Wednesday, May 19, 2010
Sexiest virus on Facebook
LONDON: Social networking website Facebook(fb) has asked its users to be aware of a link saying it is the “sexiest video ever” that is spreading virus.
“If you get a posting on fb wall telling you ‘this is without doubt the sexiest video ever!’ which seems to be accompanied by a video titled ‘Candid Camera Prank [HQ]’, then don’t click on the video; it’s a lead-in to malware,” the website warned on May 18.
“Clicking the link will take you to what seems like a fb application which then tells you that your video player is out of date and encourages you to download a file. If you do, then the same ‘video’ plus link gets posted using your avatar to all your friends meaning it is spreading virally,” it said.
“Thousands of people received it. If you were one of them, you should scan your computer with an anti-virus, change your passwords, review your fb application settings, and learn not fall for a such trick,” Graham Cluley, a senior technology consultant at anti-virus company Sophos, was quoted by The Guardian as saying.
Source: Himalayan Times
“If you get a posting on fb wall telling you ‘this is without doubt the sexiest video ever!’ which seems to be accompanied by a video titled ‘Candid Camera Prank [HQ]’, then don’t click on the video; it’s a lead-in to malware,” the website warned on May 18.
“Clicking the link will take you to what seems like a fb application which then tells you that your video player is out of date and encourages you to download a file. If you do, then the same ‘video’ plus link gets posted using your avatar to all your friends meaning it is spreading virally,” it said.
“Thousands of people received it. If you were one of them, you should scan your computer with an anti-virus, change your passwords, review your fb application settings, and learn not fall for a such trick,” Graham Cluley, a senior technology consultant at anti-virus company Sophos, was quoted by The Guardian as saying.
Source: Himalayan Times
Labels: facebook, fake video, malware, virus payload
Tuesday, March 30, 2010
Koobface
Koobface
From Wikipedia, the free encyclopedia
Koobface, an anagram of Facebook, is a computer worm that targets the users of the social networking websites Facebook, MySpace, hi5, Bebo, Friendster and Twitter. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers. It was first detected in December 2008 and a more potent version appeared in March 2009.
Koobface spreads by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer's search engine use and direct it to contaminated websites.
Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC.
Several variants of the worm have been identified:
* Net-Worm.Win32.Koobface.a, which attacks MySpace
* Net-Worm.Win32.Koobface.b, which attacks Facebook.
* WORM_KOOBFACE.DC, which attacks Twitter.
* W32/Koobfa-Gen, which attacks Facebook, MySpace, hi5, Bebo, Friendster, myYearbook, Tagged, Netlog, Badoo and fubar.
The Windows operating system is currently the only operating system affected by this worm. Microsoft's Malicious Software Removal Tool, an antivirus program released to Windows Update twice a month, removes Koobface and other viruses/spyware, and cleaned over 800,000 computers of Koobface and similar threats.
Source: http://en.wikipedia.org/wiki/Koobface
Remove Koobface. Description and removal instructions
Title: Koobface
Also known as: W32/Koobface,W32.Koobface,W32/Koobface.AZ,Boface
Type: Worms
Severity scale:Koobface severity is 72 (72 / 100)
Koobface worm is distributed on social networks, usually on MySpace and Facebook. It embeds itself on victim’s profile and displays links to malicious websites. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors.
Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.
Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.”
Related files: Ld12.exe, fmark2.dat, fbtre6.exe, ld08.exe, freddy79
Koobface properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background
Koobface manual removal:
Kill processes:
freddy79 fbtre6.exe mstre6.exe ld08.exe Ld12.exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
Delete files:
freddy79 fbtre6.exe fmark2.dat ld08.exe Ld12.exe
Other programs to remove Koobface:
• Malwarebytes Anti Malware
• Windows Defender
Source: http://www.2-spyware.com/remove-koobface.html
From Wikipedia, the free encyclopedia
Koobface, an anagram of Facebook, is a computer worm that targets the users of the social networking websites Facebook, MySpace, hi5, Bebo, Friendster and Twitter. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers. It was first detected in December 2008 and a more potent version appeared in March 2009.
Koobface spreads by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer's search engine use and direct it to contaminated websites.
Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC.
Several variants of the worm have been identified:
* Net-Worm.Win32.Koobface.a, which attacks MySpace
* Net-Worm.Win32.Koobface.b, which attacks Facebook.
* WORM_KOOBFACE.DC, which attacks Twitter.
* W32/Koobfa-Gen, which attacks Facebook, MySpace, hi5, Bebo, Friendster, myYearbook, Tagged, Netlog, Badoo and fubar.
The Windows operating system is currently the only operating system affected by this worm. Microsoft's Malicious Software Removal Tool, an antivirus program released to Windows Update twice a month, removes Koobface and other viruses/spyware, and cleaned over 800,000 computers of Koobface and similar threats.
Source: http://en.wikipedia.org/wiki/Koobface
Remove Koobface. Description and removal instructions
Title: Koobface
Also known as: W32/Koobface,W32.Koobface,W32/Koobface.AZ,Boface
Type: Worms
Severity scale:Koobface severity is 72 (72 / 100)
Koobface worm is distributed on social networks, usually on MySpace and Facebook. It embeds itself on victim’s profile and displays links to malicious websites. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors.
Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.
Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.”
Related files: Ld12.exe, fmark2.dat, fbtre6.exe, ld08.exe, freddy79
Koobface properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background
Koobface manual removal:
Kill processes:
freddy79 fbtre6.exe mstre6.exe ld08.exe Ld12.exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
Delete files:
freddy79 fbtre6.exe fmark2.dat ld08.exe Ld12.exe
Other programs to remove Koobface:
• Malwarebytes Anti Malware
• Windows Defender
Source: http://www.2-spyware.com/remove-koobface.html
Labels: koobface definition, koobface removal, winxpert
Tuesday, March 23, 2010
Hello World
Labels: anti virus, exe virus, how to virus, microsoft antivirus, removal tool, remove virus, scan virus, spyware removal, tool removal, trojan virus, virus removal, virus remover, virus scan
Subscribe to Posts [Atom]