Technology

Mariposa infects at least 13 million computers in the world

Following the extermination of Mariposa botnet, a network security firm Panda Security said that there are at least 13 million computers are infected by Mariposa.

Number 13 million are from 31.901 cities in 190 countries around the world. The top 10 cities with the highest infection penetration is a city that comes from developing countries. Some of them are in Asia, such as Seoul, Bombay, New Delhi and Mexico City.

“The highest infection occur in countries with a level of concern for network security is very low. The countries with a high level of awareness has a relatively low penetration, such as USA, Germany, England and Japan,” said Technical Director of PandaLabs Luis Corrons, as quoted by Net Security, Thursday (11/3/2010).

10 cities with the highest infection penetration is Seoul with total 5.36 per cent IP address are infected, number two is occupied by Bombay with 4.45 per cent, New Delhi has a penetration Mariposa botnet approximately 4.27 percent, Mexico City reached 3.89 percent , Bogota 2.68 percent, five with 1.98 per cent, reaching 1.68 percent Kiev, Bangalore Mariposanya penetration reached 1.39 percent, 1.24 percent Islamabad and Tehran last reached 1.23 percent.

Whereas if viewed from the side of the country, India’s largest position sekira19 infections, 14 percent, followed by Mexico with 12.85 percent, and Brazil reached 7.74 percent. Americans were still in position with 20 large Mariposa botnet infection rate reached 1.05 percent.

“The work has been carried out by members of the Working Group Mariposa massive cessation of Mariposa botnet in the world on December 23 last. This group is a group of network security company that united to fight the Mariposa,” said Corrons.

Earlier, Spanish police have arrested three suspects who allegedly the mastermind behind the spread of mariposa.

New Internet Explorer Vulnerability Confirmed

Microsoft have confirmed a new Internet Explorer security vulnerability which is affecting only pre-Windows Vista operating systems like Windows XP meaning that users running Windows 7, Windows Vista, Windows Server 2000 and Server 2008 R2 are not affected by the issue.

The vulnerability is not exploited currently according to Microsoft’s information and it is not likely that it will as a user on the target system needs to be convinced to press the F1 key in response to a pop up dialog box on a specifically prepared website.

The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.

There is currently no fix for affected operating systems but Microsoft confirmed that they continue investigating the issue. It is likely that a patch for the vulnerability will be provided shortly. As of now all users need to remember is to not press F1 when they are accessing websites.

What Is paypal.112.2o7.net

If you are a very observant – or cautious – PayPal user you might have noticed that several connection requests are made that are to other domains that are not paypal.com. This can be extremely worrying to users considering that malicious software and attackers also use these kinds of connections for their evil doings.

If you analyze the connections that PayPal makes you notice that the site makes two connections to elements on the domain paypal.112.2o7.net which looks on first glance like a phishing website. The two elements are the smallest in size (both are 43 Bytes) but seem to take the longest to transfer. More »

Flash Player 10.1 To Support Private Browsing

Private browsing is a relative new mode that has been added to several popular web browsers recently. It basically allows a user to work with the web browser normally. Data that is accumulated during the private browsing sessions is only temporarily available which is the difference to the normal browsing mode. This means that the web browser’s history or the temporary Internet files will not contain clues about the websites that the user visited while in private browsing mode.

One exception to that rule is Flash content, so called flash cookies or local shared objects, are still stored on the system and an analyst could use those to uncover the websites
that stored them on the computer even in private browsing mode.
More »

Another Fix For Unauthorized Google Redirects [Security]

We posted a solution for one of the causes of unauthorized Google redirects yesterday. These redirects can happen in one browser or multiple ones and are usually related to searches that the user performs in search engines such as Google. Yesterdays redirect was caused by a plugin that got installed on the host computer without the user’s consent. This plugin did not appear in the list of installed plugins and the fix was to run the program Gooredfix to remove it from the computer system.

Today’s reason for an unauthorized redirect is a rootkit that is commonly known as Rootkit.Win32.TDSS. The problem with a rootkit is that many security applications do not detect it even if they are updated with the latest virus definitions.
More »

Giganews VyprVPN Review [VPN]

A virtual private network serves various purposes. It usually encrypts the traffic between the user and the vpn server increasing the privacy of the user, security of the system and integrity of the data. Many companies use vpn connections to transfer important data to employees or customers. But virtual private networks have other advantages. The user’s IP address is shown in normal connections on the Internet. This means that websites and other users know the IP of the user who initiated the connection. The IP alone can be used to locate the user on the world map.

A virtual private network on the other hand replaces the user’s IP with its own so that the servers and users that the user connects to only see that IP and not the real one. This is also beneficial for services that only allow access to their service from specific countries. If the vpn is offering servers in the country then the service can be used. That’s great for services like Hulu, Pandora, BBC and many other streaming video or audio related services. More »

Norton PC Checkup

Norton PC Checkup is a free software program for the Windows operating system that will perform a PC system scan to detect threats as well as performance and protection problems. The program will schedule scans of the PC once per week with the additional option to start a scan manually at anytime.

The system scan takes less than a minute to complete and will display an initial rating for each of the elements that have been scanned. More »

Virus Total Uploader Update

Virus Total offers a great service for users who want to check files for malicious code. The main benefit of using Virus Total over locally installed antivirus software is the multi-engine approach as it offers to scan files with dozens of different antivirus engines and databases.

The Virus Total service can be used on the website directly by uploading one file to the service or by use of the Virus Total software which recently has been updated to version 2. More »

Security Tool Removal Instructions

Security Tool is a so called rogue anti virus software that is distributed by various means including malicious software like trojans but also pop ups on the Internet which will display a fake message that the computer is infected and needs to be secured by downloading the rogue security program. Security Tool will perform a series of tasks once it is running on a computer system. This includes blocking legit software from being executed and displaying false security warnings to promote a “full” version of the program that the PC user should buy to protect the computer system. More »

WPA Cracker Offers Online Cloud Cracking Service

Cloud based computing can have a serious impact on the time it takes to perform calculations. We have seen join efforts in the past to use cloud computing in research. But research is not the only area that benefits from the processing power of the cloud.

WPA Cracker is an online service that offers to run a 140 million word dictionary against a WPA handshake that is submitted by the customer. More »