Alexandru Catalin Cosoi

This post is two weeks old, but I forgot to push the publish button:

• Two variants so far: Win32/Zimuse.A and Win32/Zimuse.B/zipsetup.exe
• They pose either as a fake IQ test, or as a self-extracting zip archive
• Upon execution, the malware will attempt to spread through removable media and overwrite the MBR of all available drives after 40 days for variant A, and 20 days for variant B.
• Variant A needs 10 days to start spreading via USB devices, variant B needs only 7 days since infiltration.
• In order to execute on each Windows boot-up, the worm sets the following registry entry:  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]“Dump”=”%programfiles%\Dump\Dump.exe
• It also creates two driver files, namely:  %system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys
• All windows 32 bit versions are vulnerable
• The IQ test may come from various places like emails, torrent sites, network shares or dc hubs. Also when downloading/opening files from unsecure
• Because there is a (long) time between the moment of infection and the time that this virus will activate, it’s difficult to appreciate how much this worm
• has spread.
• It takes into consideration only the system date. Moving the date in the future will activate the payload. Moving the date in the past will fool the malware
• Removal tool (and other data): http://www.zimuse.com

By Alexandru Trifan!

So I guess the holiday campaign starts now.

- Hey sir, what would you like from Santa?

- Are you interested in some cheap canadian pills?

What is it?

It is a network worm that takes advantage of vulnerabilities in Microsoft Windows to spread. Initially it used to be the vulnerability described in MS08-067 regarding the RPC Server Service issues, but then it was also able to spread through windows shares and removable storage devices.

How can you get infected?

• if you do not perform your windows updates (yes, I know… sometimes you have to restart your computer, but still!) and if you do not have a security solution installed.
• if the administrator account on the attacked system has a week password (1234567890, admin and even qwerty are NOT good passwords)
• if the computer has the Autoplay feature enabled (who here knows how to disable this?) and an infected mapped/removable disk is attached (everyone has at least one USB stick)

What does it do?

Not much. But could transform your computer into a drone from a larger botnet. It’s like a huge corporation, and your computer just received a nice job in the company. A massively underpaid one!

What can you do with a botnet?

1. Corruption of Defensive System - The most dangerous aspect related to Conficker infection is that it completely neutralizes defensive systems. In other words, any infected machine holds a huge security breach that can be exploited anytime from now on. It is like having a house with a door wide open all the time, even when you sleep or go to work or in vacation.
2. Distributed Denial of Service – we all know what DDOS is
3. Pay-per-Click Systems Abuses and Frauds – oldie but goldie
4. Key Logging, Traffic Monitoring and Mass Identity Theft
5. Spamming – most probably

Whitepaper – http://www.bitdefender.com/files/Main/file/Conficker_-_One_Year_After_-_Whitepaper.pdf

You are going to like the whitepaper. Did you know a couple of weeks ago we had conficker’s aniversary?

Podcast - http://news.bitdefender.com/site/viewPage/multimedia.html

Tips

1. Check with your operating system provider on a regular basis – download and install the latest security updates, malware removal tools, as well as other patches or fixes.
2. Install and activate a reliable password protected antimalware, firewall,
3. spam filter and parental control solution, like those provided by BitDefender.
4. Update your antimalware, firewall and spam filter as frequent as possible,
5. with the latest virus definitions and suspicious applications/files signatures.
6. Scan your system frequently.
7. Stay informed about e-threats and security.

American Express Phishing eMail

This looks rather nice and organized. Looks almost the same as the “template” for the Facebook phishing. Is Spam becoming more… elegant?

I’m planning to clear all spam comments from my blog.
Why? Because I want to start blogging again (yes, I watched Julie and Julia).

Now… it may sound weird, but if any other blog spammer wants to add this blog in their list of targeted blogs, please do. We will soon release a surprise for them!!!!

Will let you know when I’ll be spam free. Give me a couple of hours!

One night, I was thinking of loosing some weight. Turns out, in the past three years, I’ve been “saving” almost 15 pounds, so I decided it’s time to do something about this.

Since I am such a prolific Twitterer, I published my decision there:

Now check what I received in a couple of minutes:

Now… this is way to cool man! Targeted commercials on twitter! This is even better than the commercials twitter will use :p.

The next day, this tweet was gone (maybe I have something to do with this since I replied to his tweet (phishing?)). The next day I did the same experiment: “test no. 2: I want to lose weight”.

Guess what: