SWI Community News - October 2007
Posted 28 October 2007 - 09:54 PM
Welcome to the 5th Edition of SWI Community News!! We almost missed October, but we are squeaking through at the last minute. Again this month we have some interesting lists and my rant on the state of the Internet. This month we also have an article from one of our Ambassadors who is passing on information about a very important topic. We hope you enjoy our newsletter and find it helpful. Please comment so we can find out what you want to see and what you find most helpful. We will put up another poll in a few months to see how people are responding, but you can comment at any time. Please do let us know if you don't like something and let others know if you do like something.
And here is the usual disclaimer:
Opinions and information expressed in this publication are not the responsibility of SpywareInfo.Com or it's owner, administrators or hosting services. Information and opinions posted here are the property of the respective author.
That also means that the material is subject to the copyright of the author and you need to cite the author if you quote any material from this publication elsewhere.
And as usual -- to get notification when a new SWI Community News is available, subscribe to the subscription topic and we will add notices of publishing to that topic so you will receive an email notice if you are set to receive notices of topics you are subscribed to.
Light in the Darkness
This last couple of months has been interesting in the fight against malware criminals. They continue to infect computers all over the world and ruin the days, and sometimes the lives, of people everywhere. However, they have suffered a number of important setbacks as well. As noted in the articles in this month's newsletter, there are a number of major legal victories that have recently been reported. An antisocial young man was arrested for attacking sites with a Distributed Denial of Service (DDoS) attack. This is a type of criminal activity that is used to cripple or shut down web sites. It has been used for attacking small websites in a vindictive way like this young man, but it is also used for extortion and predatory business practices.
Another even more massive DDoS was recently directed at CastleCops which has been very actively engaged in the fight against malware criminals in a number of ways. The attack was one of the most vicious that has been launched and required the criminals to use of a huge number of resources that would have normally been used to steal, spam and otherwise harass people around the world. It shows how much the criminals see CastleCops as a problem in their efforts to make themselves richer at everyone else's expense. CastleCops recently published information indicating that they were able to prevent the loss of more than $150 million (US) in the last year with the anti-phishing program (PIRT) alone. This explains why the criminals were so invested in shutting them down. However, they didn't succeed. CastleCops weathered each wave of the attack and was only offline for very brief periods of time. In the process, they collected a great deal of information on the criminals which will be turned over to law enforcement around the world to help take them down permanently. When the DDoS didn't work, they tried a "Reputation attack" by using stolen information about PayPal accounts to make people think that CastleCops was defrauding them. Fortunately, CastleCops has nurtured very good relationships with law enforcement and many large web businesses, including PayPal, and was able to turn tables on the criminals. They saved a number of victims from further financial losses in the process. CastleCops has a number of different efforts going on to help make the Internet safer for us all and I am extremely grateful for all the efforts there.
For details about the "Reputation Attack", look here:
And for more information about the money saved by PIRT:
While CastleCops is to be applauded for all the efforts made there to fight the criminals and their victory over these pests during these attacks. It is also true that there are people all over the web, like the SpywareInfo team, who are fighting these criminals as well and we are all making progress. The fact that law enforcement is beginning to act more aggressively toward the criminals and working with the malware fighting community to take them down is a wonderful sign of progress. The multiple setbacks suffered by the criminal world over the last few months is testimony to the fact that we are gaining ground.
Helpful link: SpywareBlaster...
MS MVP 2006 and ASAP Member since 2004
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
Posted 29 October 2007 - 02:13 PM
So, here we are again. Once more your intrepid explorer has been hacking through the Internet jungle to bring you all that's good, fresh and free from the world of software.
Here's the usual disclaimer: this selection is my own personal opinion, I receive no incentives from anyone to promote any product and I am not responsible for any problems that may arise from these recommendations.
As ever; if anyone has any comments, preferably constructive, please feel free to add them to the Newsletter discussion topic. Ditto if you wish me to find or review a particular item.
Without further ado, here's this month's star recommendation.
This is just great, not the least because it contains a portable Firefox! This Application literally turns your flash-drive into a mini-PC, meaning far less hauling a laptop around. The standard suite comes with ClamWin Portable (antivirus), Mozilla Firefox - Portable Edition (web browser), Gaim Portable (instant messaging), OpenOffice.org Portable (office suite), Sudoku Portable (puzzle game), Mozilla Sunbird - Portable Edition (calendar/task manager) and Mozilla Thunderbird - Portable Edition (email client) and runs comfortably from a 512MB drive.
There's a lite version too which runs easily off a 256mb drive. You can adapt it to run on pre-XP systems too. Take a look at the pick and mix utilities you can use, everything from Sudoku Portable to winMd5Sum Portable.
Sorry if I'm sounding a touch partisan -- this is just that good. This is like a PC you can hang on your key fob. Once installed on the drive, you click on the start icon and get a professional looking start menu -- and you're away. You don't have to use applications on the host PC and you leave no footprints. It also launches from the system tray. This is the future of flash-drives. Any criticisms? It's a slow download and a slow install. Apart from that, no complaints. I love it and I've been using it ever since I discovered it. For me, the best part is being able to send and receive my e-mails from my flash-drive. It's so useful.
And the next attraction:
As it says on the webpage, Paint.NET is free image and photo editing software for computers that run Windows. It features an intuitive and innovative user interface with support for layers, unlimited undo, special effects and a wide variety of useful and powerful tools.
It also says - "It's like a free Photoshop." As someone who has used both, I have to say it's not far off it. It certainly has an easy to use and familiar GUI. It also has a great selection of plugins and an active support forum.
It runs on Windows XP (SP2 or later), Windows Vista or Windows Server 2003 (SP1 or later)
So, if you're thinking you need to buy Photoshop and wondering if you can afford it or you're simply looking for a good image and photo editing software, this might well be the program for you.
Next, I've selected:
T r u e C r y p t
There are many encryption programs out there and if you just want to hide a few personal files then this one is probably overkill. TrueCrypt is a serious encryption program! It uses advanced algorithms (AES-256, Serpent and Twofish). The volumes, once created, are undetectable. It runs on Windows Vista/XP/2000 and Linux.
This is not the easiest of programs to use initially. However, if you have sensitive material (for example: development projects, client files or financial transactions) that you want to keep safe, it is well worth the effort to familiarize yourself with all the features.
"On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. The entire file system is encrypted (e.g., file names, folder names, contents of every file, free space and meta data). Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations)."
So, even if someone steals your entire PC, your data is safe. Just Googling "stolen laptop" will help you realize just how much you, and many hapless victims, might need a program like this. Take a while to read through the documentation if you're looking for an encryption program:
I think you'll be impressed.
And finally, another one for the Firefox Addon corner:
As the name suggests, it's a download manager for Firefox. But take a look at the features: http://www.downthema...howto/features/
The feature that really sells it for me is the ability, with one click, to list every downloadable item on a page, select what you want and download them all (hence the name I guess!) in one go. Highly recommended for Firefox users.
And that's all for this month. Surf safe, more next month.
My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.
Posted 29 October 2007 - 02:18 PM
Do you own your own domain ? Do you run your own server ?
If you answered YES to either one - then :-
What do you do with your error logs?
WHAT! - you did not even know you had them? WHAT! - you do not even read them ?
In life offline in my country we have organizations which are called 'Neighbourhood Watch' groups.
They are groups of people who have taken the trouble to notice what goes on in their street - to notice when something strange or suspicious is happening.
So you would expect them to notice when a person is walking down their street with a tool bag, walking up to each front door and window of each house and trying to break in.
You would expect them to report that person while he/she is still trying, to the police, so that he/she can be caught and stopped - BEFORE SOMEONE IS BURGLED.
Your error logs will show such suspicious behaviour, they will show where YOU have had your domain or server poked and prodded with digital screwdrivers and such.
When they fail to break into your domain or server, they leave a trail showing who they are, the way they tried and so on.
That log is evidence. In the right hands of the right people, that CROOK could be taken to task.
So what can you do?
I recently gave a talk to a room full of Microsoft Most Valued Professionals (MS MVP) from the United Kingdom and Ireland at the Microsoft headquarters in Reading UK.
Here below is one slide - the full talk is viewable at:-
It also contains a link to download the PowerPoint presentation and a Publisher handout file.
Please read - and if you have your own domain and/or server please consider joining our neighbourhood watch scheme and start reporting those bots, motherships and control centres. You know it is what you need to be doing if we are going to stop the invasions.
Remember do nothing and the Bot Herder will win.
My- computer Safety online - Article and others Texruss's Hijackthis FAQ
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
Posted 31 October 2007 - 01:40 PM
The Good (This is the first time the number of good articles has outnumbered the bad!):
A 21-year-old California man has been arrested and charged with launching a distributed denial-of-service (DDoS) attack against CastleCops, an online forum and Web site that specializes in rooting out Internet scams. Gregory King, of Fairfield, Calif., was arrested last Thursday and arraigned Monday on four federal counts of attacking servers that hosted CastleCops and KillaNet, a Canadian Web and graphics design community. If convicted, King faces up to 10 years in prison and a US$250,000 fine. "All too often, victims of DDoS attacks are left feeling let down and with a sense that the system fails," said Robin Laudanski in a message posted to CastleCops' front page. "Today, the system didn't fail." Laudanski and her husband Paul run CastleCops.
In a case that threatened to undermine the effectiveness of antispyware technology, a federal court last month sided with consumers when it ruled that companies can't be sued for providing Internet users with effective tools to protect themselves against online threats. The case pitted Kaspersky Lab--which offers a range of antispyware and antivirus tools--against notorious adware distributor Zango.
An international crackdown on Internet financial scams this year has yielded more than $2.1 billion in seized fake checks and 77 arrests in the Netherlands, Nigeria and Canada, U.S. and other authorities said on Wednesday.
The Attica Police electronic crime unit on Thursday announced that it was preparing to prosecute two Greek "crackers" suspected of hacking into on-line banking systems and transferring funds from the bank accounts of clients into their own. They said the pair were believed to be part of an international ring that was involved in cracking electronic banking systems.
YAHOO is working with eBay and its PayPal payments unit to block fake emails to users purporting to be from the auction leader. EBay and PayPal have upgraded their computer systems to support an emerging technology standard known as DomainKeys invented by Yahoo that authenticates email senders are who they say they are, allowing Yahoo to block fake emails.
Two ex-policemen were jailed today for running a private detective agency that tapped phonelines and hacked computers during its investigations. Former Met officers Jeremy Young, 40, from Ilford in Essex, and Scott Gelsthorpe, 33, from Kettering, got 27 months and 24 months respectively at Southwark Crown Court.... The pair offered to bug cars and break into networks on behalf of clients and to steal medical records, bank details and phone records. Gelsthorpe and Young hired a US-based hacker to use Trojan attacks against their victims
The owner of FixWinReg, which used a Windows feature known as Net Send to display alerts billed as important security bulletins, has agreed to pay $25,000 to settle charges he dished out misleading advertisements that duped computer users into buying unneeded software they were told would fix critical operating system errors.
One of the world's most-used pirate film websites has been closed after providing links to illegal versions of major Hollywood hits and TV shows.
When it comes to launching online attacks, criminals are getting more organized and branching out from the Windows operating system, eBay's security chief said Tuesday... "The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.
A Washington state teenager is facing 18 years in prison on charges that he used his PC to access the Orange County, Calif., 911 emergency response system and convinced the sheriff's department into storming an area couple's home with a heavily armed SWAT team.
Fasthosts, the UK's largest web hosting company, has sent an email to customers warning that one of its servers has been compromised by an attacker. The attacker is believed to have gained access to users' usernames and passwords.
Security researchers have found a way to execute cross-site scripting attacks through VoIP clients, introducing a dangerous new threat almost no one is guarding against, according to vendor Secure Computing.
Spammers started delivering spoken messages mid-week in the newest twist on the ongoing pump-and-dump scam, several security researchers said. According to analysts, the spam is coming from the individual or gang responsible for the Storm Trojan, and is being sent from a piece of the Storm-built botnet that was recently split off from the core group of compromised computers.
A PDF Trojan horse is spreading malware by exploiting a URL-handling vulnerability in Windows XP and Windows Server 2003 running Internet Explorer 7, Symantec warned customers of its DeepSight Alert Services on Oct. 23. On Oct. 10, Microsoft released Security Advisory 943521 about this vulnerability and public reports of remote code execution. At the time, it said a patch was in the works.
Burma’s ruling junta is attempting to seize United Nations computers containing information on opposition activists in the latest stage of its brutal crackdown on pro-democracy demonstrations.
An Internet business based in St. Petersburg has become a world hub for Web sites devoted to child pornography, spamming and identity theft, according to computer security experts. They say Russian authorities have provided little help in efforts to shut down the company. The Russian Business Network sells Web site hosting to people engaged in criminal activity, the security experts say.
Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005