OS9USER Newsroom

#BREAKING : Alleged plot to kidnap and potentially kill Michigan Governor Gretchen Whitmer and overthrow the state government

Why the New York lawsuit
is sure to enrage Trump

Special master told Trump to
put up or shut up

Fox Host Confronts Trump On Existence Of UFOs

QAnon fans celebrate Trump's latest embrace of the conspiracy theory


GRAB a Copy of OS9USER Newsroom Map For Your Website

Apple to release four new iPhones

Apple Top Free Apps


Leaking Classified NSA Information

Billie Winner-Davis, Reality Winner's mother, told Business Insider on Tuesday that President Donald Trump's former lawyer, Michael Cohen, is attempting legal representation to aid the former Air Force language analyst contractor and Kingsville native Reality Winner with her case.

Winner pleaded guilty in 2018 to leaking classified National Security Agency information on Russia's alleged efforts to interfere with the 2016 election. She was found guilty of violating the U.S. Espionage Act and sentenced to five years in prison at the Federal Medical Center-Carswell in Fort Worth, Texas.

In 2016 following her separation from six years of active duty, Winner was hired by Pluribus International Corporation under an NSA contract to work out of Fort Gordon, Georgia.

According to ABC News, Winner printed a classified report detailing how Russian hackers allegedly “executed cyber espionage operations” on local election systems and mailed the documents to The Intercept.

She was arrested on June 3, 2017.

Michael Cohen, who pleaded guilty to campaign violations and tax fraud in 2018, began serving his sentence in May 2019 at the federal penitentiary in Otisville, New York.

He has been under house arrest since July over coronavirus concerns.

Military.com stated that Reality’s mother sent a Twitter message that said “Cohen has asked another attorney to look at the case and for opportunities to help.”


We encourage anyone to reach out to discuss potential news stories that may be in the public interest. You can reach us via email or by phone at 603-483-3900 with the understanding that the information you provide might be used in our
LIVE broadcasts or other stories.

Grab our Feed

December 28, 2007

There are 2 security alerts we are posting about today.

Installing a fake Codec , and Blogger's link to worm.

The 1st one is the malicious nature of “fake” video which requires the user to install a new codec, and in turn, infects them with a ZLOB Trojan.

Your "Sexy Santa" video left some goodies behind when you were watching it.

(Picture Credit) :
Security Pro News

Removing the Trojan is under investigation by our News Team.

The 2nd Alert is Blogger's are linking to a WORM !

One worm was identified as : Storm Worm ( a.k.a. NuWar - Trend Micro detects this as WORM_NUCRP.GEN)

They make this sound like all bloggers are broadcasting trojans.

They are not. Just do not install no new codec's or click on any "Happy New Year" links, and you will be okay (on ANY website).


The Storm Worm has changed the domain name (again) and the executable file name being used to spread yet again. In addition, the filename has changed to either happy-2008.exe or happynewyear.exe. The size is about 135KB to 139KB. Kaspersky detects it as Backdoor.Win32.Agent.dln or detects it as Email-Worm.Win32.Zhelatin.pl.

Storm Worm began using a new domain: happycards2008.com


If you do, or to one of several others with similar names, you'll be redirected to an HTTP request for an EXE file pushing a trojan horse program.

The domains are all registered with an unresponsive Russian registrar. Thirteen different name servers on different networks are listed in order to make it harder to bring the domain down even after 4 days of efforts.

Storm now has better hiding skills, no visible running processes, nastiness all hidden from the API. No more hanging out in the open, easily seen. It is a "Tough Hook".

Then, about 135KB of code is injected from the driver into services.exe process.

Worm collects e-mails from files with these extensions:

.adb, .asp, .cfg, .cgi, .dat, .dbx, .dhtm, .eml, .htm, .jsp, .lst, .mbx, .mdx, .mht, .mmf, .msg, .nch , .ods, .oft, .php, .pl, .sht, .shtm, .stm, .tbb, .txt, .uin , .wab, .wsh , .xls , .xml

The Spam routine will send e-mail to e-mail addresses containing one of these strings:

@foo, @messagelab, @microsoft, abuse, admin, anyone@, bsd, bugs@, cafee, certific, contract@, feste , free-av, f-secur, gold-certs@, google, help@, icrosoft, info@, kasp, linux, listserv, local, news, nobody@, noone@, noreply, ntivi, panda, pgp, postmaster@, rating@, root@, samples, sopho, spam, support, unix, update, winrar , winzip

PrevX lets you download Prevx CSI which will detect the hidden file clean.config, created by the malware under Windows System directory.

Scan your PC in under 2 minutes with Prevx CSI

Helios Lite was designed to be quick and portable, it does not require installation and can be run off a USB drive.

Also see rapier - First Responders Info Gathering Tool from Google Code.

I have some more information as well as Lynn, so watch for another update Part 2.

Please remove all reference's to "Happy New Year" from your site.

Also, if you have a "Sexy Santa Video" , get rid of that too, for you are giving your readers a Trojan !

Watch for Part II of "Blogger Plagued By Storm Worm".

I will be listing some software you can run shortly.

Please note : depending on your scanner, you will come up with different names for this worm. The biggest question I have is : "What information was sent out of your computer, and where did it go ?"

Read our startling report next :

Attack on Bloggers just the tip of the Iceburg Brace Yourself


Blogger OS9USER posted on 2:08 PM, December 28, 2007

Watch for updates as the develope. I will post all information here, and solutions on how to remove the trojans.


Blogger Lynn Sorel posted on 3:20 PM, December 28, 2007

I have some news , turn on your messenger pleaz.

I will post my info soon.



Blogger OS9USER posted on 4:49 PM, December 28, 2007

Go ahead and post...

I was infected but not by these worm's ... I have no idea where I got mine from, but it was in the last 2 days.

It had to be on a news site some place on the internet.

I'll post more on that later.

I need to research my worm & Google's NavBar still.

Thanks !


Blogger OS9USER posted on 8:44 PM, December 28, 2007

News Update : It seems my source for NavBar is broadcasting a worm (From Blogger)was incorrect.

It was an angry user that was infected BY using the NavBar.

The problem is NOT Google, but Bloggers have linked to a deadly (and well hidden) worm by wishing everyone a happy new year, or showing a Sexy Santa Video causing their readers to download an execute this trojan worm.

The Domain has changed, and the filename has changed (again), so please becareful until Google pulls the plug on this operation in their Index. I suspect they will also issue a warning if you click on a link to that site.

I will post some software you can run shortly.

Sorry Google, I am trying to confirm all my news !


4 Comment(s) on this Article

Post a Comment


Trump Claims He Declassified
Documents Using Special Powers

Legal expert reacts to Trump's
inaccurate claim about declassifying

Twitter News

Hackaday — Access An 8-bit Atari Through Twitter

cryptodaily.co.uk — Could China be behind a recent spike in bitcoin addresses?

Medium — Thoughts on distribution strategy and CEO/firm misalignment

Wired — How to Block Bad Websites—or Just Get Things Done

Arkansas Online — Stocks advance to end their best week in 3 months

Business Standard India — Trump to hold in-person White House event Saturday, hit campaign trail Mon

VentureBeat — Star Wars: Squadrons is seeing significant VR play

Japan Today — Twitter testing how its misinformation labels can be more obvious, direct

Mashable — One man's frustrating journey to recovering his Myspace

Medium — The Viral Nature of Bitcoin inside Publicly-traded Company Stocks

 Claim by Mike Pence:

"(Biden’s) own chief of staff, Ron Klain, would say last year that it was pure luck, that they did ‘everything possible wrong’ (with H1N1). And we learned from that."
PolitiFact rating: Needs context
Fact-checking the 2020 vice presidential debate, Kamala Harris vs. Mike Pence

Claim by Kamala Harris:
"There are estimates that by the end of the term of this administration, they will have lost more jobs than almost any other presidential administration."
PolitiFact rating: Half True

Claim by Mike Pence:
That Rose Garden event — there's been a great deal of speculation about it — my wife Karen and I were there and honored to be there. Many of the people who were at that event, Susan, were actually tested for coronavirus, and it was an outdoor event, which all of our scientists r...
CBS News rating: Partially true

Claim by Mike Pence:
"This administration saw 500,000 manufacturing jobs created."
PolitiFact rating: Misleading

Claim by Sen. Kamala Harris:
"Because of a so-called trade war with China, America lost 300,000 manufacturing jobs."
FactCheck.org rating: False

Claim by Mike Pence:
"The Green New Deal's on their campaign website."
PolitiFact rating: Misleading

Claim by Kamala Harris:
"Do you know that of the 50 people who President Trump appointed to the court of appeals for lifetime appointments, not one is Black?"
PolitiFact rating: Accurate

Claim by Mike Pence:
The Rose Garden event with Judge Amy Coney Barrett "was an outdoor event which all of our scientists regularly and routinely advised."
PolitiFact rating: Wrong

Claim by Kamala Harris:
Says Trump "got rid of" the National Security Council pandemic threat staff, and the CDC's team in China.

Tracking COVID-19

Our Interactive Radar

Tracking Our
New Hampshire Weather


OS9USER Trailer Mania


Release Date: October 7, 2022 (US)

Genre : Thriller

The official synopsis;

"A young woman struggling with addiction comes into possession of an ancient puzzle box, unaware that its purpose is to summon the Cenobites, a group of sadistic supernatural beings from another dimension."

Warning: Some flashing-lights scenes in this film may effect photosensitive viewers.

Search our Archives