The Virus/Hoax info alert thread !!

[mari62]

If you watch yr videos with Quicktime pls update your copy of the software with the download available from the supplier.

 

Apple issues critical update fixing at least 7 flaws that could leave both Mac and Windows users at risk.

 

http://www.getsafeonline.org/nqcontent.cfm?a_id=1474&alert_id=3750

 

http://www.internetnews.com/security/article.php/3797896/Apple+Issues+Patches+for+QuickTime.htm

[mari62]

Microsoft Security Bulletin MS08-074 - Critical

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

Published: December 9, 2008 | Updated: January 28, 2009

Version: 2.0

 

General Information

 

Executive Summary

 

This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. For more information, see the subsection, Affected and Non-Affected Software, in this section.

 

This security update addresses these vulnerabilities by modifying the way that Microsoft Office Excel opens Excel files. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update immediately.

http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx

[mari62]

In the Obama campaign, malicious hackers created blogs on My.BarackObama.com with a fake YouTube image, enticing visitors to "Click here to see movie".

 

Clicking on the link leads to a Web site using YouTube's template for viewing online videos, filled with pornography

 

Clicking on the video to view results in the Web site prompts the browser to download a supposedly required video codec, which is really a malicious Trojan .exe.

 

But the malicious campaign doesn't end there. BarackObama.com is a highly visible, reputable, and popular Web site, with an Alexa ranking of 872 (at time of writing), with almost 9,000 other sites linking to it (according to Alexa). The malicious hackers have been spraying these BarackObama.com URLs all over the Web by injecting them onto blog comment forms, and various user-generated content management systems commonly used by Web 2.0 sites.

 

Visitors who double-click on this downloaded .exe will be infected with a Trojan. At the time of this writing, the malicious code has almost a 35% detection rate by the major anti-virus vendors (SHA-1: 7e1e623cdae2aba83aecaa2380133b3ccb4f1193). We acknowledge that this has been mentioned before, but now that President Obama has officially been sworn in, and with the new administration's efforts to "expand and deepen this online engagement", we can be sure that the frequency and intensity of malicious campaigns aimed at anyone seeking to engage with the President online will only increase. The malicious hackers will also seek new ways to abuse Web 2.0 functionality on any of the new administration's online properties.

 

Just prior to the inauguration, US-CERT reported increased spam and phishing sites aimed at luring anyone searching for information on the historical event. We are monitoring this threat, and the ThreatSeeker Network can confirm the US-CERT report. Here are two screenshots of more malicious activity centered around the Presidential Inauguration.

 

On the securtitylabs site you can read more and see the screeshots.

 

http://securitylabs.websense.com/content/Blogs/3284.aspx#

[mari62]

A Trojan horse, also known as a trojan, is a form of malware that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine. As such, a computer worm or virus may also be classed as a Trojan horse if they display these characteristics.

 

Example

A program named "waterfalls.scr" serves as a simple example of a Trojan horse. The author claims it is a free waterfall screen saver. When running, it instead unloads hidden programs, scripts, or any number of commands without the user's knowledge or consent. Malicious Trojan horse programs are used to circumvent protection systems, in effect creating a vulnerable system to allow unauthorized access to the user's computer.

 

http://en.wikipedia.org/wiki/Trojan_horse_(computing)

[mari62]

Online criminals are trying to attack your computer, either to steal from you or to attack other people. Either way, it will stop your computer working properly.

 

They use self-replicating viruses and spyware. It costs them nothing so they don’t care how many people are affected or what the damage is.

 

You need a multi-layered defence to keep them out:

 

• Security software: anti-virus, anti-spyware and a firewall or security suite that includes all three. This is like keeping your doors and windows locked at home.
  
• Keeping your computer up to date, blocking spam emails and using an up to date web browser will make it harder for them to get into your PC in the first place.
  
• Making a regular backup of your music, pictures and other files is also a good idea, but it’s a last resort like insurance.
  
• It’s also a good idea not to use your computer in administrator mode. It’s better to make a user account and log in with that for day-to-day use. In Microsoft Windows Vista, keep User Account Control switched on.
  
• Lastly, protect yourself against eavesdroppers and freeloaders by using encryption on your wireless network.
  

 

here you can find much more: http://www.getsafeonline.org/nqcontent.cfm?a_id=1490

Edited February 4, 2009 by mari62

[Soaring Simpson]

Anyone know why I'm suddenly (about 1 month) getting emails supposedly from myself? Obviously I don't open them, cos I know I didn't send them, but it's odd- is it a virus?

[mari62]

Anyone know why I'm suddenly (about 1 month) getting emails supposedly from myself? Obviously I don't open them, cos I know I didn't send them, but it's odd- is it a virus?

Hi SS

Had never heard it but I found something about it on the net:

 

6/7/2006.

PandaLabs warns of a wave of ‘ghost mail’

 

 

In the last few hours numerous users around the world have been receiving emails with their own address in the sender and recipient fields. The emails do not themselves contain malware

 

These messages could imply that the email address is part of a database used by cyber-crooks for malicious action such as spamming, phishing or spreading malware

 

 

In the last few hours, PandaLabs has detected numerous cases around the world of users receiving emails with their own address in the sender and recipient fields. The subject and text -in HTML- of these messages are made up of apparently random numbers.

 

These emails are not actually sent from the user's address, but use an address spoofing technique to disguise the origin of the message.

 

At least users can rest assured that these messages do not contain malware. However, what is worrying is that the receipt of one of these messages possibly implies that the email address is part of a database used for malicious purposes by cyber-crooks. Such action could range from the sending of spam to phishing attacks or distribution of known or unknown malware.

 

According to Luis Corrons, director of PandaLabs, “The most likely scenario is that a group of hackers are checking the validity of email address databases. By sending these messages they can determine if the addresses are active or not and remove those that are no use. On the other hand, what most surprises users is that the message comes from their own address. This is not a mystery in itself as those responsible are trying to evade mail filter systems that users may have installed, as nobody filters out their own email address.”

 

Those who receive these messages, given that it is impossible to determine what type of attack could occur, are advised to have security solutions integrating a range of technologies (anti-spam, anti-phishing, antivirus, anti-spyware, etc.) in order to combat all types of malware. Similarly, given that with the current malware dynamic (with the motivation of financial returns) attackers try to surreptitiously drop their creations on computers instead of causing massive epidemics, it is important that a security solution includes proactive technologies that can detect malware without the need to have identified it previously.

 

“We don't know when the attack will take place or what type of attack will be. What is certain is that someone has gone to too much trouble to just leave it at that, and so in this case it is best to take preventive action. Of course, those who have received a message like this should be on their guard as it is a symptom that their email address is in the wrong hands,” explains Luis Corrons.

 

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.pandasoftware.com/home/default.asp. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

 

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

 

 

source: http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?noticia=7441&ver=2006,2&pagina=3&numprod=&entorno

 

And this is what the emails you get apparently from yourself should look like:http://forum.zeusnews.com/viewtopic.php?t=16155&sid=bb8d8559da0caa27d8cb72c2e431a169

[guylainem123]

I find a good way to check if things (messages about viruses and saving people from cancer etc) are true is to look at www.snopes.com

 

that is such a great site bs, i've been checking it out for about 3 years now.

 

great to read at lunch time too!

 

i don't know why her link doesn't work, but the site is definitely

 

http://www.snopes.com

[mari62]

that is such a great site bs, i've been checking it out for about 3 years now.

 

great to read at lunch time too!

 

i don't know why her link doesn't work, but the site is definitely

 

http://www.snopes.com

Think its the way she wrote it, you see it when you quote Edited February 12, 2009 by mari62
corrected grammar mistake

[mari62]

Personal data privacy 'at risk'

Risk from "friends"

 

Personal profiles that may include a date of birth, contact details or links to family and friends can often be seen by thousands of people in a Facebook network if users stick with the default privacy setting.

 

 

Easy access

 

To test how easy it would be to find personal data about somebody on publicly accessible websites, Which? asked a researcher to investigate editor Neil Fowler.

 

Using only Mr Fowler's name and occupation, the researcher was able to find out details including the names of close family members and the floorplans to his home, including access points.

 

"It was a real shock to see how much personal information about me could be found online, which could potentially be used by crooks to commit fraud," said Mr Fowler.

 

"We all need to take steps to protect our data - both online and offline - by being more aware of how our personal data could be used and taking care who we share it with."

 

To read more: http://news.bbc.co.uk/2/hi/business/7256440.stm

 

-------------

Networking site cashes in on friends

Facebook founder finally finds a way to profit from its 150m members' private data

 

Facebook is planning to exploit the vast amount of personal information it holds on its 150m members by creating one of the world's largest market research databases.

 

Marketing experts have said the vast amount of personal information Facebook holds, together with the loyalty of its users, could be worth "untold millions" to companies engaged in market research.

 

More: http://www.telegraph.co.uk/finance/newsbysector/mediatechnologyandtelecoms/4413483/Networking-site-cashes-in-on-friends.html

[mari62]

Boycott Facebook! Here's Why

 

 

 

 

We're so glad we've never uploaded any of our stuff onto Facebook!

 

You Facebook users are SCREWED.

 

Did you know that everything you've loaded up into your profile (personal pictures, etc.) belongs to Facebook, even after you've closed your account?

 

That's what it says in the Terms of Service you agreed to when you opened your account, apparently.

 

The Consumerist recently uncovered this disturbing info and it's causing quite a stir.

 

So, what does this mean?

 

Basically, Facebook can do whatever the hell they want with YOUR STUFF.

 

And, they can do so WITHOUT your permission.

 

For example, they can license your personal pictures out to companies, make a shizzle of money and don't have to give you a dime.

 

Sounds really, really ****ty and sooo shady!!!!!

 

http://perezhilton.com/2009-02-16-boycott-facebook-heres-why

 

http://mashable.com/2009/02/16/facebook-tos-privacy/

 

http://consumerist.com/5150175/facebooks-new-terms-of-service-we-can-do-anything-we-want-with-your-content-forever

 

Make sure you never upload anything you don't feel comfortable giving away forever, because it's Facebook's now.

Edited February 16, 2009 by mari62
add link

[mari62]

Victory! Facebook Returns To Original Terms Of Use (For The Time Being)

 

 

The folks over at Facebook are working quickly with their legal team to fix their mistakes!

 

The following message is the greeting when you now login to Facebook:

 

Terms of Use Update

 

Over the past few days, we have received a lot of good feedback about the new terms we posted two weeks ago. Because of this response, we have decided to return to our previous Terms of Use while we resolve the issues that people have raised.

Glad to know they're eager to please their members! Or el$e!!!!

 

Let's hope the social networking giants get it right this time!!

 

Posted: February 18, 2009 at 10:30 am

 

 

 

http://perezhilton.com/2009-02-18-victory-facebook-returns-to-original-terms-of-use-for-the-time-being

[Soaring Simpson]

This is kind of a bump- if there are any virus alerts- this was a good thread-but also a question-

 

Can anyone recommend an anitvirus software- secure, but cheap?

[mari62]

This is kind of a bump- if there are any virus alerts- this was a good thread-but also a question-

 

Can anyone recommend an anitvirus software- secure, but cheap?

thank you for bumping SoSi I'm happy you like this 3d

 

On my hubby's PC (windows XP) I use the following free good programmes:

(I have a MAC and it is different, basically you need no antivirus)

- AVG as an antivirus http://free.avg.com/

 

- Zone Alarm as a firewall http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

(you don't need it if you've got Vista, but check Vista's firewall is activated)

 

- Firefox as a browser instead of Internet Explorer (securer) http://www.mozilla.com/en-US/firefox/all.html?lang-search=english&x=0&y=0

 

- Thunderbird instead of Outlook as a mail programme http://www.mozillamessaging.com/en-US/thunderbird/all.html

 

I got just one virus once in many years and easily got rid of it.

 

In the last few months there have been no major virus alerts, that's why I didn't post anything else