Rootkit malware targets VMs

Similar Messages

• Ipod shuffle connected to a PC with a rootkit / malware

  OK, so I tried to search this and only found some "old" posts.......
  Sorry If this is already covered - Please provide a link, if it is - thxs.
  So my ipod was connected to a windows PC, I got an
  "unable to disconnect, in use by another program" error msg.
  - I knew the anti-virus wasn't scanning
  - decided to check the "open ports" and found a rootkit had opened
  ~ 20 ports and was communicated with a different country, on the other side of the world....
  - that PC is now a large PaperWeight until I do a "format c:"
  Do I have to worry about some windows malware on the ipod (I had about 2meg free) getting on to my mac ? I know windows malware / exploit has no effect on OS X. BUT Has anyone heard of someone writting malware / exploit for this scenario that could have some effect on OS X ????????

  I suppose if you enabled disk use, stored it on in the iPod, then copied the file to the computer you're wanting to play it on. If you mean directly from the iPod to a TV... no.

• Defense: Malware targeting Mac's

  Mac's users running any browser with JavaScript turned on by default are vulnerable to being tricked into clicking on a trick image and/or link.
  That image may appear to be a standard OS X window with a close box or the typical OS X looking window asking a question with OK or Cancel. It can look like anything really, it's purpose is designed to get you to click anywhere on it and initiate a download to your computer.
  Safari tries to be helpful and "Open Safe Files" by default, which is being used with numerous success to run code on one's machine, by bypassing the normal user action of 'open the downloads folder and then clicks on the download to run' process in exchange for convenience.
  Most Mac's are used with one person, and the initial setup of a new Mac (or a new OS X install) is the first user is automatically a Administrator User. Running one's typical day to day use while in Admin User mode gives any code running on one's machine more privileges and access than it would receive if the user of the computer created another OS X account and ran most of their computer use as a General User.
  The ultimate access for rogue code would be Root User, which on Mac's is turned off by default, however a temporary access window to Root User is allowed when a Admin User provides his or her Admin Password. Once rogue code gets Root user access, it's all over, OS X is completely compromised.
  The key to security on a Mac, or any computer system actually, is a process called "Compartmentalized Security" where the more privileges code receives, the more it's subjected to time and scrutiny to determine it's legitimacy.
  Web browsers are the forward troops facing a overwhelming enemy, the World Wide Web. Not one modern web browser is 100% safe, not Safari, not Firefox, not IE, not Chrome, not Opera. Neither are plug-ins or scripts that run within these browsers 100% safe.
  So the key to maintaining security is to provide a high level of "Compartmentalized Security" steps which shifts the exploit potential further down the privilege level so it can't do much of anything or gain further access.
  People can get carried away with downloading and installing software in a rapid fire manner, this provides a ripe opportunity for malware to get onto one's computer, even gaining root access right away.
  So in order to provide better compartmentalized security, provide more time and steps before potentially installing rouge code. I suggest the following actions:
  1: Run most of your day to day computer use as a General User with less privileges. This can be done by creating a new Admin User, logging out of the present user and into the new Admin User, then turning the first user into a General User.
  Whenever certain actions are needed, like accessing the Application's folder (where programs can be changed by malware) a Admin Name and Password will be required. A small hassle, but it provides another step for it to get past.
  2: Use Firefox web browser and the following Add-ons: NoScript, Ad Block Plus and Public Fox.
  Under the Toolbar customization, drag the NoScript button to the toolbar. NoScript turns off all scripts and plug-ins by default, which if you trust the site your on, you click the button for turning them on and the page automatically reloads.
  In Public Fox preferences, set a password on downloads, this way a popup window appears before any download occurs, keeping malware from sneaking into your downloads folder and potentially being clicked on.
  With Ad Block Plus, subscribe to the Easy List which automatically appears in the browser window. This will auto-update to keep advertising, which has been used numerous times as a attack venue, from appearing.
  Click&Clean, Ghostery, BetterPrivacy, FlagFox, WOT, HTTPS-Everywhere (from the Electronic Frontier Foundation) are also highly recommended add-ons.
  3: In Safari preferences, turn off "Open Safe Files" install the Ad Block Plus add-on and the Click2Flash add-on. If any add-on appears in the future to simulate what NoScript and Public Fox does on Firefox, then enable those add-ons.
  4: Check the staus of your browser plug-ins. These websites makes it easy, bookmark them in a obvious place so you remember to visit them routinely. As soon as a vulnerability appears, either update or turn off the affected plug-in in your browser until a patch is issued.
  https://www.mozilla.com/en-US/plugincheck/
  https://browsercheck.qualys.com/
  5: If you enjoy surfing the backalleys of the Internet and you have at least a decent dual core Intel based Mac, I'd highly advise installing the free VirtualBox and loading a free ISO of Linux Mint DVD 32 bit 10.10 (most consistent and easy to use, everything included, Linux distro)
  http://www.virtualbox.org/
  http://www.linuxmint.com/download.php
  The object is to load and install Linux Mint into the virtual machine like installing a operating system onto a regular computer. Once completed, then save a snapshot to revert to after your Firefox browsing session (in Linux) is completed. All and any potential malware, caches etc is flushed when you revert the entire guest OS back to the earlier state. Keep the Guest OS updated via the Software Update option and save a new snapshot.
  6: Use common sense, if it don't look right, then stop and flush the OS X based browser from memory via the Apple > Force Quit menu.
  7: Install the free ClamXav, it will remove the OS X malware it knows about, offering some after the fact defense and Windows malware from their files.
  http://www.clamxav.com/
  I don't advise a full time, always on and running anti-virus solution for Mac's due to Apple's tendancy to change the underlining OS themselves to thwart potential malware. So something like Norton which maintains tight control over OS X should be avoided.
  Malware on Mac's are a scarce thing because of Apple's top down approach, but trojans are a potential attack venue and people need to insure more steps to avoid being tricked.

  Thomas A Reed wrote:
   That causes problems for some apps, which won't run on anything but an admin account or on the account they were installed on.
  Then the programs need to be reinstalled for "All Users" which most do now by default or reinstalled for the new Admin account. Since the previously Admin is now a General User, it's not a issue. If the program needs Admin/Root access the user should be made aware of that fact and understand they just elevated privileges to a most dangerous level.
  Linux has a security key that displays in the menu bar that one has opened a "sudo window" which any code run during that time can have Root level access. Of course OS X has no such warning.
  And it's not a guarantee of security - a user who gets in the habit of authenticating to admin to install stuff from their Standard account is no safer than the user who gets in the habit of authenticating to install from their Admin account.  This is a good general suggestion, but may not work for everyone and provides practically no real security against "social engineering" by itself.
  The only guaranty of security is unplugging the power from the computer and tossing the machine into a pit of molten lead.
  The user is rarely installing/uninstalling or making such drastic changes to their machine that entering their Admin name/password is such a burden. Those rare folks who do reside in that realm or even for a short duration, log into the Admin User from the start and competent enough to know the difference anyway.
  Again, using things like these won't protect you by themselves.  How do you know if a site is trusted and should have JavaScript turned on?  And most folks are finding this malware via trusted sites that have had malicious JavaScripts "sneaked" into their code, through malicious ads or search engine optimization poisoning.  How can you know if your trusted site is affected?  And, given how much this malware has been jumping around over the last week, I seriously doubt Ad Block Plus can keep up.
  Well your LESS protected without them. So far the NoScript "web cop" Add-on has protected Firefox users from the MacDefender trojan by not allowing Javascript to run by default.
  Even if a trusted site has the malware and one turns off NoScript for that site, then Public Fox (with a password block on downloads) stops any automatic download from occurring.
  Ad Block Plus defends against advertising which has been used as a malware vector. It provides the option to whitelist  favorite sites which trust has been established by the user.
  Again the reasoning here is to provide a "security guard" approach, nobody gets in without approval.
  I'd highly advise installing the free VirtualBox and loading a free ISO of Linux Mint DVD 32 bit 10.10
  That is not a realistic suggestion for the average person, who will have neither the desire nor the knowledge to run Linux.
  Well note that I placed a condition on that advice, "if one likes surfing the backalleys of the Internet" as all browsers are venerable to some extent from direct website intrusions. So another "compartmentalization" level is required for sites that are prone to that sort of behavior which use images or warz as click bait.
  And mind me saying Thomas, it's rather presumptious of you to dictate what another would like or not like.
  Remember Apple opened the door to multiple operating systems running on their hardware, the PPC days are long gone, a brave new world is here where one can run all the major operating systems on one machine.
  Heck, Steve Jobs even used Linux on his Pixar renderfarm, I bet his MacPro runs everything under the sun just like my 17" Quad does.
  Apple is the second largest grossing corporation in the world next to Exxon, professional IT people like myself use Mac's now because of their ability to run all major operating systems. It's looking rather sad showing up to the job dragging a ugly bulky Dell when one can have a slim sexy looking silver MacBook Pro.
  So no need to get fan boy defensive any longer.
  Note that even folks with Safari's Open "safe" files after downloading option turned off have been affected by opening the installer manually.  And some have been alerted to the presence of malware by the automatic appearance of the installer.  I'd still agree, though, but would add that you should keep your Downloads folder cleaned out, so that any suspicious items that turn up will be easily recognized, and not mistaken for something you downloaded earlier. 
  As to Click2Flash, I think nobody should be on the web without it!  I don't trust Flash as far as I could throw Adobe.
   This should have been #1!  AV software has struggled to keep up with all the variants of MacDefender, malware sites move on sometimes an hour-by-hour basis and malicious code sneaks into trusted sites.  In all, no automated defense tool will protect you from a new threat...  only your "wetware" can do that!
  Well at least we agree on something, I actually don't approve of anyone using Safari AT ALL, because of it's lack of a NoScript option and failing every Pwn2Own contest.
  But there are those who will, by stubborness or brand loyalty, will continue to use Safari so I recommend at least a partial security solution.
  And since the MacDefender trojan uses Javascript, not Flash, Click2Flash offers little protection, just another preventative measure against other attacks.

• New malware targets Linux and Mac OS X

  http://www.techspot.com/news/50009-new- … -os-x.html
  pacman -S iptables shorewall
  then to block the malware as root do
  iptables -A INPUT -s 212.7.208.65 -j DROP
  iptables -A OUTPUT -d 212.7.208.65 -j DROP

  Why not just make sure WIFIADAPT isn't sitting in your home directory?
  How exactly is this thing supposed to install and run without the user's knowledge?
  I don't see that shorewall is required to block as you suggest. I could perfectly easily install those rules with just iptables.
  Note, too, that those rules won't block the malware, what they are designed to do as I understand it is to stop the installed malware from  communicating with the server. What I don't understand is why the advice is not to delete the malware. I could understand installing those rules as a precaution in case you later get infected and don't notice. But if as the article says you suspect you are already infected, why not delete the thing if it is really sitting in your home directory like that?

• How do i update from OS 10.4 to OS 10.5?

  Hi,
  I'm trying to update my OS from 10.4 to 10.5 but I can't find any software update on the mac website.  Any advice would be much appreciated!

  mr.casey.brewer wrote:
  I'm trying to update my OS from 10.4 to 10.5
  10.4 and 10.5 are both no longer supported by Apple, no security updates.
  With a 10.4 era machine, my advice is to stay on 10.4 until the wheels fall off, reinstall 10.4 if you have too from the disk after backing up files off the machine.
  Don't bother even upgrading the OS because, 10.6 is going to be ignored this summer when 10.8 is released.
  Apple has a terrible history of only supporting the last two OS X versions in circulation.
  10.6 is as far as you can go with that 10.4 machine, so why bother spending money for upgrading and software for a machine that's just going to be ignored for security updates again?
  Stay on 10.4 and be happy you really got some good life out of that machine, don't use it for online banking etc.
  Save your money for a new 10.8 machine coming out after this summer and be prepared for a radical change.
  Note: 10.4 is actually less of a malware target than 10.5, very few people on 10.4 still

• Hi please help.virus iPad? I have a iPad 2 , not jail broken, just 2 months old fresh from the apple store. Recently I have been directed to **** sites or a fake bad oink **** application, t

  Re: Mail virus and Trojan issues
  21-Jan-2013 14:58 (in response to Memoire)
  Hi please help.
  I have a iPad 2 , not jail broken, just 2 months old fresh from the apple store. Recently I have been directed to **** sites or a fake bad oink **** application, through various applications. From google chrome app, the photon app and safari.
  I always delete cookies and cache on exit. I use photon and puffin to watch flash player videos on tv series site with links such as put locker. I heard that there is no virus for the iPad but Trojans do exist.
  Pleae help, at first this was just happening with photon app now in 3 different apps, and it is directing me always to the same **** site. I don't watch **** so it's. it from cookies or whatever and my iPad has been randomly turning off and also the videos are working really badly now. Also there is a message red alert staying untrusted site and hacker may be intercepting your device. What is going on? Please help
  Is their a new redirecting Trojan or virus for iPad 2. ? If yes how can I remove it and will it cause permanent damage to my device? How could I have got this virus and in 3 apps. I'm also,worried as I use my iPad to buy things online etc with my credit card. What shall I do?.. Do I restore my device? How do I do that as I cannot connect to iTunes as I do not have a computer, just my iPad. Any help appreciated thanks.

  AlaskanElizabeth wrote:
  Happily- perhaps the most legit tech site on the Internet- cnet:
  http://news.cnet.com/8301-1009_3-57506159-83/apples-ios-and-android-are-new-favo rite-malware-victims/
  They broke a story on sept 4, 2012 titled "apple's iOS, the new favorite malware victims"
  Despite the dramatic title of the article, the only mention of iOS in the body was this:
  Even though malware is increasing in iOS, it still remains relatively low compared with other operating systems.
  And, it provides no examples or other documentation. And, unlike you, I don't consider CNET "the most legit tech site on the internet". I find them to be generally biased in their reiviews and heavily influenced by advertisers.
  http://www.forbes.com/sites/timworstall/2012/06/26/yes-apples-machines-really-ca n-get-viruses
  The Forbes article descibes issues with the Mac OS, of which there always have been some, though certainly far fewer than there have been on the Windows platform. It goes on to speculate :
  All those iPads, iPods and iPhones? Is this going to be a juicy enough target for the virus and trojan writers to at least attempt to attack, even given the difficulty of doing so?
  Again, the Forbes article doesn't mention any current viruses, trojans or malware that exist which will affect an unjailbroken iOS device.
  http://www.huffingtonpost.com/2012/05/15/iphone-malware-kaspersky_n_1515074.html
  And, the HuffPo article quotes Grebennikov thusly:
  "Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS," Nikolai Grebennikov, Kaspersky's chief technology officer, told Computing.
  Again, even Kaspersky doesn't say such things exist now, merely that they might.
  Speculation about what might happen in the future or articles focusing on the Mac OS or Android are not terribly relevant. So, if you do have any other citiations, preferably from a source that doesn't derive most of is revenue from the companies it reviews, that document a virus or trojan that affects an unjailbroken iOS device, I would be interested. I have not been able to find any. I thought, perhaps, as a professional, you might know of some.
  Thank you.

• New Norton Anti-Virus for Boot Camp Mac & XP partitions

  Has anyone tried this new Anti-Virus from Symantec?
  It has caught my attention, but I am not sure about infecting my Mac OS with a Norton product.
  Does anyone have any experience with, or comments about, it?
  Thanks!

  I went and looked... $69!?? for dual bundle? You may not want Norton AV messing with Leopard or need it; there is ClamXav; there are free AV for Windows, however I believe you want a full security suite (rootkit, malware, spyware, firwall, etc) for Windows.
  I remember back with Peter Norton Computing, great people - and product - nearly 20 yrs ago, but.
  And like I said, an excellent, top rated suite for same price would be Kaspersky.
  http://www.kaspersky.com
  Intego has a dual product program and suite, but I'm not a fan of BitDefender
  http://www.intego.com/products/

• Can a nook be used with os7

  Can a Nook be used with Apple products?  I don't want network or virus problems.

  Android is the most malware-prone, insecure platform there is - but millions of users seem to survive without dropping like flies!
  I can't answer Q.1 but as for Q2:
  How safe is your smartphone? (Android is the top malware collector)
  A major source of malware, apart from sites like Facebook and Hotmail, is the Android Marketplace:
  More than 50 applications available via the official Android Marketplace were initially found to contain a virus.
  Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times. The apps are also known to be available on unofficial Android stores too. Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server. It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it.
  Remote removal of the booby-trapped apps may not solve all the security problems they pose. The remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection.
  Moreover, more than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
  http://www.bbc.co.uk/news/technology-13422308
  The data being leaked is typically used to get at web-based services such as Google Calendar.
  The open nature of the Android platform was a boon and a danger, and as Facebook have already discovered it is also a very attractive criminal playground.
  http://www.bbc.co.uk/news/technology-12633923
  Smartphones and social networking sites are likely to become the next big target for cyber criminals, according to a security industry report.
  Symantec's annual threat analysis warns that the technologies are increasingly being used to spread malicious code
  Users of Facebook, Twitter and Google's mobile operating system, Android, are said to be particularly vulnerable.
  In several cases, the security holes were exploited and used to install harmful software on Android handsets - suggesting that criminals now view smartphone hacking as a potentially lucrative area, and Android is still in the firing line:
  http://www.bbc.co.uk/news/uk-15600697
  Android: it's getting worse: Juniper found a 400% increase in Android malware from 2009 to the summer of 2010.  We have since seen exponential grow in Android malware over the last several months. The Juniper Global Threat Center found that the months of October and November are shaping up to see the fastest growth in Android malware discovery in the history of the platform. The number of malware samples identified in September increased by 28% over the number of the known Android malware samples. October showed a 110% increase in malware sample collection over the previous month and a striking 171% increase from what had been collected up to July 2011.
  July 2012: Smartphones running Google's Android software have been hijacked by an illegal botnet, according to a Microsoft researcher.
  Botnets are large illegal networks of infected machines - usually desktop or laptop computers - typically used to send out masses of spam email.
  Researcher Terry Zink said there was evidence of spam being sent from Yahoo mail servers by Android devices:  http://www.bbc.co.uk/news/technology-18720565
  One question Juniper always get when discussing our research is if Apple’s iOS is more or less secure than Android? Maybe, but it’s not necessarily because of the security or lack of vulnerabilities in the platforms themselves. The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught.
  http://globalthreatcenter.com/?p=2492
  At least six different varieties of malware were discovered hidden in applications that were distributed through a Chinese download service.
  Several pieces of malware were also found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected.
  The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack.
  (Apple closed out 2011 with a commanding 52.1 percent share of mobile devices tracked browsing the Web, while Google's Android had just 16.2 percent.)
  And most recently this:
  Millions of people are using Android apps that can be tricked into revealing personal data, research indicates.
  Scientists tested 13,500 Android apps and found almost 8% failed to protect bank account and social media logins.
  These apps failed to implement standard scrambling systems, allowing "man-in-the-middle" attacks to reveal data that passes back and forth when devices communicate with websites.
  http://www.bbc.co.uk/news/technology-20025973
  And this:
  Freezing an Android phone can help reveal its confidential contents, German security researchers have found.
  The team froze phones for an hour as a way to get around the encryption system that protects the data on a phone by scrambling it.
  Google introduced the data scrambling system with the latest version of Android called Ice Cream Sandwich.
  The attack allowed the researchers to get at contact lists, browsing histories and photos.
  http://www.bbc.co.uk/news/technology-21697704
  Update from May 2013:
  Malware targeting mobile devices is rapidly growing in both the number of variants found in the wild and in their complexity and sophistication, but the only platform being actively targeted is Google's Android, which researchers now say is resembling Windows on the desktop PC.
  http://appleinsider.com/articles/13/05/14/mobile-malware-exploding-but-only-for- android
  And in early June 2013 a highly toxic trojan began attacking the Android platform:
  According to reports:
  Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.
  By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges," Unuchek said. "As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges."
  More information here:
  http://arstechnica.com/security/2013/06/behold-the-worlds-most-sophisticated-and roid-trojan
  A recent study on smartphone malware has found that 92 percent of nefarious mobile software is targeted at Google's Android platform, and the amount of attacks are growing:
  The latest data released in June 2013 by Juniper Networks reveals that Android malware has grown at a "staggering rate" over the last three years. In 2010, it accounted for just 24 percent of all mobile malware, while as of this March the platform accounts for nearly all of it.
  In the last year alone, the total number of malicious apps has grown 614 percent to 276,259. The annual Mobile Threats support also identified more than 500 third-party Android application stores worldwide that are known to host mobile malware.
  http://newsroom.juniper.net/press-releases/juniper-networks-finds-mobile-threats -continue-ram-nyse-jnpr-1029552
  The far reaching vulnerability, discovered by San Francisco's Bluebox Security, involves "discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature."
  Android apps (packaged as an "APK") are signed with an encryption key (just like iOS apps) to prevent a malicious party from changing the code. Signed apps are expressly designed to enable the system to detect any tampering or modification.
  However, due to the newly discovered Android flaw, a rogue developer can trick the system into thinking that a compromised app is still legitimate, giving it system wide access to do virtually anything.
  "A device affected by this exploit could do anything in the realm of computer malice, including become a part of a botnet, eavesdrop with the microphone, export your data to a third party, encrypt your data and hold it hostage, use your device as a stepping stone to another network, attack your connected PC, send premium SMS messages, perform a DDoS attack against a target, or wipe your device," a representative of the company wrote AppleInsider:
  http://appleinsider.com/articles/13/07/03/security-flaw-opens-all-modern-android -devices-to-zombie-botnet-takeover
  The problem (with Android) is: that committee design has failed to make Android a good platform for either users or for developers. By not making any hard choices and giving people what they said they wanted, Google simply abandoned the future to cling tenaciously to the past.
  Rather than conceptualizing and engineering really new solutions to historical computing problems as Apple did with iOS, Google has only attempted to wrest control away from iOS via volume shipments and has effectively sent mobile computing back in time into the 1990s, resulting in the same malware, spyware, viruses and usability issues of Windows.
  http://appleinsider.com/articles/13/07/14/editorial-googles-android-haunted-by-s teve-jobs-warnings-on-app-signing-security
  The Department of Homeland Security considers the malware threat from Android so serious that they issued a public warning on July 23, 2013:
  http://info.publicintelligence.net/DHS-FBI-AndroidThreats.pdf

• Is it safe to do my banking on my iPad 2

  I usually do my banking on my laptop which has norton installed.  Is it safe to use my iPad2 to do all my transactions and view my accounts. Also is is safe to purchase items of eBay, amazon etc

  If your laptop runs Windows (which the vast majority of viruses, trojans and other malware targets), the iPad is infinitely safer, as none of those threats can affect the iPad.
  You still have to take the same care about connecting to secured wireless networks as you would any other WiFI device, as once the data is in transit over the internet it's out of your hands.
  Many banks and financial institutions, shops etc. provide their own iPad apps for managing your accounts. NatWest is one in the UK: http://www.natwest.com/personal/online-banking/g2/ipad-users.ashx

• How do I import a legally purchased copy controlled cd into itunes?

  I have Coldplay's X&Y, and I can't import it into my iTunes library. I have searched and it seems people like me (with a PC) have had success by holding the shift key. What are you supposed to do after holding the shift key? Any other techniques to get it into my library?
  Thanks.

  Many CD protection schemes do not work on a Mac and the Mac will happily rip away. Therefore you could borrow a Mac to rip it, and then either burn it to an unprotected CD or copy it to your PC.
  The shift key solution (for some schemes) you mention, apparently is equivalent to turning off auto-run (which I have permanently turned off). This stops the CD installing its copy-protection software, or in the case of some Sony CDs - out and out rootkit malware. See http://en.wikipedia.org/wiki/SonyBMG_CD_copy_protectionscandal
  PS. You could of course dump your DRM infected PC and stick with a Mac.

• Failed to load Core DLL-Adobe Reader XI

  This is the error message I got when I downloaded and upgraded from a perfectly functional Adobe Reader 9.5 to Adobe Reader XI.  It did download in protected mode but I didn't have any problems with it last time I upgraded and downloaded in protected mode.  My OS: Windows 7 -64 bit with IE 10.  I hope this doesn't have any problems with my antivirus software ....since my last blue screen of death experience >.< due to a trojan horse virus that wrecked everything ....so bad I had to use system restore.  So, I bought Norton 360 with the intention of having my computer like Fort Knox!  However, I have no idea how some of the stuff works on it though...lol
  Can you help me please?

  My situation was fixed by recommendation in thread http://forums.adobe.com/message/5211542 to scan for a rootkit malware. The scanner found 1 object in my case, and the scanner utility's Cure removed the rootkit. After that, Reader works perfectly for me.

• Bizarre windows server behavior

  Ok so I have a Windows server that is doing some bizarre
  stuff. My first thought is some sort of worm/virus but nothing
  detects anything. What is happening is let's say I am on the
  server and do an FTP command. If I monitor my firewall it reports
  that Service tcp_Ftp is active but operating on source port 1585.
  If I try and do an http request from a browser it says Service tcp_http
  is active but source port is reported as 1562. It is picking random
  ports to perform the operation. Also I see sequential scans for ports
  via UDP port 1434, which has been associated with SQL Slammer in the past.
  As I said though, no virus scanner detects anything. I would say it is a
  corrupt IP stack or something except that the web server that runs on it
  functions as normal. WTH?
  This is an older W2k SP4 server that is not internet facing.

  > I assume that's normal. Windows XP and earlier uses random source ports
  > between 1025 and 65535. Vista and higher by default use source ports
  > 50000 and up.
  Well, that's what I was thinking as well. I think it is actually correct
  but was wondering about it. I think the unusual traffic I was seeing was
  that the firewall was blocking part of the MSSQL communications so it was
  wandering all over the map with these port numbers trying to connect. Once
  I unblocked it the strangeness went away. I was just concerned that the
  firewall was blocking something malicious so I threw every anti-
  rootkit/malware utlity at it that I had. Nothing came up so I guess problem
  solved.

• I paid my iphone and it still isn´t mine becouse i can´t use it the way i want, why ? for example i can´t do nothing without iTunes ?

  I paid my iphone and it still isn´t mine becouse i can´t use it the way i want, why ? for example i can´t do nothing without iTunes ?
  this is so stone age and android is so futristic compared to iphone since android can be use the way anyone wants and you can share or send anything to anyone with just using wi-fi direct or BT not to talk about free apps and music and video downloads :S so i have paid for my iphone but still it isn´t mine since im limited in a use of it

  Let's try to explain this:
  iPhones operate on iOS, which has the highest level of safeguards against malware.  There have been ZERO reported & confirmed cases of a non-jailbroken iOS device suffering from malware.
  Android's operate on an OS that actually ALLOWS significant modifications to the system, which, by definition, allows malware to easily infiltrate the device.  Does it happen to all Android users?  No.  But percentage wise,it's basically infinitely more likely for an Android user to suffer from malware than an iOS user.
  79 percent of all mobile device malware targets the Android platform.  That's means an Android is 113 times more likely than even a jailbroken iOS device to suffrer from malware.
  http://www.v3.co.uk/v3-uk/news/2291561/android-malware-makes-up-79-percent-of-to tal-threats-warns-us-department-of-homeland-security
  Apple iOS and "other" operating systems were both listed as being the victims of 0.7 percent of all mobile malware.
  The low number of threats targeting Apple iOS, despite the popularity of its iPhone and iPad devices, is largely due to the closed security model. This model forces developers to sell their wares on Apple's official App Store, which closely vets all applications before allowing them into the marketplace.

• Unable to install anything

  Earlier today I tried to open up AIM on my Mac Mini and it refused to work. I restarted my computer and tried again. Again, it didnt open so I uninstalled it and attempted to reinstall it. When I tried to reinstall it, the installer wouldn't open. So next I tried to open another program, and the same thing happened. I restarted, uninstalled, and tried to reinstall, but again the installer wouldnt work. I tried one last time with a third program and the same thing happened.
  Yes all of these programs were universal binaries.
  Does anyone have any idea why this is happening?
  Thank You
    Mac OS X (10.4.8)  

  It would not be possible to state with 100% certainty that you don't have a virus on your system, but it could be said with 99.99% certainty!
  There are no known viruses, Trojans or Spyware that would be capable of affecting a MacOS-based system, and in the absence of any evidence from the security specialists who monitor these things that malware targeting MacOS has been found in the wild it is most unlikely - bordering on the completely improbable - that you have such a problem.
  What is most likely to have happened is that part of the Finder, the application which runs the desktop and controls your access to the system, has been damaged, or the directory structure on the hard drive has been corrupted. This sort of thing can happen if wrong versions of some types of software are installed - for instance if something like a copy of DiskWarrior written for MacOS 10.3 is used on a system running MacOS 10.4.
  If you can't get anything at all to run, I think the best course of action would be to boot the system using the original install disk by inserting that disk, then rebooting whilst holding down the C key. That should give you access to the MacOS installer. Before you run that, open and run Disk Utilities, and select the internal hard drive on the left. Click Repair Disk. This will very and repair errors on the hard drive. Unless it finds errors and reports it cannot fix them, you should then do an 'Archive and Install'. This will archive your current settings and applications and create a new copy of MacOS. When that's up and running, you can then reinstall your software. Bear in mind that you don't really need to install AIM, because iChat interfaces with the AOL instant messenger service, so you can use that instead.

• Security - pop up ads coming up on my mac - looking like it's mac security

  Hello, pop up ads coming up on my mac -
  For the first time in 4 years, My mac is getting ads (looking like mac windows) for 'anti'malware' and ads (looking like mac) saying that I have viruses and to download to erase them. I have seen this twice this week. It is NOT from mac protection (although it looks like your computer and HD). This is happening in firefox - what can I do to block this??? (i already have blocked suspicious sites, etc)?
  I called Mac - they said this is malicious software and has been happening in the last 2 weeks - to not download anything (which I hadn't) and that they ask for a credit card number and download possible viruses.
  I changed something in my system preferences in safari - but use firefox usually - is there anything I can do in safari to not get these??

  On my iMac, I opened Safari -> Preferences -> General and unchecked ''Open “safe” files after downloading'' to protect against the recently reported "Bogus MacDefender malware".<br>
  Ref: <br>
  http://thenextweb.com/apple/2011/05/02/bogus-macdefender-malware-campaign-targets-mac-users-using-google-images/
  Firefox would not automatically open a downloaded file that could start a software installation, as far as I know. The file would be saved and you would need to open it manually, as a Firefox user mentioned here:
  http://www.mac-forums.com/forums/apple-rumors-reports/237155-macdefender-malware-targeting-mac-users.html
  You can do other things to keep safe online with Firefox, such as making sure all your plugins are up to date by visiting www.mozilla.com/plugincheck/ and disable any plugins in Firefox that you aren't using, via "Tools -> Add-ons -> Plugins" . See [[Troubleshooting plugins]] for more info.
  If you already installed the malware, the [http://thenextweb.com/apple/2011/05/02/bogus-macdefender-malware-campaign-targets-mac-users-using-google-images/ first link I posted] explains how to remove it, which I've copied below.
  Luckily, disabling and removing the bogus MacDefender application is easy. If you have been infected and want to make sure it no longer resides on your system, follow the steps below:
  #To ensure you do not automatically download the app, uncheck the following: Safari > Preferences > General > uncheck “Open “safe” files after downloading”.
  #Searching for the application and deleting it directly may fail, saying the app is in use. To stop it running, check Activity Monitor (in Applications > Utilities) and disable anything that relates to MacDefender.
  #Look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons for references to the malware app.
  #Once quit, head to the Applications folder and drag the MacDefender app to the trash, then delete trash.
  #To ensure all references to the app are cleared, run a search using Spotlight and delete all MacDefender references you find.
  The removal of the app is somewhat easier than on Windows, mainly thanks to the security of the Mac OS X operating system. The malware looks to proliferating off the back of attacks on websites that are serving images on Google Images – it is recommended that you browse safely, utilising other image searches for the time being.
  If you feel uncomfortable following these instructions, you should visit Apple Support or the Apple discussion forum, where I found many related threads about this malware, including https://discussions.apple.com/thread/3029144