Top 10 Most Prevalent Global Malware

from January 20 to January 26, 2006 :

1. WORM_GREW.A
2. SPYW_DASHBAR.300
3. SPYW_GATOR.F
4. HTML_NETSKY.P
5. WORM_MOFEI.B
6. WORM_NETSKY.P
7. EXPL_WMF.GEN
8. ADW_TBARWIN32.A
9. ADW_SLAGENT.A
10. JAVA_BYTEVER.A

SYMBOS_SNDTOOL.A - Sending Mobile Malare

SYMBOS_SNDTOOL.A is Symbian malware that affects mobile devices running the Symbian operating system with the Series 60 Platform user interface. This malware is currently spreading in-the-wild and infecting the following phone models:

Nokia 3600
Nokia 3620
Nokia 3650
Nokia 3660
Nokia 6600
Nokia 6620
Nokia 7610
Nokia 7650
Nokia N-Gage
Panasonic X700
Sendo X
Siemens SX1

Once installed on an affected mobile device, it drops files in a specified drive of the affected phone. It then searches for online Bluetooth devices and sends to the first online device it finds the following possibly-malicious file specified in
PATH.TXT:

LE:\pbcompressor.Sis

(Note: LE is not a valid path for the Symbian platform.)

Malaysia to track down 'Bigfoot'

Do you believe in 'Bigfoot' ?, Malaysia's southern Johor state government said on Thursday it would launch its first official effort to track down the mysterious "Bigfoot" creatures said to be roaming its jungles.

Johor Chief Minister Abdul Ghani Othman said scientists and national park officials would try to track the hairy man-like beasts, which have generated intense interest from wildlife experts at home and internationally.

"We have obtained descriptions of the creature from those who claimed to have seen it... we hope the expedition will be able to prove its existence," Abdul Ghani told the state Bernama news agency.

A Johor state official, who did not wish to be named, said a state councillor had been tasked with assembling a team to carry out the investigation, which follows numerous reports of Bigfoot sightings in recent months.

"This is the first time the state is going to look into it officially," he told AFP.

"They have to do it in a proper way according to scientific approaches," he said, adding that no date had been set yet for the first foray.

Johor is home to large tracts of jungle, including its famed Endau-Rompin National Park, and unconfirmed sightings of large creatures surface periodically there.

Bigfoot fever erupted last month when some workers claimed to have spotted three of the beasts, two adults and a youngster.

The improbable tale was given wide coverage in the national press which also printed photographs of supposed footprints — vague impressions in the jungle floor.

Wildlife authorities have been searching the forest to verify the claims, and also set up a telephone hotline for members of the public who claim to have seen the beast to relate their stories.

Vincent Chow, an environmentalist who has been lobbying the government to look into the claims, hailed the move as the world's first government-led investigation into Bigfoot.

"We are the first country in the world to openly welcome suggestions to study whether this creature exists or not," he said.

Chow said he was working with Johor officials to work out the details of the probe, and that the study would be a serious long-term effort to track down the creatures and list them among Malaysia's fauna.

"We are seeing how best we can formulate an approach that will not be threatening or harmful to the animal," he said.

Sightings of mythical ape-like creatures have been reported in wilderness areas all over the world. They are known as Bigfoot or Sasquatch in the United States and Canada, and yetis in the Himalayas.

A new website has been launched in the UK. The site is considered to be the next frontier in warrant-free surveillance and will allow users to track any mobile phone all around the globe. With a cost of only US$30 for every request made, this new service uses cell tower data (GPS, when available), which enables the seeker to find the location of just about any GSM cellphone. All you have to do is just to enter the number you want to track into the service's handy Google Maps-based interface and you will be able to track a mobile phone accurately between 50m to 500m.

The service is compatibile with Vodafone, Orange and T-Mobile operators in the UK. However, some freedom movement groups in the UK are concerned about the fact that this service will allow everybody to track any number they want without the permission of the mobile phone owner.

KDE kjs UTF-8 Encoded URI Buffer Overflow Vulnerability

Maksim Orlovich has reported a vulnerability in KDE kjs, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a user's system.

KDE or the K Desktop Environment allows for easy navigation with the aid of the K File Manager, Virtual Desktops and use of KDE-based applications like K-Edit. Currently, installed by default on many Linux distributions with notable exceptions of RedHat (GNOME) and Debian (Window Maker).

The vulnerability is caused due to a boundary error in kjs in the decoding of UTF-8 encoded URI sequences. This can be exploited to cause a heap-based buffer overflow by supplying specially crafted JavaScript code via an application using the affected JavaScript interpreter engine (e.g. Konqueror).

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in versions 3.2.0 through 3.5.0.

Solution:
Apply patches.

KDE 3.4.0 - 3.5.0:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff
ecc0ec13ce3b06e94e35aa8e937e02bf

KDE 3.2.0 - 3.3.2:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
9bca9b44ca2d84e3b2f85ffb5d30e047

Provided and/or discovered by:
Maksim Orlovich

Original Advisory:
http://www.kde.org/info/security/advisory-20060119-1.txt

iPod popularity increases iTunes consumers

Survey proofs that popularity of iPod make more consumer visit iTunes music store

According to the survey done by Nielsen NetRatings, the percentage of iTunes user increase like crazy, amazing 241 percent on 2005.

Between December 2004 until December 2005, Total users visiting iTunes website increase from 6.1 million users to 20,7 million users. This mean, about 14 percent of active Internet population continue using service iTunes time after time.

"This users are very eager to be able to control their own music library, one song at a time" said Jon Gibs, Director of Media Analysis of Nielsen NetRatings.

According to Nielsen, the most iTunes user are between 12 to 17 years old. This population reach over twice of other age population.

Grow Up - WORM_GREW.A (Low Risk)

WORM_GREW.A propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine.
It can then send email messages without using mailing applications (such as Microsoft Outlook). It gathers email addresses from files with certain extensions, such as DOC, PSD, RAR, and ZIP. It also propagates through network shares, by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself using the file name WINZIP_TMP.EXE. It is currently spreading in-the-wild, and infecting computers that run Windows 98, ME, NT, 2000, XP, and 2003 Server.

Upon execution, it drops and opens a .ZIP archive named SAMPLE.ZIP in the Windows system folder. This worm also deletes autostart registry entries, as well as associated files of several programs, most of which are related to security and antivirus applications. These routines may cause referenced programs to malfunction, effectively making the affected system more vulnerable to further attacks.

In addition, it is capable of disabling the mouse and keyboard of an affected system.

Game is the most wanted feature on cellphone

According to survey done by Sprint, one third of cellphone users play game through theire cellphone.

This Survey take samples from registered cellphone user in the US. The result, 57 % of mobile gamers mostly play game while in the waiting room, 52 % while travelling, 37 % while in the airport. And 32 % of respondent say that they often play game while in the toilet.

Meanwhile, 56 % of respondents want more feature on the cellphone, like clock, calendar, music, game, camera also cellphone that glow in the dark.

Sprint notices that gamers interest of mobile game is increasing. For example, one of the customers has played Bejeweled Multiplayer for more than 40.000 times. Crazyy! This is the same as playing game for 2.000 hours. Bejeweled is a very popular puzzle game.

Beside game feature, 29 % of respondent say need camera feature while for television or video clip only takes 8 %.

How To Stop PC from rebooting automatically

My computer has been rebooting itself for seemingly no reason. When it restarts there's usually a message saying it's recovered from a serious error. What's the matter?

Your computer is probably overheating, which usually happens if you’re using a program that demands a lot of processing power — like a game or graphics application.

If your CPU runs at over 60 degrees your computer may shut down automatically to prevent the CPU from burning out. It's possible that the fins on the heat sink under the CPU are covered in dust, restricting airflow and preventing decent cooling. Cleaning the fins may well reduce the CPU temperature.

Try Google to find a lot of free utility that tells you at what temperature your CPU and harddrives are operating.

If overheating isn’t the problem, bad memory is probably the culprit. Open the PC case, remove or replace on RAM stick and run your computer for a while. If your computer doesn’t reboot, you've found the source of your problem.

If your problem does recur though, repeat the process for each RAM stick until you find the faulty memory.

Top 10 Most Prevalent Global Malware

From January 7 to January 13, 2006:
1. WORM_SOBER.AG
2. SPYW_DASHBAR.300
3. JAVA_BYTEVER.A
4. SPYW_GATOR.F
5. HTML_NETSKY.P
6. WORM_NETSKY.P
7. WORM_MOFEI.B
8. ADW_LOP.A
9. TSPY_SMALL.SN
10. TROJ_BAGLE.AH

TROJ_WMFCRASH.B

This Trojan is a .WMF file that takes advantage of an unpatched vulnerability found in Windows Picture and Fax Viewer. It runs on Windows XP and Server 2003, and is currently spreading in-the-wild.

The Windows Picture and Fax Viewer vulnerability is a zero-day exploit that is
capable of remote code execution. Zero-day exploits are thus named because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may leave systems vulnerable, due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.

Once this malicious .WMF file is opened, it proceeds to launch a denial of service attack in an attempt to restart or terminate the legitimate system process EXPLORER.EXE. The said action leaves an affected user unable to navigate through Windows.

After performing its routine, this Trojan terminates itself.

Blind Gamer

If you think blind man can not play video game, then you are wrong !
This 18 years old man "Brice" is blind since born, He is one of the Mortal Kombat game contestant.
He even beat his "enemy" which has normal sight in less than 3 minutes.
To prepare himself for Mortal Kombat competition in Japan he practices in Lincoln DogTags Game Center Nebraska. In Japan he will fight another champion of Mortal Kombat.

So how can Brice do this ? For Brice, the most important thing is the sound. Brice use the sound as indicator of the fight. With different sound, he can anticipate what his opponent will do.
"Who knows, may be there is a better fighter than me out there, that is why I keep practicing so I can win this competition" Brice said.

Google Fight

Today I find interesting site where I can compare or "fight" keywords on Google search engine. This site will show us which keyword is the more popular one for example "Bill Gates" is more popular than "Linus Torvalds" and "naked" is more popular than "clothed", hmm...

First Mandriva Linux 2007 pre-release available

We're still a long way from the release of Mandriva Linux 2007 in fall
2006, but the pre-release cycle has already started with the release
of the first pre-2007 Cooker snapshot, named 2006.1. This pre-release
is available for testing from the /devel/iso/2006.1/ directory on the
public FTP mirrors, and features KDE 3.5. Please be aware that this
is a pre-alpha snapshot released purely for the purposes of testing
the current state of Cooker and especially the installation process,
it is not tested or stabilized and should only be installed on
testing machines. Of course, report any bugs you find to Bugzilla.
Happy bug hunting!
http://qa.mandriva.com

Mandriva Linux Tips For Free finishes its review of Mandriva Linux 2006

The community site Mandriva Linux Tips For Free's extensive look at
Mandriva Linux 2006 concludes with part three of a multi-part look at
Mandriva Linux 2006. This final part covers multimedia, productivity
and entertainment software and software issues, as well as discussing
security, Club membership and the future, before coming to conclusions
about Mandriva Linux 2006 and desktop Linux in general. This extensive
three part series has been a tour de force and by far the most
detailed coverage of Mandriva Linux 2006 you'll find anywhere, so if
you haven't read it yet, catch up today!
http://www.mandrake.tips.4.free.fr/review2006pt3.html

Microsoft Released WMF security fix

Microsoft released a security fix for a recently discovered flaw in its Windows operating system several days early, in a bid to foil hackers trying to exploit the vulnerability.

The software giant released the security "patch" ahead of its original plan to distribute the update on January 10.

The patch can be downloaded from the company's website at www.microsoft.com/technet/security/bulletin/ms06-001.mspx.

Earlier this week, the company said the problem was "worse than a critical flaw," because it allows hackers to take control of a computer from over the internet.

"Microsoft originally planned to release the update on Tuesday, January 10, 2006, as part of its regular monthly release of security bulletins, after testing for quality and application compatibility was complete," the company said in a statement.

"However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible."

Microsoft said its monitoring of attack data "continues to indicate that the attacks are limited and are being mitigated both by Microsoft's efforts to shut down malicious websites and by up-to-date signatures from anti-virus companies".

The Windows Meta File flaw evidently went undetected and unexploited for several generations of Windows platforms, analysts said.

The vulnerability allows malicious code to be slipped into an unsuspecting user's computer via graphics files, analysts explained.

Experts have joined Microsoft in urging PC users to download the update.

Google and Motorola team up

Google, the US internet search engine, is to cooperate with Motorola in the area of mobile phones, the head of Google Europe, Nikesh Arora, said in a German newspaper interview on Friday.
"In the next two years, the Google icon will be integrated into the screens on Motorola handsets and will be accessible via a click," Arora told the business daily Handelsblatt.
Initially, mobile phone users will be able to use the Google search engine via their mobile phone handsets. But the service will be expanded to include mobile services with local content, such as city maps and route planners, Arora said.

Google button on Motorola mobile phone

Motorola will launch mobile phone with Internet Accsess capabilities. The phone has special button and when it pressed it will bring user to Google page. Motorola planned to launch this phone on first quarter this year. But Motorola doesn't give any detail on what type of the phone and what OS this mobile phone will use.
Beside Google, this phone will also has Yahoo Go Mobile which is mobile version of Yahoo search engine.
Marco Boerries, senior vice president of "Connected Life" division from Yahoo said that Motorola also ask Yahoo to add content onto this phone that the specification is still secreet.

New Intel® Viiv™ Technology

Explore endless entertainment options from the comfort of your couch. With an Intel® Viiv™ technology-based PC and supporting devices, you can enjoy a growing universe of digital media content.

Take charge of your media

Watch what you want to watch, when you want to watch it¹. Record, pause and rewind live TV^{^}. Show off your digital photos in the living room, or turn it into a home theater with support for up to 7.1 channel surround sound.

Share movies, photos and music

Intel® Viiv™ technology makes it easy and fun to share your digital media with friends and family from the comfort of your couch ^{^}.

Digital life simplified

Intel® Viiv™ technology puts the power of your digital media library into your hands.^{^} Now you can search, find, play and watch even faster.

Entertainment services

With your Intel® Viiv™ technology-based PC, you can access a wide variety of global, on-demand entertainment services from companies like Movielink*, Yahoo MusicMatch*, DISCover*, Adobe* and many more. These include services that deliver content directly to consumers, as well as solutions that will help software providers bring Intel Viiv technology verified content to market faster.

Music

Access over a million songs from both subscription and purchase options. Make playlists, and watch concerts and videos.

Games

Download hundreds of games from arcade classics to the hottest new titles and play them on the big screen.

Photos

Organize, edit and share your photos.

Intel® Viiv™ powered by Dual-core 64-bit processing power means smooth performance and complete control of your digital media.

Sony Ericsson W810i - 2GB Storage Walkman Phone

Rock 'n Talk go hand in hand this year, and Sony Ericsson is adding its own announcements to the flurry of new music/phone crossbreeds. In an update of the W800i music phone the company released last fall, Sony Ericsson's W810i brings some much-needed style to the category. Dressed in black and ready to party, the W810i is more or less the same handset as its predecessor on the inside, though it does sport a nice 2-megapixel camera. It accepts up to 2GB of storage media via Memory Stick Duo.

Virus Threat - Trojan.Satiloler.B

Trojan.Satiloler.B is a Trojan horse that attempts to steal user names, passwords, and other information from the compromised computer. It also attempts to open a proxy server on a random TCP port.

It has been reported that the Trojan is downloaded by malformed WMF files that utilize the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability

System Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Trojan.Satiloler.B is executed, it performs the following actions:

1. Creates the mutex named "_Toolbar_Class_32" so that only one instance of the Trojan is executed on the compromised computer.
   
   
2. Copies %System%\userinit.exe, which is a valid system file, as the following file and then deletes it:
   
   %Windir%\system\userinit.exe
   
   Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
   
   
3. Copies itself as:
   
   
   • %System%\userinit.exe
   • %ProgramFiles%\Common Files\system\lsass.exe
     
     Note:
   • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
   • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
     
     
4. Creates the following files:
   
   
   • %System%\xvid.dll
   • %System%\xvid.ini
   • %System%\divx.ini
     
     
5. Adds the value:
   
   "system" = "%ProgramFiles%\Common Files\system\lsass.exe"
   
   to the registry subkey:
   
   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
   
   so that it runs every time Windows starts.
   
   
6. Modifies the values:
   
   "SFCDisable" = "FFFFFF9D"
   "SFCScan" = "0"
   
   to the registry subkey:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
   
   to disable Windows File Protection.
   
   
7. Adds the value:
   
   "System" = ""
   
   to the registry subkey:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
   
   
8. Modifies the original %System%\sfc_os.dll or sfc.dll file and its backup in %Windir%\dllcache in order to disable System File Protection.
   
   
9. Attempts to close windows that have the following title:
   
   
   • Create rule for %s
   • Un processus cache requiert une connexion reseau.
   • Ne plus afficher cette invite
   • Un proceso oculto solicita acceso a la red
   • Aceptar
   • Warning: Components Have Changed
   • &Make changed component shared
   • Hidden Process Requests Network Access
   • Ein versteckter Prozess verlangt Netzwerkzugriff.
   • PermissionDlg
   • &Remember this answer the next time I use this program.
   • &Yes
   • Windows Security Alert
   • Allow all activities for this application
     
     
10. Attempts to end the following processes:
    
    
    • WINLDRA.EXE
    • NETSCAPE.EXE
    • OPERA.EXE
    • FIREFOX.EXE
    • MOZILLA.EXE
    • M00.EXE
    • WINTBPX.EXE
    • SWCHOST.EXE
    • SVOHOST.EXE
    • SVC.EXE
    • WINSOCK.EXE
    • SPOOLS.EXE
      
      
11. Attempts to disable the following programs:
    
    
    • C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    • C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      
      
12. Steals the following information and saves it to %System%\desktops.ini:
    
    
    • POP3 Username
    • Password for Internet Explorer AutoComplete
    • TheBat passwords
    • e-gold account information
      
      
13. Searches for the following strings in the Web browser:
    
    
    • postbank.de
    • deutsche-bank.de
    • diba.de
    • 1822direkt.com
    • .haspa.de
    • .sparkasse-
    • mbs-potsdam.de
    • .homebanking-
    • .bankingportal.
    • dresdner-privat.de
    • .gad.de
    • citibank.de
    • .portal-banking.de
    • vr-ebanking.de
    • vr-networld-ebanking.de
    • cc-bank.de
    • commerzbanking.de
    • lacaixa.es
    • axabanque.fr/client/sauthentification
    • cahoot
    • egg
    • if.com
    • smile
    • first
    • nation
    • abbey
    • natwest
    • citi
    • barclay
    • allianc
    • bank
    • hsbc
    • lloyd
    • nwolb
    • online
    • hali
    • npbs
    • marbles
    • trade
    • rbs.
    • lacaixa.es
    • pin2
    • viabcp.com
    • pin
    • Payee_Account
    • bancaonline.
    • CLAVES
    • ebankinter.com
      
      
14. Logs the following Web activity to %System%\divx.ini:
    
    
    • URLs visited
    • Radio button and checkbox status
    • Keystrokes
      
      
15. Opens a proxy server on a random TCP port.
    
    
16. Posts the collected log files to [http://]fiv.bestswf.com/[REMOVED]/log.php.
    
    
17. Sends a HTTP request to [http://]fiv.bestswf.com/[REMOVED]/cmd.php with the following data gathered from the compromised computer and saves the response to %System%\xvid.ini:
    
    
    • Username
    • Geographical location
    • Opened port number

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

• Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
• If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
• Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
• Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
• Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
• Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
• Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

New Lexar Flash Drive with Capacity Meter

Flash drive maker Lexar unveiled new USB flash drives as part of their existing JumpDrive lineup. The most interesting among these is the JumpDrive Mercury, a drive with an integrated capacity meter.

The JumpDrive Mercury, which will be available in 1GB and 2GB capacities, utilizes “Electronic Paper Display” technology from E Ink Corporation in the integrated capacity meter, which displays how much storage space is left on the drive without the need to plug it into a computer. The display is a paper thin and reportedly shatter proof, not relying on power to maintain capacity information.

Also announced today was the JumpDrive Fly, a very small sized USB flash drive with storage capacities of 256MB, 512MB and 1GB.

"As we continue to grow our popular line of USB flash drives, what is emerging is an offering that is innovative, diverse and unique, with a particularly strong focus on meeting the demands of today's multimedia applications and levering breakthrough technologies that will give our customers new levels of flexibility, functionality and confidence while using a Lexar drive," said Steffen Hellmold, vice president and general manager USB flash drive and OEM products business unit, Lexar. "We firmly believe our distributors and partners will share our excitement when they see Lexar's variety of premium quality drives, with competitive capacities and strong feature sets well beyond storage."

The Phantom Lapboard - Keyboard for Gamers

Infinium Labs, Announced a new keyboard aimed at PC gamers. The Phantom Lapboard, which has had no price set as of yet, is expected out in the second quarter of 2006.

Infinium Labs described the Phantom Lapboard as a bespoke wireless keyboard and mouse. Features in this gamer friendly setup include 360 degree rotation of the keyboard, a lapboard under the keyboard which allows gamers to play from the comfort of their armchairs up to 30 feet away, full sized keys and an extended space bar.

"Where consoles have always scored over the PC games has been in the physical interface the user has with the game, said Infinium Labs CEO Greg Koler. “Our Lapboard changes all that. PC Gamers can get a premium peripheral that enhances the gaming experience considerably. It's also the perfect stepping stone and bridges the subsequent launch of the full service further down the line.”