JD @ myITforum.com

I cant believe it, they phished in my pond!

Holy cow! For the most part, it is very rare that I recieve spam. I have never recieved a virus in an email. I do not participate in chain letter's or forward jokes. I provide a “black hole” email address, when signing up for things. I am a parinoid freak who doesnt like to provide any personal information to anyone.

Well this morning I saw two emails in my inbox from “eBay”. I thought it was very strange, since I do not have an eBAY account. Upon scanning the email, McAfee picked it up as Phish-BankFraud.eml.a. I checked the header content and found out that it was sent from "eBay <custservice_id_309594@ebay.com>" . It also appears to launch a web page from 211.60.138.10. After doing a whois of the address, it appears that the website must be “eBay - Korea“ 

Queried whois.apnic.net with "211.60.138.10"...

% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      211.60.138.0 - 211.60.138.127
netname:      EFRIEND4031406D
descr:        Efriend
descr:        PC Game Plaza User in
descr:        Munheung2-dong Buk-gu KWANGJU
country:      KR
admin-c:      MK256-AP
tech-c:       MK256-AP
status:       ASSIGNED NON-PORTABLE
notify:       b4031406@users.bora.net
mnt-by:       MNT-KRNIC-AP
changed:      b4031406@users.bora.net 20041027
source:       APNIC

person:       Minlee Kim
address:      739 3 Munheung2-dong Buk-gu
address:      KWANGJU Korea
phone:        +82-11-644-0001
country:      KR
e-mail:       b4031406@users.bora.net
nic-hdl:      MK256-AP
mnt-by:       MNT-KRNIC-AP
changed:      b4031406@users.bora.net 20041027
source:       APNIC

Security Webcasts

There are a ton of upcoming Microsoft Security Webcasts.

http://www.microsoft.com/events/security/upcoming.mspx

Here are some that I find particularly interesting:

MSDN Webcast: Implementing Security for Mobile Device Solutions (Level 200)
September 26, 2005, 11:00 A.M.–12:30 P.M. Pacific Time

TechNet Webcast: Implementing Security for Wireless Networks (Level 200)
September 28, 2005, 9:00 A.M.–10:30 A.M. Pacific Time

MSDN Webcast: Security Best Practices: Finding and Fixing Buffer Overflows (Level 200)
September 28, 2005, 9:00 A.M.–10:00 A.M. Pacific Time

MSDN Webcast: Security Best Practices: Hardening Your SQL Server (Level 200)
September 29, 2005, 9:00 A.M.–10:00 A.M. Pacific Time

TechNet Webcast: Defense in Depth Against Malicious Software (Part 3 of 3): Malware Defense for Servers and Networks (Level 200)
September 30, 2005, 11:00 A.M.–12:00 P.M. Pacific Time

TechNet Webcast: Deploying and Managing Windows XP Service Pack 2 (Level 200)
October 03, 2005, 9:00 A.M.–10:30 A.M. Pacific Time

TechNet Webcast: Configuring Security Enhancements in Microsoft Windows Server 2003 Service Pack 1 (Level 200)
October 05, 2005, 9:00 A.M.–10:30 A.M. Pacific Time

TechNet Webcast: Protecting Your Business from Spyware (Level 200)
October 13, 2005, 9:00 A.M.–10:30 A.M. Pacific Time

 

Virus Name Game - Is it game over?

I caught an article on zdnet this morning that talks about the Common Malware Enumeration (CME) initiative.

"There is a lot of confusion over the way that malware is referred to," Desiree Beck, the technical lead for the CME initiative, said in an interview. "We're trying to alleviate that by giving malware a common identifier, so everybody is talking about the same thing when some malware event happens."

Article: Researchers snoop on keyboard sounds

http://www.cnn.com/2005/TECH/internet/09/21/keyboard.sniffing.ap/index.html

Free speech is a good thing, and so are the rest of your rights as an American.

Your comment “JD stating that he was offended because, according to him, he’s white.” is incorrect. I’m stating that as a white guy (and southern to add), this letter offends me. I would prefer not be labled, but there is no checkbox for that on goverment forms. What offends me is that this letter would lead you to believe that only white rescuers saved only black people. It also contains political and religious motives which are based mostly on opinion and have little merit or fact.

 

Lets summarize the points of this Rabbi Aryeh Spero:

 

 

Whites save blacks:

 

“The rescuers were White, the stranded Black. I saw Caucasians navigating their small, private boats in violent, swirling, toxic floodwaters to find fellow citizens trapped in their houses. Those they saved were Black.”

 

“Yes, there are Two Americas. One is the real America, where virtually every White person I know sends money, food or clothes to those in need -- now and in other crises -- regardless of color. This America is color blind.”

 

“most of the givers were White, most of those being helped were Black”

 

If you opinion is different from the Rabbi’s and you are black, that’s a sin:

 

“As a Rabbi I have a message I wish to offer to my fellow members of the cloth, Reverends Jackson and Sharpton: "It is time to do some soul searching. Your continued efforts to tear this country apart, even in light of the monumental goodness shown by your White brothers, is a sin."”

 

Lets attack the organizations I do not like and make false allegations:

 

“So next time the ACLU tries to diminish and marginalize the churches, saying there is no role for religion in American public life, that an impenetrable wall must be erected separating the citizens from their faith, cry out "Katrina." Next time the ACLU goes to court asking that U.S. soldiers not be allowed to say Grace in the Mess Hall and that communities be forbidden from setting up a nativity scene, ask yourself: without the motivation of Goodness sourced in Faith, would people offer such sacrifice? Where else does this Brotherhood come from but the Bible which teaches "Thou Shall Love Thy Neighbor as Yourself."”

 

“The New York Times has utterly failed America.”

 

Give props to organizations I do like:

 

“I saw brotherhood on Fox News, where 24/7 reporters used their perch as a clearing-house for search-and-rescue missions and communication between the stranded and those in position to save. In contrast, the Old-line networks continued with their usual foolish, brain-numbing programming. Those who always preach "compassion" chose profit over
people.”

 

I do not believe in Separation of Church and State:

 

“So next time the ACLU tries to diminish and marginalize the churches, saying there is no role for religion in American public life, that an impenetrable wall must be erected separating the citizens from their faith, cry out "Katrina." Next time the ACLU goes to court asking that U.S. soldiers not be allowed to say Grace in the Mess Hall and that communities be forbidden from setting up a nativity scene, ask yourself: without the motivation of Goodness sourced in Faith, would people offer such sacrifice? Where else does this Brotherhood come from but the Bible which teaches "Thou Shall Love Thy Neighbor as Yourself."”

You can get a spam filter

Rick Fogarty's post looks like the start of a chain letter to me. He said it’s quite enlightening, and I have to admit that it is enlightening to see how racist chain letter's originate and are propagated. Sorry Rick, but that letter offends this, as the goverment labels me, “white” guy. Sure someone can mention extremists in a letter, but it doesnt give merit to their own propaganda. Wow, I just cant see how someone would forward this crap....

It takes a long time these days...

As a former soldier, I often reflect on my time in the service and think about the soldiers deployed over seas. I try to read through CNN's Forces: U.S. & Coalition/Casualties webpage at a minimum every month. Im always wondering as I read through the list, if I am going to see the face of a family member or friend on the webpage. Speaking of face, that is exactly what that webpage does, it puts a face on the war. I think people get used to hearing on the news that 9 soldiers died in IRAQ today. You cant just blow it off, like you can when you hear it on the radio. When you see the faces, names, ages, and hometown's of the soldiers, it invokes a ton of emotion. My emotions go through a range of colors that could compete with a rainbow. I feel sadness for the soldier, pain for the grieving mother, and rage for the leaders that place all of these people in harms way. Damn,,,,,,,,,, it sure does take alot longer to read through the list these days.

The Spam Map is interesting

I was reading new articles and saw the headline “Spam map Googles junk mail proxies”. I then followed the link to the Mailinator Spam Map. After looking at the globe, I clicked the USA button. I then clicked on the pin located near boston.

This was displayed:

Subject: New White Paper Roundup: SOA and CARS - Are they...
IP address: 65.214.43.172
DNS Name: mailhost9.lists.techtarget.com
Location: Billerica, MA, US
Emails: 100

 

Article: Third of world's bot-infections are UK computers

http://www.pcpro.co.uk/news/77523/third-of-worlds-botinfections-are-uk-computers.html

New Bagle Variant Spammed

From the forums:

Breaking Virus and Security News

Vendor links:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FBAGLE%2EDA

http://www.f-secure.com/v-descs/bagle_bi.shtml

 

 

 

A Chronology of Data Breaches

This is a good way to put things into perspective.

http://www.privacyrights.org/ar/ChronDataBreaches.htm

DATE MADE PUBLIC	NAME	TYPE OF BREACH	NUMBER
Feb. 15, 2005	ChoicePoint	ID thieves accessed	145,000
Feb. 25 , 2005	Bank of America	Lost backup tape	1,200,000
Feb. 25, 2005	PayMaxx	Exposed online	25,000
March 8, 2005	DSW/Retail Ventures	Hacking	100,000
March 10, 2005	LexisNexis	Passwords compromised	32,000
March 11, 2005	Univ. of CA, Berkeley	Stolen laptop	98,400
March 11, 2005	Boston College	Hacking	120,000
March 12, 2005	NV Dept. of Motor Vehicle	Stolen computer	8,900
March 20, 2005	Northwestern Univ.	Hacking	21,000
March 20, 2005	Univ. of NV., Las Vegas	Hacking	5,000
March 22, 2005	Calif. State Univ., Chico	Hacking	59,000
March 23, 2005	Univ. of CA, San Francisco	Hacking	7,000
March 28, 2005	Univ. of Chicago Hospital	Dishonest insider	unknown
April ?, 2005	Georgia DMV	Dishonest insider	"hundreds of thousands"
April 5, 2005	MCI	Stolen laptop	16,500
April 8, 2005	Eastern National	Hacker	15,000
April 8, 2005	San Jose Med. Group	Stolen computer	185,000
April 11, 2005	Tufts University	Hacking	106,000
April 12, 2005	LexisNexis	Passwords compromised	Additional 280,000
April 14, 2005	Polo Ralph Lauren/HSBC	Hacking	180,000
April 14, 2005	Calif. Fastrack	Dishonest Insider	4,500
April 15, 2005	CA Dept. of Health Services	Stolen laptop	21,600
April 18, 2005	DSW/ Retail Ventures	Hacking	Additional 1,300,000
April 20, 2005	Ameritrade	Lost backup tape	200,000
April 21, 2005	Carnegie Mellon Univ.	Hacking	19,000
April 26, 2005	Mich. State Univ's Wharton Center	Hacking	40,000
April 26, 2005	Christus St. Joseph's Hospital	Stolen computer	19,000
April 28, 2005	Georgia Southern Univ.	Hacking	"tens of thousands"
April 28, 2005	Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp	Dishonest insiders	676,000
April 29, 2005	Oklahoma State Univ.	Missing laptop	37,000
May 2, 2005	Time Warner	Lost backup tapes	600,000
May 4, 2005	CO. Health Dept.	Stolen laptop	1,600 (families)
May 5, 2005	Purdue Univ.	Hacking	11,360
May 7, 2005	Dept. of Justice	Stolen laptop	80,000
May 11, 2005	Stanford Univ.	Hacking	9,900
May 12, 2005	Hinsdale Central High School	Hacking	2,400
May 16, 2005	Westborough Bank	Dishonest insider	750
May 18, 2005	Jackson Comm. College, Michigan	Hacking	8,000
May 18, 2005	Univ. of Iowa	Hacking	30,000
May 19, 2005	Valdosta State Univ., GA	Hacking	40,000
May 20, 2005	Purdue Univ.	Hacking	11,000
May 26, 2005	Duke Univ.	Hacking	5,500
May 27, 2005	Cleveland State Univ.	Stolen laptop	44,420
May 28, 2005	Merlin Data Services	Bogus acct. set up	9,000
May 30, 2005	Motorola	Computers stolen	unknown
June 6, 2005	CitiFinancial	Lost backup tapes	3,900,000
June 10, 2005	Fed. Deposit Insurance Corp. (FDIC)	Not disclosed	6,000
June 16, 2005	CardSystems	Hacking	40,000,000
June 17, 2005	Kent State Univ.	Stolen laptop	1,400
June 18, 2005	Univ. of Hawaii	Dishonest Insider	150,000
June 22, 2005	Eastman Kodak	Stolen laptop	5,800
June 22, 2005	East Carolina Univ.	Hacking	250
June 25, 2005	Univ. of CT (UCONN)	Hacking	72,000
June 28, 2005	Lucas Cty. Children Services (OH)	Exposed by email	900
June 29, 2005	Bank of America	Stolen laptop	18,000
June 30, 2005	Ohio State Univ. Med. Ctr.	Stolen laptop	15,000
July 1, 2005	Univ. of CA, San Diego	Hacking	3,300
July 6, 2005	City National Bank	Lost backup tapes	unknown
July 7, 2005	Mich. State Univ.	Hacking	27,000
July 19, 2005	Univ. of Southern Calif. (USC)	Hacking	270,000 possibly accessed; "dozens"exposed
July 21, 2005	Univ. of Colorado-Boulder	Hacking	42,000
July 30, 2005	San Diego Co. Employees Retirement Assoc.	Hacking	33,000
July 30, 2005	Calif. State Univ., Dominguez Hills	Hacking	9,613
July 31, 2005	Cal Poly-Pomona	Hacking	31,077
Aug. 2, 2005	Univ. of Colorado	Hacking	36,000
Aug. 9, 2005	Sonoma State Univ.	Hacking	61,709
Aug. 10, 2005	Univ. of North Texas	Hacking	39,000
Aug. 17, 2005	Calif. State University, Stanislaus	Hacking	900
Aug. 19, 2005	Univ. of Colorado	Hacking	49,000
Aug. 22, 2005	Air Force	Hacking	33,300
Aug. 27, 2005	Univ. of Florida, Health Sciences Center/ChartOne	Stolen Laptop	3,851
Aug. 30, 2005	J.P. Morgan, Dallas	Stolen Laptop	Unknown
Aug. 30, 2005	Calif. State University, Chancellor's Office	Hacking	154
Sept. 10, 2005	Kent State Univ.	Stolen Computers	100,000
Sept. 15, 2005	Miami Univ.	Exposed Online	21,762
Sept. 16, 2005	ChoicePoint  (2nd notice, see 2/15/05 for 145,000)	ID thieves accessed; also misuse of IDs & passwords.	9,903
TOTAL			50,715,749

 

 

Rootkit Webcast

 

Description:

Are you aware of rootkits, the new silent threat to your information technology infrastructure? Rootkits are a special class of malware. They are special because they are nearly undetectable, almost impossible to remove and their ongoing processes are difficult to track. This technical webcast helps you know your enemy. We focus on the latest methods used by rootkit developers to hide their tools on computers running Microsoft Windows operating systems. The session demonstrates how rootkits work, why they penetrate defenses, and what, if anything can be done to stop them.

 

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032279998&EventCategory=4&culture=en-US&CountryCode=US

Have some time on your hands?

Today is my last vacation day. Two days ago, I decided to start my not so yearly ritual of installing Linux and giving it a run. I have to admit, I usually get frustrated trying to get all of my devices functioning and throw in the towel early. I use various Linux utilities for password recovery or pen testing, but I have not had much luck with getting an entire system functioning. This year however, I accomplished the mission. Well, at least for getting all of my devices working with Linux, the relaxing while on vacation part is right out. I was even able to use ndiswrapper to get my wireless card working with a little of trial and error, and a modified kernel. Getting the wireless card functioning was half the battle, installing WPA, and AES was the other half. I would of had it working sooner, if I would have followed the instructions exactly and not used the latest WPA supplement. All in all, it took me two days to get everything working, from the install to posting this blog piece. I installed fedora FC4 and I have to say that Linux has come along way since I first tried to use it some years back. I am very impressed with some applications, while other aspects are behind the times a bit. There are some security tools and utilities that I will need Linux for, in order to use them, so I will probably keep a Linux box around the house. I still do not see Linux going mainstream. Maybe you cant teach an old dog new tricks, but Linux is still not very friendly for the average user. The process of compiling applications before installing them on the system with the added effort of reading the not so standard readme's in order to determine all of the prerequisites before the install, will root out most of us lazy windows users. The second problem is that finding devices that function "out of the box" is very difficult. When I realized that it was probably going to take more time to get my wireless card functioning than it would cost me to get a compatible card with Linux drivers, I went shopping. I was in for a rude awakening though. It seems that Best Buy, nor Staples carries wireless cards with Linux drivers in the box. I even went as far as getting the “weird haired teen” that worked at Best Buy to show me the loop hole in the Best Buy computer image that allowed me to check the vendor sites for Linux drivers. Nogo. At this point, I was determined to make it work this time, and that is what it took.. TIME. I just don't envision the average user going as far as I did to make Linux work. Microsoft is safe for now, of coarse I do know a Microsoft die hard that is saying of good things about his MAC. Well, I guess I will wrap up this post on my Linux box, and go grab a beer......

August On-demand scan comparative posted

http://www.av-comparatives.org/

Here you will find comparatives for many antivirus products.

How deep does Microsoft’s Security Initiative go?

How deep does Microsoft’s Security Initiative go? Apparently, to your house, if you are a malware author.

F-secure had some interesting articles highlighted on their blog about tracking down malware authors.

One of the articles goes into how a member of Microsoft Corp.'s Internet Safety Enforcement Team, tracked down “Benny“ from  the 29A virus writers group, and provided Czech police with his identity which eventually led to his arrest.