 |
There are currently, 3 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
| |
|
Select Interface Language:
| |
| |
Welcome to the home of the Gurus Online
We are Yahoo's premiere chat and computer help
group. We are NOT a 'war crew', 'boot group' or 'leet hacker' clan. Our
mission is simple: to use our knowledge of chat and computers to aid
all those who need assistance.
The Gurus Online has a strict policy of not using boot codes of any
kind. There are enough booters out there without us adding to the
problem. Any Gurus Online member who is found to be using malicious
codes, or hacking a computer will be banned from the group, and their
Gurus Online ID will be confiscated.
We are here solely to help. So take a look around our site and get to
know us. We suggest you stop by our downloads section and get the tools
necessary to be safe online. And feel free to talk to any member if you
need help. That what Gurus are for!
|
|
 | |  | |  Christmas Viruses
Posted by guru on Tuesday, December 27 @ 18:17:06 EST (305 reads) |
Panda Software's weekly report on viruses and intruders -
Virus Alerts, by
Panda Software (http://www.pandasoftware.com)
Madrid, December 23 2005
- This week's report looks at two Trojans
-MerryX.A and Mitglieder.GO-, and
two worms -Dasher.A and Dasher.B-.
MerryX.A is a Trojan sent in an email
with the following characteristics
relating to Christmas:
Subject:
MERRY CHRISTMAS!
Message text: Merry Christmas and a Happy New
Year!
Attachments: A_LIGHTSMC10.GIF, a picture of colored lights with
the
words "Merry Christmas"; and MERRY CHRISTMAS!.RAR, a
self-extractable
file containing two other files: SQLServer.exe, a copy of
the Trojan,
and MERRY CHRISTMAS!.SWF, a Flash animation showing Father
Christmas
leaving presents by a tree.
MerryX.A takes a series of
actions on the computers it infects
including:
- It logs the
keystrokes typed by the user. This can be used to capture
passwords or other
kind of sensitive information, thus posing a threat
to the user's privacy.
Then, it connects to a remote server, to which it
sends the information
gathered.
- It attempts to download files from different websites. These
can be
any type of file, including malware.
The second Tojan we're
looking at today is Mitglieder.GO, which has been
sent massively via email by
the Bagle.FX worm, in a message containing a
ZIP file.
Mitglieder.GO
is a Trojan that connects every four hours to a random URL
selected from a
list of websites included in its code in order to
download and run a file.
This file can be of any nature, including
malware. When it is run this Trojan
displays a Windows image.
We end today's report with Dasher.A and
Dasher.B, two worms that spread
across the Internet. They spread in a
self-extractable RAR file that
search for IP addresses of computers with Windows 2003/XP/2000 affected
by the critical vulnerabilities reported by Microsoft in bulletin
MS05-051. The self-extractable RAR file is installed on vulnerable
computers in which Dasher.A and Dasher.B manage to exploit these
security problems.
If your computer has Windows 2003/XP/2000, it is advisable to download
and install the updates that resolve these vulnerabilities. More
information is available in Microsoft bulletin MS05-051.
More information about these and other threats is available from Panda
software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If
this happens, just use the 'cut' and 'paste' options to join the pieces
of the URL.
------------------------------------------------------------
To unsubscribe from Virus Alerts, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
",0]
);
//-->
contains and installs other files that open port 1025. These files
search for
IP addresses of computers with Windows 2003/XP/2000 affected
by the critical
vulnerabilities reported by Microsoft in bulletin
MS05-051. The
self-extractable RAR file is installed on vulnerable
computers in which
Dasher.A and Dasher.B manage to exploit these
security problems.
If
your computer has Windows 2003/XP/2000, it is advisable to download
and
install the updates that resolve these vulnerabilities. More
information is
available in Microsoft bulletin MS05-051.
More information about these
and other threats is available from Panda
software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/
NOTE:
The address above may not show up on your screen as a single line.
This would
prevent you from using the link to access the web page. If
this happens, just
use the 'cut' and 'paste' options to join the pieces
of the URL.
|
| |  | |  |
| | | | New Virus steals Spanish bank info
Posted by guru on Tuesday, December 27 @ 11:02:16 EST (171 reads) |
Orange Alert:Panda Software reports new Trojan that could steal
online
banking passwords of thousands of Spanish-speaking users
Virus Alerts, by Panda Software
(http://www.pandasoftware.com)
A new Trojan, Nabload.U,
which is distributing itself through Messenger,
has appeared a few hours ago.
This Trojan downloads another Trojan,
called Banker.bsx, which is currently
the number one detected piece of
malware from Panda's ActiveScan. Its
objective is to obtain the
passwords of certain banks that it has stored in
its code primarily from
Spanish-speaking users.
The most unusual
aspect of this Trojan is its ability to capture the
information without the
use of a traditional key logger. The user will
be unaware that this is
occurring. Banks that use virtual keyboards to
avoid keyloggers won't be
protected from this Trojan.
Once the author has the keys, he can commit
banking fraud with the
accounts.
According to Luis Corrons, PandaLabs
director: "This Trojan is an
example of a hybrid virus that mixes different
techniques. Once the user
clicks on the URL, it is able to download a Trojan
and use techniques
similar to some spyware and phishing attacks. It is,
without a doubt, a
Trojan designed to steal data quickly, and without
leaving any tracks."
Nabload.U uses social engineering techniques to
get the user to click on
the URL provided. The sentence is in Spanish: "ve
esa vaina
http://hometown.%eliminado%.au/miralafoto/foto.exe." It
is disguised as
a personal contact. When the user clicks on this URL, another
Trojan,
http://hometown.%eliminado%.au/arqarq/coco2006.jpg and
http://hometown.%eliminado%.au/modnatal/coco2006.jpg that downloads a
configuration file. In this file, you can find - as well as other
information- the e-mail address where the stolen data will be sent.
This Trojan opens up port 1106 on the computer and stays active. So,
when the user tries to access one of the online bank addresses shown
bellow, the Trojan will be able to capture what the user is doing on the
screen, including the login and password typed by virtual keyboards to
access the bank account. This Trojan only captures the information from
the addresses below:
https://secure2.venezolano.com/
https://e-bdvcp.banvenez.com
https://www.ibprovivienda.com.ve/personas/
https://banco.micasaeap.com/individualmc/
https://olb.todo1.com/servlet/msfv/
https://www.banesco.com",1]
);
//-->
Banker.BSX, is downloaded. It also offers two others URLs_
http://hometown.%eliminado%.au/arqarq/coco2006.jpg
and
http://hometown.%eliminado%.au/modnatal/coco2006.jpg that
downloads a
configuration file. In this file, you can find - as well as
other
information- the e-mail address where the stolen data will be
sent.
This Trojan opens up port 1106 on the computer and stays
active. So,
when the user tries to access one of the online bank addresses
shown
bellow, the Trojan will be able to capture what the user is doing on
the
screen, including the login and password typed by virtual keyboards
to
access the bank account. This Trojan only captures the information
from
the addresses below:
https://secure2.venezolano.com/
https://e-bdvcp.banvenez.com
https://www.ibprovivienda.com.ve/personas/
https://banco.micasaeap.com/individualmc/
https://olb.todo1.com/servlet/msfv/
https://www.banesco.com
.htm
https://www.banesconline.com
https://www.provinet.net/shtml/
https://bod.bodmillenium.com
https://www.corp-line.com.ve/personas/
Once the Trojan has captured the information, it sends this data to an
e-mail address. The author can change this e-mail address as desired.
To help as many users as possible scan and disinfect their systems,
Panda Software offers its free, online anti-malware solution, Panda
ActiveScan, which now also detects spyware, at
http://www.activescan.com. Webmasters who would like to include
ActiveScan on their websites can get the HTML code, free from
http://www.pandasoftware.com/partners/webmasters.
TruPreventTM detection technologies detect and eliminate Banker.BSX with
no need for previous updates, so computers with these technologies have
been protected from the moment the Trojan Horse appeared.
For further information about Nabload.U and Banker.BSX, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/
------------------------------",1]
);
//-->
/servicios_electronicos_pag.htm
https://www.banesconline.com
https://www.provinet.net/shtml/
https://bod.bodmillenium.com
https://www.corp-line.com.ve/personas/
Once the
Trojan has captured the information, it sends this data to an
e-mail address.
The author can change this e-mail address as desired.
To help as many
users as possible scan and disinfect their systems,
Panda Software offers its
free, online anti-malware solution, Panda
ActiveScan, which now also detects
spyware, at
http://www.activescan.com.
Webmasters who would like to include
ActiveScan on their websites can get the
HTML code, free from
http://www.pandasoftware.com/partners/webmasters.
TruPreventTM
detection technologies detect and eliminate Banker.BSX with
no need for
previous updates, so computers with these technologies have
been protected
from the moment the Trojan Horse appeared.
For further information about
Nabload.U and Banker.BSX, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/
|
| | | | |
| | | | Post-holiday posting
Posted by guru on Tuesday, December 27 @ 10:33:42 EST (230 reads) |
|
Now that the holidays are pretty much over, the Gurus will be online more often. Just like you, we have families, and have enjoyed some time with them, but now it's time for us to get back to work!
|
| | | | |
| | | | Sober.AH world's most detected virus
Posted by guru on Tuesday, November 22 @ 13:26:49 EST (199 reads) |
From Panda Software:
Madrid, November 22 2005 - The Sober.AH worm, detected just a few hours
ago by PandaLabs, is now the most frequently detected virus worldwide,
according to data collected by the Panda ActiveScan online antivirus
solution.
As was expected, and given the fact that this worm
sends itself in email messages in English or German depending on the
recipient's address, the United States and Germany have been, until
now, the countries most affected by Sober.AH. However, according to
data from PandaLabs, incidents have been recorded all around the world.
|
| | | | |
| | | | FBI reports E-Mail Scam, Worm
Posted by guru on Tuesday, November 22 @ 12:34:41 EST (263 reads) |
From Techtree.com:
The Federal Bureau of Investigation (FBI) has issued a
press note warning the public to avoid falling victim to an on-going mass e-mail
scheme, wherein computer users received unsolicited e-mails supposedly sent by
the FBI.
These scam e-mails tell the recipients that their Internet use
has been monitored by the agency, and that they have accessed illegal web sites.
The e-mails then direct recipients to open an attachment and answer questions.
|
| | | | |
| | | | Latest Gurus Members
Posted by guru on Monday, November 14 @ 15:29:27 EST (180 reads) |
|
Please welcome Gurus Online Alkazar and Gurus Online Dave to the ranks of the Gurus Online!
|
| | | | |
| | | | New Downloads
Posted by guru on Sunday, November 13 @ 11:11:02 EST (190 reads) |
We have added a number of new programs to our downloads section. Our
featured program is All In One Secretmaker, an awesome program that
provides all kinds of internet utilities, such as popup and spam
blocker, email scanner, intruder protection and more.
|
| | | | |
| | | | Voice Lagger Information
Posted by guru on Friday, November 11 @ 11:52:27 EST (703 reads) |
In the last few weeks, there have been a rash of people using a VOICE
LAGGER to tie up the mic and boot in Yahoo chat rooms. We have
discovered a way to put an end to this nuisance. Go to our downloads
section and download YahElite [chat clients] and install it. Then get
VCGuard [Antibooters>Anti-laggers] and run it. It will ask you to
locate your YahVox [YahElite voice module]. Click the little box next
to the text window and navigate to My Computer>C:>Program
Files>YahElite. You should see YahVox.exe. Select this, and the box
will close.
VCGuard integrates into YahElite, and automatically runs when you turn
on the mic in YahElite. If a voice lagger starts running, simply double
click the name in the YahVox module, and they are voice ignored. In any
case, the ports used by the voice lagger are now secured, and the
lagger will no longer function.
|
| | | | |
| |
|
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
| |
|
There isn't a Biggest Story for Today, yet.
| |
|
