computerrepair17
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» Shurmur won't commit to QB McCoy, says he plans to hire OC
WARNING! Facebook and Myspace Virus EmptyWed Jan 04, 2012 2:12 am by anylove

» We're A celeb 2011: Freddie Starr leaves behind all the rainforest like an individual's scared teen ex girlfriend waits to make sure you encourage the dog place
WARNING! Facebook and Myspace Virus EmptyTue Nov 15, 2011 7:36 pm by zhiaiwudi42

» Ohio's message for Obama in 2012
WARNING! Facebook and Myspace Virus EmptyWed Nov 09, 2011 7:40 pm by sumtwo

» Iran Continued Nuclear Weapons Work Seeking Warhead Design
WARNING! Facebook and Myspace Virus EmptyTue Nov 08, 2011 7:37 pm by yidiandiana

» White House Rejects Demand for Solyndra Documents
WARNING! Facebook and Myspace Virus EmptyFri Nov 04, 2011 7:14 pm by youxieshi

» Game 6: Berkman Homers, Cards and Rangers Tied
WARNING! Facebook and Myspace Virus EmptyThu Oct 27, 2011 7:24 pm by zhendeainia

» Obama calls Congress 'increasingly dysfunctional'
WARNING! Facebook and Myspace Virus EmptyMon Oct 24, 2011 8:22 pm by weishinia

» Retreat, Surrender, Can He At Least Plead?
WARNING! Facebook and Myspace Virus EmptyThu Oct 20, 2011 8:31 pm by qiheitiann

» Klinsmann looking at long-term changes for US
WARNING! Facebook and Myspace Virus EmptyWed Oct 12, 2011 4:03 am by anylove

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 
Statistics
We have 66 registered users
The newest registered user is computerrepair17

Our users have posted a total of 19 messages in 19 subjects

WARNING! Facebook and Myspace Virus

Go down

WARNING! Facebook and Myspace Virus Empty WARNING! Facebook and Myspace Virus

Post by Admin Thu Mar 11, 2010 9:32 am

users are being aimed by vicious hacks directly postings on the popular social-networking internet site. The Wall, is a core feature of Facebook profile pages, is used by members to leave each other messages. In addition to text can also contain photographs, video recording*, music and hyperlinks to internet sites. The malware attempts to enters the form of a Wall content supposedly placed from an acquaintance that impulses members to click upon a link to view a video recording on a internet site supposedly hosted by Googler. Nevertheless, the link redirects users to a Web page that Is not hosted by Google. Where they're assured they need a new version of Adobe's Flash player and are recommended to download a executable file to watch the video.

The data file is actually a trojan. Troj/Dloadr-BPL, that funnels other malicious code discovered as Troj/Agent-HJX into users' machines. When it's done that, it reveals an image of a court jester sticking his tongue out. Although on the surface this might appear to be a practical joke from a friend. Actually it means the PC has been compromised and malicious hacks have gained control all over it to use it for a diversity of purposes, such as as broadcasting spam or broadcasting malware. Malicious cyber-terrorists have comprised utilizing these spyware distribution technique for several years on e-mail messages, so many users know how to avoid these traps. Nevertheless, people may be less alert in more closed and controlled environments such as social-networking sites.

For a good example, in this case, the malicious Wall content is cloaked as coming by someone on the user's list of Facebook and Myspace friends, maximizing the odds that the link will be clicked on. Be very questionable of Wall postings demanding you to click on a link to go watch a video recording. The friend whose name appears with the video recording has had his PC or Facebook account compromised somehow that allows malicious cyberpunks execute activities without the friend's knowledge. It's possible that the affected friend previously fell for the "court jester" trap, and his PC and Facebook accounts is being used to pass around the worm.

The approach is the cutting-edge in a rising trend of malicious cyberpunks using social-networking sites to circulate spyware. These sites offer an appealing distribution channel because people feel safer and are more willing to follow links and perform actions if they think a friend is urging them to do so. In fact, it could be a malicious hacker posing as a friend, If people click on a third-party Web site link and a content pops up asking them to download software into their pc's. They should never go ahead with the software download. If they feel they should upgrade their Flash player, they should do so only from Adobe's Web site.

The word is also crucial for IT departments of companies where employees are permitted to use Facebook at work Given the wide fame by social networking for personal and business concern communications, IT managers should draft policies regarding the proper use of these sites by employees IT managers should also consider whether they need additional security measures if they decide to admit these internet sites to be accessed from the office. For example, many IT departments have installed products that scan e-mail traffic to stop adware and spam, but with many Web sites now being used to host malware, it's a good idea to in addition to install a security device that scans all office Web traffic and any software downloads that employees attempt to make.

The following files are added in %WinDir% folder:

%WinDir% \system32\splm\kbdsapi.dll
%WinDir% \system32\splm\lmfunit32.dll
%WinDir% \system32\splm\mcaserv32.dll
%WinDir% \system32\splm\ncsjapi32.exe
%WinDir%\system32\nScan\ecls.exe
%WinDir%\system32\nScan\ekrn.exe
%WinDir%\system32\nScan\ekrnAmon.dll
%WinDir%\system32\nScan\ekrnEmon.dll
%WinDir%\system32\nScan\ekrnEpfw.dll
%WinDir%\system32\nScan\ekrnScan.dll
%WinDir%\system32\nScan\em000_32.dat
%WinDir%\system32\nScan\em001_32.dat
%WinDir%\validate.inf
The following registry keys are added:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: "2"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: "14\8\2008"
Hosts file is modified to disable the compromised machine to access most of security web sites: such as:

ar.atwola.com
my-etrust.com
trendmicro.com
norton.com
nai.com
sophos.com
W32/Koobface.worm spreads via Facebook and MySpace. Current variants only target either Facebook or MySpace specifically.

The following files could be created depending on the variant (the filepath is hardcoded):

C:\WINDOWS\fbtre6.exe
C:\WINDOWS\mstre6.exe
C:\WINDOWS\f49f4d98.dat
C:\WINDOWS\t49f4d98.dat
C:\WINDOWS\fmark2.dat
C:\WINDOWS\tmark2.dat
The best source to keeping your pc safe and secure is to keep your antivirus engine and dat files up to date. I would also recommend a registry cleaner and optimizer to fix any repairs to your registry that it might have caused. A good registry cleaner/protector will also lock your registry files from being changed unless you give permission. I personnaly recommend Registry Easy.

Recover Your Registry
Registry Cleaner
Fix Your Registry.
Admin
Admin
Admin

Posts : 11
Join date : 2010-02-26
Location : AL, US

https://computerrepair17.rpg-board.net

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum