SofaKingCool

Ok this may come as a surprise to anyone who knows me, but this weekend I was afflicted with the dirtiest of dirty tricks.  I was attacked by a stinking ‘orrible Trojan, now before you start jumping up and down saying “you should have had a firewall on” or recommending me your favourite AV software I must make you aware of a few things.  My router uses a Nod32 firewall which for all intents and purposes is pretty bullet proof.  My was also running a fully patched, legal and up to date version of Nod 32 Firewall, Antivirus and Anti Spy-ware.  I haven’t been downloading illegal files and have not been on any dodgy websites recently.  The payload was delivered to my PC in a very stealthy manner and I’m guessing it was through an email from one of my friends or via a remote session with another computer.

The Trojan works in a very clever way, once you power up your computer it displays a very genuine looking Microsoft Anti Piracy[1] notice saying that someone has activated your copy of Windows and you must enter your details to validate yourself.  You have two choices either do it now over the Internet or do it later, if you choose to do it later it shuts down your machine.  You can get round this by starting your PC in safe mode but I wanted to have a play around first.  I knew this anti piracy window was bogus because it said my OS was xp[2] and my laptop is running Vista and uses the genuine advantage tool rather than the outdated anti piracy pop ups.

So I clicked the option to re-validate myself and entered a load of random numbers for my card details and some fake information about myself and it apparently scanned the MS database and verified my information as being correct.  However the Trojan does make some system changes when it shuts your computer down.  It firstly de-activates your task manager, hides itself from the start up menu (msconfig) de-activates your antivirus and tries to launch a key-logger which attempts to connect to the following IP: 81.29.241.170

Symantec have reported this Trojan last year and has stated that it only attacks MS machines but I can now confirm that this Trojan is back out in the wild and has been modified somewhat to attack Vista machines.  I have been in contact with the technical team at symantec who did a quick scan of my laptop and took a snapshot of my system including my registry.  They will be in touch with me if there are any traces of the Trojan left on my system.

I used Vipre to search for and destroy the Trojan successfully and also advised Eset that it got by its security without being noticed.

Below are the two images to keep an eye out for, if you do happen to get attacked by this Trojan you can either follow Symantec’s removal instructions which can be found in the link dump, or just stick in a load of bollocks and remove using your own antivirus.

Microsoft will NEVER ask you to provide any card details when validating a version of Windows (xp or vista).

[1]

[2]

Link Dump
Links to various sites mentioned in this blog

Symantec Karphisher details: http://tinyurl.com/yp2nlk
Microsoft: http://tinyurl.com/3oxra
Eset: http://www.eset.co.uk/
Vipre: http://www.vipreantivirus.com/

A helping hand attack, beware, eset, kardphisher, microsoft, nod32, phishing, ripoff, scam, scammers, vipre, virus, vista, xp

It began life as a social experiment but we made the mistake of inviting too many neurotic personalities and down right mental headcases.  So after much soul searching I decided to pull the plug on the site and have so far come up with nothing to take it’s place (except for this blog).

It is now time to start the social psychological experiment, this time I am doing it for the good of my course work.  I want to have a sample of around 100 people from a wide demographic however there are some requirements I will need to meet in order for this experiment to work.  I need a couple of ready made real life friend groups to join to monitor their interaction with the complete strangers.  I have a feeling that the individuals in friend groups will not be able to splinter off into another group for fear of real life rejection.

I have run this kind of experiment before but it ended up a money making scheme and went slighlty Pete Tong when we sourced our members from a very crazy website.

I expect nothing from this site and don’t think it will ever get as popular as the original sofa site, but who knows just watch this space for development updates.

The site will not be residing on this domain name for fear of the loonies making an un-welcome return, however if you are interested just use the contact me link and request the new address.

SKC Development cool, king, paradox, skc, social network, sofa, sofakingcool