Monthly Archives: July 2011

The new boot record viruses (TDL4) and how to fix the Master Boot Record (MBR)

Coming from the oldest computing times,the boot record viruses remain still one of the most preffered attack vectors. Like their predecessors, the Stoned computer virus(created 1987), Brain(created 1986 and the first PC virus !), Michelangel0(1991), Elk Cloner(1980), actual boot record viruses use the same method of infection: they replace boot record codes with infected code. For who does know what is a boot record Master Boot Record(MBR) or Volume Boot Record(VBR) the advantages of a such infection are obvious. For who does not know about MBR or VBR and their role, here are the details of an Windows PC boot sequence in a simplified form. When the computer is switched …

Continue reading

Posted in Thoughts.

New scam Skype website

A new scam website trying to impersonate the Skype official website appeared on the Internet. The site is http://skype-downloads.ru/ and the details who own the domain are private. The website has a layout and colors(white and blue) trying to imitate the Skype official website and even the Skype logo is present. It has a .ru TLD and is in russian language.     This scam website offers for downloading a fake Skype installer, named skype_setup.exe with 2.42 MB in size and MD5 hash: E4FA92CA336D545E7AF8E253F42F1EDB .This executable is protected with a packer to prevent it from being reverse engineered. If someone is fooled to download and install this rogue software,will be prompted …

Continue reading

Posted in Thoughts.

Popureb.E trojan removal tool released for public

A free removal tool for the Popureb.E malware was released for public by Prevx security vendor, here is the download link. For who does not know, Popureb.E is a trojan that targets the Master Boot Record(MBR) on Windows XP machines. Until now Windows Vista and Windows 7 seems to be immune to this kind of infection. The malware add its code to Master Boot Record being in some fashion invisible to the operating system and antivirus software which are loaded later, after the trojan code. This malware made some waves a few days ago when a Microsoft engineer Chun Feng suffering for excessive zeal recommended an extreme solution to get …

Continue reading

Posted in Thoughts.

Fake avast! antivirus website

A fake website for the well-known avast! antivirus is floating around the Internet trying to scam the users. Even if it is a subtle difference between the original domain of the avast! antivirus and the fake(scam) domain, you can notice it easily. http://www.avast.com  - this is the original domain of avast! antivirus http://avast-download.com  - this one is a fake domain for avast! The registrant informations for the fake avast! domain are private, the Whois Lookup reveals only: Domain avast-download.com Date Registered: 2010-9-21 Date Modified: 2010-9-21 Expiry Date: 2011-9-21 DNS1: 1.nseasy.com DNS2: 2.nseasy.com Registrant Private Whois Service Private Whois Service fp75akd4d95245d8b60e@oqjij874d9300d54bd95.privatewhois.net *******PLEASE DO NOT SEND LETTERS****** ****Contact the owner by email …

Continue reading

Posted in Thoughts.