Many Trojan infections may start by a simple email message with a link to a web site that will install Trojan files. This is a common scenario such as in the case of Storm Worm also known as Win32/Nuwar which is a Trojan dropper. In the case of Storm Worm and many other similar Trojans they may be continually updated to avoid detection and this is what makes them so dangerous. The hackers who develop these infections are busier than ever and increasing rate of attacks.

In addition to malicious email messages we find that hackers are attacking legitimate websites through banner ads via ad networks. What better way to get a computer users attention and sneak in a Trojan than through a simple banner ad on a well-known website? Microsoft has also discovered that Adware has increased over 66 percent just in the end of last year.

Despite the scary reports from Microsoft, computer users can still make a valid attempt to protect themselves. It is suggested that all computer users who use the internet keep all security applications updated and run the latest reputable spyware, firewall and virus software available. Microsoft will also suggest that you keep the Windows operating system up to date as well to limit any discovered vulnerabilities that may allow the installation of Trojan files.

Trojan.Win32.SystemCrash is a definite parasite that can potentially install other infections or rogue programs onto your computer. When you pair a clear-cut Trojan infection with a well known and trustworthy company as a found parasite, you have serious problems. If Malware Bell had any type of credibility with its horrendous claims, it is gone now.

The last time we checked, PCTools was a legitimate company for computer tools that aid in the removal of parasites and registry repairs. This goes to show that the Malware Bell program is full-of-it and has no justifiable claim for removal of actual malware or other infections from your computer. In the past other rogue anti-spyware programs have made several false claims and displayed exaggerated scan results. If we are able to recognize a found parasite as being a legit company and/or program then the hackers have not done their job in fooling us.

Computer users that are educated and up-to-date on the names of genuine companies will immediately throw Malware Bell out of the window. The creators of Malware Bell will not succeed in their ultimate scheme after its false classification is exposed.

Note: If you have Malware Bell installed it can be removed. Follow the link here to remove Malware Bell.

Trend Micro, a security company, has already identified the spam messages as having an April Fool’s image which was taken from a simple Google image search using the keyword “April Fool’s Day”. The image is not original in the since that the spammer did not created it.

Contained within the spam message image that was so cleverly stolen from a Google image search is an embedded hyperlink to a malicious website that downloads executable files so appropriately named foolsday.exe, funny.exe and Kickme.exe. The names of the executable files are known to change to other names so detection may be difficult. Trend Micro has already taken action to block the website or websites that download the harmful executable files for their customers.

The spam message image resembles below.

This threat may not be as intense as others that spring up during other popular holidays but it proves how sneaky spammers and hackers are with the use of a holiday for their malicious acts. Internet users should always educate themselves of the newest threats especially around a holiday when spam messages utilize the name of the holiday to infiltrate computers on the internet for self gain and malicious intent.

Included with the Safari 3.1 package is a better execution of functions to keep Safari safe for internet surfers. An issue that a previous windows version of Safari had was the validation of certificates for websites. This gave hackers the ability to direct users to a legitimate site with a valid SSL certificate and then later redirect the user to a phishing website. Because Safari did not have a phishing filter this would happen without any road blocks causing potential identity theft.

Other vulnerabilities have been corrected in Safari 3.1 making it a valid competitor among other web browsers due to its clean and uncluttered interface. Some may agree that Safari is a faster browser than other popular applications. Then some may agree that Safari is way behind the times when put against more popular browsers. Either way Safari 3.1 is a compelling competitor for usability and security on the web with the many improvements over previous versions.

Cross-site scripting was one major flaw in the security aspect of Safari. This allowed attackers to spoof websites to make users unaware of their information being shared among malicious web sites. Many of the highlighted vulnerabilities that were repaired are listed on Apple’s website.

Credit card numbers were stolen during the network breach which resulted in several fraud cases where the card numbers were used or had attempted use. The breach affected all 165 Hannaford stores in the northeast US, 106 Sweetbay stores in Florida and a small number of independent stores that sell Hannaford products.

Card numbers are known as the only thing that was stolen. Customer’s personal information such as names, phone numbers, and addresses were not obtained by the crooks. The breach is now known to have been happening since December 7th of last year and Hannaford didn’t become aware of the attack until February 27th. The discovery on February 27th resulted from multiple customers reported fraudulent activity on their cards.

What has Hannaford done about this incident?

Hannaford president and CEO Ronald C. Hodge said Monday, “We have taken aggressive steps to augment our network security capabilities,…” “The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization,” The company has since asked customers to monitor their credit and debit card activity. The U.S. Secret Service is suppose to monitor and patrol fraudulent incidents such as this. They have confirmed that they are further investigating.

The source of the breach has not been disclosed as of yet. Card holders are urged to be mindful and monitor the activity on their card in the meantime until the investigation has run its course to identify the origin of the attack.

Hackers are turning up their rate of attacks lately. The security vendor Symantec noted that several other breaches have occurred in the past week including breaches of Harvard University, MTV Networks, Blue Cross Blue Shield, and others. No matter where we use our debit and credit cards, we must all be on the alert and monitor the activity of our accounts to prevent fraud and identity theft from hacker attacks that we cannot control.

MonaRonaDona is one of the latest dirty parasites to hit the internet causing havoc on user’s computers. Certain unconfirmed reports online have stated that MonaRonaDona may come from a possible malicious program called Registry Clean Fix. MonaRonaDona may also be a creation from another program called Unigray which is supposed to be a virus detection and removal tool. It was discovered that Unigray is not a legitimate virus tool but part of a Trojan infection. Both of the mentioned programs are all part of painting the full MonaRonaDona picture which is a ploy to infect your computer.

Once a computer is infected with MonaRonaDona it may display messages that are sarcastic in nature but effective in scaring the average computer user. The message that is circulating online from people with computers infected by MonaRonaDona reads:

Hi, My name is MonaRonaDona. I am a Virus & I am here to Wreck Your PC. If you observe strange behavior with your PC, like program windows disappearing etc, it’s me who is doing all this. I was created as a protest against the Human Rights Violation being observed throughout the world & the very purpose of my existence is to remind & stress the world to respect humanity.

This message is a trigger for most users to start a search for a solution to removing MonaRonaDona. Performing a search for MonaRonaDona removal processes may lead to users mistakenly clicking on malicious website links that promote rogue software and/or install Trojans onto your computer. This is a cleaver tactic used by MonaRonaDona and may lead to further destruction of your system if you are not carful. This tactic is something fairly new in the security world. It is only natural for a computer user to start searching the internet for a solution to a problem. In the case of MonaRonaDona it is set up as a trap where the odds are some users will actually be directed to a dirty website and end up fighting a losing battle.

MonaRonaDona is the start to new passive tactics used by hackers that create malicious programs. Ultimately the hackers that create MonaRonaDona are out to lure people into a trap and you may end up spending your money on a useless program such as the previously mentioned Unigray. It is always a good suggestion to make sure the source of any website that offers a removal guide is further investigated. Computer users can investigate websites by checking the content, if a site has plenty of valid content aiding in removing parasites then it is legitimate. If a site is brand new with only a few valid pages then it may be a malicious site and you must avoid it at all costs.

The hackers that created the Vundo infection are using a 404 toolkit method to load malware onto computers on the internet. The infection of a Trojan was recently discovered through a spam email message resulting in the installation of other malware as reported by Trend Micro. The spam message includes an image once the image is clicked on it will redirect you to a malicious website that loads an executable file onto your system. The file was identified to root from the address hxxp://BLOCKED-carvalhal.pt/tits.exe which was detected as TROJ_SHEUR.HD. The link source for this file was recently shut down.

The process that a 404 toolkit uses is during the end of the infection process results in the infection installing a rogue anti-virus product. In the case of the Vundo exploit it was the Winfixer program that was installed which is a fake anti-virus program.

The visit to the malicious website that started this infection had 2 other scripts that redirects to 2 different URLs. During the execution of the 2 scripts it leaves your computer in a busy state where it is not accessible. The 404.php page redirects you to a malicious site as well as other pages found off of the undisclosed web address. Trend Micro performed an examination of the scripts and it seems it is an ongoing process of loading dirty files onto a users computer when they visit this malicious website.

Below are other files that are loaded when the scripts are executed.

u_f1_v34_78.exe
inst250.exe
krab.exe
loader.exe
ldig002.exe
terasole.exe
2302.exe

Below is a list of the malware that was detected after the scripts have run and infected your computer.

ctfmona.exe -> TROJ_DLOADER.JG
Fsd9mk4g.dll -> TROJ_DLOADER.DUF
inst250.exe -> TROJ_DROPPER.DRL
Jfs9jg.dll -> TROJ_SMALL.BKJ
krab.exe -> TROJ_AGENT.WNQ
ldig002.exe ->TROJ_DLOADER.ENR
msgk429.exe -> TROJ_DNSCHANGE.Y
symavc32.sys -> TROJ_ROOTKIT.EZ
u_f1_v34_78.exe ->TROJ_DNSCHANGE.Y
winlogan.exe -> TROJ_DLOADER.DJH
Wmgq44.sys -> TROJ_ROOTKIT.EZ
ieupdr2.exe -> TROJ_DLOADER.LSI
ie_updates3r.exe -> TROJ_DLOADER.LSI
jf-carvalhal[1].txt -> JS_CLICKER.ZU
loader.exe -> TROJ_CUTWAIL.AR
msgk251.exe -> TROJ_CUTWAIL.AR
nwan.dat -> TROJ_PROXY.TO
terasole.exe -> BKDR_MOMIBOT.B
tits.exe -> TROJ_SHEUR.HD
WinIFixer.exe -> TROJ_WINFIXER.FD
winlugan.exe -> TROJ_DLOADER.LSI
WLCtrl32.dll TROJ_AGENT.ANX

It is recommended that users avoid email messages that contain suspicious links or embedded links attached to images. If a website has a dirty or porn image it is suggested that you delete the email before you are redirected to a malicious website such as the one previously mentioned.

Hackers attempted to steal information by means of spam attacks on the national defense at the Pentagon. We all would hope that our national defense is aware of the potential of attacks from hackers by use of spam so we can be assured that our nation’s secrets are not exposed and up for grabs to the highest bidders. The website GovernmentExecutive.com cited an account made by the chief information officer Dennis Clem of the Office of the Secretary of Defense in regards to the attack last summer:

During the attack, spoofed e-mails containing recognizable names were sent to OSD employees. When they opened the messages, user IDs and passwords that unlocked the entire network were stolen; as a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder.

“This was a very bad day,” said Clem during a panel discussion at the Information Processing Interagency Conference Tuesday. The breach continues to pose a threat, he added. “We don’t know when they’ll use the information they stole, [which was] an amazing amount, [including] processes and procedures that will be valuable to adversaries.”

The typical spam attack demonstrated at the time of the attack is all-too-familiar to thousands of internet users around the world. Employees of business can relate to the type of attack that occurred at the Pentagon and have probably been through the same type of scenario.

Unfortunately many home users fall victim to an attack like this on a much smaller scale. It is always a good suggestion to keep your Windows software up-to-date as well as any spam filters and anti-spyware protection programs. The Pentagon, as mentioned in other articles online, provides instructions for its staff to prevent any type of potential threat to their security. Even in the event that a Windows vulnerability is discovered, business around the world including the Pentagon have certain measures in place to act in response to known hacker attacks.

What is so dangerous about the discovered “link hack” is the links are displayed as legitimate MySpace.com links that are trusted by visitors and users of MySpace. Websense, a security researching company, recently said the link hack technique allows attackers to create malicious anchor tags over the majority of a given MySpace.com page. Many social sites such as MySpace.com allow their users to change the look and layout of personalized pages. With the “link hack” method in the wrong hands it could potentially redirect a large number of visitors to certain MySpace.com or phishing pages that a hacker chooses to setup.

What can MySpace.com visitors do to protect themselves?

Currently Websense is monitoring the phishing activities on MySpace.com and have shut down known phishing sites that are part of the link hack. Ingenious tactics are used such as changing a profile page on MySpace.com daily to mask the hacked links on pages. This means visitors should be cautions of pages where the layout and content changes on a daily basis. It is always a good suggestion that visitors to MySpace.com always be mindful of which links they choose to click on. It does not hurt to check the source of any link or redirecting link on MySpace.com

The disruption of YouTube services Sunday brings serious questions to the table as to how vulnerable internet services are. According to network experts, the flaw uncovered due to YouTube’s outage may lead to a serious security problem.

In techie terms, the issue is underlying in the way Internet Service Providers (ISPs) share routing information called Border Gateway Protocol (BGP). This is a standard protocol used by routers so that computers on the internet can be found. The ISPs share this information with one another and when one ISP has the bad batch of information it is shared with the rest of the internet.

In non-techie terms, you can think of this incident as spreading a rumor at that office. One person tells another, then the other person tells yet another and then by the end of the day the information has been twisted and construed. With the YouTube incident, the BGP data was only intended to block access to YouTube inside of Pakistan and not other sources. The information was accidently transmitted to other ISPs causing a much bigger widespread outage of the YouTube service.

The origination of the outage as reported yesterday, came about due to an alleged anti-Islamic video hosted on YouTube. The Pakistan Telecommunication Authority ordered the blocking of ISPs accessing YouTube.

If hackers gain the ability to spread this type of bad rerouting data such as in the YouTube outage, they could cause serious damage on the internet. This highlights a serious internet flaw and vulnerability. The information spread from ISPs must be monitored or intercepted in order to limit such an attack. Several protocols could have been put into motion to prevent the widespread outage for the YouTube services. In the end of any situation on the internet such as the YouTube incident, the culprits are usually identified but only after the damage has been done. This uncovers yet another secrete about the internet and the discovery of more security issues.