Trojan.FakeAv.QF

FakeAv is a new virus that infects computers released on 18th aug,09..... A rogue antivirus program called "Total Security 2009" that runs at system startup. A desktop shortcut and a Start menu entry are added by some variants.

These threats arrive mainly via spammed email messages that contain a link to a bogus celebrity video scandal, although the said link is also circulating in instant messaging applications and private messages in social networking Web sites.

1. A pseudo-scan starts and the same hardcoded detections are presented to the user, regardless of the state of the system.

"Total Security 2009" is quite aggressive in forcing the user to register. New processes are declared to be infected and killed instantly.this virus causes low damage and medium spreading,but involves huge amount of interruptions.

BitDefender is probably the only antivirus till date which is able to detect it,but does not remove.Removal involves a lot of overheads.It leaves no traces where it gets installed and is almost untraceble.

1: close unnecessary services by using minimum services option at startup,coz this FakeAv starts during boot time.

2: scan with bitdefender and quarantine

3: go to C:\Documents and Settings\All Users\Application Data\17439374 and manually delete 17439374.exe

ur done........restart ur computer and ur virus free

Pay-per-email plan may help stop spam.....

In a bid to thwart spammers,researchers are planning to add a "postage stamp" to emails.The plan of pay-per-email,then say will help
reduce unwanted spams and money thus generated will go to charity.Spam is more abundant than ever:making up more than 90%of all emails sent globally.Most is in inturcepted by anti-spam programmers that filter spam by its origin or content.
Yahoo! Reserach,s Cent mail is resurrecting an old idea-charge every email being sent so as to make spamming uneconomic,New scientist reported.What more.The cent paid for an accredited "stamp" to appear on each email goes to charity .CentMail's investor think it will be more successful than previous approches to make email cost to users is offset by the good feeling of giving to charity.Some previous scheme,such as Goodmail, simply pocketed the charge for virtual stamps.javascript:void(0)
The problem with any "economic" approach is that it costs money or effort for legitimate senders as well as spammers ,Yahoo! researcher Shard goel explains by passing the money onto a charity of sender choice,and showing the donation in a "stamp" at the bottom of every email sent ,CentMails aims to make senders feel an altruiststic glow to balance that percieved cost.
That could also persuade people to sign up without waiting for the system to become widespread."we think this is a more socially efficcient approach to reducing spam ,"Goel was quoted by New scientist as saying.But everyone isn't optimistic about idea ."some people think that if you put any kind of barrier in the way of sending email,it's sacrilege,"says Scott Fahlman of carnegie Mellon University in Pittsburgh,Pennsylvania.
People may not wish to receive messages plugging a cause they dont agree with." I might feel that by accepting his messages ,I'm implicity supportes thet I might be vehemently against,"Barry leiba of IBM says.

What is email forging???

Email forging allows an attacker to disguise the source of an email and send it to the victim. Most attackers use this technique to fool the victim into believing that somebody else has send the particular email.
The SMTP protocol makes it extremely easy for an attacker to send forged emails to a remote user.
Typically an attacker carries out email forging by following steps:

1) Start Command Prompt and type the following command-
c:/>telnet smtp.mailserver.com 25 or c:/>telnet mail.domain.com 25
example:- c:/>telnet smtp.gmail.com 25
The above command opens a telnet connection to the specified remote mail server on port-25. Where port-25 is the default SMTP port on which outgoing mail daemon runs.

Tracing mails made easy

The most effective and easiest way to trace an email is to analyze it's email headers. This can be done by just viewing the full header of received email. A typical email header looks something like this:


From Barr Thu Jan 3 05:33:26 2008
X-Apparently-To: prasannasherekar@yahoo.co.in via 203.104.16.34; Thu, 03 Jan 2008 05:25:38 +0530
X-YahooFilteredBulk: 189.160.34.89
X-Originating-IP: [189.160.34.89]
Return-Path:
Authentication-Results: mta113.mail.in.yahoo.com from=destatis.de; domainkeys=neutral (no sig)
Received: from 189.160.34.89 (HELO dsl-189-160-34-89.prod-infinitum.com.mx) (189.160.34.89) by mta113.mail.in.yahoo.com with SMTP; Thu, 03 Jan 2008 05:25:38 +0530
Received: from dvapa ([141.203.33.92]) by dsl-189-160-34-89.prod-infinitum.com.mx with Microsoft SMTPSVC(6.0.3790.0); Wed, 2 Jan 2008 18:03:26 -0600
Message-ID: <477C264E.3000604@destatis.de>
Date: Wed, 2 Jan 2008 18:03:26 -0600
From: "Barr" Add to Address Book
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: prasannasherekar@yahoo.co.in
Subject: angel rubberneck
Content-Type: multipart/related; boundary="------------030604060204000701040304"
Content-Length: 16433


The above email header gives us the following information about it's origin and path:

a) Sender's email address :- atiles@destatis.de

b) Source IP address :- 141.203.33.92

c) Source mail server :- dsl-189-160-34-89.prod-infinitum.com.mx

d) Email client :- Thunderbird 2.0.0.6

There are lots of ready-made tools available on the internet which performs email tracing very effectively and shows exact geographical location for email sender on the world map.


Recommended Tools
NeoTrace http://www.neotrace.com
VisualRoute http://visualroute.visualware.com
E-MailTracker http://www.visualware.com

SPAMMING and MAILBOMBING

Spam :- Every e-mail account and network on the internet has limited space and bandwidth. This means that if an attacker is able to clog up all the inbox space and bandwidth of the target computer, it could cause lot of inconvenience and unnecessary trouble. Spam e-mails have slowly but surely started clogging up the bandwidth on the internet and the memory space in our inboxes.

MailBombing:- Mailbombing is a technique wherein the attacker floods victim's e-mail account with an extremely large (sometimes infinite) number of unsolicited meaningless e-mails. Two different types of mailbombing are-

a) Mass Mailbombing
b) List Linking Mailbombing

All about cracking passwords

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :


1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs.


3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.