Sunday, August 03, 2008

Shamanism resource or trojan virus or what?

Update 8/4/2008: It happened again - this extra-tricky threat surprised me through another ok-looking (at first glance) topic-of-possible-interest email. Once the email was open I saw it was a bogus Yahoo! Groups invite, but the malware downloads upon opening. The removal instructions linked below worked. Companion J. Marshall recommended installing and running Threatfire to complement the other protection programs. Maybe Threatfire will recognize this troublesome little fellow ahead of the download and maybe I will wise up more.

:en:Coxsackie B4 virus seen with an immunoelec...Image via WikipediaCaution: You just might receive - from somewhere, not us - an email like the one that showed up recently in Shamanic Shift Center's gmail inbox. The subject line claimed to give a resource for a free Sandra Ingerman presentation. It was all in lower case letters but out of curiosity and a desire for blog post topics I opened it anyway. Similar emails have arrived here often that were A-OK.

This email was slightly grammatically awkward but otherwise appeared legit and addressed me by name. But just opening this email - without clicking on any of its links - immediately infected 4 files on this computer with Trojan virus nasties! Of course the email suggests forwarding it to all your friends with an interest in shamanism. This approach to delivering malware can be used easily with any topic of interest.

I realized something was amiss because copy/paste suddenly stopped working altogether. Because I had been fooled into thinking this was a helpful announcement I right away attempted to copy/paste the details onto a notepad for copying/pasting into a blog post here after further investigation of the links. I didn't bother to further investigate the links because I then noticed the trouble with copy/paste. I had just been using copy/paste without trouble before opening this email.

All of a sudden paste would always give a specific URL that the sender wants everyone to visit, where more infections are triggered to download, surely. You probably start getting popop boxes strongly recommending that you download a virus scanner and run it, but the X in the corner of the popup box triggers the download when you click it. I saw these sorts of boxes before, back when I had to nuke all Shamantic!'s brilliant notion new style Web 2.0 php-scripted programs during one panicky hour right after I realized their databases had gotten infected through backdoor access to forms and other inherent vulnerabilities (then go back to simple html pages, as far as what we host ourselves).

Right away I ran the virus and adware scanners and the virus scanner Avast took care of the infestation. I also searched out these instructions for removing such things from the registry and checked the registry just in case. I also cleared the temporary files and cache and emptied the trash. Nothing extra was there after the anti-virus had finished. The adware scanner, Spybot Search and Destroy (which I find effective for adware) found nothing either because it looks for other kinds of nasties. All was well then, again.

So of course there are messages and gifts from Spirit and Spirits in this ordinary-reality encounter with Trickster! I will journey on it.

Zemanta Pixie


Bookmarks are here:
[ShamanicShift's StumbleUpon]

Directory Links
[Shaman Portal]