ComingUP NEXT

WE WILL SOON BE STARTING SOME NEW AND VERY INTERESTING TOPICS, SO BOOKMARK US FOR FUTURE....

Sunday, January 17, 2010

WARNING - INFECTED VIDEO FILES (PHISHING)

 Hello to the readers of this blog,

There is currently a big problem on many forums, with People posting infected Self Extracting Video files.

If you download a Video in any form of file type (Rar, 001, Zip or other), which contains anything but a normally expected Video DO NOT OPEN OR RUN IT!!
No matter what file type (Rar, 001, zip or other) you download for a Video, if there is any exe, .bat or anything else but a Video file, DO NOT OPEN OR RUN IT! Reliable Uploaders will not use anything different than has been used for years as it is not necessary to change what worked. DO NOT Rely on your Anti Virus to detect an infection! They are unlikely to detect these infections as they are constantly changing.

Lastly, remember that the person/people posting these infections will probably read this and attempt to find new ways to get you to run their infected files to steal your Passwords/RS+MU Accounts, Rapidshare Points etc.

If you do so it will take your passwords that are stored in your browser, Messenger and attempt to send them out to the internet where your passwords will be used for a hackers benefit. This could mean that all your accounts such as Paypal, Forums, File hosts such as RS, MU, possibly Credit Cards and anything else of value could become Compromised and you MAY lose them or money! Virtually NO Anti Viruses will detect an infection so DO NOT rely on your AV protection! Knowledge is your BEST protection.

It is highly advisable not to use your browser to store your passwords as this makes you very vulnerable to password theft from any infected exe that you run, instead use a password manager such as the excellent Keepass or other password managers such as Roboform or Lastpass provided it is guaranteed free from infections, hint find an installer with a Digital Signature and use a serial or similar text registration method to register. Keepass is freeware so only get it from the homesite Otherwise a less secure method but better than nothing is to set a browser master password to provide some protection from password theft.

Generate password on this site:


http://www.pctools.com/guides/password/

Then set Browser master password in Firefox using the following:
1. Click 'Tools' on the top of Firefox
2. Click the 'Security' tab
3. Tick 'Use a master password'
4. Enter a master password making sure the password strength is high
5. Click 'OK'

The most secure method of storing passwords is Keepass and for setting up Keepass for automatic hot key login i'll tell you this later....

Notes for Uploaders

Because of the problems that Self extracting Video files are causing please avoid using Self Extracting Files (SFX) when creating your upload. Using this type of file is totally unnecessary and is of no benefit to downloaders or even yourself.
Re-uploading does not require the use of SFX. The best way is to use bANbUSTER for windows or one of the other methods.


If you Run or have Ran one of these Files:
Install KeyScrambler from the official website below and Change ALL your Passwords Immediately, preferably from a Clean PC! Although it is not believed or known to infect a PC after it has run, the possibility exists!

Additional Security Tips:


Keep your RS Premium/Collectors accounts Locked at all times to avoid having your Points Stolen, that is what it is there for! Also do not store your unlock code in your email, ensure it is totally deleted because if your passwords are stolen the unlock code will be found in your email! Files and multiple files can be deleted without the lock being removed using RapidUploader. In the Log File, select the files and right click and select Delete online. Do not keep unlock codes in your email, that will be the first place a hacker will look to unlock your RS account and steal your account, Points and files.

Make sure you have a Software Firewall installed, these will prevent unwanted programs from accessing the internet including Password Stealers. Ideally, get the software from the makers website and use a Key to activate for security reasons. Otherwise, ensure that the file you download has a Valid Digital Signature to ensure that the file has not been altered ie had a virus/trojan added to it. Good Firewalls are Comodo Freeware version which has very strong protection but is a large download or Outpost Firewall Pro which is smaller and can be registered with an easily available registration code which does not become blacklisted. Other firewalls are also very good such as Kaspersky Internet Security but this firewall requires constant registration code updates so can be a bit of a nuisance.

DO NOT use automatic rule creation. Use Prompt on attempted internet access and only permit programs you know need internet access AND are trusted! Some Malware writers name their executable with names like normal Windows programs such as Internet Explorer (iexplorer.exe) to try to trick you into allowing internet access. Other names could be used! You are advised to check the path of the executable attempting to access the internet to make sure it is running from the correct location. If you don't have the program running, then that is another give away for Malware. If you don't run the files then you will not be prompted and you will not have a problem.

 I strongly consider using KeePass (available free from the official site) to store your Passwords for a more secure browsing environment. After which, remove the passwords from your browser.

It is important that you delete ALL important stored Browser Passwords, including Google, PayPal, Bank Account, email, RS and MU accounts! While they exist you are at risk of theft. Also remove any stored passwords in your Messenger programs as these are also at risk.

DO NOT RELY ON YOUR ANTI VIRUS! These infections are so frequently changing that they can never detect all infections quick enough to protect you! Since Kaspersky and other Anti Virus have been adding these infections to their databases the hackers have had to come up with alternative ways to infect PC's. They are now producing custom packers which cannot be decompressed or checked by Anti Viruses so can not be detected. Mighty_Marvel has sent a number of these infected files to Anti Virus Companies to add them to their databases. Kaspersky has done so very quickly, taking approximately 2 hours, Nod32 has failed to add any of them and are still undetected by Nod32 on Virus Total even now.

For new Video files which have never been played  it is advisable to open the file directly with the Media Player rather than double clicking the file! This can be done with right click and Open With..... [Media Player] or drag and dropping the Media File to the Media Player (for some Media Players) or Opening the Media Player and using the normal file open menu options. This will avoid exe files hidden as Media files ie using Media File icons from being accidentally run.

It is advisable to change Windows folder options [File Menu--> Folder Options-->View tab] so that file extensions are always shown for all file types by unticking "hide extensions for known file types". This IS NOT the regular windows setting and can be a security risk.

If you want to check the files before downloading the whole TV episode/Movie then a small section can be checked to make sure it is what it is marked as being and that it does not contain an exe. If you download less than 5MB the uploader will not even get a RS point so will receive no reward for attempting to trick you ;) So if you download a very small section of less than 5MB and pause the download and then extract the video with WinRar using "Keep Broken Files" checked the video that you have so far will extract and you can check it before continuing the download. If it is a normal video file, is what it is intended to be and the quality is acceptable to you then continue the download and the uploader will get their RS points. Otherwise stop the download and give no reward to the uploader.

On this blog most of the files are uploaded by us and we do keep yours and ours security in mind so it's through checked for any Trojans or such Viruses but it's your responsibility to be safe from such threats.
That's exactly why this tutorial is for, To help you get a better understanding.

We all wish you safe Downloading! 

























































No comments: