As if you needed another reason to not like SPAM ( no, not the hormel product, we’re talking junk mail here.) A couple days ago I mentioned a post at the sans institute talking about an email that was circulating and the link within that email took you to a malicious site (redirected) and attempted to exploit one of the recently disclosed Windows vulnerabilities. The Security Fix talks about another in the recent round of expoit attempts and this one comes disguised as junkmail.
Author: Avery
-
My * messed up my computer
Since the massive id theft ring was uncovered, I’ve been reading the Sunbeltblog frequently. Today, they have an interesting post about the various explanations for spyware on peoples computers. They tag it the “other person syndrome”. I’ve heard this before too. “Well, the neighbors kids were over and ever since then we’ve had all sorts of problems.”, “My son was up from college and since then I just haven’t been able to…”, etc. etc. etc.
-
Infocon Green and apple updates
The Sans institute (incidents.org) has returned to infocon green. Explaining that there are no fundamentally new variations on the exploits that were circulating and the situation is fairly static. (No big moves in infected machines/port scanning activity.) Also, they note that Apple has released several updates. They effect 10.3.9 and 10.4.2 The updates can be found at Apple support.
-
Administrative access on linux systems
Tux magazine has a comparison of su and sudo as ways to administer a linux system. Many people are under the mistaken impression that you just login as root (gui or otherwise) and that’s the only way to do it. In fact, I’ve used su primarily. Although in some circumstance sudo has it’s benefits.
-
Exchange alternatives
Eweek is running a round up of some of the alternatives to Exchange. Bynari’s Insight server, Communigate Pro Real-Time Collaboration, Gordano Messaging Suite, and Scalix Server are all mentioned and compared. (No mention of Kolab or other open-source alternatives which, depending on the feature set required can serve for the task.)
-
Late in updates
I haven’t covered anything this morning mainly because I’ve been fighting with a Windows XP install. I’ll give details on it later. I think I’m finally in the last stages of that and will try to do some updates while I wait. It is bogging down the system a bit. (The install is into a virtual hard drive via qemu).
-
IBM donating DHTML accessibility code to Firefox
Firefox 1.5 will have DHTML accessibility code donated from IBM. DHTML is code that makes some of the dynamic web pages like google maps as interactive with desktop-like application responsiveness. The accessibility code will help pages be narrated to the viewer, or magnified for easier reading. Also it will assist in navigating pages using the keyboard as opposed to the mouse.
-
Computer security software nets $2.6 Billion over last two years.
SecurityFix is talking about the computer security industry. Further, computer users spend $9 billion a year on computers repairs from spyware and antivirus. This reminds me of a recent story of a man that threw out a perfectly good machine because it was infested with spyware. For starters, I do computer repair. I charge $40/ hour and even at that rate I’ve had people balk at 3-4 hours of heavy cleaning versus the Dell ads. How many people take this route instead of repairs? It’s hard to say overall. In his blog, Brian Krebs lays part of the blame at Microsoft’s door and I think rightly so.
-
Zotob updates
A couple of late afternoon updates at the handlers diary at incidents.org (sans institute). For starters, it looks like there may be a variation of zotob that has a mass mailer included. I didn’t specifically see this in SARC’s writeups of zotob.a or zotob.b, so, I’m wondering if this is going to be a .c? This variant connects to the same IRC server as the others, but a different channel. (The IRC connection was to allow remote control.)
-
Zotob details
Here are some details on the zotob worm (s) culled from several sources….
It copies itself to the Windows system folder as BOTZOR.EXE, it modifies the hosts file to frustrate attempts to access antivirus sites. The .b variant copies itself as csm.exe in the Windows System folder. Both variants create a Mutex so that only one copy can run at a time.
(more…)