Free spyware removal and spyware protection
Unfortunately, defeating spyware is harder than evading conventional viruses.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
Trojan.Win32.StartPage.jo
Wednesday, November 28, 2007
Aliases
Trojan.Win32.StartPage.jo (Kaspersky Lab) is also known as: StartPage-AI.gen (McAfee), Trojan.StartPage (Symantec), Trojan.StartPage.350 (Doctor Web), Trojan:Win32/StartPage.EZ (RAV), TROJ_STARTPAG.JO (Trend Micro), TR/OLCheck.2 (H+BEDV), Win32:Trojan-gen. (ALWIL), Startpage.6.AR (Grisoft), Trojan.StartPage.EZ (SOFTWIN), Trojan.Startpage.gen-11 (ClamAV), Trj/StartPage.HE (Panda), Win32/StartPage.JO (Eset)
Description added Nov 23 2007
Behavior Trojan
Technical details
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11776 bytes in size. It is packed using UPX. The unpacked file is approximately 48KB in size. It is written in Delphi.
Payload
Once launched, the Trojan will:
1. modify the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
These changes modify the configuration of Internet Explorer.
2. create the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
This will cause "%WinDir%\ziphelp.exe" to be launched each time the system is started, assuming that such a file is present on the victim machine
3. create the following shortcuts in the current user's Favorites folder:
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
The Trojan then ceases running.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the Trojan process.
2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3. Revert the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
4. Delete the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
5. Delete all shortcuts created by the Trojan.
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
Trojan.Win32.StartPage.jo (Kaspersky Lab) is also known as: StartPage-AI.gen (McAfee), Trojan.StartPage (Symantec), Trojan.StartPage.350 (Doctor Web), Trojan:Win32/StartPage.EZ (RAV), TROJ_STARTPAG.JO (Trend Micro), TR/OLCheck.2 (H+BEDV), Win32:Trojan-gen. (ALWIL), Startpage.6.AR (Grisoft), Trojan.StartPage.EZ (SOFTWIN), Trojan.Startpage.gen-11 (ClamAV), Trj/StartPage.HE (Panda), Win32/StartPage.JO (Eset)
Description added Nov 23 2007
Behavior Trojan
Technical details
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11776 bytes in size. It is packed using UPX. The unpacked file is approximately 48KB in size. It is written in Delphi.
Payload
Once launched, the Trojan will:
1. modify the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
These changes modify the configuration of Internet Explorer.
2. create the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
This will cause "%WinDir%\ziphelp.exe" to be launched each time the system is started, assuming that such a file is present on the victim machine
3. create the following shortcuts in the current user's Favorites folder:
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
The Trojan then ceases running.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the Trojan process.
2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3. Revert the following system registry key values:
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst" = "yes"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar" = "http://www.find-online.net/sp.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"Default" = "http://www.find-online.net/index.htm"
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
"provider" = "gog1"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://www.find-online.net/sp.htm"
4. Delete the following registry key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ziphelp" = "%WinDir%\ziphelp.exe"
5. Delete all shortcuts created by the Trojan.
%USERPROFILE%\Favorites\FINDONLINE.net
%USERPROFILE%\Favorites\Free PORN Ezines
%USERPROFILE%\Favorites\Free PORN Tickets
%USERPROFILE%\Favorites\PORN FINDONLINE.net
%USERPROFILE%\Favorites\Adult\Breast Enlargement Pills
%USERPROFILE%\Favorites\Adult\Penis Enlargement Pills
%USERPROFILE%\Favorites\Adult\
%USERPROFILE%\Favorites\Adult\Sex Toys
%USERPROFILE%\Favorites\Adult\Sexual Enhancers
%USERPROFILE%\Favorites\Adult\Single Girls
%USERPROFILE%\Favorites\Adult\Swinger Clubs
%USERPROFILE%\Favorites\Health\Fitness
%USERPROFILE%\Favorites\Health\Human Growth Hormone
%USERPROFILE%\Favorites\Health\Men Health
%USERPROFILE%\Favorites\Health\Weight Loss
%USERPROFILE%\Favorites\Health\Women Health
%USERPROFILE%\Favorites\Insurance\Auto Insurance
%USERPROFILE%\Favorites\Insurance\Business Insurance
%USERPROFILE%\Favorites\Insurance\Health Insurance
%USERPROFILE%\Favorites\Insurance\Home Insurance
%USERPROFILE%\Favorites\Insurance\Travel Insurance
%USERPROFILE%\Favorites\Internet\Antivirus
%USERPROFILE%\Favorites\Internet\Internet Businesses
%USERPROFILE%\Favorites\Internet\Spyware Remover
%USERPROFILE%\Favorites\Internet\Web Hosting
%USERPROFILE%\Favorites\Internet\Web Site Design
%USERPROFILE%\Favorites\Online Games\Black Jack
%USERPROFILE%\Favorites\Online Games\Craps
%USERPROFILE%\Favorites\Online Games\Online Casinos
%USERPROFILE%\Favorites\Online Games\Poker
%USERPROFILE%\Favorites\Online Games\Roulette
%USERPROFILE%\Favorites\Online Pharmacy\Hydrocodone
%USERPROFILE%\Favorites\Online Pharmacy\Online Pharmacy
%USERPROFILE%\Favorites\Online Pharmacy\Prozac
%USERPROFILE%\Favorites\Online Pharmacy\Valium
%USERPROFILE%\Favorites\Online Pharmacy\Viagra Online
Virus Profile: PWS-Banker.gen.ak
Monday, November 12, 2007
Virus Profile: PWS-Banker.gen.ak
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 11/12/2007
Date Added: 11/12/2007
Origin: Unknown
Length: N/A
Type: Virus
SubType: Generic
DAT Required: 5161
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 11/12/2007
Date Added: 11/12/2007
Origin: Unknown
Length: N/A
Type: Virus
SubType: Generic
DAT Required: 5161
Virus Profile: W32/Sdbot.worm.gen.z
Recent Threats
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 12/15/2004
Date Added: 9/22/2004
Origin: N/A
Length: Varies
Type: Virus
SubType: Generic Worm
DAT Required: 4394
Virus Characteristics
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
Please review the W32/Sdbot.worm.gen description.
The W32/Sdbot.worm.gen.z exhibits the following behavior:
* The worm file is eXPressor protected
* Mlqm.exe process will listen for TCP communication on port 3032
* Issues a DNS query to the following domain: r3x.ma7d.com
Files Added
* %WINDIR%\system32\dllcache\mlqm.exe
The worm attempts communication with a server for further instructions. A remote attacker can use the worm to perform various tasks:
Gather system information (CPU, Driver Space, RAM, OS Version, User name, Computer name, IP Address)
SYN Flood others
Kill processes
Download files
Execute files
At the time this was analyzed the worm attempted to SYN Flood various addresses provided by the server.
Indications of Infection
Presence of %WINDIR%\system32\dllcache\mlqm.exe
Unexpected TCP communication on port 3032
Method of Infection
The exact method of propagation will vary between variants. However, the following characteristics are typical:
Share Propagation
*
The worm propagates via accessible or poorly-secured network shares, and some variants are intended to take advantage of high profile exploits:
* DCOM RPC vulnerability (MS03-026) -http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
* LSASS vulnerability (MS04-011) - http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Removal Instructions
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 12/15/2004
Date Added: 9/22/2004
Origin: N/A
Length: Varies
Type: Virus
SubType: Generic Worm
DAT Required: 4394
Virus Characteristics
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
Please review the W32/Sdbot.worm.gen description.
The W32/Sdbot.worm.gen.z exhibits the following behavior:
* The worm file is eXPressor protected
* Mlqm.exe process will listen for TCP communication on port 3032
* Issues a DNS query to the following domain: r3x.ma7d.com
Files Added
* %WINDIR%\system32\dllcache\mlqm.exe
The worm attempts communication with a server for further instructions. A remote attacker can use the worm to perform various tasks:
Gather system information (CPU, Driver Space, RAM, OS Version, User name, Computer name, IP Address)
SYN Flood others
Kill processes
Download files
Execute files
At the time this was analyzed the worm attempted to SYN Flood various addresses provided by the server.
Indications of Infection
Presence of %WINDIR%\system32\dllcache\mlqm.exe
Unexpected TCP communication on port 3032
Method of Infection
The exact method of propagation will vary between variants. However, the following characteristics are typical:
Share Propagation
*
The worm propagates via accessible or poorly-secured network shares, and some variants are intended to take advantage of high profile exploits:
* DCOM RPC vulnerability (MS03-026) -http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
* LSASS vulnerability (MS04-011) - http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Removal Instructions
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
WordPress founder looks into blogging's future
Thursday, November 8, 2007
LAS VEGAS, Nev.--If you type "Matt" into the Google search bar, you won't immediately get results for the actor Matt Damon or the political site owner Matt Drudge, as you might expect.
Instead, the No. 1 listing points to the site of Matt Mullenweg, the 23-year-old founder of WordPress, the widely used open-source software for blogging.
Befitting his Google ranking, Mullenweg could be considered a superstar here at the BlogWorld conference, where he spoke to hundreds of attendees Thursday about how he started WordPress and the future of blogging. To be sure, when people in the audience were asked if they use WordPress for their personal blogs, a unanimous show of hands went up. Everyone from political to bowling bloggers seemed eager to get Mullenweg's advice on the art of the craft--and how to make money from it.
Mullenweg offered simple pearls of wisdom about what makes a blog compelling.
"One universal about blogging is a lot like music: You have to be unique and you have to absolutely love what you're doing," he said.
Mullenweg started developing WordPress while he was still in college; and he worked on it over several years, including while at CNET, publisher of News.com. Once he left CNET in late 2005, he started the business behind WordPress, called Automattic, which sells blog hosting services and an anti-spam application.
Now, the site draws roughly 100 million unique monthly visitors and is among the top 25 global sites, according to research firm Comscore.
Still, WordPress and Automattic only have 18 employees and they operate from a small investment made in the company more than two years ago, Mullenweg said. How do they fulfill all that demand with 18 people? "Lots of caffeine," he said.
When asked about the future of his business, he answered that he likes the Craigslist model, which as a company has stayed relatively small and does not accept advertising. But he said that he believes there's a way to incorporate ads that are tasteful.
"I would like to stay small but logistically we need many more people on the support side."
Blogs are also one tier in the frenzied social media industry that encompasses Facebook and others. Asked how his software meshes with sites like Facebook, he said he'd like to see more incorporation between the two. Because ultimately, he said, blogs are more telling of a person's personality. That's why he believes Wordpress will become a more popular social network platform, allowing people to post things like widgets of their Facebook profile on a blog or vice versa.
"The software is getting smaller, faster and lighter but what you can do with it is going up," he said.
In the grand scheme of things, Mullenweg said he wants the future of the Web to be open source; and he hopes to get more people using open source platforms to write their blogs, even if it's not WordPress.
But he's obviously driven competitively, too. (His blog ranks No. 1 on Google because of all the links back to his site from WordPress.) He recently saw a survey from Google, in which the search giant examined all of the http headers of Web. He found that .8 percent of those pages were powered by WordPress.
"That's how far we've come, but we have a lot of work to do," he said.
Instead, the No. 1 listing points to the site of Matt Mullenweg, the 23-year-old founder of WordPress, the widely used open-source software for blogging.
Befitting his Google ranking, Mullenweg could be considered a superstar here at the BlogWorld conference, where he spoke to hundreds of attendees Thursday about how he started WordPress and the future of blogging. To be sure, when people in the audience were asked if they use WordPress for their personal blogs, a unanimous show of hands went up. Everyone from political to bowling bloggers seemed eager to get Mullenweg's advice on the art of the craft--and how to make money from it.
Mullenweg offered simple pearls of wisdom about what makes a blog compelling.
"One universal about blogging is a lot like music: You have to be unique and you have to absolutely love what you're doing," he said.
Mullenweg started developing WordPress while he was still in college; and he worked on it over several years, including while at CNET, publisher of News.com. Once he left CNET in late 2005, he started the business behind WordPress, called Automattic, which sells blog hosting services and an anti-spam application.
Now, the site draws roughly 100 million unique monthly visitors and is among the top 25 global sites, according to research firm Comscore.
Still, WordPress and Automattic only have 18 employees and they operate from a small investment made in the company more than two years ago, Mullenweg said. How do they fulfill all that demand with 18 people? "Lots of caffeine," he said.
When asked about the future of his business, he answered that he likes the Craigslist model, which as a company has stayed relatively small and does not accept advertising. But he said that he believes there's a way to incorporate ads that are tasteful.
"I would like to stay small but logistically we need many more people on the support side."
Blogs are also one tier in the frenzied social media industry that encompasses Facebook and others. Asked how his software meshes with sites like Facebook, he said he'd like to see more incorporation between the two. Because ultimately, he said, blogs are more telling of a person's personality. That's why he believes Wordpress will become a more popular social network platform, allowing people to post things like widgets of their Facebook profile on a blog or vice versa.
"The software is getting smaller, faster and lighter but what you can do with it is going up," he said.
In the grand scheme of things, Mullenweg said he wants the future of the Web to be open source; and he hopes to get more people using open source platforms to write their blogs, even if it's not WordPress.
But he's obviously driven competitively, too. (His blog ranks No. 1 on Google because of all the links back to his site from WordPress.) He recently saw a survey from Google, in which the search giant examined all of the http headers of Web. He found that .8 percent of those pages were powered by WordPress.
"That's how far we've come, but we have a lot of work to do," he said.
Exploit posted for Viewpoint Media Player flaw
Tuesday, November 6, 2007
Exploit code for an unpatched vulnerability in the widely distributed Viewpoint Media Player has been posted on the Internet, putting millions of Internet Explorer users at risk of code execution attacks.
The exploit, available at Milw0rm.com, takes advantage of a stack-based buffer overflow in the Viewpoint browser plug-in that sits on millions of computers thanks to bundling deals with AOL, AIM, Netscape and Adobe.
The player serves as the graphics engine for AOL Instant Greetings, AIM Themes and other popular web applications and is also used to power product tours for the Toyota 4Runner and Sony laptop, desktop, and server computing products.
According to “Shinnai,” the hacker who discovered the flaw, the exploit was tested on a fully-patched Windows XP Professional SP2 with Internet Explorer 7.
The bug was found in the xMetaStream.dll (version 3.3.2.26), which is marked as safe for scripting.
The AxMetaStream activex contains various methods which accept parameters as String. All these methods are vulnerable to a stack based buffer overflow when you pass an overly long (greater than 6999 characters).
In the absense of a patch, Shinnai recommends uninstalling the Viewpoint Media Player.
“Shinnai” was the hacker behind the Month of ActiveX Bugs project.
Bogus FTC e-mail has virus
Sunday, November 4, 2007
The Federal Trade Commission, which has declared war on Internet scams, warned consumers on Monday not to open a bogus e-mail that appears to come from its fraud department because it carries an attachment that can download a virus.
The e-mail says it is from "frauddep@ftc.gov" and has the FTC's government seal.
But it was not issued by the agency and has attachments and links that will download a virus that could steal passwords and account numbers, the agency said.
"It's a treasure trove for identity theft," said David Torok of the FTC's Bureau of Consumer Protection. "We're concerned. The virus that's attached to the e-mail is particularly virulent."
The agency, which is one of several government agencies investigating cyber fraud, did not know how many people had received the e-mail.
"We've received hundreds if not thousands of calls and complaints, this one may have had a large distribution," he said.
Recipients should forward the e-mail to spam@uce.gov, an FTC spam database used in investigations.
Nine percent of people surveyed in a poll conducted in August and September reported having had their identities stolen, Bari Abdul, a vice president at security software maker McAfee, said at a cybersecurity conference on October 1.
Fighting spyware
Thursday, November 1, 2007
Fighting spyware may seem like an uphill battle, but it is a campaign that most of us have little choice but to wage. Over a 15-month period. Microsoft's MSRT alone removed 16 million instances of malicious software from 5.7 million computers, 62 percent of which housed at least one backdoor trojan.
Even the most computer- and security-savvy Internet users occasionally fall victim to spyware. Given the financial gain that drives spyware, these pests will undoubtedly continue to proliferate. For spyware. the best defense is a strong offense: taking reasonable steps to prevent and detect spyware can reduce your risk of compromise and your need for expensive remediation .
The old adage, "An ounce of prevention is worth a pound of cure" certainly applies to spyware. Once spyware has been installed on a host, it can be extremely difficult to return that host to a trustworthy state. Efficient spyware defense starts with proactive steps intended to circumvent popular delivery methods.
Even the most computer- and security-savvy Internet users occasionally fall victim to spyware. Given the financial gain that drives spyware, these pests will undoubtedly continue to proliferate. For spyware. the best defense is a strong offense: taking reasonable steps to prevent and detect spyware can reduce your risk of compromise and your need for expensive remediation .
The old adage, "An ounce of prevention is worth a pound of cure" certainly applies to spyware. Once spyware has been installed on a host, it can be extremely difficult to return that host to a trustworthy state. Efficient spyware defense starts with proactive steps intended to circumvent popular delivery methods.
Porn Trojan may mark new era for Mac security
A new piece of malware, specifically designed to exploit Apple's OS X, has been found by Mac security software firm Intego, but Symantec has said the firm is prone to "hype".
Intego issued an alert on Wednesday, warning Mac users of the OSX.RSPlug.A malware, which it describes as a Trojan horse.
The malware is being distributed via a porn site that promotes itself as offering free content. Mac users are being lured to it via links distributed to a number of Mac community message boards.
When visitors attempt to launch the video, they are advised that QuickTime cannot be used and, to view the content, they must download a new version of codec. For the Trojan to be installed, it requires the user to open up the .dmg (disk image) file, click the installer.pkg file, and enter the administrator's password, according to Intego.
If the user does install the Trojan, it changes the user's domain name system (DNS) settings and redirects them to phishing or a number of porn websites. DNS settings are used to look up the correspondence between domain names and IP addresses for websites.
Users of the Mac OS X 10.4 operating system — Tiger — will be unable to see the changed DNS server in the operating system's graphical user interface (GUI). However, those using Mac OS X 10.5 — Leopard — are able to view the changed DNS through its advanced network preferences. The added DNS servers are dimmed in Leopard's GUI, reports Intego.
Intego claims the vulnerability is likely to exist in older versions of Apple's operating system because all versions of OS X have what Intego calls the "scutil command", which allows the DNS server to be altered.
"The Trojan horse also installs a root crontab which checks every minute to ensure that its DNS server is still active. Since changing a network location could change the DNS server, this ensures that, in such a case, the malicious DNS server remains the active server," said Intego on its blog.
For users that do fall for the scam, Intego claims its security software can remove the Trojan. However, Macworld's Rob Griffith has also provided instructions for users on how to manually remove it.
New era or just vendor hype?
Symantec claimed that Intego tends to "overhype things", but Alex Eckelberry, of security firm Sunbelt, disagreed on his blog, citing the firm's resident Mac guru as being "genuinely surprised" by the Trojan discovery.
"I've been using Macs since 1989. This is the first time I've seen something like this," Eckelberry wrote, quoting his colleague.
"I'm not trying to over-hype. Mac users hungry for pr0n really do have to go through a few hoops to get this thing loaded. But we now have millions of new Mac devices out there, between the Touch and iPhone, running OS X," Eckelberry added.
Simon Clausen, director of security vendor PC Tools, agreed the Trojan is a significant milestone for Mac users.
The use of cron tabs — a file that tells the operating system to run commands — is rudimentary, but it's just a first attempt.
"It's the same thing that happened when Vista came out; people had to go through a few steps to get infected, but that was until people figured out a way to get around it. Really, the Mac is less about being a computer than it is about being an everyday device. That's why there's a huge potential for people to target that platform in general. Think how attractive it is to tap the iPhone market that is always on and owned by upper middle-class [users]," said Clausen.
"Anything that's targeted towards Macs is the beginning of Macs becoming a targeted platform. Macs are not impossible to get around. There are probably less known exploits, but they are only less known because fewer people are focusing on the platform," Clausen added.
Intego issued an alert on Wednesday, warning Mac users of the OSX.RSPlug.A malware, which it describes as a Trojan horse.
The malware is being distributed via a porn site that promotes itself as offering free content. Mac users are being lured to it via links distributed to a number of Mac community message boards.
When visitors attempt to launch the video, they are advised that QuickTime cannot be used and, to view the content, they must download a new version of codec. For the Trojan to be installed, it requires the user to open up the .dmg (disk image) file, click the installer.pkg file, and enter the administrator's password, according to Intego.
If the user does install the Trojan, it changes the user's domain name system (DNS) settings and redirects them to phishing or a number of porn websites. DNS settings are used to look up the correspondence between domain names and IP addresses for websites.
Users of the Mac OS X 10.4 operating system — Tiger — will be unable to see the changed DNS server in the operating system's graphical user interface (GUI). However, those using Mac OS X 10.5 — Leopard — are able to view the changed DNS through its advanced network preferences. The added DNS servers are dimmed in Leopard's GUI, reports Intego.
Intego claims the vulnerability is likely to exist in older versions of Apple's operating system because all versions of OS X have what Intego calls the "scutil command", which allows the DNS server to be altered.
"The Trojan horse also installs a root crontab which checks every minute to ensure that its DNS server is still active. Since changing a network location could change the DNS server, this ensures that, in such a case, the malicious DNS server remains the active server," said Intego on its blog.
For users that do fall for the scam, Intego claims its security software can remove the Trojan. However, Macworld's Rob Griffith has also provided instructions for users on how to manually remove it.
New era or just vendor hype?
Symantec claimed that Intego tends to "overhype things", but Alex Eckelberry, of security firm Sunbelt, disagreed on his blog, citing the firm's resident Mac guru as being "genuinely surprised" by the Trojan discovery.
"I've been using Macs since 1989. This is the first time I've seen something like this," Eckelberry wrote, quoting his colleague.
"I'm not trying to over-hype. Mac users hungry for pr0n really do have to go through a few hoops to get this thing loaded. But we now have millions of new Mac devices out there, between the Touch and iPhone, running OS X," Eckelberry added.
Simon Clausen, director of security vendor PC Tools, agreed the Trojan is a significant milestone for Mac users.
The use of cron tabs — a file that tells the operating system to run commands — is rudimentary, but it's just a first attempt.
"It's the same thing that happened when Vista came out; people had to go through a few steps to get infected, but that was until people figured out a way to get around it. Really, the Mac is less about being a computer than it is about being an everyday device. That's why there's a huge potential for people to target that platform in general. Think how attractive it is to tap the iPhone market that is always on and owned by upper middle-class [users]," said Clausen.
"Anything that's targeted towards Macs is the beginning of Macs becoming a targeted platform. Macs are not impossible to get around. There are probably less known exploits, but they are only less known because fewer people are focusing on the platform," Clausen added.
