Saturday, May 16, 2009

Wolfram|Alpha launches

Wolfram|Alpha is finally launched! Wolfram|Alpha is a computational knowledge engine that to interpret the questions/queries and tries to formulate answers. It is not a search engine, it is a combination of encyclopedia and real-time data mining. Wolfram|Alpha tries to structure the information scattered in world wide web. It could be great for scientific (physics, mathematics etc.) queries as it uses Wolfram Mathematica to compute answers. It is still in alpha stage and has a long way to go. Try it out!

By the way, Wolfram|Alpha has answer to life, the universe, and everything. It's 42 ;)


And, you will see this when Wolfram|Alpha website traffic exceeds its bandwidth limit:


Google is working on a similar tool called Google Squared, which aims to structure the unstructured information.

posted by swatkat at 9:30 PM DiggIt! | Del.icio.us | Reddit | 0 comments

Saturday, April 18, 2009

New rogue: AV Antispyware

AV Antispyware is new rogue software that belongs to MS Antispyware 2009 family. The AV Antispyware installer is dropped by a fake codec hosted at http://lvl-softwares.com (195.88.80.41) (do NOT visit this site).


VirusTotal scan result for the dropper can be found here, and AV Antispyware removal guide can be found here.

posted by swatkat at 9:51 PM DiggIt! | Del.icio.us | Reddit | 0 comments

Wednesday, March 18, 2009

Waledac's new geo-sensitive social engineering

Waledac spammers are using yet another social engineering tactic to spread their malware. As usual, the spam mails contain link to dubious websites. One of such spam mail can be seen in the following screenshot:


These websites look like a Reuters news webpage reporting "powerful bomb blasts" near your area/city, with a video clip embedded in it. To see the video, the site persuades you to download a fake Flash Player.

These fake websites are geo-sensitive and they figure out the place/city of a visitor (based on visitor's IP address) and report it as the location of "bomb blasts".  This technique is called geo-targeting. An innocuous PC user may fall for this trick by thinking that bomb blasts have really occurred in his/her area and download the fake Flash Player! Following screenshots show the location sensitive website content (check the place where blasts are reported; they change based on the visitor's gepgraphical location):



As of now, fake webpage is located at yyr.breakingkingnews.com (81.241.128.178) (whois).

VirusTotal results of the malware hosted at the above site can be found here and here. An automated analysis by ThreatExpert can be found here.

posted by swatkat at 8:10 PM DiggIt! | Del.icio.us | Reddit | 0 comments

Sunday, March 15, 2009

SysProt AntiRootkit v1.0.1.0 released

Another update for SysProt AntiRootkit! The latest version, SysProt AntiRootkit v1.0.1.0, contains few bug fixes and enhancements. The changelog is as follows:
  • Added a "activity bar" to indicate scan progress
  • Optimzed device driver scanning
  • Added help file
  • Fixed process and driver scanning bugs in Windows 2003 SP1 and SP2
Get the latest version here.

posted by swatkat at 11:20 PM DiggIt! | Del.icio.us | Reddit | 1 comments

Thursday, March 12, 2009

Yauba - Privacy Safe Search Engine!

Yauba is a brand new search engine from India. Yauba's search result quality is great and is comparable to that of Google. Yauba neatly organizes the search results and also shows text/image previews of websites.

One of the important features of Yauba is its stress of user's privacy and security. Yauba operates in complete incognito mode and does not collect any personal data. Their privacy policy goes like this!


Here's an excerpt from Yauba's site, which tells us about their privacy practices:
Most search engines try to gather and record as much information about their users as possible. They (or their parent companies) operate massive server farms with even more massive databases that secretly record your entire search history, your private contacts, the identity of your family and friends, your personal emails, your conversations and chats, your browsing habits, your physical location, details on the software you use on your computer, your IP address, and much much more. This is no exaggeration. Indeed, if you ever saw exactly how much most search engines actually know about your private details, you would be completely shocked.

At Yauba, we completely reject the view that search engines somehow need to keep mountains of data on their own users. Instead, we take the exact opposite approach. We do everything we can to protect the privacy of our users.

  • This is why we do not keep any record of any of your search terms, browsing habits or any other personally identifiable information.
  • This is why we automatically delete any and every piece of personally identifiable information from our servers on a continuous basis.
  • This is why we can have the shortest privacy policy (9 words) of any major Internet service in the world.
  • This is why you can visit almost every Internet site through the main Yauba service on a completely anonymous basis (with the only exception of file types that use other external third party software or plug-ins for downloading or playing).

Yauba is still in Beta/Late-Alpha state, and I think it is a very good service. Try Yauba at http://www.yauba.com/

posted by swatkat at 11:55 PM DiggIt! | Del.icio.us | Reddit | 2 comments

Sunday, March 08, 2009

SysProt AntiRootkit v1.0.0.9 released

Here's the latest version of SysProt AntiRootkit. Now, SysProt AntiRootkit v1.0.0.9 supports Windows Vista (32 bit)! Check out few screenshots that show SysProt AntiRootkit in action:

Kernel modules:



SSDT hooks:



Kernel inline hooks:

Following list summarizes the changes in SysProt AntiRootkit v1.0.0.9:
  • Added Windows Vista support
  • Improved device driver detection
  • Faster "Kernel Hooks" scan
  • Faster "Ports" scan
The latest version can be downloaded from here. Supported operating systems are Windows 2000/XP/2003/Vista, 32 bit versions. Feedback is welcome :)

posted by swatkat at 2:22 AM DiggIt! | Del.icio.us | Reddit | 3 comments

Monday, January 26, 2009

New rogue: IE-Security

IE-Security is new rogue software that belongs to IEDefender family. The IE-Security installer, ie.exe, is hosted at 216.240.151.112 and http://ie-security.com (216.240.151.135). The user-interface of IE-Security is a rip-off of Microsoft Windows Defender.


VirusTotal scan result of IE-Security installer can be found here. By the way, people at IE-Security provide 27x7 support ;)


Files dropped by IE-Security installer:
%PROGRAMFILES%\IE-Security\ies.s1
%PROGRAMFILES%\IE-Security\ies.s2
%PROGRAMFILES%\IE-Security\ies.s3
%PROGRAMFILES%\IE-Security\ies.s4
%PROGRAMFILES%\IE-Security\iescan.exe
%PROGRAMFILES%\IE-Security\uninstall.exe
%USERPROFILE%\Desktop\IE-Security.lnk
%USERPROFILE%\Start Menu\Programs\IE-Security.lnk

where,
%PROGRAMFILES% is \Program Files\ directory in root-drive,
%USERPROFILE% is \Documents and Settings\UserName\ directory in root-drive.

Registry keys created by IE-Security installer:
HKEY_CURRENT_USER\Software\IE-Security
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IE-Security"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security

posted by swatkat at 7:59 PM DiggIt! | Del.icio.us | Reddit | 1 comments

AntiSpyware 2009 and AntiSpywareBOT: Neighbours in crime!

Well, 590-B Schillinger Rd. South, Mobile, Al, 36695 seems to be the John Doe of addresses. Recently ParetoLogic blog posted about the address of the makers of rogueware AntiSpyware 2009. It seems that the headquarters of 2Squared, makers of rogueware AntiSpywareBOT, is also located in the same street. Even these guys have got a high-tech, high-profile CGI office ;)

posted by swatkat at 4:08 PM DiggIt! | Del.icio.us | Reddit | 1 comments