Virus request $20 to receive your data back

Websense® Security LabsT has received reports of a new attack that attempts to extort money from users by encoding files on their machines, and then requesting payment for a decoder tool. The attack dynamics are very similar to the original discovery we reported on May 23, 2005 : http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=194.

This attack appears to only be attacking Russian speakers and was first reported on Kaspersky's research blog:http://www.viruslist.com/en/weblog.

Several vendors are calling the two pieces of malcode (JuNy.A and JuNy.B).
Upon infection, the application searches on the machine or any mapped drives for more than 100 file types by extension.

The malicious code modifies the following registry items:

Added to HKEY_LOCAL_MACHINE:
SOFTWARE\Classes\EventSystem

.EventSystem\PrivateData
SOFTWARE\Classes\EventSystem.EventSystem\PrivateData\FXXXXBytes

Important values added:
HKEY_LOCAL_MACHINE:
SOFTWARE\Classes\EventSystem.EventSystem\PrivateData\FXXXXBytes\XXXXBytes
SOFTWARE\Classes\EventSystem.EventSystem\PrivateData\FXXXXBytes\XXXXCount
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernel Manager

Modified values:
HKEY_LOCAL_MACHINE:
SOFTWARE\Classes\exefile\shell\open\command
Like the encoder previously reported, the attacker requests that end-users send money in order to receive their data back. Also, like the former attack, the requested amount is $20.

The code also displays two messages on the screen with instructions for contacting an email account in order to get the files back, and includes a list of files that it encoded.

Screenshots are shown below (note: these were taken using a US/English version of Windows). Assuming that you are using the Russian version, the messages would appear in the native language.

Screenshots with translations included within full alert.


For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=320

The Simpsons' Exported to Middle East -- Minus Bacon, Beer

After 17 seasons of entertaining U.S. audiences, "The Simpsons" can now be seen on Arab television. While U.S. foreign policy is not always a hit overseas, there is a huge audience for American popular culture.

So the Arab satellite network MBC is bringing the cartoon saga of Springfield to the heart of the Arab world. "The Simpsons" has been exported overseas and is now called "Al Shamshoon."


The new take on the cartoon classic debuted this month, just in time for the Islamic holy month of Ramadan, as first reported by The Wall Street Journal.

With Omar instead of Homer, and Badr substituting for Bart, MBC hopes to win coveted young viewers. After all, 60 percent of the Arab world is 20 years old or younger.

"I think 'The Simpsons' will open new horizons for us to the future by creating a new genre of programming that will appeal to young adults in the Middle East," said Michel Costandi, MBC's director of business development.

But with a show that is so disinctly American, Arab media experts say, it's not enough to just translate the language.

"Translating the show linguistically, as well as culturally, as well as socially so that it appeals to the audience that's watching it here, I think there's a lot of details that one has to pay attention to," said Nadia Rahman, a professor at the Zayed University Media Center in the United Arab Emirates. "How does the mother dress? How does the sister dress?"

So MBC is making some changes as the characters go from American to Arab. They will remove references to things forbidden by the Koran, such as bacon, beer and other references that might be construed as offensive.

From American Beer to Arab Soda

Homer Simpson's ubiquitous Duff beer will now be soda in the Arab version of the show.

Hot dogs will become Egyptian beef sausages, and donuts will become popular Arab cookies called "kahk." Moe's Bar has been completely written out of "Al Shamshoon."

how quickly an unprotected computer can become infected

INDEPTH: COMPUTER SECURITY
Beginner's guide: How safe is your computer?
Producer/writer: Ruby Buiza | Writer/researcher: Laura Carlin, John Bowman | Feb. 18, 2005

How long does it take before an unprotected PC becomes infected? Consultant Ryan Purita wanted to find out. RealVideo | QuickTime Runs 2:00

Twenty minutes. That's how quickly an unprotected computer can become infected on the internet, according to research institute Sans.org.

Ryan Purita, a consultant with Totally Connected Security Ltd., wanted to see this for himself. He hooked up a PC with default Windows settings to the internet: It had no anti-virus software, no firewall, and no operating system patches. In about one minute, says Purita, it was hacked, infected, and it had started propagating viruses to other computers. Purita recorded what happened in a video [RealVideo runs 2:00].

"Home users still lack the most fundamental education regarding security. When people enter in their PIN number at an ATM and people are around, they are aware and take steps to prevent disclosure of sensitive information. However, some of the same people will willingly fill-out their real name, address, phone number and even credit card information from an unsolicited email, or banner pop up," says Purita.

Some home users are so frustrated and confused by the pitfalls of the internet, they have decided to do the one thing they know will protect them: log off permanently. The process of security is just too time-consuming and intimidating for them.

If you feel a few steps behind, overwhelmed and confused by all the techno speak, then we hope this guide is for you.

We'll give you top tips and safe practices to make your information secure. From spyware to cookies to online scams, we'll take you on a tour of internet speak and what it all means.

You can test your safety IQ by taking our quiz, learn how to block unwanted e-mail, teach your kids online safety, shop securely in cyberspace or ask our experts a question.

If you understand the risks, you'll understand how to combat them. No security system is 100 per cent impenetrable, but prevention and a layered protection system are key.

Four things you should do to protect yourself from Internet nasties.

If you want to ensure that you are protected from the most prominent computer threats, here's four things to do.

1) Install Windows XP Service Pack 2 if you use Windows XP

2) Install an anti-virus program - we recommend AVG Free Edition from http://www.grisoft.com

3) Install an anti-spyware program - we recommend Microsoft Anti-Spyware from http://www.microsoft.com/spyware/ for XP users. And also install one of the following as well as two spyware programs will catch most of infections: Spybot Search and Destroy from http://www.safer-networking.net or Ad-Aware SE from http://www.lavsoft.de

4) Turn on Windows Firewall or install a home network router or use SyGate from http://www.sygate.com or Zone Alarm from http://www.zonealarm.com

Thank You Amanda Congdon

About a week ago I was stuffing bloger.com checking out other blogs. I came across a blog that I found entertaining it was called http://amandaunboomed.blogspot.com/ I had noticed that this blog had a RSS feed subscription link, I had tried to set this up on this blog but ran in to somethings that I was not sure how to do, so I asked. (if you don't know, ask) I sent Amanda an email and she responded within hours with a link to a site that would walk me through the process. After I had the RSS feed set up I emailed her back and thanked her. Then I found her other site http://www.rocketboom.com/vlog/ and found this site to be a site worth revisiting. At this point I had no idea that Amanda was more then a common bloger or vloger (video blog) but she is. She was on G4tv on 10-13-05, appeared in a music video, and is an actorest. So I want to say Thank You for taking the time to answer my email. And for thoughs who are here,Take the time to visit her sites.

AOL Instant Messenger Trojan Horse

Websense® Security Labs(TM) has received reports of an Instant Messaging worm that targets users of AOL Instant Messenger (AIM). The user receives an unsolicited message within AIM that prompts the user to visit a website and view a funny picture. The message reads, " so funny hhehe" and is followed by the URL.


If the user clicks the URL, an application disguised as a server-side PHP script downloads. The application is a variant of the RBOT Trojan Horse, which opens a backdoor on the local machine and connects the user to BOT Network.

The site is hosted in the United States and was up at the time of this alert.

Extreme Tips: Optimization Derby

By: Andy Walker of the tv show Call for Help
What maintenance tweaks are the most effective?

There are a few things you can do to tweak your system performance, but not all of them are as productive as you'd think. We took a few systems and did some of the typical optimizations to them to see if there was any increase in system performance when we ran a standard benchmarking program, Futuremark's PCMark 05.

Each system started in a lived-in condition, after months of typical usage. We benchmarked them first in that "lived-in" state, then again after each optimization.

Removing unnecessary start-up tasks

When you start up your computer, a bunch of programs start up at that time, and run in the background of your system. If you're not using those programs regularly, you should either uninstall them. Also, if application run "pre-launch" programs so that they launch more quickly when you need them, disabling those pre-launch programs will speed you up too, if you don't use them regularly.

To see a list of what programs are running on your computer, go to the start menu, select RUN, and type in "msconfig". Choose the startup tab to see the full list of tasks, with checkboxes in front;to turn off a startup process, uncheck the box.

You can check what processes do by going to www.processlibrary.com -- there's a list of a number of system processes, and you can find out which ones are essential and which ones can safely be turned off.

Norton WinDoctor

Part of the Norton Utilities suite, WinDoctor cleans up your Windows installation, getting rid of items that point to invalid locations, removing invalid ActiveX controls, and other things that can impact your system's reliability. But does it actually give you a performance increase?

Well, no. On all of the machines we tested it on, the difference in performance was always within the range of statistical error, which means that for all intents and purposes, there was no real performance increase. But cleanup is always good.

Defragmenting

Fragmentation can be a serious problem on machines that are already slow... performance can suffer if the hard drive has to piece everything back together from tiny pieces scattered throughout the hard drive. How much of a difference does it make, though?

With lightly defragmented drives, not a whole lot. If your system is really fragmented, though, it always helps to get everything together every so often. With our benchmark, we saw very little change after defragging the drives on our newer systems...a small enough change that it could well be statistical error. On the other hand, after a thorough defragmentation, our Windows 98 system booted up in half the time it previously took.

Norton Speed Disk

Norton's Speed Disk not only defragments your drive, it puts all of your regularly-used files into the same place at one end of the disk, so that the hard drive's head doesn't have to move around quite so much.

Again, for most machines it's better in theory than in practice. System performance was minimally impacted by re-ordering the files so that the most frequently accessed were in optimal locations on the hard drive.

Regseeker registry cleaner

This one was a free registry cleaner, and we wanted to see if it would find some stuff that was plugging up the works. After running the cleaner, of course, we re-benched the system.

Well, no surprise here: No real performance gain. The system registry will be a bit cleaner, but don't expect your system's performance to be any less sluggish.

Adding memory to the system

If your system is really sluggish, there's a possibility that you just don't have enough system memory to go around. If your system already has one gigabyte of RAM inside, there'll be no huge performance gain adding much more, unless you're using applications like PhotoShop that use huge amounts of memory. If you're running with 256 or 512 megs, you might want to bump it up to a gigabyte if your system will handle it.

We took a system that had 256 megs of RAM in it, and gradually increased the RAM until we got to a gigabyte, and we noticed a small performance increase each time. Beyond that, performance increase tends to be quite minimal, though we actually noticed a slight performance increase on a system that already had one gigabyte when we added another 512 megs to it.

THE BOTTOM LINE: Many of the usual suspects when it comes to Windows optimization won't make a huge difference on your system if your system is relatively new, unless it's so screwed up that anything will be an improvement. The two that you should consider first, though: removing programs you don't use, even if it's just from your startup files; and, adding more memory to your system, especially if you don't have much memory in your system.

choosing a password

I felt compeld to talk about passwords. I was working on a computer and the people that I was doing the work for did not tell me the password and I could not ask them because it was a friend of a friends PC. and the work needed to be done very soon. So knowning nothing about the owner of the PC I set out to crack the password and guess what I got the password. You see I had one piece of info the password hint was the name of a person. Thats all I had to go on, one single name. Thirty minuets latter I was in. I know what your thinking (but it took you 30 minutes) I should have never been able to get in at all.

The object when choosing a password is to make it as difficult as possible for a cracker to make educated guesses about what you've chosen. This leaves him no alternative but a brute-force search, trying every possible combination of letters, numbers, and punctuation. A search of this sort, even conducted on a machine that could try one million passwords per second (most machines can try less than one hundred per second), would require, on the average, over one hundred years to complete.

What Not to Use

* Don't use your login name in any form (as-is, reversed, capitalized, doubled, etc.).

* Don't use your first or last name in any form.

* Don't use use your spouse's or child's name.

* Don't use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.

* Don't use a password of all digits, or all the same letter. This significantly decreases the search time for a cracker.

* Don't use a word contained in (English or foreign language) dictionaries, spelling lists, or other lists of words.

* Don't use a password shorter than six characters.

What to Use

* Do use a password with mixed-case alphabetic characters.

* Do use a password with nonalphabetic characters, e.g., digits or punctuation.

* Do use a password that is easy to remember, so you don't have to write it down.

* Do use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.

Method to Choose Secure and Easy to Remember Passwords

* Choose a line or two from a song or poem, and use the first letter of each word. For example, ``In Xanadu did Kubla Kahn a stately pleasure dome decree'' becomes ``IXdKKaspdd.''

* Alternate between one consonant and one or two vowels, up to eight characters. This provides nonsense words that are usually pronounceable, and thus easily remembered. Examples include ``routboo,'' ``quadpop,'' and so on.

* Choose two short words and concatenate them together with a punctuation character between them. For example: ``dog;rain,'' ``book+mug,'' ``kid?goat.''

Thank You William

I would like to say thanks to William Post for telling me about a flaw on this site. You see I recently made some changes to the site and if you viewed this site with an internet explorer web browser it would not look correct. All the stuff on the Right side of the page dropped all the way down to the bottom of the page. Now if you viewed this page with a Mozilla browser like Firefox you would not have seen the change. This is because Firefox is smart enough to decipher the HTML code I use to build this site. You got to love IE (Internet Explorer). Thanks William

Digital Life TV with Patrick Norton

Digital Life TV, watch it on line

"Digital Life TV is hosted by industry expert Patrick Norton, and offers up news of the day, new product reviews, technology help and more.

Sony cracks down on PSP hacks

Sony is engaged in a tug-of-war with hackers who keep cracking its PlayStation Portable software to unlock the device and run their own applications on it.

The company is preparing another update to the PSP firmware to fix a recently disclosed bug that lets hackers downgrade the PSP system software and run their own, so-called homebrew code on the device, a Sony representative said Thursday.

"It is not...what the device was designed for," said Patrick Seybold, a spokesman for Sony Computer Entertainment America. "We plan to deal with this issue with the next system update." He declined to say when that update would be ready.

Soon after Sony released the PSP earlier this year, hackers started hunting for bugs in the software that runs the device. Flaws were found and used to run homegrown applications, such as a PDF reader and an FTP client, on the device. The bugs were not used to attack PSP users.

Sony last month updated the PSP firmware to version 2.0. The update encompassed new features, including a Web browser, but also fixed the flaws that had been exploited by the hackers. The 2.0 update was made available on Sony's Web site and will be included in new PSP games, which will require the update, Seybold said.

The 2.0 release sparked a new round of hacking. A buffer overflow flaw in the software was disclosed last week on PSP Updates, a PSP enthusiast site. The new bug can be exploited to run code on the device and to downgrade to version 1.5 of the firmware, according to PSP Updates. Version 1.5 was more hacker-friendly.

Sony is not "actively going after the people doing it," Seybold said, but the company does not advise running homebrew code on the PSP. "Running unauthorized software will void the warranty," he said.

The PSP was released in the U.S. in March. Since then, more than 2 million units have been sold in the U.S., according to Sony. The device is sold primarily as a portable game machine, but users can also play movies and music, display digital photos and browse the Internet through its built-in wireless networking.