Saturday, March 18, 2006

AIM Virus Removal

AIM Profile Virus - Manual Removal Instructions:

  1. Press the CTRL, ALT, and DEL keys at the same time to bring up the task manager.
  2. Click on the processes tab (windows 2000/XP), and find 'b.exe', 'bbb.exe' or 'av.exe' and kill the process.
  3. Go to C:Windows and delete 'b.exe' and 'bbb.exe' or 'av.exe' (or do a search for the virus: click Start > Search > look up each virus individually) Delete these files when you find them.
  4. Click Start, then click on Run, type in "Msconfig" in the box and press ENTER.. When the box comes up, click on the "startup" tab and look for "b.exe", "bbb.exe" or "av.exe" listed (possibly listed under"antivirus") then uncheck the box to the left. (Windows 98/XP only)
  5. Clear your profile (or make a new one) and restart.
  6. When the msconfig box comes up after restart just check the box telling it not to come up again.

AIM Virus Removal - Automated
How to automatically remove an AOL Profile Virus:

  1. Run the RSA AOL Profile Fix Tool.
  2. Open & run the fix tool.
  3. Choose to open the file, NOT save.
  4. If you are running Windows 95/98/ME, you need to be in Safe Mode.
    Save the above file to a disk and run it from safe mode.
  5. Edit Your AIM Profile - Change your profile back to what you want. Make sure you delete the link from your AIM profile or your friends will get infected!

More details at the article link.

Friday, March 17, 2006

Homeland Security A Computer Security Failure

U.S. cyber-security dismal: House report
Many federal agencies received low marks from a congressional committee Thursday on their cyber-security.

The 24 agencies were assessed on their levels of compliance with a federal computer system security act. Alan Paller, director of research for the Bethesda, Md.-based SANS Institute told that agencies spend all their computer security funding producing reports mandated under the law and don't have the money necessary to secure their computer systems.

The 24 agencies graded by the U.S. House Government Reform Committee for their compliance with the 2002 Federal Information Security Management Act fell largely in either the lowest or highest categories, with the government earning an overall grade of D+, the same mark as last year.

Eight agencies received Fs: the departments of Agriculture, Defense, Energy, Health and Human Services, Homeland Security, Interior, State and Veterans Affairs.

Another five agencies received Ds: the Nuclear Regulatory Commission and the departments of Commerce, Housing and Urban Development, Justice and Treasury, said.

Five agencies were awarded A+ grades: the Agency for International Development, Environmental Protection Agency, Labor Department, Office of Personnel Management and Social Security Administration.

But Bruce Brody, vice president of information security at INPUT, a Reston, Va.-based government market analysis firm, told the cyber-security grades were "much ado about nothing."

Well versed in government blame-shifting techniques, Brody recently left the chief information security office position at the Energy Department.

"You can get a good FISMA grade with a lot of paperwork, but that doesn't mean you are secure," Brody said.

"FISMA has done a really good job in focusing attention and getting people at the more senior levels aware of information security, but it needs to evolve to where it is more than a paperwork exercise."

Guess while he was Chief Information Security Officer at Energy that he never heard of documenting the network, intrusion detection, and a number of other vest practices.

That's OK though, because now he's consulting with other agencies on how to do things at the failing grade level (Energy received an "F").

Thursday, March 16, 2006

Microsoft Patches Windows XP (Again)

Microsoft has published two updates for its products. The first of these, according to "Microsoft Security BulletinMS06-011", corrects an error through which an attacker could take control of the affected system.

The attacker could install programs with serious consequences, or carry out any type of task without the owner of the system realizing. The systems affected are Microsoft Windows XP Service Pack 1 andMicrosoft Windows Server 2003 (including the version for Itaniumsystems).

The updates to correct the error, along with further information, can be found at:

The second update, in bulletin MS06-012, corrects an error similar to the previous one, as it can also allow an attacker to take control of the system, in this case if the user starts a session as the administrator.

According to this second bulletin, the affected systems are Office 2000SP 3, Office XP SP 3, Office 2003 SP 1 or 2 and Microsoft Works Suites, from version 2000 to 2006. In addition, Office for Mac (Versiones X and2004) is affected.

Microsoft offers more information at:

We are stressing the seriousness of these problems, and reminding users that they should install the update as soon as possible. It is particularly important in this case, as by allowing the installation of programs, these vulnerabilities are the perfect scenario for the entry of new malware used in cyber-crime.

Tuesday, March 14, 2006

50% of AOL Users Don't Protect Their PC

A survey of AOL users in the UK shows that less than 50 percent of users deployed some kind of Internet security protection,whereas the rest do not mind leaving their computers exposed to attack and all types of malware.

In spite of this apparent lack of concern by a large number of users, the survey also revealed that 86 percent of users are informed and concerned about IT security.

However, not all of them were keen totranslate that to protecting solutions.

One in seven of those surveyed had never heard of phishing. This comes as a surprise, as AOL users are among the main target of phishing gangs.

The conclusions of the survey call for increased awareness of antivirus protection, content security and anti-phishing mechanisms, due to the new dynamic of malware focused on financial theft and cyber-crime.

Sunday, March 12, 2006

Wekly Virus & Trojan Report

This week's report from Panda Software on themalicious code that has attracted most attention during the week focuseson three radically different examples of malware. One is a Trojan andthe other two are worms, although with markedly different characteristics.

The first of these is the Saros.C worm, which, like others of its kind,causes security programs installed on systems to stop. This technique, by preventing antiviruses, firewalls and other security programs from operating, allows the malicious code to carry out its actions. It also prevents users from connecting to web pages (including those of antivirus companies).

In order to spread, Saros.C uses the now classic system of sending itself out by email; as well as using P2P file-sharing programs and the mIRC chat program. It can also spread across computer networks, which represents an additional risk for companies without protection in workstations and for the ever-increasing number of home networks.

The second malicious code in today's report, another worm, is called ComWar.M. This code is designed to spread via cell phones, although only those using the Symbian 60 series operating system.

To spread from phone to phone, ComWar.M uses MMS messages. Unlike the SMS system (which only uses text), MMS can be used to transmit multimedia files, such as images, text messages, videos, etc.

In this case, this feature is exploited to attach and resend the infected file. Another system used by ComWar.M is transmission via Bluetooth, taking advantage of the direct connection between two phones. Propagation of ComWar.M is very limited, as in order to receive the infected messages, users have to voluntarily accept them.

This security measure is implemented in Symbian 60 series to prevent the spread of possible malicious code and therefore the classic precaution for PCs of not opening files from unknown or unreliable sources is particularly relevant for cell phones.

Finally, today's report looks at the Banking.G Trojan, which opens and listens on a random communication port. It also logs user keystrokes.

The potential consequences of these actions are extremely serious, as Banking.G could enable the details that the victim uses to access online banking services to fall into the hands of hackers. All passwords (and other information, such as email addresses, IP addresses, etc) collected are sent to different servers for the hackers to collect.

This malware is yet another example of the danger inherent in the new types of malware, which are directly related to the world of cyber-crime. Hackers are no longer content with intruding on computers or deleting information, but are now engrossed in illicit use of IT resources.