Translate

11/13/2013

The Virus: DEADBABE.SC.Replicator
(In Memory to Peter Szor)

DEADBABE is a Malicious Virus (Win32) whos first appearence was catched "in the Wild" 2007 in Denmark.

It stays resident in memory and infects all EXE files that are executed. The virus does not activate in any way. It  is named after it's "are-you-there" call: it calls INT 6Bh with hex value BABE and expects to find the return value DEAD. Deadbabe will reinfect already infected files. As a result your files can have dozens of infections and they will be several kilobytes larger after the reinfection(s). An Intersting Virus (1989) Article in connection to INT 6Bh called  "Saddam Virus" can be read here.

According to F-Secure its anti-virus products will disinfect DEADBABE, but because of a bug in the virus, the disinfected file(s) will sometimes be longer than the original. This extra area might also contain pieces of the virus, which could cause false alarms or Type I errors (F/P). If encountering problems like this, you should delete these files and reinstall, restore or (in case you do not need them anymore (except for OS-Files) simply delete them.

A Notable magic number from this Malware is: 0xDEADBABE ("Dead Babe") is used by IBM Jikes RVM as a sanity check of the stack of the primary thread.

Some other Variant of This Malware is: Deadbabe.494.B which Threat Level is kindly Low on the affected Platform MS-DOS. It carries out damaging actions on the affected computer. It does not spread automatically using its own means. This Variant 494.B was detected exactly on this day eleven years ago (13/11/2002).

Brief Description:

Deadbabe.494.B needs an attacking user's intervention in order to reach the affected System. The means of transmission used include, among others, floppy disks (Old days), CD-ROMs (DVDs), E-mail messages with attached files, Internet downloads, FTPs (File Transfer Protocol), IRC channels, peer-to-peer (P2P) file sharing networks and more. Deadbabe.494.B uses the following infection strategies:

- Once it has been run, the virus goes memory resident and stops functions belonging to the operating system (OS). Therefore, every time the operating system or an application tries to access any of these functions, the virus will activate and infect new files. The Malicious Code is written in the programming language Assembler x86-16 bit.

NOTE: If you think your PC is infected with this Virus visit Pandasecurity, take a download and follow the mentioned step by step instructions.

DEADBABE is also committed to HPS, a polymorphic Windows 95 virus which contains this sarcastic text:

"< Hantavirus Pulmonary Syndrome (HPS) Virus BioCoded by GriYo / 29A >"

Technical Details of HPS:

It stays active in memory and infects Win32 EXE files as they are accessed, encrypting its own code with variable polymorphic encryption layer.

HPS activates itself on Saturdays. If a non-compressed Windows bitmap (BMP) file has been opened, the virus horizontally flips the picture.


HPS patches the value DEADBABE (in hex) to the end of the bitmap header area to avoid flipping the same image again. Since non-compressed bitmap files are frequently used by Windows 95 and 98, this causes all kinds of weird effects - such as the start-up and power-down screen of Windows being "mirrorized" (See Image).

REFERENCEs

Responsible for the Technical Details of this Threat is Mikko Hypponen & Peter Szor, F-Secure, 1997

In Memory of Peter Szor
(by McAfee Labs)

11/11/2013

Happy Wheels with Grandpa Lemon!

THE Newest Famous Annoying Orange Video:



                                       
                                    Why does Orange has yellow Teeth ? ADBright...

Houston resident Edward Jorodge Gladney
jailed for 60 yrs for producing child porn

Back in March 2012 E.G., a Houston (Texas) Resident, entered a plea of guilty for producing and advertising child pornography, producing child pornography as far back as 2002 as well as advertising those images for sale via the Internet. The case was initiated following an anonymous tip to crime stoppers advising of an adult male being indecent with young boys. The investigation revealed he manipulated four (possibly more) boys for the purposes of capturing their images and then advertising those images for sale on the WorldWideWeb.


The exploitation continued for years and allowed Gladney to create thousands of images and hundreds of videos of young children which were disseminated via the Internet. The images and videos included graphic depictions of boys in provocative positions and boys and adults engaging in oral and anal sex.

Additionally, Gladney had collected thousands of images and videos containing children other than his personal victims, one of the which included a forcible sexual assault of a young boy in which the screams of the child can be heard.

The charges are the result of an investigation conducted by members of the Innocent Images Unit of the FBI, including task force officers from the Houston Police Department, which focuses its attention on investigating offenses involving the exploitation of children via the Internet.

This case, prosecuted by Assistant United States Attorney Sherri Zack, was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation andabuse.

Pedophile Gladney
Investigators in the Houston Police Department Juvenile Division have arrested a male suspect for possession of child pornography and believe other children were victimized too.

The suspect, Edward G. has been charged with 5 counts of possession of child pornography in the 230th State District Court.  A photo of G. is attached to this news release because investigators believe there may be other victims who might be able to recognize the suspected Pedophile.

HPD Juvenile Division Senior Police Officer J. Barnes reported:

On June 16, a search warrant was executed on G’s home at 13927 Grafton Bridge Lane. During the course of the search, multiple pornographic photographs were found in the suspect’s residence. G. admitted the photographs had been taken in his car, a 2003 Tan with Texas license plates.

G. was arrested the following day (June 17).

Investigators believe that photos found in the suspect’s possession indicated there are other children he might have had contact with.

Anyone with information on other possible victims is urged to call the HPD Juvenile Division at 713-731-5335.

LATEST: Edward G. has been sentenced to serve a total of 720 months inprison following his convictions for producing and advertising childpornography