Systemagic Technical Blog

Showing entries 5 to 8 of 26 from our blog | View Previous | View Next |

Wireless Pharming becomes reality.


Last year security firm Symantec theorised a practice known as 'wireless pharming'. This involves an attacker gaining access to a users wireless router and changing the DNS (domain name system) settings to direct them to any web page they wish.

The first real life instances of this style of attack have occured on a particular brand of router in Mexico as they have no built in security.

Routers will typically be password-protected, however many users rarely change the settings from that of the default factory settings. It is recommended that you change this password since default passwords are simple to find out by searching your router on the internet.

Added By: Scott on 24/01/2008

Mac Malware discovered

A piece of malware has been discovered in circulation. The program known as MacSweeper passes itself off as a legitimate application known as Mac Sweeper.

The program doesn't harm the Operating system but is difficult to remove. Once installed the appplication supposedly scans your system and reports back privacy violations. To remove these reports the software tries to force the purchase of an application.

Unlike PC's, Macs are not often targetted by malware authors, for this reason many users do not protect their machines. We advise that for any system a recognised Anti Virus soultion is present.

Added By: Scott on 22/01/2008

Valentines Virus Warning

A widespread email posing as a message of love which has been widely spammed across the internet in an attempt to install malicious code known as the Storm Worm. Luring users with messages of love to dangerous websites.


The Storm or Dorf Worm has been the most active attack seen in a couple years on the net. It is difficult to identify and trace due to the polymorphic nature of the code with similarities to a mixture of worms, trojans, bots and spam agents. It is believed to have infected literally hundreds of thousands of computers since its introduction.


Subject lines used in the email are many and varied, but all pose as a romantic message. Some of them include "Falling In Love with You", "Special Romance", "You're In My Thoughts", "Sent with Love", "Our Love Will Last", "Our Love is Strong", "Your Love Has Opened", "You're the One", "A Toast My Love", and "Heavenly Love".

The body of the email contains a link to an IP-address based website, which is actually one of the many compromised PCs in the Storm botnet. The website displays a large red heart, while installing malware onto the vistor's PC. It is believed that the worm, sends itself to other email addresses found on the now infected computer. Security experts believe that the worm code is designed to attempt to download further malicious code from the internet designed to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.


Please ensure that your operating system and Anti-Virus software are fully updated with latest patches and delete any unsolicited email.

Added By: Scott on 16/01/2008

Harmful Windows 'Stealth' virus

A stealth Windows virus or rootkit dubbed as 'Mebroot' is circulating that steals confidential information such as login details for online bank accounts. It is estimted that over 5,000 people throughout europe have already been affected.

The malicious program overwrites a prt of your computers hard drive called the Master Boot Record (MBR). The area where your computer looks when it boots into its operating system. By controlling the MBR the rootkit can control the Opearting system and thus the computer it resides on.

Once installed 'Mebroot' will download other malicious programs such as keyloggers, that are used to steal confidential data.Analysis of Mebroot has shown that it uses its position on the MBR as a platform so it can re-install these associated programs if they are deleted by anti-virus software.

An Independent security firm has produced a utility that will scan and remove the stealthy program. Click here

Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus.

Please ensure that your operating system and Anti-Virus software are fully updated with latest patches.

Added By: Scott on 14/01/2008