This is simply a page to bring you Internet Security News updates with personal observation to the movement of malware, norms, viruses and other threats through which the bad guys could even steal your identity!
I hope it is useful. If so, please tweet it to Twitter, or share it with the other services you see on the small buttons on the page. Thanks.
The news updates on the Internet Security is long, so continue it at the link provided below and see also the relevant internet security pages at the Web Security, site map 24 on the Ezine Act Network.
Malicious PDF files were being spammed out in volume. The files have "report" themed subjects and CVE-2007-5020 exploit that they use to download further components from the net.
Zhelatin.CQ email worm started spreading late on April 8th, 2007. Since that date the worm spreads in e-mails with war-related subjects and several different attachment names.
Worms Modify HTML Pages!
Internet Security News says an internet worm using the new zero-day ANI exploit has been found. It modifies HTML pages to contain a link to a malicious ANI file. It also tries to spread via USB sticks and Chinese-language emails.
Social Media Converts Traditional Spam to New Spam!
There are many good social media and bookmarks out there. But, the first ones to find nowadays in this field are not up to some fundamental security and privacy requirements.
What happens with those I meant is that, they just convert spam.
Look at this; you receive many emails weekly from people you do not know to join them in this or that social media. The only links that social media puts at the bottom of their emails are one to follow that person and one to join if you were not a member already.
This is spam.
What happens here is that, such social media encourages people to spam others using their tools and they use them to spam others. For example, although I used one of my emails to join a social media, I receive from it emails to other emails I have to join some people I never knew before.
It never stops at this. But that social media uses the emails some of their members provided through this process to send advertising and viruses and use those emails as leads for more sales or other businesses.
No one cares of privacy nowadays and no one speaks of such matter although it is very important. As I said, there are still good social media over there, but some of the others "I meant" are just like that.
You should beware of add-ons.
New Trojan Uses a Real Storm in Europe!
New Trojan has been spammed widely, using a real storm in Europe as a decoy message. The emails have a variable subject, including "230 dead as storm batters Europe". Attachment names include "Full Story.exe" or "Video.exe".
Malware Known as Tibs.jy Spreads on Greetings Cards!
Internet Security News says a Malware known as Tibs.jy or Luder.A is spamming out massive amounts of malicious New Year greetings cards. They come with variable texts and attachment names, but are always themed around New Year.
Intrusion Attempts from China!
My Radar has detected intrusion attempt from remote address 126.96.36.199. The intrusion came from China, Hubei region, Hong Shan district, Wuhan city, Luoyu Road. The intrusion has happened twice and blocked.
New Batch of Warezov Spammed!
Internet Security News says a large new batch of Warezov email worm variants has been spammed during the early hours of Monday. They download additional components from a malicious website called ertinmdesachlion.com.
Warezov.AT Updates Itself Differently!
This is a strange Internet Security News!
Security Alerts disclose a new variant of the Warezov email worm that has spammed out lately and say it includes different updates from within different packer. This new version, known as Warezov.AT, updates itself via web. Every update looks different as they are packed with a variable packer.
Root Kit Hidden Backdoor has Spammed!
Internet Security News says a new backdoor called rootkit-hidden backdoor has been spammed heavily over the last hours. The backdoor, detected as Haxdoor.KI. It has sent out in German and Swedish messages as Rechnung.zip and Rakningen.zip.
First Bot to Exploit MS has Developed!
First bot to exploit the MS06-040 vulnerability in Windows has been found. The vulnerability was patched only five days ago. The bot, known as Mocbot, creates a botnet of the infected computers.
New Breplibot Hits the Nerves!
Internet Security News says new Breplibot variant has been mass spammed to thousands of email addresses today. It was spoofed to look like it was coming from f-secure email address, including two email addresses to f-secure.com.
Nyxem.E is Widespread!
Nyxem.E is becoming more widespread. This is a destructive mass-mailing worm that also spreads using shares. In addition to this medium, it tries to disable security software. It may overwrite user files on certain dates.
Take Care of New Vulnerability in Many Versions of Windows!
Internet Security News says some new vulnerability was found from many versions of Windows starting from 27 December 2005. This vulnerability allows an attacker to execute code on the user's system via a specially crafted WMF image file.
Microsoft issued a patch for this vulnerability on 5 January 2006. Although F-Secure Anti-Virus detects known versions of exploit files, it recommends all users to update their systems via http://update.microsoft.com
F-Secure issued a Level 2 alert on the serious WMF vulnerability. However, so far no viruses or worms using it have been found. FSAV detects malicious WMF files as PFV-exploit or Exploit.Win32.IMG-WMF.
Sober.Y is the Year’s Largest Email Worm Outbreak!
F-Secure has raised the Sober.Y worm to a Level 1 Alert after an increased amount of submissions. As technologies involve risks sometimes, folk should be careful. This new Sober variant, spreads in German and English emails, and it is becoming the years largest email worm outbreak.
Sober.Y Variants Come with Attached ZIP Files Sometimes!
Internet Security News says in addition to the new Sober variant (Sober.Y) that has spammed widely in German or English emails, the Sober variant might look like a serious warning from FBI, CIA or the German Bundeskriminalamt. The emails spammed carried attachment as ZIP files.
Names of Attachments in Sober Variants!
Internet Security News says Sober variants have attachment recognized as registration.zip, reg_text.zip, pword_change.zip, screen_photo.zip, Privat-Foto.zip or excel_table.zip. Some messages claim that someone else has been receiving your emails in error.
Bagle.BI Variant Spammed!
Internet Security News says new Bagle.BI variant has been spammed out in significant numbers. The infected emails always contain as described by the news alerts, a 35kB file called "text.exe" inside an archive with names like newprice.zip, price_09.zip or price2.zip.
New Zotob Network Worm is Tricky!
Internet Security News says F-Secure has been receiving an increasing amount of infection reports worldwide of a new Zotob network worm variant using filename WINTBP.EXE and spreading via the week-old PnP MS05-039 vulnerability.
Zotob worm uses a five-day old MS05-39 Plug-an-Play vulnerability. The worm targets unpatched machines by scanning port 445 and downloading the virus file via ftp.
Take Care of Such IP Address!
I have witnessed a Malware attack on my PC. The attack came with the following tracking information:
Description: Inbound Malware probe
Services: Malware - MyDoom in
Remote address: 188.8.131.52
Remote port: 3884
DNS name: www.clondalkin-group.com
The IP Address is located in the US, Pennsylvania region, Philadelphia. ISP Clondalkin Group.
Bagle Variants Developed to Disable Antivirus Programs!
A series of at least seven new Bagle variants have been distributed lately. Bagle.cf and Bagle.ch are the most common of them. They mail ZIP/RAR attachments with names related to Taxation.
New downloader resembling the Bagle email worm is reported globally. This Trojan has been spammed widely as "doc_01.exe". When it runs, it disables antivirus programs and attempts to download more Malware.
Lebreat Inhabits Breatle Antivirus!
Internet Security News says at least three variants of a new mass mailer/network worm combo are on the loose. This virus, known as Lebreat, claims to be "Breatle Antivirus v1.0". It sends variable messages with EXE/SCR/BAT/CPL/PIF attachments.
Strong Internet Shields Detect any Intrusive IP!
Internet Security detected an intrusion attempt with the following details attacking my system:
Description: Intrusion attempt detected: Nmap TCP scan
Services: TCP High ports in
Remote address: 184.108.40.206
Remote port: http(80)
However, the Security shield has blocked that intrusion at time and recorded details about the intrusive IP.
MyDoom Installs a Spam Proxy!
Internet Security News says Mydoom spreads with increased number of infections. It collects email addresses using Google and other search engines and installs a spam proxy to infected computers.
Mydoom new variant sends variable emails with EXE / SCR / PIF / ZIP attachments. Some mails contain sexually explicit images and claim that the attachment contains passwords for adult websites.
Bagle.AY Spreads via P2P Networks!
Internet Security News says tracking systems has reported a new Bagle.AY that spreads from several different countries in Europe and Asia. It spreads in variable emails with different icons and via P2P networks. The worm contains a backdoor that listens on TCP port 81.
If You Saw a "NeverEverNoSanity", Fly!
Internet Security News says the Net worm "Sanity" is spreading. This worm infects only web servers. It infects online discussion forums running phpBB software and defaces them with a text mentioning "NeverEverNoSanity". Be careful.
Trojan-Downloader Gets in through Google Toolbar!
Trojan has Downloader that beings active operation lately through Google Toolbar's path. Google should be the first to take action by closing this door.
My Virus and Spy Protection has detected Trojan-Downloader.Win32.Agent.aaza virus in my computer.
File: located and deleted.
The hacker tries to use a standalone program to hide downloads and run other files from remote web and ftp sites. When a Trojan-Downloader runs, it installs itself, roots it to the system in a Rootkit, and waits until an Internet connection becomes available.
After that, it attempts to connect to a web or ftp site, download a specific file or files and run them.
In some anti-viruses the disinfect operations could fail to disinfect the computer because the Trojan-Downloader has the ability to rename itself.
Continue the Internet Security News at Online Security.