[octoberasian]

Infected Facebook Apps

Now, I know many KI users scorn the likes of MySpace, Twitter and Facebook, but there are several of us that do use them. This notice applies to Facebook users only.

As many of you know, Facebook has various "apps" that are used for games, socializing, connecting with others, surveys and polls, et cetera. However, recently, Facebook has been the victim of attacks through infected Facebook apps.

It works by unknowingly going to an infected Facebook app page and clicking "Install." Once the Facebook app is installed on your profile, it launches an infected PDF file which in turn automatically downloads and installs a fake antivirus program. The program in return roots itself into your computer and becomes notoriously difficult to remove. I've seen fake antivirus programs download keyloggers, spyware, malware, trojans, and even viruses themselves.

These are the apps that are infected so far:

• MyGirlySpace
• Ferrarifone
• Mashpro
• Mynameis
• Pass-it-on
• Fillinthe
• Aquariumlife
• City Fire Department

Source:

http://thompson.blog...-in-russia.html
http://www.downloads...-facebook-apps/

If you have been following the posts here to keep your computer updated, then you are fine.

If you have been smart about securing your computer and not installing those infected Facebook apps, then you are fine.

However, if you are the many users who aren't computer savvy and only know how to operate email, web browsing, and Facebook, then you need to drop what you are doing and start updating your computer.

You need to be sure that you update the four most important things on your computer:

- Windows OS - Use Windows Update or go to http://windowsupdate.microsoft.com
- Adobe Flash - http://get.adobe.com.../?promoid=BUIGP
- Adobe Reader - http://get.adobe.com.../?promoid=BUIGO (Or, alternatively, use Foxit Reader.)
- Security software - Anti-spyware, anti-malware, anti-virus.

Recommended security apps:

Anti-virus:

Avira Antivirus http://www.free-av.com/
Avast Home Edition http://www.avast.com...avast-home.html
Microsoft Security Essentials http://www.microsoft...ity_Essentials/

Anti-spyware:

Spybot http://www.safer-net...load/index.html
Microsoft Security Essentials http://www.microsoft...ity_Essentials/

Anti-malware:

Malwarebytes Anti-malware http://www.malwarebytes.org/
Microsoft Security Essentials http://www.microsoft...ity_Essentials/

Firewall:

Comodo Internet Security http://personalfirewall.comodo.com/

[Phlow]

False Alarm (recreated situation, appears not to be FFXI Wiki)

Suspicious FFXI Wiki Forwarded Page

Was browsing FFXI wiki and it abruptly forwarded me to something called OCScanner.com with a very cryptic domain comprised of seemingly random digits / numbers. Luckily, there page forwarded "could not be retrieved", plus this is on my work computer, so there is no threat of hacking FFXI here. However, I have googled the main domain (ocscanner.com) and it comes up with a shit load of just bunk links.

Feeling ballsy, I went to main domain name and found it was a blank page. Reloaded bunk page and it came up with a standard bunk "YOUR COMPUTER HAZ TEH VIRUS OH NOES!" message, then prompting me to install a free virus cleaning kit, which I canceled out of.

Not sure if this was wiki's fault because they have been amazingly clean (hell, i coulda accidently clicked on a link without knowing it...), so I'm keeping it open on my work comp to see if it reforwards me after a time. Will keep you updated.

Edit: Had the browser open for about 3 hours with random browsing going on. Probably one of my other windows or I simply clicked on a bad ad on that page. False alarm.

[octoberasian]

Notice regarding a new type of infected files/malware

According to ArsTechnica and Download Squad, it's become apparent that infected files have taken a whole new level. This isn't so much an urgent notice, but something to be made aware of. Apparently, any infected file you may unknowingly download to your computer or even a smartphone such as a jailbroken iPhone or similar, can be taken hostage. Taken hostage in such that to relinquish control of your device or computer, or the software it has taken over, you will have to pay the person who infected it a set amount of money.

That or reformat your computer, or buy a new device.

Article found here: http://www.downloads...your-files-and/

As always, keep your anti-virus, anti-malware, anti-spyware, and firewall software up to date.

[Vigilous]

Isn't holding a device ransom somewhat counter-productive to the entire ideology of hacking? I mean, it's already difficult to track hackers, but they're kind of shooting themselves in the foot by demanding money. The FBI has no problem tracking that.

[octoberasian]

Vigilous, on 08 November 2009 - 12:49 AM, said:

Isn't holding a device ransom somewhat counter-productive to the entire ideology of hacking? I mean, it's already difficult to track hackers, but they're kind of shooting themselves in the foot by demanding money. The FBI has no problem tracking that.

Yeah, it does. You could also find humor in this and say that the economy is to blame, so desperate times call for desperate measures. Who knows? Hackers too poor to pay for their internet connection? "OHNOEZ, the Interwebz gonna die on me in a week! What to do? Ah, yes! Hold some idiot's device hostage for money! Genius!"

But, since this came up, I may as well warn people here about it. Why? The number of computer illiterate users surely outnumber the ones that know what to do with a computer. And, there are people I know who let anti-virus definitions go outdated. There are some that even keep that 6 month free trial of Norton Antivirus installed on their computer and not bother to update it because they complain it's too expensive, or won't bother to pay it, when in fact there are free alternatives to keep their computer safe.

And, believe me, there are people who will fall for such exploits and, sorry to say, all I can say is, "Tough luck," or "You were asking for it."

I may as well as warn people about this given the number of compromised accounts in the last two to three years.

[octoberasian]

If having viruses/malware that can hold your PC, its software or your smartphone hostage, how about a virus that will download child pornography?

Yup, it actually happened. This is another reason why to keep your computer up-to-date on virus and spyware definitions. This is probably one of the worst I have heard so far regarding virus infections.

Source: http://tech.yahoo.co...virus_framed_me

"An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute — an inhuman feat."

[octoberasian]

Avast Antivirus Virus Definitions Update Issue

SHUTDOWN OR UNINSTALL AVAST, or RIGHT-CLICK "STOP ONACCESS PROTECTION"

A RECENT UPDATE TODAY (DECEMBER 2, 2009) IS FLAGGING EVERY FILE AS BEING INFECTED WITH WIN32:Delf-MZG [Trj] WHICH IS A FALSE POSITIVE.

EVERY EXE FILE IS BEING FLAGGED. DO NOT RUN VIRUS SCAN NOR TELL AVAST TO DELETE OR REMOVE THESE FILES! JUST SHUT DOWN AVAST OR UNINSTALL IT. IF YOU LET AVAST DELETE OR REMOVE THESE FILES, YOU MAY HAVE TO REINSTALL THE PROGRAM(S) OR REINSTALL WINDOWS.

IT IS UNKNOWN WHEN THIS WILL BE FIXED.

Avast Forum : http://forum.avast.c...x.php?board=2.0

[octoberasian]

Avast Updated which fixes a serious virus definitions issue last night

The issue yesterday was caused when a virus definitions update flagged programs compiled in Delphi as being infected with the Win32:Delf-MZG trojan. These ranged from software from Adobe, Realtek drivers, and so on. This is a reported false positive.

Users who have Avast need to manually update Avast to get the new virus definition updates to solve this issue. IT IS IMPERATIVE TO UPDATE AVAST IMMEDIATELY. Another solution is of course uninstalling it and using another antivirus program.

• Right-click the Avast blue orb icon in system tray.
• Go to Updating.
• Select iAVS Update.
• Restart computer afterwards.

Source: http://support.avast...kbarticleid=376

If Avast flagged files as being a false positive and moved them to its Virus Chest, follow that link above to restore the files.

If Avast deleted these files because they were a false positive, your only choice is to re-install those programs, or if it removed system files, a complete re-installation of Windows.

Source:

http://www.downloads...positive-spree/
http://forum.avast.c...e28&topic=51647

[octoberasian]

Security Issue with Internet Explorer - No update released yet.

In light of the Google's servers being compromised by Chinese government computers to gain access to Chinese activists who use Gmail and other Google services, Microsoft has revealed that the origin of the attacks were from a security exploit from within Microsoft Internet Explorer.

The security exploit, no less, is where one can remotely execute code on another computer through this vulnerability in IE.

The full details and what operating system and which version of IE is affected is detailed here: http://www.microsoft...ory/979352.mspx

As said above, there is currently no update for this at this time but should be arriving within a week. The reason for this notice is that the vulnerability is from IE and that the attacks are from China, where a large majority of Gilsellers/Gold sellers are located. And, given that we have had security breaches in FFXI and stolen accounts, it is highly advisable that current IE users switch to another web browser without that vulnerability-- Google Chrome, Opera, Safari, or Firefox 3.5.7. That is the best solution so far. Also, as always, keep your anti-virus and anti-spyware/malware software up-to-date.

[Corrderio]

Note to self, erase IE from my computer and go Firefox all the way.

[octoberasian]

Details of the cyberattack on Google: http://news.cnet.com...g=2547-1_3-0-20

Exploit mainly affects IE6, but is also found in IE7 and IE8. Though it is highly unlikely China will launch a cyberattack on a normal end user, it is always better to be safe than sorry.

[Uragirimono]

...wow, I didn't hear about a cyber attack on google. But then I also use Firefox so I don't need to worry.

I didn't know people still use IE...

[octoberasian]

Uragirimono, on 16 January 2010 - 08:49 PM, said:

...wow, I didn't hear about a cyber attack on google. But then I also use Firefox so I don't need to worry.

I didn't know people still use IE...

The sad part: Majority of internet users still use the outdated and insecure Internet Explorer 6.

If I were to bet a dollar amount right now, I bet that the majority of all FFXI users who use the computer to play this game are one or more of the following:

• Using IE6 or IE7, IE8.
• Have no anti-virus, anti-spyware, anti-malware software; or have outdated definitions and/or program(s).
• Have not updated Windows XP or Vista.
• Are computer illiterate and/or visit questionable websites, especially if they buy Gil, accounts, and/or power-leveling services. These include players who click on those banner ads.
• Use Firefox but without any add-ons like AdBlock, FlashBlock, NoScript, Netcraft anti-phishing toolbar, and similar.

Even worst still is that a large number of companies too cheap to upgrade from Windows XP to a more secure OS, or upgrade or change IE6, are still using that web browser. The 34 companies listed where they had a security breach because of this exploit is a good example of why they need to move away from that browser if they're still using it.

[Uragirimono]

I keep Windows 7 on autoupdate(same as I did with vista). I use Firefox, and I go to nearly the same sites as a friend of mine whose PC is complete utter garbage every 3 months and requires a complete system format. He uses that silly Internet Explorer and tries to tell me his PC is going slow because he doesn't defrag it. I don't have the heart to tell him I never defrag and my PC doesn't get anywhere near as slow as his always does... (read: it never slows down unless I've got something stupid like 5 games windowed and alt-tabbing through them.)

I especially love those flash games that auto-install in IE when you click to shoot the terrorist. I was bored sometime in december and I was shooting them all. I disregarded the "do you want to allow the program to install?" messages, and when I got bored of THAT game, I played the "CLICK NO" game on about... eh... like 100 instances where it tried to install itself when I clicked to shoot the bad guys.

I don't use Anti-Virus software because I'm careful how I browse my internet. I even have VAC turned off on Windows 7, and Firefox is left mostly untouched from the default install.

99% of the problems people have with slowdown and bloated virtual memory usage comes from using IE. It installs everything because it thinks it's doing you, the user, a favor by installing crap from a site with code that makes it think it is legit. The guys behind Firefox know better, which is why I am happy to drop them about $100-$200 in donations a year.

[octoberasian]

Internet Explorer Security Patches

Remember that security vulnerability that allowed the Chinese government to get into Google's servers plus 34 other companies? Well, Microsoft has released a patch for it today as an impromptu and very important update.

If you have Windows Update enabled, it will download and install it automatically, then you'll be prompted to restart your computer.

If you don't have Windows Update turned on (which you SHOULD by the way), go to this website: http://www.microsoft...n/ms10-002.mspx

To download the patch, locate your Windows operating system on the left followed by your browser of choice right next to it (listed under Component) then click on that link.

(e.g.- Windows Server 2008 R2 -> Internet Explorer 8)

You will of course most likely be prompted for a Genuine validation of your OS before downloading.

The operating systems cover (both 32-bit and 64-bit versions of each OS):

- Windows XP
- Windows Vista
- Windows 7
- Windows 2000

- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2

And, Internet Explorer versions 5 (for Windows 2000 users), 6, 7, and 8.

(Personal note: Wow, even IE5..... geez, I haven't seen that in ages I tell you.)

[octoberasian]

IE Vulnerability Could Allow Information Disclosure

This mainly affects Windows XP users and those using IE6 up to IE8 on that OS. There is [another] vulnerability within Internet Explorer that could allow an attacker access to files within your computer including the file that handles cookies, especially if you save user names and passwords on websites.

The reason being is that many users may have Protected Mode turned off in Internet Explorer, and is turned off by default in Windows XP. It's on by default in Vista and Windows 7, however.


Full details here: http://www.microsoft...ory/980088.mspx

The website has several suggested workarounds until a patch is introduced:

- Set Internet and Local Intranet to HIGH

- Have Internet Explorer to prompt for ActiveX scripts, or disable it completely

- A registry fix to put the "file" (file://) network protocol under lockdown

My suggestions include the first 2 above plus:

Create a separate user account without Administration privileges for general computer use and web browsing. Anything you need to do that requires Administration privileges will be prompted for a password (Vista and 7) or denied access (XP). It's a little annoying, but it's another good way to secure your computer.

Of course, there is always using another web browser besides IE:

- Safari
- Chrome
- Firefox
- Opera

Disable autocomplete and saving passwords on websites:

1. Go to Tools > Internet Options (or Control Panel > Internet Options)

2. Go to Content tab at top

3. Under AutoComplete section, click Settings

4. Uncheck User names and passwords on forms and Ask me before saving passwords. Uncheck Forms as well.

5. Delete AutoComplete history...

6. Hit Ok.

Delete Browsing History:

1. Go to Internet Options again.

2. Delete browsing history...

3. Put a check next to Cookies, Form data, Passwords and if you have IE8, InPrivate Filtering data.

4. Press Delete

[octoberasian]

FFXI Wikia Infected... Again

FFXI Wikia is infected with malware again, and most likely from an infected banner ad.

Deliberately copy-pasting my post from another forum:

The culprit seems to be another infected ad, not surprisingly. This has happened on Allakazham, FFXI AH, and FFXI Wiki so far in the past.

Reported on BG Forum: http://www.bluegartr...ead.php?t=88216

Do not install the following experimental add-ons listed here: http://blog.mozilla....y-issue-on-amo/

Bolding the following:

The best defense against this is to stay a step ahead and keep yourself aware and knowledgeable about this stuff. It also helps to keep a level of common sense as well as diligently keeping your antivirus/malware/spyware definitions up to date and NEVER EVER TURN OFF WINDOWS UPDATE! Also, it helps to always, always update Flash and Adobe Reader (or use Foxit Reader instead), and Java (http://www.java.com).

The reason it's an ad and not the site itself is because some visitors didn't get the notice while others did. And, according to BG Forums above, one known victim so far.

If you use Google Chrome or Firefox, it is absolutely imperative that you use the following extensions/add-ons:

- AdBlock
- NoScript (or it's equivalent in Chrome)
- FlashBlock (or it's equivalent in Chrome)

And, be sure that you block any ad coming from Google's AdSense. Google DOES NOT, I repeat, DOES NOT screen its ads for malicious content. It only distributes them according to what the business(es) provides them with. If an RMT site submits an infected banner ad that will be served on an AdSense member's website, that banner ad is randomly chosen related to the content of the website.

Google's AdSense related websites are:

... googlesyndication.com
... googleadservices.com

It is absolutely important that you keep an up-to-date anti-virus/anti-spyware software regardless which browser you use.

In order of very good to good:

- Antivir Personal Antivirus
- Avast 5
- Microsoft Security Essentials
- AVG
- Norton Antivirus
- McAfee
- eset

Other good security software, tools, and utilities:

- Comodo Internet Security (using the firewall component over Windows Firewall if you feel Windows Firewall is not sufficient)
- Spybot Search & Destroy
- Malwarebytes Antimalware
- Super Antispyware
- KeyScrambler Personal
- IE7Pro (http://www.ie7pro.com/) - A Flash and ad blocker for IE7 to IE8
- OpenDNS (http://www.opendns.com/) - After creating an account and changing it on your computer, set it to filter Adware sites.
- HiJack This!
- Sandboxie (http://www.sandboxie.com/index.php?DownloadSandboxie/)

If you do not do the above suggestions while visiting these websites, you are GUARANTEED to lose your account regardless what MMO you play! I am not fucking kidding.

And, feigning ignorance to this stuff is just asking to be infected.

Final note:

Another option, which I'll probably post a guide later today or whenever I can, is to use a virtual environment to visit websites using software such as Virtual PC, VMWare Player or VirtualBox. A virtual environment is a separate entity on the computer that can run a full operating system (Guest OS) as if it were another PC with no acknowledgment of the Host OS. The catch is that you need a hefty computer to run it-- 4 GB RAM recommended (more than 4 GB RAM ideal), dual core CPU minimum with VT extensions/virtualization support, and 10 to 20 GB of disk space. It's probably the most "paranoid option" possible because the malware or virus will not traverse between the Guest and Host OS unless you gave the Guest OS easy access to the Host OS hard drives.

And, you can do similar with Sandboxie (32-bit or limited support in 64-bit OS) or Avast 5 Professional (paid version, 32-bit OS only). Running a virtual OS is a more extreme version of this suggestion. Comodo will soon offer a similar feature as well in version 4 of Comodo Internet Security.

Last advice: Do not visit FFXI Wikia until this has been resolved OR if you absolutely need to go there, be sure to use Firefox or Chrome with the suggested add-ons/extensions.

[Kicktheflame]

Glad to know there it's a problem with the site and not just my computer. I've been visiting the wiki a lot lately and been getting quite a bit viruses because of it. Does anyone know if the wiki will be fixed or how long it will take? Any info would be appreciated!

[Corrderio]

Are you using IE?