FaceBook is very popular and there are about 400 million FaceBook users around the world.  Experts believe millions of users will fall for this attack and get infected.  Yes, that’s right – millions of FaceBook users will be infected by this targeted attack.

Unfortunately, 400 million users makes for a big opportunity for delivering malicious software.  Hence, Inboxes all over the world are being flooded with SPAM that is trying to induce FaceBook users to click on an attachment.  This attachment installs Trojans and other malware that is very dangerous to the computer user.   And unless their security software catches it, they will have no idea it is on their computer.

Our advice:

• Never clink on any link or open any attachment in any email that warns of dire consequences – be it about FaceBook or your bank, or anything else.
• Keep your anti-virus software up-to-date.
• Periodical scan your computer with a tool specially made for finding and eliminating malware.  One of the best is MalwareBytes Anti-Malware freeware version, which can be downloaded from http://www.malwarebytes.org/

The storm worm remains very dangerous and is the most prolific SPAM in recent history.

It’s success is undoubtedly related to the clever social engineering that it uses to entice people to open the attached .zip file.

It warns the user that their computer is infected and their email will be cut off if they don’t install the attached “patch”.

Ironically, the “patch” actually installed the Storm Worm Trojan, and the user will indeed be infected.

For more info please refer to the Computer World article.

A massive storm that swept across Europe last week…

And then in it’s wake was a storm across the Internet – in the form a series of virus infected emails.

And reference our previous Post, clearly there is a serious lacking of “Street Smarts” among computer users because this virus spread like wildfire.  Check out the F-Secure video post on YouTube, and see for yourself.

All users are advised to update their anti-virus programs and use caution when opening email, and especially email that refers to current events in the news* and induces the recipient to open the attachment.  Some examples:

230 dead as storm batters Europe.
A killer at 11, he’s free at 21 and…
British Muslims Genocide
Naked teens attack home director.
U.S. Secretary of State Condoleezza…
  Russian missle shot down Chinese satellite
  Russian missle shot down USA aircraft
  Russian missle shot down USA satellite
  Chinese missile shot down USA aircraft
  Chinese missile shot down USA satellite
  Sadam Hussein alive!
  Sadam Hussein safe and sound!
  Radical Muslim drinking enemies’ blood.
  U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  U.S. Southwest braces for another winter blast. More then 1000 people are dead.
  Venezuelan leader: “Let’s the War beginning”.
  Fidel Castro dead.
  Hugo Chavez dead.

The virus package that this email can load on your computer is nasty.  But users of infected computers may not even be aware that they are infected
Please note that this series of virus infected emails has a variety of subject lines and may contain several different attachments.

For more information, check out the F-Secure Blog.  They have posted a video of the infection spreading across the globe, and also provide detailed information as to the contents of this virus infected series of email.

* The latest variants have branches out into any number of subject lines:

  So in Love
  Happy World Religion Day!
  Most Beautiful Girl
  Someone at Last
  I Believe
  The Dance of Love
  The Miracle of Love
  All For You
  Vacation Love
  I am Complete
  Wrapped Up
  Moonlit Waterfall
  A Little (sex) Card
  A Special Kiss
  Hugging My Pillow
  Safe and Sound
  You’re Soo kissable
  A Romantic Place
  Breakfast in Bed Coupon
  For You
  I Love You So
  Safe and Sound
  Want to Meet?
  We Are Different
  We Have Walked
  You Asked Me Why

Please note that this virus may also have a rootkit component that most anti-virus programs are not able to detect or remove.  F-Secure’s Blacklight rootkit detector can detect and remove this rootkit.  This tool should be run on any computer that has become infected.  Blacklight can be downloaded from F-Secure via the following link: 

http://www.f-secure.com/blacklight/

- Practice Safe Computing

DriveSentry, by Drive Sentry Inc., creates a white list of programs that are allowed to write to your hard drives. 

If any program that is not on the list attempts to add or modify a file on your hard drive, Drive Sentry will intercept that action and ask for your input on the matter.  If a virus or other malicious program is attempting to access your files, you have an opportunity to block it.  Quite handy.

DriveSentry can also be used to prevent rootkits and keyloggers from writing to the hard drive, and it works with peripheral storage devices like USB drives.

DriveSentry is available for download from the maker at the following link:  http://www.drivesentry.com/index.htm

We haven’t tried this program yet, but plan to give it a test in the near future.  It looks promising.

So, your “friend” send you an email with a link and says, “check this out!”

Is it safe to clink on that link?  Check it first.

Or, you find your self at a suspect web site, and your computer behaves strangely?  

Check that link for exploits.

Any web address (link, URL) can be checked for exploits by using the Link Scanner at Exploit Prevention Labs.

Thousands of users worldwide have already had their login names and passwords and online banking credentials stolen by this exploit. 

It arrives in the form of an email greeting card from a secret admirer.

Attempting to read the ”greeting card” redirects the user momentarily to a web site that attempts to install key logger software, hidden by a rootkit, then it displays the greeting card. 

I you have installed the MS06-014 patch, released in May, you are not vulnerable to this exploit.

This is an example of why keeping up to date with Microsoft Updates is critical to safe computing.

A dangerous new rootkit based Trojan has been discovered in the wild.  It has been named Rootkit.hearse.  IT reports computer user information to a web server in Russia, including passwords and login user names and passwords to secure sites such as online banking.  And being a rootkit based Trojan it is hidden from the user.  Well almost, anyway.  For more information, please refer to the following site, (a blog for Sana Security):

http://www.nthworld.org/archives/2006/03/on_march_20th_w_1.htm

Most antivirus programs can now stop this threat, but only if they have been updated in the last day or two.

Here is how to find out if you have been infected by SonyBMG’s XPC copy protection scheme:

First of all, this problematic spyware and security vulnerability is installed by certain Sony music CD’s. If Sony music CD’s have never been played in your computer, you are not infected. This malware infection is not contagious. It does not spread itself around.  But it can make your system vulnerable to other nefarious creeps. Read the rest of this Post »

To add insult to embarrassment, the rootkit type copy protection scheme that a number of Sony music CDs install in computers, can be and is being exploited by virus writers and others. Read the rest of this Post »

Quite a firestorm is brewing about the discovery that certain Sony music CD’s install hidden rootkit copy protection. The install this malware on the computers of anyone who inserts the CD with autorun enabled.

We have warned about rootkits in the past, and are not surprised at this development. But we are happy to see this matter is getting considerable media attention. We hope Sony also gets considerable legal attention in the form of lawsuits. Read the rest of this Post »