I cannot tell you how many people come to me for help with a virus that has taken control of their computer. Usually they tell me that their mouse is moving by itself and their cdrom is opening and closing without them doing anything. I remember one guy saying that his webcam was going off by itself and he found naked pics of himself on the internet.
I tell them just to reinstall windows because they are hopeless when it comes to uninstalling malware. It is easy to understand because these people have lives and dont spend 10 hours a day on the computer dealing with malware like me so obviously they are not that good at removing viruses.
After they have reinstalled windows I tell them to right away get a antivirus. They are usually reluctant because they think they have to pay for another thing for their computer when they just bought windows and reinstalled it but I tell them that there are dozens of free antivirus download on the internet. If only they had some antivirus downloaded and installed on their computer they would not be in the mess that they are in now.
To my readers you probably are familiar with this situation helping friends and relatives with their antivirus. Just remember to tell them to update their virus definitions or set that up for them where it updates itself every x numbers of days. The people I did this for I no longer get nagging about viruses on their computer. Now I wish they would just stop asking me to design them a myspace website.
Sunday, August 29, 2010
Tuesday, March 17, 2009
Storm has been active since at least 2007, although it has been discussed in private circles as early as 2006. It continues to spew spam and maintains a relatively large infection count albeit modest compared to earlier figures. What we have been seeing in recent months is more and more Waledec campaigns. Holiday themed spam campaigns were a nasty trait of the Storm worm and are now being employed by the criminal masterminds behind Waledec who many believe are one and the same.
Static analysis of the binaries show packing signatures from the latest "St. Patrick's Day" themed spam campaign.
Decryption provides more interesting results (domains have been redacted for sanity).
The interesting point is that a simple domaintools query will not provide any interesting insights. However, our friends at ICANN have concluded that these domains exhibit a Ukrainian origin, which matches up with my original analysis.
With annual cybercrime profits being more lucrative than drugs at $105 billion, I believe we need white house intervention, as the Russian/Ukraine economies are thriving most likely largely in part from cybercrime. They were very clever and much faster than us to realise the massive revenue to be made with cybercrime and how easy it is to funnel money out of the hands of western civilians.
All the best,