Hack This Site 2 is now Open!

March 8, 2008 – 2:31 PM

Hack This Site allows people to put their hacking skills to the test through a series of computer security challenges. Users are presented with fully-made mock websites, given a vague objective, and left to explore the security of the site on their own.http://www.hackthissite.org/

New Features:
Realistic Missions
User rankings and profiles
Articles & Resources
Hall of Fame

Have fun!

Please Stop Bouncing Infected Emails

March 8, 2008 – 2:30 PM

If the antivirus software installed on your mail server is set up to bounce emails with viruses attached, please turn that feature off. Unless you’ve been in a cave for the past week, you know that tens of millions -possibly hundreds of millions- of emails carrying the sobig.f virus have been hammering email servers worldwide. Not a single one of these emails has the real sender’s address in the FROM: field. Not one of them.

The person listed in the FROM: field is not infected with a virus. Someone with that person in their address book is infected. Your bounce message serves no useful purpose and is contributing actively to this problem. Please, look at the CPU and bandwidth usage of your servers. Every email server on the planet connected to the internet is under the same or greater load, and you, personally, are contributing to that load.

Please stop bouncing the virus emails. Route them to /dev/null/ and be done with it.


Messenger Plus Bundling Lop.com

March 8, 2008 – 2:29 PM

“Many of you may have heard of a program called Patchou’s “Messenger Plus”. I used it myself once, before I discovered Trillian. Similar to the many front end programs for Internet Explorer (Avant browser, MyIE2, etc), Messenger Plus adds a user interface to Microsoft’s MSN Messenger that contains extra features.

Patchou has brought in C2Media as a sponsor and is now bundling their lop.com software into Messenger Plus. For those of you who have never heard of it, lop.com software is classified as a trojan by antivirus vendors and as a browser hijacker by antispyware vendors. You can find plenty of information about it by doing a Google search for lop.com. Just be warned – some of the language used by lop victims will melt your monitor.

No single parasite has caused as many support threads at our message boards as lop.com (although Xupiter comes close). Ad-aware, Spybot, and all other spyware removal programs target several older variants of lop.com. It now comes in a version that is nearly impossible to detect automatically. It uses randomly named files, randomly generated CLSID identifiers, and uses activex installation methods that let them update all of their installers at once.

Before this change, the number of lop.com complaints actually had gone down because it was so easy to remove and could even be blocked beforehand. Since C2Media introduced these new versions that mutate randomly, the number of infections has become larger than ever. The only sure way to be rid of it is to ask for help at the SWI support forums.

Patchou, the developer of Messenger Plus, has issued a statement regarding the complaints he’s been receiving due to his new “sponsor”. To all of the people who are saying that they won’t use his program because of lop.com, he has this to say, “I don’t want to be rude but if you boycot version 2.10.36, you’re an idiot.”

Rude? Well gee, what could possibly be “rude” about being called an “idiot” for refusing to install software that sets off trojan alarms in antivirus programs?

Whether it makes you an idiot or not, I strongly recommend that everyone stay as far away from Patchou’s Messenger Plus as possible. If you have installed it already and now have lop.com’s software all over your system, uninstalling Messenger Plus supposedly will also remove lop. If that doesn’t work, then please read this FAQ and follow the instructions. We are very experienced at removing this thing and can easily walk you through it.”

…From the Spyware Weekly Newsletter

[email protected] Removal Tool

March 8, 2008 – 2:28 PM

Symantec Security Response has developed a removal tool to clean the [email protected] infections. The [email protected] Removal Tool does the following: Terminates the [email protected] viral processes. Deletes the [email protected] files. Deletes the dropped files. Deletes the registry values that the worm added.

http://www.symantec.com/avcenter/venc/data/[email protected]

W32.Blaster.Worm Removal Tool

March 8, 2008 – 2:27 PM

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download and run the Msblast.exe file.


W32.Blaster.Worm Removal Tool

Page 346 of 352« First...102030...344345346347348...Last »