Kane’s Computing World

A new variant of an old malware has turned to digital kidnapping of data:

Researchers at security vendor FireEye have discovered that malware formerly used to push "scareware" is now being used to push "ransomware."

According to a FireEye blog, the malware known as Vundo is now infecting users with an exploit that encrypts the data on a PC and then requests $40 for the key to decrypt it.

Vundo has been infecting PCs for some time, but previously was used to scare users into downloading fake, "rogue" security software, such as XPAntiVirus2009, by telling them their PCs had been infected. Users who downloaded the bogus antivirus tool were infected with a variety of malware.

"Vundo has fundamentally altered its criminal business model from ‘scareware’ tactics to ‘ransomware’ extortion," blogs Alex Lanstein of FireEye’s Malware Intelligence Lab. "While a user may be ‘silly’ to buy into scareware, they have little choice but to purchase the decryption software once the ransomware does its thing."

FireEye describes Vundo as a "generic Trojan" that sends a popup to Web users. In this case, however, Vundo is "pushing a piece of malware that encrypts various personal file types (.pdf, .doc, .jpg, etc.) on your system, and ‘coincidentally’ pushes a program called FileFix Pro 2009, which would decrypt them — for a fee."

[…]

Scareware Morphs Into Ransomware
Wed, 25 Mar 2009 21:10:00 GMT

Some nasty new viruses spreading now.  These are file-infectors that take over executable files (.exe files).

Please be wary of these viruses and any variants that you hear of. The IT team at protocol 80 recently eradicated Scribble-A from a client’s network, just a few short days after it’s definition being available in some anti-virus software – at this point, we should mention the excellent performance of Sophos’s command line virus detector and cleaner, detailed here. Their dedication and knowledge about virus programming and behavior is superb.

After our investigation on this particular network, it was determined that the infection was due to a virus called Scribble-A (the ‘-A’ signifying this is the first version of this virus). Scribble-A is a fast-infecting polymorphic virus, attempting to infect every file that is opened on a user’s computer and changing its shape in order to try avoiding detection. In this case, every program (executable) on the network was infected, and no machines were operable. Scribble is a variant of the Virut family of viruses, a family of polymorphic memory-resident appending file infectors that have Entry Point Obscuring (EPO) capabilities. EPO capabilities allow viruses to change the way they enter executables, so that there is more work to identify them.

This virus is also the same or similar to the one that shut down courtroom operations in Houston’s Municipal Court in Houston, Texas on February 4th, and kept them closed until at least Thursday February 12^th 2009, infecting 475 computers, called Conflicker, which Microsoft has announced that it is offering a $250,000 reward for information that leads to the capture and conviction of the authors of this Conficker worm (also known as Downadup or Confick). The court finally reopened this morning.

In that case, virus-detection applications being used in Houston did not identify the virus until Sunday, February 7^th. We proactively identified the virus, however many major antivirus applications did not have the ability to identify it. We also rebuilt the entire network of machines and had operations running within 24 hours, however, this may not always be the case.

We used Sophos’s tool to disinfect the affected files, and remove the files that could not be fixed. Approximately 5% of the network files could not be repaired, and had to be deleted.

After virus identification, we then systemically rebuilt the network. Due to the severity of the virus, we had to rebuild every workstation from scratch – even after cleaning, logging in and using applications was not possible due to Windows operating system file corruption, and we verified that Windows XP installations that were repaired became re-infected due to master boot record (MBR) infections or other methods of reinfection. Our research is confirmed on Microsoft’s Malware Protection Center.

The disinfecting of network files and data also caused another consequence – several executables that were disinfected still did not operate correctly and required refreshing from CD or online, adding to the time required for re-installing applications.

Viruses like this should remind you to:

1. Backup your data in full at close of business every day, using incremental backups and weekly full backups

2. Be wary of flash drives and other media that can carry viruses

3. Do not use P2P programs or install any software that is not needed for business operations on any PC within a business network, no matter how innocuous it may seem.

If you need assistance implementing policies for these items, please contact Ed or Jeremy as soon as possible.

If you come in contact with a virus of this level of severity, that includes symptoms such as:

1. after logon, a blank screen

2. random stop errors, or blue screens of death

3. rapid infection of devices on the network

please contact Ed or Jeremy as soon as possible.

For more information:

Scribble-A Description:

http://www.sophos.com/security/analyses/viruses-and-spyware/w32scribblea.html

Virut Description:
http://www.f-secure.com/v-descs/virus_w32_virut.shtml

Houston municipal courts to close 2 more days:
http://www.chron.com/disp/story.mpl/metropolitan/6253999.html

Scribble-A, Virut, Conflicker and other variants
name.nospam@nospam.example.com (Jeremy Callinan)
Sat, 14 Feb 2009 01:53:44 GMT

Yes, says michael at terminal23:

I recently got back on sat radio with Sirius/XM. Now I see they’re floundering? I can’t say I’m totally surprised. While the idea of "commercial-less" music and radio is brilliant and necessary, as well as the beauty of being able to listen to what I want as opposed to what happens to be in my midwestern farm-state area, that has to balance with the fact that it costs money vs free FM/AM radio, and household budgets are tightening.

I don’t think sat radio has a real market anymore; it was a transitional piece kinda like Blu-ray today. What I think will be the future is all of the web-based podcast and radio stations (like my favorite somafm). All it takes is the ability for my car to get on an internet connection and pump out a stream into my receiver. That’s it! Sat radio is still a closed system, even if they do have 3000 channels. Give me an open system like the Internet to choose my station… With Sirius/XM, I’m paying for 297 channels I typically don’t listen to, and the 3 I do listen to are sometimes playing things that suck and make me go back to my ipod or cowon or a disc. The most expensive channels (Howard Stern, Martha Stewart) I’ve never and never will listen to.
And it doesn’t even have to be a subscription fee system! Just charge for the cables/receiver to handle streams, and then pay for what many of us already have: sat data connections through something like our phones. If our fav stations want donations or fees, then so be it.

Source

I still love my XM radio.  Since I can’t get streaming internet radio everywhere I go in my vehicle, I’m sticking with my XM for now.

New vulnerability in Flash player:

Patch your Flash: There’s a vulnerability in multiple versions of Adobe Flash.
See our report:
  •  Adobe Flash Player remote code execution vulnerability

Version 10.0.22.87 is the updated version.

You can download the update from Adobe and our Health Check service is also of assistance.

On 25/02/09 At 12:45 PM

Adobe Flash Vulnerability

Instead they’ll have to do a clean install, backing up programs and applications and then reinstalling them after Windows 7 is installed on a clean hard drive.

When Windows 7 is released later this year or in early 2010, many PC users who upgrade will be coming from Windows XP. Unlike Vista users, they can’t do an "in-place upgrade," in which the new OS overwrites the old one, preserving their installed applications, preferences, and data. Instead, they’ll have to do a clean install, which means they have to back up their data, install Win 7 (either deleting or XP or installing as a separate environment), reinstall their apps, restore their data, and re-create their preferences.

For Windows XP users who avoided Vista because of its many problems, that upgrade work may seem as adding insult to injury, making it harder for them to finally adopt a new version of Windows. Through its PR agency, Microsoft confirms to InfoWorld that there will be no "in-place upgrade" option for XP users, but it declines to explain why not. "More materials on your question are in the works," the spokesman says.

Source

In most cases a clean install probably makes more sense anyway; errors, junk files and so forth won’t be transferred to the new operating system.

But there may be good reason not to support an in-place upgrade, suggests Michael Silver, a Gartner analyst who follows Microsoft technologies. That’s because viruses, registry errors, and other performance-sapping flaws in the user’s Windows environment would be carried over into Windows 7; something that would not happen with a clean install.

Business IT typically does clean installs on user systems to avoid these issues, Silver notes, so the lack of an in-place upgrade will be a nonissue for most enterprises.

Consumers and small businesses are the ones who tend to prefer the in-place upgrade option, Silver notes, and they’re the ones who may be annoyed by the clean-install requirement if coming from XP. "Microsoft is in a bit of a no-win situation here: Support the upgrade and live with whatever bad experiences users have or don’t support the upgrade and make it harder for people to do it," Silver says.

"Most users will be better off doing the clean install anyway," he says, so he recommends that even Vista users avoid the in-place upgrade and proceed to the clean install.

The Internet Safety Act was proposed by Republican in Congress in the name of “protecting the children”.  It would require ISP’s and home users to keep records about users on their networks.

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

[…]

Two bills have been introduced so far–S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act," or Internet Safety Act.

Each contains the same language: "A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."

Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.) [emphasis mine]

"Everyone has to keep such information," says Albert Gidari, a partner at the Perkins Coie law firm in Seattle who specializes in this area of electronic privacy law.

The legal definition of electronic communication service is "any service which provides to users thereof the ability to send or receive wire or electronic communications." The U.S. Justice Department’s position is that any service "that provides others with means of communicating electronically" qualifies.

That sweeps in not just public Wi-Fi access points, but password-protected ones too, and applies to individuals, small businesses, large corporations, libraries, schools, universities, and even government agencies. Voice over IP services may be covered too.

Under the Internet Safety Act, all of those would have to keep logs for at least two years. It "covers every employer that uses DHCP for its network," Gidari said. "It covers Aircell on airplanes– hose little pico cells will have to store a lot of data for those in-the-air Internet users."

Republicans have got this one exactly wrong.  This is an onerous, burdensome and probably unconstitutional invasion of privacy that turns everyone with a router at home into an agent of the state.  Conservatives, such as myself, believe in limited government and decreased interference by government into our lawful activities.  Laws such as the one being proposed only serve to distance me further from the Republican party.

David Coursey of PC World Magazine has more analysis here.

The ubiquitous free software used to read the popular PDF file format is under attack. 

A new critical vulnerability has been discovered in Adobe Acrobat and Reader 9 (and earlier versions, too), which could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially crafted PDF file.

Quote:

---

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

---

Source

I’d look into one of the free alternative PDF readers readily available.  I’m a big fan of Foxit Reader!

Looks like LTE (Long Term Evolution) will be for data only as Verizon plans on keeping voice on 3G for some time to come yet.

At the Mobile World Congress trade show in Barcelona today, the next-generation 4G wireless service finally got some respect, with AT&T saying it will likely deploy the Long Term Evolution (LTE) standard in 2011 rather than in 2012 and Verizon choosing vendors for its upcoming LTE rollout.

Verizon has chosen Ericsson and Alcatel-Lucent (s ALU) as the initial vendors for the LTE rollout and is reporting speeds of between 50 and 60 Mbps downlink in test markets. This leaves other vendors who participated in the trials — Nortel, Motorola and Nokia-Siemens — out in the cold so far. As far as speeds go, once the carrier puts its millions of subscribers on the network, those speeds will change, but it’s still going to be better than the current 3G when it comes to delivering data.

Source

I’ve been using Verizon Mobile Broadband at home (we live in a rural area with no access to traditional broadband technologies) and it works well.  Unfortunately, the downside is the 5GB/month data cap; the more so since I’m sharing our connection across two households with a Cradlepoint CTR-350 Mobile Broadband Router.

As the PC and communications industries converge, among the biggest impediments to true interactive mobile computing are the carriers’ business models. The current prices and plans for mobile broadband access are expensive and inflexible. If the technology and communications industries want consumers to buy (and use the web via) laptops, mobile Internet devices and/or some type of smartphone, they need to offer a price plan for data that doesn’t involve paying $45-$60 a month for 5GB a month on each gadget.

[…]

And perhaps less exciting is how, as Om pointed out, carriers are attempting to sell your data as an ever-more invasive way to finance the strain all this mobile computing creates on their networks. When it came to the wired web, carriers offered unlimited plans and cheaper access to jump-start demand for broadband over dial-up. As people take them up on that offer of truly unlimited broadband, we’re seeing the carriers pull back with tiered plans and broadband caps. With the mobile web, carriers are weighing as many alternatives as they can before accepting dump pipe status again.

Source

I’d hoped Microsoft would learn from the confusion surrounding Windows Vista’s multiple incarnations.

Microsoft provided us documents that describe six different versions of Windows 7 in unprecedented detail. Find out which one is best for you.

 

All Windows 7 Versions–What You Need to Know

This is the new service from Google that allows tracking you through Google maps on your GPS enabled phone.

At first glance, the Google Latitude application seems like a great service – but there are, of course, obvious privacy concerns.  Let’s leave those aside for a minute and talk about the fun and interesting things you can do with this service.

Source

Some useful, some scary, check it out!

Google Earth 5 was released today to much fanfare.

Ars Technica has the full review:

Google has unveiled a major upgrade to Google Earth, its 3D earth visualization and education product. New features allow users to explore under the surface of the ocean, look back through time, and even visit Mars, so we had to take it for a spin.

Source

You can update your Google Earth from here.

Looks like Vista’s days are numbered this year.

An anonymous reader writes "Following on the news that Microsoft was going straight to a RC for Windows 7, the One Microsoft Way blog has put together some dates on the upcoming roadmap for Vista’s successor. Microsoft has always said ‘three years after the general availability of Windows Vista,’ which was released on January 30, 2007, and that the release date was also dependent on quality. Internally though, Microsoft is saying other things. It looks like we’ll see the RC coming in April, and a final RTM version before October 3. Yes, that means Redmond is currently hoping to get Windows 7 out the door in 2009."

Source

Google went a little nuts yesterday! 

Google’s search service has been hit by technical problems, with users unable to access search results.

For a period on Saturday, all search results were flagged as potentially harmful, with users warned that the site "may harm your computer".

Users who clicked on their preferred search result were advised to pick another one.

Google attributed the fault to human error and said most users were affected for about 40 minutes.

Source

Google initially blamed the error on stopbadware.org, the site Google partners with to determine which sites are potentially dangerous.  Later, however, Google admitted that the fault was theirs alone.

This sounds like a great reference for those looking to try out Ubuntu!

[…]

If you’re new to using Ubuntu, you could check out this pocket guide and reference. You could download it for free or buy it from Amazon.com. You will get a better idea of what Ubuntu is all about as well as learn how to use it with Windows or on a Virtual Machine. You’d also get a tip on installing proprietary drivers if you need them.

The instructions and pictures are helpful when you’re doing things all by yourself. You know what to expect and what to do when you see those dialogs.

It’s more like how to start using Ubuntu or how to use certain features you’ve never tried before. You could try them out and you will find something about it in this pocket guide. Sounds nifty? Got that right!

The guide is available for free download here.  You can also purchase a print copy through Amazon.com here.

Windows 7 is the next version of Microsoft Windows.

See the full post for more Windows 7 analysis

Looking ahead to the finish line, Sinofksy declined to provide a schedule for Windows 7, though my sources tell me it could arrive as soon as mid-2009, or about a year before Microsoft’s vague public pronouncements. He said that the build released at PDC was an M3, or “milestone 3″ build of the product and that that would be followed by a beta release. Sometime in that timeframe, there will be a fairly public beta–”everyone will be able to sign up and get it,” Sinofsky noted–and then the release candidate (RC) phase. “These will be very visible milestones,” he said, “and each step informs the next. There’s no point in a guessing game for the schedule. It’s a promise and deliver schedule.”

Paul Thurrott’s SuperSite for Windows: Windows 7 Preview, Part 1: Let’s Just Pretend Vista Never Happened, Shall We?

Word to the wise:

WPA Cracked – additional details, (Sat, Nov 8th)

UPDATE: The WPA whitepaper is out: Practical attacks against WEP and WPA please, test it before making the change on your production environment), and increase your wireless detection stance and check for multiple MIC failure messages. — Raul Siles www.raulsiles.com

The WPA wireless encryption standard is now crackable.  Is WPA2 still safe, this article argues yes:

Researchers have announced they can crack WPA in 12-minutes. Some people wonder if WPA2 will soon be next.

It won’t be. WPA was always known to be a weak hack, WPA2 has always been known to be secure. The reason for the compromise was that that hardware didn’t support the AES encryption in WPA2, so a weaker crypto was needed to fix the obvious flaws with WEP without requiring a hardware upgrade.

[…]

The moral of the story is that you should always have been planning WPA2-AES-CCMP eventually, and been planning to rely upon that for many years. If you planned to only do WPA-RC4-TKIP, then you were wrong.

WPA2 is not next on the chopping block

Style and substance, eh?  I will be trying the LiveCD!

Fedora 10 is quite beautiful, but even better, it runs well. And though it’s best to avoid installing it on a vital production machine before the November 25th release, there’s little harm in treating yourself to a liveCD test drive.

Upcoming Fedora 10 Release Has Style and Substance

The battle over the usability and suitability of Linux for the desktop continues.

The pessimistic view:

Desktop Linux – Will It Ever Stick?
popsci.com: About seven years ago, I tried to free myself from the oppression and misery of running Windows ME by installing Linux on my PC. Ever installed the Linux operating system? It’s not for the faint of heart. So, when it was recently reported that Linux-based netbooks are being returned at a rate four-times higher than their Windows-based brethren, I can’t say I was surprised.

read more

And defending the Linux desktop:

GNU/Linux is user-friendly – and logical too
itwire.com: Over at iTWire, we are often in the position where we disagree with a fellow writer and say so. This morning, I found my colleague Davey Winder’s piece “Opinion: why Linux sucks at being user friendly” to be a litle too general to pass without comment.

read more

Read both and judge for yourself.  Better yet, you can use a Live CD and try Linux on your current computer without making any permanent changes!