Alessandro Zanello

They are coming in these days so-called fake emails from shippers such as UPS and DHL.

These emails are attached as a zip file containing a trojan that secretly downloads a fake antivirus (Win 7 Anti-Spyware 2011 or Win 7 Anti-Virus 2011) find that dozens of infections on your PC and try to convince you to enter data of your credit card to register your antivirus and delete them.

Will be carried out covertly SMTP server connections to Yahoo, AOL, Gmail, GMX and IP addresses located in the Ukraine and Great Britain, predictably with the 'intent to send private data stolen from your PC.

Needless to say, the only thing to be eliminated will be the positive balance of your checking account.

The emails arrive but not only from these addresses:

ioprt14@dhl.com
supportmip11@dhl.com
PostMail-usid.3949 @ greensboro.com
dhltrak11@dhl.com
dhltraki1@dhl.com
PostMail-usa.8273 @ omaha.com
infojs@ups.com
adsupport3@ups.com
dfsupports1@ups.com
adminsuppo2@dhl.com
infoad2@ups.com
infoad22@ups.com
postmail-int69136@durham.com

Attachments can be named:

Post_Express_Label_No.30845.zip
UPS-document.zip
UPS notification.zip
United Parcel Service Notification Letter.zip
United Parcel Service document.zip
UPSnotify.rar
Post_Express_Label_SER.71816.zip
tracking.zip
Post_Express_Label_VID99184.zip
document.zip
DHL_documents.zip

The initial text was like this:

"Dear customer. The parcel was send your home address. And it will arrice Within 7 bussness day. More information and the tracking number in the document are attached below. "

where you can read several errors, but errors are disappearing in recent posts, meaning that the scam works and is fine, so we will have to be careful in the future.

Tizer Rootkit Razor ™ is a free tool that can remove malicious objects from your computer. As you know, rootkits have evolved from a form of protected music CDs to new tools for penetration and are very difficult to detect and eliminate, so that should still always begin by removing the disk and connect it to a different suspect as a PC hard outside if you want to have a chance.

Tizer Secure ™ Rootkit Razor is able to recognize and eliminate many rootkits , is compatible with Windows 7, is free for personal use and more effective than some commercial products.

It seems that even the files. HLP have lost their innocence: this article on McAfee's site tells of a type of attack that involves a file. HLP, even if only as a container. The malware is attached to a legitimate file system on-line help, imepaden.hlp, which continues to operate normally. It then created a file. SYS it runs as a service, and masquerading as a device driver and file the necessary riestrae. Hlp load malicious "upgraderUI.exe", which ultimately is a family of backdoor Muster.e they already you know, and that is coupled via the registry key HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run AutoPatch.

So if you delete the file. Exe and registry key, the. Sys recreates the whole, and the fact that usually are excluded for reasons of efficiency the files. Hlp from the list of files checked by the antivirus makes it difficult discover the mechanism. A fine example of a strategy by hackers.

Researchers and security experts have identified a new attack that can infect a month about 300,000 web pages with links that take visitors to a page with a potent cocktail of malicious exploits.

The attack began in late November and seems to by professionals, but not in this type of techniques. The compromised sites contain an iframe that silently redirects users to 318x. Com (note the space added specifically for security), and from there on:

aa1100.2288.org/htmlasp / DASP / alt. html

and is then loaded into a script (js. tongji.linezing.com / 1358779/tongji.js) used for tracking. The procedure exploits known vulnerabilities in at least five applications:

more »

Sandboxie lets you work on your computer in a secure virtual and isolated they are confined to changes in registry and folders. It 's very useful and effective to do testing and to surf the Internet by protecting privacy and security.

Many such. use them, often without knowing it or imagine it, the key generators of recording applications (keygens) downloaded from the Internet are also a vehicle for spreading viruses: run in this environment would be a good way to avoid damage planned by the producers of malware.

Sandboxie is interposed between applications "dubious", and the hard drive, allowing the latter of the sun to read and write in diverting the virtual area, from where they are actually all the changes.

These will still be accessible by exploring the contents of the reserved area (the sandbox), until you decide to cancel it. Run the software in an unknown space safe and independent as not to risk damage is a powerful and easy to use: clearly this can be achieved, and even more fully, with many available virtual machine ( VirtualBox , VMware, Returnil , etc..) or with functions such as "Try & Decide" from the Acronis True Image, but Sandboxie is incomparably easier to use and less invasive.

more »

More and more useful, free services online scanning suspicious files in real time as Jotti , NoVirusThanks , VirusTotal and ThreatExpert have become a reference: on these sites can provide a file that do not trust it because it is analyzed by a score or Most anti-virus, in order to have an overall picture and decide based on the percentage of recognition of the various anti-virus used as a threat.

Perhaps not everyone knows that even the registry keys have access privileges, just like files and folders. For this reason can be that trying to remove a key stuck in the register by a virus there is to succeed, for the permissions that the virus author has deliberately modified. The following instructions to resolve the issue.

To change the access permissions of a registry key, follow these steps:

a. launch the Registry Editor (Start, Run, regedit, and OK or Windows-R, regedit, Enter)
b. find and right-click the registry key and select Permissions
c. under Users and Groups click Administrators
d. under Permissions for Administrators, make sure that the Allow check both of the following items:
â € ¢ Full Control
â € ¢ Read
and. click Apply and OK
f. exit the registry.
more »