware, spyware, rootkit etc. Antivirus blocks/deletes viruses, worms, rootkits and most trojans. Antispyware blocks/deletes adware, spyware, keyloggers, dialers, etc and many other trojans antivirus misses. Spyware itself can have in its payload (malware package installed) – keyloggers which record all keystrokes on the keyboard. It can perform snapshots of your computer screen – what you are looking at. It can copy make copies of your files (photos, media, documents, etc) and altogether all things it is recording is broadcasted out to cyber criminals owning it which in turn generally go right to trying to perform an IDTheft from gathered stolen data from the PC including even financial stuff like logging into pay bills or buy stuff with cards etc any like passwords and pin numbers stored on the computer or recorded by keyloggers when signing in.

TRY ….
30 day fully working free Eset Antimalware (about best in world)
Free 30-day Trial of ESET NOD32 Antivirus 6
http://www.eset.com/us/download/home/detail/family/2/?trl=ea
After 30 days it will stop working. You can buy it or then uninstall it after 30 days.

ALSO Emergency tries if things are blocked….
MalAware 1.0 http://www.emsisoft.com/en/software/malaware/
Emsisoft Emergency Kit 2.0
http://www.emsisoft.com/en/software/eek/

FULL PROTECTION FREE ONES:
http://antivirus.comodo.com/
http://www.microsoft.com/security_essentials/

Source(s):
http://www.enigmasoftware.com/mypcbackupexe-removal/
http://en.wikipedia.org/wiki/ESET_NOD32
http://www.betterantivirus.com/nod32-and-virus-news/archives/1456-December-2009-ESET-antivirus-scoops-59th-VB100-Award.html
http://www.microsoft.com/security_essentials/
http://antivirus.comodo.com/

— On Tue, 7/23/13, Yahoo! Answers <answers-alert@…> wrote:

> From: Yahoo! Answers <answers-alert@…>
> Subject: Yahoo! Answers: Your answer has been chosen as the best answer
> To: antibotnet@…
> Date: Tuesday, July 23, 2013, 12:54 PM
>
> Take me to
> Yahoo! Answers. I want to answer more questions!
> Hey,
> AntiBotnet, look what you got!
> Congratulations,
> you’ve got a best answer and 10 extra points!
> Your answer to the following question really hit the spot and has been chosen as the best answer:
> COMPUTER TROUBLE PLEASE HELP?
> Go ahead, do your
> victory dance. Celebrate a little. Brag a little.
> Then come back and answer a few more questions!
> Thanks for sharing what you know and
> making someone’s day.

trimmed!

Q: I have a Zeus Trojan called w32.infostealer.zeus?

Fw: Yahoo! Answers: Your answer has been chosen as the best answer

http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/3256

Q: I have a Zeus Trojan?
http://answers.yahoo.com/question/index?qid=20130722220727AAJJY0U
I have recently bought the game “Kerbal Space Program”, a somewhat popular game
where you have to build rockets to get to other celestial bodies. Well, many
people play it, and they don’t seem to have any viruses; it’s even on Steam.
Anyhow, my antivirus program (Webroot SecureAnywhere) detected a trojan in the
KSP (Kerbal Space Program) file. The virus was called “w32.infostealer.zeus”. My
antivirus program hastily deleted it, and did a reassurance scan to assure that
the trojan was completely gone. It apparently was, so I resumed what I was doing
before I had received the alert. That happened several days ago, and a few
minutes ago, I had received a second alert saying “Warning! Webroot
SecureAnywhere has detected a trojan! ‘w32.infostealer.zeus'”. The file location
was the KSP game patch file. How can I get rid of this trojan? I hear that it is
very dangerous. Please help!
http://answers.yahoo.com/question/index?qid=20130722220727AAJJY0U

MY ANSWER AS ANTIBOTNET YAHOO ID

Best Answer – Chosen by Voters

You have a world class top security program Webroot, which began as one of the
best antispyware programs world wide and towards the end of this past decade
combined with world class Sophos Antivirus which is big business/corporate
enterprise level protection and with Webroot is the only home user version of
it.

Just as a self replicating worm, this may be running an extra variant or even a
couple. With the self replicating worm it generally always takes two or more
scans and reboots to get all of it – and poof gone finally. I would not believe
you need anything more than the high quality security software you have
installed. No one may believe Webroot can not get rid of infostealer or the
infamous Zeus bot infection.

Try scanning and rebooting until you get no more warnings maybe the third time
is charm. painful aggravation and disruption.

You may want to put the computer into Safe Mode with Webroot fully updated and
THEN perform a full scan. Computer off or hit Restart. As the computer is
starting up keep tapping the F-8 key top keyboard. Black screen will appear with
diagnostic modes and choose Safe Mode. This only allows basic start up of
Windows processes and malware start up processes are not able to run. It is used
most times for security scans and safe removals unless trouble shooting other
start up software problems.

IF RUNNING WINDOWS 8…. you may want to install this ditty, works fine on
mine…
How to Make the F8 Key Work for Safe Mode in Windows 8
Booting into safe mode became non-trivial in Windows 8, especially if you were
accustomed to the old F8 shortcut. Here is how to get F8 working again.
Note: we aren’t necessary recommending that everybody make this change – we
are just showing that it is still an option. You can alternatively use some of
the new Windows 8 features to fix your computer instead. ….
http://www.howtogeek.com/164001/how-to-make-the-f8-key-work-for-safe-mode-in-windows-8/?utm_source=newsletter&utm_medium=email&utm_campaign=270513

The .zeus part of info stealer seems designating one variant rather than
indicating the Zeus infection. Info stealer is dangerous. Apparently if this is
the infection it is acting kind of as a trojan downloader or rootkit type
infection which is able to download more malware. It does not seem likely
Webroot can miss that evenm as a “backdoor” infection” . I read a little on it
and seems possible the associated website has had an infection which then when
the installed program does a kind of “call home’ it is a new infection and
possibly, possibly bypasssing detection as the program has been given permission
as a safe program as opposed to a PUP.

ADVANCED,,,
install … (it will show exactly what is running in start up and a heck of a
lot more….
Emsisoft HiJackFree (Genuine Freeware)
http://www.emsisoft.com/en/software/hijackfree/

SUPER ADVANCED… (if comfortable and knowledgable working with the Windows
Registry, have a look)
How to Remove an Infostealer Gampass Virus
http://www.ehow.com/how_6298658_remove-infostealer-gampass-virus.html

Source(s):
http://www.2-spyware.com/remove-infostealer-virus.html
http://en.wikipedia.org/wiki/Sophos
http://research.sunbelt-software.com/search.aspx?q=w32.infostealer.zeus&cx=015333630007296075731%3awpp8lbclop0&cof=FORID%3a11
http://search.eset.com/esetsite/index?page=answers&type=search&locale=en_US&option=none&question_box=w32.infostealer.zeus

— On Mon, 7/29/13, Yahoo! Answers <answers-alert@…> wrote:

> From: Yahoo! Answers <answers-alert@…>
> Subject: Yahoo! Answers: Your answer has been chosen as the best answer
> To: antibotnet@…
> Date: Monday, July 29, 2013, 1:24 AM
> Hey,
> AntiBotnet, look what you got!
> Congratulations,
> you’ve got a best answer and 10 extra points!
> Your answer to the following
> question really hit the spot and has been chosen as the best
> answer:
> I have a Zeus Trojan?
> Go ahead, do your
> victory dance. Celebrate a little. Brag a little.
> Then come back and answer a few more questions!
> Thanks for sharing what you know and
> making someone’s day.

trimmed!

BlueCollarPC Passes 8 million vistors

Welcome all, our BlueCollarPC.US (formerly BlueCollarPC.Net) passes the 8 Million Visitors mark!

Our original domain, the BlueCollarPC.Net, had just passed the 6 Million Visitors mark from 2005 until we moved to our present home – the BlueCollarPC.US in 2010. Originally, we started as a spyware information and free removal Commuity Help site in 2005. As malware became even more sophisticated, trojans trojans trojans, botnet infections were increasing and becoming more sophisticated as well.

In response, we simply expanded our site to be the full blown malware information and free removal Community Help Site. The term malware means simply all the catagory threats – both antivirus and antispyware catagories. Traditionally, viruses and worms and most trojans, and then rootkits added, were detected by traditional antivirus. Adware and then various and many spyware pacakages were then in the antispyware catagory of threats and detected, blocked, and removed by same – antispyware products.

So we then transferred our domain to the now BlueCollarPC.US for the new decade with a full emphasis in removal help of botnet infections – the new worst feared infection (massive payloads) surpassing rootkits. The greatest feared malware – rootkits – were unable to run on Windows Vista, but were always a dreaded infection for Windows XP. Now with Windows 8 and the new Secure Boot technology, rootkits are not able to start up and run on Win8. So the great botnet plague is now the worst feared enemy for the community of computer users and including all from Small Business all the way through Corporates etc. These are intensive massive payloads that need much removal diagnosis and help. There is generally always several areas of damage needing repair and resetting. They can even bypass traditional antimalware products if not up on their game – they walk through in seconds like it was not even there!

 

FROM OUR ABOUT PAGE….. HELP http://bluecollarpc.us/sample-page/

Webmaster of the BlueCollarPC.US
Former webmaster of BlueCollarPC.Net / BlueCollarPC.Org and BlueCollarPC.Webs.Com. We have moved to www.BlueCollarPC.US for the new decade 2010 ongoing. Data Processor Certificate 1970  (IBM029,Univac026 – Sperry Rand Univac 9200/9300 Series COBAL). Novice to Advanced User to Amatuer Computer Forensics on Windows PC. Advanced Linux User also now.
Location: USA

Welcome to the BlueCollarPC ……    A Community Help Website

BlueCollarPC.US Launched June 14 2010 Personal Website for General Audiences with Computing Safety and Malware Removal Help and Information as main theme which includes memberships available for live help – at our Groups and Forums. Formerly Webmaster of BlueCollarPC.Net from 2005 -2009 (over 6 million Visitors) and back up BlueCollarPC.Org [closed]

Welcome to the www.BlueCollarPC.US We Thank You for choosing us as your additional Computing Security destination !

For the record….. I began the BlueCollarPC Computing Security Community Website in 2005 at the original .Net website. I believe at that time, the .Com website was actually a PC Repair Shop which I was not connected with. Towards the end of 2009, the BlueCollarPC .Net created by me had enjoyed just over 6 Million Vistors/Users! – and are proud to have helped and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find.

 

How And Where To Report Cyber Crime
REPORT CYBER CRIME 


Internet Crime Complaint Center (IC3)

http://ic3.gov/
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3′s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes. read more >> http://ic3.gov/

Federal Trade Commission (USA) Complaint Input Form
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
If you believe you have been the victim of identity theft, you may use the form below to send a complaint to the Federal Trade Commission (FTC). The information you provide is up to you. However, if you don’t provide your name or other information, it may be impossible for us to refer, respond to, or investigate your complaint or request. To learn how we use the information you provide, please read our Privacy Policy.

Federal Bureau of Investigation – Cyber Investigations – Cybercrime
http://www.fbi.gov/cyberinvest/cyberhome.htm

Computer Crime & Intellectual Property Section
http://www.cybercrime.gov/

WiredSafety.Org
http://www.wiredsafety.org/911/
Our Cyber911 Help tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement…

ReportCybercrime.Com (Private)
http://www.reportcybercrime.com/
Also, through our interactive forum you can get opinion of specialist attorneys and lawyers. Each lawyer in practice will give his opinion on matters, which are raised in the forum. You Can post queries view answers from experts and improve upon your knowledge base…

How to Report Cybercrime
http://www.katiesplace.org/report_cybercrime.html
WiredSafety’s Cyber911 Emergency tipline is not intended to replace law enforcement emergency 911, 999 and other numbers worldwide. It is to help people know where to get help when they are being victimized online, and to provide help when help is needed. We work closely with law enforcement around the world, and require that when offline threats are involved that local law enforcement be notified before we can offer assistance to the victim or their local law enforcement.

Take a Bite Out of Cyber Crime
ByteCrime.Org
http://www.bytecrime.org/

Security product vendors
Links to developers and vendors of computer and network security products and services…
http://www.virusbtn.com/resources/links/index?ven

AEC (Trustport)
AVG (formerly Grisoft)
Agnitum (Outpost)
AhnLab (V3Net)
Aladdin (eSafe)
Alwil Software (avast!)
ArcaBit (ArcaVir)
Authentium (Command)
Avira (AntiVir)
BitDefender (formerly Softwin)
Bullguard
CA (Corporate)
CA (Home user)
Central Command (Vexira)
Check Point (ZoneAlarm)
ClamAV (open source)
Comodo (BOClean)
Cybersoft (VFind/VTSK)
Doctor Web
ESET (Nod32)
Ewido
F-Secure
Filseclab (Twister)
Fortinet
Frisk Software (F-PROT)
G DATA (AVK)
Ggreat
HAURI (ViRobot)
IBM ISS (Proventia)
Ikarus
Intego (Mac specialist)
Iolo
K7 Computing
Kaspersky Lab
Kingsoft
Lavasoft (AdAware)
McAfee, Inc. (formerly Network Associates)
MicroWorld Software (eScan)
Microsoft (Forefront)
Microsoft (OneCare)
Moon Secure (open source AV for Windows project)
New Technology Wave Inc. (VirusChaser)
Norman Data Defense Systems
PC Tools (Spyware Doctor)
Panda Software
Per Systems
Proland Software (Protector Plus)
ProtectMac (Mac specialist)
Quick Heal Technologies
Rising
SecureMac (MacScan)
Sophos
SpyBot – Search & Destroy
Sunbelt Software (CounterSpy, Vipre)
Symantec Corporation (Norton)
Trend Micro Inc.
VirusBlokAda (VBA32)
VirusBuster Ltd.
Webroot (Spy Sweeper)
eEye Digital Security (Blink)

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

BELOW IS MOST OF WHAT THE AVIRA TOOL IS DOING WITH A CLICK ….

Tool available for those affected by the DNS-Changer
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199

The Truth About the March 8 Internet Doomsday
http://www.pcworld.com/article/250296/the_truth_about_the_march_8_internet_doomsday.html#tk.nl_spx_t_cbintro

US-CERT Current Activity – DNSChanger Malware
http://www.us-cert.gov/current/index.html
http://www.us-cert.gov/current/index.html#operation_ghost_click_malware

Hi all….. one area that is common with this area of malware changes is malware getting into the PC and changing “Hosts Files” for a redirect usually to more malicious websites for nefarious reasons. There are more key words for search such as “IP Spoofing” and “DNS Cache Poisoning” ….

http://www.webopedia.com/TERM/I/IP_spoofing.html
http://en.wikipedia.org/wiki/DNS_cache_poisoning

This is off the cuff but from years of experience with the “badware” as it is sometimes called for a universal term covering all and all they do. I am throwing an educated guess at the payload involved and may even involve some variants or residuals on individual basis per handfuls here and there of hundreds to thousands of personal computers. A Botherder or Botmaster is a Command and Control console type arrangement the culprit (s ) runs and attempts clandestine contact to infected computers that can go into the millions – but to partially set some aside to test out how their malware payload is holding up against detection. They may have purposely infected the handfuls with variants of the payload in an attempt to resurrect the whole episode all over again. They (cyber criminals) have become very, very sophisticated anymore. Any phrase like “doomsday” today can actually be no exaggeration anymore.

The measures taken here by the FBI et al are unprecedented and on the scale of “State Sanctioned”. It has been obviously a measure not only to attempt correction and for protection of all infected computers and their users private data – but to keep internet commerce itself alive, as the loss of millions would obviously have a large effect.

I admittedly only perform some amateur forensics and would need probably days upon days upon days to do a write up for full manual removal and correction of an affected system. I most likely could find the actual payload, as there are handfuls of company online search engines for just that. But, if one has a little savvy and wants to attempt further manual removal of the malware to avoid cost at a PC Repair Shop – here are some tips. Mind you, in this case a Shop will obviously advise to reinstall Windows after completely wiping (erasing) the disk first – a common automatic procedure with a Windows CD/DVD or if you have made an Emergency CD Repair CD/DVD. (I would advise do NOT hit “Repair” but go ahead and back up all files first you wish to save and the completely reinstall Windows and THEN also scan the backed up files for malware before reinstalling to the PC now in Factory Fresh condition. )

REVIEW THIS FOR HOSTS FILES….
Blocking Unwanted Parasites with a Hosts File
http://winhelp2002.mvps.org/hosts.htm
(In other words in this area you are looking for how to Restore your Hosts
Files before infection that changed them.)

How can I reset the Hosts file back to the default?
http://support.microsoft.com/kb/972034
MICROSOFT FIX IT TOOL ***** HOSTS FILES

ALSO….
How to reset Internet Protocol (TCP/IP)
http://support.microsoft.com/kb/299357

A Point of Entry and Attack is the firewall that may even have been circumvented.
Tunneling to circumvent firewall policy
http://en.wikipedia.org/wiki/Tunneling_protocol#Tunneling_to_circumvent_firewall_policy
You may want to uninstall it and clean up left over files and registry
entries (Registry Cleaner) … Here is about the best and indeed they have finally released a free home version ….
PowerTools Lite 2011 [Genuine Freeware]
– The Freeware Registry and System Cleaner
http://www.macecraft.com/powertoolslite2011/
(Which is of course by the famous jv16 PowerTools – by far the top recommended for a decade, about. )

YUCK… one more area to review….

TCP reset attack
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/TCP_reset_attack

Bottom line….Above was posted for review, and hastily, if there are still problems and if need be to mention in the event of a necessary trip to the PC Repair Shop. Attempt recommended Avira Tool in these emails as advised. Check out the US CERT links if needed or as double check after Avira clean up – there is a link for detection at the FBI sight for anyone fearing infection I believe. (Avira has consistently had one of the best detection/blocking/removal ratings for years – visit VirusTotal).

AS I SUSPECTED THERE ARE MANY VARIANTS …… LIST (omg There are 23 variants presently ! ! ! – (Absolutely a Shop will advise to reinstall Windows without batting an eye)

*COMPUTER ASSOCIATES*
SOURCE / ONLINE SEARCH ENGINE AND TYPE IN “DNSChanger” as malware payload
look up…
CA Spyware Information Center (Search Engine)
http://www3.ca.com/securityadvisor/pest/
CA Spyware Information Center search engine (ComputerAssociates, makers of
PestPatrol and many security wares)
(*Malware search engine look up is top right)

SEARCH RESULTS: (hot links at results link for each below)
http://www.ca.com/us/search/default.aspx?q=dnschanger&sk=findthreat&backUrl=http%3A%2F%2Fwww.ca.com%2Fus%2Fspyware.aspx
1 DNSChanger B – CA Technologies Quick View
Description: DNSChanger B
Size: 36 KBDate: 01/09/20072 DNSChanger P – CA Technologies Quick View

Description: DNSChanger P
Size: 36 KBDate: 02/22/20123 DNSChanger P – CA Quick View

Description: DNSChanger P
Size: 50 KBDate: 11/20/20094 DNSChanger G – CA Technologies Quick View

Description: DNSChanger G
Size: 37 KBDate: 02/19/20125 DNSChanger C – CA Technologies Quick View

Description: DNSChanger C
Size: 36 KBDate: 04/19/20076 DNSChanger S – CA Technologies Quick View

Description: DNSChanger S
Size: 36 KBDate: 02/22/20127 DNSChanger U – CA Technologies Quick View

Description: DNSChanger U
Size: 36 KBDate: 01/29/20108 DNSChanger T – CA Technologies Quick View

Description: DNSChanger T
Size: 36 KBDate: 01/29/20109 DNSChanger M – CA Technologies Quick View

Description: DNSChanger M
Size: 36 KBDate: 02/21/201210 DNSChanger L – CA Technologies Quick View

Description: DNSChanger L
Size: 36 KBDate: 07/17/200911 DNSChanger – CA Technologies Quick View

Description: DNSChanger
Size: 36 KBDate: 06/14/200612 DNSChanger r – CA Technologies Quick View

Description: DNSChanger r
Size: 36 KBDate: 02/21/201213 DNSChanger I – CA Technologies Quick View

Description: DNSChanger I
Size: 36 KBDate: 02/20/201214 DNSChanger azf – CA Technologies Quick View

Description: DNSChanger azf
Size: 36 KBDate: 02/20/201215 DNSChanger H – CA Technologies Quick View

Description: DNSChanger H
Size: 36 KBDate: 02/19/201216 DNSChanger E – CA Technologies Quick View

Description: DNSChanger E
Size: 37 KBDate: 11/26/200717 DNSChanger D – CA Technologies Quick View

Description: DNSChanger D
Size: 37 KBDate: 02/19/201218 DNSChanger k – CA Technologies Quick View

Description: DNSChanger k
Size: 36 KBDate: 08/04/200819 DNSChanger A – CA Technologies Quick View

Description: DNSChanger A
Size: 36 KBDate: 07/29/200820 DNSChanger ayy – CA Technologies Quick View

Description: DNSChanger ayy
Size: 36 KBDate: 02/05/201221 DNSChanger arn – CA Technologies Quick View

Description: DNSChanger arn
Size: 36 KBDate: 03/11/200822 DNSChanger aum – CA Technologies Quick View

Description: DNSChanger aum
Size: 36 KBDate: 03/11/200823 DNSChanger F – CA Technologies Quick View

Description: DNSChanger F
Size: 37 KBDate: 02/19/2012
——–>

BASIC PAYLOAD…..
DNSChanger
Date Published:
Wednesday, June 14, 2006
Alias
W32/Backdoor.KGE [F-Prot Antivirus]
Overall Risk : HIGH
Category
Trojan: Any program with a hidden intent. Trojans are one of the leading
causes of breaking into machines. If you pull down a program from a chat
room, new group, or even from unsolicited e-mail, then the program is likely
trojaned with some subversive purpose. The word Trojan can be used as a
verb: To trojan a program is to add subversive functionality to an existing
program. For example, a trojaned login program might be programmed to accept
a certain password for any user’s account that the hacker can use to log
back into the system at any time. Rootkits often contain a suite of such
trojaned programs.
Date of Origin
date of origin: Variants from September, 2009 to September, 2009
Operation
DNSChanger: at least DNSChangerKB
Files:
[tn]dnschanger.exe
2701526
hgqhp.exe
kdrgh.exe
virtue_7884154
kdrgh.exe
hgqhp.exe
[tn]dnschanger.exe

WEBMASTER / http://www.bluecollarpc.us/

PS – a quality real time protection antimalware installed no doubt would have blocked this infection and variants to date. Cyber Crime Units have about the rest of all information needed no doubt by now with professional forensics performed.

 

Information: “Will Your Browser Go Dark on March 8?” (DNSChanger attack left overs)

Will Your Browser Go Dark on March 8? (DNSChanger attack left overs)
PC Magazine
This cyber criminal ring had infected about 4 million machines with malware worldwide, about half a million of them in the United States. FBI caught ’em. End of story, right? Well, not entirely. First, it’s important to understand what DNSChanger did….
http://securitywatch.pcmag.com/malware/293327-will-your-browser-go-dark-on-march-8 
“Yes, the FBI also offered a page to help with this problem. ….”
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

“Mustaca’s blog post explains how to determine whether your system is affected…..”
Avira DNS-Repair-Tool released
http://techblog.avira.com/2012/01/23/avira-dns-repair-tool-released/en/


NOTES you can also try a quick instant check for botnet infection here….

Online Tool Developed to Check for Botnet Activity   [wrkx w/ Netbooks]
BotnetChecker.Com
Go To: http://botnetchecker.com/
PRWeb via Yahoo! News Wed, 12 Dec 2007 5:00 AM PST
http://news.yahoo.com/s/prweb/20071212/bs_prweb/prweb575432_1
It is estimated that 1 in 4 computers on the internet today are part of a botnet. After observing bot activity from thousands of compromised computers, local administrator develops easy way to check for botnet activity.

Trend Micro RUBotted (free) 4-5* (Detect only) [wrkx w/ Netbooks]
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted
Malicious software called Bots can secretly take control of computers and make them participate in networks called “Botnets.” These networks can harness massive computing power and Internet bandwidth to relay spam, attack web servers, infect more computers, and perform other illicit activities.
Security experts believe that millions of computers have already joined Botnets without the knowledge of their owners. By using remotely-controlled computers, the criminals in charge of the Botnets try to remain anonymous and elude authorities seeking to prosecute them. RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

ADVANCED:

Bothunter – Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Bothunter
BotHunter is a free utility for Windows XP and Unix, which aims at detecting botnet activity within a network. It does so by analyzing network traffic and …
http://www.bothunter.net/ 

PLEASE SEE MY REPLIES FOR FURTHER INFORMATION AND REMOVALS….

What is Identity Theft – identity stolen? How? Defenses ?

What is Identity Theft – identity stolen? How? Defenses ?

Two prong… the old fashioned way of “dumpster diving” for account information, sifting your trash for statements etc. The other half is through your computer, generally via spyware threats and some viruses such as a ‘password stealing virus’ – hacking accounts, account break in, impersonation, phishing email threats. Just think of your PC as a great big database and you need to protect it as it moves around the Net in communicating.

Install quality known high detection rated antivirus, antispyware (with Real Time Protection – only ! – free stuff does not do that), and a personal firewall. That is how to protect your computer system and files and communications from snoops. Pretty simple. There are some additional utilities and it is imperative now to finally upgrade to the latest version of Internet Explorer – versions 7, and latest 8, have the latest state of the art Microsoft anti-phishing technologies which block going to phishing sites that steal identities. Another to add is to check any accounts like the credit report scenario for new accounts being opened in your name and criminals maxxing out the account – the other half of stealing info, impersonation. That’s why they highly recommend monitoring all accounts and your name.

How on PC ? Spyware threats and certain crafted viruses as a “password stealing virus”. Spyware threats can add “keyloggers” which transmit everything you type and can add taking screenshots of anything you are looking at on the screen and is transmitted like when transacting, logging into accounts etc.

News … (scope) :
Identity theft costs a record $56.6 billion
http://www.identitytheftdaily.com/index.php/20090223506/Prevention/Identity-theft-costs-a-record-$56.6-billion.html
Identity Theft Daily – San Diego,CA,USA
Deloitte says that 51 percent of external attacks on financial institutions were
phishing followed by spyware at 48 percent. Recent laws in eight states let …MORE

Numbers are about even at 54 Billion a year in the USA – 3 years running ! – and went down to about 45 Billion last year, 2009. About 4 percent of Americans have become “un-people” (Orsin Wells book ? right author ?) as never being able to get credit ever again. These accounts/persons were not able to be fixed to satisfy or prove ID Theft etc. to repair their name and credit. It is a mess and highly scary. Keep diligence online to avoid infection (even with the best of quality security defense products) – dubbed “Safe Practices” (search). Try US CERT for some good help.

Here is a good link to become familiar with the actual threats (malware) that do this…..
Threats FAQs http://bluecollarpc.us/threatsfaq.php

Even more ways they do it are check washing and they have your blank check with signature. Banks, others, sell the anti-water washing checks that cost just a tad more. They even sell the special pens now that block that too, that deeply imprint writing that can’t be check washed. (Check washing is taken a check made out to anything and then put it in a special little tub of chemical that erases the hand written stuff only and then they fill it in again to some amount).

Another way even more are the “phisher emails” that are fake emails that look like any financial type communication but are actually fake and have some lead line like “your account needs to be updated, changed, new password reset, etc.” When you hit the link they provide to go to that (you’ve been phished) it generally leads to a data colecting site invisible to the eye. See Pharming too. Internet Explorer Version 7 and newest 8 both have the Microsoft anti-phishing technologies that block almost all of this to aid the community and is why it has always been mandatory to have the latest greatest version of any browser because the newest has the top tech available in browser security.

Always set all browsers to delete all “temporary internet files” every time you close it. These areas are hacked into by badware to retrieve info in. These show all the graphics of every where you go with the browser and also cookies so that they know what site you actually logged into. Java should be set to not store temporary internet files because it is the area trojans hack into to avoid detection. Various Java applications will reveal your browsing history as well. Access Java settings at Start / Control Panel / Java… and double click it or right click – open… click the “Do Not Store temporary files on computer”.

“Social Enginneering” means they hunt around social networking destinations and forums and boards for “chatty cathys” blabbering away about these sensitive personal things to figure out how to trick a User into clicking something to infect with the above mentioned crimewares and scenarios.
http://www.microsoft.com/protect/terms/socialengineering.aspx (Obviously Facebook is now the largest target with over 400 million users and is too, too public for this)

A plague right now has been the fake security products (scareware) which are actually the above infections doing the same but tricking into buying it from fake pop ups of “Your Computer is infefected with such and click here to buy this super duper malware removal to clean the infection” etc.

Keep Windows Updates on Automatic for all critical and important Updates issued every second Tuesday of the month dubbed “Patch Tuesday” and currents…..
http://www.networkworld.com/news/2010/060310-microsoft-plans-gigantic-patch-tuesday.html?source=nww_rss (Windows Updates is your computer “lifeline” for latest programming vernabilities Updates/Fixes – blocking enabling hackers and crimeware to snoop and take over the computer itself. As well, top optimization and “make overs”, Upgrades/Updates, Service Packs, additional driver updates, etc. are retrieved here and available for installation. Use the “Custom Scan” option for these.)
More …. (current threat)
http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for2

Keep all software up to date fully patched and try popular recomended Secunia PSI (personal software inspector) from well known Secunia.com http://secunia.com/vulnerability_scanning/personal/ used by millions.

Just like Windows, all other outdated unpatched softwares can be hacked into by these crimewares – the new “soft target” for crimeware entry (crimeware – viruses and worms are illegal and spyware according to laws). PSI will scan fast all software and presents the links for the free updates issued by the software companies and makers – many times also posted at their product website. Many newer softwares have an Update button (not talking about buying Upgrades – but updates) and can be set to check for updates like daily, weekly monthly. This is how you know you have a higher quality software, and security attended, as opposed to some free do-dad thingy somewhere from off some download destination and become outdated and dangerous in this manner – spring clean ! Dump old outdated unattended softwares not used often or ever (forgotten installation) if you can live without it, as is an unattended potentially dangerous entry point. For instance, it may be a utility of software from way back in the decade and is completely dangerous as obsolete in current threats – the product coding security-wise was not even invented yet and is an easy target for break in and even take over the computer system eventually.

Happy and Safe Computing !
Webmaster, http://www.bluecollarpc.org/

SOURCES..
http://en.wikipedia.org/wiki/Rogue_security_software
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.lavasoft.com/mylavasoft/rogues/latest
http://www.us-cert.gov/current/index.html#fbi_releases_warning_about_scareware

From our New Project ….
PC Security Helper
https://sites.google.com/site/pcsecurityhelper/
Posted by PC Security Helper Blog
http://pcsecurityhelper.blogspot.com/
Posted by BlueCollarPC.Org BlogCasts at 6/10/2010 4:22 AM
Categories: BlueCollarPC.Org Blog
Tags: riskware BlueCollarPC.Org Blog Windows Updates temporary internet files scareware stolen identity Security cyber crime crimeware ID Theft

%d bloggers like this: