I recently clicked on a shared link on one of the popular social networks and before I could put the brakes on, it was nasty! I am not a fan of Lady Gaga and the link didn’t indicate who the music was by, but it did have this little bait message.

“You got to listen to this, it rocks!”

The message had me believe it was a rock song, but it was more than that, it was a Lady Gaga song with a hidden Trojan that launched a nasty rogue antivirus. I immediately contacted my friend to tell him about the download. He couldn’t stop apologizing and he told me his machine was infected to, but he didn’t know it until after he sent the link out.

I was able to remove the Trojan by using these instructions here. I asked my friend where he got the link from, and he replied – it was a link in an email. Oh boy!

I am not sure how many people have received this email or clicked on the link with the message “You got to listen to this, it rocks!” If you receive an email or someone shares a link like this, I’d delete it immediately.

I am now Gaga that the parasite is now removed from my computer.

When will people learn not to click on links in an email from people they don’t know?

The words naked or sex are very enticing words that usually boil the testosterone in us males. Today, I received an email with a promise to show me a naked picture with a little extra. Don’t worry, I never open unsolicited email or download attachments unless it’s on my test computer which I use solely for discovering infections and learning how to remove them.

It looks like Graham Cluley over at Sophos beat me to the punch, but hey it’s a free world.

There are two versions of this email that come with the attachment of the so-called naked picture.

Version 1:

Hey! It was nice chatting with you the other day and wanted to share something with you. You will have to open the attachment to see the surprise.

Version 2:

I love wild sex and looking for a discreet partner.
I have my picture attached to this email. Take a look at it and get back if you like what you see.

If you are one of the many Neanderthal’s that roam the earth, and you opened the attachment, you now have infected your computer with a Trojan that installs a fake antivirus program.

The Trojan installs a rogue anti-virus program without the user’s knowledge or consent. Once installed, the user will be alerted with false threats on the computer. In order to remove these false threats, the user will have to pay for a full license of the software.

It’s important to never download any attachments especially those with file extensions like .exe and .zip. If you downloaded the naked picture attachment, you can remove this parasite by running both Malwarebytes and SUPERAntiSpyware. Both of these security programs come with free versions.

Related Articles
StumbleUpon Shares Serving Up Trojans
Facebook Trojan Spreads Rapidly
How to Remove SystemTool 2011
How to Remove Security Tool Virus

This old win32 worm is making a comeback and causing some concern with many users. When Windows starts, the user will receive a message about an infection of a Trojan win32 agent.

W32.Kitro.E.Worm is a worm that spreads by email and over social networks. The worm comes in a form of an attachment. This worm was first reported back in July 2002, but worms usually spawn other variants of the same.

Also Known As: W32/Duni.worm.c [McAfee], I-Worm.Kitro.d [AVP], Win32.Kitro.E [CA]

This worm also inserts a Visual Basic script on the computer.

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Threat Assessment according to Symantec:

Threat Containment: Easy
Removal: Moderate
Damage Level: Medium

To remove the value from the registry:

We strongly recommend that you back up the registry before you make any changes to it. Read the document How to make a backup of the Windows registry for instructions.

1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the following key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, look for the following (or similar) values, and delete any that you find:

KAZAAkCuF
PAV.EXE
Zonavirus
BNexe

5. Exit the Registry Editor.

For more instructions on how to remove this worm, please click here.

There’s a new kind of malicious software targeting Windows users who download music. The new malware affects those who download music files on peer-to-peer networks, and inserts links to dangerous web pages within ASF (Advanced Systems Format) media files.

Advanced Systems Format is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to web resources.

If a user plays an infected music file, it will launch Internet Explorer and load a malicious web page which asks the user to download a codec, a well-known trick to get someone to download malware.

The actual download is not a codec, but a Trojan horse, which installs a proxy program on the PC. This proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity.

The malware has worm-like qualities. Once on a PC, it looks for MP3 or MP2 audio files, transcodes them to Microsoft’s Windows Media Audio format, wraps them in an ASF container and adds links to further copies of the malware, in the guise of a codec, according to another security analyst, Secure Computing.

Hackers are sending web users with malware-laden spam claiming that World War III has started following a US invasion of Iran.

Security experts warned today that spam emails with subject lines including ‘Third World War has begun’, ‘20000 US Soldiers in Iran’ and ‘US Army crossed Iran’s borders’ have been intercepted.

The emails contain links to a malicious webpage that displays what appears to be a video player showing the mushroom cloud of a nuclear explosion.

Text on the page reads: ‘Just now US Army’s Delta Force and US Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran’s Army resistance. The video made by US soldier was made today morning. Click on the video to see the first minutes of the beginning of World War III. God save us.’

If users visit the webpage and click on the ‘video player’ they run the risk of being infected with the Troj/Tibs-UO Trojan and a malicious JavaScript hidden on the website as Mal/ObfJS-AY.

Spread the work to your friends and family to be careful on what links they click in their email.

Microsoft, as of late, has been making headlines and not the headlines it would have hoped for.

Criminals have found a new way to attack PC users, taking advantage of what appears to be a new bug in Microsoft’s Word software, according to Symantec (Compare Patch and Vulnerability Management products).

Symantec warned of the attack Tuesday, saying on its Web site that it had seen attackers exploiting “what is possibly an undisclosed vulnerability affecting Microsoft Word.”

There have been a large number of bugs found in Microsoft’s Office software, including Word, over the past few years. In order to exploit these flaws, attackers must typically trick the victim into opening a maliciously encoded Office document, which then allows them to install malicious software on the PC.

In this case, the malicious code is a Trojan horse program, called Backdoor.Darkmoon, which logs the victim’s keystrokes in order to steal passwords.

Symantec’s antivirus software is now detecting the attack, but the security company recommends that users avoid opening unsolicited Word documents.

As predicted, hackers tried to trick users into downloading the Storm bot Trojan Friday by unleashing a flood of Fourth of July spam bearing links to malicious sites, several security companies reported.

The spam campaign, anticipated earlier in the week by MX Logic Inc. , used messages with subject headings ranging from “Amazing firework 2008″ and “Celebrating Fourth of July” to “Light up the sky” and “Spectacular fireworks show,” said U.K.-based Sophos Plc. in an alert posted to the Web Friday.

Links in the spam led to hacker-controlled sites that trumpeted a video clip worth downloading. “Colorful Independence Day events have already started throughout the country,” the malicious sites claimed. “The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it.”

The file pitched to users was an executable: “fireworks.exe.”

Users who agreed to the download didn’t receive a video, but instead infected their Windows-running PCs with the Storm Trojan horse, which hijacked the system and added it to the existing collection of compromised computers making up the Storm botnet.

Last checked, we didn’t see any details on the Symantec web site for any cure.

Though hackers target Macs far less frequently than Microsoft Windows PCs, doesn’t mean Mac users are in the clear by any means.

Antivirus firm SecureMac claims to have discovered multiple variants of a Trojan horse being distributed from a hacker Web site. The site hosts a discussion on distributing the Trojan horse through iChat and Limewire.

The Trojan distributed as either a compiled AppleScript called ASthtv05 or as an application bundle called AStht_v06, exploits a recently discovered vulnerability with the Apple Remote Desktop agent. The ARD allows the Trojan to run as root.

According to SecureMac, the Trojan runs hidden on a Mac and allows a malicious user complete remote access. The Trojan can transmit system and user passwords, and avoid detection by opening ports in the firewall and turning off system logging.

Mac users should be careful, and not download any suspicious games, video or utilities. Only download programs from a trusted source to avoid this exploit.