Technical Tidbits

There are some days that I am just so happy to be doing the work I do. And today is one of those days!

Last week I received an odd e-mail that was obviously spam, but seemed to contain malware. And of course, I was disturbed because my Trend Micro Internet Security Pro did not catch it. While I did a bit of analysis on my own, it did indeed seem to contain the makings of malware - not that the fact that it was an executable (exe) might have something to do with it too!

So, following our procedures for submission, I submitted the file to Trend’s virus engineers and I just received this e-mail back from them.

The name of the Trojan is TROJ_DLOADR.HR - short form for Trojan, Downloader, variation HR.

And in keeping with my pledge to expose people who are either running botnets unknowingly or expose those who would willingly send out malcode, here’s the e-mail I received and the headers from that e-mail.

(Click to view larger image)

You will notice that first of all, this is a very bizarre e-mail address as the sender and the mail to is not a legitimate MICE e-mail address to begin with.  And there is nothing going on at MICE that required an Attorney to look over our contract. (We have two law firms we conduct business with and neither are at this address!)

So, looking at the headers I can see that this is coming from one specific IP address. Doesn’t appear to be a botnet, but I may be wrong. But from the headers, it seems to me that this e-mail originated from and was sent from this address. Perhaps this person is infected?

(Click to view larger image)

So, once again I go off to the Whatismyipaddress.com website (Gosh, I LOVE THEM!)

So, if you know of someone in that area (Washington State), or you are RoadRunner and you know who has the IP address of: 76.182.157.26, you need to contact them and tell them they are infected!

Not sure if it’s you or not? Go to WhatismyIPaddress.com and they will tell you immediately on the home page - the minute you get there.

So today my job is worthwhile. I found a new Trojan!

And since our press release called me “The Lone Ranger” of PC Security, I guess I will ride another day!

“Hi Ho, Trend MIcro! Away!”

written by Admin \\ tags: 76.182.157.26, botnet, internet security, malware, new trojan, pc security, Road Runner, RoadRunner, Security, Spam, trend, Trend Micro, trojan, trojan downloader, TROJ_DLOADER.HR, Washington State

I am supposed to be finishing up some things in preparation for our anniversary celebration and I’m just so livid I have to write this. I cannot focus on anything else right now.

Our Chief Marketing Director, Jeff Staebell, coming across a piece of software, while researching one of our special reports for our anniversary celebration. He called it to my attention, which led to him listening to my rant about it a few days ago. (And of course, he ranted about the spiritual implications of this to me!)

Today, a student brought up a question about a similar software in the discussion area and started me on my rant all of again. I need to get this off my mind so I’m putting it out there.

The two software products that have been brought into question were: PC Pandora by Pandora Corp. and Spector Pro by SpectorSoft. (And I will not honor either of them by giving you the link.)

Just what are these two pieces of software and why am I in such a RAGE about them?

They are keylogging spyware programs disguised as legitimate software!

In case you missed it, let me repeat it for you! I’ll even make sure you can’t miss it!

THEY ARE KEYLOGGING SPYWARE PROGRAMS DISGUISED AS LEGITIMATE SOFTWARE!

Got it now? Good!

The PC Pandora software is supported and raved about on many sites about cheating husbands and online safety for kids. And I was stunned to see that many of the television stations from well known ABC News through NBC News, as well as well-known radio programs and PC Magazine support this kind of behavior and software! You all should be ashamed of yourself!

And Clickbank is handling their affiliate program so you’ll be seeing rave reviews from all kinds of money grubbers who have no ethics other than to promote a product they know nothing about in order to make a few bucks.

Here are my issues with this kind of marketing….

If you have to install software to catch your spouse cheating, what does that say about you as a person? What does it say about your marriage?

You don’t need this software, you need a marriage counselor!

As for the children, mom and dad, WAKE UP! Call it what you will, you aren’t protecting them, you are spying on them!

I’ve had about enough of all this lack of personal responsibility as one person can take! And I’m so sick and tired of hearing that the reason we need this kind of garbage is because we can’t be every where as parents. Yes, that’s true, but you can at least be PRESENT when you are there! You don’t need a V-chip to block your kids from the television programs you don’t want them to watch - you need to be a parent! There’s a two letter word called, “NO!” Have you heard of it? You don’t need spyware, keylogging software, you need, “NO!” coupled with SUPERVISION. Ever hear of that word?

Do you bother to hear what your children are saying to you? Do you listen to their conversations with their friends? Are you paying attention? Or is invading their privacy your way of being a good parent?

Spector Pro is no better either. Only this one lends its marketing more toward the businesses. Excuse me? If I have to install this kind of monitoring software on my employees machines, there’s a few issues I need to really address!

One would be, “What is wrong with me as an employer that I’m hiring the wrong people?” (After all, I must be hiring the wrong people if I’m needing this kind of software!)

Don’t get me wrong, I’m in favor of businesses blocking access to certain websites that may compromise the network or the employees ability to work effectively. (Like blocking porn, gambling, and such - do it on your own time!)

But, as long as the staff members are getting their work done, who am I to care if they are making a personal phone call or answering a personal e-mail? It’s work, not a concentration camp - isn’t it?

The support and advocation of this kind of malware stuns me! What are you teaching your employees, your children, your spouse? That malware is OK under certain circumstances? And those circumstances are any time I feel I’m being victimized? Get counseling - get over it!

What are we showing society? That it’s OK to spy on people and use malware when we deem it appropriate?

I see the pot calling the kettle black is what I see!

You rant at your television set and send mass e-mails about the government passing laws (currently being voted on!) about losing your rights in the new proposed law about wire tapping, and yet you illegally do the same in your own home or office?

As you can see, this has really hit a sore spot with me.

Wake up people! Call PC Pandora and Spector Pro what you will, it’s still spyware and it still stinks!

What are we coming to as a society????? This is sad. So very, very sad.

As a P.S. Do you want to see what TrendMicro thinks of the PC Pandora site? Look at this screen shot:

Kudo’s to TRENDMICRO!

written by Admin \\ tags: ABC, ABC News, affiliate, affiliate program, clickbank, clickbank affiliate program, Jeff Staebell, keylogger, keylogging, malware, NBC, NBC News, PC Magazine, PC Pandora, pc pandora spyware, Spector Pro, Spector Pro spyware, SpectorSoft, spyware, trend, trendmicro

What was I just saying in my most recent blog, “Apple Mac Arrogance or Pure Stupidity?“??

Hmmm, maybe I’m psychic? Or maybe I just know security! Ya think?

In a just published article on InfoWorld and MacWorld, Johnny Evans (MacWorld UK) reports that security vendors, SecureMac and Intego are separately reporting a new Trojan exploit for the Mac.

The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire.

The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can reportedly transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging.

Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.

My students have heard me preach and preach about the whole Limewire issue (not to mention bearshare and the others!) and I’ve stated in my referenced blog entry that Mac users are either arrogant or stupid if they believe they are exempt from these kinds of malware.

My God people, WAKE UP and smell the MALWARE!

To read the full InfoWorld Article, click the link: Full InfoWorld Article.

written by Admin \\ tags: hacker, hackers, iChat, infoworld, Intego, Johnny Evans, Limewire, Mac, MacWorld, malware, SecureMac, trojan, Trojan horse

If you’ve ever performed a Google search for odd malicious processes running in the background, or just some basic security issues you had questions about, chances are good that Castle Cops website & forum will come up in the top searches and the answer you were looking for!

According to Spamhaus, CastleCops has been “making cybercriminals unhappy since 2002″ and now they are in need of our help!

Well, I was surprised today to find out that the site is suffering a bit. They need a new server and they have launched a Server Donation Drive Marathon. MICE is on the donors list as of today and I’d like to challenge our readers that have ever been helped by them - and you know they don’t charge! - to kick a few spare dollars their way and help them get back online with a new server (or two).

You can see the drive information here: http://www.castlecops.com/server_marathon.html

The PayPal line is also a link if you want to send a donation via PayPal. Keep in mind that PayPal takes 2.9% plus 30 cents per transaction. But if you want to donate and not have to think about writing a check, then please do. Otherwise, the information on where to mail checks is included in the link above.

Then you can join MICE’s name on the donors list here: http://wiki.castlecops.com/CastleCops/Server_Donation_Drive

And as you can see there, the list is mighty small. Please, help them out!

Debbie

written by Admin \\ tags: CastleCops, charitable giving, charity, cybercrime, cybercriminals, donate, donations, malware, Security, server, server drive