LiewCF.com

Recently, I am getting strange URL from my MSN friends. Clicking the link will lead to a “Pics for MSN Friends” web page with a login form asking for your msn email and password. DO NOT submit it!

Do not fall into the trap! If you submit your email and password, they will use your MSN account to send messages to your friends on your behalf.

Quote from the “pics for MSN friends” site:

We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.

That’s scary!

There is a Terms of Use / Privacy Policy at the bottom of the page. Basically, it tells you that they have the right to use your MSN account to spread unwanted messages. The page appears to be created by “TST Management, Inc”

There are many variants of the URL but all have the same login form. For more information on terms and conditions of the page, please refer to the great write-up of Jalaj.

(Continued…)

It is quite common that mod_security is interfering the functions of your web applications. mod_security is installed and enabled by your web server admin but you can still disable it for your individual website using .htaccess file by following this tutorial.

“mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications.” — HowtoForge

Disable mod_security in .htaccess file

1. If you do not have one yet, an .htaccess file in the folder of your web application
2. To disable mod_security COMPLETELY, add the following line to the .htaccess file:
   SecFilterEngine Off
   OR, to disable HTTP POST scanning only, use the following instead:
   SecFilterScanPOST Off
3. Save the file and test your web application to check whether disabling mod_security has solved your problem.

I recommend you to try SecFilterScanPOST Off first, instead of disabling mod_security completely.

(Continued…)

If your MSN Messenger / Windows Live Messenger contact offers you some pics, and sends you a zip file with filename like “imageXX.zip” where “XX” is 2 digit number… DO NOT ACCEPT IT!

Your MSN contact’s computer has been infected by MSN Worm and send you the virus without their acknowledgment!

My IM has been set to auto accept incoming file from contacts (using Mac, no worry :P). Recently, I got the zip file a few times from my MSN friends as soon as they appeared online. In the zip file, there is an executable file with filename like “imageXX.JPG-www.photobucket.com” (XX is random digit, e.g. image80.JPG-www.photobucket.com).

Most people will think that the ending “.com” is part of the website address. Wrong. The “.com” means “Command”, which is a file extension of Windows executable file.

If you run the “imageXX.JPG-www.photobucket.com” file, the MSN Worm will be installed on your computer, and then separate to your MSN contacts and so on…

(Continued…)

hackers @ microsoft is a new blog on Microsoft Developer Network (blogs.msdn.com). It will focus on security and what hackers do in Microsoft.

Image: hackers @ microsoft

(Continued…)

My friend asked me to suggest a free and good antivirus. I recommended her to download Active Virus Shield (AVS) but later discovered that AVS is no longer available. AOL discontinued it but offer a special edition of McAfee VirusScan Plus.

Image: McAfee VirusScan Plus - Special edition from AOL

The discontinued AVS was using Kaspersky antivirus engine. Kaspersky Antivirus is the CNET Editor’s Choice Antivirus. We are not sure why AOL dumps Kaspersky and switched to McAfee.

(Continued…)