twitcurl - C++ twitter API library

twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be updated to support all the APIs. twitcurl uses cURL library for handling HTTP requests and responses. Building applications using twitcurl is quite easy:

1. Compile twitcurl source files (twitcurl.h and twitcurl.cpp) and link with cURL library (libcurl.lib) to build twitcurl.lib
2. Include twitcurl.h in your twitter based application and link to twitcurl.lib and libcurl.lib/libcurl.dll.
3. Instantiate an object of twitCurl class and use the twitter API wrappers that are exposed as public methods.

twitcurl works on all OS (Windows, Linux, Mac etc.) as it is written completely in C++ and the only dependency is cURL (which works on all OSes mentioned earlier). More info about the twitcurl library along with an example program is available here:
http://code.google.com/p/twitcurl/

Read More

Wolfram|Alpha launches

Wolfram|Alpha is finally launched! Wolfram|Alpha is a computational knowledge engine that to interpret the questions/queries and tries to formulate answers. It is not a search engine, it is a combination of encyclopedia and real-time data mining. Wolfram|Alpha tries to structure the information scattered in world wide web. It could be great for scientific (physics, mathematics etc.) queries as it uses Wolfram Mathematica to compute answers. It is still in alpha stage and has a long way to go. Try it out!

By the way, Wolfram|Alpha has answer to life, the universe, and everything. It's 42 ;)

And, you will see this when Wolfram|Alpha website traffic exceeds its bandwidth limit:

Google is working on a similar tool called Google Squared, which aims to structure the unstructured information.

Read More

New rogue: AV Antispyware

AV Antispyware is new rogue software that belongs to MS Antispyware 2009 family. The AV Antispyware installer is dropped by a fake codec hosted at http://lvl-softwares.com (195.88.80.41) (do NOT visit this site).


VirusTotal scan result for the dropper can be found here, and AV Antispyware removal guide can be found here.

Read More

Waledac's new geo-sensitive social engineering

Waledac spammers are using yet another social engineering tactic to spread their malware. As usual, the spam mails contain link to dubious websites. One of such spam mail can be seen in the following screenshot:

These websites look like a Reuters news webpage reporting "powerful bomb blasts" near your area/city, with a video clip embedded in it. To see the video, the site persuades you to download a fake Flash Player.

These fake websites are geo-sensitive and they figure out the place/city of a visitor (based on visitor's IP address) and report it as the location of "bomb blasts".  This technique is called geo-targeting. An innocuous PC user may fall for this trick by thinking that bomb blasts have really occurred in his/her area and download the fake Flash Player! Following screenshots show the location sensitive website content (check the place where blasts are reported; they change based on the visitor's gepgraphical location):

As of now, fake webpage is located at yyr.breakingkingnews.com (81.241.128.178) (whois).

VirusTotal results of the malware hosted at the above site can be found here and here. An automated analysis by ThreatExpert can be found here.

Read More

SysProt AntiRootkit v1.0.1.0 released

Another update for SysProt AntiRootkit! The latest version, SysProt AntiRootkit v1.0.1.0, contains few bug fixes and enhancements. The changelog is as follows:

• Added a "activity bar" to indicate scan progress
  
• Optimzed device driver scanning
  
• Added help file
  
• Fixed process and driver scanning bugs in Windows 2003 SP1 and SP2
  

Get the latest version here.

Read More

Yauba - Privacy Safe Search Engine!

Yauba is a brand new search engine from India. Yauba's search result quality is great and is comparable to that of Google. Yauba neatly organizes the search results and also shows text/image previews of websites.

One of the important features of Yauba is its stress of user's privacy and security. Yauba operates in complete incognito mode and does not collect any personal data. Their privacy policy goes like this!


Here's an excerpt from Yauba's site, which tells us about their privacy practices:

Most search engines try to gather and record as much information about their users as possible. They (or their parent companies) operate massive server farms with even more massive databases that secretly record your entire search history, your private contacts, the identity of your family and friends, your personal emails, your conversations and chats, your browsing habits, your physical location, details on the software you use on your computer, your IP address, and much much more. This is no exaggeration. Indeed, if you ever saw exactly how much most search engines actually know about your private details, you would be completely shocked.

At Yauba, we completely reject the view that search engines somehow need to keep mountains of data on their own users. Instead, we take the exact opposite approach. We do everything we can to protect the privacy of our users.

• This is why we do not keep any record of any of your search terms, browsing habits or any other personally identifiable information.
  
• This is why we automatically delete any and every piece of personally identifiable information from our servers on a continuous basis.
  
• This is why we can have the shortest privacy policy (9 words) of any major Internet service in the world.
  
• This is why you can visit almost every Internet site through the main Yauba service on a completely anonymous basis (with the only exception of file types that use other external third party software or plug-ins for downloading or playing).
  

Yauba is still in Beta/Late-Alpha state, and I think it is a very good service. Try Yauba at http://www.yauba.com/

Read More

SysProt AntiRootkit v1.0.0.9 released

Here's the latest version of SysProt AntiRootkit. Now, SysProt AntiRootkit v1.0.0.9 supports Windows Vista (32 bit)! Check out few screenshots that show SysProt AntiRootkit in action:

Kernel modules:



SSDT hooks:



Kernel inline hooks:

Following list summarizes the changes in SysProt AntiRootkit v1.0.0.9:

• Added Windows Vista support
  
• Improved device driver detection
  
• Faster "Kernel Hooks" scan
  
• Faster "Ports" scan
  

The latest version can be downloaded from here. Supported operating systems are Windows 2000/XP/2003/Vista, 32 bit versions. Feedback is welcome :)

Read More

New rogue: IE-Security

IE-Security is new rogue software that belongs to IEDefender family. The IE-Security installer, ie.exe, is hosted at 216.240.151.112 and http://ie-security.com (216.240.151.135). The user-interface of IE-Security is a rip-off of Microsoft Windows Defender.

VirusTotal scan result of IE-Security installer can be found here. By the way, people at IE-Security provide 27x7 support ;)

Files dropped by IE-Security installer:

%PROGRAMFILES%\IE-Security\ies.s1

%PROGRAMFILES%\IE-Security\ies.s2

%PROGRAMFILES%\IE-Security\ies.s3

%PROGRAMFILES%\IE-Security\ies.s4

%PROGRAMFILES%\IE-Security\iescan.exe

%PROGRAMFILES%\IE-Security\uninstall.exe

%USERPROFILE%\Desktop\IE-Security.lnk

%USERPROFILE%\Start Menu\Programs\IE-Security.lnk

where,

%PROGRAMFILES% is \Program Files\ directory in root-drive,

%USERPROFILE% is \Documents and Settings\UserName\ directory in root-drive.

Registry keys created by IE-Security installer:

HKEY_CURRENT_USER\Software\IE-Security

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IE-Security"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security

Read More

AntiSpyware 2009 and AntiSpywareBOT: Neighbours in crime!

Well, 590-B Schillinger Rd. South, Mobile, Al, 36695 seems to be the John Doe of addresses. Recently ParetoLogic blog posted about the address of the makers of rogueware AntiSpyware 2009. It seems that the headquarters of 2Squared, makers of rogueware AntiSpywareBOT, is also located in the same street. Even these guys have got a high-tech, high-profile CGI office ;)

Read More

Fake Obama websites spreading malware

Similar to eCard spam mails, we are now seeing US president-elect Barack Obama themed mails which contain links to fake websites. These sites host a malicious executable and this malware belongs to the same old Storm/Waledac family. One such mail and a fake website (http://donate.superobamadirect.com) are shown in following screenshots:

These fake sites are hosted using fast flux DNS technique - a typical method used by Storm botnet. It can be seen from the following screenshot that the IP address keeps changing frequently:

VirusTotal scan result of the malware can be found here. An automated analysis by ThreatExpert can be found here.

Read More

Fake eCard updates

Fake eCard spam mails continue to circulate even after the new-year excitement is settled down. As usual, these mails contain links to downloadable fake greeting cards that are generally named "card.exe" or "postcard.exe".


When executed, these malicious executables turn your PC into a zombie machine that becomes a part of Storm/Waledac botnet (more information can be found here and here).


Newer variants of fake eCard executables (hosted at http://topgreetingsite.com - do NOT visit that site! ) are not detected by many AVs as of now (as seen in VirusTotal scan here). An automated analysis of this file is available at ThreatExpert here.

Read More

SysProt AntiRootkit v1.0.0.8 released

A few key improvements were made in driver detection and disabling mechanisms, and hence here's the latest version of SysProt AntiRootkit :) The SysProt AntiRootkit v1.0.0.8 successfully detects and removes Zlob rootkits (TDSServ or Alureon family).

Similar to the steps followed in the case of GMER (as mentioned in the previous post), SysProt AntiRootkit requires two reboots to completely remove rootkit driver and its Registry entry. Following screenshots show SysProt AntiRootkit detecting Zlob rootkit driver and injected DLL:

Steps to remove Zlob rootkit driver:

• Run SysProt AntiRootkit v1.0.0.8 and click "Kernel Modules" tab.
  
• SysProt AntiRootkit shows rootkit/hidden drivers in red color. Click on the rootkit driver's entry and the click "Disable"
  
• Reboot the PC
  
• Repeat steps 1 to 3 (SysProt AntiRootkit will detect the same rootkit driver again)
  

Now, all the malicious files dropped by Zlob should be unrooted and hence "visible" to standard anti-malware scanners.

More information, changelog and download link for SysProt AntiRootkit v1.0.0.8 can be found at following locations:
MajorGeeks
Softpedia
SysProt AntiRootkit primary download page

Feedbacks are welcome :)

Read More