Blog Archives

False Twitter Invitations Leading to Spyware?

I’m sure some of the people who read this post follow “Welcome to the Underground” Blog and maybe other blogs  by Twitter. However, did you know that some hackers send false Twitter invitations to lure people into installing spyware or downloading viruses?

Ever since Twitter became the major channel for information spread by Iran presidential election protestors, its popularity has rocketed upwards. Even the news of the Phoenix discovering ice on Mars was first announced on Twitter. However, all good things have a bad side. Cyber criminals are now sending false Twitter invitations to prompt installation of Trojans and virus worms!

From the format and content, the false invitations looks like that it’s a real one sent by the Twitter official site. However, if you look at it closely, you’ll find that the false invitation does not have the “inviting” link in contrary to the real invitations. In its place is a link that downloads a file called “invitation.zip” in the background that you cannot control, and lures the people who are considering joining Twitter into downloading the virus contained in the “invitation.zip”.

The virus in that zip file has been identified as a worm” W32.Ackantta.B@mm” by ESET nod32 antivirus (it’s definitelyNOT an email address!). This worm earlier appeared in February’s invitation card attack, which collects email addresses from the infected computers, and copies itself to those multiple addresses (this is how it’s supposed to work, but it’s usually blocked 90% by stronger av programs such as ESET or AVG).

I remind readers to upgrade their antivirus and communication software to prevent getting infected.

Share this Post

Rockin’ Friday – Beating iTunes

Welcome back to another edition of Rockin’ Friday! Today I will be talking about how one might wrestle out of the grip that iTunes has on your musical freedom.

A little introduction first for those who have been living under a rock for the past few years. iTunes has become one of the more dominant media-players, and with that the iTunes Music Store has become the dominant online music store. However, by buying a song from there (which admittedly is very easy, cheap and of a very good, reliable quality) you get the song in a protected AAC format. What does this mean? Basically you’re restricted to listening to the song in iTunes and on your iPod. Not even Apple’s other media programs, such as iMovie, allow you to use protected songs. And this can be a major pain.

Recently, Apple have released ‘iTunes Plus’ which allows you to pay slightly extra to have the protection removed. However, this indeed costs money and only exists for a small few of the songs that Apple sell. For those who need other methods, I’ve been looking into other ways to combat this restriction.

For Windows users, there are relatively few free ways to do this, as the programs are shareware. The most prominent of those that came up on Google was one called SoundTaxi. This has a free trial, but will eventually cost you $19 or more depending on the version. Once it converts the file, it will preserve the song, artist, album name and other metadata.

A free, but perhaps more inconvenient, alternative is QTFairUse 6. This is indeed free, but does not preserve metadata. It also requires Python to run, rather than being a program. The other downside is that it doesn’t seem to work in iTunes, although this could be just on the Mac version of iTunes. So if you’re a little adventurous, give this a try, but otherwise stick with SoundTaxi.

For Mac users, we have a program called FairGame, which is actually quite ingenious once you get it working. It requires a little setting up, but it is essentially a script that uses iMovie to convert your file in to a .wav, and then iTunes to convert it into an .mp3. It runs into a lot of problems, and disrupting it in anyway up until you have a .wav will mean you have to start all over again, but otherwise it works pretty well. And it’s free!

So that’s all for today, enjoy your weekend and see you next week!

Rock on! \m/

Peer Guardian 2

Peer Guardian 2 beta

Do you like to download torrents and have you ever wondered if people can track what you are downloading?

Well, heres the deal. Yes, you CAN be tracked. Just as well, companies can ping you can slow down your download speeds a LOT.

“PeerGuardian 2 is Phoenix Labs’ premier IP blocker for Windows. PeerGuardian 2 integrates support for multiple lists, list editing, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), making it the safest and easiest way to protect your privacy on P2P.” ~Phoenix Labs

PeerGuardian blocks these ips and helps keep your computer safe from prying eyes. Doing some research, we found a bit of information on PG2

“Peerguardian works by blocking ranges of IP’s which are known to be unsafe. Depending on what you see, either they are trying to make a connection to you or you are trying to make a connection to them. It protects in ranges of P2P (addresses not good for P2P since they are logged or they are RIAA/MPAA spy IP’s) and other such as Ads etc. It is usually them trying to get into your computer because you have something they want, or maybe you’re connecting to them to try and get something. But whatever is blocked, is best blocked just for safety sake. note that if you are using filesharing – it is allowing people to get in to get files (that’s the point of filesharing) or if you are viewing websites you are making physical connections to toher computers. Peerguardian displays SOCKET OPENS – meaning that a connection was attempted. I don’t believe they are cracking in unless you are doing nothing wile being attacked, and it is against most ISP’s rules – hence illegal. I don’t think the US Navy is trying to get into your computer as such – maybe one of their computers have been hacked and being used as a relay or an employee is using it to hack – or someone not them is using their IP range. Even people in these gov’t IP ranges have been caught sharing. And no, I don’t think they are doing it for evidence in this case, but say BT users or Kazaa or anything else users, it is them (dangerous RIAA) initiating a connection to you in a perfectly legal manner because that’s what the software does – let people in. ANd you agreed to it on installation. Better yet, it goes the other way too – you make a connection to them to try and download and ur caught red handed.” ~ CD Freaks Forum

Peer Guardian is really effective, but only as effective as the blocklists. if some IP gets onto the list and it’s NOT a bad IP, then Peer Guardian actually HINDERS you. But for the most part it works very well. This is most noticeable when trying to use specific P2P programs like LimeWire or Xfire. (xfire tends to send pings back and forth from its internal servers and gaming servers as well as people on your friends list. LimeWire is a similiar case but this time other people are trying to connect to you). Don’t try to game online while using PG, you will not be able to connect unless you unblock the correct ips.

So, where do you go to get peerguardian? And does it cost anything?

Well, its open source, hence FREE.

for downloads, go to:

http://phoenixlabs.org/pg2/ or download.com