Facebook Virus Removal (Remove : Koob Face Worm)

Remove Latest Facebook Virus : Koob Face Worm




Alright, so I know Facebook is huge now. If anyone here on Sodahead uses it, it looks like there’s some video viruses going around. One is of an Obama sex tape type video and the other one is an optical illusion video (This one is always popping up on my news feed). So if one of your “friends” sends it to you, don’t click on it!

New Facebook Viruses Can now Use your Account to Mass Private

message your friends to click on a link saying “WTF: This AMERICAN guy should be STONED to DEATH for doing this to his GIRLFRIEND: bit.ly/*****” or something like this “Hey, check out this girl, lol, she must be out of her mind for making that video!: bit.ly/hw****” Once You even Accidentally Click on the Provided Link, Infection on your computer will arise, your Documents will be HACKED, your Files Lost, and you will no longer have Privacy on your computer.

Also look out for Wall post on Facebook such as this :

Avert_Blog_Koobface_1-12-3-08Some even got a youtube like screen that has a caption of “obama sex tape scandal” and when you click the link it requires you to install something to access the video, and once link was clicked, Virus Attacks! and will take total CONTROL over your computer.




Next Generation Firewalls: It’s all about tuples

By Michael Kassner
November 28, 2011, 11:23 AM PST

Takeaway: Next-generation firewalls have been around for several years, but garnered little interest. That’s changing as first-generation firewalls aren’t keeping up.

IT professionals responsible for perimeter defenses are frustrated.

Case in point: Internet traffic of all shapes and sizes traverses port 80. Meaning, port 80 must remain open. Bad guys know this. So port 80 becomes their private malware highway. And trucks, full of malcode, drive right past the check point.

There is hope

I’d like to introduce Next Generation FireWalls (NGFW). Firewalls designed to filter packets based on applications. To continue my analogy, the trucks loaded with malcode can’t drive right past the check point, any more.

Other features incorporated in NGFWs:

  • Enforce company regulations: NGFWs are able to control user access to websites and online applications as required.
  • SSL Proxy: NGFWs are able to decrypt, inspect, and re-establish the encrypted SSL connection. This eliminates encryption as a method of hiding malware.
  • IDS/IPS: NGFWs have incorporated deep packet inspection-to the point where stand alone IDS/IPS devices are not required.
  • Active-Directory friendly: Many NGFWs are able to authorize application usage based upon individual user profiles or groups.
  • Malware filtering: NGFWs provide signature and reputation-based filtering to block malicious applications that have a bad reputation.

Click to enlarge


Palo Alto Networks was the first company to offer a NGFW. For information about NGFW requirements per Palo Alto Networks, please check out this white paper (above slide). Barracuda Networks, Juniper Networks, and WatchGuard also offer NGFW solutions.


Just about every blog post I’ve read about NGFWs mentioned tuples. I had no idea what they were. Hopefully, you do. If not, here’s what I found out.

N-tuple is a collection of attributes. And, in the case of firewalls, these attributes are used to define access requirements. N is a place holder representing the number of attributes in the list. For example, a 5-tuple “firewall allow rule” might include:

  • Source IP address
  • Source port (typically: any)
  • Destination IP address
  • Destination port (80 or 443)
  • Destination protocol (typically TCP)

So, if the packet being inspected has all of the correct attributes, the firewall will allow it to pass.

Widening the 5-tuple

I thought I was “good to go” after figuring out what a tuple was. Then I read something about “widening the 5-tuple”. Widen a tuple. Does that even make sense?

Let’s see if it does.

As mentioned earlier, a first-generation firewall rule employs a collection of 5 attributes or 5-tuple. That is sufficient to carry out stateful port and protocol inspection, Network Address Translation, and Virtual Private Network technology.

A 5-tuple rule set is not sufficient for NGFWs. Next Generation Firewalls need additional attributes such as application type and user identity in order to work as advertised. To understand why, consider the port 80 analogy, one last time.

If it’s discovered that the truck carrying malcode has an illegal license plate, the truck ain’t going anywhere. The same applies to malcode. If its license plate — “application type” attribute — is incorrect, the malcode is blocked from continuing on.

The additional attributes or tuples are “widening the 5-tuple”.

Confession time: I did not find a clear-cut explanation of how tuples relate to firewalls. But, article after article mentioned tuples. So, I jumped in. If my explanation is wrong, I hope firewall and database admins that better understand will bail me out.

Survey says

The Ponomen Institute just completed a survey of NGFWs for SourceFire, Inc. The infographic ( partially shown below) provides several interesting statistics, particularly what is driving interest in NGFWs and the percentage of respondents noticing performance degradation:

Final thoughts

The race toward sophistication between malware and antimalware continues. Stay tuned

Pakistan Blocks Thousands of Adult Websites

Pakistani internet service providers have started the process of blocking websites with adult and explicit content, told us multiple sources from the industry.

Earlier this month PTA, telecom regulatory authority of Pakistan, had decided to block the access of those websites in Pakistan that contain adult content.

As we reported earlier, PTA has plans of blocking 150,000 such websites in coming weeks, however, initial list of 1,000 websites has been sent out to all ISPs, mobile operators and international gateways to get them blocked.

ProPakistani has got the said list of 1,000 websites, which we aren’t publishing it here for obvious reasons. But we can tell you that they all are adult websites and few of them are ranked in top 100 Alexa list for Pakistani most visited websites. Local adult websites are also included.

ISPs are given 8-10 days to get the orders implemented. Most of the ISPs, including PTCL, have already blocked these websites, while others are making the necessary preparations for the blockade.

PTA is also planning to devise a way for general users to report adult websites to authority. After through review authority will keep adding such reported websites/URLs to the black list.

Internet Service Providers on other hands aren’t comfortable with the overheard involved in the blocking of websites. They say that blocking high number of websites may result into slow performance by routers and increased latency due to high number of filters over the network.

PTA decided to ban explicit websites after immense pressure from bloggers, hackers and activists. They, along with parents, are certainly rejoicing authority’s decision.

However there are users who are opposing the ban, few of them think that this way PTA will get the axe to cut any website under the cover of explicit material. But sources at head-office of PTA tell us that they will make this process of blocking websites very transparent and visible to everyone, so that no one fears the unlawful use of power.

Windows 7 Anti-Piracy Update Now Live

New patch checks for more activation hacks.
Earlier this month, we detailed that Microsoft was prepping a Windows 7 Update that would improve Windows Activation Technologies to detect more than 70 known and potentially dangerous activation exploits.

Those paying attention to their Windows Update will see that the patch KB971033 is now live. It’s not explicitly named anything to do with Windows Activation Technologies, as it’s simply termed as an «Update for Windows 7.»

Microsoft previously pointed out that this update is completely voluntary and users can decline the update when it appears (though we can’t imagine why legitimate users would worry). Of course, if a hack or exploit is found, Windows 7 will alert the user by removing the desktop background and pop up periodic reminders of just how non-genuine it is feeling.
Read more about the patch here.

Should You Repair A Fake USB Flash (Pen) Drive?

Before you attempt to repair a fake aka upgraded USB Flash (Pen) Drive you should ask yourself the following questions:

  • What are my chances of being successful?
  • What are the chances of downloading a virus?
  • How trustworthy are repaired drives?
  • How much is my time worth?
  • Unless the pen drive contains one of the popular controller chips (Microv, ICreate or Alcor families) and memory storage chips (Samsung & Hynix) finding the correct low level software program will be a challenge. You will spend a significant amount of time looking for solutions and may not be successful in your efforts.

You may find some software on a website that you think could fix your drive and inadvertently download a virus or other forms of malware. McAfee’s Siteminder identifies some of the download sites as containing malicious software or software that breaches browser security.

The drive may also be irreparably damaged during the repair process. Using the wrong software can destroy the flash storage chip. Using a program someone else used with their previous sitting i.e. leaving the ECC open could destroy access to the storage chip, as information in the controller is over written.

Could you ever trust a repaired drive with your data files or pictures? The unscrupulous creators of the fake flash drives maximise their profits by using the lowest cost chips they can purchase. The quality of these chips range from average to poor. When the chips fail you may be lucky and just loose all the files that you have stored on the drive, or worse – the contents of the files can be corrupted and remain undetected by you.

Can you trust the software (aka firmware) that was installed on the flash drive by the manufactures tool (Udtools etc) during the repair process? The firmware that was installed could be a “hacked” version, reprogrammed to ignore memory errors.

Since the tools the counterfeiters use to create the fakes have the ability to ignore or hide memory errors, it is best to assume that the fakes contain poor quality memory chips. The output of H2TestW may indicate that a fake contains extremely poor quality chips. A significant difference between the reported “OK” size as reported by H2TestW and that of a typical fake flash drive is a good indication of bad or damaged memory areas on the fake flash drive. The following are some typical “OK” sizes:

180MB OK is typical for a Fake 16GB Drive created from a real 256MB memory chip
980MB OK is typical for a Fake 16GB Drive created from real 1GB memory chip
1.9GB OK is typical for a Fake 16GB Drive created from a real 2GB memory chip
1.7GB OK is typical for a Fake 32GB drive created from a real 2GB memory chip

If H2TestW does not complete a test or outputs error messages then you should not consider repairing. The life time of repaired drives may be significantly less than regular drives. The type of NAND flash memory used in brand name USB flash drives is typically rated at 10,000 erase – write cycles. Some of the potential methods used in the producing fakes may result in significant numbers of erase – write cycles done on a small area of the flash drives. This will result in the drive having a short life time.

If you going to repair and reuse a drive you should mark and/or label the drive so that you will remember that is a repaired fake flash drive. You should also use tools that provide basic data integrity checking when savings files on the drive. Some of the potential tools are Zip, 7Zip and Microsoft compressed folders.

After you have repaired the drive, test it! If H2TestW shows any errors then destroy the drive and throw it in the garbage.

After considering the above you should ask yourself: how much is my time worth, especially when I may end up with a 2GB or smaller drive?

Researcher exposes Google spyware connections Source: ZDNET.COM

A prominent anti-spyware researcher is calling on Google to sever its ties with an advertising partner that covers popular sites with pop-up PPC advertisements promoting those same sites.

According to Ben Edelman, an assistant professor at the Harvard Business School and a staunch anti-spyware advocate, Google is charging advertisers for what he described as “conversion-inflation” traffic from the WhenU spyware program.

Edelman’s expose includes several screenshots, video, and packet log to show that WhenU continues to cover web sites with PPC popups. Crucially, those popups show Google ads — often promoting the very same sites users are already browsing.

Here’s a sample of Edelman’s report:

I browsed the Continental Airlines site. WhenU opened [a] popup  — covering the Continental site with a list of Google ads, putting a prominent Continental ad front-and-center. Thus, Google charges Continental a fee to access a user already at Continental’s site. That’s a rotten deal for Continental: For one, an advertiser should not have to pay to reach a user already at its site. Furthermore, advertisers paying high Google prices deserve high-quality ad placements, not spyware popups.

The details of the Continental ad, as shown in the WhenU-Google popup, further entice users to click. The ad promises a “low fare guarantee” — suggesting that users who book some other way (without clicking the ad) may not enjoy that guarantee. And the ad promises to take users to the “official site” — suggesting that users who don’t click the ad will book through a site that is less than official. In fact both suggestions are inaccurate, but a reasonable user would naturally reach these conclusions based on the wording of the advertisement and the context of its appearance.

Edelman says this is the third sequence where he has observed Google paying WhenU to cover advertisers’ sites with the advertisers’ own Google ads.

He recommends that Google sever its relationship with InfoSpace, the company that it pays to deliver the ads.  Edelman also called on the search marketing giant to pay restitution to affected advertisers.

Source: http://blogs.zdnet.com/security/?p=5194&tag=nl.e550