The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
DroneBL (originally a spin-off from IDS developer NodeRebellion), is used to track abusable IPs, primarily focused on IRC networks. It went offline when NodeRebellion went out of business, then online again, then offline.. and now it’s back, now apparently for good. The website is http://www.dronebl.org/.
Alex Eckelberry
I’ll be speaking at the ADFSL 2007 Conference on Digital Forensics, Security and Law this Friday. The conference is being held on April 18-20, 2007 in Arlington, Virginia USA just outside Washington, D.C. My discussion will center on “context” in digital forensics, vis-a-vis malware and other external factors that can often by exculpatory in a forensic examination. If you’re at the conference, feel free to come on over to say hello.
Alex Eckelberry
The acquisition of DoubleClick by Google is not surprising from a business standpoint — they now have a big footprint in the third party ad network space. And I think it makes sense.
But wow. It boggles the mind as to how much consumer data that Google now has available to it.
Think about it. Information on searches, email usage, download habits, video viewing and all the rest, with the information from DoubleClick’s massive datastream of information from cookies and sites.
Gulp.
Alex Eckelberry
A few weeks back, I blogged about fake Omerta “software” that was actually some pretty nasty malware. The folks at Omerta are still dealing with this fake stuff.
If you play Omerta, only deal with the official Omerta software from the Omerta site — not these fake versions which use the Barafranca name.
Current rogue Omerta sites (these sites all serve malware):
www(dot)barafranca(dot)lx(dot)ro
barafranca(dot)iwarp(dot)com
(There may be others.)
Alex Eckelberry
Tech//404, a new venture by insurance company Darwin, sells insurance for losses due to technology and security failures. And they now publish a “Data Loss Archive”, a sort of repository of horrible acts of corporate data theft (it has potential, but should it only has a number of recent events and really should have an RSS feed).
They also have a “Data Loss Calculator”, a rather grim calculator that lays out the cost of data breaches — but it has zippy sounds (insurance company folks are such wild and crazy people.)
Of course, the human costs of data breaches — ruined credit, stolen identify, etc. — are far harder to calculate.
Alex Eckelberry
(Hat tip to Bespacific)
Well, they’re not spamming per se, but they have infected systems that are spambots. And Rick Wesson’s Support Intelligence is tracking them.
Rick has a blog worth reading. Link here via Gadi.
Alex Eckelberry
Something we’ve seen lately are a number of attempts to use spam as an infection vector for spyware using social engineering tricks. However, unlike past attempts with things like “a postcard greeting is attached”, these spams feature striking images and a link to a website that has malware on it.
Recently, we saw the fake IE 7 download, which attempted to get users to download an “IE 7” which, in fact, was malware. Then we saw the Britney Spears spam, which had a link to a malware installer using the ANI exploit. Click the picture. Life becomes unpleasant. The sort of thing.
![Fakeie123123123123_small[1]](http://sunbeltblog.eckelberry.com/wp-content/ihs/alex/fakeie123123123123_small%5B1%5D.jpg)
Today, we’re seeing the “Hot pictures of paris hilton nude” spam, which also gets you to a site which attempts to use a number of now-patched exploits to install malware on a system (and the picture itself isn’t even of Paris Hilton, it’s Jenna Jameson). It’s the same gang that did the Britney spam.
Alex Eckelberry
(Thanks Francesco and the rest of the team)
Read any good (Vista) books lately?
Now that many of you have upgraded to Vista, or bought new computers that come with it pre-installed, you may be looking for a good book to help you navigate all the changes in the interface and new features. I recently read Windows Vista Inside Out from Microsoft Press, written by Ed Bott, Carl Siechert and Craig Stinson, and found it to be a comprehensive manual (over 1000 pages) that will help you master the basics without making an avocation of hunting through the Help files. You can get it from Amazon at a great price here.
Decreased performance on multiple processor computers running XP SP2
If you’re running Windows XP with Service Pack 2 on a multi-processor system that supports processor power management features, you may find that performance is slow or that you encounter other unexpected behavior. If this happens, you need the update that can be downloaded from the link in KB article 896256.
Change Analysis Diagnostic Tool for XP
If you want to track changes made to certain parts of the operating system, you can download the Change Analysis Diagnostic Tool, which scans the computer and displays recent changes to software programs, hotfixes and downloads from Windows Update, Browser Helper Objects, drivers, ActiveX controls and changes to loaded applications and startup objects. More information and a download link are available in KB article 924732.
Deepfish aims to make mobile web browsing better
If you’ve tried to visit traditional web sites with Pocket Internet Explorer and other web browsers made for smart phones and Pocket PCs, you know it can be a less-than-pleasant experience. But that may change soon. It’s still in early beta testing, but Microsoft’s Deepfish technology is expected to making browsing the web on your mobile phone or handheld computer a lot more like surfing on your desktop computer. You can read more about it and view a demo here.
Bring your computer to work, give up your privacy?
The 10th Circuit Court of Appeals ruled last week that if you bring a personally owned computer to work and connect it to the network, you give up your expectation of privacy for the data stored on that computer. The case came about as the result of a warrantless search of a personally owned computer in the workplace that was found to contain child pornography. A key point was that the owner of the computer didn’t use a password to prevent others from accessing it. The password functions much like placing a “no trespassing” sign on your property – it demonstrates your intention that the land or computer be private. Read more about the case here.
Transferring files and settings from another computer to Vista
If you upgrade your current computer from XP to Vista, it will keep all your data where it belongs and most applications should work. But if you buy a new machine, or wipe the hard drive and start over with Vista, you can use the Easy Transfer Wizard to port your data and configuration settings to the new machine. Just run the Vista installation DVD on the XP system and select Transfer Files and Settings From Another Computer. Or if you don’t have the installation disc, you can run the wizard on the new computer and copy the program files to a USB drive or burn them to CD or DVD to run on the XP machine.
This feature will migrate files and folders, email and contacts, user preferences (such as wallpaper, taskbar options, accessibility options, network printers), Internet settings and Favorites and application settings for Microsoft programs and a large number of third party products. For more info on how to use the Easy Transfer Wizard, click here.
How to save keystrokes in IE
Typing URLs into the address bar of the web browser can get tedious, but you don’t always have to type that entire address. You probably already know that IE automatically adds “http://” when you begin a URL with “www” but did you know that it will add “http://www” to the beginning and “.com” to the end of whatever you’ve typed if you then press CTRL+ENTER? So, to go to my web site at www.debshinder.com, you only have to type “debshinder” and then hit CTRL+ENTER, saving a number of keystrokes (Note that this also works in Firefox 2.0.0.3).
How to completely clean out the Temp folder in Vista
If you use the Disk Cleanup utility in Vista to clean out your Temp folder, you may be unknowingly leaving hundreds of files there, because it only lists the files that are more than a week old. If you want to adopt a “no temp file left behind” policy, you have to empty the folder manually. Here’s how:
User question: Can’t hide inactive icons anymore in XP
Suddenly I can’t hide the inactive icons on the system tray anymore. The check box to hide them is checked, and it worked just a few days ago, but suddenly it doesn’t work. I’m using XP. It’s not a major problem but it’s annoying. Can you help?
ANSWER: Try this: Right click the taskbar and select Properties Customize. If you see that all the items there are set to “Hide when inactive,” set one of them to “Always hide.” If the system tray then starts working normally, you can reset the item back to “Hide when inactive” and it should continue to hide and display normally. This has worked for a number of other users. If this doesn’t work, you might try restoring the system to a system restore point made prior to the occurrence of the problem.
Troubleshooting Vista upgrade error messages
Microsoft has created a collection of links to KB articles that pertain to various error messages you may encounter when upgrading to Vista. See the list in KB article 930743.
Until next week,
Deb Shinder
Social Networking is one of the most popular online pastimes these days, especially among the young. Sites such as MySpace, Facebook and Friendster have become world famous as virtual “places” where people with similar interests can find one another and “hang out.”
One of the first social networks on the web was Classmates.com, which has been around since the mid-1990s. Millions of people have signed up as free members, listing the schools they attended throughout their lives and browsing the lists of other members to find their former classmates. There’s a catch, though: if you want to be able to send email to another member or post on the message boards, you have to buy a “premium” membership, which costs from $2.46 to $5.00 per month, depending on the duration of your commitment. That doesn’t mean the site is useless if you don’t pay. For example, it carries announcements of upcoming class reunions. And the site has expanded to include not just your previous schools, but also former workplaces and military assignments.
There are other social networks for people of a particular ethnic background, music fans, car enthusiasts, pet owners, sports fans, those in certain professions, and so forth. Many social networks are aimed at people looking for romantic relationships. They all have one thing in common: the point of all social networks is, well, socializing.
A common goal of social networkers is to collect online friends, that is, to be linked to as many other users as they can. In that respect, it’s not unlike the typical real-world high school. In many social networks, people can use whatever names they want and profile information isn’t verified, so some participants create false identities and pretend to be something they aren’t. In that respect, I guess it’s not unlike the typical singles bar scene.
Because many social networking sites are targeted at or attract children or teenagers, there’s been a lot of concern over the last few years about privacy protections. In addition to sexual predators, identity thieves roam the social networking world, looking for victims. Some of the social networks have rules designed to protect personal information; for instance, only registered users may be able to see your profile. In some cases, such as Classmates.com, email is sent through a “double blind” system whereby if you want to send a message to another member, you send it through the system and it’s forwarded to that member, so you never know the member’s email address.
Illegal and dangerous activities aside, some parents, educators and psychologists have concerns about the amount of time young people spend on social networking sites. Of course, spending too much time socializing on the Internet was possible, and popular, long before social networking sites proliferated.
And thanks to technological developments, it’s getting easier and easier to spend excessive time at virtual socializing, both online and off. Whereas “first generation” Internet users had email as their primary means of electronic communication, today’s users prefer “real time” communication such as instant messaging and other means of live chat, including text messaging via cell phone. Sure, we had the old Internet Relay Chat (IRC) back in the olden days, but it took at least a little technical savvy to get it going, and with Internet connection time costing up to $25 an hour (that’s what I paid for my first CompuServ account), only the idle rich could afford to chat the night away every night. Today for not much more than that same $25, you can get a whole month of unlimited access, and at speeds that allow you to do things like stream audio and video.
Thus, today we’re not limited to sitting and typing messages back and forth to one another. We can do high quality video conferencing with multiple participants, using inexpensive software and hardware.
While some lament the fact that people today are becoming more isolated, going out less frequently and spending more time at home (often online) in the wake of 9/11, others point out that we’re socializing more than ever; we’re just doing it in a different way. The number of people with whom the typical teen has a conversation over the course of a week is probably much greater than that of a teenager twenty years ago, as long as you count electronic conversations as well as face-to-face ones. Advocates of computerized chatting would also point out that it’s safer than venturing out to meet people in the real world and exposing your physical being to strangers.
No wonder chatting has become so popular. And now, if you don’t have time to chat, your online acquaintances need never know. MyCyberTwin (www.mycybertwin.com) is new techonology that allows you to create a virtual persona that will do it for you. You teach the “twin” to respond to questions and participate in conversations as you would. Made by an Australian company, the cybertwin web site was launched earlier this month and allows you to create a “24/7 online presence.”
The application is known as a “chatbot,” but this implementation is more sophisticated than previous incarnations in that it allows you to train the bot to emulate you. And you can go back and read the conversations that your twin had in your absence. Of course, if it becomes popular, we may have bots chatting with bots – they won’t even need us human anymore at all.
Are these activities mostly a waste of time, or a valuable new way to establish interpersonal relationships?
Are teens who spend a lot of their free time chatting online demonstrating anti-social behavior, or are they just engaging in a different form of socialization? Do you prefer online chat to face to face interaction, or know someone who does?
Would you use a chatbot or “cyber twin” to stand in for you when you don’t feel like chatting?
Would you feel silly if you discovered that you’ve been having deep, personal conversations with a bot?
Deb Shinder
We’ve discovered that the folks at Protectwin(dot)com may be moving things around (perhaps they read this blog). Patrick Jordan made a movie to make a record of what we’ve observed. Movie here.
Alex Eckelberry
Sunbelt researchers have today identified protectwin(dot)com as purveying some pretty nasty spyware: Braveysentry (a rogue antispyware application) as well as a zlob fake codec.
Alex Eckelberry
(Credit to Sunbelt researcher Patrick Jordan)
Correction: The site installs Braveysentry (a rogue antispyware application) that uses a trojan installer that generates the fake alerts, hijack’s user desktops, and installs the rogue antispyware application. This same trojan (winstall.exe 2005 -2006, now xpupdate.exe 2007) is also used via a fake codec page to appear as a zlob fake codec but is really the same winstall/xpudate trojan installer.
It turns out that by fixing the ani exploit, Microsoft inadvertently broke more than just the few applications we know of. It also broke ElsterFormular, which according to AV expert Andreas Marx:
“…has to be used by ALL companies, if they want to declare their VAT tax, their license tax as well as their income/wage tax if they are not using the service of a tax advisor. Companies need to declare their taxes either monthly or every quarter, depending on the money they need to pay.
For monthly payments (this means, for March 2007), the taxes need to be declared by April 10, 2007 and if you need to declare it quarterly, the taxes for Q1/2007 needs to be declared by April 10, 2007, too. If you don’t declare your taxes in a timely manner, you can get fined, of course.”
Well, of course, a patch is available now but Andreas is concerned that this fix won’t be known by loyal Germans anxious to pay their taxes, because the German version of Microsoft’s advisory doesn’t mention ElsterFormular, only the English-language version does (something which I’m sure Microsoft will fix very soon).
But for those non-advisory-reading Germans, since the hotfix is planned for a rollout next Tuesday, Germans may not find the tool working until Wednesday — hence meaning that they may miss the tax filing deadline of April 10th.
This little eddy lends significant credibility to Microsoft’s arguments as to why they have to go through such an exhaustive process to get patches out, since so many things can break. Regardless, I’m still very pleased that Microsoft broke their patch cycle to fix this exploit, which was not a trivial one.
I just hope Fritz comes out ok.
Alex Eckelberry
Very interesting blog post from the prolific Paperghost:
It looks like Zango simply can’t get enough of editing their own Wikipedia page, because here’s what looks like Daniel Todd making more edits on the 1st of April (the text he removed is the stuff in red).
Link here.
Alex Eckelberry
Bambi Francisco has resigned from MarketWatch because of her involvement in vator.tv, a sort of youtube for businesses (entrepreneurs upload videos pitching their business, looking for help, etc).
Ok, that’s all well and good, but can someone please help Fritz, the earnest Tyrolean toy maker adverting on vator.tv for help marketing his wooden toys in America? These toys are really nice!
And Bambi, good luck — sometimes these things happen for the best.
Alex Eckelberry
(More tittering about Bambi at ValleyWag)
I actually missed doing the webcast earlier this week because of the flu. Greg Kras did the whole thing by himself (nice job, Greg!).
However, I’ll will be doing a webcast with Greg next Tuesday. Feel free to join in for the fun. From our marketing department:
Webcast: Preview Of CounterSpy Enterprise V2.0
Alex Eckelberry and Greg Kras will be giving a preview CounterSpy Enterprise 2.0 next Tuesday. If you want to take a look, please join us:
A Preview of CounterSpy Enterprise 2.0
When: Tuesday, April 10, 2007 2:00 PM (EDT)
To join the day of the event please visit:https://www.livemeeting.com/cc/sunbelt/join?id=92SSQC&role=attend&pw=XR*mw9Z
Meeting ID: 92SSQC
Attendee Meeting Key: XR*mw9Z
Audio: 1-620-782-8200
(Toll-free) 1-888-468-4618
Participant code: 104764
Alex Eckelberry
If you’re a fan of robots, you’ll get a kick out of this article — the Japanese government has drafted massive guidelines as to the safe operation of robots.
Man v machine
Asimov’s three laws:
— A robot may not injure a human being or, through inaction, allow a human being to come to harm
— A robot must obey orders given it by human beings except where such orders would conflict with the First Law
— A robot must protect its own existence as long as such protection does not conflict with the First or Second Law
A selection from the Japanese Ministry of Economy, Trade and Industry guidelines:
— Via a structure of general regulation and the adoption of that regulation, the planning, manufacturing, administration, repair, sales and use of robots shall observe the need for safety at every stage
— The reasonably predictable misuse of robots shall be defined as the management, sale and use of next-generation robots for purposes not intended by manufacturers
— There should, in principle, be no serious accidents such as fatal accidents involving robots, and the frequency of such accidents should be lowered as far as possible. Affordable multiple security measures should be taken in case one protection method alone is insufficient
Link here.
Alex Eckelberry
(Thanks to Frank)
I’ve always felt that company CEOs should blog — but based on how many others in my position blog, I seem to be in the minority in this opinion. Well, my hats off to McAfee’s newest blogger, CEO David DeWalt.
Welcome to the world of blogging, Dave 🙂
And extra merit points for posting your email address directly in the blog for feedback.
Alex Eckelberry
Through a joint promotion with PC Mag, we’re giving out 20 issues of PC Mag included with every purchase of CounterSpy. Link here.
Alex Eckelberry
Download: Internet Connectivity Evaluation Tool
Here’s a new free tool from Microsoft that will check your Internet router/NAT device to determine whether it supports advanced features such as face to face collaboration with Windows Meeting Space in Vista. The tool can be run on an XP or Vista computer. You can download it from the Microsoft web site here.
Is Vista a “slow pig” when it comes to copying files?
A number of users have complained that sometimes the Vista file copy process is slow or stops responding, and an article on Slashdot last week played up the problem.
I’ve not experienced the problem myself but apparently quite a few people have, and Microsoft has a hotfix to correct it, which you can get from Customer Support Services. There’s more info in KB article 931770.
CompUSA closing many stores
CompUSA was once “the” place to go to buy computers and computer accessories, but now many people buy at discounters such as Fry’s Electronics or over the Internet, where you can almost always find lower prices and good service from sources such as Newegg.com. Now CompUSA is closing about half of its stores. The process began in February and is still ongoing. You may still be able to get some good deals at the “going out of business sales.” Here’s a list of locations that are closing.
Court rules in favor of media server that copies DVDs
A company that makes a home media server that allows user to “rip” their DVDs to disk was sued by the DVD Copy Control Association for allegedly violating its licensing contract. A California judge ruled in favor of the defendant. Read more about it here.
Manage your digital photos in Vista
Many of us have amassed large collections of digital photos, and Vista makes it easier to manage and find them. One of the most useful new features is the ability to add “tags” to your pictures. These are keywords that can be used to sort and search. The tags are stored as metadata within the file, along with other details about the graphic.
To add a tag to a photo, right click the photo file and select Properties. Click the Details tab, and then click Tags. A field will appear that says “Add a tag.” You can type in the keyword(s) you want to associate with the picture here. Then, in the Tags column of Explorer (in a folder that contains pictures), you can click the down arrow to sort or stack by tags.
How to join a domain in Windows XP Professional
If you take your laptop to work with you, you may need to join it to the company domain in order to log onto your company network account. Here’s how:
Note that Windows XP Home computers cannot join domains.
User Q&A: What happened to all that space on my hard disk?
“Hi there. I bought a new hard drive, got a great deal on what was supposed to be a 750 GB drive – BUT when I installed it in the computer, it says there’s only 686 GB. I could understand maybe a small difference but that’s a lot of gigabytes that got lost somewhere. This seems like false advertising to me, as I didn’t get all the space I paid for. I’ve seen the same thing every time I bought a hard drive. Can you explain? Thanks. – T.W.”
Well, the problem comes from the difference in the way computers and disk manufacturers calculate drive capacity. Computers “think” in binary math (base 2), where kilobytes, megabytes, gigabytes, terabytes, and so forth is an increment of 2 to the 10th power (1024).
Humans are used to thinking in base 10, where hundreds, thousands, millions, etc. are incremented by 1000. So hard drive manufacturers use a more familiar system in which they “round” a kilobyte to 1000 bytes, a megabyte to 1000 kilobytes, and a gigabyte to 1000 megabytes. So the drive manufacturer advertises a drive that has 750 billion bytes as a 750 GB drive, but that’s not how the computer sees it because it’s dividing by 1024 instead of by 1000.
Is it false advertising? Well, technically, maybe so. But since just about all hard drive makers do it this way, it has become the standard. On the other hand, just to confuse matters a little more, manufacturers don’t use this system for other storage media, such as flash memory cards. There, what you see is what you actually get: flash cards usually actually have the amount of space advertised, although formatting does reduce the amount of usable space on both hard drives and flash cards. For a more detailed discussion of all this, click here.
You get an error message when you sync offline files in XP
If you get an error message stating that files of this type cannot be made available offline when you try to synchronize offline files on an XP computer, this may be caused by a problem with client-side caching. There’s a hotfix available. To find out how to get it, see KB article 890671.
Poor video quality with interlaced mode on Vista computers
If you configure your video settings to use interlaced mode on a Windows Vista machine, you may find that the video is jerky and of poor quality. To fix this problem, you need to download a free update package. There are versions available for both 32 bit and 64 bit Vista. To get the download, see KB article 932649.
Until next week,
Deb Shinder
