Security Protection – Harry Waldron MVP Rotating Header Image

January 24th, 2011:

Bohu Trojan – New Anti-Cloud Malware

Lightning The Microsoft Malware Protection Center has identified a new trojan which blocks cloud based AV technologies.  While these attacks are centered in China currently, these concepts could surface in other future malware attacks.

Storm Bohu Trojan – New Anti-Cloud Malware http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx

QUOTE: The Microsoft Malware Protection Center has been tracking a recent threat that attacks cloud-based antivirus technology provided by popular major antivirus software vendors in China. The malware is named Win32/Bohu (TrojanDropper:Win32/Bohu.A)..  The Bohu malware is native to the China region. Bohu attracts user installation by social engineering techniques, for example, using attractive file names and dropping a fake video player named “Bohu high-definition video player”. The more interesting part of Bohu is that the malware blocks cloud-based services now commonly featured in major Chinese antivirus products. Specifically, Bohu uses a number of different techniques in order to attempt to thwart Cloud-based AV technologies.

Storm Bohu Trojan – Technical Description http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Bohu.A
http://www.symantec.com/security_response/writeup.jsp?docid=2011-012002-5122-99&tabid=2

QUOTE: Win32/Bohu.A is a trojan that drops Trojan:Win32/Bohu.A!Installer – a trojan that filters an affected computer’s network traffic in order to stop malware-related data from being sent to information-gathering networks that belong to particular AV companies in China. It has been distributed in the wild with the file name “Bohu high-definition video player.exe” or similar.

Master Boot Record – Importance of protecting against malware

The MBR area can be altered by malware so that Windows systems cannot boot properly. It is important to keep this area protected and clean as noted below:

Master Boot Record – Importance of protecting against malware http://blogs.technet.com/b/mmpc/archive/2011/01/14/re-boot-this-year-clean.aspx

QUOTE: It is that time of the year again to start anew. In terms of personal computers, the act of restarting the machine is called a reboot – an action that triggers execution of code from a special part of the disk called the Master Boot Record (a.k.a. MBR). As the year 2010 ended, I looked at some of the threats targeting the MBR.   The MBR, the most important data structure on the disk, is created when the disk is partitioned. The MBR contains a small amount of executable code called the master boot code, the disk signature, and the partition table for the disk.
 
The master boot code performs the following activities:

1. Scans the partition table for the active partition.
2. Finds the starting sector of the active partition.
3. Loads a copy of the boot sector from the active partition into memory.
4. Transfers control to the executable code in the boot sector.”

HOW TO FIX A DAMAGED MBR http://technet.microsoft.com/en-us/library/cc977213.aspx

Job Interviews – CareerBuilder lists Worst Mistakes

Below is an interesting survey of mistakes made during prospective interviews:

Job Interviews – CareerBuilder lists Worst Mistakes http://www.careerbuilder.com/share/aboutus/pressreleasesdetail.aspx?&siteid=cbpr&sc_cmp1=cb_pr614_

QUOTE: When asked what the most outrageous blunders they had encountered interviewing candidates were, hiring managers reported the following:
* Provided a detailed listing of how previous employer made them mad.
* Hugged hiring manager at the end of the interview.
* Ate all the candy from the candy bowl while trying to answer questions.
* Constantly bad mouthed spouse.
* Blew her nose and lined up the used tissues on the table in front of her.
* Brought a copy of their college diploma that had obviously been white-outed and their name added.
* Wore a hat that said “take this job and shove it.”
* Talked about how an affair cost him a previous job.
* Threw his beer can in the outside trashcan before coming into the reception office.
* Had a friend come in and ask “HOW MUCH LONGER?”

In addition to the most unusual gaffes, employers shared the most common mistakes candidates made during an interview:

* Answering a cell phone or texting during the interview – 71 percent
* Dressing inappropriately – 69 percent
* Appearing disinterested – 69 percent
* Appearing arrogant – 66 percent
* Speaking negatively about a current or previous employer – 63 percent
* Chewing gum – 59 percent
* Not providing specific answers – 35 percent
* Not asking good questions – 32 percent