Tuesday, January 29, 2008

More News - Late Jan 29\Early Jan 30

Storm Worm, IE7\Vista Fix, Jetpack

In an article published last week, it was inferred the proper people know who is behind the Storm Worm and maybe even the RBN itself.
Storm Worm: We Know Who

Popular blogger posts a fix for IE7\Vista users to prevent common crash.
IE7 For Vista Crash Tweak

And for those wanting to fly like 007 did in Thunderball with a jet pack, that dream just got a little closer.
Jetpack Dreams Come True

Latest News & Info

Sorry kids, but I've been busy with the new software upgrade, tweaking things here and there along with MysteryFCM, who has been an invaluable help. If not for him I'd be struggling over at phpBB forum support.

Here are the latest links from the forum, no commentary today tho.


Monday, January 28, 2008

Threads From The Weekend

The site will reach well over 1 million hits this month....thanks!
Monthly Site Stats [UPDATED Jan 27 '08]

New software installed, tweaking things now, read about some of the new additions
Forum Software Upgrade This Weekend..Jan 25-27

A poll to see what sort of links you have in your RSS feed reader
What's In Your Wallet....Errrrr.... I Mean RSS Reader?

BillP fights piracy to keep his PLUS users always connected.
WinPatrol: Online Activation is the Future

And it looks like another security vendor may bundle something no one ever wants with their free software.
Lavasoft confirms negotiations to bundle Ask Toolbar

Friday, January 25, 2008

New Forum Software Upgrade Completed

New forum location here

Forum bug thread here

UPDATE: Redirect....from old path will be up shortly....is now operational.

Tweaks and things will be ongoing thru the weekend, thanks for being patient.

Forum Upgrade Under Way....

Please be patient as I upgrade the forum software from phpBB v2.xx to the latest v3.xx.

Hope to have it done as quickly as possible, so if forums unavailable, that may be why.

Thursday, January 24, 2008

BillP Gets Support From Users & New Scotty Jan 25

Well BillP has gotten a ton of support from all the users after his decision to not bundle WP with any 'extras'. He's very thankful and now we're getting a new Scotty!
BillP Gets The Love & New WinPatrol Jan 25

Fake MySpace Program, Windows Live Phish, Busted!, Writers Strike

PG finds a fake program on MySpace that leads to.....drum roll........trojan download! Fake MySpace Program

Donna @ COU gets not one, but two phish emails using Windows Live. Windows Live Phish

Some guy in Japan writes a virus, but that's ok, because over there it's not llegal. So they nab him for copyright infringment instead. BUSTED: Virus Writer In Japan

And with the writers strike going on users are turning to the Net in droves. Survey: Writers Sending Viewers To Net

Wednesday, January 23, 2008

Latest Hot Links In forum

PG finds some open direcories and gets him a boatload of inf about the scum behind MySpace fake profiles.
MySpace: Fake Profiles, How It's Done

Researchers gets sites shut down via collaborative effort. The power of the Web as a collective.
Google, eBay Thwart Phishing Schemes

Virus List's latest threats.
Malware Miscellany

Mac users will now begin to see malware aimed at them. But don't expect it to reach epic levels....yet.
Cybercrime Moves Beyond Windows

China shuts down over 44K porn related sites. Big deal.
File Under: Drop In The Bucket

MS drops some info about the next gen IE.

MS Confirms IE8 = 3 Render Modes

Another teacher accused of some sort of sexual contact with a minor.
Louisiana Teacher Facing PC Sex Charges

I don't know why they need a study for this. Anyone with half a wit knows ads suck
Web Ads Face Growing Opposition

Wednesday, January 16, 2008

BillP Takes The High Road

Chalk one up to integrity and ethics.

Ask.com, owned by IAC approached the WinPatrol developer about including a toolbar in with the product we all have come to love using and recommending. Would Bill be tempted by the $ signs dancing in front of him? Will he think more of the bottom line and less of his users?

Do I have to really answer that?

Storm Worm IPs

List of latest Storm Worm, with some 'Subject' lines as well

  • 92.80.105.5/
    92.81.116.188/
    92.80.105.5/
    24.210.161.135
    80.74.59.103
    75.36.203.254/
    99.165.13.64/
    Our Love Nest - 65.185.86.166/
    Dream of You - <same as above>
    Hugging My Pillow - 24.88.247.128/
    76.252.189.167
    72.40.18.255/
    69.236.21.121/
    92.81.116.188/
    92.80.105.5/
    24.210.161.135
    80.74.59.103
    75.36.203.254/
    99.165.13.64/
    72.224.23.148/
    123.140.200.190/
    A Toasty My Love - 24.23.163.181
    Our Love Will Last - 64.126.47.223/

More subject lines here as well

Tuesday, January 15, 2008

Teen Site Update.. Storm Worm Tracker

On the teen dating site mentioned earlier, it appears someone may have found some child pr0n on it. The sites been reported. Updates as received.

I also posted about the latest Storm worm variant, but neglected to say there iis also a new link to keep track of these variants located on the Secure Computing website. Nothing like collaboration between researchers to maintain an ever present vigil eh?

Storm Worm: Valentines Version

Check out the latest Valentines Day related Storm email!

Zango, Spam, Routers, FCC, Fires, UFOs!!

Got some action this morning already, so lets get to them.

First up is a disturbing new incarnation for a site which PG had previously written about, but this time its turned itself into a teen date site. Teens meaning 13 year olds!! Oh and Zango is involved. Can you say you're surprised? I can't.

Then a security vendor is claiming that in a corporate environment over 90% of emails received are spam. I'm glad I don't work in an corporate environment.
Or any 'work' environment actually. LOL

There is a report that most home routers are vulnerable to remote take over. So you better read up and make sure you're protected.

Comcast is being investigated by the FCC about its Internet filters. With lots of users complaining I guess it makes sense to see wtf is going on.

PC vendors Dell and HP are sued over fire damage claims by a couple of different people. One case disfigured a daughter of a complainant. Another burned down a business. Not exactly the kind of 'hot' press you wanna see if your the PR guy eh?

Live in Texas? If so did you see the UFOs??? Did ya, did ya??

Monday, January 14, 2008

BUSY-BUSY-BUSY News Day

This weekend was pretty light, news wise but today was steady, so I'll give a quick summary below.

The good people at Sandboxie released a new version over the weekend, so go and check that out. I'm loving using it. Very handy.

Always a favorite, the 2007 Darwin Awards have been named. It never ceases to amaze me some of the stupid things people do.

Got a $100 bill? Better be sure it's not one of these super counterfeited bills. But on second thought, they're so good who cares?

Symantec has encountered what they're calling an intelligent man-in-the-middle trojan. Malware is always evolving and for the average Joe Net user things like this become a problem. Unless of course you've got half a brain and never open unknown emails. Then it won't matter how damned intelligent the trojan is, will it?

PG alerts us to a prank on MySpace that changes your default language to Japanese. Easily fixed tho and no real harm is done.

The people behind MySpace, along with several AGs of some states today announce a new plan to protect kids from predators. This sort of effort always turns out win-win for all involved.

A security research company that analyzes websites visited by its clients employees, looking for malware spreading sites is baffled by the 'who' and 'why' of the hundreds of sites that were found.

Over at InfoWorld they've started a campaign to save XP from being discontinued, except it's not being discontinued at all.

More information about the Russian Business Network has been posted by DDanchev. This researcher knows how to track these guys. I'm sure they hate him. But that's good for us.

Over in the BUSTED! forum we have some convicted script kiddie hacker getting charged with extortion after hacking a MySpace profile. He demanded phone sex and nude pix of her to get her profile back. What a dweeb!!

Finally (whew) we have a report that the IRS has yet to fix 70% of IT related security holes since last year. Great, not only do we have to give them all this money they can't even keep our info safe once they do get it.

Saturday, January 12, 2008

OMG...News-News-News!!

Geeez....I was out all day for the most part. And there was tons of news to boot. I'm too tired to give a quick round up......so just go read the forums!!

Thursday, January 10, 2008

OT: Discount Tire & Customer Service Or Lack ThereOf

Sorry for going OT here but I needed to vent some.

The other day I went to have my tires rotated & balanced at the local Discount Tire store. Typical time for this is 45 minutes, no biggie, me and wife went to Wal-mart.

I’ve gone to this Discount Tire store plenty of times, outcome hasn't always been as good as I’d have liked, but this does not surprise me. Could be the combo of my wheels and tires, I don't know.

Having previously been in the tire biz for a few years, I've heard my share of Discount Tire stories. Also had many a customer come to the shop I worked at to ‘re-do’ what they had done.

Anyway, I get the car back, start driving home and almost immediately I'm getting steering wheel vibes at about 45-50 mph. Then body vibes as well. The first thing anyone in the tire sales biz asks, if a customer complains about any vibration is;"Does the steering steering wheel shake or do you feel it in the seat of the pants”. Steering wheel generally means front tire out of whack, balance or bent. Seat of pants means it’s a rear while\tire problem.

So having no time to turn around I called the following day about 11:55 to tell them of the problem. The guy says no problem, we'll have you out in 45 minutes. I'm like, umm….no....I need to be taken care of sooner rather than just fitting into the regular rotation of other customers. I’m a returning customer of a complaint of about a job perhaps done incorrectly.

When I ran my own biz and worked in the tire shop, whenever someone came in to complain or to have something looked at which was done wrong previous, he got pushed to the head of the line, no matter what. Customer service is many things, one of those things is perception. If a customer thinks he being treated in what he thinks is quickly and fairly, even tho that may not exactly be the case, that's really an impression worth making.

So he says out the door maybe 30. I'm fine with that. At least I got the impression he was gonna try. And I know how busy those guys can be on any given hour.

I show up @ 12:33 or so. I pay attention cuz I hate being later than I say. By the time I get to the counter it’s another couple minutes as I'm 3rd in line. I explain my story, he’s very congenial we joke about the vibrations, me saying if I was a woman I may not mind it too much, wife smacks me, we continue. He says 45 minutes I say that’s not good enough. No I didn't mention that the other guy said 30 minutes. He says under 45. I accept that.

He writes me up, slips the ticket into a plastic sleeved jacket, which I notice is the only one in this type of packet. I can only surmise this means 'rush' or similar and then he slides said jacket into a box with slots in it. Obviously, the techs grab their next work slips here. I look at my watch, 12:45. (I come to find out later the ticket says 12:39) more on this below.

I look in the bay and I see 3 empty bays out of about 7. I'm thinking, if these guys are on the ball, my car gets in next. Even if they don't begin working on it right away, at least it shows an effort to start it.

Overall activity is very relaxed, several of the techs are moving at what I’d consider fuckin’ off speed. Almost like the manager was gone or something. Ok, I give em a while.Those bays over the next 10 minutes (I check time) get filled with cars. Two of which got checked in after me, one perhaps lady before me. Now I'm beginning to wonder if I'm gonna get out in the time period the guy said, cuz I know it takes at least 20 minutes to get a car redone. Minimal.

Mind you, if it’s just a re-balance then it’s easy. But if there is something else, then we're looking at more time and I'm fully aware that any time frame previously given is out the window. At that point if it is something that requires more time I can then decide if I have the time to fix it. After all, I drove the car in, I could drive it out if time was a factor.

By 1:05 my car is still outside and I'm not seeing any flurry of activity or the like. Now there are still 3 empty bays mind you. I'm beginning to get annoyed because I know I'm not gonna get my car in the time they said.

By 1:10 as I see that another car has been pulled in and no one has even picked up my ticket, I go and ask for the keys. I tell the guy “Hey, it’s not getting done, I’ve wasted 35 minutes of my day and not gotten this fixed in the time you said”. The guy of course says your car is next car up. I explain that it isn't in the time I was promised and other cars have been brought into the bays which were written up after me and they’re being worked on. Where is the priority for a customer with a complaint?

I start to leave, decide to talk to a manager. I ask the tech and he says “Well, we're all managers”, but then calls in another tech. I explain that I was told I’d get the car in and out in 45 minutes or less. This is obviously not gonna happen. The guy proceeds to tell me that they can get cars in an out on an average of 11-13 minutes, I say “So what”. I explain about other cars written up after me that were brought and were being worked on. He continues to say that they can get the car done. I try to explain that I should have gotten priority over anyone that was before me as I was a customer who was having to return to have something they did incorrectly remedied. He counters with stats about the 175 cars a day they do there, once again, I say “So what”.

He tries to explain that if I didn't continue to yak or try to walk out the car could be done, by now it’s already 1:15-18. There’s no way it gets done in their 11-13 minute window and keep within that 45 minutes or under time table I was promised. Mind you I'm going off of my time of 12:45, not the ticket time of 12:39. That’s totally blown. This of course excludes any time for the 'unforeseeable'. And by now the guy brings up the 'unforeseeable' and I say, “I understand that, I'm talking about the time it took to just get my car in the bay”. Again I point out that other cars got in before me that were written up after mine and being worked on, he again begins to explains that if we stop yammering (my words, not his) the car can get done. I guess he thought time stopped and he could still somehow get the car done.I say “No thanks, I want a phone number where I can call to complain”. Then he says “…that would be a waste of time...yada-yada-yada-…” more about gettin the car in instead of complaining. He still don’t get it.

As I'm walking out the door he’s saying “Sir come back!”, and I'm like no fuckin way, you'll never see me here again.

All they had to do was give me the impression that I was a priority as I should have been. Even if it took longer than I had been told, had I at least FELT like I was gettin some sort of preferential treatment I’d have been annoyed but not nearly as pissed off as I was.

Needless to say ill never buy another set of tires from Discount Tires again.

Wednesday, January 09, 2008

IM Attacks, Botnet Birth, Banner Ads, Storm Worm & More

Another busy day of security news and other tidbits in the forum.

We'll start off with some stats about IM attacks, from FaceTime. They've come up with some percentages displaying which is the biggest target. Would it be MSN, AIM or YIM?

Sandi over at Spyware Sucks has some good news about rogue banner ads. Seems the offensive server has been firewall blocked. She rocks on these don't she? Heck she rocks on alot of stuff.

The RBN seem to be offering the Storm worm domains for sale or rent. This was not exactly something that wasn't foreseen. I've been keeping track of this and it was previously mentioned as a possibility.

Way back when the SoBig worm came out, it seems this was the birth of the botnet according to these researchers. I wasn't even involved in security back then, but I remember the news about SoBig. It seemed scary at the time. But then once I came to know the slightest bit about worms\spam\emails I realized it was the easiest thing in the world to avoid.

Researchers are saying that the 'shadow economy' of malware is worth about 105bn. Of course no one can really put a figure on this, because no one can know what these guys are actually taking in or spreading around.

ICANN is trying to put an end to domain name tasting in an effort to remove a loophole in the system. Many a poor soul have fallen victim to these asshats. Many people consider them nearly as bad as spammers. Can't say I'd disagree.

Well that's about it for now. That ought to be plenty of reading for you. Please take some time to share your experiences in our forums.

Tuesday, January 08, 2008

MBR Rootkit, BUSTED, Malicious Site, Violence and Crime

In our BUSTED! forum you can read about the longest sentence given to someone for computer sabotage.

Websense posts an alert about an infected\compromised website to be on the watch for.

There is a report that ties watching pr0n and violent movies creates a drop in criminal activity.

Finally from Symantec we have info on the a new MBR rootkit

Storm Variant In Mass Phish

SCMagazine reports that one of the latest Storm variants is being used in an expansive phishing scheme targeting two large banking institutions. No matter the season, there's always another Storm brewing.

New IM Worm

Over at Trend Labs they warn of another IM worm making the rounds. WTF, are people still clicking these unknown links? Wake up people!!

Monday, January 07, 2008

More News In Forums!!

Wow, forum has been busy since my last post. Well busy with me posting more stuff there anyhow. Why don't you all drop in and comment?

There seem to be more states adding laws that restrict computer forensics to 'official' investigators. This I'm sure is an effort to prevent those who 'think' they know what they're doing from actually doing more harm than good.

An opinion from a journalist expresses concerns over new TLDs as they may relate to new areas of spammer exploitation. Certainly a qualified concern. Lord knows we don't need any more areas to worry about. I know I'll be blocking any of those new ones.

Popular site Geek.com got got hacked late last year, having personal info on users who bought from them in the last year or so stolen. Oppss. One would think a site named 'Geek' would keep extra secure software. Just goes to show you.

PG weighs in on what he thinks really happened with the whole Facebook\Zango 'spyware' situation. Reading it might just surprise you.

To finish off this latest entry we have an update on the wonderful gang over at RBN. They have a new set of servers ready to go. Thankfully we get a pretty ecent jump on this info thanks to the tireless efforts of a dedicated group of people.

Vista Nags, Banner Ads, YaHoo! AntiSpam, Ad-Aware SE

The first Monday in 2008 brings us some good reads in the forums.

Got Vista? Then read about stopping those annoying balloon alerts about start up programs. I know this was annoying when I was using Vista....all of 3 minutes at least.

It seems there is a never ending stream of banner ads running on sites everywhere. I ought to just make a 'sticky' post for them already.

Users of YaHoo! based webmail have a new spam defense system which was just rolled out. That's always good news. Die spammers!!

Lastly there may be a reprieve for users of the old Ad-Aware SE. You just might be able to keep using it. But so far we have no idea how long. we'll keep you abreast of things tho.

Sunday, January 06, 2008

Malware On Blogspot....Again!

Well Saturday nite I went cruisin' for malware on Blogspot. And I'll bet ya can't guess what I found there?

Friday, January 04, 2008

MS Bulletin Advance Notification for January 2008

One Critical, one Important

Critical - Remote code execution

Important - Local elevation of privilege

Forum Update- Firday Jan 4

Couple of updates and our first BUSTED! entry in the new forum.

The thing that PG found earlier, thinking it was a MySpace exposure turned out to be the companies hosting company. So no major worries.....we think.

Sears went rather quickly to disable the search function found earlier which exposed everyone's buying history to most anyone. Good work Sears!

Lady Justice is tracking a few scumbag spammers who were involved in a spam\scam\fraud scheme. And one of them is on the run.

And filing under 'embarrassing', a security vendors site was hacked earlier in the week but is ok now. Guess whoever was in charge of maintaining server stability was off drinking eggnog or something. Hope he got some coal for that.

New User, Wi-Fi Virus Outbreak?, IM Attacks, MySpace Controller

We have a new member, so drop in to say 'hello'

Researchers have put forth proof that a virus could spread via wi-fi connections pretty easily.

It seems PG has stumbled across something that could be a MySpace control & command application, but he's not sure!

Finally users of the ever popular IMs need to take heed as the number of attacks has increased recently and more are expected for 2008.

Rogue Domains, Sears, Banner Ads, BUSTED!

Some new info posted in the forums, so I'll summarize here for you.

A new set of rogue domains has been posted, I'm sure all will be added to most hosts files soon enough.

The rogue banner ads thread has an addition, a German sites been hit now and Sandi has details as usual.

As if things were not bad enough, sears has suffered a serious privacy issue. Bought anything there lately? If so I can tell you what it is.

Trend Labs lists their top December threats for those keeping score.

Finally we have a new forum called BUSTED! In there you'll find links and articles of people who've been busted in online related scams. Not so much rogue stuff really, more for actual legal cases.

Thursday, January 03, 2008

Zango Tries Backdooring To Facebook

The gang at Sunbelt alerts us that Fortinet researchers have discovered a widget that tries to installs Zango on Facebook. Check it out and warn your fellow FBers, I know I am.

Busy Day!!

Wow...busy day already.

We have two 'Emerging Security Threats' to post about today. One in Real Player and the other a flash player problem.

Then we have what Kaspersky is calling Diehard virus variants making their top ten list for December and Sunbelt finds a a trojan which requires a phone call to activate a license.

In the Spam\Phish forum we find that users of Facebook are being phished with fake account that is live.

Finally those of you using Ad-Aware SE must upgrade to Ad-Aware 2007 as SE will no longer be supported

Recent Threads In Forum

Been busy the last day or so with the Blogspot malware stuff. I even got a mention on a major new IT site!

Sandi over at Spyware Sucks blog has more rogue banner ads and PG found some MySpace ringtone spammers using Toms profile! Yea, that's real low key.....they may know how to make some money but these malware guys just ain't too bright. Few code lines short of a program.

The good people at F-Secure got their hands on a malware kit and have it dissected. Scary professional looking too.

Finally we have a potential major problem with file identification. There may be a way for the scumbags to avert one of the ways in which a file is specifically ID'd.

Tuesday, January 01, 2008

WOW! 920K Hits For Dec.

Well I have to say I'm pleasantly surprised. I'd expected a good number of hits this month as I watched and tracked. Was figuring I'd get maybe 800K. But lo and behold, you guys got me to over 920,000 hits.

Thanks! Some more stats here....