Virus

Did you download a Linux Mint ISO yesterday?

Mike Hudson

Linux Mint have openly admitted that their WordPress installation was compromised yesterday (20th February 2016) and links to their Linux Mint 17.3 Cinnamon edition ISOs where replaced with links to an ISO with a baked in back door!

Users who downloaded the ISO from their HTTP links yesterday may have inadvertently downloaded a copy with the Tsunami Trojan built in. 

Those who downloaded the ISOs via torrent links will not have been affected by the compromised ISOs, due to the way torrents work. However those who used standard HTTP requests may find they’ve a rogue file in /var/lib/man.cy 

Not only did they redirect the download links, they also stole the databases.. These are now for sale on the “dark net” for $86 as the screen shot on the below tweet shows

If you’ve downloaded the ISO, the owners of Linux Mint are strongly recommending you reinstall the OS, you can read more about the attack over at the Linux Mint Blog

Read More

FREE 6 month AV Subscription for Mac

Mike Hudson Leave a comment

The nice people over at MacHeist are offering a copy of Intego’s antivirus solution (VirusBarrier X5) and a six month’s subscription to the update service completely FREE!

All you have to do to get hold of your free copy is post a status update on the social network site Facebook
As you can see – this is not your normal FREE AV Application! To get your free copy now click here and click the link to share on Facebook

Read More

ComboFix to the rescue

Mike Hudson Leave a comment

ComboFixMore and more recently I have been given computers with
mass Rootkit infections. Each unable to connect out to the net, performing painfully slowly and most advertising the infection and attempting to spread using the instant messenger network.

Although I always treat these infections on an individual basis and work my way down my predefined tool set, I am finding 1 particular tool is rapidly making its way up my list as the first tool try. ComboFix is a free spyware remover created by sUBs 

“Combofix was designed to scan a computer for known malware, spyware (SurfSideKick, QooLogic, and Look2Me as well as any other combination of the mentioned spyware applications) and remove them.

ComboFix allows the manual removal of spyware infections . It ‘s a specialized effective cleaning tool, which is useful compared to other malware and spyware removers.

After Combofix finished,a report will be created. You can use this report to search and remove infections which are not automatically removed.”
ComboFix is really easy to use even my nana could start fixing these infected PC’s..

How to use combofix:
  • Disable or Close all anti-spyware, anti-malware antivirus real-time protection, which may affect ComboFix.
  • Download the latest version of ComboFix (2.8mb)save to you desktop
  • Close all programs of you computer
  • Double click ComboFix.exe on you desktop
  • When Combofix finished, it will create logs for you. 
Some infected PC’s I have had the pleasure of working on have prevented ComboFix from running, which is also quite easy to get around. Simply rename the ComboFix exe, I tend to use 123.exe. Then try running it again!
I am yet to come across a Rootkit infected PC requiring this and then other tools before it’s back running normally!

Obviously I would still recommend using an AntiVirus application such as McAfee and perform regular updates and scans!

Read More