Microsoft Security Advisory: F1 Key and Internet Explorer

Filed under Security by amida168 on March 3, 2010 at 10:56 am no comments

Microsoft has issued an advisory about a vulnerability in VBScript through the use of Internet Explorer on Windows 2000, XP and 2003 server. A malicious web site might trick you to press F1 key when you use Internet Explorer to visit the site. If you do, your computer will be infected by a virus or spyware. There is no patch for this vulnerability yet. The obvious workaround for this vulnerability, as suggested by the advisory, is: Do not press the F1 key when prompted by a Web site.


[via Microsoft]

Bank of America sendyouropinions.com Scam

Filed under Security by amida168 on October 8, 2009 at 12:09 pm no comments

I just got this email today. The title of the email is Your recent Bank of America contact. I usually dismiss this kind of messages as phishing attempts. I was not so sure this time, because the sender address is verified by DomainKeys. It seemed like the message was really sent by Bank of America.  Further investigation shows that there are some reports about this particular type of phishing attempt. So, this is just another phishing email after all. You can safely disregard this message. Lesson learned: you cannot trust an email even though the sender address is verified by DomainKeys.

Here is the sample of the email.

Bank of America would like to thank you for the phone call that you, or someone in your household, made on October 6, 2009. The voice of the customer is very important to Bank of America as it continually monitors and improves its customer service.

You can provide your feedback on Bank of America’s customer service performance by completing a brief 5 minute survey. To participate in the survey, click on the Web address below.

http://survey1.sendyouropinions.com/survey.aspx?I.Project=dw24215&id=dw22&password=ghh33

If that does not launch the survey, please cut and paste the link into your browser bar or type in the following web address:

http://survey1.sendyouropinions.com/survey.aspx

When you reach the login screen, please enter the following information:

Your project ID is: dw24215

Your login ID is: dw22

Your password is: ghh33

For your convenience, the survey is available 24 hours a day, seven days a week through 10/14/2009, and can be accessed from any computer with Internet access. If you have difficulty accessing the survey, please refer to the Technical Assistance link below.

http://www.sendyouropinions.com/tech_faq.htm

Sincerely,

Bank of America

Questions / Comments:
If you would like to pass along questions or comments pertaining to Bank of America’s products or services or have any non-survey related issues, (i.e. billing, customer service, etc.), please contact Bank of America’s customer service department directly at 1.800.432.1000 or bankofamerica.com, and they will be happy to assist you.

OPT OUT:
Convergys Customer Intelligence Services is sending you this message on behalf of Bank of America. If you wish to be excluded from future online research with Convergys, please click on http://www.convergysresearch.com/takeout, enter your e-mail address, and press submit to be removed from our database.

Free Conficker Scanner

Filed under Windows by amida168 on March 31, 2009 at 11:45 am 2 comments

Most of the IT admins are getting ready for the Conficker worms which are supposed to wake up on 4/1/2009. According to a new research done by Tillmann Werner and Felix Leder, it’s easy to detect systems infected by the worm. The feature has been incorporated into nmap 4.85 BETA5. Here is the thread for the announcement.

http://seclists.org/nmap-dev/2009/q1/0870.html

The free tool can be downloaded from the download page.

http://nmap.org/download.html

It’s available for multiple platforms. Once you have it installed, use this example to scan your network.

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

Substitute [targetnetworks] with your network. Check this manual page if you need more information about using it. Here is a sample output for a non-infected computer.

Host 192.168.1.247 appears to be up ... good.
Interesting ports on 192.168.1.247:
PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

Host script results:
|  smb-check-vulns:
|  MS08-067: NOT RUN
|  Conficker: Likely CLEAN
|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

McAfee 8.5 Framework Service Problem

Filed under Windows by amida168 on February 24, 2009 at 11:36 pm no comments

If you have a problem with McAfee 8.5 where the framework service doesn’t run, here are things that you can try.

  1. Uninstall McAfee
  2. Delete the following folders. Note that the third one is for Windows XP, you can look for the equivalent folder under C:\Users on Vista.
    C:\Program Files\McAfee
    C:\Program Files\Common Files\McAfee
    C:\Documents and Settings\All Users\Application Data\McAfee
  3. Reboot the computer.
  4. Install McAfee again.

Let us know if this works for you.

What Can You Do When You Cannot Scan Virus in Safe Mode

Filed under Windows by amida168 on February 23, 2009 at 3:49 pm no comments

I helped a friend with her infected laptop this past weekend. Usually I only need to boot the computer in safe mode and scan virus while in safe mode. However, this one is nasty and it got loaded even in safe mode. Without digging into how the virus got loaded in safe mode, I was able to boot to a Vista PE USB flash drive and scaned virus under Vista PE environment.

Even though Vista PE is a very powerful tool for system admins, it’s not easy to create. I found that there is a Rescue CD from one of my favorite security companies Avira. This tool is easier to create and use, what’s even better is that it’s free.  Here are the steps to use it.

  1. Download the software from Avira’s site to a Windows PC with a CD burner. Note that the file is actively updated, so be sure to download the latestest one from the site when you need to use it.
  2. Insert a blank CD-R to the CD burner and double click on rescurecd.exe to burn the RescueCD. If for some reason, your CD burner is not recognized, you can click on Exit.
    rescuecd_01
    The program prompts you to save the ISO file.
    rescuecd_02
     Click on Yes to save the ISO file. You can then use your favorite disc burning software to burn the ISO to a CD. On Windows 7, right click on the ISO file and select Burn disc image to burn it.
    rescuecd_031
  3. Now you need to boot the infected computer using the RescueCD. On most recent computers, you need to press F12 during system boot up process and select the CD/DVD drive as the boot up device. If F12 doesn’t work, try to enter the BIOS setup screen to set the CD/DVD drive as the boot up device. Consult your machine’s user guide if you still cannot boot your computer using the RescueCD.
  4. When the system boots up in Avira AntiVir RescueCD. Click on the British flag to set the interface to English if needed. Now you can click on Start scanner to start the scanning process.
    rescuecd03
  5. When you are done, click on Miscellaneous and then Shutdown to shutdown the machine.

When you got the virus removed, do yourself a favor, install Avira AntiVir or any other good program as the resident AntiVirus software. Also instruct the user to use the computer as a normal user and leave the admin account for software installation and maintenance only.

bcdedit blog Boot Manager Computer Hardware divx Fedora firefox Free Gadgets GIMP GPS How To iPad iPhone iPhone Hacks Java Kindle Linux MacBook Mac Mini Mac OS mio navigon Navigon 2100 Netbook nextar 43lt Playstation 3 Promotion Sale Security Snow Leopard Software Thunderbird VirtualBox Virtual Machines Vista VLC Media Player web 2.0 Widnows 7 Widnows 7 Beta Windows Windows 7 Windows 7 Beta Windows 7 RC WordPress
Get Adobe Flash playerPlugin by wpburn.com wordpress themes