Jump to content

Ferrari VR6

Members
 View Profile  See their activity

  • Content Count

    234

  • Joined

  • Last visited

 Content Type 

Posts posted by Ferrari VR6

  1. The least desirable colour?

    in General Chat

    Posted

    Forum threads are all about personal opinion, it's just that some people don't / won't respect other people's opinions and that's what causes problems as they take it personally, so, in my opinion, no one colour is better than another, i just prefer black and mulberry, it's like beauty is in the eye of the beholder and all that shite, just enjoy and don't take comments personally unless they're directed at you in which case you have every right to be pissed! right i'm off!!

  13. Virus Warning!!!

    in General Chat

    Posted

    There's a new high risk email virus doing the rounds (W32.Feebs.D@mm) whether it's related to inviztor @ hotmail . com i don't know but this is no hoax and is absolutely current, the global server team in the company i work for are currenlty lets say... tense :o

    For those who have no idea what all the computer talk is all about, it basically says that the virus is gonna repeatedly pump your pc in every orifice without a rubber and then pass on it's experiences to some arsole who will proabably then rob you! (check the text i've highlighted in red near the bottom)

    There are no virus scanner definitions currently written as it's so new so keep an eye out! %-6

    Below is some information from the Internet Storm Center and a description from the Symantec WebSite...

    ---------------------------------------------------------------------------------------------

    Published: 2006-01-11,

    Last Updated: 2006-01-11 22:28:25 UTC by Daniel Wesemann (Version: 1)

    We are currently analyzing a copy of .. something.  Attachment name "message.zip", detection by AV is still thin to nonexistent. When run, the code tries to pull additional files from web servers in Russia, so if you have a chance, you might consider blocking the following TLDs on your proxy / perimeter:

    1gb.ru  /  t35.com  /  hzs.nm.ru /  users.cjb.net /  h16.ru

    UPDATE 2200UTC:  message.zip contains a file named "Secure E-mail File.hta", which is according to current Virustotal output only detected by Panda and Kaspersky, the latter calls it Worm.Win32.Feebs.k . Samples we've seen come in an email with subject "Secure Message from HotMail.com user". The HTA file is nicely obfuscated, it has 2 obfuscation functions, one being easy unescape, while the other one is a bit more complex. Once it is executed by a user, it will run in the local zone, so it can use various ActiveXObjects. It will try to download executables from 5 web sites (domains listed above), all of which are up and working at this moment.

    Symantec

    When W32.Feebs.D@mm is executed, it performs the following actions:

    1. Drops and executes the following files using a malicious JavaScript, when the .HTA file is viewed:

    C:\Command.exe

    %UserProfile%\All Users\Start Menu\Programs\Startup\Command.exe

    Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

    2. Executes the worm, when the JavaScript shows a logon prompt for user name and password as a diversion tactic.

    3. Adds the value:

    "Stubpath" = "C:\COMMAND.EXE"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components

    \{CD5AC91B-AE7B-E83A-0C4C-E616075972F3}

    4. Adds the value:

    "(default)" = "%System\[PATH TO DLL WORM COMPONENT]"

    to the registry subkey:

    HKEY_CLASSES_ROOT\CLSID\{[RANDOM CLSID]}\InprocServer32

    so that it runs every time Windows starts.

    5. Adds the value:

    "[FILE NAME OF DLL WORM COMPONENT]" = "{[RANDOM CLSID]}"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad

    so that it runs every time Windows starts.

    6. Sends emails to all addresses found. The email has the following characteristic:

    From:

    The from address is a combination of one of the following names with one of the following domain names:

    Names:

    protect

    secur

    security

    securmail

    Domains:

    @hotmail.com

    @gmail.com

    @aol.com

    @msn.com

    @yahoo.com

    Subject:

    The subject may be the following string:

    happy new year

    Or alternatively it can be a combination of the following strings:

    [sTRING 1]

    Secure

    Protected

    Encrypted

    Extended

    [sTRING 2]

    Mail

    E-Mail

    Message

    Html

    [sTRING 3]

    [bLANK]

    System

    Service

    Service ([DOMAIN])

    from [DOMAIN] user.

    [sTRING 4]

    Thank you

    Sincerely

    Best Regards

    Subject is a combination of the strings in the following pattern:

    [sTRING 1] [sTRING 2] [sTRING 3]

    Note: The subject could look like one of the following:

    Subject: Protected Message from Gmail.com user.

    Subject: Secure Mail Service (HotMail.com)

    Subject: Encrypted E-mail from Yahoo.com user.

    Message:

    You have received [sTRING 1] [sTRING 2] from [DOMAIN] user.

    This message is addressed personally for you.

    To decrypt your message use the following details:

    ID: [RANDOM NUMBERS]

    Password: [RANDOM LETTERS]

    Keep your password in a safe place and under no circumstances give it

    to ANYONE.

    [sTRING 1] [sTRING 2] and instruction is attached.

    [sTRING 4]

    [sTRING 1] [sTRING 2] [sTRING 3],

    [DOMAIN]

    Note:

    The message could look like the following:

    You have received Encrypted Message from MSN.com user.

    This message is addressed personally for you.

    To decrypt your message use the following details:

    ID: 44321

    Password: mxsjstjgd

    Keep your password in a safe place and under no circumstances give it

    to ANYONE.

    Encrypted Message and instruction is attached.

    Best Regards,

    Encrypted E-mail Service,

    MSN.com

    Attachment:

    One of the following:

    msg.zip

    message.zip

    data.zip

    mail.zip

    The attachment contains the worm as an .HTA file with the following name:

    [sTRING 1] [sTRING 2] File.HTA

    Note:

    The attachment could look like one of the following:

    Extended Mail File.HTA

    Extended E-Mail File.HTA

    Secure Mail File.HTA

    Secure E-Mail File.HTA

    7. Creates the following files:

    %System%\MS[RANDOM].exe

    %System%\MS[RANDOM]

    %System%\MS[RANDOM]32.DLL

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

    8. Loads %System%\MS[RANDOM]32.DLL into all active processes and uses rootkit functionalities to hide its files and registry keys.

    9. Adds the value:

    "web" = "[http://]popcapfree.t35.com/[REMOVED]"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

    10. Stores several registry subkeys containing configuration info, stolen passwords, accounts, and email addresses:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\dat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\cdat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\fdat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\rdat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\sdat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\ldat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\gdat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\pdat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\udat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\idat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\ddat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[RANDOM 2 LETTERS]\kdat

    11. Modifies the value:

    "EnableFirewall" = "0"

    in the registry subkeys:

    HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\DomainProfile

    HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\StandardProfile

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile

    to disable the Windows Firewall.

    12. Searches for folders that contain the following strings:

    downloads

    share

    incoming

    13. Copies itself to any folders that it finds as the following files:

    3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip

    ACDSee_9_new!_full+crack.zip

    Adobe_Photoshop_10_(CS3)_new!_full+crack.zip

    Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip

    Ahead_Nero_8_new!_full+crack.zip

    DivX_7.0_new!_full+crack.zip

    ICQ_2006_new!_full+crack.zip

    Internet_Explorer_7_new!_full+crack.zip

    Kazaa_4_new!_full+crack.zip

    Longhorn_new!_full+crack.zip

    Microsoft_Office_2006_new!_full+crack.zip

    winamp_5.2_new!_full+crack.zip

    The .zip file contains a nonmalicious text file that matches the name of the .zip file. It is reported, however, that the text file's name does not include the following string:

    _new!_full+crack

    14. Attempts to lower security settings on the compromised computer by ending security-related programs and by stopping services with names starting with one of the following strings:

    armor2net

    armorwall

    avgcc

    avp6

    aws

    bgnewsui

    blackd

    bullguard

    ca

    ccapp

    ccevtmgr

    ccproxy

    ccsetmgr

    dfw

    dpf

    fbtray

    fireballdta

    FirePM

    firesvc

    firewal

    fsdfwd

    fw

    fwsrv

    goldtach

    hacker

    hackereliminator

    iamapp

    iamserv

    internet security

    ipatrol

    ipcserver

    jammer

    kaspe

    kavpf

    keylog

    keypatrol

    KmxAgent

    KmxBiG

    KmxCfg

    KmxFile

    KmxFw

    KmxIds

    KmxNdis

    KmxSbx

    kpf4gui

    kpf4ss

    leviathantrial

    looknstop

    mcafeefire

    mpftray

    netlimiter

    npfc

    npfmsg

    npfsvice

    npgui

    opf

    opfsvc

    outpost

    pavfnsvr

    pccpfw

    pcipim

    pcIPPsC

    persfw

    rapapp

    RapDrv

    smc

    sndsrvc

    spfirewallsvc

    spfw

    sppfw

    sspfwtry2

    s-wall

    symlcsvc

    ton

    tzpfw

    umxtray

    vipnet

    vsmon

    xeon

    xfilter

    zapro

    zlclient

    zonealarm

    15. Deletes all the startup registry keys associated with these services under the following subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[sERVICE NAME]

    16. Starts a local Web server on TCP port 80. When a user connects to the Web server, it loads the .HTA file and also gives a link to offline.zip which is a zip file containing the worm.

    17. May gather sensitive information from the compromised computer by monitoring open windows. This includes monitoring for WebMoney, ICQ and cryptography key files. This information can then be sent to a remote attacker.

    Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

    If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

    Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.

    Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.

    Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

    Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.

    Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

  18. Virus Warning!!!

    in General Chat

    Posted

    I expect inviztor @ hotmail . com is just another hoax that in itself can be classed as a virus...

    Check this one out, very cleverly written and made me pap myself when it arrived in my mailbox as it came from a user in the company i work for...

    From: xxxxxxxxxxxxxx

    Sent: 02 December 2005 14:57

    To: xxxxxxxxxxxxxx

    Subject: FW: Important

    A new virus has just been discovered that has been classified by Microsoft as the most destructive ever. This virus was discovered yesterday afternoon by McAfee . This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored.This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title:"A Card for You". As soon as the supposed virtual card is opened the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN. This alert was received by an employee of Microsoft itself. So don't open any mails with subject: "A Virtual Card for You." As soon as you get the mail, delete it!! Even if you know the sender !!!

    Please pass this mail to all of your friends.Forward this to everyone in your address book. I'm sure most people, like myself, would rather receive this notice 25 times than not at All!

    ------------------------------------------------------

    PLEASE DO NOT PASS THIS MAIL TO ALL OF YOUR FRIENDS, by forwarding these types of warnings on you are actually propagating the virus itself, i have posted the above to make an example of how easy it is for peeps to create panic with an email and fill the internet up with more spam...

    But still, it's better to be safe than sorry :)

  19. turbo vr6 v r32

    in General Chat

    Posted

    interesting one apd, i am and im sure lots of others are looking forward to hearing what the score is between your charged vr and your mates r32 cos a mate of mine that used to own a sc vr now has a r32 and he rekons the r32 is in a different league, i'm with you, i rekon he's just talking up his r32 and the sc vr will take the stock r32 but we'll see when you've done some... 'testing' ;)

  21. Comment about new site design...

    in General Chat

    Posted

    Pete, with all due respect and do think this site does have a clean fresh look, i prefered the old site, in my opinion it looked technically more advanced than this site, although the old site may have had it's limitations i thought it was excellent and really appreciated what you'd done with it... which leads me on to my next question, as this site is now your current production website, would you make the source for the old site available for premium members? !lol

  22. Comment about new site design...

    in General Chat

    Posted

    When the chatbox is on the right the whole balance of the site is incorrect imo...

    When the chatbox is on the left, the most used part of the site, the forum, is centrally located and makes navigating the site more user friendly, i use a 21" monitor at home and work and i almost have to turn my head to view the thread topics, i imagine it's the same for other monitor sizes but it's exaggerated for larger screens ?!

  24. my vr

    in Members Rides and Event Photos

    Posted

    lol you crack me up dub 25, almost as funny as matey's rover yesterday!

    this section is for pictures of member's cars unless i've missed the point?

    anyhow i'm liking your Mk3 golf 2.8 vr6 obd2, Vortech v9 'charger, shcrick manifold, Stage 2, stage 3 in a couple of months.....impressive spec! need i say more :)

  25. Whats Everyone Doing For NYE?

    in General Chat

    Posted

    I heard that many pub owners are trying to ban stag / hen parties or large groups of people that are doing the mile, have you heard the same mate? i think the reason is their places kept getting trashed by pissed up people or peeps fiytiin'! :) you know as well as i do you welsh boys like a good rumble after a coupla pints ;)

×
×
  • Create New...