ZDF ++EILT++ACHTUNG++SCHOCKIERENDE MELDUNG++: German PHISHING MAIL from: www.redcappi.com arbeit-von-zuhause-aus.com goo.gl/p3rL07 (United States)

++EILT++ACHTUNG++SCHOCKIERENDE MELDUNG++

ZDF berichtete HEUTE im Fernsehen!: Deutschland ist schockiert über diese Geldmaschine!
Vergessen Sie alles, aber wirklich ALLES was Sie bisher in Ihrem Leben gesehen haben!
So etwas haben Sie noch NIE gesehen! 100% GARANTIERT

Das wird sicher Ihr Leben komplett ändern!

Nur noch 429 Mal verfügbar!

Schauen Sie sich das Video an!

Hier klicken: >»ZUM VIDEO«<

Screenshot Mail

SPAM - SCAM - PHISHING MAIL:

http://arbeit-von-zuhause-aus.com/

• https://www.virustotal.com/de/url/e7a5745161f044e06b3f75c5ec2b10cd724b9214dfd0d2b714ea9dee2eaf9d61/analysis/1396714323/

• https://www.virustotal.com/de/file/06e076babd1bc5d7cd32d34f28fa54c4bdd37db5b50eb8328e0469ab29659bf3/analysis/1396714606/

OTHER LINK FOUND IN HTMLSRC:

http://www.mega-ways.com/index.php?d=forum&s=24

• https://www.virustotal.com/de/url/e33e88bc05bacb38a97d9c73f111a852651edb02f5fcc9c5e99c1f10fc566ecd/analysis/1396718339/

TO MENTION HERE IS:

http://www.mega-ways.com/javascript/alphanumeric.js

• https://www.virustotal.com/de/url/50d7f3901c7599a6af623faf05cf912b2e8ab05b4566ccd8ed69b6719c7308d0/analysis/1396716791/

Virus.exp.js.1

• https://www.virustotal.com/de/file/bae1f370c9a4ae19a9bd6d68d98629c115f1f764a844691bfd406211ca321575/analysis/

Ihr Einkommen wird EXPLODIEREN - LOOOL

THROUGH:

http://www.redcappi.com/

• https://www.virustotal.com/de/url/67dc853cd6c065dae93edf295021f261c0c3a2b181cdd28f6780119554a3cfca/analysis/

• https://www.virustotal.com/de/file/c2bcdd9e4362bcb2341d8c18525b49f23bf5b5fc530ef43b4f13846bdb94a875/analysis/1396717343/

SPECIFIC MALICIOUS URL IN PHISH-MAIL:

http://www.redcappi.com/newsletter/clickrate/create/35671/MzY3NjczNjItZ2FyeWR1bnNtb3JlQGdtYWlsLmNvbQ/1

• https://www.virustotal.com/de/url/39917f03a8488217564a62a540548c328a95b6aff48249951027f2b50aafd9d9/analysis/

---> REDIRECTS TO: (PHISHING INTENDED)

http://goo.gl/p3rL07

• https://www.virustotal.com/de/url/5cab9105b00691593c6decf0b4702ba2798cbcfcd46331bed86f089e5913f759/analysis/

http://goo.gl/p3rL07 – this URL has been disabled. Note that goo.gl short URLs may be disabled for spam, security or legal reasons.

FULL REPORT:

Latest News about John McAfee: John McAfee is like a persistent Computer Virus...

...this is how The Independent formulates it:

"Like a persistent computer virus, wherever John McAfee pops up, trouble seems to follow."

The British-American entrepreneur behind the McAfee anti-virus software has been evicted from his apartment in Portland, Oregon, and accused of stalking by the building’s property manager.

The news comes almost a year after Mr McAfee, 68, fled his previous home in Belize (see also: The John McAfee Story), in Central America, to escape being questioned by local  police about the killing of his American neighbour, Gregory Faull.

The stalking complaint was filed by Connor Hyde, the superintendent of the building where Mr McAfee took an apartment earlier this year. Mr Hyde, a property manager for the Riverstone Residential Group, claims Mr McAfee sent him threatening emails and accused him of involvement in a conspiracy with Mr Faull’s family.

According to The Oregonian, Mr Hyde, who no longer works at the building in question, feared that Mr McAfee had access to firearms and associated with members of a biker gang.

In an interview with the Associated Press, Mr McAfee said he had not been evicted and insisted that he “never threatened anybody, except with threats of lawsuits”.

He had a “severe problem” with Mr Hyde due to “wilful lapses of security”, Mr McAfee said, adding that Mr Hyde “gave keys out to all of his friends and friends of friends… People were partying in vacant condos. It’s turned into a nightmare ever since the new owners purchased the building four months ago”.

A Portland judge granted a temporary protective order against Mr McAfee, who dismissed it as meaningless because, he said, he moved to Montreal in Canada two months ago. The tech guru also said he would not attend the hearing scheduled for January 3rd 2014.

Mr McAfee founded his anti-virus firm McAfee Associates in 1987 and sold his stake seven years later for an estimated $100m. The company was later sold to Intel for more than $7.6bn, while in 2009 its founder claimed to have lost the majority of his fortune during the financial crisis.

Four years ago, Mr McAfee moved to Belize for tax reasons, became an avid yoga practitioner and established a small biotechnology research facility where, he said, he was developing new varieties of antibiotics.

In April 2012, police raided the facility and arrested Mr McAfee on suspicion of producing methamphetamine, though the charges were quickly dropped.

Chrystal Meth...

On 11 November 2012, Mr Faull, a divorced sports bar owner from Florida, was found shot dead at his home nearby. He and Mr McAfee had  reportedly argued about several matters, including the level of noise from Mr McAfee’s compound. The day before the murder, Mr McAfee’s dogs were poisoned.

...and its optical Effects !

Mr McAfee, who denies any involvement in Mr Faull’s death, dyed his hair as a disguise and fled Belize to avoid being questioned by the local authorities, whom he accused of corruption. While staying in neighbouring Guatemala, he met with a reporter and photographer from Vice Magazine who planned to chronicle his life on the lam.

But tragicly they gave away his location by posting a photo of Mr McAfee online without first wiping its location data.

Mr McAfee was accused of crossing the border from Belize illegally and spent a week in jail in Guatemala before flying (my expression fits better: fleeing) to the United States.

In a bid to clear his name, John McAfee has offered a $25,000 reward for information about Mr Faull’s death. Police in Belize said Mr McAfee remains a “person of interest” in their investigation into Mr Faull’s death.

The country’s Prime Minister, Dean Barrow, has described Mr McAfee as “extremely paranoid, even bonkers”.

Source: The Independent

The Virus: DEADBABE.SC.Replicator (In Memory to Peter Szor)

DEADBABE is a Malicious Virus (Win32) whos first appearence was catched "in the Wild" 2007 in Denmark.

It stays resident in memory and infects all EXE files that are executed. The virus does not activate in any way. It  is named after it's "are-you-there" call: it calls INT 6Bh with hex value BABE and expects to find the return value DEAD. Deadbabe will reinfect already infected files. As a result your files can have dozens of infections and they will be several kilobytes larger after the reinfection(s). An Intersting Virus (1989) Article in connection to INT 6Bh called  "Saddam Virus" can be read here.

According to F-Secure its anti-virus products will disinfect DEADBABE, but because of a bug in the virus, the disinfected file(s) will sometimes be longer than the original. This extra area might also contain pieces of the virus, which could cause false alarms or Type I errors (F/P). If encountering problems like this, you should delete these files and reinstall, restore or (in case you do not need them anymore (except for OS-Files) simply delete them.

A Notable magic number from this Malware is: 0xDEADBABE ("Dead Babe") is used by IBM Jikes RVM as a sanity check of the stack of the primary thread.

Some other Variant of This Malware is: Deadbabe.494.B which Threat Level is kindly Low on the affected Platform MS-DOS. It carries out damaging actions on the affected computer. It does not spread automatically using its own means. This Variant 494.B was detected exactly on this day eleven years ago (13/11/2002).

Brief Description:

Deadbabe.494.B needs an attacking user's intervention in order to reach the affected System. The means of transmission used include, among others, floppy disks (Old days), CD-ROMs (DVDs), E-mail messages with attached files, Internet downloads, FTPs (File Transfer Protocol), IRC channels, peer-to-peer (P2P) file sharing networks and more. Deadbabe.494.B uses the following infection strategies:

- Once it has been run, the virus goes memory resident and stops functions belonging to the operating system (OS). Therefore, every time the operating system or an application tries to access any of these functions, the virus will activate and infect new files. The Malicious Code is written in the programming language Assembler x86-16 bit.

NOTE: If you think your PC is infected with this Virus visit Pandasecurity, take a download and follow the mentioned step by step instructions.

DEADBABE is also committed to HPS, a polymorphic Windows 95 virus which contains this sarcastic text:

"< Hantavirus Pulmonary Syndrome (HPS) Virus BioCoded by GriYo / 29A >"

Technical Details of HPS:

It stays active in memory and infects Win32 EXE files as they are accessed, encrypting its own code with variable polymorphic encryption layer.

HPS activates itself on Saturdays. If a non-compressed Windows bitmap (BMP) file has been opened, the virus horizontally flips the picture.

HPS patches the value DEADBABE (in hex) to the end of the bitmap header area to avoid flipping the same image again. Since non-compressed bitmap files are frequently used by Windows 95 and 98, this causes all kinds of weird effects - such as the start-up and power-down screen of Windows being "mirrorized" (See Image).

REFERENCEs

Responsible for the Technical Details of this Threat is Mikko Hypponen & Peter Szor, F-Secure, 1997

In Memory of Peter Szor
(by McAfee Labs)