Which Anti-Virus software should you use?

    Many people have Anti-Virus software, but is it the best one? I usually don't recommend to get an Anti-Virus/firewall bundle, as one company makes a better firewall, while another makes a better Anti-Virus. In this post, I will tell you which Anti-Virus/firewall software I recommend, and which ones to avoid.

   Let's start with free options. There are quite a few free Anti-Virus options out there, but most only work for a limited time, or have limited functionality. If you really don't want to spend money on this, then I recommend Malwarebytes Anti-Malware. I have used this, and so have many of my friends and family, and it works great. It is perfect for a short term solution while you try to figure out what software to purchase. This is both a fire wall and a anti virus, and The ones I recommend you avoid are Avast and AVG, both free and premium versions. These are considered a joke by the very people who code and spread malware. This is nothing personall, they just are not that great. A good free firewall is Comodo. Combinng these two is a fairly decent security solution. Now onto a great paid solution.

Note, these ads lead to paid or premium version of the product

    My favorite and, I think, best Anti-Virus is ESET's Nod32. It is one of the most up to date and fastest updating firewalls out there. This is the Anti-Virus that I use, and have for awhile. I recommend that you stay away from Norton products, the source of these have been leaked to the public, making it much easier for malware authors to avoid or bypass it. For firewall I recommend Kaspersky. It is one of the more "feared" firewalls for hackers and malware authors. These two togethor should be good enough to stop most attempted attacks. Always remember though, even the NSA gets hacked, so if you're not carefull, you can be another victim to a yet unkown zero day. so be sure to stay safe online.

Which Anti-Virus and/or Firewall software do you prefer and why?

Mobile adware on the rise

    As many of you may know, there are many apps that are not entirely beneficial, most being for andriod phones. Now that so many people have a smart phone, malware creators are starting to focus more and more on making malicious apps. These can not only steal your personall data, or harass you and your friends with spam and ads, it also drains your battery. A recent survey has shown that about 12% of phones run out of battery completely each day. This can be very annoying, and with 60% of people saying that battery life is the main selling point, very costly.

A trend micro study on battery usage

    Adware is now incorporated into many apps, and while most ads are displayed legitimatly, they can now create illigitimate "notifications" or icons, that, when clicked, lead to the advertisers website. Many of these ads also steal your personall info, most of them without any sort of notification that they are doing this. They collect and send data in the background, and burn through your battery life and data usage.

    There are many free antivirus apps that can protect agains most common threats, and also many paid apps. I personally recommend either Sophos mobile security, or ESET's mobile app. They can be found here and here, respectively (Sophos being free, ESET a paid app).

Credits:
Trend Micro

ZeroAccess: How to remove the latest version

   In my previous 2 posts I have highlighted the changes in the newer version of ZeroAccess and how to tell if you are infected, and who is at most risk. This post will cover how to get rid of this infection, and what tools to use to protect against it.

    The easiest way is to download one of many anti-virus programs, or removal tools. I always recommend ESET as they have always gotten the job done for me and my family. ESET has made a tool specifically to remove the ZeroAccess bot, one that is easy and completely free.

1. Download the tool here
2. Start the tool by double clicking it.
3. Press "Y" when it asks you if you want to restore system services
4. Once the tool has finished working, restart your computer by pressing any key.
5. You may be prompted with a security window upon restarting, click yes or allow
6. Click "Yes" on the repair window
7. Once the repair is finished, you will be prompted to restart again, do so.
8. For best results and to ensure complete removal, purchase ESET Smart Security or ESET Nod32 and run a full scan.

    As you can see, it is fairly simple to remove this virus, if you have any trouble, comments, or questions, let me know in the comments section (Don't be embarrassed, I have to approve comments, if you think it is a stupid question, just ask that I do not post the comment, and I will contact you directly.)

    The main way this bot spreads is through exploits, most of which are patched in the latest versions of the software they are designed to exploit, so make sure you apply regular updates, and don't visit shady sites. Also, I know it may be hard to refrain from pirating things like games, so I encourage you to only download "cracks" if there have been many downloads, even then, make sure to read the comments and do not download if it is reported to be infected, or not working correctly. Also remember that I do not condone pirating or any form of illegal downloads.

Extended Silence

I have been gone for awhile and I intend to start posting once again. I was pursuing another one of my many interests but I am back now.

I will post the source code of a java virus I found, heavily commented, for all of you interested in the inner workings of a virus. I also hope this will cause anti-virus companies to start paying more attention to Java jars and such as there are many files like jars that AVs do not scan. A jar is essentially treated as a compressed archive, and not as an executable program. This needs to change as I have seen a large rise in java viruses myself.
Anyway, check back soon if you're interested.

Some more on Flame

Flame, a virus I overviewed in my previous blog posting, has become common knowledge, and possibly even old news for some. It is for this reason that Microsoft states that it is not worried about it anymore. They have, however, released a patch fixing an exploit it used to digitally sign itself with official Microsoft certificates. It says that it is worried other viruses might also try to exploit this loop. If you have not done so, make sure to apply the latest updates to secure your computer. This update is "KB2718704" and should be applied automatically if you have that enabled.

Credits: The hacker news, krebsonsecurity

As always, tell me what to post about next in the comments below.

A quick overview of Skywiper/flame

I have read numerous reports and analysis of this (relatively) new virus discovered in the wild, including, but not limited to, those of The Hacker News, McAfee, TrendLabs, Eset, and Damballa. Here is what I have found so far.

Flame is an incredibly large and sophisticated piece of malware. It seems to be targeting the middle east, and has been around since 2010 (first detection). The file itself is about 20mb large and contains everything it needs to run (libraries, etc). There is speculation about who made it, a private entity or a nation state. I personally am leaning towards a government (possibly US) as it seems to be targeting political and military victims (this may just be the conspiracy theorist inside me). It is capable of monitoring keystrokes, capturing webcam data, taking screenshots, and listening though microphones connected to the infected machine. It spreads by through any connected removable storage, through printer sharing, and domain controllers. It is very careful to not leave any tracks and removes all traces of itself and other viruses when uninstalled. The main class itself is estimated to have 750,000 lines of C code (650,000 have been reversed by McAfee).

Initial detection map
McAfee

It is larger than StuxNet and some believe it to be created or used by the same group, while others think they may just be "recycling" some of StuxNet's code (more likely). Flame is the most sophisticated virus known to date, and contains a vast amount of obfuscation and anti-decompiler code. Accodording to McAfee, it is capable of at least the following:

- Scanning network resources
- Stealing information as specified
- Communicating to control servers over SSH and HTTPS protocols
- Detecting the presence of over 100 security products (AV, antispyware, FW, etc)
- Using both kernel- and user-mode logic
- Employing complex internal functionality using Windows APC calls and and threads start manipulation, and code injections to key processes
- Loading as part of Winlogon.exe and then injecting itself into Internet Explorer and services
- Concealing its presence as ~ named temp files, just like Stuxnet and Duqu
- Capable of attacking new systems over USB flash memory and local network (spreading slowly)
- Creating screen captures
- Recording voice conversations
- Running on Windows XP, Windows Vista, and Windows 7 systems
- Containing known exploits, such as the print spooler and lnk exploits found in Stuxnet
- Using SQLite database to store collected information
- Using a custom database for attack modules (this is very unusual, but shows the modularity and extendability of the malware)
- Often located on nearby systems: a local network for both control and target infection cases
- Using PE-encrypted resources

I'll keep you all posted and give more info once I get it.

let me know what I should post about next!

Downloads to watch out for

Hello again everyone,
It has come to my attention that many people are looking for a Diablo III crack. I know the game looks amazing, and I myself can't wait for one to come out so I can try it. I urge you DO NOT download any "crack" links you find, they are fake and filled with malware. I assure you that as soon as I find a crack and confirm it works and is not infected, I will tell you all about it and where to get it. If you have downloaded a "crack" and found it to not be working, please run Malware Bytes to remove any and all possible viruses attached to it. Here is a picture depicting a "hacker" bragging about how many virus installs he got.


I also urge to scan all downloaded files before executing them.

 If you have any link you would like me to check out, or any safety tips, please post them in the comments.
And, as always, comment if you have suggestions on topics for my next post.

New worm, spreads through IM

A new worm has been detected that spreads through things like facebook private messages. It is detected as WORM_STEKCT.EVL the malicious file name is "May09-Picture18.JPG_www.facebook.com" . The actual link to the malicious file is shortened using the popular shortening service called TinyURL. Once executed, the file disables all process associated with anti-virus. It then downloads another worm called WORM_EBOOM.AC. This worm monitors your internet usage and attaches itself to messages you post or send. Both these worms connect to a website and send/receive data from it.


How to prevent getting infected:

• Scan all files before running. Most viruses will be detected, I recommend Malware Bytes
• When you run a file downloaded, use a VM
• Regularly scan your system for viruses, and clean your cache, many viruses drop themselves here
• Don't download anything you don't fully trust, chances are, it's a virus.

That's all for now, be sure comment with other suggestions on how you keep yourself secure and what I should talk about next.