MKWingzero Blog

Download Ngaji Recording from Radio

m.khozin@gmail.com (M.Khozin) — Mon, 22 Jan 2018 07:44:00 +0000

Poisoned Google Image Searches

m.khozin@gmail.com (M.Khozin) — Mon, 09 May 2011 12:00:00 +0000

For last couple of weeks we received quite a bit of reports of images on Google leading to (usually) FakeAV web sites.

Google is doing a relatively good job removing (or at least marking) links leading to malware in normal searches, however, Google’s image search seem to be plagued with malicious links. So how do they do this?

The activities behind the scenes to poison Google’s image search are actually (and unfortunately) relatively simple. The steps in a typical campaign are very similar to those I described in two previous diaries (Down the RogueAV and Blackhat SEO rabbit hole – part 1 at http://isc.sans.edu/diary.html?storyid=9085 and part 2 at http://isc.sans.edu/diary.html?storyid=9103). This is what the attackers do:

The attackers compromise a number of legitimate web sites. I have noticed that they usually attack Wordpress installations, but any widely spread software that has known vulnerabilities can be exploited.
Once the source (legitimate) web sites have been exploited, the attackers plant their PHP scripts, similar to those I described in previously mentioned diaries. These scripts vary from simple to very advanced scripts that can automatically monitor Google trend queries and create artificial web pages containing information that is currently interested. That is actually how they generate new content – if you ever wondered how they had those web sites about Bin Laden up quickly it is because they automatically monitor the latest query trends and generate web pages with artificial content.

These web sites contain not only text, but also images that are acquired from various web sites. Again, their scripts use various search engines to locate these pictures (I will probably post a diary about this soon too). They embed links to pictures which are really related to the topic so the automatically generated web page contains real looking content.

Google now crawls through these web sites. The scripts that the attackers put will detect Google’s bots (either by their IP address or the User Agent) and will deliver special pages back containing automatically generated content. Google will also parse links to images and, if appropriate, populate the image search database.

Now, when a user searches for something through the Google image search function, thumbnails of pictures are displayed. Depending on the automatically generated content in step 3), number of links to the web page and other parameters known to Google, the attacker’s page will be shown at a certain position in the results web page. The exploit happens when a user clicks on the thumbnail.

Google now shows a special page that shows the thumbnail in the center of the page, links to the original image (no matter where it is located) on the right and the original web site (the one that contained the image) in the background. This is where the “vulnerability” is. Google displays this in a simple iframe:

The user’s browser will automatically send a request to the bad page which runs the attacker’s script (the one set in step 1). This script checks that the request’s referrer field and if it contains Google (meaning this was a click on the results page in Google), the script displays a small JavaScript script:

This causes the browser to be redirected to another site that is serving FakeAV.

As we can see, the whole story behind this is relatively simple (for the attackers). There is a number of things to do here to protect against this attack, depending if we are looking at servers or clients. For a standard user, the best protection (besides not clicking on images  is to install a Mozilla Firefox addon such as NoScript. Google could step up a bit as well, especially since this has been going on for more than a month already and there are numerous complaints on Google’s forums about this. Since there are so many poisoned images they could maybe modify the screen that displays the results so it does not include the iframe – that will help in first step only, since if the user lands on the malicious web page there is nothing Google can do really.

source: isc.sans.edu

Remove Fake Tool Security WinXP/Vista/Win7

m.khozin@gmail.com (M.Khozin) — Fri, 06 May 2011 07:59:00 +0000

XP Home Security, Vista Home Security 2011, Win 7 Internet Security are new version of multi -named Rogue Anti-spyware from Braviax family is noticed in the wild. The rogues are named randomly, depending on Operating System, and have always OS version in the name.

This distinguishes them from majority of legitimate software and other rogues.

The names of parasites are as follows:

Win 7 names	Vista names	XP names
Win 7 Anti-virus (2011)	Vista Anti-virus (2011)	XP Anti-virus (2011)
Win 7 Anti-Spyware (2011)	Vista Anti-Spyware (2011)	XP Anti-Spyware (2011)
Win 7 Home Security (2011)	Vista Home Security (2011)	XP Home Security (2011)
Win 7 Total Security (2011)	Vista Total Security (2011)	XP Total Security (2011)
Win 7 Security (2011)	Vista Security (2011)	XP Security (2011)
Win 7 Internet Security (2011)	Vista Internet Security (2011)	XP Internet Security (2011)

First you might notice alerts when you try launching legitimate programs. These alerts look like this:

Win 7 Home security 2011 Firewall Alert
Win 7 Home security 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Although it looks legitimate, most of antiviruses would just disable the keylogger addon from infected IE if this was the case. Thus it is obvious, that this message is false.
Then it starts showing message alerts, claiming that your PC is under attack or heavily infected.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

If you press on any of the alers, a scan window will appear that will detect various threats in harmless files. These threats are fake, and should be ignored. Deletion of the listed files by Win 7 Antivirus 2011 might lead to system failure or would require repair install. This parasite will refuse to repair the detected infections without payment, which is a ruse to get your credit card details.

These rogues will block legitimate webpages as well. This is done by adding a proxy server to your browser so you can visit only their webpages or get warning that the site is infected.

It is obvious, that you should remove this Win 7/Vista/XP Security, as it is fake and rogue nuisance.
Removal guide bellow.

Guide to Delete in Windows XP:
(The guide is made to the IT / computer technician, because berisko program / system is damaged if done by a user who does not know, if you are a user who tries to this, then I am not responsible for any errors which you do. thanks)

1. If you can restart and log in safe mode. Then enter msconfig: start menu - Run (windows key + R) - type msconfig - check the program files which name is weird, you can know it because most of the file using random characters eg (uirwifohfiohioehwiof.exe)

Remove current value entry on registry:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'

Remove these file :
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[random].exe (look for 3-letter names)
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Win 7/Vista/XP Anti-Virus/AntiSpyware/Total Security/Internet Security/Home Security/ Security (2011) infected files and get help in Win 7/Vista/XP Anti-Virus/AntiSpyware/Total Security/Internet Security/Home Security/ Security (2011) removal by using free Spyware Doctor scanner. It comes with free real-time protection module that helps preventing Win 7/Vista/XP Anti-Virus/AntiSpyware/Total Security/Internet Security/Home Security/ Security (2011) and similar threats.

Sorry if my post is replies, i'm just share what happening is on my situation. if you have another condition with this same problem, commnet here maybe i can help you solve. or another people will help you on this blog. thanks

How to Remove fake MS Removal Tool

m.khozin@gmail.com (M.Khozin) — Mon, 11 Apr 2011 06:37:00 +0000

Review problem:
MS Removal Tool is a rogue security application that comes up with tons of infections and security threats to make you think that your computer is infected with malicious software. This scareware may report up to 30 infections on your computer which do not even exist. Besides, the scan is a little too fast to be real. It charges about $60 to remove the threats and even claims that your PC will be protected against other malware if you choose to purchase the full version of MS Removal Tool. Of course, you shouldn't pay for this rogue AV. By the way, do not confuse this fake application with the Microsoft Windows Malicious Software Removal Tool which is a perfectly legitimate tool. Cyber-criminals clearly want to gain some credibility with well known names here.

The bad news is that MS Removal Tool blocks malware removal tools and system utilities, Task Manager and other even changes your desktop wallpaper. If you click on any desktop icon you'll get a message that the program is infected and that you should run your anti-virus software.

What is more, it constantly displays fake security warnings saying that your computer is infected with viruses, Trojan horses, spyware and other maliclious software

warning message:

It may modify Windows Hosts file too. If your computer is being infected by the MS Removal Tool, please follow the removal instructions below. Please be advised, if you pay for this phony security software, you will subjected to monetary theft, or in a worst-case example, ID Theft. There is no guarantee that your credit card details aren't going to be sold to other third parties. Do not hesitate to contact us if you need further assistance or you have questions regarding removal of MS Removal Tool. Please leave a comment below. Good luck and be safe online!

----------------------------
Remove instruction
----------------------------
Manual In indonesia

1. restart / turn on your computer and enter to safe mode (F8 mostly). like pidture below:

you can choose safe mode or safe mode with networking, i success just with choose safe mode.

2. search folder and file below and delete:

For Windows XP users:

C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

For Windows Vista and Windows 7 users:

C:\ProgramData\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.e xe

Registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce "[on the folder registry]" delete such : fHrPqDaZcCg02547 with same value with file or folder that you have just delete on above step.

ON my problem, i solved with just delete folder adn file above.

3. for sure that nothind another virus / worm / trojan / malware infected your computer, download avira antivirus for personal, its free (I'm using this anvirus, so i can recommended), instal, update first, adn then scan your all drive (C: D: E: Flashdisk / External HDD / Removeable storage etc).

If done with no voice / message that sign virus / malware detected, you camputer is clean now. OK the problem solving is done . See you next with another problem solve.

Comfortable With Dept Management

m.khozin@gmail.com (M.Khozin) — Thu, 05 Nov 2009 05:35:00 +0000

Everyone borrows money from the financial market at one or the other time to meet some urgent needs. But, at that time we don’t realise that taking various debts from different lenders may become a burden one day. If you too are facing the same circumstances then debt management can prove to be the best solution to all your worries.

Debt management programs can be defined as an informal process of negotiations with the creditor to obtain a reduction in the interest rate levied or to reduce contractual repayment. The negotiation process involves giving proof to the creditors that the debtor has insufficient funds to meet all the debt obligations.

Debt management is a fair and growing service in the UK. Debt problems usually occur due to circumstances which are beyond a person’s control. Debt management not only helps in reducing a borrower’s monthly payment but aims at eliminating all his debts. Borrowers get the benefit to consolidate their debts that are as low £3000 to a maximum of £250,000. Some lenders may even help in eliminating a higher amount of borrower’s debt.

Debt management is open to all. Good credit people, bad credit people or people with bankruptcy, CCJs or bankruptcy. Debt management by managing debts of a debtor can help in improving his credit score by making him accountable to a single low monthly payment.

There are various tools available for debt management. Debt management on a smaller scale is known as debt counselling. The idea is to offer knowledge to the individuals. It involves various debt management techniques-

1. Expenditure should be restricted proportionately to the income
2. In case a debt has incurred, proper arrangements must be made for its repayment

Another important tool for debt management is debt consolidation loans. The loan provider helps in the settlement of debts. This loan helps in consolidating the existing debts of borrower. It aims to make the repayments affordable by lowering the interest rates.

Borrowers can make efficient use of the expertise of the debt management agencies which they have gained through years of work in this field. Debt management representatives working with debt management agencies give borrower’s the power to get out of debt. They negotiate with the creditors on behalf of the borrower.

Debt management plans are formulated by the debt management representatives or consultants. It can help a debtor to repay the debts at an amount that is affordable. Debt management plan consolidates all the unsecured debts of an individual into a single monthly repayment which is then paid to the creditors on a pro rata basis over an agreed period of time often 4 years or more by the agency which is managing your debts. Trained debt management consultants calculate this amount in assistance with the debtor by thoroughly reviewing his financial position.

You need to stay aware of the fact that as every coin has too faces. There is one more aspect of debt management you need to look at. Most of the debt managers charge hefty fee for this service. But there are debt managers who can do this job for you at a low fee or for free. So you need to keep your eyes and ears open before you decide to opt for debt management.

There are various debt management agencies in the finance market. Look for debt managers who can offer you this service at low cost with maximum benefits. Borrowers can search for debt managing agencies online too. Internet can help you access infinite number of debt management agencies from your home or office computer. The online process saves your time and efforts.

Debt management can make you debt free. But you need to maintain discipline in your life so that you may not fall into the same debt trap in future.

Social network to increase Your traffic website

m.khozin@gmail.com (M.Khozin) — Tue, 13 Oct 2009 02:52:00 +0000

One essential aspect of Search Engine Optimization (SEO) is social marketing. In simple terms, social marketing is an approach that makes use of ‘philosophy’ to pay attention to the specific needs of the target. This is done by gathering people with common interests, making it possible to create an interactive community. Through website technology including forums, blogs, outbound and inbound links, and social networking sites (Myspace, Facebook, Digg, etc.), social marketing becomes a convenient way to increase company gains.

In order to start right out in integrating social marketing strategies with SEO, a plan must be developed first. Moreover, there should be detailed research regarding the target’s needs, most especially since the approach is customer-oriented. It may also be helpful to consult with firms specializing in Internet Marketing. These firms will provide invaluable information and insights on how different approaches work together in maximizing company results. Once you have a better understanding of the various strategies, you can now employ the ones suitable for your needs.

Social marketing involves creating a community where people with shared interests come together to state opinions and ask questions. This can be done by setting up forums or discussion boards on your website. The key here is to generate interaction among the members of your target audience. A vast majority of consumers do online research before making any purchases; forums are helpful in providing information regarding customer inquiries.

Also consider setting up a blog that contains relevant posts that discuss the services and products that your company offers. The information that you will provide may be very well appreciated by your readers. Place links to other websites and blogs that relate to your blog content. Social networking sites including Facebook, Myspace, Digg, and many others might also have useful and interesting content that you can link to. Feature and subscribe to appropriate RSS feeds, so that your readers have a reason to frequently visit your site.

Moreover, it is necessary to keep the forum and blog posts updated and fascinating for people to read. Also remember to use optimized keywords or phrases naturally in your content and titles. Do not let your online community become sedentary; encourage readers to engage in discussions and exchange of fresh ideas and opinions. This way, search engines are more likely to index your site’s content, thus, increasing traffic.
With an effective plan and strategies in place, integrating SEO and social marketing is not a difficult task.

3 example of Category for some of social network:

1. Business web directory
2. Web directory
3. SEO Friendly web directory
4. General Web directory

What is virtual Game Boy ?

m.khozin@gmail.com (M.Khozin) — Sun, 11 Oct 2009 00:57:00 +0000

Virtual GameBoy (VGB) is a program that emulates the Nintendo GameBoy, handheld on your computer. It runs GameBoy, Super GameBoy, and GameBoy Color games on PCs, Macs, PocketPCs, Unix boxes, etc. VGB also helps debugging GameBoy software without using a costly development system.

Being fascinated with GameBoy as a cheap handheld computer, I started writing VGB in 1995, after finding some GameBoy programming information on the Net. When developing VGB, I relied on my prior experience with the fMSX emulator. At that time, emulation was still a novelty, and VGB became the first usable videogame emulator available.

Since its creation, VGB has progressed to support all existing types of GameBoy hardware and cartridges, as well as many add-ons, such as GameLink, Pocket Printer, Rumble Pack, Super GameBoy, etc. Since I initially made the VGB source code open to the public, many other people started their own GameBoy emulators based on that code. Starting with version 0.8, VGB source code is no longer public, but I still share it every now and then, if the person asks nicely and I like the project.

Licensing VGB
The Virtual GameBoy is written in portable C language and will work on any sufficiently fast computing platform, be it a computer, a videogame console, a PDA, a cell phone, a DVD or MP3 player, or even a digital camera. If your company considers using GameBoy emulation in its products, you can license the VGB source code from me. I am also available for consulting work in the software emulation, embedded programming, and other fields.

Free Updates
All registered users of VGB-Windows and VGB-Symbian are entitled to free lifetime updates by email, as long as I am developing the program. If you are already a registered user but haven't got the latest version of VGB, send me an email with your valid email and postal addresses for verification, and you will get one.

Playing Your Games With VGB
It is only legal to play games you actually own with VGB. You will first need to read a game from its cartridge into a file. This can be done with an inexpensive gadget called Bung GB Xchanger or a similar device.

Other hot news: Variable rate is based on the Bank Prime.

Foundation of Mozilla fixes 2 vulnerabilities in Firefox

m.khozin@gmail.com (M.Khozin) — Thu, 06 Aug 2009 03:11:00 +0000

The developers of the Mozilla Foundation just released Firefox 3.5.2 to close two critical rated security vulnerabilities. One flaw in the web browser could be abused to spoof certificates for web servers. This could happen as the browser didn’t parse the domain name in the certificate correctly and would stop parsing at a NULL sign. A CA would issue a certificate for <0×00> and the certificate would be valid for , thus allowing for a hidden man-in-the-middle attack.

The second vulnerability could get abused to inject malicious code – for example a Trojan – into the victim’s computer by putting certain regular expressions into a certificate for SSL communication. This happened due to code that was meant to provide backwards compatibility to the non-standard regular expression syntax used by Netscape clients and servers. Now Firefox uses the current industry-standard wild-card syntax.

Update your Firefox as soon as possible by clicking on the Help menu and choosing “Search for Updates”. As other Mozilla products like Thunderbird and SeaMonkey are vulnerable too, apply updates ASAP as well when they get available.

Be Aware Of The Fraudsters !!

m.khozin@gmail.com (M.Khozin) — Thu, 06 Aug 2009 02:54:00 +0000

If you are a German user and receive an email coming from “Virenwarndienst” with the email address .info> do not register there for downloading the software. This site is a price trap. The users who register there are closing a contract for 2 years where they have to pay 8 euro per month.

The text of the email is:

“Achtung – Wichtige Virenwarnung:

Nach Berichten des Bundesamts für Sicherheit in der Informationstechnik (BSI) ist derzeit ein besonders gefährlicher Virus/Trojaner im Umlauf.

Ihr PC ist ungeschützt und damit potentiell gefährdet. Bitte laden Sie unbedingt in Ihrem eigenen Interesse einen aktuellen Virenscanner herunter.

Die aktuellste Version erhalten Sie direkt hier:

http://www...info/

Mit freundlichen Grüßen

Ihr Virenwarndienst”
It says that the German government authority for IT Security has issued a warning because a dangerous Virus/Trojan is in the wild. It then advises all users to download a security solution (note: Avira AntiVir isn’t mentioned there) in order not to endanger their computer. Once following the link in the mail and trying to download the software, the unsuspecting users are forced to register:

The fraudsters need the address data in order to send bills for downloading the free software.

Almost nobody reads the AGB (EULA) which specifies somewhere that you are signing a contract for two years, for 8 euro per Month.
The users who want to obtain the free version of Avira AntiVir, called Avira AntiVir Personal, can visit the website www.free-av.com and download the software for free.

Out Of Band Patches from Microsoft I and II

m.khozin@gmail.com (M.Khozin) — Wed, 29 Jul 2009 07:30:00 +0000

Microsoft announced extraordinary updates for the Internet Explorer and for Visual Studio for this Tuesday to come. While the company rates the security issue in Visual Studio only as moderate, the IE-flaws – which also affect IE8 – are considered critical and allow for remote code execution. Prepare for those updates as they are really critical and necessary if Microsoft decides to do an out-of-band release. Install them ASAP when available.

As announced last week, Microsoft released two security bulletins out-of-band. They cope with critical vulnerabilities in all Internet Explorer Versions and with a flawed Active Template Library (ATL) for developers using Microsoft’s Visual Studio. Due to the flaw in the ATL – which gets used to build ActiveX controls for example – it is possible to bypass the kill bit restrictions within the Internet Explorer (IE). Manipulated Websites thus can call ActiveX modules with security vulnerabilities and inject malware on affected computers. Microsoft now closes three security holes in IE and hardens it against abuse of the flaws introduced by the ATL.

The error is based on flaws within the ATL of Visual Studio. Thus components build with this development environment can be affected, too. Cisco for example released a security advisory and announces workarounds and updates for the Cisco Unity software. Expect other software developers to release updates soon, too.

Interestingly, according to Microsoft’s Security Bulletins, Windows 7 is not affected by these vulnerabilities. Install the updates as soon as possible, and if you are a developer, rebuild your components with the new ATL. A knowledge-base article from Microsoft explains the issue for developers.

Security flaw in Adobe PDF/Flash

m.khozin@gmail.com (M.Khozin) — Wed, 29 Jul 2009 07:17:00 +0000

There are security flaws within Adobe Reader and Acrobat and the Adobe Flash Player which are getting actively exploited on the net currently. The company has published a security advisory where it announces that they are currently investigating the problem and plan an update for the 30th of July. Avira antivirus solutions already detect the malicious PDF files as EXP/Pidief.TH and the dropped malware by those documents as TR/Drop.Wmach and TR/Spy.WMach, respectively. Anyhow it is a good idea to take additional security measures until Adobe provides an update.

Adobe recommends to delete or rename the file authplay.dll that ships with the Reader and with Acrobat. Also, enabling Data Execution Prevention (DEP) and activating the User Access Control (UAC) in Windows Vista shall mitigate the risk according to Adobe. Another solution would be using a different PDF reader and disabling Adobe PDF and Flash within the web browser via its add-ons-manager. The NoScript extension for Firefox also helps preventing Flash applications to run in the browser; it is possible that drive-by-downloads via malicious Flash applications embedded in web sites turn up soon.

news from aviratech

Twitter Spam Trough Email

m.khozin@gmail.com (M.Khozin) — Wed, 01 Jul 2009 08:16:00 +0000

Twitter spam messages through the distribution of mass, Symantec Security Response has detected a false invitation Twitter bring worm email bulk dangerous. Described Ronnie Ng, Manager of Systems Engineering & Singapore Indonesia Symantec, the name is dangerous insert Invitation Card.zip and identified as W32.Ackantta.B @ mm, which was first found in viruses attack e-card in February.

W32.Ackantta.B @ mm is a mass email worm collects email addresses from computers that are infected and spread with a copy to yourself flash disk / external hard drives and folders that can be accessed by many people. Messages observed appear as if sent from Twitter account. However, different from the original Twitter message, there is no URL appears in the body of the invitation email. Instead the user will see the insertion that appears as a. Zip which contains the card, such as invitations.

Parenthetically that this is dangerous to bring a mass email worm collects email addresses from computers that are infected and spread with a copy to yourself flash disk / external disks and folders that can be accessed by many people. In May 2009, Symantec observed that spam levels increased to levels approaching 90% of all email, consistent with the level observed in May 2008.

As Twitter continues to achieve popularity among users of social networks, people routinely receive email updates and invitations from other users. Symantec estimates spammers will continue to use Twitter and social networks as a popular bait in their attacks.

Need for Speed Shift Review

m.khozin@gmail.com (M.Khozin) — Tue, 23 Jun 2009 02:25:00 +0000

The new Need for Speed Shift is currently in development and will be released at the end 2009. NFS-Planet visited the Slightly Mad Studios in London and got some impressions of the upcoming racing game. Read here about what you can expect in Need for Speed Shift:

Barely 73 days have passed since the release of Need for Speed Undercover, and EA already announced its successor Shift? What, at first glance, looks like some kind of hasty panic reaction due to Undercover's rather moderate critiques, turns out to be a long-planned, in the NFS universe independent racing simulation.

"Change" was a certain guy's main slogan for his election campaign – it seems like the developers from Slightly Mad Studios have taken the same motto to heart: New concept, new engine, new driving physics – Shift shares with previous Need for Speed titles just little more than the name. Speaking of name: “Shift” could certainly refer to shifting gears, but in this case, a meaning like "change" seems more appropriate.

The preview versions of previous NFS titles were all running on a Xbox 360, Shift, however, is an exception: This time a PC was used for demonstration and it was doing its job pretty well: no lags or graphic errors despite running at full HD resolution. The performance of the build shown was really impressive, especially given the fact that the developers still have a lot of time remaining for optimization until release in fall. The graphics engine itself seems to be programmed really efficiently in terms of resource use. However, I couldn't find out about the hardware used in the connected PC.

But what was actually presented on screen? Probably the most convincing graphical presentation of a NFS title for a long time. Talking of beautifully shaped cars, authentically modeled race tracks, great lighting effects, and even little details like 3D animated, flag-waving spectators standing close to the track, or car bodies showing the exact reflections of near video screens – Shift is graphically not only outstanding within the Need for Speed series, but can also keep up with the whole racing game genre.

Especially the cockpit view is one of a kind. Comparing the interior of the Shift cars to those from Test Drive Unlimited (which were quite nice at that time) you get some kind of “Next Gen” feeling: You are free to have a look-around (that might be even necessary if you want to take a look in the side mirrors) spotting the driver working with the steering wheel and pedals, or enjoying the incidence of light shining on your Zonda's handmade leather seats. Needless to say that all of the gauges in the cockpit are fully working. This detail-mindedness (you can actually see the HUD projection on the windshield of the Corvette) is certainly one of the highlights of the game.

Another nice thing is the built-in tunnel vision which handicaps your cognition at high speed. Using Motion Blur, the vision becomes relatively to your pace more and more blurred, only the center of the screen remains reasonably sharp. As a result, recognizing the speedometer or even rivals in the mirrors doesn't get easier as well.

These effects are also to bear in case of accidents: Getting in touch with the guard rail causes the cockpit camera to shake, the vision becomes blurred, and thereby, you go practically blind for a moment. On a city course, you might have some trouble getting the next corner in this condition.

Unfortunately, we couldn't experience such situations in 3rd person view (yet), but this camera makes it easier to recognize dents and dints on your car and details like heating and cooling brake discs respectively. Backing the feeling of being in the thick of the race caused by good camera work, all information given on the HUD like lap time, position etc. is not static but moving according to the G-forces affecting the car.

Today we announced the entire car and track list for SHIFT. Instead of letting out the list drip by drip we decided it would be more fun this year to reveal all the cars at the same time so below you can see the entire list in all its glory.

The list features 65 beautifully modelled cars from a wide range of worldwide manufacturers. Fans of the S2000 and Civics will be pleased to note the return of Honda while Nissan are fantastically represented with the likes of the R35 and the classic tuner car the S14 and the S15. The game also showcases a wide spectrum of seminal performance machines including classic cars like the 1972 Nissan Skyline 2000GT-R, renowned tuners like the 1995 Mazda RX-7, and ultra-exclusive exotic cars like the 2007 Lamborghini Reventón.

This game will release as soon as at the end 2009.

source info from nfsplanet.com and needforspeed.com

Reload Again New Worm Conficker

m.khozin@gmail.com (M.Khozin) — Sat, 20 Jun 2009 04:53:00 +0000

The day, the more the virus and developing a trojan, variannya also very much, not less with the development of software - the software at this time. For info on the kinds or types of virus / trojan can visit the following site, this site contain article information about kinds of virus and trojan description.

I got information new worm conflicker, the anti-virus software of avira recognizes the harmful program as “Worm/Conficker.D” Tettnang, 9 April 2009 – Worm Conficker.C has started to reload updates – however not through the websites many people originally observed, but through its peer-to-peer function.

The new variant spreads exclusively through the Windows vulnerability (MS08-067), which was already closed in November 2008 with a security patch from Microsoft. The worm contains a routine to deactivate itself on 3 May 2009. AntiVir already detects the new variant as “TR/Crypt.XPACK.Gen”. Users of Avira’s AntiVir anti-virus solutions are safe from this harmful software. i am one of avira's antivir user and avira is proven can detected a large of virus, worm, suspecious file or program, trojan.

I work as computer technician so ,i use to avira for scan client's computer that infected of virus. avira can detected local virus of my country (indonesian), if avira can't detected, i report virus's file to avira service via email. i have send local virus as known as Yuyun_Cantix or called Microsoft.lnk virus. this virus can't detected by avira, then i try send of the virus files to avira email, a few day after i send that files, avira anti virus has been detected this local virus, as known in avira as VBS/Yuyun.A.

Avira is less of memory size usage on the computer, need view of amount your harddsik, fast detected virus, and that i like from this antivirus is easy updated. You can update directly from internet or you can update manually from your flash disk with download this update file before, so you can update your avira for a few of computer on your office, school, or hospital. So many antivirus, but avira is easy using for new user, because from Start >> All Program File >> my computer >> selected drive /path >> right klick >> scan selected with avira >> wait scaning progress. If virus detected, avira will show dialog box that confirm to deleted, quarantine, repair from detected files.

Mahadewa Virus

m.khozin@gmail.com (M.Khozin) — Wed, 17 Jun 2009 13:57:00 +0000

JAKARTA, KOMPAS.com - It's strange that out of the computer virus that began to show at this time because the super jumbo size. How not, a file carry big enough and not reasonable for the size of a virus that is around 30.426 KB aka 30 MB, so if it's worth identifying themselves with the name Mahadewa.

You can imagine if the virus has the size of 1 MB more than the need for a long time mengkopikan itself into the computer system that becomes the target. Distribution process will be hampered. Usually the computer virus has the slim size of approximately 22 kb to 1 MB. The small size of the file the virus, the virus that are required by small to menginfeksi time and more quickly so that the distribution of automatically spreading akan easier and widespread.

Therefore, it requires people who have thought "quite" different and dare to infiltrate grip than usual in which to apply the same grip that small is wonderful. Creator is a virus that prefers big is beautiful.

However, the terrible, according to the observation Vaksincom, a local security company in Jakarta, the virus had spread Mahadewa to the level of infection is quite high although not yet to become Top 10 virus in Indonesia. Norman Security Suite, which is used Vaksincom, detects the virus as Mahadewa VBS.Autorun.AM

Although made from the language at the simple VBScript (vbs], virus attack has a power that is not lost with the virus that is made with Visual Basic. Sinyalir in this virus is made by one of the students from UBL (Universitas Budi Luhur) or if not at least see if simpatisannya from the script and the impression left by the virus.

The same as the file is created using the Visual Basic language program, so that in itself can activate it requires the support of the file wscript.exe. At the time he himself will be actively trying to create some of the following files as a parent to be run first when the computer is switched on. Individual C:-Windows-system32-WinXp.vbs and C:-MaHaDeWa.dll.vbs and in each drive.

To ensure that the self can be activated automatically every time you start the computer, it will create a string in the registry. In addition to the registry to create the string, so that itself can be activated automatically when the user access or Flash Disk Drive in another computer, it will also take advantage of Windows autoplay feature by creating the file autorun.inf file which will automatically run the file MaHaDeWa.dll.vbs without the need to run the file. This autorun.inf file will be created in every drive, including the Flash Disk.

In fact what the purpose of the virus to make this VM if we are unloading the contents of the script file MaHaDeWa.dll.vbs very clear that he (vbs / Autorun.AM) has a goal that both will try to restore the registry that has been in the random-random by a similar virus that is Nita.dll.vbs. Or between MaHaDeWa and Nita has a special relationship because if we see the string that is created will form the words N Love You Forever, only they both know that.

Vbs / Autorun.AM akan do not block the functions of the Windows security or vice versa, but it will try to restore the function, such as Windows regedit / Task Manager / Folder Options. Unfortunately there are some strings that would make the "System Restore" will not work.

So that what has been done by the VM continues dikenang, he akan menorehkan some impression on the target computer, such as Internet Explorer Header change / alter the main Internet Explorer / rename the target computer or display the messages from the VM before the user logged in Windows.

Flash Disk is still used as an alternative to be used by vbs / Autorun.AM to spread itself by creating 2 pieces yaknis autorun.inf file and MaHaDeWa.dll.vbs. File autourun.inf is also meant to be active itself automatically when the user access to the Flash Disk is.

The feature-Mahadewa include:
Title 1.Merubah Internet Explorer becomes MaHaDeWa Labkom UBL
2. Changing the Internet Explorer start page to be http://webkom
3. Changing the computer name and the name of the owner of Windows
a. RegisteredOrganization = Your computer has been clean from Viruses by Nita
MaHaDeWa
b. RegisteredOwner = MaHaDeWa
4. Walpaper Windows Update.

Source: Vaksincom that quote from kompas.com

NEC Release 1st USB 3.0 Host Controller LSI

m.khozin@gmail.com (M.Khozin) — Wed, 20 May 2009 01:58:00 +0000

NEC Electronics Corp will release the "μPD720200," a host controller LSI that supports USB 3.0. "We will be the first to release a USB 3.0 host controller in the world," said Shigeo Niitsu, associate vice president of the 2nd SoC Operations Unit.

NEC Electronics is planning to start sample shipments in early June 2009 and volume production at one million units per month in September 2009. The price of a sample is ¥1,500 (approx US$15.6). It is expecting the SoC to be used in PCs first.

"We have already entered specific discussions with PC manufacturers all over the world," Niitsu said. "The SoC will be in PCs from an early stage."

The company forecast that a PC equipped with USB 3.0 ports will emerge by the end of 2009 at the earliest.

The μPD720200 has two USB 3.0 ports, both of which support 5Gbps transmission, the highest data transmission speed of USB 3.0. Its power consumption is "less than 1W in operation," Niitsu said. The SoC is a 10 x 10mm 176-pin FBGA package.

NEC Electronics is expecting USB 3.0 to start to be featured in PCs in 2009 and to spread in earnest in and after 2010. USB 3.0-compatible PCs will account for about 30% of PCs in 2011 and 80% of PCs in 2012, the company forecast. The number of PCs that support USB 3.0 will reach approximately 140 million units in 2011 and 340 million units in 2012, it said.

Also, the company believes that USB 3.0 host controllers will be available in chipsets as well as standalone host controllers in 2011.

Excluding those to be mounted on chipsets, "We will be able to acquire almost 100% share" in the standalone host controller LSI market, Niitsu said. According to the company's estimates, PCs equipped with a USB 3.0 host controller LSI will reach 26 million units in 2010, 60 million units in 2011 and 90 million units in 2012.

Moreover, as a USB 3.0-related business, NEC Electronics is planning to set out an ASIC business for "device side" USB controllers such as USB-SATA bridge LSIs with fabless manufacturers. NEC Electronics will, for example, manufacture physical layer circuits and chips in the business, it said.

The company is planning μPD720200-related exhibitions and demonstrations at the SuperSpeed USB Developers Conference, which will take place in Tokyo May 20 and 21, 2009.

source info from Tech-on

USB 3.0 at the Consumer Electronics Show (CES) in Las Vegas

m.khozin@gmail.com (M.Khozin) — Sat, 16 May 2009 07:48:00 +0000

Intel demonstrated a working version of USB 3.0 at the Consumer Electronics Show (CES) in Las Vegas last week. Here's why it will make eSATA and FireWire obsolete.

When USB 3.0 is expected to hit the market in early 2010, it will have been 10 years since the now ubiquitous USB 2.0 was introduced (April 2000). The current USB 2.0 specification runs at a theoretical maximum speed of 480Mbps, and can supply power.

According to the USB Implementers Forum, there were 2 billion USB 2.0 devices shipped in 2006 (one for every three people in the world), and the install base was 6 billion (almost one for every person in the world). In November 2007, the USB Implementers forum announced the USB 3.0 specifications, and Intel officially demonstrated the technology at CES 2009.

Now, the juice: USB 3.0 promises a theoretical maximum rate of 5Gbps, meaning it's 10 times faster than USB 2.0. USB 3.0 is also full duplex, meaning it can upload and download simultaneously (it's bi-directional); USB 2.0 is only half duplex.

Put side by side with eSATA and FireWire 800, USB 3.0 is far superior. eSATA, an external connection that runs at the same speed as the internal SATA 1.0 bus, has a maximum theoretical of 3Gbps. This makes USB 3.0 faster than eSATA and about six times faster than FireWire 800 (full duplex at 800Mbps).

USB 3.0 also provides another advantage; while eSATA is faster than FireWire 800, unlike FireWire it cannot supply power. USB 3.0 has the advantage of being faster than both, even while supplying power.

Finally, USB 3.0 has improved power management, meaning that devices can move into idle, suspend and sleep states. This potentially means more battery life out of laptops and other battery-based USB-supporting devices like cameras and mobile phones.

Of course, there are other factors to consider; the FireWire 3200 standard is also in the works and promises to allow 3.2GHz speeds on existing FireWire 800 hardware. USB 2.0 generally doesn't meet its theoretical maximum throughput, due to its dependence on hardware and software configuration, where FireWire gets much closer.

It's hard to say whether USB 3.0's updated architecture will still use more CPU time than FireWire does.

But in the age of powerful hardware (can anyone say "3.2GHz, quad-core CPUs"?), all of this means that FireWire is still not going to match USB 3.0's theoretical maximum of 5Gbps.

The ultimate signal that this war has already been won is Apple's recent decision to ditch FireWire from its consumer line in favor of USB. Previously, Cupertino had been one of FireWire's greatest advocates. And surely the company will be one of the first to adopt USB 3.0.

All in all, we can't wait for motherboard manufacturers like Gigabyte and Asus to start supporting the technology and mainstream PC builders like Dell to start integrating it into their products. Bring on the speed.

GAME BOOSTER

m.khozin@gmail.com (M.Khozin) — Wed, 13 May 2009 08:07:00 +0000

Game Booster is a freeware software intended to improve the performance of a computer such as computer gaming. But not limited to PC gaming only, can be also applied to a normal computer.

Game Booster has 2 functions. The first function to disable the Windows application that the system is running. Some of the program from either a Windows program that is running sometimes not required by the computer user. Second function, Game Booster can disable programs running in background or program that is actually active, but not seen by the user. Like Antivirus software, which is always active but the user does not know of the existence of computer programs or difficult to turn manually.

Game Booster is for the user computer gaming. With Game Booster software, disable the program resident in the walk can be turned off temporarily by the software. Likewise when someone takes a computer game without interference from the Antivirus software for a while. So Game Booster can disable antivirus programs. The result will improve the performance of the computer relative to the right during the active program. Both can increase memory space given to the application for the game, so the larger memory space.

Game Booster does not disrupt or make a random system Windows registry. Game Booster is designed to turn off the software that is not needed while the system itself. And not damage anything in the Windows registry. Because Game Booster can restore what is already in the switch off once again with a click on the menu program. And the whole program will run again as they are.

GameBooster software is Freeware and can be used for the OS Windows 2000, Vista, XP, and Windows 7

Example in the picture below, the view of the resident programs in Windows XP. Many applications that sebenarnyanya used when someone does not use the PC for gaming applications. Applications can be stopped temporarily by the software Game Booster

Donwload here

Ms. Malicious Software Removal Tool 2.10

m.khozin@gmail.com (M.Khozin) — Wed, 13 May 2009 02:55:00 +0000

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Microsoft Malicious Software Removal Tool (x86) 2.10

Quick Details
File Name: windows-kb890830-v2.10.exe
Version: 2.10
Knowledge Base (KB) Articles: KB890830
Date Published: 5/12/2009
Language: EnglishDownload: Microsoft Malicious Software Removal Tool 2.10

source

Trojan.Winlock.19

m.khozin@gmail.com (M.Khozin) — Fri, 01 May 2009 02:38:00 +0000

More again trojan virus fraudulent Russian origin. Virus Trojan.Winlock.19 use the Russian language, spread through the Codec download files via the Internet. When exposed to this virus, the computer will go to the blocked system.
Trojan.Winlock.19 found on 8 April, found by security company drweb. Trojan.Winlock.19 virus has been modified from the original version Trojan.Winlock.origin.
But the quiet course, this virus can disappear themselves. After 2 hours of appear computer. So no need to panic, when exposed to the virus Trojan.Winlock.19.

source: obengware
translate by MKWingzero

New Varian Conflicker : WORM_DOWNAD.E

m.khozin@gmail.com (M.Khozin) — Thu, 16 Apr 2009 03:10:00 +0000

Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing P2P communications from the Conficker peer nodes.

Well that was until last night when we saw a new file (119,296 bytes) in the Windows Temp folder. Checking on the file properties reveals that the file was created exactly on April 7, 2009 at 07:41:21.

Checking also on traffic captures show that there was no HTTP download that occurred somewhere around that time frame, which was from April 7, 2009 at 07:40:00 up to April 7, 2009 at 07:42:00. However, we noticed a huge encrypted TCP response (134,880 bytes) from a known Conficker P2P IP node (verified by other independent sources), which was hosted somewhere in Korea.

The size of the encrypted TCP blob pretty much matches the size of the binary that got created in the aforementioned folder. There are some additional bytes, which could be the headers and keys that Conficker/Downadup has been known to use.

Trend now detects this new Conficker variant as WORM_DOWNAD.E. Some interesting things (well at least in our perspective) found are:

(Un)Trigger Date – May 3, 2009, it will stop running
Runs using a random file name and random service name
Deletes this dropped component afterwards
Propagates via MS08-067 to external IPs if Internet is available, if no connections, uses local IPs.
Opens port 5114, and serves as an HTTP server by broadcasting via SSDP request

Connects to the following sites:

Myspace.com
msn.com
ebay.com
cnn.com
aol.com

It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries etc.

Another interesting thing we also noticed was that the Downad/Conficker box was trying to access a known Waledac domain (goodnewsdigital(dot)com) and download yet another encrypted file. This coincidentally happened just after the creation of the new Downad/Conficker binary described below (07:41:23):

The domain currently resolves to an IP address that is hosting a known Waledac ploy in HTML to download print.exe, which has been verified to be a new Waledac binary.

Two things can be summed up from the events that transpired:

As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP. The Conficker/Downad P2P communications is now running in full swing!.
Conficker-Waledac connection? Possible, but we still have to dig deeper into this…

Research and collaboration is currently ongoing in our own labs, as well as within the Conficker Working Group, and will update this blog post for new findings.

Source info

Conficker P2P Traffic

m.khozin@gmail.com (M.Khozin) — Thu, 16 Apr 2009 03:06:00 +0000

Visualizations can often show researchers details that would otherwise take hours of staring at raw data to find. WORM_DOWNAD.KK has plenty to show us if we look in the right places. This post focuses on the various P2P channels.

The first set of graphs map each IP address (source and destination) found in the source pcap file onto a grid. Each IP address is first split into its 4 octets (A.B.C.D). The octets are plotted as points on each of the four vertical lines. Working from from left to right these lines align to an octet (A.B.C.D). Zero at the top, 255 at the bottom. The points are then connected with a line. The color of the line indicates the value range of the starting octet. Green for 0-64, Blue for 65-128, Pink for 129-192 and Yellow for 193-255. Each Graph shows a 1-hour snapshot of data.

This image shows a 1-hour sample taken from an uninfected LAN carrying normal office traffic. You can see a number of addresses and even follow most of the lines. Multiple appearances of the same address are plotted as one line:

Figure 1. 1 hour of normal LAN traffic

Things get more interesting when we plot WORM_DOWNAD.KK traffic. This graph is 1-hour traffic from a single system infected with WORM_DOWNAD.KK. Note the difference between the first and second graph. We can clearly see that the IP selection algorithm generates a complex distribution that provides thorough coverage of each IP octet:

Figure 2. 1 hour of WORM_DOWNAD.KK P2P traffic)

It is interesting see the IP space that WORM_DOWNAD.KK is programmed to avoid. We know WORM_DOWNAD.KK contains a black-list of /8 CIDR ranges that it will not transmit P2P traffic to. (/8 indicating that only the first octet “A” is significant). The /8s not scanned by the P2P protocol are 0, 1, 2, 5, 10, 14, 23, 27, 31, 36, 37, 39, 42, 46, 49, 50,100-109,127, 175-185, 191, 197, and 223 – 255. You can clearly see 4 gaps on the “A” line. These gaps match very well with the known list, 0-5 at the top, 100-109 (Blue) 175-185 (Pink) and 223-255 at the bottom. If you zoom in you will also see that the Green section (0- 64) is more spotty than the other colors, which tends to agree with what we know about the blocklist.

Source info

VmWare Fusion 1.1.1 Available Download

m.khozin@gmail.com (M.Khozin) — Thu, 02 Apr 2009 13:49:00 +0000

VmWare Fusion 1.1.1

Get the best of both the Mac and PC worlds with VMware Fusion. With an intuitive Mac-native interface and a wide array of powerful features, VMware Fusion provides the most seamless way to run Windows applications on your Mac.

Seamlessly run Windows, Linux and other PC operating systems on your Intel-based Mac. VMware Fusion gives you the freedom to:

Unite Windows and Mac OS X

Seamlessly run Windows applications alongside Mac applications with the Unity features in VMware Fusion. Find and launch Windows applications quickly with the VMware Fusion launcher. Switch between Windows and Mac applications quickly with Exposé. Minimize Windows applications to the Mac OS X Dock.

Get the most out of your Mac

Play Windows games on your Mac. Create powerful multi-core virtual machines and run 32- and 64-bit operating systems with ease. Use your iSight camera in Windows and gain access to Windows-only USB 2.0 devices.

Create virtual machines with ease
VMware Fusion makes it easy to install Windows as a virtual machine on your Intel-based Mac, and makes a perfect complement to Apple Boot Camp. Use your existing Boot Camp partition as a virtual machine, or use the built-in Windows Easy Install to install a fresh copy of Windows on a new virtual machine.

Turn back time on the PC
Use Snapshots to save the state of your virtual machine, and revert back to that state if your PC crashes or becomes corrupted.

Download Link
I've test this link is active when i post this

Mac OS X Leopard for AMD And Intel 10.5.1

m.khozin@gmail.com (M.Khozin) — Thu, 02 Apr 2009 12:56:00 +0000

Mac OS X Leopard for AMD and Intel 10.5.1

HowTo OSX

DISK IS PREPATCHED this is ISO Format so burn image to a disk and your ready to install simply.

Install Leopard

Now lets install Leopard.
Code:

1. Optional but Highly recommend: install Tiger first. This can be done by inserting Tiger DVD on
your computer and make sure you boot from it. Usually that’s done if you press F8 or F12 or
whatever key combination to give you the option to choose what disk/cd drive you want to boot
from. Or you can always change boot device in BIOS setup. Select your CD/DVD drive. And

Select your language and when the welcome screen shows up

1. Select Utilities -> Disk Utility
2. Select your partition that you want to be OSX and go to the Erase tab
3. For Volume Format, select Mac OS Extended (Journaled), set volume name as “Leopard“
(no quotes, case sensitive)
4. Click Erase. Now the partition should not be grey, it should be black to indicate that it is active.
5. Close out of the Disk Utility and move onwards with installation.

Use “Customize” option and unselect all packages there. Just install base system. By installing Tiger first, the partition would be properly formatted and activated, which eliminate any potential problem. Now reboot and remove the Tiger DVD.

2. Install Leopard.

Insert Leopard DVD, and make sure to select booting from DVD. The installer will load(it will take a while, be patient). If you have Tiger installed, don’t format the partition, just install it over the Tiger partition. Otherwise, same approach as Tiger installation, use Disk Utility to setup the partition.

Important: Use Customize… button and unselect all packages there. Then proceed to installation. When it’s done, reboot. And make sure that your USB/Pen Drive is connected to your PC.

Patch Leopard Installation

After the reboot, also make sure you do the same step above: Press whatever key combination to give you the option to choose your boot device: Now Select your CD/DVD drive.

Once the setup is loaded(again, long wait, be patient), select your language. When the welcome screens shows up, select UTILITIES-TERMINAL. The terminal will now open. We will now browse to our Thumb Drive;

In the command line, type:

cd /Volumes/123/files

Lets now run the script. This will patch the installation so it will boot properly:

./9a581PostPatch.sh

Let it run. You can answer yes when removing the ACPUPowerManagement.kext

Reboot.

Download rapidshare, but download fisrt list of link download Mac OS X Amd and Intel in here:
Download

VM Ware Converter v3 Available Donwload

m.khozin@gmail.com (M.Khozin) — Thu, 02 Apr 2009 12:25:00 +0000

VMWare Converter v3

Use the intuitive wizard-driven interface of VMware Converter to convert your physical machines to virtual machines. VMware Converter quickly converts Microsoft Windows based physical machines and third party image formats to VMware virtual machines. It also converts virtual machines between VMware platforms. Automate and simplify physical to virtual machine conversions as well as conversions between virtual machine formats with VMware Converter.

Convert Microsoft Windows based physical machines and third party image formats to VMware virtual machines.
Complete multiple conversions simultaneously with a centralized management console.
Easy to use wizards to minimize the number of steps to conversion.
VMware Converter can be run on a wide variety of hardware and supports most commonly used versions of the Microsoft Windows operating systems. With this robust, enterprise class migration tool you can:

Quickly and reliably convert local and remote physical machines into virtual machines without any disruption or downtime.
Complete multiple conversions simultaneously with a centralized management console and an intuitive conversion wizard.
Convert other virtual machine formats such as Microsoft Virtual PC and Microsoft Virtual Server or backup images of physical machines such as Symantec Backup Exec System Recovery or Norton Ghost 12 to VMware virtual machines.
Restore VMware Consolidated Backup (VCB) images of virtual machines to running virtual machines.
Clone and backup physical machines to virtual machines as part of your disaster recovery plan.

Download link is active when i posted (95572 KB)