Category: Antivirus

HP Flash Drives Ship With Malware

Hp flash drives were found to contain malware. These devices were sent as promotional items with new Proliant Servers.

usb Both 256MB and 1GB USB drives were infected with worms (W32.Fakerecy and W32.SillyFDC), and the worm can copy itself to all other mapped drives on your network.

This is particularly bad because IT technicians generally install these servers and generally have access to quite a few network drives.

HP’s software security response team admitted to the fault and has issued the following list of servers that shipped with the infected USB drive:

ProLiant BL20pG4; ProLiant BL25pG2
ProLiant BL45pG2
ProLiant BL260c
ProLiant BL460c; ProLiant BL465c; ProLiant BL465cG5; ProLiant BL480c
ProLiant BL680cG5; ProLiant BL685c; ProLiant BL685cG5
ProLiant DL120G5; ProLiant DL140G3; ProLiant DL145G3; ProLiant DL160G5;
ProLiant DL165G5; ProLiant DL180; ProLiant DL180G5; ProLiant DL185G5
ProLiant DL320G5; ProLiant DL320G5p; ProLiant DL320s; ProLiant DL360G5;
ProLiant DL365; ProLiant DL365G5; ProLiant DL380G5; ProLiant DL385G2;
ProLiant DL385G5
ProLiant DL580G4; ProLiant DL580G5; ProLiant DL585G2; ProLiant DL585G5
ProLiant ML110G4; ProLiant ML110G5; ProLiant ML115; ProLiant ML115G5;
ProLiant ML150G3; ProLiant Ml150G5
ProLiant ML310G4; ProLiant ML310G5; ProLiant ML350G5; ProLiant ML370G5
ProLiant ML570G4
IP Console Switch with virtual media
Server Console switch
Server Console Switch with virtual media
TFT7600 (USB Pass-through)
1U Rackmount Keyboard with USB

This kind of threat isn’t limited to HP customers. Any device you plug into a USB port can potentially carry malware. Therefore you should always have a good antivirus program running on your computers.

A while back we reported on similar incidents: Digital Picture Frames with malware, MP3 players sold with malware

Fake Anti Spyware

Brave Sentry is a fake anti spyware product that’s been going around a lot lately. It’s also known by these names:

  • Brave Sentry
  • Spy Sheriff
  • Spyware Quake
  • SpyFalcon

Once it gets onto your computer it tells you it found a large number of threats. For example, it could say “BraveSentry Scan found 138 threats“. This is false, following its instructions takes you to a site asking for money to remove the spyware.

Here’s a procedure on how to remove Brave Sentry, if you happen to become infected.

And to avoid infection follow these tips:

  • Install a good (and well known) anti virus/anti spyware product.
  • Avoid using Internet Explorer. Use one of the current alternative browsers such as:
  • Always use the latest web browser versions, download updates frequently.
  • Never ever download or run programs just because an email or a web site asked you to. This includes things like codecs to watch videos (unless you’re quite technical and know what you’re doing).
  • Avoid warez and porn sites (they’re often infected with malware)

    • Another Symbian Virus

    Nokia N95There’s a new virus affecting mobile phones (cell phones) that use Symbian series 60. It’s been detected in China and is called Kiazha-A Trojan.

    It gets transmitted through Bluetooth or MMS messages so you can’t completely avoid receiving it but you can delete it if it arrives on your phone.

    It first deletes all text messages in the phone then displays a message asking for RMB 50 yuan (US$7) to get them back.

    We have a list here showing some of the more popular phones that are vulnerable. If your phone uses Symbian S60 then be aware of virus messages like this one and delete them if you receive it.

    It’s also a good idea to backup your phone’s contents to a memory card every couple of months.

    Windows powered phones are also susceptible to viruses, as we’ve mentioned here.

    PayPal Phishing

    There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:

    Subject: PayPal Account Review Department

    Dear PayPal customer,

    We recently reviewed your account, and we suspect an unauthorized transaction on your account

    Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

    Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.

    • Login to your Paypal with your Paypal username and password.
    • Confirm your identity as a card member of Paypal

    Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

    hookAll typos and grammatical errors are from the original email.

    If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.

    So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.

    There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.

    Haute Secure

    Haute Secure is a security service developed by 3 former Microsoft security specialists. It’s designed to filter the web pages you browse and it blocks any websites known to contain malware.

    It’s free for people to download and install on their computers. If you run a website they charge money so they can scan your website and alert you if it gets hacked and infected with malware.

    Most of the good antivirus packages have had this feature for a long time, and it’s a good idea to invest in one of these.

    If you really believe it’s not worth spending money to keep your computer secure and you insist on using free antivirus programs, then this will make a good addition since free antivirus programs don’t usually filter web sites.

    MonaRonaDona

    red keyboard There’s a malware program called MonaRonaDona, if you end up installing it (by being tricked into downloading something you don’t really need) it causes a bit of havoc with your computer.

    It then suggests you try an antivirus program called Unigray. This is one of those fake antivirus programs that have been appearing lately. All it does is mess up your computer, and you’re asked to pay $39.90 for it.

    So stay away from MonaRonaDona and Unigray. Use one of the popular antivirus packages (such as those you can buy in a computer shop).

    Free Online Health Check from F-Secure

    F-Secure is a security software company that has been making good products for a long time. They have published a new tool that scans your computer for vulnerabilities and provides a report on what programs you need to update.

    The application runs inside Internet Explorer and requires Window XP or Vista. Try it out here, http://support.f-secure.com/enu/home/onlineservices/fshc.shtml

    Note that this doesn’t replace anti-virus software. It only checks which programs on your computer are vulnerable to attacks and need to be updated.

    New Vulnerability in Adobe Reader

    It’s not news that PDF files can contain viruses. As useful as PDF files are the flaw is with the reader program, called Adobe Reader (previously called Adobe Acrobat Reader).

    It’s possible to embed code in PDF files and it’s been shown that this code can download malicious programs from the internet and install them on the computer. At the moment the latest malicious code comes from Netherlands, and as with all things on the internet it can move or spread quickly.

    If you have one of the following programs then you’re at risk. According to Adobe’s notice it affects all platforms (Windows, Mac, etc).

    • Adobe Reader 8.1.1 and earlier versions
    • Adobe Acrobat Professional 8.1.1 and earlier versions
    • Adobe Acrobat 3D 8.1.1 and earlier versions
    • Adobe Acrobat Standard 8.1.1 and earlier versions

    The vulnerability has been fixed in version 8.1.2 so update all your computers to avoid this one. Antivirus software can also protect you if you keep it up to date and use a well established product.

    Another fake anti spyware site

    All these fake sites and applications are becoming a bigger problem. The latest is called removal-tool . com (warning, do not try going to this site). It appears to be a collection of spyware removal tools except that it actually tries to install quite a few different bits of malware on your computer. It’s a malicious web page in disguise.

    wolf The web site looks nice, contains a blog, a news section, and reviews. The authors went to some effort to make it look convincing. Most of the links on the site even work. It would be difficult to tell that this site will compromise your computer.

    Good anti virus software these days has the option to filter all web pages and they stop most of these sites before your web browser starts loading them. It’s a good investment.

    Another technique to avoid these traps is to use a less popular web browser such as Firefox or Opera, or to use a less popular operating system such as Mac OS or Linux.

    At the moment the majority of malicious code is designed to target Windows and Internet Explorer. That’s not to say that other systems are immune, malware is just less common on them.