FBI and Botnets

The FBI, along with other global 'partners', is going after those pesky 'botnets'. Those are the computers that are remotely controlled by someone else (the evil hacker) because the users clicked on a link (or visited a web page) that installed some trojan software.

And because the user didn't have current patches and current anti-virus.

One story is here from Infoworld: http://www.infoworld.com/article/07/06/14/Global-co-op-feeds-FBI-botnet-fight_1.html?source=NLC-NET&cgd=2007-06-19 .

And a Google News search for similar stories: http://news.google.com/news?hl=en&ned=us&q=fbi+botnet .

You might be interested in a free (good until October 2007) rootkit detector from the folks at F-Secure (big anti-virus company; good products). It's called BlackLight, and is available here as a free download: http://www.f-secure.com/blacklight/ .

Space Station Computer Glitch

I see where the computer on the International Space Station is on the fritz, and needs some replacement parts.

One report says that the problem was caused by a static discharge when plugging in one of the power connectors.

So I wondered if the astronaut forgot to connect his anti-static wristband. And also wondered if the computer repair tech will get his 35/cents per mile for that service call.

A bit of info about the computer used up there is on NBC News' Cosmic Log (http://cosmiclog.msnbc.msn.com/archive/2007/06/14/226502.aspx).

I probably should take my medication now.

Phishing Web Site Report

Did you know that there are at least 55,643 phishing web sites? That's what the Anti-Phishing Work Group is reporting for the month of April 2007. That's a big jump from previous months; much of that jump is due to phishers using "URL Multiplication" techniques. If you put many web servers on a box, you can reference all of those domains as 123.badphishersite.com or www.badphishersite.com/1234 . The phisher can use that technique, if they are paying attention, to determine which mailing campaign is more effective at driving traffic to the phishing site.

You'll find the report from the Anti-Phishing Work Group here: http://www.antiphishing.org/reports/apwg_report_april_2007.pdf . Interesting reading.

I got that link from one of the blogs at McAfee, which is on my daily reading list. You'll find that blog entry here: http://www.avertlabs.com/research/blog/index.php/2007/06/11/phishers-like-url-multiplying-techniques/ .

Be careful out there!

Patch or Die

Well, "Patch or Die" might be a bit of an overstatement. But patches are important to the "health" of your computer. And perhaps the health of your finances; there are many viruses out there that are related to financial theft. (More on that in another future post.)

So the Mozilla products (Firefox, Thunderbird, SeaMonkey) have been fixed with latest patches. Vulnerabilities would allow the attacker to gain control of your computer. US CERT (Computer Emergency Response Team) recommends upgrades to current versions. Disabling Java and Javascript will help mitigate the vulnerability, at the expense of usability of many sites.

Mozilla has released Firefox 1.5.0.12, Firefox 2.0.0.4, Thunderbird 1.5.0.12, Thunderbird 2.0.0.4, SeaMonkey 1.0.9, and SeaMonkey 1.1.2 to correct these problems. Mozilla Firefox, Thunderbird, and SeaMonkey automatically check for updates by default.

Support for Firefox 1.5 is scheduled to end in June 2007. According to Mozilla: "Firefox 1.5.0.x will be maintained with security and stability updates until June 2007. All users are strongly encouraged to upgrade to Firefox 2. "

In addition, patches have been released for Apple products, including OS/X and QuickTime (affects Windows as Mac users). There is also a fairly serious Cisco product vulnerability that has been patched, along with the usual assortment of *nix-based product patches.

Computer Best Practices: make sure that your computer (and all programs) are configured for automatic updates. Some programs have a "Check for Updates" choice in their Help menu. Microsoft updates (Windows and Office) are available. Updates for *nix systems are also important.

Another Phishing Scam - the BBB and IRS

The Better Business Bureau is warning of an email phishing scam that uses messages claiming to be from the BBB, in an effort to entice users to click on a malicious link. A similar message from the IRS is also making the rounds the past few days. They are targeting upper-level management at major corporations with a targeted mailing list.

The BBB has a warning here: http://www.bbb.org/alerts/article.asp?ID=747 . An interesting writeup (with screenshots) of the phish/malware is here: http://www.secureworks.com/research/threats/bbbphish .

"Safe Computing": be very careful about opening attachments in emails. Make sure your anti-virus is current, and save the attachment first to allow your anti-virus program to check things before you open attachments. And be very careful when a message or web page asks to download/install a program. The SecureWorks analysis clearly shows an attempt to disguise an executable program as a "DOC" file.