Ivor O’Connor

February 22, 2009

Scientists Close To Universal Vaccine For Flu

Filed under: anti virus, Uncategorized — Tags: — ioconnor @ 6:54 pm

http://www.npr.org/templates/story/story.php?storyId=100931249&ft=1&f=1001 is an interesting article by NPR. I’ve never seen any claims of a universal vaccine for flu before. However a universal vaccine for flue does not pass my “common sense” test. If anything our bodies probably need to fight off flus much like our bodies need exercise. Even if it does test out would somebody want to take it? Perhaps old people sure. Or people with AIDS. Or patients with other terminal conditions. But perhaps the rest of us would like to simply watch. If it’s successful flu strains will die out pretty much on their own because they have nowhere to go. If it’s not successful well the people who took the vaccine probably had to sign paperwork saying they’d take full personal responsibility. And they’ll probably invest the last of their money to medicine in the hopes of fixing what was done to them.

Am I cynical or is this just common sense? Perhaps it was not presented correctly or there is some information missing that would allow me to think differently about this?


December 14, 2008

Anti Virus In Ubuntu: Clam

Filed under: anti virus, ubuntu — Tags: , — ioconnor @ 5:37 pm

I saw mention of clam at http://ubuntuadministrator.com/?p=377 and it looked like it might be interesting. Especially if it does not run all the time, just when I ask it to scan a directory. Unfortunately the steps there were not accurate. They probably meant:

sudo apt-get install clamav-freshclam
sudo freshclam

which gives

ClamAV update process started at Sun Dec 14 08:01:07 2008
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.92.1 Recommended version: 0.94.2
DON’T PANIC! Read http://www.clamav.net/support/faq
main.inc is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven)
daily.cvd is up to date (version: 8756, sigs: 34762, f-level: 38, builder: sven)

Not really what I wanted to see. I googled about and found a post about installing it from the menu system “applications->Add/Remove…” and did that. At the end you had to start up clamtk in gksudo mode to update the db. However that installation did nothing to remove the error messages when I ran from the command line. So I read the “DON’T PANIC! Read http://www.clamav.net/support/faq”. There they have a debian part but no Ubuntu part. I go to look at the debian notes and it was merely a placeholder for somebody else to finish. To verify I checked the redhat notes and notes were indeed there for a redhat installation. Sigh. So I decide to download their tar file and start from scratch. This was the key. In their tar files they have good documentation. I followed that documentation and it all worked fairly well. However I don’t want to document that now. Just a place holder for me so that the next time I want to install it on Ubuntu I know I need to download their tar file and look at their html documentation.

What is really important are the results:

———– SCAN SUMMARY ———–
Known viruses: 472355
Engine version: 0.94.2
Scanned directories: 6261
Scanned files: 80194
Infected files: 34
Data scanned: 5594.48 MB
Time: 1621.158 sec (27 m 1 s)

Thirty three of the infected files happened to be test files in the clam directories. The remaining file was

.opera/cache4/opr009T6: JS.Psyme-32 FOUND

and googling for this I find:

Psyme is a notoriously cunning downloader. The distributors of Psyme are known to actually insert links to the Trojan in other, legitimate websites and to propagate popups that also link to the Trojan. Clicking on the link or popup will initiate an automatic download of the Psyme Trojan that will then make contact with the Internet connection of the infected computer. From that point, it downloads other Malware, usually in the form of spying utilities like keyloggers.

Psyme abuses a vulnerability in older versions of Internet Explorer. By exploiting the way Explorer receives ADODB stream objects, the Trojan can download and install without being checked. ADOdb is a database abstraction written for certain programming languages; it allows Explorer to interpret information from various types of databases, regardless of which language they are written in.

Psyme has two popular variants; one is written in Visual Basic Script (VBS) and one in Java (JS). They have the same objectives. Additionally, there are another Trojan Downloaders called Psymedo and Trunlow that have characteristics so similar to Psyme that some authorities list them as the same program.

I don’t use opera very often. I’ll delete the cache file. Maybe I should make an account with very limited features for general web browsing and only use the default account for banking and such which probably never get viruses? I’ll think it over.

Create a free website or blog at WordPress.com.