Subject Line:  Cease and Desist

Body may have very similar verbiage if not word for word :
“Dear Sir
It has come to our attention that your website contains a logo that is identical/substantially similar to our copyrighted Work.
Permission was neither asked nor granted to reproduce our Work and your Work therefore constitutes infringement of our rights.
In terms of the Copyright Statutes, we are entitled to an injunction against your continued infringement,
as well as to recover damages from you for the loss we have suffered as a result of your infringing conduct.
In the circumstances, we demand that you immediately:
1. remove all infringing content and notify us in writing that you have done so;
2. credit all infringing content to ourselves.
3. immediately cease the use and distribution of copyrighted material;
4. undertake in writing to desist from using any of our copyrighted Work in future without prior written authority from us.
Attached is a list of the copyrighted material in question.
We await to hear from you.
This is written without prejudice to our rights, all of which are hereby expressly reserved.”

If you receive this email IMMEDIATELY delete as it can infect your machine. Unlike most virus’s that are spread via email, it is not an EXECUTABLE file and comes across as a document with malicious content injected within it.

Possible attack alert reports are sent conveniently to your email address. Sometimes there are false positives and you can always Whitelist those as needed.

Login Lockdown – Protect your WordPress blog from malicious login attempts. This plugin allows you to lock out possible intruders by applying a WordPress lockout policy.

WP Security Scan – This plugin allows you to scan our WordPress install for any security issues or vulnerabilities and advises on how to correct findings.The plugin checks the following

-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security
-removes WP Generator META tag from core code

Admin-SSL – This plugin secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL

- Secures WordPress Login and Admin Pages
- Supports All SSL Setups (Private and Shared)
- Encrypts cookie contents
- Compatible with all versions of PHP 4 and 5

Replace WP-Version – If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog. This plugin replace the WP-version with a random string. This will remove this information that can be used against your blog.

First detected on the Internet in January 2007, the Storm botnet and worm are so-called because of the storm-related subject lines its infectious e-mail employed initially, such as “230 dead as storm batters Europe.” Later provocative subjects included, “Chinese missile shot down USA aircraft,” and “U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel

At certain points in time, the Storm worm used to spread the botnet has attempted to release hundreds or thousands of versions of itself onto the Internet, in a concentrated attempt to overwhelm the defenses of anti-virus and malware security firms.
Towards the end of 2008 Storm lost much of its steam and was pronounced dead by many security firms. Microsoft claims to have helped considerably in the effort of stopping the Storm worm with its Malicious Removal Tool.

Slammer\Sapphire Worm - The SapphireSlammer Worm was the fastest computer worm in history. As it began spreading throughout the Internet, it doubled in size every 8.5 seconds. It infected more than 90 percent of vulnerable hosts within 10 minutes.

The worm  began to infect hosts slightly before 05:30 UTC on Saturday, January 25. Sapphire exploited a buffer overflow vulnerability in computers on the Internet running Microsoft’s SQL Server or MSDE 2000 (Microsoft SQL Server Desktop Engine). This weakness in an underlying indexing service was discovered in July 2002; Microsoft released a patch for the vulnerability before it was announced The worm infected at least 75,000 hosts, perhaps considerably more, and caused network outages and such unforeseen consequences as canceled airline flights, interference with elections, and ATM failures. Several disassembled versions of the source code of the worm are available
Sapphire’s spreading strategy is based on random scanning — it selects IP addresses at random to infect, eventually finding all susceptible hosts.

3.) Blaster Worm - Also known as W32/Lovs.an.worm.a, Win32.Poza.A, Lovsan, WORM-MSBLAST.A, W32/Blaster-A, W32/Blaster, and Worm.Win32.Lovesan.

Discovered on August 11, 2003, the Blaster computer worm adversely affected Windows 2000, Windows NT, Windows Server 2003, and Windows XP. The worm attempted to download the msblast.exe file to the Windows Directory and then execute it. It also attempted to conduct a Denial of Service (DoS) attack on the Microsoft Windows Update Web server to stop the user from applying a patch on his or her computer against the DCOM RPC vulnerability. Within 24 hours of its detection, Blaster had infected more than 300,000 computers. Symantec Security Response downgraded the threat of the Blaster Worm to a Category 2 from a Category 3 severity rating as of February 26, 2004.

Sasser Worm – Sasser was first noticed and started spreading on April 30,  2004. This worm was named Sasser because it spreads by exploiting a buffer overflow in the component known as LSASS (Local Security Authority Subsystem Service) on the affected operating systems. The worm scans different ranges of IP addresses and connects to victims’ computers primarily through TCP port 445

Microsoft’s analysis of the worm indicates that it may also spread through port 139. Several variants called Sasser.B, Sasser.C, and Sasser.D appeared within days (with the original named Sasser.A).

• The effects of Sasser include the news agency Agence France-Presse (AFP) having all its satellite communications blocked for hours and the U.S. flight company Delta Air Lines having to cancel several trans-atlantic flights because its computer systems had been swamped by the worm.
• The Nordic insurance company If and their Finnish owners Sampo Bank came to a complete halt and had to close their 130 offices in Finland. The British Coastguard had its electronic mapping service disabled for a few hours, and Goldman Sachs, Deutsche Post, and the European Commission also all had issues with the worm.
• The X-ray department at Lund University Hospital had all their four layer X-ray machines disabled for several hours and had to redirect emergency X-ray patients to a nearby hospital

Conficker – A computer worm targeting the Microsoft Windows operating system that was first detected in October 2008. An early variant of the worm propagated through the Internet by exploiting a vulnerability in the network stack of Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta that was discovered earlier that month

• Conficker is believed to be the most widespread computer worm infection since SQL Slammer in 2003. The initial rapid spread of the worm has been attributed to the number of Windows PCs (estimated at 30%) which have yet to apply the Microsoft patch for the MS08-067 vulnerability.
• By January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million Antivirus software vendor Panda Security reported that of the 2 million computers analyzed through ActiveScan, around 115,000 (6%) were infected with Conficker.
• Intramar, the French Navy computer network, was infected with Conficker on 15 January 2009. The network was subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight plans could not be downloaded.
  
• The United Kingdom Ministry of Defence reported that some of its major systems and desktops were infected. The worm has spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and hospitals across the city of Sheffield reported infection of over 800 computers.
• On 2 February 2009, the Bundeswehr, the unified armed forces of the Federal Republic of Germany reported that about one hundred of their computers were infected.
• A memo from the British Director of Parliamentary ICT informed the users of the House of Commons on 24 March 2009 that it had been infected with the worm. The memo, which was subsequently leaked, called for users to avoid connecting any unauthorized equipment to the network.

• The worm is believed to have gained a foothold on the university’s network through an infected USB device, said a spokesman with the university’s school of health sciences. The Conficker worm managed to infect about 800 computers at the University of Utah last week, prompting the school to block Internet access temporarily to contain the infection.

Important lessons can be learned from these outbreaks. Make sure to keep your virus definitions up to date and patch your systems!

This software is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary or a central service. Best of all this service is free and easily removed if needed unlike Lo-Jack.

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner’s laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location.  At the same time, it is easy for an owner to retrieve location information if the need arises.

OSX,Windows XP\Vista and Linux versions available. You can install retrieval tools on another PC to pull information of the missing laptop if needed.

The OSX version is by far the most impressive boosting the ability to take snapshots of the perps using the built in webcam and using the isightcapture

Give it a try! Im sure I will be installing this on my laptops. (Can be used on Desktops,Servers etc too!)

• Make sure your OS has all Critical and Recommended Updates (Specifically MS08-067)
• Ensure your Anti-virus Software has latest definitions
• Don’t Panic ..Nobody really knows what will happen come 4/1/09
• For a Removal Tool specifically for Conficker visit http://bit.ly/3N38z or http://bit.ly/2h4ZGeGraph shows below how infection spreads

Graph below shows how Conficker spreads

With this software it claims it will speed up your system and fix malware,spyware,registry problems and a host of other issues. Do not fall for this scam!

This software once installed, acts just like any rogue malware software application which will appear legit, but is not. The worst part is that once the “anti-virus software” is installed, you have to pay the company to remove the junk. Not good stuff at all!

Among holding your system hostage and extorting the consumer, it will dump trojan virus’s and malicious software on your system once it is installed. Completely misleading and fraudulent in nature.

Misleading advertising, false claims, erroneous claims against free ‘competitors’, hard-core sales pushes when you call, software that lies about what it finds on the computer, and TrojanHorse type activity that actually slows down your computer and not speed it up. Safe to say that Finally Fast should be avoided at all cost’s. If you are victim to this garbage, please run Malwarebytes to clean. Steps to clean can be seen on my other Virus removal posts.

Thanks and Merry Christmas to All!

Choose your OS and Service Pack level to make sure you download the correct patch for your system

Also known as Antivirus Pro 2009 or Antivirus 2009 Pro is a rogue antispyware applications that infect the system registry, generate pop-ups and trick users into purchasing malware infested software.It looks as if it is legitimate but its not. This nasty infection can sure cause some headaches. It can infect Windows XP and Vista. Look below for the instructions on removal.

• Click on Start, click Run, and then type devmgmt.msc and click OK
• On the View menu click on Show hidden devices
• Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
• Highlight that driver and right click on it and select DISABLE
• Now RESTART your computer.
• Download a copy of Malwarebytes but DO NOT run it yet.
• Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
• Once the program is installed go to the UPDATE tab and try to update the program if you can.
• Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found

If you are unable to download or run MalwareBytes, you may have to reboot into Safe Mode and run the scan.

I would highly recommend purchasing MalwareBytes for your computer. Many features that are not with the Free version come included with the software purchase. Click HERE to support their efforts

If your an IT Professional, most likely you have dealt with a nasty Spyware or Adware infection that seemed impossible to remove.
This list was created spotlighting some of the most complex and hardest to remove Spyware and Adware threats around and links for removal instructions.

• ContraVirus - also known as ExpertAntivirus is a fake Spyware, Trojan removal application known to give exaggerated reports of potential risks on a computer.
• IEDefender – A rogue anti-spyware application with aggressive advertising and scare tactics.
• Smitfraud – A computer infection that may display false security alerts or popup messages stating that you are infected with a parasite. Cannot be removed by conventional methods.
• SpyCrush – Part of a group of rogue anti-spyware programs including Spylocked and VirusBurst. Creates system alerts to get users to purchase a full version of the SpyCrush rogue anti-spyware program.
• SpyDawn - A bogus anti-spyware program that may be installed on your computer without you knowing about it. Resembles a legitimate spyware removal program’s interface.
• SpyLocked – A well known bogus anti-spyware program that may be installed onto user’s computer through a previously downloaded Trojan or codec.
• SpyShredder – A dangerous corrupt anti-spyware program that hijacks your PC for malicious purposes. It may infect your machine through Trojans and browser security exploits.
• Trojan.Vundo - A Trojan downloader that generates exaggerated pop-ups on your machine’s screen. May install itself through browser security holes in your computer without your approval.
• VirusProtect - A rogue anti-spyware program which downloads and installs itself onto your PC through a Trojan called Zlob. The Zlob Trojan can be found bundled in video codecs used to view video files, especially with adult content.
• VirusProtectPro - A rogue anti-spyware program that installs itself onto your computer through a Trojan or web security holes. May change your desktop settings, hijack your web browser and redirect you to unwanted web sites.
• Winfixer -Displays false information about the user’s computer, confusing the user into believing that their PC is infected with viruses, spyware and/or other forms of malware. Very similer to programs like WinAntiVirus, WinAntiVirusPro, ErrorSafe, SystemDoctor, WinAntiSpyware, AVSystemCare, WinAntiSpy, Performance Optimizer, StorageProtector, PrivacyProtector etc.
• CoolWebSearch – A rogue anti-spyware program that installs itself onto your computer through a Trojan or web security holes. May change your desktop settings, hijack your web browser and redirect you to unwanted web sites.
• MyWebSearch – MyWebSearch is an adware application which, when initially analysed, was observed to display advertisments when the browser was active.

The SmitFraud Trojan virus tends to be another very hard to remove infection, and the steps are outlined below. And like Virtumonde below, it will usually trick the user into installing Rogue spyware\adware onto system by appearing to be legitimate spyware removal programs.

1. Download SmitFraudFix and place onto desktop

2. Restart computer in Safe Mode

3. Run SmitFraud.Exe and select #2. It will scan and than run Diskcleanup. Once the process has finished, it will restart.

4. After restarting, your system should be SmitFraud Free