Today BitDefender, released a report that found the first half of 2010 saw a rise of worms exploiting various Web 2.0 platforms. The report examined data from January through June 2010 and found social networks and Web 2.0 services have become one of the most valuable channels of malware dissemination during the last six months, while phishers focused on impersonating PayPal and eBay, and pharmacy spam volume now makes up two-thirds of all spam.

Spam and Phishing Trends in First Half of 2010

Financial institutions were cyber-criminals’ preferred targets, constituting more than 70 percent of global phishing messages. Social networks also came under heavy fire, as user profiles are a rich source of personal information and compromised accounts may be effectively used in spear phishing attacks. For the first half of 2010, phishers focused on impersonating PayPal and eBay. The HSBC Bank ranks third, while Poste Italiene and EGG conclude the list of the most abused online identities.

World’s Top 10 Phishing Targets January – June 2010

The FIFA World Cup and the massive floods in Guatemala were two of the many events used for Black-Hat SEO optimization to improve the ranking of various malware-serving websites in the first half of 2010. The period also saw spam messages grow to 86 percent of the total email, driven by pharmacy spam, which reached new heights – jumping from 51 to 66 percent of all spam.

The spam breakdown by type for the first half of 2010 is:

• Medicine Spam – 66%
• Replica products – 7%
• Loans and insurance – 5%
• Bundled malware – 3.5%
• Casino and gambling – 3.5%

Malware Threats in Review

Exploiting Windows’ Autorun feature – Trojan.AutorunINF.Gen ranked first in the study, with more than 11 percent of the total number of infections, while MBR worms have made a comeback with upgraded viral mechanisms. Late January saw the emergence of Win32.Worm.Zimuse.A, a deadly combination of virus, rootkit and worm. Upon infection, the worm would start counting down the days. 40 days from the infection, it would overwrite the hard disk drive’s Master Boot Record, thus rendering the OS unable to boot. China and the Russian Federation led the world in malware hosting, with 31 and 22 percent respectively.

World’s Top 10 Malware January – June 2010

Vulnerabilities, Exploits and Breeches

Critical zero-day exploits on popular software such as the Internet Explorer browser from Microsoft or Adobe Reader, Adobe Flash Player and even Adobe Photoshop CS 4 have also played a key role in the malware landscape for the first half of 2010. Some of the Internet Explorer exploits have even been used to attack major companies such as Google, Adobe and Rackspace.

E-Threat Predictions

“With Facebook surpassing 400 million users, most of the malware authors will focus on the social networking platform to deliver their newest payloads. Some of these attacks will focus on social engineering tricks (such as launching various malware offensives from compromised computers), while others will try to exploit different vulnerabilities or features already implemented across the platform,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab.

For more information and to see the full report, please click here.

The e-mail marking the first step of this data harvesting scheme is very likely to go down in the history of cybercrime-generated fiction on human behavior – claiming that if you tell people something is illegal, they won’t do it. This is how the promised tool gets the thinnest of all legitimacy coatings: “This tool could be used by hackers to hack MSN password, it should not Windows Live password hacking is illegal! […]”.

Much like a wolf trying really hard to grow a thick coat of wool and develop a persuasive bleating technique, this tool is allegedly intended for “[…] the use of owners to hack their own MSN accounts […]” and for “forensic scientists”.

Far be it from me the idea of preaching complete distrust in our fellow humans and their natural generosity! However, the logic of this message is quite puzzling. The final reference to the tool being valid for situations in which you are “[…] able to login without having to enter your password” adds to its sci-fi aura.

Such in-depth analysis of the meaning of every e-mail that you receive may not be your favorite pass time, but any claim to rendering password recover easier is quite hilarious in an age when you can never be too cautious about personal data theft.

Literary analysis aside, the promised tool is supposed to be downloaded using the link embedded in the message. And here’s when HackMsn.exe drops its mask and reveals that it’s a backdoor at heart.

Identified by BitDefender as Backdoor.Bifrose.AADY, this piece of malicious code affects Windows platforms. The malware injects itself into the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system.

Moreover, Backdoor.Bifrose.AADY attempts to read the keys and serial numbers of the various pieces of software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage.

This is not the first campaign aiming to disseminate this piece of malware. You can find out the details of another scheme it’s been part of on the Malwarecity Blog.

This article is based on the findings of BitDefender security researcher Sabina Datcu.

The invitation to the “contagious fiesta” comes via the e-mail: an unsolicited message instructs iPad users to download on their PCs the latest version of the iTunes software as a preliminary step to an update of their iPad software.

To carry conviction, the e-mail emphasizes that users should keep their iPad software updated “for best performance, newer features and security”.

It goes on to clarify the multi-step procedure by pointing out that in order for the update to be performed the latest version of iTunes should first be downloaded from the Internet. A direct link to the download location is conveniently provided. As a proof of cybercrime finesse, the webpage the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads.

Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data as instead of the promised iTunes update they get malware on their systems.

Identified by BitDefender as Backdoor.Bifrose.AADY, the piece of malicious code inadvertently downloaded injects itself in to the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system.

Moreover, Backdoor.Bifrose.AADY attempts to read the keys and serial numbers of the various software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage. It is important to say that Mac users remain unaffected by this piece of malware.

The alert is about a PC malware distributed as an iTunes software update. (Last version of iTunes software is needed for iPad software updates)

The story is simple: Google Chrome users receive an unsolicited e-mail which announces that a new extension of their favorite browser has been developed to facilitate their access to documents from e-mails.

An apparently unsuspicious link is provided, and the recipients are advised to follow it in order to download the new extension. Once they click the link, they are redirected to a look-alike of the Google Chrome Extensions page, which, instead of the promised extension, provides them with a fake application that infects their systems with malware.

Although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected “.crx” extension, it features a flamboyant “.exe” tail.

Identified by BitDefender as Trojan.Agent.20577 the application modifies the Windows HOSTS file in an attempt to block access to Google and Yahoo webpages. Every time users want to access them and write “google.[xxx]” or “[xx].search.yahoo.com” in the web browser, they will be redirected to another IP: 89.149.xxx.xxx . This allows the malware creators to intercept the victims’ calls to reach the respective sites. In this way, the credulous users will be redirected to the cybercriminals’ own malware-laden versions of those sites.

This is how the story goes: you receive an e-mail in which you find out that you might get your hands on a new version of an iPhone unlocking application which basically allows you to overcome vendor set network restrictions. All you have to do is….yes, click a link that will take you to the web page on which the technical wonder awaits you.

As you get further on into the maze of this scheme and actually click the link, you land on a web page which provides instructions to be followed in order to download the unlocking application.

First off, you are to connect the iPhone to the PC, then download “the new modified” application and run it on the iPhone. And that’s when the magic begins: once downloaded and run, the executable opens up the way for a nice Trojan to fester on your PC.

Identified by BitDefender as Trojan.BAT.AACL, this piece of malware comes as a Windows batch file packed alongside the iPhone jailbreaking application. The Trojan attempts to change the preferred DNS server address for several possible Internet connections on the users’ computers to 188.210.[REMOVED]. This allows the malware creators to intercept the victims’ calls to reach Internet sites and to redirect them to their own malware-laden versions of those sites.

Anatomy of the attack

Initially, the user is lured into visiting a specially crafted web link advertised either via spam messages or as posted on bulletin boards, social networks etc. The respective webpage contains JavaScript code obfuscated using the escape function. In order to bypass detection from various antivirus products, the script calls a secondary JavaScript that replaces a variable with the unescape string.

The decrypted result is actually the malicious payload which will trigger a heap spray attack and will write the malicious code into the browser’s User Data area, making it persistent: every time the browser starts, the malicious code is executed without any subsequent intervention (drive-by download), which will result in the automatic download of a file called either notes.exe or svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb).
This approach is similar to the one that has been used in targeted attacks against 34 major corporations including Google™ and Adobe™.

Mitigating the risks

Microsoft announced that the exploit is already in the wild and that users will be provided with a fix as soon as possible. Since Internet Explorer 8 is not vulnerable to the attack, the next logical step would be to upgrade immediately.

See how Bitdefender modified the code to protect us from this vulnerability

In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to manifest extra caution when prompted to open files from unfamiliar locations.

http://www.google.com/safebrowsing/diagnostic?site=

For example, to test my site (beingpc), you would enter

http://www.google.com/safebrowsing/diagnostic?site=http://beingpc.com/

Google will then return four sets of security information about that page.

1. What is the current listing status for beingpc.com?
2. What happened when Google visited this site?
3. Has this site acted as an intermediary resulting in further distribution of malware?
4. Has this site hosted malware?

Google Safe Browsing website lets you check if a website is infected with malware.

Paste the following code in your browser address bar & hit enter.

http://www.google.com/safebrowsing/diagnostic?site=http://beingpc.com/

Here you should replace beingpc.com with the site you want checked.

FireFox Addon: Firefox users Safe Browsing plugin

While there are many respectable and reliable e-dating services, online daters should be extremely careful when choosing the best service to meet their needs. Before subscribing, users should always search for positive testimonials and Website reviews, as well as the advice of a trustworthy person who has already used the service. BitDefender also advises against subscribing to a dating service discovered via spam e-mails, which could result in identity theft or becoming the recipient of additional spam.

“Finding the perfect match on Valentine’s Day via an online dating service sounds like a dream come true, but it can quickly turn into a nightmare,” said Catalin Cosoi, BitDefender’s senior antispam researcher. “To avoid falling victim to cybercrimes, online daters should only use sites with explicit privacy policies, ensuring that their anonymity will be protected and no private information will be revealed without their consent.”

<Credit>

Starting out with an online dating service, users should always provide as little detail as possible and employ nicknames or aliases in lieu of real names. If possible, they should create and use an alternative email account, ensuring the security of their personal account and work information. Users should never reveal sensitive private data such as a home or work addresses, phone numbers or Social Security numbers.

“Even the most trivial information — like your mother’s maiden name or first pet’s name — can be exploited by cybercriminals. Many of these details may seem unimportant, but they can serve as password recovery hints for email addresses or online banking accounts. Moreover, online daters must be careful never to share financial data, such as bank accounts, credit card numbers or PINs” added Cosoi.

Additional e-threats this Valentine’s Day may also include:

• Graffiti and other types of spam distributed via social networks, which direct to malicious websites that spread Trojans, rogue antivirus, key loggers and other types of malware
• Email spam exploiting Valentine’s Day to advertise goods and services
• Email attachments attempting to deliver different breeds of malware under the innocent cover of a short, funny movie (which requires a special codec to be played), slide show or e-card

BitDefender offers the following additional tips to keep computers and personal information safe:

• Don’t open e-mail from unknown sources. Many viruses spread via email messages, so always ask for a confirmation from the sender if you are in doubt.
• Don’t open attachments in emails with suspicious subject lines right away. Instead, save them to your hard disk and scan them with an updated antivirus program.
• Delete any chain emails or unwanted messages. Don’t forward them or reply to their senders. These kinds of messages are considered spam because they’re unsolicited and can overload Web traffic.
• Update your system and applications as often as possible. Some operating systems and applications can be set to update automatically. Make full use of this feature. Failure to patch your system often may leave it vulnerable to threats.
• Don’t copy any file from a source you don’t know or trust. Check the source of files you download and make sure that an antimalware program has already verified the files at their source.
• Use an integrated security solution that includes antimalware, antispam and firewall, as well as advanced features, such as Web Filtering and Identity Protection.

“Let someone special steal your heart this holiday, not your identity”

So it seems difficult for you to uninstall your favorite antivirus program and install a new one, as two antivirus can not work simultaneously efficiently on a single machine, therefore you can opt for an another alternative that is to check your computer online for viruses. In this post i will tell you a lot of popular and free online virus scanner that you can use to get rid of viruses/spywares and malwares etc…Follow the list to scan your PC online.
1. Norton Security Check Scan Now!

2. One Care Scan Now!

3. Kaspersky Scan Now!

4. McAfee Antivirus Scan Now!

5. Bit Defender Scan Now!

6. Eset NOD32 Scan Now!

7. Avast Online Scanner Scan Now!

8. Panda Security Scan Now!

9. Trend Micro Scan Now!

10. Computer Associates Scan Now!

Alternatively you can upload your file to Virus Total and scan your file. Virus total use engine of a lot of Antivirus program and thus help you get better results.

So what are you waiting for if you have doubt in your mind than try any of these popular AV programs.

Best Of Luck!

Sign up for online training by actualtests and guarantee pass your JN0-522 and N10-004 as well as NS0-163 exams on first dive.

Do read our previous tutorial on How To: Delete Stored Network Passwords from Windows to Secure Network to improve your security.

Therefore I came up with a tutorial which will show you how to find out which processes are currently running on your system without using taskmanager, so that you can look for any running malicious program or a program of which you don’t have any information.

The command which we are using is TASKLIST.

Syntax: TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

This command line tool displays a list of application(s) and associated task(s)/process(es) currently running on either a local or remote system.

Here are some eg. which will show you how to use it effectively.Examples:

TASKLIST
TASKLIST /M
TASKLIST /V
TASKLIST /SVC
TASKLIST /M wbem*
TASKLIST /S system /FO LIST
TASKLIST /S system /U domain\username /FO CSV /NH
TASKLIST /S system /U username /P password /FO TABLE /NH
TASKLIST /FI “USERNAME ne NT AUTHORITY\SYSTEM” /FI “STATUS eq running”

So now you have got the list of all process running on your system now its time to kill the malicious program.

The command which we are using for this is TASKKILL.

Syntax: TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]

This command line tool can be used to end one or more processes. Processes can be killed by the process id or image name.

Well if you want some more detaliled description go to command propmt and type TaskKill/?
Here are some eg. which will show you how to use it effectively. Examples:

TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI “PID ge 1000″ /FI “WINDOWTITLE ne untitle*”
TASKKILL /F /FI “USERNAME eq NT AUTHORITY\SYSTEM” /IM notepad.exe
TASKKILL /S system /U domain\username /FI “USERNAME ne NT*” /IM *
TASKKILL /S system /U username /P password /FI “IMAGENAME eq note*”

To get more security update like this Subscribe to our feeds and get all such Virus defending at security tips in your inbox.

If you face any problem do leave a comment and I will try to help!