Friday, November 19, 2004
Virus Warning on WORM_SOBER.I
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
WORM_SOBER.I
We have received a report from Trend Micro of a new Medium Risk virus
spreading via email. The virus name is Worm_Sober.I, we would like to
alert all users to just go ahead and delete these emails if they do
receive them. The details of the emails are listed below:
From:
Subjects: (any of the following)
* Confirmation
* Delivery_failure_notice
* Details
* Faulty_mail delivery
* illegal signs in your mail
* invalid mail
* mail delivery system
* Mail delivery_failed
* Mail Error
* Mail_Delivery_failure
* Oh God it's
* Registration confirmation
* Your mail password
* Your Password
* Fehler in E-Mail
* Ihre E-Mail wurde verweigert
* Info von
* Mailer Error
* Mailzustellung fehlgeschlagen
* Ung
followed by any of the following:
* _Key_
* Key (
* - Code:
* - Damon:
* - SMTP:
The subjects may also be prepended by any one of the following:
* FwD:
* Re:
Message body: any of the following
* I was surprised, too!
Who_could_suspect_something_like_that? shityiiiii
* Your password was changed successfully!
* Protected message is attached!
_delivery_error
_does_not_like_
_failed_after_I_sent_the_message
_Requested_action_not_taken
Anti_Virus: No Virus was found
Attachment: No Virus found
disabled
discontinued
Giving_up_on_
Mail_Scanner: No Virus
MAILBOX NOT FOUND
mailbox_unavailable
recipient.
Remote_host_said:
sender.
This_account_has_been_
* Diese Information ist gesch
Da Sie uns Ihre Pers
Viel Vergn
****
Im I-Net unter: http://www.
* Diese E-Mail wurde automatisch generiert.
Mehr Information erhalten Sie unter http://www
* Folgende Fehler wurden aufgezeichnet:
STOP mailer
* Aus Datenschutzrechtlichen Gnden, darf die vollstSndige E-Mail incl.
Daten nur angehSngt werden.
Wir bitten Sie, dieses zu ber
Automatic-Mail.Config#:
* Guten Tag,
da unsere Datenbanken leider durch einen Programm Fehler zerst
Ihre geSnderten Account Daten, befinden Sieim beigefgten Dokument.
Vielen Dank fr Ihr VerstSndnis.
------<> GmbH & Co. KG
------ Send-To: Home-Service@.com
------ www.
followed by any of the following:
* *-*-* Mail_Scanner: No Virus
*-*-*
*-*-* http://www.
* ++++++ User-Service: http://www.
++++++ MailTo: postmaster
* *-*-* X-MS_Scanner: Kein Virus erkannt
*-*-* Attachment-Scanner: NO VIRUS
*-*-* Anti_Virus: Es wurde kein Virus gefunden
------
* *-*-* - Anti_Virus Service
*-*-* http://www
Message attachment: (any of the following)
*
* auto__mail
* im_shocked
* oh_nono
* re_mail
* thats_hard
followed by any one, or a combination of two, of the following
extensions:
* BAT
* COM
* DOC
* EML
* EXE
* PIF
* SCR
* TXT
* WORD
* XLS
* ZIP
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Thursday, November 18, 2004
From AIMHI - Money Maters - Your online but not ordering your movies over the net? Your missing a PRICE REDUCTION now.
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
NETFLIX.COM
Thats the outfit that just lowered it's prices. Was $22.00. Now $17.99. That's about 18% change DOWN.
I've used them for years. Oh! And guess what, their stock price is up due to "repid subscriber growth" reacting to the lowered price sending profit up. So they told the financial world that they were rivising gudance for their 4 qrt. earnings.
Buy the stock and or the movies...
And if you already get your movies from Netflix DO check your Nov. statement you don't get to see this offen. I may put this months statement and next months together and scan them side by side and post 'em here. Might.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
From AIMHI on Investing - derivatives, for the individual
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
So, what is a derivative, it a financial instruments that get it's value from other underlying items. Webster's says, "made up from other elements". Till last month dderivatives have really only been for Large investors. As of last month HedgeStreet changed that. NOW SOME PEOPLE WELL TELL THINGS LIKE IT'S JUST ONLINE GAMBLING. Some say the samething about investing in Stocks. Take a look, see if it fits you or not. This is a one and only right now. Keep that in mind. I'm looking and learning for now myself.
Go to HedgeStreet(click on "About HedgeStreet") And see this;
"HedgeStreet is an Internet-based derivatives exchange which significantly extends the range of investment and risk-hedging options available to individual and institutional investors in the United States by offering a vast array of derivatives based on contingent outcomes and conditions." And more.
Good luck out there,
AIMHI,of letsnet.org
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Momey & ID theft, You need to not let any get your ID
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Shred anything that comes in the mail that has you name, address, etc. on it. All that junk mail shred it. Did you know it is legal for anyone to go though you garbage cans once their on the sidewalk waiting for pickup.
Don't want to pay for a shredder but you do have a cat! Well I know of people that put their junk mail in with the cat litter. Neat! I dont' have cats, so I shred but I don't shred the hole piece of paper. I tear off the address parts and your address can be in more than one spot or on a differant page, and shred that. Save me from have to take out or empty that wastepaper basket so offen. Yes, and you'll find it suprising how much junk mail comes in to you with all the information on it anyone needs to GET YA.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Wednesday, November 17, 2004
Inportant; To catch a thief, & the thief, "Coolwebsearch". The most feared spyware on the web.
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Coolwebsearch is the most feared spyware on the web, taking over PCs and causing misery to users. How, asks Michael Pollitt, can we protect ourselves?
17 November 2004
Merijn Bellekom knows when he's beaten. The Dutch chemistry postgraduate has spent days, months, years of his life trying to save other internet users' bacon. Indeed, your computer might be one that has benefited from his work developing CWShredder, a program to remove a pernicious spyware program called "CoolWebSearch" from Windows PCs.
But now he's called it a day. CoolWebSearch's programmers, who remain unknown but very definitely active, have finally worn him down with the latest revisions of their vicious product.
"The latest variants are a living hell," says Mr Bellekom. "They install through a vulnerability in IE [Microsoft Internet Explorer] and hide very, very well. There are two variants going around that are the most widespread right now, that were basically the reasons I stopped [developing] CWShredder - I couldn't remove them programmatically."
CWShredder is a popular removal tool to help people whose PCs are infected by many of the 40-odd versions of CoolWebSearch - a notorious web browser hijacker that's nearly impossible to eliminate.
Although CoolWebSearch is often installed through "drive-by downloads" involving pop-ups from "warez" or porn sites - when the window pops up, your computer begins downloading the code - it may lurk anywhere on the internet. And you won't know until it's too late.
If it does hit you, there will be various indications, such as Internet Explorer running remarkably slowly, or pop-ups offering "enhanced results" when searching Google, Yahoo and Altavista. (Read more at www.spywareinfo.com/~merijn/cwschronicles.html and a more recent version at cwshredder.net/cwshredder/cwschronicles.html).
The CoolWebSearch malware is clearly written to take over your machine; the purpose seems to be to drive hapless users to various "affiliate" sites of paid-for search companies such as Coolwebsearch.com (I don't suggest you visit this site). If you click on a link at the search site, the affiliate gets paid. The CoolWebSearch malware drives you there, even if you don't want to go. (There's no evidence that Coolwebsearch.com has any part in the authorship of the malware; but because early variants took people there, the name for the malware stuck.)
What's scary is that the people behind the software are clearly intimately familiar with Windows, and know a plethora of ways to hide their work and make it almost impossible for an amateur to remove.
But it's not all going the bad guys' way. On October 19, the American company InterMute bought CWShredder for an undisclosed amount from Mr Bellekom, who has begun an information science course at the University of Utrecht.
"CoolWebSearch is probably one of the most vicious and hardest to eliminate pieces of spyware circulating on the internet," said Ed English, chief executive of InterMute. "We are proud to offer CWShredder as a free download". He said it will also be integrated into his company's paid-for product, SpySubtract PRO, "to give our customers the most robust protection available against invasive forms of software."
Should you feel any safer if you've installed Microsoft's Service Pack 2 for Windows XP? Released in late August, SP2 includes a pop-up blocker for IE, suppression of ActiveX downloads - intended by Microsoft to add functionality to Internet Explorer, and gleefully exploited by all manner of hackers - and other enhancements that limit deceptive behaviour.
However Christine Stevenson, vice-president of US marketing at protection software company Webroot, says the only additional protection against spyware involves ActiveX.
"SP2 makes it more difficult for spies to install [themselves] via ActiveX controls with Internet Explorer. It also prevents websites from sending an automatic installer download prompt once a page is opened," she says. (That prompt would make your machine begin installing software without asking you.) "However, there are already examples of websites asking users to disable the 'new ActiveX protection' because it makes it too difficult for their users to install their legitimate software. SP2 does absolutely nothing to stop CoolWebSearch from installing. CWS uses exploits in Java, compiled help modules, and speciality Internet Explorer protocols to access the system, not ActiveX."
Another anti-spyware company, PestPatrol, was recently acquired by Computer Associates (the product is now called eTrust PestPatrol.)
Their verdict? "SP2 has no effect whatsoever on a hijacker like CWS. It's like a digital game of cat and mouse, with new variants appearing all the time," says product manager Kelly Macklin at Computer Associates. "Key loggers, drive-by downloads, diallers, social engineering tricks like certain spyware that mimics anti-spy products, all get through. SP2 is helpful, but is like attacking a battleship with a ball peen hammer. The power of a user inadvertently clicking through is enough to defeat most efforts to protect."
The Independent asked Prevx, an intrusion protection specialist, to test CoolWebSearch against SP2. CoolWebSearch won, swiftly making a "total mess" of the machine, hijacking home and search pages, adding porn links, rogue diallers, pop-up adverts, and causing system instability, random re-boots and heavy resource utilisation. Detailed investigations found complex exploits and hidden lists of hundreds of porn-related sites in China, Czech Republic, Gibraltar, USA, The Netherlands, and Russia.
Although Prevx says that older variants of CoolWebSearch are blocked by SP2, newer variants are not. Most disturbingly of all, SP2 proved oblivious to serious spyware activity. This included multiple outbound hidden connections through the Windows XP firewall to steal your e-mail address and other information; the silent addition of websites to Internet Explorer's "trusted" list; the installation of malicious toolbars that could be used for "phishing"; and hijacking of your internet home page. Not a single Windows warning message was seen. And where CoolWebSearch leads, other spyware isn't far behind.
And what about users without XP? "We do not currently have plans to make the enhancements available in XP SP2 on Windows 2000, NT 4, Windows 98, or Windows Me," says Paul Randle, Windows client product manager, Microsoft. "We remain committed to keeping our customers secure on all supported Windows versions and are evaluating the technical feasibility of providing these new enhancements for older Windows versions."
Practical advice on spyware remains patchy. Wanadoo only offers technical support for internet connection and e-mail issues. An AOL spokeswoman merely stressed the importance of having "adequate safety and security products" while ntl and Dell pointed to information on their web sites. Only internet service provider Pipex would spell it out: "We would always recommend that customers use a multi-layer approach to security - use of firewalls, anti-spam/anti-virus, ensure they receive regular updates of bug fixes and service packs from software vendors," said a Pipex spokeswoman. "Concentrating on a single layer is like installing a burglar alarm but forgetting to arm it and leaving the front door open."
But the burglars are getting more high-tech. In early October, MessageLabs, the leading provider of managed e-mail security services to businesses, saw a pornographic e-mail with an opt-out link to a web page. Following that link in Internet Explorer and scrolling down the page would download a malicious file that would turn your PC into a spam-sending zombie under a hacker's control.
While everyone waits for the next hole in Windows to be found, there's something new to help. By detecting suspicious or known bad behaviour, Prevx Home (www.prevx.com) offers free intrusion-prevention software for Windows XP against worms, hackers and spyware.
Already downloaded nearly 100,000 times, Prevx Home prevented CoolWebSearch from insinuating itself, by blocking the installation of programs while protecting the Windows registry and system files. In fact, the software is so simple and effective that it provides real confidence that your system is secure.
Other suggestions? Drop Internet Explorer, as it helps spyware get onto your machine, and is easily hijacked. Spyware-resistant browsers include Firefox (www.spreadfirefox.com) and Opera (www.opera.com). If you must use Internet Explorer, upgrade to Windows XP SP2, disable ActiveX and block pop-ups. Also, keep Windows up-to-date, install anti-virus and anti-spyware software, and get a good firewall.
And finally, always remember that spyware-writing criminals like nothing better than to find new victims.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
SBC, Microsoft in $400 Million Deal
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Nov 17, 7:25 AM EST
SBC, Microsoft in $400 Million Deal
SAN ANTONIO (AP) -- SBC Communications Inc., the second-largest local phone company in the United States, said Wednesday it signed a 10-year, $400 million agreement with Microsoft Corp. to provide next-generation television services using Microsoft's TV Internet protocol television edition software platform.
SBC said it has been testing an IP-based television service built on the Microsoft TV IPTV Edition platform since June 2004. SBC and Redmond, Wash.-based Microsoft will begin field trials in mid-2005 and plan commercial availability of the IP-based television platform in late 2005.
In the first quarter of 2005, construction is expected to begin on the SBC Project Lightspeed, the company's effort to deploy fiber closer to customer locations to provide new IP-based services, including IP television, voice over IP and faster Internet access. Project Lightspeed is expected to reach 18 million households by year-end 2007.
The companies said the IP-based TV service will include instant channel changing, customizable channel lineups, video on demand, digital video recording, multimedia interactive program guides, event notifications and content protection features.
SBC said it plans to use a switched video distribution system, which streams only the content the customer requests instead of broadcasting all channels to everybody at once. This technology frees up large amounts of bandwidth for other applications.
"Our video on demand will come with a substantial content library," said SBC chairman and CEO Edward E. Whitacre, Jr. "The customer gains additional control over the content they want versus what is delivered to them. We get the flexibility of not being constrained by bandwidth."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Money Matters - Consumer Prices See Biggest Gain Since May
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Consumer prices — stoked by more expensive gasoline as well as pricier fruits and vegetables — heated up in October, rising by 0.6 percent, the biggest gain in five months.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Money Matters from Aimhi - K-Mart buys SEARS
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
U.S. stocks gain ground on Kmart-Sears merger, data
Wed 10:21AM ET - CBS MarketWatch
Stocks boosted by Sears-Kmart tie-up
The rest of the story
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Monday, November 15, 2004
A new, more sneaky phishing attack
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Victim computers hijacked, sent to fake bank sites
By Bob Sullivan, Technology Correspondent MSNBC
Phishing scams, already one of the main nemeses on the Net, have apparently just become even more sneaky — and ingenious. Now, it appears phishing authors are borrowing some time-tested tactics from computer virus writers to steal personal information from e-mail users.
E-mail filtering firm MessageLabs says it recently began intercepting messages that use the new technique, which in certain cases is completely invisible to victims. Essentially, the tactic redirects a victim's computer to a Web site controlled by a criminal every time the victim types in the Web address of his or her online bank. Even if the victim follows a shortcut or Web browser favorite link, the computer is seamlessly directed to the criminal's site instead. Once there, it's easy to trick a confused consumer into typing in banking account numbers and logins, because he or she is easily convinced that the destination is the correct banking site.
"It's very nasty," said Ken Schneider, chief architect at antivirus firm Symantec Corp. "(A user) could be doing everything right, but in this case they are still going to the wrong place."
Phishing is already a major problem for both consumers and financial companies, and the scope of the problem continues to grow. The number of phishing attacks swells by about 50 percent each month, according to the Anti-Phishing Working Group. Earlier this year, an analyst at Gartner said some 2 million people had fallen for phishing attacks, costing U.S. banks about $2 billion.
The new technique involves changing a little-known piece of software on most Web-ready computers called a "host file." All Web sites have numeric Internet addresses, called IP addresses, that contain a string of four numbers, such as 207.46.150.20. They also have friendly, easy-to-remember names like MSNBC.com. The names and numbers are linked by means of a catalog kept on various computers connected to the Internet called Domain Name Servers. But computers always check a local host file for such a catalog first — and that local host file overrides information contained in the Internet's Domain Name Servers.
So by changing a victim computer's host file, the attacker can change the Web site that computer visits. Typing in MSNBC.com, for example, could point a victim's computer toward a hacker's site instead.
A useless feature
Years ago, before the Internet's domain name system was in place, the local host file was useful, says software engineer and privacy advocate Richard Smith, who operates ComputerBytesMan.com. But now, it's just a relic, he says, kind of like an appendix on Internet software.
"It's useless now," he said. "But it's an attack vector.... This just points out that at some point you have to age out features and get rid of them."
Host file attacks have been relatively common in recent computer viruses, Smith said. They have been used to siphon off traffic destined for high-profile sites like Google.com toward pornography sites, for example. But this is the first time he'd seen the tactic used in combination with phishing, he said.
The e-mails intercepted by MessageLabs also include another tactic to trick Internet users — there's no need to click on a link or attachment to become a victim. Simply opening the e-mail is enough to allow the malicious message to alter the host file on a target computer. That part of the e-mail takes advantage of a well-known, relatively old flaw in Microsoft's Internet Explorer, which can be patched a number of ways.
Unlike traditional phishing e-mails, which suggest they are from PayPal, eBay, Citibank or other legitimate companies, this new kind of e-mail is unrelated to the targeted financial institution. One subject line reads, "Oi!! olha aqui!! vc nem precisa procurar mais!!!" which essentially urges the recipient to try whatever it is inside the e-mail.
MessageLabs has intercepted only some 30 copies of the e-mail, and in each case the target was a bank in Brazil. Symantec researchers have yet to spot copies of the e-mail so far. So the host file attack is hardly widespread. Still, MessageLabs' Alex Shipp thinks it's an alarming step forward in the programming of phishing tactics. Antivirus scans generally wouldn't pick up host file changes.
"It's more dangerous than standard phishing," he said. "There is nothing in the e-mail to give it away. Nothing has to happen. The next time you bank there, you might be in for a shock."
And even if the fake bank site was eventually pulled down by the Internet host, which usually happens within a few days, victim consumers would still have a problem. Their computers would no longer be able to visit the legitimate bank site, but instead would get a "file not found" error, as their computers were redirected to the criminal's address.
"The person would be mystified that they can't get to their bank any more," Shipp said.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
