Spyware, Viruses, & Security

General discussion

NEWS - March 08, 2011

by Carol~ Forum moderator / March 7, 2011 9:20 PM PST
Malware Attacks Decline In SCADA, Industrial Control Systems, Report Says

"But targeted, stealthy attacks like Stuxnet and APT-type attacks against industrial control systems are expected to rise"

Malware accounts for close to one-third of all real-world industrial control system security incidents recorded in the Security Incidents Organization's Repository of Industrial Security Incidents (RISI) database, according to a new report published by the SIO. But while malware incidents showed a marked decline since 2003 among the 60 incidents chronicled in the report, the advent of Stuxnet is expected to change all of that.

Eric Byres, author of the 2011 "Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems Resulting from Malware Infections" report and CTO with Byres Security, says the reason for the overall decline in malware-borne attacks and infections on power plants and other industrial control systems is that "noisy" malware is out -- and stealthy, targeted malware is in.

Continued @ Dark Reading
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 08, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 08, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Zombie Cleanup Becomes Crucial in Recent KR Cyber-Attack
by Carol~ Forum moderator / March 7, 2011 10:55 PM PST
In reply to: NEWS - March 08, 2011

From TrendLabs Malware Blog:

Forty websites under the .KR domain, including those managed by the South Korean government and major institutions, suffered a major Distributed Denial of Service (DDoS) attack late last week. The attack was limited to Korea and is very similar to the DDoS attacks in July 2009.

The targeted attack, which caused the temporary shut down of the affected websites, was conducted through the use of a malicious file. According to reports, the attackers hacked at least four local peer-to-peer file sharing networks and planted the malicious file into certain shared files, causing users to unknowingly download and install the malicious file.

TROJ_QDDOS.A Conducts DDoS, with Minor Impact

Trend Micro was able to obtain a sample of the said malicious file (detected as TROJ_QDDOS.A) and analyze its routines. Systems infected with TROJ_QDDOS.A become part of a botnet. TROJ_QDDOS.A first retrieves the following information about the affected system:

Continued : http://blog.trendmicro.com/zombie-cleanup-becomes-crucial-in-recent-kr-cyber-attack/

Related : South Korea hit by cyber attacks

Collapse -
Vodafone responds to mobile broadband spying allegations
by Carol~ Forum moderator / March 7, 2011 10:55 PM PST
In reply to: NEWS - March 08, 2011

Vodafone UK has been accused of "illegally" spying on its mobile broadband user's surfing habits.

Eagle eyed customers began complaining after they noticed that their surfing was being monitored by an automated system, which would quickly load the same website address over and over again.

According to ISPReview, one reader decided to see where the website had come from. He tracked it down to a Californian company called Bluecoat, which has apparently been supplying Vodafone with services such as website filtering, anti-malware and anti-spyware since 2006.

The offending service was found to be Webpulse - a system which is designed to categorise website content and give companies - in this case Vodafone - options on what to do with collected data. In this case it was for child filtering content.

Continued : http://www.techeye.net/security/vodafone-responds-to-mobile-broadband-spying-allegations

Collapse -
Report: Malware-laden sites double in a year ago
by Carol~ Forum moderator / March 7, 2011 10:55 PM PST
In reply to: NEWS - March 08, 2011

More than 1 million Web sites were believed to be infected with malware in the fourth quarter of last year, nearly double from the previous year, according to figures released today by Dasient.

Malvertising, advertising containing malware, also is on the rise, with impressions doubling to 3 million per day from the third quarter of 2010, Dasient said in a blog post.

"The probability that an average Internet user will hit an infected page after three months of Web browsing is 95 percent," the company said.

The news corresponds with information released this week by another security firm. An analysis of than 3,000 Web sites across 400 organizations last year found that 44 percent of them were found to have serious vulnerabilities at all times, while 24 percent were frequently vulnerable for an average of at least 270 days a year, according to WhiteHat Security, which provides Web site testing and security services for companies. Meanwhile, only 16 percent of the sites examined were fond to be rarely vulnerable, the report said.

Continued : http://news.cnet.com/8301-27080_3-20040367-245.html

Collapse -
Egypt, FinFisher intrusion tools and ethics
by Carol~ Forum moderator / March 7, 2011 10:55 PM PST
In reply to: NEWS - March 08, 2011

From the F-Secure Weblog:

There's unrest in Egypt, Tunisia, Libya, Bahrain and elsewhere in the Arab world.

Two days ago, protestors in Nasr, Egypt took over the Headquarters of the Egyptian State Security.

Inside the HQ, the protesters gained access to loads of confidential state documents. [Screenshot]

Among them was a document that is highly relevant to computer security: an offer for a product called FinFisher sent to Egypt State Security Investigation Department. [Screenshot]

Note: we can't confirm to origin of this document. We got it from Mostafa Hussein. You can download the full document from here [pdf, 1.3MB]

FinFisher seems to be an Intrusion and Spying software framework, developed and sold by a German company. It seems to include multiple components, including an "infection proxy" and various intrusion tools.

We don't know if Egypt State Security purchased the tool or not. We don't know if they were using it to spy on their own citizens. We don't know who else could be using it.

The obvious question here is: do we detect FinFisher? And the answer is: we don't know, as we don't have a sample at hand we could use to confirm this.

Continued : http://www.f-secure.com/weblog/archives/00002114.html

Collapse -
Corporate data breach average cost hits $7.2 million
by Carol~ Forum moderator / March 7, 2011 10:55 PM PST
In reply to: NEWS - March 08, 2011

The cost of a data breach went up to $7.2 million last year up from $6.8 million in 2009 with the average cost per compromised record in 2010 reaching $214, up 5% from 2009.

The Ponemon Institute's annual study of data loss costs this year looked at 51 organizations who agreed to discuss the impact of losing anywhere between 4,000 to 105,000 customer records. The private-sector firms participating in the Ponemon Institute's "2010 Annual Study: U.S. Cost of a Data Breach" hail from across various industries, including financial services, retail, pharmaceutical technology and transportation.

While "negligence" remains the main cause of a data breach (in 41% of cases), for the first time the explanation of "malicious or criminal attacks" (in 31% of cases) came in ahead of the third leading cause, "system failure."

It turns out "malicious or criminal attacks" are the most expensive type of data breach to discover and respond to, costing on average $318 per customer record, $151 more than non-malicious breaches that stem from negligence of system failure.

Continued : http://www.networkworld.com/news/2011/030811-ponemon-data-breach.html

Collapse -
Charlie Sheen has NOT been found dead in his house, ..
by Carol~ Forum moderator / March 7, 2011 10:56 PM PST
In reply to: NEWS - March 08, 2011
.. despite what Facebook clickjackers say

A number of Naked Security readers have been in touch with us, regarding messages they have seen on Facebook claiming to link to a grotesque video of Charlie Sheen being found dead at his house, following a cardiac arrest.

[Screenshot]
' Exclusive Video: Charlie Sheen found Dead at his House!
Breaking News: Developing Story Charlie Sheen Dies from Cardiac Arrest and taken away in Ambulance!
'

[Screenshot]
' RIP! Charlie Sheen found Dead at his House!
Breaking News: Developing Story Charlie Sheen Dies from Cardiac Arrest and taken away in Ambulance!
'

Although - at the time of writing - the suspicious links we have investigated have not properly worked, our friends at FaceCrooks report that some are linking to a FbVideo clickjacking page, designed to lure ghoulish voyeurs into taking an online survey.

Continued : http://nakedsecurity.sophos.com/2011/03/07/charlie-sheen-has-not-been-found-dead-in-his-house-despite-what-facebook-clickjackers-say/
Collapse -
Yahoo! Phishing!
by Carol~ Forum moderator / March 7, 2011 10:56 PM PST
In reply to: NEWS - March 08, 2011

From the Bkis Global Task Force Blog:

Be careful if recently you received an email titled Account Update! which seems to be from Yahoo! because this might be a phishing email: [Screenshot: Yahoo Phishing]

When users click this email's link, a fake website of which the interface is similar to that of Yahoo! sign in page will appear:
[Screenshot: Yahoo Phishing]

In case you have fallen victim to this phishing email, you should change your password as soon as possible. It's advisable that users be careful with mails requiring personal information to avoid losing their accounts.

http://blog.bkis.com/en/yahoo-phishing/

Collapse -
NPR seeks to boot trolls, spammers from website
by Carol~ Forum moderator / March 7, 2011 10:56 PM PST
In reply to: NEWS - March 08, 2011

NPR, formally known as National Public Radio, has had it with trolling trolls and spamming spammers plying their trade in the comments the sections of npr.org Web pages. The public radio service has decided to take a rather unique approach to prevent the ad hominem, shamelessly vile and abusive comments that are the trademark of the 21st century Internet troll.

Last week, NPR announced that it had instituted a vetting process for new commenters on its website. Under the new policy, comments from new users will be reviewed by a team of community managers. Only if a comment is deemed appropriate will it then appear on the site.

"Once a user has established a reputation for following the commenting guidelines all of his comments will appear immediately after posting," NPR explains in a blog post. "Community managers will only review comments in response to a specific report from other community members." NPR says the reviews will be conducted in about 15 minutes.

For users with exiting accounts, those who've had a history of having their comments flagged will undergo an evaluation period. Once their comments are deemed devoid of any trolling or spamming behavior, then those users in question will be permitted to post comments without any prior review.

Continued : http://news.yahoo.com/s/digitaltrends/20110307/tc_digitaltrends/nprseekstoboottrollsspammersfromitswebsite

Collapse -
Microsoft preparing mysterious announcement
by Carol~ Forum moderator / March 7, 2011 10:57 PM PST
In reply to: NEWS - March 08, 2011

The Imperium upon which the sun appears to be setting more often is set to make a huge announcement on March 15.

If it were Apple there would be all sorts of fevered expectation which would result in a hysterical press rushing to the press conference to see what polished turd Steve Jobs was offering this week.

When Microsoft issues a similar cryptic notice, no one notices. To be fair we only spotted it because of the date which is the Ides of March.

The Ides of March are not a good time for any Imperium. After all, it was on that date that Julius Caesar was stabbed under the Statue of Pompey the Great.

But there have been dark murmurings in the Imperium lately. The feeling is that the shy and retiring Caesar Steve Ballmer is no longer up to the task. Apparently the concern is that he has dropped the ball so much lately that he appears to be playing basketball while the rest of the world is playing rugby.

Ballmer has been insisting that people around him are FAT as clearly some of them have "lean and hungry looks". Soothsayers, or analysts as they are called these days, are warning that Microsoft needs to make some sweeping reforms and an Ides of March announcement of Steve's exit would be incredibly appropriate.

Continued : http://www.techeye.net/software/microsoft-preparing-mysterious-announcement

Collapse -
USB driver bug exposed as "Linux plug&pwn"
by Carol~ Forum moderator / March 7, 2011 11:16 PM PST
In reply to: NEWS - March 08, 2011

Rafael Dominguez Vega of MRW InfoSecurity has reported a bug in the Caiaq USB driver which could be used to gain control of a Linux system via a USB device.

The bug is caused by the device name being copied into a memory area with a size of 80 bytes using strcpy() without its length being tested. A crafted device with a long device name could thus write beyond the limits of this buffer, allowing it to inject and execute code. Because the driver is included, and automatically loaded, in most Linux distributions, to execute code in kernel mode an attacker would merely have to connect such a device to a Linux system's USB port.

Continued : http://www.h-online.com/security/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html

Collapse -
IPv6 intro creates spam-filtering nightmare
by Carol~ Forum moderator / March 7, 2011 11:16 PM PST
In reply to: NEWS - March 08, 2011

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

"The primary method for stopping the majority of spam used by email providers is to track bad IP addresses sending email and block them - a process known as IP blacklisting," explained Stuart Paton, a senior solutions architect at spam-filtering outfit Cloudmark. "With IPv6 this technique will no longer be possible and could mean that email systems would quickly become overloaded if new approaches are not developed to address this."

Continued : http://www.theregister.co.uk/2011/03/08/ipv6_spam_filtering_headache/

Collapse -
GCHQ aims to protect critical private networks from hackers
by Carol~ Forum moderator / March 8, 2011 12:21 AM PST
In reply to: NEWS - March 08, 2011

GCHQ is planning to constantly monitor Britain's most vital private computer networks for potentially damaging cyber attacks, in a major expansion of the Cheltenham-based spy agency's responsibilities.

Security chiefs have enlisted the help of David Cameron to press the companies responsible for critical national infrastructure to allow the government to keep watch for hackers on their systems. Experts at GCHQ would analyse unusual network traffic and take defensive action if necessary.

The Prime Minister last month summoned major firms including British Airways, BT and National Grid to Downing Street to discuss the plans, sources said.

The government fears that a hostile state or terrorist group could strike Britain via the internet and cripple communication and financial services, shut down the electricity grid, or sabotage air traffic control systems. Such an attack would be relatively cheap to mount compared to a bombing, for example, and be more difficult to trace.

The security minister, Baroness Pauline Neville-Jones, said that a significantly expanded national cyber security hub at GCHQ will analyse streams of data from major communications, power and transport providers for evidence of hacking. Currently, a small group, known as the Cyber Security Operations Centre, provides more limited intelligence on online threats to national security.

Continued : http://www.telegraph.co.uk/technology/8366810/GCHQ-aims-to-protect-critical-private-networks-from-hackers.html

Collapse -
Cyber Criminals Adapt As Threat Landscape Changes
by Carol~ Forum moderator / March 8, 2011 12:21 AM PST
In reply to: NEWS - March 08, 2011

If there is one thing we know about criminal activity on the internet, we know it changes constantly. Because the most illicit gains are to be found where defenses are few, online fraudsters are always seeking new territory to exploit their victims.

One current trend in the world of online fraud is the shift toward the mobile arena. For example, many reports are emerging about attacks against Google's Android operating system for mobile devices. ISS recently examined malware designed to target Android.

In that vein, today we bring you images from the world of illegal online pharmacies. These organizations put lives at risk by offering prescription medications without a prescription, or worse, by sending fake medications that can cause great harm. Moreover, consumers' credit card numbers are sometimes stolen when they make purchases from these sites.

Consider this screenshot of one a typical illegal online pharmacy website as viewed on an iPhone: [Screenshot]

As you can see, the type is small, not easy to read, and navigation is difficult.

Knowing that consumers are using mobile devices more than ever, cyber criminals have created the site below specifically to illegally sell prescription drugs in a format that is native to mobile devices. ...

Continued : http://www.cyveillanceblog.com/general-cyberintel/cyber-criminals-adapt-as-threat-landscape-changes

Collapse -
WHOIS Problem Reporting System to Gain Privacy Option
by Carol~ Forum moderator / March 8, 2011 3:20 AM PST
In reply to: NEWS - March 08, 2011

A system that allows anti-spam activists to report entities that bulk-register domain names using false or misleading identity data is about to gain a much-needed new privacy feature: The option for activists not to expose their identities to the very spammers they're trying to report.

The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that oversees the Internet's domain name system, runs a program called the WHOIS Data Problem Reporting System (WDPRS). It's designed to allow Internet community members to alert registrars about customers that list incomplete or inaccurate contact records for domain registrations.

The policy of requiring registrars to make WHOIS data publicly searchable is no doubt a contentious one, but the reality is that spammers and scammers frequently bulk register large numbers of domains in one go, and tend to take their business to registrars that don't ask too many questions. Indeed, some domain registrars have built a business out of catering to spammers and scammers.

In many cases, spammers will mass-register domains using completely bogus contact information, or - as appears to have been the case with hundreds of domains that were used recently in an attack against KrebsOnSecurity.com - with the contact information belonging to people whose stolen credit cards were used to fraudulently register the spammy domains.

Continued : http://krebsonsecurity.com/2011/03/whois-problem-reporting-system-to-gain-privacy-option/#more-8023

Collapse -
Hackers versus Apple
by Carol~ Forum moderator / March 8, 2011 3:20 AM PST
In reply to: NEWS - March 08, 2011
An interview with Charlie Miller and Dino Dai Zovi

Heise's new Mac & i magazine recently interviewed Charlie Miller and Dino Dai Zovi, co-authors of "The Mac Hacker's Handbook" about Apple security and how to compromise it. The H is able to present that interview in full. Both Miller and Dai Zovi are well known for their exploits against the Apple Mac software environment. Miller is a researcher currently employed by the security consultants Independent Security Evaluators. He previously worked for the NSA and has won prizes for successful exploits at several Pwn2Own contests.

Like Miller, Dai Zovi is a regular at Pwn2Own and was successful at the first Pwn2Own contest at CanSecWest 2007, where he hijacked a MacBook Pro through a cross-platform QuickTime flaw. He has been named by eWeek as one of the top 15 most influential people in security and currently works as an independent security consultant, author and speaker.

Contined (with interview) here: http://www.h-online.com/security/features/Hackers-versus-Apple-1202598.html
Collapse -
Microsoft Patches Windows, Office Vulnerabilities
by Carol~ Forum moderator / March 8, 2011 3:20 AM PST
In reply to: NEWS - March 08, 2011

Microsoft's Patch Tuesday is a relatively minor one, with a single bulletin rated "critical" and two "important." Affected software includes applications within Windows and Office.

The MS11-015 update, rated "Critical," patches vulnerabilities in DirectShow, Windows Media Player and Windows Media Center. In order for an outside entity to exploit said vulnerabilities, the user would need to open a specially crafted Microsoft Digital Video Recording (DVR-MS) file.

"The lone critical issue this month-the DVR-MS vulnerability-will be somewhat trivial for attackers to exploit," Joshua Talbot, security intelligence manager for Symantec Security Response, wrote in a March 8 e-mail. "It also allows attackers to skip a few of the traditional steps needed to get malicious code to execute on a targeted computer. This is because when processing DVR-MS files, Windows Media Player and Media Center user data in these files themselves to determine what code in memory gets executed."

The next "Important" update, MS11-017, patches a vulnerability in Windows Remote Desktop Client that could allow remote code execution is a user opens a Remote Desktop configuration file (.rdp) located in the same network folder as a "specially crafted library file," according to Microsoft. "For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application."

The third update, MS11-016, is rated "Important," and aims to resolve a vulnerability with Microsoft Groove. Similar to the vulnerability patched by MS11-017, this one could allow an outside entity to remotely executive code if a user opens a legitimate file in the same network directory as a specially crafted library file.

"The other vulnerabilities fixed this month all relate to the DLL issues Microsoft has been working to address for some time now," Talbot added in his note. "These are fairly easy to exploit, but because an attack would require to take some fairly uncommon steps-such as opening up malicious files from SMB or WebDAV servers-they're less likely to pose a serious threat."

http://www.eweek.com/c/a/Security/Microsoft-Patches-Windows-Office-Vulnerabilities-651117/

Collapse -
Facebook app pages serve up Javascript and Acai Berry spam
by Carol~ Forum moderator / March 8, 2011 3:20 AM PST
In reply to: NEWS - March 08, 2011

There's a nasty round of Facebook app pages dabbling in Javascript shenanigans to spam Acai Berry diet pages on your profile walls. Simply visiting these pages while logged in is enough to post some spam, most of the pages involved promising (surprise, surprise) a video to watch: [Screenshot]

If you try to navigate away from the above app page, a message will pop up claiming you're about to "corrupt the Flash install". Total nonsense, but it's just enough to result in something like the below being posted to your profile: [Screenshot]

"I am living proof that this works", claims the "facebook sponsored weight loss product". No sign of anyone yelling "Beefcake, Beefcake" but let's dispense with the South Park references and see where the spam link leads to: [Screenshot]

Continued : http://sunbeltblog.blogspot.com/2011/03/facebook-app-pages-serve-up-javascript.html

Collapse -
Windows 7 SP1 RTM Blue Screens of Death Due to Language Pack
by Carol~ Forum moderator / March 8, 2011 5:12 AM PST
In reply to: NEWS - March 08, 2011

Microsoft has confirmed an issue with the deployment of Windows 7 Service Pack 1 RTM in which, following the installation process, some customers can experience a Blue Screen of Death crash accompanied by "Error C000009A."

According to the Redmond company, at fault are language packs that the users have already integrated with the operating system prior to starting to install SP1.

Customers do have a solution, but it requires quite a lot of time and effort on their part, as they will need to perform all steps manually.

"After installing Windows 7 Service Pack 1 (SP1), you might receive the following error message on a blue screen: "Error C000009A applying update operation {###} of {###} (\Registry...)," the company revealed.

The software giant explains that the best way to tackle this problem is to remove the source.

"To resolve this issue, restore your computer to a point in time before you installed Windows 7 SP1, uninstall any unused language packs, and then reinstall SP1. To restore your computer to a previous point in time, you'll need to use the System Recovery Options menu," the company revealed.

Continued : http://news.softpedia.com/news/Windows-7-SP1-RTM-Blue-Screens-of-Death-Due-to-Language-Packs-188192.shtml

From Microsoft: Why am I receiving "Error C000009A" after installing Windows 7 Service Pack 1 (SP1)?

Collapse -
New Malware, JKDDOS, Targets Commodities Investment Firms
by Carol~ Forum moderator / March 8, 2011 5:12 AM PST
In reply to: NEWS - March 08, 2011

Researchers at Arbor Networks say they have discovered unique samples of a new family of malware that is targeting large investmen firms with holdings in the commodities markets, especially the mining industry.

The malware, dubbed 'JKDDOS,' is used to launch distributed denial of service (DDOS) attacks against targets. It is spreading mostly in China, by infecting Windows systems, according to the post on Tuesday from Arbor's Jeff Edwards.

The malware is believed to be responsible attacks against 78 unique victims, mostly in China and the U.S., but also in Hong Kong and Singapore as well. The victims include the gaming sites and online stores - common targets of DDOS attacks, which are used to knock the sites offline and extract protection payments from site operators. But JKDDOS is also targeting large investment firms, especially those involved in the gold mining industry. One New York company was attacked six times in ten days, with the attacks ranging in length from three to 33 hours. The report also details separate attacks on firms investing in wineries and manganese mines. The longest attack they discovered was launched against a Chinese discussion forum and lasted 72 hours.

https://threatpost.com/en_us/blogs/new-malware-jkddos-targets-commodities-investment-firms-030811

At Arbor Networks: JKDDOS: DDoS bot with an interest in the mining industry?

Collapse -
The Case of the Sysinternals-Blocking Malware
by Carol~ Forum moderator / March 8, 2011 6:40 AM PST
In reply to: NEWS - March 08, 2011

Mark Russinovich @ Mark's Blog:

Continuing the theme of focusing on malware-related cases (last week I posted The Case of the Malicious Autostart) as a lead up to the publication on March 15 of my novel Zero Day, this post describes one submitted to me by a user that took a unique approach to cleaning an infection when faced with the apparent inability to run Sysinternals utilities.

More and more often, malware authors target antivirus products and Sysinternals utilities in an effort to maintain their grip on a conquered system. This case began when the user's friend asked if he'd take a look at his computer, which had begun taking an unusually long times to boot and logon. The friend, already suspecting that malware might be the cause, had tried to run a Microsoft Security Essentials (MSE) scan, but the scan would never complete. They also hadn't spotted anything in Task Manager.

The user, familiar with Sysinternals, tried following the malware cleaning recipe I presented in my Advanced Malware Cleaning presentation. Double-clicking on Process Explorer resulted in a brief flash of the Process Explorer UI followed by the termination of the Process Explorer process, however. He turned to Autoruns next, but the result was the same. Process Monitor had the same behavior and at this point he became convinced the malware was responsible.

Continued : http://blogs.technet.com/b/markrussinovich/archive/2011/03/08/3392087.aspx

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.