More from: virus

Microsoft Office exploit

How to remove fingerprints from Windows 10

From Tech Republic today: A newly discovered Microsoft Office zero day could put any machine with an Office install at risk. According to a blog post from cyber security company Sophos, the exploit can deliver remote access Trojans (RATs) without the need to run macros. There’s also not a guaranteed way to stop DDE attacks since they rely on remote access to malicious code and therefore avoid a good portion of antivirus protections.

See the article on Tech Republic

ClamScan Signature File Problem?

Suddenly clamscan (clamtk,clamav) finds it on every computer. Could be a virus that gets around well, or it could be a virus signature table defect.

-------START FRESH CLAM UPDATE 20140306-024521 -------
ClamAV update process started at Thu Mar 6 02:45:21 2014
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18538, sigs: 805203, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
-------START VIRUS SCAN ON MICROSOFT PARTITION 20140306-024527 -------
/d/Windows/System32/drivers/nvstor.sys: Win.Worm.Autorun-4414 FOUND
/d/Windows/System32/drivers/sisraid4.sys: Win.Worm.Autorun-4415 FOUND
/d/Windows/System32/DriverStore/FileRepository/nvraid.inf_x86_neutral_0276fc3b3ea60d41/nvstor.sys: Win.Worm.Autorun-4414 FOUND
/d/Windows/System32/DriverStore/FileRepository/nvraid.inf_x86_neutral_dd659ed032d28a14/nvstor.sys: Win.Worm.Autorun-4414 FOUND
/d/Windows/System32/DriverStore/FileRepository/sisraid4.inf_x86_neutral_65ab84e9830f6f4b/sisraid4.sys: Win.Worm.Autorun-4415 FOUND
/d/Windows/winsxs/x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72/nvstor.sys: Win.Worm.Autorun-4414 FOUND
/d/Windows/winsxs/x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d/nvstor.sys: Win.Worm.Autorun-4414 FOUND
/d/Windows/winsxs/x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77/nvstor.sys: Win.Worm.Autorun-4414 FOUND
/d/Windows/winsxs/x86_sisraid4.inf_31bf3856ad364e35_6.1.7600.16385_none_2818a03f1981d8b1/sisraid4.sys: Win.Worm.Autorun-4415 FOUND

———– SCAN SUMMARY ———–
Known viruses: 3224077
Engine version: 0.97.8
Scanned directories: 16254
Scanned files: 90882
Infected files: 9
Data scanned: 14072.15 MB
Data read: 30367.52 MB (ratio 0.46:1)
Time: 6360.069 sec (106 m 0 s)

Ubuntu 11.04 Is Now Available

What does it mean to business?

Unix and Linux have long been recognized as safer for business and individuals to use, due to the way they protect from virus and spyware infections. Microsoft Windows 7 emulates some of that now. An article on says:

Some people say that linux suffers less from malware because it has less than 1% of the desktop market compared to Windows 90% & suggest that if linux ever increases in popularity then it will suffer just as badly. This argument is deeply flawed & not just by the spurious statistics. Linux dominates server markets. Why struggle to write a virus that might knock out a few thousand desktops when knocking out a few thousand servers could knock out a continent? Yet it is the desktop machines that are commonly exploited.

Our web server stats 1Q2011 showed calling computers are using 30% Linux, 11% Mac, and under 60% Microsoft Windows of all flavors. Microsoft no longer has anywhere near the 90% market share they had a decade ago, hence the reason they priced Windows 7 at half the amount they were charging for the same level of Windows Vista and Windows XP. Still the author’s point is valid that zombie-fying servers would be what criminals did if they could pull it off — they zombify desktops because Microsoft is easier to infect than Linux or Unix. I am told, however, that organized crime is now beginning to target Mac users, and eventually also Linux users. An article in here: says:

One of the more notable developments of the Mac attracting cyber criminal attention is the emergence of what’s purportedly the world’s first do-it-yourself crimeware kit primed for Mac OS X. Recently announced in some closed underground forums, according to Danish IT security company CSIS Security Group, the tool enables users to build malware to turn victim Mac OS X machines into zombies with point-and-click simplicity.

The kit, called Weyland-Yutani Bot, comprises a builder that enables a user to create malware capable of Web injections and form grabbing, according to the kit’s creator. It also boasts an administration panel and supports encryption.

Presently the kit supports Firefox and Chrome; support for Safari will follow, according to CSIS. Additionally, the creator of the kit claims that similar kits for iPad and Linux will be forthcoming.

The kit, by the way, costs about $1,000 — payable only in virtual currencies such as WMZ.

So the only constant is still change. Some design reasons that Linux is fundamentally safer than Windows are expressed here: In summary:

  • Programs are run as normal user, not Root User
  • More eyeballs on the code, nowhere for malware to hide
  • Vast diversity makes it difficult to reproduce flaws in a system
  • All software and drivers are frequently updated by Package Managers
  • Software is generally installed from vast Repositories not from unfamiliar websites
  • Developers/programmers are recognised as Rock Gods rather than treated with contempt
  • Elegant, secure code is admired & aspired to. Hasty kludges are an embarrassment
  • Ownership of the means of production is in the hands of the workers
  • No-one profits from supplying anti-virus or security products

“A computer virus, like a biological virus, must have a reproduction rate that exceeds its death (eradication) rate in order to spread. Each of the above obstacles significantly reduces the reproduction rate of the Linux virus. If the reproduction rate falls below the threshold necessary to replace the existing population, the virus is doomed from the beginning — even before news reports start to raise the awareness level of potential victims.” by Ray of

I might add to this that the level of transparency — public inspection of the total work — prohibits under the table deals to sneak in spyware or add back doors that upload private information to outsiders without the owner’s knowledge or consent. In the Microsoft world no one really knows how many deals Microsoft has going with various data warehouses and government entities to deliver private information from their customers computers. It is also true that the main way malware sneaks onto computers is more often user gullibility than software errors, in particular with the current technique that relies on ‘drive by downloads’ where the user is persuaded to do some necessary action, such as clicking a link and approving the installation of the software. A friend being stranded in a foreign country needing cash to get home, an impossibly good business deal, or promises of pictures or videos of something of interest are examples of bait.

Free anti-virus software is available for Linux, even though it is much harder to infect a Linux system than it is to infect a Microsoft Windows system. The ClamAV software is available via the automatic software center in Linux (Applications / Ubuntu Software Center), but I understand it scans mostly for Microsoft viruses so that a Windows partition on the same computer can be safely cleaned from Linux: an infected Microsoft Windows system will normally not detect any viruses because the viruses themselves are made to disable the scanners so they avoid detection: scanning from Linux is the only reasonable way to find and remove Microsoft viruses. Still anti-virus software that also scans for Linux viruses should be installed, and there is a free download for personal use here: If you are using it for business use instead of personal use please be honest enough to give them the small fee they ask for a legit business license — it’s cheap compared to the McAfee and Norton Windows products.

We downloaded and are streaming (bit torrent) all six of the working torrents for the latest Ubuntu, Natty Narwhal, which was released this week. The main download page is here: and you can find alternate means of downloading here: Server versions are also available here: The peer-to-peer bit torrrents downloaded all six cd-roms for us in about an hour total, so we feel bit torrent is the most time-efficient download method right now (high interest, large number of peers available) but the older direct FTP or HTML downloads are still available. If you have not tried Ubuntu and would like to see it without changing your computer, download the appropriate file and burn it to CD-ROM to make a Live CD that you can try without altering your computer. You can make a USB boot drive once the CD is booted, which will run faster than the CD runs.

The links to the bit torrent downloads as shown on the Ubuntu download page are:

These torrents all seem to work except the netbook download which reports that the link is broken. Our spies tell us that the netbook version is the same as the notebook/desktop version, so it is possible that someone accidentally cut/pasted a link that doesn’t have a matching file.

We have ‘updated’ one computer with the new system. A discussion of changes is provided from the Ubuntu main site here: The salient points at this time are:

1. the Unity (mobile device) style desktop is the default. This is a collection of floating icons vertically on the left with a Mac style menu bar across the top. The menu bar content changes to match which ever window is active at the moment after the manner of the Apple Mac UI. The icons on the left replace the task bars like Android mobile devices. The workspace switcher is near the bottom of the list: the Home Folder is at the top. Right click icons and choose from the pop-up menu to delete them. The circular icon at screen top left is called APPS provides a list of apps — this is the major change which you should explore as it has the same functionality but it is expressed as a group of icons in a window instead of a list in a menu. Right click Apps to add them to the floaty list.

2. VMWare Player downloaded and ran first time — no compile errors. Usually takes a while before VMWare catches up to the new header files after a Linux release. Acts a little funky when you drag the VMWare window between workspaces in the workspace switcher.

3. We changed the number of workspaces available by logging in using the Ubuntu Classic session shell: in the past we would right click the workspace icon and select properties, then specify how many rows and columns we wanted. Right click on the current icon does not let us configure the workspaces. When we booted back with the Unity shell, it set the workspaces back to four on us. Psi.

4. When you log in you can select which kind of desktop you want.  It’s at the bottom- click to switch between Ubuntu, Ubuntu Classic, Gnome, KDE, or whatever on the login screen Session Menu.

Current Irritations:

1. Apps set to start at login in System / Preferences / Startup Applications have no way to control *in which* workspace they will start. Not a new problem.

2. No matter how many times or how many ways we specify that Chrome is our default browser, it keeps switching back to FireFox.

Fool Born Every Minute

If you get this, DON’T CLICK.

Socio-engineered malware attempt using "Virus Warning" on Skype message

Picture of Socio-engineered malware attempt using "Virus Warning" on Skype message

This seemingly helpful warning is designed to scare you into clicking the link, and thus downloading viruses into your computer. Don’t do it. The real tip off is that I am not using ANY version of Microsoft Windows — I use Linux. It is a Skype message intended to trick you into downloading malware by claiming that it has found malware and your computer needs immediate (read that — “without thinking’) attention.