This is my small guide giving tips on how to stay secure on the internet it is currently up to v1.2.3 so I have worked on it for some time. I hope it should be enough to explain and help those computer N00bs (New people) out there!
This shall also be linked on the right side of the website under Links called “Download Protect Yourself From Internet Threats”

Download Protect Yourself From Internet Threats v1.2.3

This is a cross posting from my other blog.

James Dean made a name for himself in the 1950’s movie, “Rebel Without a Cause.” In the past almost four years I’ve been determined to show that Linux and in particular Ubuntu Linux is a viable desktop operating system. I’ve proven it to myself time and again but still it remains an outlier in consumer circles. In the last week I’ve rebuilt three Windows computers that had been virtually destroyed by malware. In two of the three cases the individuals let their virus protection lapse, in the third the lady was using a well known anti-virus and security solution and she still was victimized. When I returned the computers to their owners I suggested how they could work to keep their machines from becoming infected again.

Lately, I’ve taken a more active stance promoting both Ubuntu equipped personal computers and Macintosh computers because Windows seems more vulnerable than ever. I can’t think of anything I do other than iTunes and Quicken which couldn’t be accomplished on Ubuntu. I’m able to read blogs, write blogs, send and receive email, participate in social networks, write HTML, and create and update websites. Have I left anything out. That’s a pretty complete listing. In any event I’m able to do all of that from my Dell Inspiron 6400 with Ubuntu 9.04. I am definitely plugging Ubuntu, but for you could do the same with Fedora and OpenSuse, PC Linux OS and the other Linux distros. Ubuntu just happens to be my favorite.

Recently I bought my son a MacBook for his home. Why a MacBook and not Ubuntu? Simply so that he could keep up with the Joneses in his life. All his friends have Macs and I thought what the heck. But, really there is no real difference in operating efficiency on Linux or Macintosh OSX. Both are open source at their core and Unix and Linux are much more secure and stable. I have to admit that the Macintosh GUI is compelling, but I still like using two and three buttons on my mouse or touchpad and that’s not possible with a Mac. In fact that two button dilemma is driving my son a bit batty. He’s used Windows most of his life and those of us who use Windows and Linux know that a mouse has more than one button and nearly all of our keyboard shortcuts are the same.

I am going to keep pushing Linux and Ubuntu in particular because it’s the most stable, least costly and most fun operating system on the planet at this time.

Shipping Express Inc. aka www.shipping-express-inc.com

Όσο καλά προστατευμένος και αν είναι κανείς σήμερα αποκλείεται να μην κολλήσει κάποιον ιο ή κάποιο spyware. Αντιβιωτικά και antispyware υπάρχουν αρκετά και αν μολυνθεί το σύστημά μας το καθαρίζουν αρκετά καλά και χωρίς ιδιάιτερο κόπο. Τι γίνεται στην περίπτωση των λεγόμενων Rogue security software (aka rogueware);

Τα rogueware είναι malware που παρουσιάζεται με τη μορφή antivirus ή antimalware και μας ενημερώνει ότι το σύστημα μας είναι μολυνσμένο και πρέπει να καθαριστεί. Μας αλλάζει το φόντο, ανοίγει πολλά κόκκινα Χ στο tray και αρχίζει να ψάχνει για ιους (και καλά). Ουσιαστικά δεν μας αφήνει να δουλέψουμε με τα συνεχόμενα pop-up και τις προειδοποιήσεις.

Υπάρχει ένας πολύ γρήγορος τρόπος να αφαιρέσουμε το rogueware και είναι ιδιαίτερα αποτελεσματικός αν εφαρμοστεί στην αρχή της μόλυνσης.

Επαννεκινούμε τον υπολογιστή σε ασφαλή λειτουργία με δίκτυο.

Κατεβάζουμε το roguefix (αρχείο) που είναι ένα .bat αρχείο και το malwarebytes anti-malware.

Εκτελούμε το roguefix και ακολουθούμε τις απλές οδηγίες. Όταν τελειώσει κάνει μόνο του επανεκκίνηση και ξαναμπαίνουμε σε ασφαλή λειτουργία.

Εκτελούμε το anti-malware και καθαρίσαμε.

Πιάνει στο 90% των περιπτώσεων δοκιμασμένα.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

China’s population of Web users hits 338 million, surpassing population of the United States

With a Internet penetration, or saturation at only 25.5%, China has 338 million Internet users. Fueled by rapid economic growth the growth rate since the end of 2008 is 13.4%. Internet usage via mobile phones increased by 32.1%, representing 155 million users. By contrast, the U.S. population is just under 307 million with an Internet penetration, or saturation of 70%.

Click here for more information.

U.S. Dept. of Energy builds attack defense network

Pooling data from intrusion detection systems located at disparate DoE sites, the agency is in the beginning stages of deploying a network to more quickly respond to scans. A new system developed by Argonne National Laboratories will flag things such as port scanning. Based on information on a port scan from one site firewalls at other sites will be reconfigured to block traffic from the scanning IP address.

The following link provides a way to guard against this vulnerability until Microsoft releases a patch.

Click here for more information.

Experts link flood of ‘Canadian Pharmacy’ spam to Russian botnet criminals

Using the power of 8 botnets, Canadian Pharmacy is the largest producer of pharmaceutical-based spam. Russian cybercrime groups are suspected as the force behind “Canadian Pharmacy”.

As a whole spam has grown 60% between January and June of this year to 150 billion messages per day. 75% of that spam is “pharmaceutical spam” or “pharma spam” with half of the “pharma spam” coming from Canadian Pharmacy.

Click here for more information.

HTC issues Hotfix for Bluetooth Vulnerability in Smartphones

With Bluetooth switched “on” and Bluetooth file sharing “activated”, HTC handsets using Windows Mobile 6 and Windows Mobile 6.1 were vulnerable to attackers who wanted to access all files on a user’s phone.

Comment: This story shows the growing threat to mobile devices.

Click here for more information.

Webcams, printers, gizmos – the untold net threats

Interacting with some of the more sensitive parts of a computer network, web interfaces, “gadgets”, such as webcams and printers that connect with computers where never designed to withstand attacks. The NAS (network-attacked storage) units posed the highest number of threats as the unit was susceptible to all five attack classes.

Other devices that can be found in the “gadget” or “gizmo” category include network switches, routers, photo frames, voice over IP phones and other network equipment.

The devices are generally invisible to anti-virus software so even though a computer may be disinfected the secondary devices can keep infecting.

Click here for more information.

Virgin Media sets throttle on hardcore hogs

Virgin Media, UK ISP, will begin throttling back those who tend to hammer the network hardest. Throttling will take place between 9:00am to 9:00pm for 2% of its customers. However, If users pay for a more premium service throttling does not apply.

Click here for more information.

Update 18th July 2009. If you want to read actual desktop environment developers (i.e. people who who know loads more than I do) discussing this vulnerability, then this 2006 thread from a Xorg mailing list may interest you. If you want to see the proof that it actually works, then go right ahead and read on.

I tried to ask questions about this on a forum and got banhammered for it. But never mind. I did a bit of research into it and discovered that a few people have already documented this possible vulnerability, and that it is somewhat legitimate. People love to say that the biggest security threat for computers is the users themselves, which is fair enough. Who needs to craft a drive-by download when you can just get the users to click on naked_chix.jpg.exe all by themselves? Linux makes it difficult, but not impossible, for malware to take hold, but it pays to be aware of the dangers, however slight they may be. I don’t personally believe that there is much of a threat at all, and the particular exploit I’m about to describe isn’t very special or clever, either, and can only affect a small number of people. The only thing that is somewhat interesting about it is that it can get root access without drawing attention to itself.

And that’s another thing about root access. Who really needs it? Sure, back when people made viruses to fry people’s hard-disks, having administrator privileges would have been a godsend. This is classically one of the reasons Windows has been so full of holes. New users were given Admin accounts by default, allowing them to tinker with every aspect of the system (within limits). Viruses run as the normal user could integrate themselves deep within the system utilities that made the operating system work, and from there carry on doing whatever it is they’re built to do. Of course nowadays, Windows doesn’t give its users root accounts by default. It has led to gripes because the UAC prompts you get on Vista tend to annoy some people, but the overall concept is sound. But the question remains: do you really need a root account to do the things that today’s malware does? Certainly not. Root helps, but it’s hardly necessary.

So any way, onwards we go. Gnome does a very nice thing. It can override launchers for individual users. All of those lovely launchers you see in the Gnome Menu, well, they are all in /usr/share/applications. Go and take a look. But, they can be overridden by putting your launcher in ~/.local/share/applications. Gnome checks there before it looks for the global launchers, exactly the same way many applications check your home directory for conf files before looking in etc for global confs.

All you need to do to gain root access is make a duplicate launcher for an application that already requires root access. You don’t even need that, but a user might get suspicious if he’s prompted for his sudo password when launching Firefox. Synaptic, on the other hand, is a good choice. Let’s have a look at its desktop launcher in /usr/share/applications:

[Desktop Entry]
Name=Synaptic Package Manager
GenericName=Package Manager
Comment=Install, remove and upgrade software packages
Exec=gksu --description /usr/share/applications/synaptic.desktop /usr/sbin/synaptic
Icon=synaptic
Terminal=false
Type=Application
Categories=PackageManager;GTK;System;Settings;
NotShowIn=KDE;
X-Ubuntu-Gettext-Domain=synaptic

So, if you were to put a launcher in ~/.local/share/applications that was exactly the same, except that it runs your malware first, then bingo, you’ve got root. Your malware can then happily go off and add itself to init.d and load up with root privileges every time you boot your machine. So I gave it a go:

[Desktop Entry]
Name=Synaptic Package Manager
GenericName=Package Manager
Comment=Install, remove and upgrade software packages
Exec=gksu --description /usr/share/applications/synaptic.desktop /home/ryan/ohno.sh
Icon=synaptic
Terminal=false
Type=Application
Categories=PackageManager;GTK;System;Settings;
NotShowIn=KDE;
X-Ubuntu-Gettext-Domain=synaptic

The password dialogue will use the Synaptic description for the prompt when you try to open Synaptic:

And then it’ll execute our virus (ohno.sh) with root privileges:

Major bummer.

Any way, I was asked a question about how this rogue synaptic.desktop file gets into your application launcher folder in the first place. And sure, it isn’t a case of drive-by downloading. It requires the user to actually run something himself in order to take hold. This is what’s known as a trojan horse, and conventional wisdom goes that there is no way the operating system can ever fully guard users against these. The best weapon we have to fight trojan horses is education. This is a crucial point and I can’t stress it enough.

Some of you may be thinking, “Sure it could work on idiots, but I’m not going to arbitrarily execute some random code sent to me by some random guy without checking it first.” Well, no, of course not. But the tricks malware use to get users to click the OK button can be very devious. One of the attack vectors for the Conficker virus, for instance, involved hijacking the autostart prompt for playable media on Windows. What looked like the button for “Browse contents” was actually the option to run the installer for the virus!

Conficker is, admittedly, a special case, because it uses pretty much every method of infection available to Windows malware writers. But can we employ similar tactics to get people to open malware files on Linux? Sure, why not. And it’s doable with those pesky desktop files, again. On Gnome, the launchers can have any name you desire. In fact, if we make a launcher with the following code,

[Desktop Entry]
Version=1.0
Terminal=false
Exec=python exploit.py
Icon=ooo-writer
Type=Application
Categories=Application;Office;WordProcessor;
StartupNotify=false
MimeType=application/msword;application/rtf;application/vnd.ms-works;application/vnd.oasis.opendocument.text;application/vnd.oasis.opend$
InitialPreference=5
Name=lol.odt
Name[en_GB]=lol.odt
GenericName=Word Processor
GenericName[en_GB]=Word Processor
Comment=Create and edit text and graphics in letters, reports, documents and Web pages.
Comment[en_GB]=Create and edit text and graphics in letters, reports, documents and Web pages.

We shall have the following to gawp at in our Nautilus:

Well, that’s all well and good. But look at its real name, as it saved on the disk:

So now we have a desktop launcher, hidden to look like a document file, that actually launches the exploit.py code. And sure enough, when our poor user attempts to open the document:

In this example, it’s obvious that there is an exploit, because it’s unashamedly named right there in the same directory. But there are plenty of ways the desktop launcher could do something dodgy. For instance, you could set it to run a wget command to download and execute a remote exploit from the web. The exploit code itself can be filled with all of the virusy nastiness you would expect. Replacing all of the launchers that require gksu with a buggy version, for instance. Editing someone’s bashrc to hijack a sudo alias would be trivial, too. Gaining root is really not that difficult, so long as you can get the user to run the original exploit in the first place, by trying to open our dodgy document.

The question now is how does this launcher get on to the user’s computer in the first place? It could be emailed to you, it could be sitting on a USB stick someplace. There are many ways it can happen. In fact if your exploit scans Evolution or Thunderbird for your contacts, or perhaps loads up a background process to spam itself to message boards, then it could conceivably become somewhat self-replicating, as all true viruses are.

I’m not saying this is a sure-fire way to pwn Linux users. Far from it, I actually think it’s kinda lame. And long_boobs_hair.jpg.exe was lame too, but that still caught people out. All I have described here is one very primitive and highly-specific mode of attack. And so it seems, it’s been written about many times before. Never mind. I never even considered it before, so I was more than a little bit intrigued to test how much such an attack can achieve. The answer, as with all trojan horses, is everything. If you let it happen.

I’m probably kidding myself if I think I can get away with posting this without getting any flames, but what the hell, so long at least one person in the world is now just that little more informed about the realities of malware, then I have achieved at least something worthwhile.

Buying Precription Drugs Online May Be Dangerous
- Consumer Alert -
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Domains on Nameserver ns2.growfour.com

Buying Precription Drugs Online May Be Dangerous
- Consumer Alert -
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Address lookup

Domain Whois record

Queried whois.internic.net with “dom popular-ed-products.com“…

   Domain Name: POPULAR-ED-PRODUCTS.COM
   Registrar: KEY-SYSTEMS GMBH
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net
   Name Server: NS1.STIMUL-MEDIA.COM
   Name Server: NS2.STIMUL-MEDIA.COM
   Status: clientTransferProhibited
   Updated Date: 13-apr-2009
   Creation Date: 02-sep-2008
   Expiration Date: 02-sep-2011

>>> Last update of whois database: Fri, 17 Jul 2009 14:11:38 UTC <<<

Queried whois.rrpproxy.net with “popular-ed-products.com“…

DOMAIN: POPULAR-ED-PRODUCTS.COM

RSP: domaindiscount24.com
URL: http://www.dd24.net

owner-contact: P-VLP199
owner-organization: STIMUL-MEDIA.COM
owner-fname: Vitaly
owner-lname: Petrov
owner-street: Petrozavodskaya st, 16, appt. 123
owner-city: Moscow
owner-zip: 125414
owner-country: RU
owner-phone: 79160248086
owner-email: vitalypetrov76@yahoo.com

admin-contact: P-VLP199
admin-organization: STIMUL-MEDIA.COM
admin-fname: Vitaly
admin-lname: Petrov
admin-street: Petrozavodskaya st, 16, appt. 123
admin-city: Moscow
admin-zip: 125414
admin-country: RU
admin-phone: 79160248086
admin-email: vitalypetrov76@yahoo.com

tech-contact: P-VLP199
tech-organization: STIMUL-MEDIA.COM
tech-fname: Vitaly
tech-lname: Petrov
tech-street: Petrozavodskaya st, 16, appt. 123
tech-city: Moscow
tech-zip: 125414
tech-country: RU
tech-phone: 79160248086
tech-email: vitalypetrov76@yahoo.com

billing-contact: P-VLP199
billing-organization: STIMUL-MEDIA.COM
billing-fname: Vitaly
billing-lname: Petrov
billing-street: Petrozavodskaya st, 16, appt. 123
billing-city: Moscow
billing-zip: 125414
billing-country: RU
billing-phone: 79160248086
billing-email: vitalypetrov76@yahoo.com

nameserver: ns1.stimul-media.com
nameserver: ns2.stimul-media.com

Network Whois record

Queried whois.ripe.net with “-B 88.85.65.165“…

% Information related to '88.85.64.0 - 88.85.71.255'

inetnum:        88.85.64.0 - 88.85.71.255
netname:        WEBAZILLA
descr:          WebaZilla
country:        NL
admin-c:        WZNL1-RIPE
tech-c:         WZNL1-RIPE
status:         ASSIGNED PA
mnt-by:         WZNET-MNT
mnt-routes:     WZNET-MNT
changed:        bk@webazilla.com 20070209
source:         RIPE

role:           WebaZilla RIPE Manager
address:        WebaZilla B.V.
address:        Postbus 19115
address:        3501DC Utrecht
address:        Netherlands
phone:          +31612253464
fax-no:         +31303100299
e-mail:         noc@webazilla.com
mnt-by:         WZNET-MNT
admin-c:        BK5536-RIPE
tech-c:         BK5536-RIPE
tech-c:         KV1670-RIPE
nic-hdl:        WZNL1-RIPE
changed:        bk@webazilla.com 20070718
source:         RIPE

% Information related to '88.85.64.0/19AS35415'

route:          88.85.64.0/19
descr:          WEBAZILLA
origin:         AS35415
mnt-by:         WZNET-MNT
changed:        bk@webazilla.com 20060728
source:         RIPE

DNS records

DNS query for 165.65.85.88.in-addr.arpa returned an error from the server: NameError

– end –

Signature update 515 with publish date 2009/07/17 contains 2788 added or updated entries and is already available as part of automatic or manual update option.

+1178 Trojan.Win32.Malware
+2 Trojan-PSW.Win32.OnLineGames
+20 Trojan.Win32.Chifrax
+50 Malware.Generic
+7 Packed.Win32.PolyCrypt
+368 Backdoor.Win32.Hupigon
+2 RemoteAdmin.Win32.RAdmin
+11 Worm.Win32.AutoRun
+35 Trojan-GameThief.Win32.Magania
+22 Trojan-Downloader.Win32.Agent
+12 Trojan-PSW.Win32.QQPass
+1 PSWTool.Win32.NetPass
+6 Packed.Win32.Krap
+3 Trojan-Banker.Win32.Banbra
+28 Trojan-Dropper.Win32.VB
+44 Trojan.Win32.Agent
+22 Packed.Win32.Klone
+24 Trojan.Win32.Crypt
+16 Trojan-Banker.Win32.Banker
+3 Virus.Win32.Alman
+12 Backdoor.Win32.Poison
+11 Virus.Win32.Parite
+4 Net-Worm.Win32.Kido
+52 Backdoor.Win32.Gen.A
+18 Trojan-Dropper.Win32.Binder
+38 Trojan.Win32.Inject
+1 Exploit.JS.ADODB
+18 Trojan.Win32.Buzus
+3 Trojan-Spy.Win32.FlyStudio
+12 Trojan.Win32.AntiAV
+22 Trojan.Win32.Delf
+3 Backdoor.Win32.Ceckno
+2 Trojan-GameThief.Win32.Nilage
+43 Backdoor.Win32.PcClient
+1 EICAR-Test-File
+2 Trojan.Win32.Vaklik
+3 Backdoor.Win32.SdBot
+1 Trojan-Downloader.MSIL.Agent
+12 Trojan.Win32.Pakes
+1 Trojan-Proxy.Win32.Dlena
+12 Trojan.Win32.Qhost
+6 Trojan-GameThief.Win32.WOW
+15 Trojan-Dropper.Win32.Mudrop
+2 Trojan.Win32.KillAV
+7 Trojan-Downloader.Win32.Banload
+7 Trojan-Downloader.Win32.Delf
+32 Virus.Win32.Virut
+13 Packed.Win32.Katusha
+10 Trojan.Win32.Peed
+4 Trojan-Dropper.Win32.Flystud
+12 Backdoor.Win32.Agent
+1 Trojan-Downloader.Win32.Tiny
+3 Exploit.JS.Agent
+24 Trojan-Spy.Win32.Agent
+36 Trojan-Dropper.Win32.Agent
+2 Backdoor.Win32.DsBot
+13 Trojan-GameThief.Win32.OnLineGames
+5 Trojan-Dropper.Win32.Delf
+8 Trojan-Dropper.Win32.Danseed
+1 Trojan.Win32.Dialer
+1 Trojan.VBS.Starter
+31 Net-Worm.Win32.Generic.D
+13 Exploit.Win32.Generic
+9 Backdoor.Win32.Small
+1 VirTool.Win32.Injector
+9 Trojan.Win32.Midgare
+1 Trojan-Downloader.JS.Agent
+1 Backdoor.Win32.Banito
+2 HackTool.Win32.Kiser
+30 Trojan.Win32.VB
+12 Backdoor.Win32.Bifrose
+1 Delf
+4 Virus.Win32.Sality
+1 Backdoor.Win32.Prorat
+3 Trojan-PSW.Win32.VB
+3 Trojan-Dropper.Win32.Small
+1 Virus.Win32.VB
+2 Backdoor.Win32.GrayBird
+5 Trojan-Spy.Win32.Delf
+5 Trojan-PSW.Win32.Agent
+4 Trojan.Win32.Genome
+6 Trojan.Win32.Vapsup
+1 Trojan-PSW.Win32.LdPinch
+2 Trojan.Win32.Agent2
+1 Email-Worm.Win32.Wangy
+1 Trojan.VBS.Shutdown
+1 Backdoor.Java.JSP
+1 IM-Worm.Win32.Sohanad
+1 Trojan-Clicker.Win32.Densmail
+2 Trojan.Win32.FraudPack
+1 NewDotNet
+1 PSWTool.Win32.WinLogon
+2 Trojan-Downloader.Win32.Adload
+4 Trojan.Win32.CDur
+1 Trojan.BAT.Agent
+3 Backdoor.Win32.Prosti
+4 Trojan.Win32.Zlob
+12 Exploit.Win32.JS
+8 Trojan-Downloader.Win32.VB
+1 PSWTool.Win32.Dialupass
+1 RiskTool.Win32.Crypter
+6 Packed.Win32.Tdss
+6 Backdoor.ASP.Ace
+1 Trojan.Win32.FlyStudio
+4 Trojan-Downloader.VBS.Small
+3 BHO
+1 Exploit.HTML.Iframe
+7 Backdoor.Win32.Delf
+1 Email-Worm.Win32.Iksmas
+2 Worm.Win32.AutoIt
+14 Packed.Win32.Black
+8 Rootkit.Win32.Agent
+1 Worm.Win32.Autorun
+6 Trojan-Downloader.Win32.Small
+1 Net-Worm.Win32.Koobface
+5 Trojan.Win32.Patched
+6 Trojan-Proxy.Win32.Agent
+2 Worm.Win32.Huhk
+1 Virus.MSExcel.Yagnuul
+1 Craagle
+11 Trojan-Clicker.Win32.VB
+1 Trojan-Clicker.Win32.Qhost
+6 Backdoor.Win32.FlyAgent
+2 HackTool.Win32.Sniffer
+1 Trojan-Downloader.NSIS.QQHelper
+1 RiskTool.Win32.HideWindows
+2 Backdoor.Win32.Zdoogu
+2 Trojan.Win32.Slefdel
+1 Trojan-Downloader.WMA.GetCodec
+1 Trojan.Win32.Autoit
+2 Trojan-Dropper.Win32.Crypter
+10 Packed.Win32.PePatch
+1 Zhongsou
+4 Trojan-Dropper.Win32.Joiner
+1 Backdoor.Win32.Rbot
+2 Exploit.Win32.IMG-WMF
+7 Trojan-Downloader.Win32.FraudLoad
+1 Trojan-Spy.Win32.Ardamax
+1 Trojan-Spy.Win32.BZub
+1 Trojan-GameThief.Win32.Ganhame
+2 Trojan.Win32.Vundo
+1 Trojan-Dropper.MSWord.1Table
+1 P2P-Worm.Win32.Palevo
+4 Monitor.Win32.Perflogger
+3 Trojan.BAT.KillAV
+1 Virus.Win32.Tenga
+1 Email-Worm.VBS.Agent
+1 Virus.Win32.Neshta
+1 PSWTool.Win32.PdfCracker
+1 Backdoor.Win32.Turkojan
+1 Backdoor.Win32.NewRest
+1 Trojan.BAT.DelFiles
+5 Dialer
+1 Trojan.Win32.Banker
+1 Virus.Win32.Agent
+2 Trojan-GameThief.Win32.Lmir
+1 Exploit.Win32.Pidief
+1 Worm.Win32.WhiteIce
+1 PSWTool.Win32.PassView
+1 NetTool.Win32.TCPScan
+1 RiskTool.Win32.PsExec
+1 Virus.Win9x.CIH
+1 Trojan.Win32.Zytric
+1 DMCast
+3 Worm.Win32.VB
+1 Backdoor.Win32.Graybird
+1 Dialer.Win32.DialerOffline
+1 AdMoke
+1 PSWTool.Win32.SnadBoy
+3 Trojan-PSW.Win32.Delf
+2 Trojan-Dropper.Win32.FJoiner
+1 P2P-Worm.Win32.Polip
+1 HackTool.Win32.SQLInject
+1 PSWTool.Win32.AirCrack
+1 Trojan-Banker.Win32.Bancos
+1 Trojan.Win32.Tdss
+2 Trojan-Banker.Win32.Qhost
+5 Backdoor.Win32.PoisonIvy
+2 RiskTool.Win32.HideProc
+1 Trojan.Win32.Genlot
+1 RiskTool.Win32.VB
+1 Trojan-PSW.Win32.Element
+1 PSWTool.Win32.Brutus
+1 PSWTool.Win32.Pwdspyhk
+1 Trojan.Win32.KillFiles
+2 Exploit.HTML.CodeBaseExec
+1 PSWTool.Win32.MailPassView
+1 NetTool.Win32.Agent
+1 Backdoor.Win32.RAdmin
+1 Dm
+1 RiskTool.Win32.WFPDisabler
+1 Worm.Win32.Fujacks
+1 Trojan-Clicker.HTML.IFrame
+1 Backdoor.Win32.Shark
+1 Trojan-Downloader.Win32.Bagle
+1 Trojan.Win32.Obfuscated
+1 Astro
+1 Trojan.Win32.Regrun
+1 IM-Flooder.Win32.RoomDestroyer
+1 Packed.Win32.NSAnti
+1 Trojan.Win32.BHO
+1 Trojan-Spy.Win32.Gologger
+1 PSWTool.Win32.SpySharp
+1 Trojan-Downloader.VBS.Psyme
+1 Virus.Win32.VBS
+1 Worm.Win32.Agent
+1 Trojan-Downloader.HTML.Agent
+1 PSWTool.Win32.ProductKey
+2 Virus.Win32.Downloader
+1 Virus.Acad.Bursted
+1 Worm.Win32.Fujack
+2 Trojan-PSW.Win32.QQRob
+2 Hoax.Win32.Bravia
+2 Cinmus
+1 Trojan.Win32.Small
+1 Trojan-Banker.Win32.Banker2
+2 PSW.QQPass
+2 AntivirusPlus
+1 SpywareRemover
+1 Backdoor.Win32.Mex
+1 PSW.Delf
+1 UltimateDefender
+1 Backdoor.Win32.Bifrost
+1 Trojan-Downloader.JS.Small
+2 HackTool.Win32.Patcher
+1 Trojan.Win32.Zapchast
+4 Trojan.Win32.Renos

Header Analysis

The following IP addresses were extracted from your headers:

Here is the text you submitted, with the IP addresses highlighted:

From Douglas Andrews Thu Jul 16 15:16:43 2009
Return-Path:
Authentication-Results: mta118.sbc.mail.mud.yahoo.com from=yeoy.fi; domainkeys=neutral (no sig); from=yeoy.fi; dkim=neutral (no sig)
Received: from 131.114.69.63 (EHLO flpi184.prodigy.net) (207.115.20.186)
by mta118.sbc.mail.mud.yahoo.com with SMTP; Thu, 16 Jul 2009 15:18:09 -0700
Received: from zelgti4 (verita.vet.unipi.it [131.114.69.63] (may be forged))
by flpi184.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6GMGhA2014995;
Thu, 16 Jul 2009 15:18:06 -0700
Message-ID: <000701ca0663$19d4dcf0$627e2c0a@yeoy.fi>
Reply-To: “Douglas Andrews”   <douglas.andrewsip@yeoy.fi>
From: “Douglas Andrews”   <douglas.andrewsip@yeoy.fi>
To: ,
Subject: Have No Problem in BeD, RxMeds online!
Date: Thu, 16 Jul 2009 15:16:43 -0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 136

An Incredible Canadian_Pharmacy is available at your Fingertips!
No Doctor Needed! Browse our Site Today! -> http://tirethem.com

_________________________________________________________________________

Header Analysis

The following IP addresses were extracted from your headers:

Here is the text you submitted, with the IP addresses highlighted:

From Humberto Wade Thu Jul 16 12:23:14 2009
Return-Path:
Authentication-Results: mta167.sbc.mail.mud.yahoo.com from=cw-chamber.co.uk; domainkeys=neutral (no sig); from=cw-chamber.co.uk; dkim=neutral (no sig)
Received: from 97.93.204.30 (EHLO nlpi080.prodigy.net) (207.115.36.96)
by mta167.sbc.mail.mud.yahoo.com with SMTP; Thu, 16 Jul 2009 12:21:16 -0700
Received: from vyg3oj2 (static.unknown.charter.com [97.93.204.30] (may be forged))
by nlpi080.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6GJKlgD004846;
Thu, 16 Jul 2009 14:21:10 -0500
Message-ID: <000701ca064a$dd1d9350$431333e2@cw-chamber.co.uk>
Reply-To: “Humberto Wade” <hwade_ms@cw-chamber.co.uk>
From: “Humberto Wade”
To: , ,
Subject: great web offer
Date: Thu, 16 Jul 2009 14:23:14 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 137

An Incredible Canadian_Pharmacy is available at your Fingertips!
No Doctor Needed! Browse our Site Today! -> http://liveevery.com

____________________________________________________________-

Header Analysis

The following IP addresses were extracted from your headers:

Here is the text you submitted, with the IP addresses highlighted:

From Lucille J. Stringer Thu Jul 16 10:02:34 2009
Return-Path:
Authentication-Results: mta111.sbc.mail.gq1.yahoo.com from=crs-ltd.co.uk; domainkeys=neutral (no sig); from=crs-ltd.co.uk; dkim=neutral (no sig)
Received: from 65.126.184.100 (EHLO nlpi147.prodigy.net) (207.115.36.161)
by mta111.sbc.mail.gq1.yahoo.com with SMTP; Thu, 16 Jul 2009 10:05:49 -0700
Received: from 1blry72 ([65.126.184.100])
by nlpi147.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6GH54dn028723;
Thu, 16 Jul 2009 12:05:42 -0500
Message-ID: <000701ca0637$36f56420$d828ea62@crs-ltd.co.uk>
Reply-To: “Lucille J. Stringer”   <lucille_stringer_es@crs-ltd.co.uk>
From: “Lucille J. Stringer”   <lucille_stringer_es@crs-ltd.co.uk>
To: , ,
Subject: Feeling unneeded in bedroom? We can change that..
Date: Thu, 16 Jul 2009 12:02:34 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 137

An Incredible Canadian_Pharmacy is available at your Fingertips!
No Doctor Needed! Browse our Site Today! -> http://liveevery.com

________________________________________________

Header Analysis

The following IP addresses were extracted from your headers:

Here is the text you submitted, with the IP addresses highlighted:

From Ashley J. Novak Thu Jul 16 02:30:44 2009
Return-Path:
Authentication-Results: mta143.sbc.mail.mud.yahoo.com from=londonthing.co.uk; domainkeys=neutral (no sig); from=londonthing.co.uk; dkim=neutral (no sig)
Received: from 207.115.20.133 (EHLO flpd123.prodigy.net) (207.115.20.133)
by mta143.sbc.mail.mud.yahoo.com with SMTP; Thu, 16 Jul 2009 05:32:34 -0700
Received: from yj6l901 ([140.117.64.102])
by flpd123.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6GCWUvG019198;
Thu, 16 Jul 2009 05:32:32 -0700
Message-ID: <000701ca05f8$181184b0$627e2b9a@londonthing.co.uk>
Reply-To: “Ashley J. Novak”  <ashleyjnovaksv@londonthing.co.uk>
From: “Ashley J. Novak”
To: ,
Subject: Make her climax multiple times
Date: Thu, 16 Jul 2009 05:30:44 -0400
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 136

An Incredible Canadian_Pharmacy is available at your Fingertips!
No Doctor Needed! Browse our Site Today! -> http://tirethem.com

Address lookup

Domain Whois record

Queried whois.internic.net with “dom tirethem.com“…

   Domain Name: TIRETHEM.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.GROWFOUR.COM
   Name Server: NS2.GROWFOUR.COM
   Name Server: NS3.COUNTFROM.RU
   Name Server: NS4.COUNTFROM.RU
   Name Server: NS5.SIXTHE.COM
   Name Server: NS6.SIXTHE.COM
   Status: ok
   Updated Date: 14-jul-2009
   Creation Date: 14-jul-2009
   Expiration Date: 14-jul-2010

Last update of whois database: Fri, 17 Jul 2009 04:46:46 UTC <<<

Queried whois.namerich.cn with “tirethem.com“…

 DomainName : tirethem.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS5.SIXTHE.COM
Name Server......................NS1.GROWFOUR.COM
Name Server......................NS6.SIXTHE.COM
Name Server......................NS2.GROWFOUR.COM
Name Server......................NS3.COUNTFROM.RU
Name Server......................NS4.COUNTFROM.RU
Status...........................ok
Creation  Date ..................2009-07-14
Expiration Date .................2010-07-14
Last Update  Date ...............2009-07-14

Registrant ID ...................V-X-59142-15723
Registrant Name .................DING JIANHUA
Registrant Organization .........DING JIANHUA
Registrant Address ..............YUHUIDADAO31
Registrant City..................DL
Registrant Province/State .......LN
Registrant Country Code .........CN
Registrant Postal Code ..........116008
Registrant Phone Number .........+86.041128805269
Registrant Fax ..................+86.041128805269
Registrant Email ................loansfg@163.com

Administrative ID ...............V-X-59142-15723
Administrative Name .............DING JIANHUA
Administrative Organization .....DING JIANHUA
Administrative Address ..........YUHUIDADAO31
Administrative City..............DL
Administrative Province/State ...LN
Administrative Country Code .....CN
Administrative Postal Code ......116008
Administrative Phone Number .....+86.041128805269
Administrative Fax ..............+86.041128805269
Administrative Email ............loansfg@163.com

Billing ID ......................V-X-59142-15723
Billing Name ....................DING JIANHUA
Billing Organization ............DING JIANHUA
Billing Address .................YUHUIDADAO31
Billing City.....................DL
Billing Province/State ..........LN
Billing Country Code ............CN
Billing Postal Code .............116008
Billing Phone Number ............+86.041128805269
Billing Fax .....................+86.041128805269
Billing Email ...................loansfg@163.com

Technical ID ....................V-X-59142-15723
Technical Name ..................DING JIANHUA
Technical Organization...........DING JIANHUA
Technical Address ...............YUHUIDADAO31
Technical City...................DL
Technical Province/State.........LN
Technical Country Code ..........CN
Technical Postal Code ...........116008
Technical Phone Number ..........+86.041128805269
Technical Fax ...................+86.041128805269
Technical Email .................loansfg@163.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “60.191.239.150“…

inetnum:      60.191.239.0 - 60.191.239.255
netname:      JINHUA-TELECOM-LTD
country:      CN
descr:        Jinhua Telecom Co.,ltd
descr:
admin-c:      LW945-AP
tech-c:       CJ54-AP
status:       ASSIGNED NON-PORTABLE
changed:      auto-dbm@dcb.hz.zj.cn 20060824
mnt-by:       MAINT-CN-CHINANET-ZJ-JH
source:       APNIC

role:         CHINANET-ZJ Jinhua
address:      No.155 Xishi street,Jinhua,Zhejiang.321000
country:      CN
phone:        +86-579-2300779
fax-no:       +86-579-2330035
e-mail:       anti_spam@mail.jhptt.zj.cn
trouble:      send spam reports to anti_spam@mail.jhptt.zj.cn
trouble:      and abuse reports to anti_spam@mail.jhptt.zj.cn
trouble:      Please include detailed information and times in UTC
admin-c:      CH55-AP
tech-c:       CH55-AP
nic-hdl:      CJ54-AP
mnt-by:       MAINT-CHINANET-ZJ
changed:      master@dcb.hz.zj.cn 20031204
source:       APNIC

person:       Lujiang Wang
nic-hdl:      LW945-AP
e-mail:       anti_spam@mail.jhptt.zj.cn
address:      NO.155 Xishi Street,Jinhua,Zhejiang.Postcode:321000
phone:        +86-579-3285460
country:      CN
changed:      auto-dbm@dcb.hz.zj.cn 20060824
mnt-by:       MAINT-CN-CHINANET-ZJ-JH
source:       APNIC

DNS records

DNS query for 150.239.191.60.in-addr.arpa returned an error from the server: NameError

– end –

A few nights ago my brother woke me up sometime around 3:00 in the morning to come look at his computer because it was asking him questions that he didn’t want to answer. Predictably, he had just fallen victim to a virus.

One common misconception about viruses is that you can’t get them if you don’t go to any shady websites. This is absolutely wrong. If your computer is connected to the Internet, then it is at risk even if the web browser isn’t open… which leads me to another misconception: Contrary to common belief, not all viruses even come through a browser. Here’s a fun fact for you: If you buy a new computer without anti-virus software installed, just in the time it takes to download all the Windows updates your entire computer could be taken over so badly that you would have to wipe your hard drive and start over.

I am making this post as a sign of my sympathy to other programmers who find themselves awakened early in the morning by people working late… but I also am sympathetic to those who would otherwise be paying the Geek Squad some enormous fee for something they could have just done on their own.

If you think you just got a virus, there are a few steps you can try for yourself before paying somebody else an overly-large wad of cash to fix it for you.

Begin by restarting your computer. You may have to physically hold down the power button to force it to shutdown (in which case you will then have to press it again to start it up).

The first boot screen probably shows you the logo of the company that manufactured your computer (no, NOT the Windows logo; I assure you Windows did not make your computer, it will probably say Dell or HP). On that first boot screen you should press the F8 key—NOT the letter F and the number 8, I mean the button at the top of the keyboard labeled F8 (you can probably tell that I’ve had a lot of experience with clients from these notes).

Pressing the F8 key should bring up a menu (not necessarily immediately, but soon thereafter) asking you how you want to boot into Windows. Select the option that says “Start Windows in Safe Mode with Networking” or the closest to it. (You can use the up/down arrow keys to make your selection and then press Enter to continue.)

You can think of Safe Mode as a way of starting Windows in a minimal state. Fewer programs will be running without your knowledge of them.

Now it’s time to go hunting for your virus. Open up the file browser by clicking on My Computer (or just plain “Computer” if you’re using Vista or 7). Open the C drive and then open the folder called “Windows.” Click the “Date Modified” heading to sort the contents. Look at the most recent files to see if anything looks suspicious. If you find anything, Google the name of that file. You can find something on just about any file you see in that folder. If it’s a virus, then you most likely are not the only one who’s ever been infected with it.

If you find anything from your Googling that suggests the file is malware, then check if there is any specific advice on how to remove it. If not, simply delete it as you would any other file.

If you don’t find anything in the Windows folder, then go through the same procedure for the system and System32 folders (and the SysWOW64 folder if you have 64-bit Windows) which should be sub-folders in the Windows folder. Those are some of the most commonly infected areas—not to say that a virus wouldn’t hide elsewhere though.

When in doubt about a file, if you have the installation CD for the version of Windows on your machine, then it is sometimes safer just to try deleting it. If you delete a Windows file that you shouldn’t have, you can restore it by inserting the Windows installation CD and selecting “Repair Windows” which will automatically replace any missing or corrupt system files. It takes quite a while for this process to complete, but you get a working computer out of it in the end, so it’s usually worth while. You can often use the installation CD even if your computer won’t boot into Windows because you can make it boot from the disk.

An alternative to using the restore feature found on the installation disk is using the Scannow program that is built-in to Windows. Simply go to Start > Run and type “sfc” into the dialog box and press enter. This command is probably just going to end up asking you for the installation disk anyway, but it might save you at least a little bit of time.

If you checked everything that I just told you to, and you still didn’t find a file that looked like it could be your virus, then the next step is to try running a system restore.

To use the Windows system restore feature, go to Start > All Programs > Accessories > System Tools > System Restore. This will provide you with an easy-to-follow wizard that guides you through step-by-step. It tends to have fairly helpful and in-depth explanations (after all, it does get a lot of use), so I won’t go into further details on how to use it.

If you tried everything else and doing a system restore does not solve your problem either, then you might actually have to succumb to having somebody else take care of it. But if this blog post saves even one person a trip to the Geek Squad (or prevents even one person from waking up their tech savvy little brother at 3:00 am) then it will have been well worth my time to write it.

A new piece of moblie malware called the “Sexy Space” is the first known virus that spreads via SMS or text message. The use of mobile bots could allow networks of hackers the ability to steal data or shut down your cell phone remotely. It is important for users to verify any link that is sent to them via SMS before clicking on any link that sends them to another location.

For more information, read this article from Computerworld.

ThreatFire AntiVirus – Behavioral Virus and Spyware Protection is freeware (with a fancier pay version also available) with a high rating for protecting your system.  There’s also a free anti-virus for Macs!

This site also offers Spyware Doctor and Firewall Plus.

Yesterday it was announced that a Twitter employees e-mail account was hacked into.

The person who hacked into it was able to get a lot of information about the company, including its long range plans and estimated revenue growth.

This brings up a few things that I always like to remind those I teach…

1. Install  anti-virus and anti-spyware software on your computer. Make sure that it’s being updated on a daily basis and is running a full system scan at least once a week. Yes, even if you have a MAC…they’re not 100% secure. Spend that $19-$30 a year for the update subscriptions, it’s chump change compared to the time and money you’ll spend getting your  computer made virus free.

2. Your data is not 100% secure on the internet, or even on your computer. If there’s something you would never want the whole world to see, then don’t keep it on your computer.

3. Use unique passwords that include numbers and varying characters.

4. Don’t use the same password for online shopping, as you would for financial accounts such as e-trade, online banking, online credit card account. While I know that the online merchants have a good deal of security they’re not required to be as secure as the online sites for financial institutions. The financial institutions have to implement more security thanks to the many regulations imposed by the federal government. Although that hasn’t kept them from being hit either.

5. If you’re not sure about something that was sent to you, don’t click or open it. Check with the person its supposed to be from to make sure they sent it. Most of the viruses and re-directs to websites that will infect your computer with a virus have language that is often misspelled or just sounds odd. This goes for text messages you get on your phone as well. Remember…your phone is a mini-computer.

You can read articles on the incident:

Here – http://technologizer.com/2009/07/15/with-online-passwords-dishonesty-can-be-the-best-policy/

and here – http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html

Let’s be safe out there folks!

It not your web hosting problem.
It is because:
Most of time web masters download scripts or your site provided guest members to post href codes. The malware may be caused by a java, iframe or other forms of href link.

Here is another good way to check safe browsing site

http://www.google.com/interstitial?url= other URLs

why it is not working ?

I got the message

Forbidden Your client does not have permission to get URL

Actually the result is telling us the site is no malware records recently.

Here is a tool to check safe site:
http://www.seoserp.com/safe.site.checker/

other tool to check Search engine position page rank
http://www.seoserp.com/google.page.rank.checker/

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Zombies bite into Symbian smartphones

YXES-B is the first known spam bot client for 3G phones. Posing as a legitimate application, the malware will steal the subscriber, phone and network information from its victims. Spam SMS messages can then be sent to the user’s contacts. Symbian uses a code-signing process to ensure such threats never happen.

Click here for more information.

Scam detectives handcuffed

Costing the Australian economy close to $980 million in 2007 alone, cyber scams are having an impact on everyone. Detectives find chasing the criminals, when the jurisdiction becomes multinational, difficult because scam classification systems are largely incompatible between nations. While multiple classification schemes exist, a consistent classification scheme does not exist.

The following link provides a way to guard against this vulnerability until Microsoft releases a patch.

Click here for more information.

Child protection groups undermine Aussie Firewall

Censordyne, The Australian cyber filter program designed to protect the public from inappropriate and harmful content came under fire from mainstream children’s charities. The charities feel the tens of millions of dollars the program will cost can be diverted to appropriate child protection authorities for the prevention of child abuse. Also, for parents who wish to protect their children from inappropriate contact should have PC-level filtering software provided.

Click here for more information.

New Zealand proposes new “3 strikes” process for P2P users

Having scrapped the law earlier this year, New Zealand has gone back to the drawing board to craft a new 3-strikes law that provides for due process. If one is disconnected from the Internet for alleged copyright infringements, users should be able to contest the claims, have access to mediation and to possibly appeal penalties to the normal legal system.

Click here for more information.

CRTC to decide on new rules for internet service providers

Canada’s Internet regulator is conducting hearings on whether ISPs should be allowed to selectively slow down applications when the Internet is congested. Citing the popularity of bandwidth hungry applications such as gaming and video should they have the same priority as time sensitive applications such as VOIP or online gaming where delays make playing with other Internet users difficult?

The consensus from consumer and public interest groups, along with businesses and artists believe that practices used by ISPs to deal with congestion were acceptable as long as there was no favoring certain protocols or applications over others.

Click here for more information.

Internet Regulator Mulls Cybersquatter Block

Already having an advantage of securing domain names based by trademark holders, people are concerned that if 500 additional TLDs arrive on the market costs would mushroom in having to purchase names on all new TLDs just to protect trademarks. ICANN is considering a centralized website of trademark holders that would create hurdles for non-trademark holders who try to purchase a name that would infringe on an organization’s trademark. Called the “IP Clearinghouse”, supporters feel such a system would protect them and their budgets from having to defensively register domains.

Click here for more information.

A number of blogs and news sites have picked up on a report from Dancho Danchev last week, identifying some malware that was submitted to, and signed by, the Symbian Signed portal.

As soon as we were notified of that (the following day) we revoked both the content certificate and the publisher certificate used to sign the malware. That means that the Symbian software installer will not now install the malware, providing that revocation checking is turned on. Unfortunately, revocation checking is often turned off by phone manufacturers, because the data traffic could cause problems for people who do not have a data plan as part of their service or who pay for data by volume.

Here’s how to turn on revocation checking, which we strongly recommend if you have a flat-rate data plan:

On S60 3rd and 5th edition, the setting to turn on revocation checks can be found in the application manager, for example:

Tools →
    Settings →
       Applications →
            App. manager →
                Online Certificate Check

On UIQ 3, the setting to turn on revocation checks can be found here:

Control Panel →
    Other →
        Install →
            Security →
                Enable Revocation Check

Please note that applications not signed by Symbian Signed may not include the URL for the revocation check in the signing certificate. In these cases, the software installer can direct the revocation check request to a default URL, however at present there is no server in place able to respond to such default requests, so the default URL should be left unset.

So that applications not signed by Symbian Signed (for example, those signed by the phone manufacturer, or self-signed by third parties) can still be installed, the revocation check should not be set to mandatory (for example, “Must Be Passed” for S60), it should be left as advisory (for example, “On” for S60).

We do have security measures which try to catch submitted malware before it gets signed, and we are currently investigating how those can be improved in the light of this latest incident.

Footnote: Earlier today we found that, due to human error in processing the revocation, it wasn’t being properly reported by the server. This has now been corrected.