Technical Tidbits

There are some days that I am just so happy to be doing the work I do. And today is one of those days!

Last week I received an odd e-mail that was obviously spam, but seemed to contain malware. And of course, I was disturbed because my Trend Micro Internet Security Pro did not catch it. While I did a bit of analysis on my own, it did indeed seem to contain the makings of malware - not that the fact that it was an executable (exe) might have something to do with it too!

So, following our procedures for submission, I submitted the file to Trend’s virus engineers and I just received this e-mail back from them.

The name of the Trojan is TROJ_DLOADR.HR - short form for Trojan, Downloader, variation HR.

And in keeping with my pledge to expose people who are either running botnets unknowingly or expose those who would willingly send out malcode, here’s the e-mail I received and the headers from that e-mail.

(Click to view larger image)

You will notice that first of all, this is a very bizarre e-mail address as the sender and the mail to is not a legitimate MICE e-mail address to begin with.  And there is nothing going on at MICE that required an Attorney to look over our contract. (We have two law firms we conduct business with and neither are at this address!)

So, looking at the headers I can see that this is coming from one specific IP address. Doesn’t appear to be a botnet, but I may be wrong. But from the headers, it seems to me that this e-mail originated from and was sent from this address. Perhaps this person is infected?

(Click to view larger image)

So, once again I go off to the Whatismyipaddress.com website (Gosh, I LOVE THEM!)

So, if you know of someone in that area (Washington State), or you are RoadRunner and you know who has the IP address of: 76.182.157.26, you need to contact them and tell them they are infected!

Not sure if it’s you or not? Go to WhatismyIPaddress.com and they will tell you immediately on the home page - the minute you get there.

So today my job is worthwhile. I found a new Trojan!

And since our press release called me “The Lone Ranger” of PC Security, I guess I will ride another day!

“Hi Ho, Trend MIcro! Away!”

written by Admin \\ tags: 76.182.157.26, botnet, internet security, malware, new trojan, pc security, Road Runner, RoadRunner, Security, Spam, trend, Trend Micro, trojan, trojan downloader, TROJ_DLOADER.HR, Washington State

I am supposed to be finishing up some things in preparation for our anniversary celebration and I’m just so livid I have to write this. I cannot focus on anything else right now.

Our Chief Marketing Director, Jeff Staebell, coming across a piece of software, while researching one of our special reports for our anniversary celebration. He called it to my attention, which led to him listening to my rant about it a few days ago. (And of course, he ranted about the spiritual implications of this to me!)

Today, a student brought up a question about a similar software in the discussion area and started me on my rant all of again. I need to get this off my mind so I’m putting it out there.

The two software products that have been brought into question were: PC Pandora by Pandora Corp. and Spector Pro by SpectorSoft. (And I will not honor either of them by giving you the link.)

Just what are these two pieces of software and why am I in such a RAGE about them?

They are keylogging spyware programs disguised as legitimate software!

In case you missed it, let me repeat it for you! I’ll even make sure you can’t miss it!

THEY ARE KEYLOGGING SPYWARE PROGRAMS DISGUISED AS LEGITIMATE SOFTWARE!

Got it now? Good!

The PC Pandora software is supported and raved about on many sites about cheating husbands and online safety for kids. And I was stunned to see that many of the television stations from well known ABC News through NBC News, as well as well-known radio programs and PC Magazine support this kind of behavior and software! You all should be ashamed of yourself!

And Clickbank is handling their affiliate program so you’ll be seeing rave reviews from all kinds of money grubbers who have no ethics other than to promote a product they know nothing about in order to make a few bucks.

Here are my issues with this kind of marketing….

If you have to install software to catch your spouse cheating, what does that say about you as a person? What does it say about your marriage?

You don’t need this software, you need a marriage counselor!

As for the children, mom and dad, WAKE UP! Call it what you will, you aren’t protecting them, you are spying on them!

I’ve had about enough of all this lack of personal responsibility as one person can take! And I’m so sick and tired of hearing that the reason we need this kind of garbage is because we can’t be every where as parents. Yes, that’s true, but you can at least be PRESENT when you are there! You don’t need a V-chip to block your kids from the television programs you don’t want them to watch - you need to be a parent! There’s a two letter word called, “NO!” Have you heard of it? You don’t need spyware, keylogging software, you need, “NO!” coupled with SUPERVISION. Ever hear of that word?

Do you bother to hear what your children are saying to you? Do you listen to their conversations with their friends? Are you paying attention? Or is invading their privacy your way of being a good parent?

Spector Pro is no better either. Only this one lends its marketing more toward the businesses. Excuse me? If I have to install this kind of monitoring software on my employees machines, there’s a few issues I need to really address!

One would be, “What is wrong with me as an employer that I’m hiring the wrong people?” (After all, I must be hiring the wrong people if I’m needing this kind of software!)

Don’t get me wrong, I’m in favor of businesses blocking access to certain websites that may compromise the network or the employees ability to work effectively. (Like blocking porn, gambling, and such - do it on your own time!)

But, as long as the staff members are getting their work done, who am I to care if they are making a personal phone call or answering a personal e-mail? It’s work, not a concentration camp - isn’t it?

The support and advocation of this kind of malware stuns me! What are you teaching your employees, your children, your spouse? That malware is OK under certain circumstances? And those circumstances are any time I feel I’m being victimized? Get counseling - get over it!

What are we showing society? That it’s OK to spy on people and use malware when we deem it appropriate?

I see the pot calling the kettle black is what I see!

You rant at your television set and send mass e-mails about the government passing laws (currently being voted on!) about losing your rights in the new proposed law about wire tapping, and yet you illegally do the same in your own home or office?

As you can see, this has really hit a sore spot with me.

Wake up people! Call PC Pandora and Spector Pro what you will, it’s still spyware and it still stinks!

What are we coming to as a society????? This is sad. So very, very sad.

As a P.S. Do you want to see what TrendMicro thinks of the PC Pandora site? Look at this screen shot:

Kudo’s to TRENDMICRO!

written by Admin \\ tags: ABC, ABC News, affiliate, affiliate program, clickbank, clickbank affiliate program, Jeff Staebell, keylogger, keylogging, malware, NBC, NBC News, PC Magazine, PC Pandora, pc pandora spyware, Spector Pro, Spector Pro spyware, SpectorSoft, spyware, trend, trendmicro

I’ve spoken with several people since my discovery that now TrendMicro’s software has gone down the drain.

I wanted someone - anyone - to tell me why! Why is it that when a company gets bigger their products get crappier? Why!???

At first it was Symantec. My gosh, how well I remember my love of Norton AV. They saved my hard drive when McAfee failed me early on in this business.  But Norton then was not the same as Symantec/Norton now.

First Norton changed to Symantec (they were bought out?). The downhill spiral started. But then, Symantec bought Veritas showing us where they were putting the money - enterprise! I can see them waving as they say, “Goodbye all you little end users who made us what we are! We are going after the real money!”

On we moved to Zonelabs Zone Alarm. Great software. Great control and not a heavy resource user. But then came the Checkpoint buyout and suddenly ZA has it’s own AV program too. And how odd that suddenly their updates started disabling Norton AV? Conspiracy? Maybe.

So, we all made the switch to TrendMicro’s PC-Cillin. My gosh, they’ve been around for ages too! And wow! Internet Security 2006 was a dream come true! I had to keep checking to see if it was working because it never bothered me!

But then, some evil happened in Trends Internet Security 2007. Was it the corporate bug-a-boo that bit them too? Suddenly we have a resource hog on our hands that grows worse with time and updates.

Why??? Why??? Why???

Is it a plague running rampant in Corporations?

A friend of mine gave me the answer I believe. And yes, it’s the plague of all Corporations. It’s an evil virus that spreads across the corporate landscape faster than a botnet. It’s called the “SHAREHOLDER”!

My friend believes that as the companies get bigger and either go public or get bought out by larger corporations, suddenly they have to worry about earnings and shareholders. So, they start to cut corners, cut expenses, make shoddier products. All to keep earnings up and keep the shareholders happy.

So there you have the explanation. The next time your favorite software merges, buys, gets bought out, or goes public, run! Run as fast you can away from them!

Please don’t ever tell me someone has bought up Spybot Search and Destroy. I think I’ll consider Hari kari!

written by Admin \\ tags: antivirus, firewall, norton, spybot, symantec, trend, zone alarm

There is a lot of grumbling from people all over the net (and in my own family) about how slow TrendMicro Internet Security 2007 is. So much so, that Trend has been made aware of the problem and posted a fix to the problem.

First, you have to have version 15.30.xxxx of Trend. If you don’t, you have to upgrade by getting the upgrade kit here:

http://www.trendmicro.com/ftp/products/tis/PCC2007_UPGKT_153_1128_1151_GM.exe

(Source and Directions for use:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=1034407)

The trouble is that the slow computer had Spybot S&D installed on it before upgrading to Trend IS 2007. The new Trend makes you uninstall Spybot. Unfortunately, what they don’t tell you is, that before you uninstall, you need to remove the host files (if you had installed them through advanced mode), AND you MUST UNDO THE IMMUNIZE! That’s the biggie!

When Trend installs, it attempts to monitor all your program files. Even though Spybot has been unistalled, the immunized files are still being protected or locked down by Spybot (which of course, no longer exists on your computer!). So, there is this huge battle going on in the background between Trend and locked down Spybot files. This is what consumes the resourses!

So, if you are using Trend 2007 and your computer is getting slower than molassis, reinstall Spybot, update it, and then UNIMMUNIZE your files. (There’s an UNDO button under the immunize section.)

I’ve done this with many, many clients now, and they are faster than a speeding bullet. (Oh, wait! That’s Superman, isn’t it? GRIN) Anyway, you get the drift!

Support Source:

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1033903

Debbie

written by Admin \\ tags: computer slow, internet security, pc-cillin, slow pc, trend, trendmicro