Friday, October 31, 2008

Network Solutions warns that domain name registrant companies are being targeted by phishing


Network Solutions has advised domain registrants that recently a party has been circulating “phishing” emails that appear to come from Network Solutions or from other registration companies to domain name owners.

Network Solutions recommends that anyone who responded to such an email immediately change their account passwords, as instructed.

Many times, a phishing email will appear to offer legitimate links which, when the cursor is passed over them, don’t match.

ISP’s have sometimes been imitated by phishing attacks, with AOL often being used. Paypal and Ebay are often imitated, and many of these seem to get past spam filters.

The Network Solutions blog ("Solutions Are Power") entry warning about this problem, by Shashi Bellamkonda, is here.

Thursday, October 23, 2008

Microsoft releases major patch for XP, Server 2003


Microsoft has announced the release of a security patch to its Windows server systems today (Oct. 24), a couple weeks before the normal November updates. It is considered critical in Windows 2000, XP, and Server 2003, and could allow a targeted worm attack. It is thought to be less serious in Windows Vista. Home users and companies with automatic update turned on may get small updates soon (perhaps one file) and should install and restart immediately, as soon as the updates arrive.

The news story, by Robert McMillan, is in Network World, here. Arlington County VA emergency emails system sent out an announcement of the story to subscribers, as it normally warns of cyber threats.

Another company involved in commenting on the fix is the DigiTrust Group, here.

Tuesday, October 21, 2008

Botnets are still a serious issue for home and small business users; major International Botnet Task Force conference held


The Business Day Section (p B1) of the Oct. 21 New York Times features an alarming report about Internet botnets by John Markoff. The title of the story is “Beware the Digital Zombies: A robot network is seeking to enlist your computer,” link here.

The story relates the reality that botnets are becoming an increasing peril to everyday Internet commerce and perhaps even self-expression. The story gives some general discussion of Microsoft’s plan to fight them, including cooperation with many overseas governments and inserting moles or sensors into “bot-herders” and pretend to do malicious things without actually doing them. It is common for crime rings to expect newcomers to carry out assignments to prove they are not informants.

The story says that now an unprotected early XP computer will get infected within five minutes, sometimes in only thirty seconds, when connected to the Internet by broadband. Presumably service packs 2 and now 3 are supposed to make this much less likely. And Vista is supposed to be safer (that is a controversial topic). Even so, a purchaser of a new Windows computer should probably complete as much anti-virus installation as possible before connecting to the Internet, and then download all the applicable security updates from Microsoft and from the anti-virus company (like McAfee), and run a batch full scan, before using heavily. Since these downloads and installs take time, it’s possible that with such a process a new computer purchaser will detect some problems. The story indicated that the best security software does not discuss all vulnerabilities.

The news story refers to a group called the Shadowserver Foundation. Worldwide, it appears that at least 300000 computers are silently infected by botnets.

An organization called the International Botnet Task Force is supposed to convene today in Arlington VA. I could not find a web url for them, but Microsoft mentions the group in its white paper “Bots, Botnets and Zombies” here. Microsoft says it has deployed Sender-ID as part of the solution for spam since 2003. Would a microcharge for each sent email also be an effective way to fight spam?

The NY Times doesn’t discuss the speculative topic of possible home user liability. There have been a few cases where home users have been disconnected by broadband ISPs for too much activity. ABC News reports at least one case (discussed here Feb 2007) where a teenager faced child pornography charges for material that he claimed could have been placed by a hacker (those charges, in Arizona, would be dropped). There has been loose talk of an “Internet driver’s license” to include demonstration of knowledge of how to use security products, and there is talk that it should be presented in public schools (you have to find the teachers first, however). The concept of conceivable home or small business user liability is a potentially very sensitive one for public policy makers, who would have to remain very wary of unintended consequences and chilling effects.

Friday, October 17, 2008

Be careful even when moderating comments on your blog


Bloggers who allow comments (most do) should not only turn on comment moderation but should also probably be careful about embedded links in comments that are offered. In a few occasions, links that appear to be legitimate may actually link to hostile sites offering harmful downloads, fake anti-virus software, pornography, or content that is patently illegal to even possess.

There are two ways this happens. If you run your cursor over the link, you may see a different URL appear. That is one warning sign. In many cases the blogger will reject the comment and mark it as spam, if the publishing service or ISP offers spam reporting. One precautionary technique, available with some blog publishing services, is to require the comment-offered to sign on with a captcha, to avoid automatically generated comments.

But sometimes even the actual URL looks legitimate. Yesterday, on one blog on another domain (billboushka.com/wordpress) I got a comment (which of course I rejected in monitoring) that gave the URL of what appeared to be a legitimate networking profile on members.work.com. It appeared to come from the Muscogee County School District (in Georgia). I checked the link (of the specific profile) as I was moderating, and saw it was an “adult” site. McCafee Site Advisor remained gray for this link, but was green for the site as a whole. I suspect there are trademark law issues here, which I will take up soon on my trademark law blog.

This "school district" reference with adult content apparently also occurs at feel.crossfacer.com (blogs) and at kyokuyou.com (boards), both references marked green by McCafee site advisor on searches.

The computer showed 100% CPU use, although that might have happened before, when I was in Microsoft Word. (Once in a while, Word seems to stall, and so does Firefox; I’m not sure why.) I restarted the machine and the CPU problem went away. I ran fill virus scan and it found no problems.

Friday, October 10, 2008

"Switched" and AOL offer "12 sneakiest" cyberthreats; GPcode "author" apprehended


Switched-dot-com (from AOL) offers a list of the “twelve sneakiest computer viruses” here. Some of them include (1) fake anti-virus software (item 12 on their list) (2) Gpcode, which can encrypt most files on your hard drive and demand “ransom” for a decryption key (item 10), and (3) a clipboard attack (which can also sell fake anti-virus programs) and (4) Mebroot, which apparently can install from unsafe websites, and then installs keylogger programs to track your logon to any number of financial sites.

The most noteworthy might be Gpcode, which surfaced in 2005 and has been hard to track down, and anti-virus program has had trouble isolating it. Zdnet had a major article by Dancho Danchev about this ransomware in June 2004 On Sept 30, 2008 Infoworld ran an article by John E. Dunn, “Police ‘find’ author of notorious Gpcode virus: Gpcode ransomware virus was the work of a single person believed to be a Russian national” here. McAfee apparently has a DAT file that would detect the latest version as of June 9 2008, link here.

Thursday, October 09, 2008

McAfee Security Center offers much "stricter" virus scan


On Oct. 9 McAfee replaced its Security Center on Home XP machines, at least. The new virus scan runs slower and contains a progress bar graph. It also is stricter, and, when going through the registry keys (HKLM’s and HKU’s at the end of the search) may pick up unwanted programs with a link to instructions for removal.

For example, it will flag the keys for the Viewpoint toolbar, which seems to be installed by a number of services. It is considered unwanted because it can transmit non-personal information to servers. Networktechs has an article on how to remove them, here.

It also will flag Nielsen rating services as potential “spyware”. I was recently contacted by Nielsen to participate in their survey of Internet surfing. I installed from their website, and found after a week that it was not transmitting data from my IP. I uninstalled it, but found McCafee found the registry key anyway (NetRatings). Nielsen is the company well known for television ratings. Advertisers are interested in sampling web users. I worked for NBC back in the 1970s and worked tangentially on a Nielsen Ratings project from the mainframe perspective, so I know that this is a legitimate activity. Of course, many users will not want to allow any outside marketing service to sample their activity.

Friday, October 03, 2008

Domain name registration companies checked for shoddy practices (by ICANN)


Shaun Waterman of United Press International is reporting that ICANN (the Internet Corporation for Assigned Names and Numbers) is investigating two domain registrars with almost one million domains between the two of them, for not adequately identifying registrant information so that their contact information becomes available through WHOIS or through a legitimate private registration setup.

Registrants would be transferred to other registration companies if these registrants are shut down.

The action is important because domain registrants without valid contact information or mechanisms are thought to be a major source of spam and of phishing attacks or various scams.

An original UPI story, originally published May 29, 2008 is here and it requires registration to see.

A newer related story appeared Oct. 2 (same author), here and requires registration.

The Washington Times reprinted the story Friday Oct 3 on p A14, “Economy,” under the name “Domain Registrars Warned on Oversight.”

ICANN has its version of the story dated Oct. 1 “Breach notices sent to joker.com and DNS.com.cn: Registrars given 15 days to fix their Whois investigation efforts” here.


My own favorite WHOIS site is Domain Tools (which used to have the odd address whois.sc).

Thursday, October 02, 2008

List of 12 "don'ts" published on AOL; Ziggs lets users track searches against their name


AOL today provided a switched.com story with “12 things you should never do online”. The link is here (look to the bottom of the page for the orange banner link). Most of the items – in fact all of them – should be familiar by now. They do include not conducting personal transactions at public Wi-Fi hotspots, not using the same password on more than one account (at least more than one important account). They also include not posting personal or sensitive information even on supposedly “private” social networking sites.

It’s important to distinguish between being known publicly for having authored or published something (on the web, in print, in video, or any or all of these), and actually sharing personal information (like social security numbers, home address, etc). One can be a celebrity without sharing personal information. Generally, celebrities, for example, don’t make any personal contact information available at all to the public on the Internet. You have to contact them through agents.

There are some measures that webmasters can take to protect personal privacy, including private registration of domain names (which means that the domain name company secures a way for legitimate parties to contact you). Many people, including webmasters with fewer financial resources to have agents like celebrities have, publish their cell phone numbers online, along with PO Box or UPS land mail addresses only. One potential problem is “reverse phone number look ups” available from companies like Intellius and others that sell personal information reports, which could theoretically be used for stalking or other illegal reasons. Generally, this has not been a big problem in the United States. It might be bigger overseas. Congressman Moran told me that such companies operate “barely within the realm of what is legally permissible” and admitted that maybe they should be more regulated. Further complicating the discussion is the observation that a lot of identity theft results from carelessness and lack of due diligence from lenders -- which could be fixed.

Of course, many people post personal contact information like cell phone or home phone or even address for what they view as innocuous purposes, such as on job sites to be contacted for potential employment. Again, there is a lot of work to be done to make all of this a lot safer.

Ziggs offers its members a service to let members know anytime anyone has searched for their profile online. AOL today broadcast a headline that called this “creepy” while providing a link to the same Switched.com story; but I don’t see the harm in that. Ziggs is a site for “professional social networking” and has been somewhat active in the "online reputation" debate.