Deepak Krishnan

Win32/Spy.Bzub.NAC

2007-03-08T23:20:00.000+05:30

Aliases:	Trojan-Spy.Win32.BZub.bs (Kaspersky), Spy-Agent.ak (McAfee), Infostealer.Bzup (Symantec)
Type of infiltration:	trojan
Size:	80600 B
Affected platforms:	Microsoft Windows
Signature database version:	1.1707
Short description:	Win32/Spy.BZub.NAC is a trojan that steals passwords and other sensitive information.

Installation

The following file is dropped in the %system% folder:

agent_dq.dll

It is a Browser Helper Object for Internet Explorer. Size of the file is 60928 B.

The following Registry entries are set:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73364D99-1240-4dff-B11A-67E448373048}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048}\

InprocServer32]
(Default) = "%system%\ipv6mons.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048}\

InprocServer32]
"ThreadingModel" = "apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048}\

InprocServer32]
"Enable Browser Extensions" = "yes"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\

Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = "C:\Program Files\Internet Explorer\

IEXPLORE.EXE:*:Enabled:Internet Explorer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\loadnet_insll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\worg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\cmpid]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\forwas]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\h]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\nw]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\wspopp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

browser helper obJects\{73364D99-1240-4dff-B11A-67E448373048}]

Information stealing

The trojan collects various information when Internet Explorer is being used to access the following sites:

app/ueberweisung.input.do,app/ueberweisung.prep.do
banking.postbank.de,
banking.postbank.de/app/finanzstatus.reduziert.init.do,
banking.postbank.de/app/kontoumsatz.umsatz.init.do,
banking.postbank.de/app/legitimation.input.do,
banking.postbank.de/app/ueberweisung.quittung.do,
e-gold.com/acct/acct.asp,
https://*.netbank.commbank.com.au/netbank/bankmain,
https://banking.postbank.de/app/finanzstatus.init.do,
https://banking.postbank.de/app/kontoumsatz.umsatz.init.do,
https://banking.postbank.de/app/welcome.do,
https://signin.ebay*/ws/eBayISAPI.dll,postbank.de

Some information is found in local files too. The following information is collected:

passwords ,URLs visited ,HTML forms content ,computer name ,computer IP, address ,Outlook Express accounts data ,digital certificates

The data is saved in the %system% folder in the following files:

form.txt,info.txt,shot.html

The trojan can upload the information to a remote machine. The FTP protocol is used.

Other information

The trojan may attempt to delete all files on the C: drive and various program files.

Win32/Stration.ET

2007-03-08T23:05:00.000+05:30

Aliases:	Email-Worm.Win32.Warezov.gen (Kaspersky), W32/Stration@MM (McAfee), W32.Stration@mm (Symantec)
Type of infiltration:	worm
Size:	116320 B
Affected platforms:	Microsoft Windows
Signature database version:	1.1775
Short description:	Win32/Stration.ET is a worm that spreads via e-mail.

Installation :When executed, the %windir% copies itself in the folder using the following filename : t2serv.exe

The following files are dropped in the same folder:

t2serv.dll
t2serv.wax
t2serv.s

The following files are dropped in the %system% folder:

kbdaqosn.dll
mqpeh323.dll
vjoyslay.exe

In order to be executed on every system start, the worm sets the following Registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"t2serv" = "%windir%\t2serv s"

The following Registry entry is set:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "kbdaqosn.dll e1.dll"

A Notepad window with random text is displayed.

Spreading via e-mail

E-mail addresses for further spreading are searched for in local files with one of the following extensions:

.adb,.asp,.cfg,.cgi,.dbx,.dhtm,.eml,.htm,.html,.jsp,.mbx,.mdx,
.msg,.nch,.ods,.oft ,.php,.sht,.shtm,.stm,.tbb ,.txt,.uin .wab,.wsh,.xls,.xml

Addresses containing the following strings are avoided:

.edu,.gov,.mil,@avp,@foo,admin,anyone@,apache,berkeley,bsd,bugs@
cafee,certific,contact,contract@,example,fido,ftp,gnu,gold-certs
google,help,help@,ibm.com,icrosoft,info@,kasp,kernel,linux,local
master,mozilla,mydomai,news,nobody,noone,noreply,panda,pgp,privacy
rating,rfc-ed,ripe.,root@,samples,secure,sendmail,service,somebody
someone,spam,support,unix,update,update,usenet,winrar,winzip,www
xx,you,your

Strings from the following 4 lists may be used to form the sender address:

sec,serv,secur,adam ,alice ,anna ,betty ,bob ,brenda ,brent brian,carol ,claudia ,craig ,cyber ,dan ,dave ,david ,debby den,Donn,frank,george,gerhard,helen,james,jane,jayson,jerry
jim,joe,john,karen,linda,lisa,mancy,maria,ruth,sandra,sharon
Susan,adams,allen,anderson,baker,carter,clark,garcia,gonzalez,
green,,hall,harris,hernandez,hill,jackson,jeremy,joe,kenneth
king,lee,lewis,lopez,martin,martinez,miller,molly,moore,nelson
robinson,,robyn,rodriguez,scott,shaan,taylor,thomas,thompson
walker,white,wilson,wright ,young,areainc.com,,logoluso.com
heatwave.com,megaman.com,scholzes.com,guierfence.com,tjh.com
phazen.net,fcradio.net,niet.com,gametemple.com,midmich.net
vieng.com,elamex.com,sycamorepd.com,selectplans.com
motorsportwarehouse.com,telcan.com,iinet.net.au,firstclassmoving.com

Subject of the message is one of the following:

Mail server report,Server Report,Mail Delivery System,test
picture,hello,Status,Error,Good day,Mail Transaction Failed

Body of the message is one of the following:

Mail transaction failed. Partial message is available.

The message contains Unicode characters and has been sentas a binary attachment.

The message cannot be represented in 7-bit ASCII encodingand has been sent as a binary attachment

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

The attachment is either an executable of the worm, or a ZIP archive containing it. Its filename is one of the following:

body,data,doc,docs,document,file,message,readme,test,text,Update-KB-abcd-x86

The "abcd" stands for a variable four digit number. If an archive is attached, the name has the following extension:

.zip

If an executable is attached, a double extension may be used. The first is one of the following:

dat,doc,elm,log,msg,txt

The second is one of the following:

bat,cmd,exe,pif,scr

Other information

The worm quits immediately if any of the following applications is detected:

Outpost Firewall,McAfee Personal Firewall,Kerio Winroute Firewall,ZoneAlarm,Sygate Personal Firewall,Norton Internet Security

The following programs are terminated:

nod32krn,avginet,avgupsvc,upgrader,drwebupw,spiderml,autodown
kav,mcupdate,tbmon,wuauclt,wuauclt1,wupdmgr

The worm contains a list of URLs. It tries to download several files from the addresses. The files are then executed.

Your PCs forecast climate future

2007-01-19T18:58:00.000+05:30

A computer model of climate run on home PCs in conjunction with the BBC has yielded its first results.

About 250,000 people downloaded software from climateprediction.net onto their home computers, each running a single simulation of the future.

The results suggest the UK could be about 3C warmer than now in 75 years' time, agreeing with other models.

Full details will be revealed at the weekend in a BBC TV programme presented by Sir David Attenborough.

Big spread

Members of the scientific team say they have been staggered by the level of interest shown in the project.

"When it started, we said to ourselves that we would be happy if 10,000 people took part," said Nick Faull, climateprediction.net project co-ordinator.

"So to see more than 10 times as many signing up was fantastic," he told the BBC News website

Users were spread across 171 countries. About two-thirds were in the UK; a number of countries including Surinam, Swaziland and Togo were represented by single users.

Each downloaded a software pack from climateprediction.net which ran when their computer was otherwise idle, with results being fed back to the central server. Each simulation required about three months of computing time on an average PC.

The model itself was developed by the Hadley Centre, part of the UK Meteorological Office, and usually runs on giant supercomputers.

"The main difference is that when you run it in in-house, you can get a wider range of information out because you have much greater resources to store and transfer data," commented Vicky Pope, head of the climate prediction programme at the Met Office.

"It's mainly been done as an educational tool, although the output is useful."

Distributed computing has been used before, notably by the Search for Extra-Terrestrial Intelligence (Seti), where several million people have downloaded software enabling them to analyse data from observations of distant stars for signs of alien life.

Climateprediction.net uses the power of thousands of ordinary PCs

Within bounds

The responses from this project have now been analysed by the team, which is funded by the Natural Environment Research Council and closely linked to Oxford University.

For 2020, the prediction is that temperatures in Britain will be about 1.2C warmer than in the 1970s, chosen as the baseline for this project.

Temperatures are already almost 1C warmer than in the 1970s, so the rise over the next decade or so will be small if the model is right.

In 2050, they will be about 2.5C higher than the 1970s; while by 2080, the figure could be 4C.

The predictions are not exact; and the further from the present day you look, the greater variability there is, so that by 2080 the rise could be as low as 2C or as high as 6C.

Along with higher temperatures the model predicts greater variability in rainfall, with increased risks of floods and of long dry periods.

"These figures basically support the scientific consensus at the moment," observed Dr Faull

"What makes it especially interesting is that we have included changes to the Sun's output, based on what it has done over the last century; and we find it doesn't make much difference.

"The idea that such changes could influence climate over and above the human influence we don't find very likely."

The model also produced predictions for the climate globally, but these are under wraps at the moment as the team awaits formal publication in a scientific journal.

The state of the global consensus will become clearer in early February when the Intergovernmental Panel on Climate Change (IPCC), the body charged with collating scientific data, publishes the first segment of its fourth assessment report.

courtesy: BBC News

Storm Worm hits computers around the world

2007-01-19T18:55:00.000+05:30

HELSINKI (Reuters) - Computer virus writers started to use raging European storms on Friday to attack thousands of computers in an unusual real-time assault, head of research at Finnish data security firm F-Secure (FSC1V.HE: Quote, Profile , Research) told Reuters.

The virus, which the company named "Storm Worm" is sent to hundreds of thousands of email addresses globally, with the e-mail's subject line saying "230 dead as storm batters Europe."

The attached file contains the so-called malware that can infiltrate computer systems.

"What makes this exceptional is the timely nature of the attack," Mikko Hypponen, head of research at F-Secure said.

Hypponen said thousands of computers around the world, most in private use, had been affected.

He said most users would not notice the malware, or trojan, which creates a back door to the computer that can be exploited later to steal data or to use the computer to post spam.

Courtesy: Reuters

Digital home seen boosting PCs; price an obstacle

2007-01-13T15:50:00.000+05:30

LAS VEGAS (Reuters) - High-definition TVs, supercharged gaming computers and sophisticated audio equipment on display at this week's Consumer Electronics Show in Las Vegas are likely to drive new computer hardware demand, but high prices may deter some consumers.

From high-end PCs to gaming microchips and data storage equipment, scores of product categories stand to gain from the arrival of the long-awaited, long-hyped, digital home.

This year at CES, the biggest U.S. show of its type, PC makers Hewlett-Packard Co. (HPQ.N: Quote, Profile , Research) and Dell Inc. (DELL.O: Quote, Profile , Research) displayed digital homes at the show using their computers, monitors, printers and TVs.

The companies have turned to calling the PC a "home server," the hub of a network of wirelessly connected devices sending Internet video, high-definition movies, TV programs, music, photos and documents from one room to another.

Even computer disk drive makers such as Seagate Technology (STX.N: Quote, Profile , Research) and Japan's Hitachi Ltd. (6501.T: Quote, NEWS , Research) see opportunity in consumer electronics as high-definition video, photos and music require ever-greater amounts of data storage. Hitachi last week unveiled a record-breaking disk drive capable of holding 1 terabyte, or 1,000 gigabytes, of data.

COST IS THE RUB

University Professor Advocates Video Games in Class

2007-01-13T15:47:00.000+05:30

Current style of education is too old says a university professor

According to David Williamson Shaffer, an education science professor at the University of Wisconsin-Madison, school kids should be allowed to play video games in school. Shaffer says that video games will provide a higher order of learning for today's generation of kids who are tech savvy.

Shaffer told reporters that the current way our education system works -- at least in North America -- is centuries old and was designed for the industrial revolution rather than the information age. Shaffer feels that today's education system is simply lacking in terms of innovation. This is what Shaffer says will prevent kids from competing with those who have been in the work force for years.

While many people will disagree with Shaffer, he did indicate that innovation in education will drive innovation in the industry. "People think that the way we teach kids in schools is the natural way we should learn. But young people in the United States today are being prepared for standardized jobs in a world that will, very soon, punish those who can't innovate. We simply can't 'skill and drill' our way to innovation," expressed Shaffer.

One of Shaffer's primary concerns is that he feels U.S. students are falling behind compared to students in rising countries such as China and India. According to Shaffer, kids should be allowed to browse the web, instant message each other and even use their iPods during class lesson -- although he did fail to mention any negative impacts this might have on kids paying attention to what's being taught. In one positive way, if a child was feeling that his teacher was moving too slow with a particular subject, he or she could simply “Google” it as the teacher continues to speak.

Shaffer is currently working on developing educational games that will help students learn about subjects such as history, chemistry, physics and other topics. Shaffer will start to promote his computer game-focused education system to various schools starting in March of this year.

Connecting the digital home

2007-01-13T15:46:00.000+05:30

It has long been promised that the PC will become the entertainment hub of the home. However, the problem with this vision is that our computers tend to sit in the bedroom and means getting those movies, music and pictures the last few metres to the living room is a real pain.

Many devices deliver content from your PC to your TV

This year's CES - the world's largest consumer gadget show - boasts a wealth of new kit which aims to make it easier to access digital media around the home - and in particular on TV screens.

Ideas on what should be at the centre of it all vary, from PC-based media centres, digital video recorders or even video game consoles.

Microsoft is promoting its Xbox 360 as the place to store and access movies and songs.

"Xbox 360 is at its heart, the world's best games console and we're continuing to sell it very well. But we also know that people have it connected to their TV, and that means they want to see movies," said Robert Bach of Microsoft.

"So we've added a Download Movie service, we've added an HD DVD movie player to it. You want to play music, so you can take your MP3 player or Zune player, and plug it in and see your music.

"Here we're announcing that you can take IPTV digital TV services and run them on top of an Xbox 360."

It should be pointed out that the downloads are only available to those that have a hard drive for their Xbox 360.

Sony's PS3 console does something similar.

Apple TV streams music and movies from a computer to a TV

Microsoft's ambitions also include its Media Centre software which has not made the impact some had hoped for. It will now get a boost by being integrated into all but the most basic versions of Microsoft's new PC operating system - Vista.

The consumer versions of Vista is scheduled for launch on 30 January.

Apple is getting in on the act too. At the MacWorld show Apple boss Steve Jobs gave more details of Apple TV - the set-top box which uses iTunes to stream media to a television.

Various launches at CES suggest that moving files around the house should be easy. We have more choices now than ever before - hardwire Ethernet cables, Bluetooth or wi-fi.

Netgear's new Digital Entertainer set-top box is one of several here that let you stream HD pictures from your PC over wi-fi to the TV.

But obstructions and interference may hamper a steady picture.

Compatibility

Presuming we can move our digital media files around without too much problem, you then have to consider the alphabet soup which is compression formatting - or codecs - which allow all your devices to understand each other, otherwise you will not see a thing.

"Many of the files that people would like to buy and download, including movies and TV shows, are actually protected with what's called DRM, that is Digital Rights Management software," said Josh Bernoff an analyst from Forrester Research.

"A lot of this software is incompatible with some of these devices.

"So for example, if you buy a movie or TV show from iTunes it'll work fine on your iPod but it's unlikely to work on, say, your Xbox 360 that happens to be connected to the same setup."

Slowly this is changing. For instance, last month if you had bought a rights-protected Windows music file it would not have played on Sonos' high-end multi-room streaming system.

After a year of negotiations Sonos' hardware can now support those files. Now the boss of Sonos wants Apple to also open up, claiming it is customers who lose out.

"I think it's unbelievably frustrating because you purchase the music expecting to be able to play it where you would like to play it and then you find out later that this is not quite the case," said John MacFarlane of Sonos.

"That's not, generally, well explained at the point of purchase."

The steady march of technology is also helping break down these barriers. For instance, a new PC to TV chip by start-up Quartics might help audio and video streaming compatibility.

It allows any files your laptop can read to be streamed over wi-fi to your TV or digital projector.

It is hoped the chip - which can be updated with any new video formats as they emerge - will be integrated into some TVs by the end of the year.

Many companies are supporting a set of standardised formats through industry groups like the Digital Living Network Alliance (DLNA).

And the new faster 802.11n standard for wi-fi should soon be ratified, which will help boost consumers' confidence in streaming video.

But for now it might be best to take all the hype with a pinch of salt.

$100 laptop could sell to public

2007-01-13T15:40:00.000+05:30

The backers of the One Laptop Per Child project are looking at the possibility of selling the machine to the public.

One idea would be for customers to have to buy two laptops at once - with the second going to the developing world.

Five million of the laptops will be delivered to developing nations this summer, in one of the most ambitious educational exercises ever undertaken.

Michalis Bletsas, chief connectivity officer for the project, said eBay could be a partner to sell the laptop.

"If we started selling the laptop now, we would do very good business," Mr Bletsas, speaking at the Consumer Electronics Show, told BBC News.

"But our focus right now is on the launch in the developing world."

Nicholas Negroponte, chairman and founder of the OLPC group, emphasised that the launch to the poorest parts of the world was the organisation's main task.

Of plans to sell the machine, he said: "Many commercial schemes have been considered and proposed that may surface in 2008 or beyond, one of which is 'buy 2 and get 1'."

Durable

The laptop has been developed to be as low cost, durable and as simple to use as possible.

The eventual aim is to sell the machine to developing countries for $100 but the current cost of the machine is about $150.

The first countries to sign up to buying the machine, which is officially dubbed XO, include Brazil, Argentina, Uruguay, Nigeria, Libya, Pakistan and Thailand.

The XO's software has been designed to work specifically in an educational context. It has built-in wireless networking and video conferencing so that groups of children can work together.

[The industry] should look to connect th next five and a half billion.

Michalis Bletsas, chief connectivity officer, One Laptop Per Child

The project is also working to ensure that children using the laptop around the world can be in contact.

"I'd like to make sure that kids all around the world start to communicate. It will be a very interesting experiment to see what will happen when we deploy a million laptops in Brazil and a million laptops in Namibia."

'Glue'

The OLPC project is working with Google who will act as "the glue to bind all these kids together".

The machine is close to a final design

Google will also help the children publish their work on the internet so that the world can observe the "fruits of their labour", said Mr Bletsas.

He said that the hope was to put the machine on sale to the general public "sometime next year".

"How to do that efficiently without adding to the cost is difficult," he said.

"We're discussing it with our partner eBay. We need to minimise supply chain cost , which is pretty high in the western world."

Philanthropic organisation

Mr Bletsas said that a philanthropic organisation would be formed to organise the orders and delivery of the laptops.

"It's much more difficult to do this than making the laptop," he said.

The aim is to connect the buyer of the laptop with the child in the developing world who receives the machine.

"They will get the e-mail address of the kid in the developing world that they have, in effect, sponsored."

Mr Bletsas was speaking amidst the festival of consumerism taking place on the show floor of CES.

He said he hoped that the laptop project would help children enrich their lives to the extent that one day they could become consumers of the types of technologies on display in Las Vegas.

'Castigated'

But he castigated the industry for being unambitious in its plan to "connect the next billion people".

"They should look to connect the next five and a half billion.

"The way to do it is not to try and deploy tried and trusted technology but to try and develop technology specifically targeted to the developing world."

He said that OLPC was ensuring that laptops were being deployed to areas where there was internet access.

"We are trying to help the governments - that ranges from donating resources, to making sure that we work with them and that they don't consider the laptop as something that can work in a disconnected environment.

"It's vitally important that children are connected. My ambition is that we will get them connect to a vast amount of information that is unavailable to them.

"It will stimulate their interest in looking further - not waiting for some teacher or an adult."

'You' named Time's person of 2006

2006-12-18T23:26:00.000+05:30

"You" have been named as Time magazine's Person of the Year for the growth and influence of user-generated content on the internet.

The US magazine praised the public for "seizing the reins of the global media" and filling the web's virtual world.

Time has been giving its controversial awards since 1927, aiming to identify those who most affect the news.

Iranian President Mahmoud Ahmadinejad, Chinese leader Hu Jintao and North Korea's Kim Jong-il were 2006 runners.

Microsoft founder Bill Gates, his wife Melinda and rock star Bono won the accolade last year and recent winners also include President George W Bush in 2004, and "The American Soldier" in 2003.

'Wresting power'

The magazine said naming a collectivity rather than an individual reflected the way the internet was shifting the balance of power within the media through blogs, videos and social networks.

Time cited websites such as YouTube, Facebook, MySpace and Wikipedia, which allow users to interact with the web by uploading and publishing their own comments, videos, pictures and links.

"It's about the many wresting power from the few and helping one another for nothing and how that will not only change the world, but also change the way the world changes," Time magazine's Lev Grossman writes.

Time praised the tool that made such broad collaboration possible - the web.

"It's a tool for bringing together the small contributions of millions of people and making them matter," Mr Grossman said.

Time aims to pick "the person or persons who most affected the news and our lives, for good or for ill".

Previous winners have often sparked controversy - including Adolf Hitler in 1938 and, in 1979, Iran's Ayatollah Khomeini.

-------
Courtesy:
BBC Technology

Browser Smackdown: Firefox vs. IE vs. Opera vs. Safari

2006-12-18T23:24:00.000+05:30

Four experts go head-to-head (to-head-to-head) to defend their Web browser of choice in an opinionated free-for-all.

December 06, 2006 (Computerworld) -- People may be passionate about their favorite sports team, but if you really want to get them fired up, ask what Web browser they use.

There's the "if it ain't broke, don't fix it" crowd who tend to stick with the browser that's included with their operating system -- Microsoft's Internet Explorer on Windows and Apple's Safari on the Mac. There are the "I've just gotta be me" folks who prefer lesser-known browsers, such as Opera from Opera Software. And there are the "live free or die" open-source true believers who champion Mozilla's Firefox above its commercial counterparts.

Then there are those people who simply demand the best browsing experience there is. They'll defend their favorite browser to the death because they think it kicks all the other browsers' butts in terms of elegance, features, security and so on. But if a better option comes along, they'll happily switch and speak out just as loudly for their new browser of choice. At Computerworld, we fall into this camp, always looking for the Next Great Browser.

Browser Smackdown

Firefox 2
Simply put, Firefox is the best browser of all, says Scot Finnie.

Internet Explorer 7
IE enjoys 80% market share for good reason, says Preston Gralla.

Opera 9
It's all about features, claims Dennis Fowler, and Opera's got the most.

Safari 2
On the Mac, Safari is untouchable, according to Ken Mingis.

Side-by-Side Comparison
Get a peek at how each browser handles key features and functions.

Reader Poll
Vote for your favorite browser.

In terms of market share, the winner is obvious. Most estimates show Internet Explorer commanding between 80% and 85% of the browser market, with Firefox trailing at somewhere between 8% and 13%. Safari is the third most popular browser, with approximately 2% to 4% market share, followed by Opera and AOL's Netscape, with around 1% each.

But in terms of quality, there's no clear winner right now. For years, Internet Explorer lagged far behind the competition in both features and security, but the October launch of IE7, a fairly radical overhaul of the aged browser, has brought it up to par with the rest. Almost simultaneously, Mozilla released Firefox 2.0, a less ambitious update that nevertheless made some important and well-thought-out improvements.

Meanwhile, Safari (currently in Version 2.04) and Opera (in Version 9.02, with 9.1 on the way) have been quietly improving and innovating away from the spotlight. Thus, for the first time in years, the top browsers are roughly equal. (Note: We chose to leave Netscape out of our browser roundup. In our testing, we found it too buggy and unstable for serious consideration.)

So which browser should you use? Which is really best? To help you decide, we asked four power users to do battle in support of their chosen browser: Scot Finnie for Firefox, Preston Gralla for Internet Explorer, Dennis Fowler for Opera and Ken Mingis for Safari.

Each expert is positive that his browser is the best and will try his hardest to convince you of that. These are not rational, disengaged reviews; these are opinionated essays meant to sway your point of view.

When you've read all the arguments and looked at our side-by-side comparison of features, you make the call by voting in our best browser poll. You can also drop us a line and let us know what you think.

Many readers have objected to Preston Gralla's assertion that Internet Explorer's commanding market share shows that users are happiest with that browser. For their comments, see Readers say IE's market-share numbers depend on how, and what, you count. Other readers have taken this opportunity to let us know which browsers they particularly love or hate, and why. You'll find those engaging responses in Readers smack back on Web browsers.

--
Courtesy:
ComputerWorld.com

The 2006 Geminid Meteor Shower

2006-12-18T23:17:00.000+05:30

Dec. 12 , 2006: The best meteor shower of the year peaks this week on Dec. 13th and 14th.

"It's the Geminid meteor shower," says Bill Cooke of NASA's Meteoroid Environment Office in Huntsville, Alabama. "Start watching on Wednesday evening, Dec. 13th, around 9 p.m. local time," he advises. "The display will start small but grow in intensity as the night wears on. By Thursday morning, Dec. 14th, people in dark, rural areas could see one or two meteors every minute."

Right: Geminid meteors photographed in Dec. 2004 by Jason A.C. Brock of Roundtimber, Texas. [More]

The source of the Geminids is a mysterious object named 3200 Phaethon. "No one can decide what it is," says Cooke.

The mystery, properly told, begins in the 19th century: Before the mid-1800s there were no Geminids, or at least not enough to attract attention. The first Geminids appeared suddenly in 1862, surprising onlookers who saw dozens of meteors shoot out of the constellation Gemini. (That's how the shower gets its name, the Geminids.)

Astronomers immediately began looking for a comet. Meteor showers result from debris that boils off a comet when it passes close to the Sun. When Earth passes through the debris, we see a meteor shower.

For more than a hundred years astronomers searched in vain for the parent comet. Finally, in 1983, NASA's Infra-Red Astronomy Satellite (IRAS) spotted something. It was several kilometers wide and moved in about the same orbit as the Geminid meteoroids. Scientists named it 3200 Phaethon.

Just one problem: Meteor showers are supposed to come from comets, but 3200 Phaethon seems to be an asteroid. It is rocky (not icy, like a comet) and has no obvious tail. Officially, 3200 Phaethon is catalogued as a "PHA"—a potentially hazardous asteroid whose path misses Earth's orbit by only 2 million miles.

If 3200 Phaethon is truly an asteroid, with no tail, how did it produce the Geminids? "Maybe it bumped up against another asteroid," offers Cooke. "A collision could have created a cloud of dust and rock that follows Phaethon around in its orbit."

This jibes with studies of Geminid fireballs. Some astronomers have studied the brightest Geminid meteors and concluded that the underlying debris must be rocky. Density estimates range from 1 to 3 g/cm³. That's much denser than flakes of comet dust (0.3 g/cm³), but close to the density of rock (3 g/cm³).

So, are the Geminids an "asteroid shower"?

Cooke isn't convinced. 3200 Phaethon might be a comet after all--"an extinct comet," he says. The object's orbit carries it even closer to the Sun than Mercury. Extreme solar heat could've boiled away all of Phaethon's ice long ago, leaving behind this rocky skeleton "that merely looks like an asteroid."

In short, no one knows. It's a mystery to savor under the stars—the shooting stars—this Thursday morning.

courtesy:

A new e-mail worm : Win32/Stration.AA

2006-11-15T16:11:00.000+05:30

Aliases:	Email-Worm.Win32.Warezov.o (Kaspersky)
Type of infiltration:	worm
Size:	136 kB
Affected platforms:	Microsoft Windows
Signature database version:	1.1735
Short description:	Win32/Stration.AA is a worm that spreads via e-mail.

Installation

When executed, the worm copies itself in the %windir% folder using the following filename:

rsmbx.exe

The following files are dropped in the same folder:

rsmbx.dll
rsmbx.gfx
rsmbx.wax

The following files are dropped in the %system% folder:

cmut449c14b7.dll
hpzl449c14b7.exe
msji449c14b7.dll

In order to be executed on every system start, the worm sets the following Registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rsmbx" = "%windir%\rsmbx.exe s"

The following Registry entry is set:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "msji449c14b7.dll"

A Notepad window with random text is displayed.

Spreading via e-mail

E-mail addresses for further spreading are searched for in local files with one of the following extensions:

.adb,.asp,.cfg,.cgi,.dbx,.dhtm,.eml,.htm,.html,.jsp,.mbx,.mdx,.mht,.mmf,.msg,
.nch,.ods,.oft,.php,.sht,.shtm,.stm,.tbb,.txt,.uin,.wab,.wsh,.xls,.xml

Addresses containing the following strings are avoided:

.edu,.gov,.mil,@avp,@foo,admin,anyone@,berkeley,bsd,bugs@,cafee,certific,contact,
contract@,example,fido,gnu,gold-certs,google,help,help@,ibm.com,icrosoft,info@,
kasp,kernel,linux,local,master,mozilla,mydomai,news,nobody,noone,noreply,panda,
pgp,pch,privacy,rating,rfc-ed,ripe.,root@,samples,secure,sendmail,service,smbdy,
smn,spam,support,unix,update,update,,usnt,winrar,winzip,www,xx,yu,yur

Strings from the following three lists may be used to form the sender address:

adam,alice,anna,betty,bob,brenda,brent,brian,carol,claudia,craig,cyber,dan,dave,
david,debby,den,Donn,frank,george,gerhard,helen,helen,james,jane,jayson,jerry,
jim,joe,john,karen,linda,lisa,mancy,maria,ruth,sandra,sharon,Susan,adams,allen,
anderson,baker,carter,clark,garcia,gonzalez,green,hall,harris,hernandez,hill,
jackson,jeremy,joe,kenneth,king,lee,lewis,lopez,martin,martinez,miller,molly,
moore,nelson,robinson,robyn,rodriguez,scott,shaan,taylor,thomas,thompson,walker,
white,wilson,wright,young

gmail.com,inbox.com,fasmail.fm,yahoo.com,mail.aim.com,mail.lycos.com,care2.com,
goowy.com,hotmail.com,email.myway.com

Random strings may be used instead.

Subject of the message is one of the following:

hello,picture,Server Report,Status,test,Good day,Error,Mail, Delivery System,Mail Transaction Failed

Body of the message is one of the following:

The attachment is an executable of the worm. Its filename is one of the following:

body,data,doc,docs,document,file,message,readme,test,text

A double extension is used. The first one is one of the following:

dat,doc,elm,log,msg,txt

The second one is one of the following:

bat,cmd,exe,pif,scr

A trojan virus : Win32/Spy.Bzub.NAC

2006-10-23T17:18:00.000+05:30

Aliases:	Trojan-Spy.Win32.BZub.bs (Kaspersky), Spy-Agent.ak (McAfee), Infostealer.Bzup (Symantec)
Type of infiltration:	trojan
Size:	80600 B
Affected platforms:	Microsoft Windows
Signature database version:	1.1707
Short description:	Win32/Spy.BZub.NAC is a trojan that steals passwords and other sensitive information.

Installation
The following file is dropped in the %system% folder:

agent_dq.dll

It is a Browser Helper Object for Internet Explorer. Size of the file is 60928 B.

The following Registry entries are set:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73364D99-1240-4dff-B11A-67E448373048}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048}\

InprocServer32]
(Default) = "%system%\ipv6mons.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048}\

InprocServer32]
"ThreadingModel" = "apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B11A-67E448373048}\

InprocServer32]
"Enable Browser Extensions" = "yes"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\

Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = "C:\Program Files\Internet Explorer\

IEXPLORE.EXE:*:Enabled:Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\loadnet_insll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\worg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\cmpid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\forwas]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\h]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\nw]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\wspopp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

browser helper obJects\{73364D99-1240-4dff-B11A-67E448373048}]

Information stealing

The trojan collects various information when Internet Explorer is being used to access the following sites:

app/ueberweisung.input.do,app/ueberweisung.prep.do
banking.postbank.de,e-gold.com/acct/acct.asp,
banking.postbank.de/app/finanzstatus.reduziert.init.do
banking.postbank.de/app/kontoumsatz.umsatz.init.do
banking.postbank.de/app/legitimation.input.do
banking.postbank.de/app/ueberweisung.quittung.do
https://*.netbank.commbank.com.au/netbank/bankmain
https://banking.postbank.de/app/finanzstatus.init.do
https://banking.postbank.de/app/kontoumsatz.umsatz.init.do
https://banking.postbank.de/app/welcome.do
https://signin.ebay*/ws/eBayISAPI.dll,postbank.de

Some information is found in local files too. The following information is collected:

passwords, URLs visited, HTML forms content, computer name, computer IP, address,Outlook Express accounts data, digital certificates

The data is saved in the %system% folder in the following files:

form.txt,info.txt,shot.html

The trojan can upload the information to a remote machine. The FTP protocol is used.

Other information

The trojan may attempt to delete all files on the C: drive and various program files.

Joke.Poltergeist

2006-10-18T15:27:00.000+05:30

Updated: October 17, 2006 03:50:28 PM GDT
Type: Joke Program
Risk Impact: Low
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XPWhen the program runs, it performs the following actions:
Creates the following folder:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\[RANDOM STRING]\extensions\{c3a73ed1-d3e3-436d-8867-1b599c8c30f9}
Creates the following files:
C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\[RANDOM STRING]\extensions.ini
C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\[RANDOM STRING]\extensions.rdf
May change some additional configuration files in the following folders:
C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\[RANDOM STRING]
%UserProfile%\Local Settings\Application Data\Mozilla\Firefox\Profiles\[RANDOM STRING]Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
Adds an entry to the following log file:%ProgramFiles%\Mozilla Firefox\install.logNote: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Opens the following local TCP ports and waits for incoming connections:
666
13013
Allows a remote user to connect to the computer and execute any of the following commands:
Display an alert message
Redirect Firefox to a new location
Play a sound file
Shake the open windows
Replace words in the viewed Web sites

New threat !!! W32.Wikedir@mm

2006-10-18T15:17:00.000+05:30

Discovered: October 17, 2006
Updated: October 17, 2006 03:44:30 PM PDT
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XPW32.Wikedir@mm is a worm that spreads through email and file sharing networks. The worm installs a copy of Backdoor.Evilbot on to the compromised computer.
Protection
Virus Definitions (LiveUpdate™ Daily) October 18, 2006
Virus Definitions (LiveUpdate™ Weekly) October 18, 2006
Virus Definitions (Intelligent Updater) October 18, 2006
Virus Definitions (LiveUpdate™ Plus) October 18, 2006
Threat Assesment
Wild
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
Damage
Damage Level: Low
Payload: Spreads through email and file sharing networks.
Distribution
Distribution Level: Low

I am great!!!

2006-10-16T16:23:00.000+05:30

Win32/VB.NEI

2006-10-12T13:01:00.000+05:30

Aliases:	Win32.Worm.VB.TB (Bitdefender), W32/MyWife.d@MM (McAfee),Kama Sutra, Email-Worm.Win32.Nyxem.e (Kaspersky), W32.Blackmal.E@mm (Symantec)
Type:	Mass-mailing E-mail worm
Systems affected:	Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows Server 2003, Windows XP

Upon execution the worm copies itself into the %System% folder as “scanregw.exe”, “update.exe”, “winzip.exe” and places another copy of itself “rundll16.exe” in the %Windows% folder.

The worm also creates a zero-byte zipfile using the name of the original executable file, opens this in the explorer, and creates a mutex “HGFSMUTEX” in the second file instance (rundll16.exe).

Note: %System% denotes Windows System directory (e.g. C:\WINDOWS\SYSTEM32) as they differ on various versions of Microsoft Windows.

The worm is able to determine MSN Messenger / Yahoo Pager Accounts. It will send emails, for example, with picture previews to contacts using the correct Messenger display name and current Messenger email address.

E-mail harvesting

The worm collects e-mail addresses from files in the internet cache folders which use one of the following extensions:

*.HTM, *.DBX, *.EML, *.MSG, *.OFT, *.NWS, *.VCF, *.MBX, *.IMH, *.TXT, *.MSF

The worm avoids e-mail addresses which contain parts of the following list:

SYMANTEC, MCAFEE, VIRUS, TREND, PANDA, SECUR,SPAM, NORTON, ANTI, CILLIN, CA.COM, KASPER, TRUST,AVG, GROUPS.MSN, NOMAIL.YAHOO.COM, SCRIBE, EEYE
MICROSOFT, @HOTMAIL, @HOTPOP, @YAHOOGROUPS

E-mail subjects

Email subject lines are randomly selected from the following list:

My photos, The Best Videoclip Ever, School girl fantasies gone bad, A Great Video, Fuckin Kama Sutra pics, Arab sex DSC-00465.jpg, give me a kiss, *Hot Movie*, Fw: Funny :), Fwd: Photo, Fwd: image.jpg, Fw: Sexy, Fw:, Fw: Picturs, Fw: DSC-00465.jpg, Word file, eBook.pdf, the file Part 1 of 6 Video clipe, You Must View This Videoclip!, Miss Lebanon 2006, Re:,Re: Sex Video

Message Body

The e-mail might contain one of the following message texts:

Hot XXX Yahoo Groups, F!ckin Kama Sutra pics, ready to be F!CKED ;), VIDEOS! FREE! (US$ 0,00), Please see the file., i just any one see my photos., It's Free :), how are you?, i send the details., OK ?, Note: forwarded message attached., forwarded message attached., >> forwarded message, ----- forwarded message -----, E-mail Attachments

The worm attaches one of the following file names with a copy of itself:

007.pif, 04.pif, photo.pif, School.pif, DSC-00465.Pif, DSC-00465.pIf, image04.pif, 677.pif, New_Document_file.pif, eBook.PIF, document.pif

or with one of these encoded attachments:

Video_part.mim, Attachments00.HQX, Attachments001.BHX, Attachments[001].B64
3.92315089702606E02.UUE, SeX.mim, Sex.mim, Original Message.B64, WinZip.BHX, eBook.Uu, Word_Document.hqx, ,Word_Document.uu

After decoding the encoded archive contains one of the following executables:

New Video,zip {spaces} .sCr, Attachments,zip {spaces} .SCR, Atta[001],zip {spaces} .SCR,
Clipe,zip {spaces} .sCr, WinZip,zip {spaces} .scR, Adults_9,zip {spaces} .sCR, Photos,zip {spaces} .sCR, Attachments[001],B64 {spaces} .sCr, 392315089702606E-02,UUE {spaces} .scR
SeX,zip {spaces} .scR, WinZip.zip {spaces} .sCR, ATT01.zip {spaces} .sCR, Word.zip {spaces} .sCR

Note: {space} represents a large number of blank spaces.

Payload:
The worm will start a timer on every 3rd of the month to overwrite files with the following file extensions:

*.doc, *.xls, *.mdb, *.mde, *.ppt, *.pps, *.zip, *.rar, *.pdf, *.psd, *.dmp

New threat : Win32/Viking.AU

2006-10-12T12:55:00.000+05:30

Aliases:	Worm.Win32.Viking.ah (Kaspersky), W32.Looked.P (Symantec)
Type of infiltration:	virus
Size:	48 kB
Affected platforms:	Microsoft Windows
Signature database version:	1.1776
Short description:	Win32/Viking.AU is a prepending virus. It is able to spread via shared folders.

Installation

When executed, the virus copies itself in the %windir% folder using the following filename:

rundl132.exe

The following files are dropped in the same folder:

Dll.dll
Logo1_.exe

The following Registry entries are set:

[HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows]
"load" = "%windir%\rundl132.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Soft\DownloadWWW]

"auto" = "1"

Spreading

The virus searches for executables on local drives. Only files with the following names are infected:

ACDSee4.exe,ACDSee5.exe,ACDSee6.exe,AgzNew.exe,Archlord.exe,AutoUpdate.exe,
autoupdate.exe,BNUpdate.exe,Datang.exe,editplus.exe,EXCEL.EXE,flashget.exe,
foxmail.exe,FSOnline.exe,GameClient.exe,install.exe,jxonline_t.exe,
launcher.exe,lineage.exe,LineageII.exe,MHAutoPatch.exe,Mir.exe,msnmsgr.exe,
msnmsgr.exe,Mu.exe,my.exe,NATEON.exe,NSStarter.exe,Patcher.exe,patchupdate.exe
QQ.exe,Ragnarok.exe,realplay.exe,run.exe,setup.exe,Silkroad.exe,Thunder.exe
ThunderShell.exe,TTPlayer.exe,Uedit32.exe,Winrar.exe,WINWORD.EXE,woool.exe,
zfs.exe
If a folder name matches one of the following strings, files inside it are not, infected:

Windows NT,Program Files,WindowsUpdate,Windows Media Player
Outlook Express,Internet Explorer,ComPlus Applications, NetMeeting,Common Files,Messenger,Microsoft Office, InstallShield Installation Information,MSN,Microsoft, Frontpage,Movie Maker,MSN Gaming Zone,system,system32,winnt
windows,Recycled,Documents and Settings,System Volume Information

When searching a folder a hidden file is created in it. Its name is the following:

_desktop.ini

The virus also searches for executables in shared folders of remote machines. Filenames are not checked, any executable can be infected.
The virus file is prepended to host executables. When an infected file is executed, the virus drops the host in a temporary file and executes it.

Other information

The following programs are terminated:

EGHOST.EXE,IPARMOR.EXE,KAVPFW.EXE,MAILMON.EXE,mcshield.exe,RavMon.exe
Ravmond.EXE,regsvc.exe

The virus contains a list of URLs. It tries to download several files from the addresses. The files are then executed.

Virus Alert: Win32/Scano.NBC

2006-09-30T20:04:00.000+05:30

Aliases:	Email-Worm.Win32.Scano.x (Kaspersky), W32/Areses.f (McAfee), W32.Areses.Q (Symantec)
Type of infiltration:	worm
Size:	approximately 20 kB
Affected platforms:	Microsoft Windows
Signature database version:	1.1749
Short description:	Win32/Scano.NBC is a worm that spreads via e-mail and shared folders.

Installation
When executed, the worm copies itself in the %windir% folder using the following filename:

csrss.exe

The following Registry entry is set:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
"Debugger" = "%windir%\csrss.exe"

Spreading via e-mail

E-mail addresses for further spreading are searched for in local files with one of the following extensions:.adb,.asp,.cfg,.cgi,.dbx,.dhtm,.dhtml,.eml,.htm,.html,.jsp,.mbx,.mdx,.mht,.mmf,.mra,
.msg,.nch,.ods,.oft,.php,.pl,.sht,.shtm,.stm,.tbb,.txt,.uin,.wab,.wsh,.xls,.xml

Addresses containing the following strings are avoided:

2003,2004,2005,2006,---,..,.0,.00,.1,.2,.3,.4,.5,.6,.7,.8,.9,.gif,.qmail
@.,@avp.,@example.,@foo,@iana,@messagelab,@microsoft,@subscribe,abuse,
admin,anyone@,bsd,bugs@,cafee,certific,contract@,feste,free-av,f-secur
gold-certs@,google,help@,icrosoft,info@,kasp,linux,listserv,local,
Mailer-Daemon@,news,nobody@,noone@,noreply,ntivi,panda,pgp,postmaster@,
rating@,root@,samples,sopho,spam,spm111@,support,torvalds@,unix,update,
winrar,winzip

The attachment is an executable of the worm. A HTA dropper script is used.

The filename has the following extension:

.hta

Spreading via shared folders

The worm searches for various shared folders. A name matches if it contains one of the following strigns:bear,donkey,download,ftp,htdocs,http,icq,kazaa,lime,log,morpheus,mulepub,shar,source,
upload
These include folders shared by various instant messengers and P2P programs. The executables of the worm are copied there using the following filenames:

1,1001 Sex and more.rtf,3D Studio Max 6 3dsmax,ACDSee 10 full,Adobe Photoshop 10 full,Adobe Premiere 10,Ahead Nero 8
Altkins Diet.doc,American Idol.doc,anthrax.doc,Arnold, Schwarzenegger.jpg,Best Matrix Screensaver new,Britney sex xxx.jpg,Britney Spears and Eminem porn.jpg,Britney Spears blowjob.jpg,Britney Spears cumshot.jpg,Britney Spears fuck.jpg,Britney Spears full album.mp3,Britney Spears porn.jpg,Britney Spears Sexy archive.doc,Britney Spears Song text archive.doc,Britney Spears.jpg,Britney Spears.mp3
Clone DVD 6,Cloning.doc,Cracks & Warez Archiv,Dark Angels new,Dictionary English 2004 - France.doc,DivX 8.0 final
Doom 3 release 2,DrWeb 4.7 Full installer,E-Book, Archive2.rtf,Eminem blowjob.jpg,Eminem full album.mp3, Eminem Poster.jpg,Eminem sex xxx.jpg,Eminem Sexy, archive.doc.Eminem Spears porn.jpg.Eminem.mp3
From me with love,Full album all.mp3,Gimp 1.8 Full with Key
Harry Potter 1-6 book.txt,Harry Potter 5.mpg
Harry Potter all e.book.doc,Harry Potter and the Sorcerer's Stone game,Harry Potter e book.doc,Harry Potter game,Harry Potter.doc,How to hack new.doc,Internet Explorer 9 setup
Kaspersky Internet Security 6.1 KeyALL,Kaspersky`s Pub 6.0 Ultimate,Kazaa Lite 4.0 new,Kazaa new,Keygen 4 all new
Learn Programming 2004.doc,Lightwave 9 Update,Magix Video Deluxe 5 beta,Matrix 3 .mpg,Microsoft Office 2003 Crack best,Microsoft WinXP Crack full,MS Service Pack 6,Norton Antivirus 2005 beta,Nostradamus.doc,Opera 11 free,Osama Bin Laden.jpg,Osama bin Laden.mpg,Partitionsmagic 10 beta,Porno Screensaver britney,RFC, compilation.doc,Ringtones.doc, Ringtones.mp3,Saddam Hussein.jpg,Screensaver2,Serials, edition.txt,Smashing the stack full.rtf,source code,Star Office 9,Taliban,Teen Porn 15.jpg,The Sims 4 beta,Ulead Keygen 2004,Vista review.doc,Visual Studio Net Crack all,
WinAmp 13 full with sources,Windows 2003 crack,Windows Vista Sourcecode.doc,Windows XP crack,WinXP eBook,newest.doc,World Trade Center last video.mpeg
XXX hardcore pics.jpg,Yellow Pages

The filenames have one of the following extensions:

.exe,.pif,.scr

A new Virus threat : Win32/Bacalid

2006-09-28T13:52:00.000+05:30

Type of infiltration:	virus
Size:	approximately 35 kB
Affected platforms:	Microsoft Windows
Signature database version:	1.1767
Short description:	Win32/Bacalid is a polymorphic file infector.

Description :

A DLL file is dropped in the %temp% folder. Its filename may be one of the following:

vcab.dll
vgod.dll

Size of the file is approximately 30 kB. The library is loaded and injected in all processes.

The virus checks for code page used on the system. If it is set to 936 (Simplified Chinese), the virus quits and hands control over to the host executable.

In order to ensure that only one instance of the virus is running, it creates an Event object. Its name is one of the following:

WINGOOD
WINXPGOD

The virus infects executables accesed by Explorer.exe as well as files found on local and network drives.

The virus contains a list of URLs. It tries to download several files from the addresses. The files are then executed.

2006-09-16T17:11:00.000+05:30

Win32/Scano.AQ : A New Virus

2006-09-16T17:00:00.000+05:30

Aliases:
Type of infiltration:	worm
Size:	23011 bytes
Affected platforms:	Microsoft Windows
Signature database version:	1.1741
Short description:	Win32/Scano.AQ is a worm that spreads via e-mail and shared folders.

Installation

When executed, the worm copies itself in the %windir% folder using the following filename:

csrss.exe

In order to be executed on every system start, the worm sets the following Registry entry:

[SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Application" = "%windir%\csrss.exe"

The following Registry entry is set:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
"Debugger" = "%windir%\csrss.exe"

The following entries are deleted form the Registry:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Spreading via e-mail

E-mail addresses for further spreading are searched for in local files with one of the following extensions:

.adb
.asp
.cfg
.cgi
.dbx
.dhtm
.dhtml
.eml
.htm
.html
.jsp
.mbx
.mdx
.mht
.mmf
.mra
.msg
.nch
.ods
.oft
.php
.pl
.sht
.shtm
.stm
.tbb
.txt
.uin
.wab
.wsh
.xls
.xml

Addresses containing the following strings are avoided:

---
-0
..
.0
.00
.1
.2
.3
.4
.5
.6
.7
.8
.9
.gif
.qmail
@.
@avp.
@example.
@foo
@iana
@messagelab
@microsoft
@subscribe
0000
2003
2004
2005
2006
abuse
admin
anyone@
bsd
bugs@
cafee
certific
contract@
f-secur
feste
free-av
gold-certs@
google
help@
icrosoft
info@
kasp
linux
listserv
local
Mailer-Daemon@
news
nobody@
noone@
noreply
ntivi
panda
pgp
postmaster@
rating@
root@
samples
sopho
spam
spm111@
support
torvalds@
unix
update
winrar
winzip

Subject of the message is one of the following:

He, where are you?
Hi! I'm waiting you online today!
Hi! Please write to me urgently!
Hi!!! How's the mood?
Hi, drop me a line!!!
Hi, what's up?
Re: Call me!
Re: How's the mood?
Re: When you're gonna answer me?
Re: Where are you?
Re: Where have you been?
Re: write to me!
When you're gonna answer me?
Will you be online today?

Body of the message is one of the following:

Hi!!!!! You haven't been writing for a long time. I began to worry) Where have you been? You remember, you've asked a progy from me? I've finally found it, so here it is. Check it out if this is what you've been looking for... bye

Hi, what's up? Will you show up online today?

Drop me a line in ICQ, ok? Btw, I'm sending you the docs you've been looking for, find them attached. Check them out, ok?

I'm coming to you tomorrow, ok? When you are going to be home?

You remember, you've asked some docs. Please find them attached. Check and see what's inside. That's it. Bye, till tomorrow...

You disappeared again. If you come online, drop me a line, ok?

Btw, I sent you those docs that you've been looking for. Check them out. Bye!

Hi, give me a call just when you got the message! I'm tired of waiting. Btw, I'm sending that program that you've been looking for. Check it out. Appears to be that one. Bye!

Hi, what's up? If you have time tomorrow, please come over. After midday. By the way, don't forget to check the enclosed documents. Bye. See you tomorrow.

Hi, I got a free day tomorrow, and I'm waiting for you. Please come after midday. By the way, I'm sending you the documents that you've been asking for. Read them out... Bye!

Hi, how are you? What are your plans today? If you have time, please come over, and don't forget to check the program attached. Bye!

Hi, what's you gonna do today? I'll come over tonight! By the way, don't give anyone this funny program I'm sending. Check it out. Bye!

Hi, I found that program you asked for. Find it attached. Bye.

Hi, I saw you around today, but you didn't noticed me ( If you're gonna be at home, give a call, ok? By the way, check this file I'm sending. A very interesting program...

What's up! You haven't been writing for a long time
I got news. I've finally that program you needed
I'm sending it out. Use it. Bye!

Hi, drop me a line today, ok? And see the program I'm sending. Bye!

Hi, drop me a line if you can. Btw, I have a new ICQ. Please don't forget to check the attached documents. Bye.

Hi! How are you? Drop me a line if you can. I found your documents and I'm emailing them to you. Bye.

The attachment is an executable of the worm. Its filename is one of the following:

Archive
backup
confidential
COOL
Document
File
Fotos
images
Important
Message
New
Passwords
private
README
Readme
secret
your_documents

If an e-mail is being composed in Outlook Express, the worm can attach a copy of itself to the message. A HTA dropper script is used.

Spreading via shared folders

The worm searches for various shared folders. A name matches if it contains one of the following strigns:

bear
donkey
download
ftp
htdocs
http
icq
kazaa
lime
morpheus
mule
pub
shar
source
upload

These include folders shared by various instant messengers and P2P programs. Worm executables are copied there using the following filenames:

1
1001 Sex and more.rtf
3D Studio Max 6 3dsmax
ACDSee 10 full
Adobe Photoshop 10 full
Adobe Premiere 10
Ahead Nero 8
Altkins Diet.doc
American Idol.doc
anthrax.doc
Arnold Schwarzenegger.jpg
Best Matrix Screensaver new
Britney sex xxx.jpg
Britney Spears and Eminem porn.jpg
Britney Spears blowjob.jpg
Britney Spears cumshot.jpg
Britney Spears fuck.jpg
Britney Spears full album.mp3
Britney Spears porn.jpg
Britney Spears Sexy archive.doc
Britney Spears Song text archive.doc
Britney Spears.jpg
Britney Spears.mp3
Clone DVD 6
Cloning.doc
Cracks & Warez Archiv
Dark Angels new
Dictionary English 2004 - France.doc
DivX 8.0 final
Doom 3 release 2
E-Book Archive2.rtf
Eminem blowjob.jpg
Eminem full album.mp3
Eminem Poster.jpg
Eminem sex xxx.jpg
Eminem Sexy archive.doc
Eminem Spears porn.jpg
Eminem.mp3
Full album all.mp3
Gimp 1.8 Full with Key
Harry Potter 1-6 book.txt
Harry Potter 5.mpg
Harry Potter all e.book.doc
Harry Potter and the Sorcerer
Harry Potter e book.doc
Harry Potter game
Harry Potter.doc
How to hack new.doc
Internet Explorer 9 setup
Kazaa Lite 4.0 new
Kazaa new
Keygen 4 all new
Learn Programming 2004.doc
Lightwave 9 Update
Magix Video Deluxe 5 beta
Matrix 3 .mpg
Microsoft Office 2003 Crack best
Microsoft WinXP Crack full
MS Service Pack 6
Norton Antivirus 2005 beta
Nostradamus.doc
Opera 11 free
Osama Bin Laden.jpg
Osama bin Laden.mpg
Partitionsmagic 10 beta
Porno Screensaver britney
RFC compilation.doc
Ringtones.doc
Ringtones.mp3
Saddam Hussein.jpg
Screensaver2
Serials edition.txt
Smashing the stack full.rtf
source code
Star Office 9
Taliban
Teen Porn 15.jpg
The Sims 4 beta
Ulead Keygen 2004
Vista review.doc
Visual Studio Net Crack all
WinAmp 13 full with sources
Windows 2003 crack
Windows Vista Sourcecode.doc
Windows XP crack
WinXP eBook newest.doc
World Trade Center last video.mpeg
XXX hardcore pics.jpg
Yellow Pages

NOD32 detected Win32/Scano.AQ using advanced heuristics.

The Die Hard Virus

2006-09-12T16:01:00.000+05:30

This polymorphic, stealth, COM and EXE infector increases the length of infected file by 4000 bytes. When an infected file is executed the virus gets activated and it tunnels vectors of the interrupts INT 10h, INT 13h and INT 21h. It is not destructive but from time to time it exhibits its presence. On certain days, depending on the date, it sends to the equipment of standard error {usually the screen} and to AUX the following string:

SW Error

Depending on generation (must be higher than 15) and on the graphic card mode (mode 13h) the virus writes violet letters SW on the screen. It modifies the beginning of source texts in the assembler and pascal so that after compiling the program it displays on the screen two characters with ASCII codes 209 and 165 and terminates the program. That creates an impression that the source code is erroneous.
On files being manipulated in this way the virus implements the stealth technology. As a result the modification is not seen as long as the virus is active in memory.

The Bill Gates Virus

2006-09-12T15:57:00.000+05:30

This virus comes from Italy. It is a parasitic, polymorphic, resident COM infector. It identifies itself as a ”semi-stealth” virus and that is more or less correct. It infects files larger than 400 and smaller than 62000 bytes. Increase in length is about 2 kB. It avoids programs which have as first 4 characters one of the following strings TBAV, TBSC, TBCL, TBDR, F-PR, F-TE, SVIR, SCAN, CLEA, VSHI, MSAV, VSAF, CPAV, VWAT, IBMA, NAV., FIND, TOOL, AVSC, DISK, DE.E, DEBU or TD.E. The virus may surprise us in October with writing data from BIOS into first two sectors of hard disk in the following form:

the [BillGates] Virus is power-on!! Have you got a BACKUP of your HD??!?
[BillGates] Virus : RamResident .COM Infector Semi-Stealth Virus,
Variable Crypto-Key and, Polymorphic Encryption!!
(c) Microsoft
Written in COSENZA (Italy, April 1995)
Freddie (Mercury) lives...somewhere in time

The last sentence is a paraphrase of the text in the virus Dark Avenger, which goes like this:

Eddie lives...... Somewhere in Time!

Be Positive!!!

2006-09-12T15:53:00.000+05:30

This speech was delivered during the commencement exercises of the
University of Philippines graduating class of 2003 by Mr. Butch Jimenez,
the youngest commencement speaker in the university's history. He once
dreamed of doing so, and it came true !!! Students wished they had a pencil
or paper to jot down notes during the speech; some even wished they have
a tape recorder. Some members of the faculty found his speech practical,
refreshing and funny.

Butch Jimenez, head of PLDT's media and strategic communications department,
delivered this speech at the UP Diliman Class 2003 commencement exercises.
What's better than .....
By Butch Jimenez

As college students, you're just about to set sail into the real world.
As you prepare for the battleground of life, you'll hear many speeches,
read tons of books and get miles of advise telling you to work hard, dream
big, go out and do something for yourself, and have a vision.

Not bad advise, really. In fact, following these nuggets of truth may
just bring you to the top. But as I've lived my life over the years, I
have come to realise that it is great to dream big, have a vision, make
a name, and work hard. But guess what : There's something better than
that -

So my message today simply asks the question,
what's better than ...?

What's better than being negative ?

Let's start off with something really simple.
What's better than a long speech ? No doubt, a short one. So, you guys
are in luck because I intend to keep this short.

Now, let me take you through a very simple math exam. I'll rattle off
a couple of equations, and you tell me what you observe about them. Be
mindful of the instruction. You are to tell me what you observe about
the equations.

Here it goes : 3+4=7, 9+2=11, 8+4=13 and 6+6=12.
Tell me, what do you observe ?

Every time I conduct the test, more than 90 percent of the participants
immediately say, 8+4 is NOT 13, it's 12
That's true an they are correct. But they could have also observed that
the three other equations were right. That 3+4 is 7, that 9+2 is 11, and
that 6+6 is 12

What's my point ? Many people immediately focus on the negative instead
of the positive. Most of us focus on what's wrong with other people more
than what's right about them. Examine those four equations. Three were
right an only one was wrong. But what is the knee-jerk observation ?
The wrong equation.

If 10 people you didn't know were to walk through that door, most of you
would describe those people by what's negative about them. He's fat.
He's balding. Oh, the short one. Oh, the skinny girl. etc.

Get the point ? It's always he negative we focus on and not the positive.
You'll definitely experience this in the Corporate World. You do a hundred
good things and one mistake-guess what? Chances are, your attention will
be called on that one mistake..

So what's better than focusing on the negative ?

Believe me, it focusing on the positive. And if this world could learn
to focus on the positive more than the negative, it would be a much nicer
place to live in.

What's better than working hard ?

We have always been told to work hard. Our parents say that, our teachers
say that, and our principal say that. But there's something better than
merely working hard. It's working SMART.

It's taking time to understand the situation, and coming out with an
effective
and efficient solution to get more done with less time and effort. As
the Japanese say, "There's always a better way."

One of the most memorable case studies I came across with as I studied
Japanese management at Sophia University in Tokyo was the case of the empty
soap box, which happened in one of Japan's biggest cosmetic companies.
The company received a complaint that a customer had bought a box of soap
that was empty. It immediately isolated the problem to the assembly line,
which transported all the packaged boxes of soap to the delivery department.
For some reason, one soap box went through the assembly line empty.
Management
tasked its engineers to solve the problem. Post-haste, the engineers worked
hard to devise an X-ray machine with high-resolution monitors manned by
two to ensure they were not empty. No doubt, they worked hard and they
worked fast. But a rank-and-file employee that was posed the same problem
came out with another solution. He bought a strong industrial electrical
fan and pointed it at the assembly line. He switched the fan on, an as
each soap box passed the fan, it simply blew the empty boxes out of the
line. Clearly, the engineers worked hard, but the rank-and-file employee
worked smart. So what's better than merely working hard? It's working smart.
Having said that, it is still important to work hard. If you could combine
both working hard an working smart, you would possess a major factor toward
success.

What's better than dreaming big ?

I will bet my next month's salary that many have encouraged you to dream
big. Maybe even to reach for the stars and aim high. I sure heard that
about a million times right before I graduated from this university.
So I did. I did dream big. I did aim high. I did reach for the stars.
No doubt, it works. In fact, the saying is true "If you aim for nothing,
that's exactly what you'll hit : nothing."

But there's something better than dreaming big.
Believe me, I got shocked myself. And I learned it from the biggest dreamer
of all time Walt Disney.

When it comes to dreaming big. Walt is the man. No bigger dreams were
fulfilled than his. Every leadership book describes him as the ultimate
dreamer. In fact, the principle of dreaming and achieving is the core
message of the Disney hit son, "When You Wish Upon a Star". "When
you wish upon a star, makes no difference who you are; anything your heart
desires will come to you. If your heart is in your dream, no request is
too extreme. When you wish upon a star, as dreamers do, " as Jiminy
Cricket sang. But is that what he preached in Disney company? Dream?
Imagineering...Well,
not exactly. Kinda , but not quite. The problem with dreaming is if that's
all you do, you'll really get nowhere. Infact, you may just fall asleep
and never wake up. The secret to Disney's success is not just dreaming,
it's IMAGINEERING.

You won't find this word in a dictionary. It's purely a Disney word.
Those who engage in imagineering are called imaginers. The word combines
the words "imagination" and "engineering". In the book
" Imagineers," Disney's CEO, Michael Eisner, claims that "imaginers
turn impossible dreams into real magic." Walt Disney explained there
is really no secret to this approach. They just keep moving
forward-opening
new doors and doing new things, because they are curious. And it is this
curiosity that leads them down new paths. They always dream, explore
and experiment. In short, imagineering is the blending of creative
imagination
and technical know-how.

Eiser expouns on this thought by saying that "Not only re imaginers
curious, they are courageous, outrageous, and this creativity is
contagious."
The big difference with imaginers is that they dream an then they DO !
So don't just be a dreamer, be an imagineer.
What's better than vision ?

You must have all been given a lecture at one time or another about the
importance of having a vision. Even leadership expert John Maxwell says
that an indispensable quality of a leader is to have a vision. It is also
very clear that
Without vision, people perish." So no doubt about it, having a vision
is important to success. But surprise ! There's something more potent than
a vision. It's a CAUSE. If all you're doing is trying to reach your
vision an you're pitted against someone fighting for a cause, chances
are you'll lose. The Vietnam War is a classic example. Literally with
sticks and stones, the Viet Cong beat the heavily armed US Army to
surrender,
primarily because the US has a vision to win the war, but the Vietnamese
were fighting for a cause.

In the realm of business, many leaders have visions of making their company
No. 1, or grabbing market share, or forever increasing profits.

Nothing really wrong with that vison, but take the example of Sony founder
Akio Morita. He did not just have a vision to build the biggest electronics
company in the world. In his biography, " Made in Japan" he
reveals that the real reason he set up Sony was to help rebuild his country,
which had just been bettered by war. He had a cause he was fighting for.
His vision to be an electronics giant was secondary.
What's the difference between a vision and a cause?
Here's what sets them apart.

· No one is wiling to die for a vision. People will die for a cause.
· You possess a vision. A cause possesses you.
· A vision lies in your hands. A cause lies in your heart.
· A vision involves sacrifice. A cause involves the ultimate sacrifice.

Just a word of caution. You must have the right vision, and you must be
fighting for the right cause. In the end, right will always win out.

It may take time, and it may take long. But if you have the right vision
and are fighting for the right cause, you will prevail. If not, no matter
how sincere you are, if you are not fighting for what is right, you will
ultimately fail.

It is said : "To whom much is given, much is required."

Having been given the opportunity to study in UP, no doubt, much has been
given to you in terms of an excellent education. Don't forget that in
return, much is now required of you to use that education not just for
yourself, but for others.
And as you move up and start reaching the pinnacle of success, even more
will be required of you to look at the welfare of others, of society and
of the country.

A final review :

· What's better than focusing on the negative ?
Focus on the positive

· What's better than working hard ?
Its working smart

· What's better than doing something for yourself ?
Doing something for your country

· What's better than a vision ?
A cause

· What's better than a long speech ?
Definitely, a short one

"Life is what we make it, always has been, always will be."

Virus Bulletin : Win32/Sober.Y

2006-09-09T22:16:00.000+05:30

Sober.Y is a typical mass mailing E-mail worm, the size is 55390 bytes and the worm is runtime compressed by UPX, an executable runtime packer, and then patched to avoid normal unpacking.

Installation and Autostart Techniques:

Upon execution, it displays the following faked error message box:

The worm then copies itself in the “%windir%\WinSecurity\” folder as “services.exe”, “smss.exe” and “csrss.exe”. It creates the folder “WinSecurity” when it doesn’t exist.

Note: %windir% denotes Windows directory (e.g. C:\WINDOWS) and %system% denotes Windows System directory (e.g. C:\WINDOWS\SYSTEM32) as they differ on various versions of Microsoft Windows.

The worm, running as “services.exe” then locks “services.exe” in it's own process and starts two other worm instances, “smss.exe” and “csrss.exe”, from this process.
Sober.Y uses exclusive file locking technologies to prevent an antivirus program from opening and scanning files once the worm runs active in memory. The result is that no file reading actions can be performed on the worm executable.

Important Note: As with all previous Sober Versions with exclusive lock, Sober.Y changes exactly one byte in the file header of the exclusively loaded files at position 0xA0. Once the worm does run, the three executables differ in the MD5 checksum. The worm uses this flag as an infection marker. If this byte is not 0x09 the worm will display the following faked Symantec live updater message box:

Three other files are created in the same folder: "socket1.ifo", "socket2.ifo", "socket3.ifo" containing a mime encoded email copy of the worm’s zip file (75996 bytes in size).

Every process tries to attach its own copy to outgoing emails. For example, services.exe, process 1, will attach socket1.ifo, and csrss.exe, process 3, will attach socket3.ifo.

The files "mssock1.dli", "mssock2.dli", "mssock3.dli" and “winmem1.ory”, “winmem2.ory”, winmem3.ory” are used for collecting harvested email addresses.

Sober.Y also creates Starter.run and might create sysonce.tst and nichtnem.nop depending on the system.

Important Note: Sober.Y adds the numbers “1”, “2”, “3” depending on the running process instance to the filenames. Instance 1 is always the main instance of the worm (services.exe). The worm is able to perform several multitask operations, such as collecting different email styles and combining different email addresses found by previous sober process instances (for example, instance 3 can use collected data from instances 2 and 1).

Sober.Y also creates several files in the %system% folder:

nonrunso.ber
langeinf.lin
filesms.fms
runstop.rst
rubezahl.rub
bbvmwxxf.hml

These files are not malicious and therefore not detected as part of the worm. Sober uses this Zero-Byte files to overwrite previous sober version copies.

The worm adds the following registry keys to the registry to make sure that it runs every time windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
“{Space}Windows” = “%WINDOWS%\WinSecurity\services.exe”

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
“_Windows” = “%WINDOWS%\WinSecurity\services.exe”

The worm continuously watches for the presence of these registry keys and recreates them if they are no longer present. This is done via Visual Basic Timer Interrupt polling.

E-mail Harvesting:

Sober.Y scans all fixed disks and collects E-mail addresses from files which match one of the following file extensions:

pmr phtm stm slk inbox imb csv bak imh xhtml imm imh cms nws vcf ctl dhtm cgi
pp ppt msg jsp oft vbs uin ldb abc pst cfg mdw mbx mdx mda adp nab fdb vap dsp
ade sln dsw mde frm bas adr cls ini ldif log mdb xml wsh tbb abx abd adb pl rtf mmf
doc ods nch xls nsf txt wab eml hlp mht nfo php asp shtml dbx

E-mail Sender:

The sender’s e-mail addresses are spoofed and may appear to be sent by a familiar source.
This worm uses its own SMTP (Simple Mail Transfer Protocol) engine to mass-mail copies of itself to other e-mail addresses.

E-mail Subjects:

E-mail subjects are chosen depending on the recipient's address

Your Password
Registration Confirmation
smtp mail failed
Mail delivery failed
hi, ive a new mail address
You visit illegal websites
Your IP was logged
Paris Hilton & Nicole Richie

for German speaking domains:

Ihr Passwort
Account Information
SMTP Mail gescheitert
Mailzustellung wurde unterbrochen
Ermittlungsverfahren wurde eingeleitet
Sie besitzen Raubkopien
RTL: Wer wird Millionaer
Sehr geehrter Ebay-Kunde

The worm makes this language selection based on the following domain suffixes:

de, ch, at, li or if the email destination is gmx.

Message Body:

The e-mail contains one of the following message texts:

Account and Password Information are attached!

This is an automatically generated Delivery Status Notification.
SMTP_Error
I'm afraid I wasn't able to deliver your message.
This is a permanent error; I've given up. Sorry it didn't work out.
The full mail-text and header is attached!

hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but im not sure!
plz read and check ...
cyaaaaaaa

Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.lease answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison
Department Office Admin Mail Post
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505
++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time

The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures & more ;)
Download is free until Jan, 2006!
Please use our Download manager.

or for German speaking domains:

Ihre Nutzungsdaten wurden erfolgreich geaendert. Details entnehmen Sie bitte dem Anhang.
*** {http://}www.{Sender Domain}
*** E-Mail: PassAdmin

Bei uns wurde ein neues Benutzerkonto mit dem Namen beantragt.
Um das Konto einzurichten, benoetigen wir eine Bestaetigung, dass die bei der Anmeldung angegebene e-Mail-Adresse stimmt.
Bitte senden Sie zur Bestaetigung den ausgefuellten Anhang an uns zurueck.
Wir richten Ihr Benutzerkonto gleich nach Einlangen der Bestaetigung ein und verstaendigen Sie dann per e-Mail, sobald Sie Ihr Konto benutzen koennen.

Vielen Dank,
Ihr Ebay-Team

Sehr geehrte Dame, sehr geehrter Herr,
das Herunterladen von Filmen, Software und MP3s ist illegal und somit strafbar.
Wir moechten Ihnen hiermit vorab mitteilen, dass Ihr Rechner unter der IP
erfasst wurde. Der Inhalt Ihres Rechner wurde als Beweismittel sichergestellt und es wird ein Ermittlungsverfahren gegen Sie eingleitet.
Die Strafanzeige und die Moeglichkeit zur Stellungnahme wird Ihnen in den naechsten Tagen schriftlich zugestellt.
Aktenzeichen NR.:#
(siehe Anhang)

Hochachtungsvoll
i.A. Juergen Stock
--- Bundeskriminalamt BKA
--- Referat LS 2
--- 65173 Wiesbaden
--- Tel.: +49 (0)611 - 55 - 12331 oder
--- Tel.: +49 (0)611 - 55 – 0

Glueckwunsch: Bei unserer EMail Auslosung hatten Sie und weitere neun Kandidaten Glueck.
Sie sitzen demnaechst bei Guenther Jauch im Studio!
Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.

+++ RTL interactive GmbH
+++ Geschaeftsfuehrung: Dr. Constantin Lange
+++ Am Coloneum 1
+++ 50829 Koeln
+++ Fon: +49(0) 221-780 0 oder
+++ Fon: +49 (0) 180 5 44 66 99

E-mail Attachments:

The worm attaches to a German recipient's domain with a self-copy as:

{TXT1}.zip
{TXT1}-TextInfo.zip
Email.zip
Email_text.zip
{TXT2}.zip
Akte{TXT2}.zip
{TXT3}.zip
{TXT3}_Text.zip
Ebay.zip
Ebay-User_RegC.zip

Note: {TXT1} represents one of the following text:

Service
Webmaster
Postman
Info
Hostmaster
Postmaster
Admin

Note: {TXT2} represents one of the following text:

Downloads
BKA
Internet
Post
Anzeige
BKA.Bund

Note: {TXT3} represents one of the following text:

Kandidat
WWM
Auslosung
Casting
Gewinn
Info
RTL-Admin
RTL
Webmaster
RTL-TV

or as:

reg_pass.zip
reg_pass-data.zip
mail.zip
mail_body.zip
mailtext.zip
list{random}.zip
question_list{random}.zip
downloadm.zip

to all other domains.

The worm avoids emails which contain one of the following strings:

-dav
.dial.
.kundenserver.
.ppp.
.qmail@
.sul.t-
@arin
@avp
@ca.
@example.
@foo.
@from.
@gmetref
@iana
@ikarus.
@kaspers
@messagelab
@nai.
@panda
@smtp.
@sophos
@www
abuse
announce
antivir
anyone
anywhere
bellcore.
bitdefender
clock
detection
domain.
emsisoft
ewido.
free-av
freeav
ftp.
gold-certs
google
host.
icrosoft.
ipt.aol
law2
linux
mailer-daemon
mozilla
mustermann@
nlpmail01.
noreply
nothing
ntp-
ntp.
ntp@
office
password
postmas
reciver@
secure
service
smtp-
somebody
someone
spybot
sql.
subscribe
support
t-dialin
t-ipconnect
test@
time
user@
variabel
verizon.
viren
virus
whatever@
whoever@
winrar
winzip
you@
yourname

if found, the worm will not add this email to the harvested email address collecting file.

Process Termination:

Sober.Y has encrypted part of its code, where it tries to terminate several security related programs, such as cleaner tools. For instance, if a user tries to run McAfee’s cleaner tool “Stinger.Exe”, the worm displays this faked message box:

Note: This also applies to Microsoft’s Malicious Removal Tool “MRT.EXE”

Depending on the system setup, the worm might also try to delete Symantec live updater related executables and copies itself as the updater file, so that the worm is started every time that liveupdate is scheduled.

Date and Time Synchronizing:

Sober.Y tries to connect to the following servers in order to retrieve the correct date and time to avoid manipulated times on virtual test environment systems and to check for a present internet connection:

Rolex.PeachNet.edu
clock.psu.edu
cuckoo.nevada.edu
gandalf.theunixman.com
nist1.datum.com
ntp-1.ece.cmu.edu
ntp-2.ece.cmu.edu
ntp-sop.inria.fr
ntp.lth.se
ntp.massayonet.com.br
ntp.metas.ch
ntp.pads.ufrj.br
ntp0.cornell.edu
ntp1.arnes.si
ntp1.theremailer.net
ntp2.ien.it
ntp2b.mcc.ac.uk
ntp2c.mcc.ac.uk
ntp3.fau.de
ntps1-1.uni-erlangen.de
ptbtime2.ptb.de
rolex.usg.edu
st.ntp.carnet.hr
sundial.columbia.edu
swisstime.ethz.ch
tick.greyware.com
time-a.timefreq.bldrdoc.gov
time-ext.missouri.edu
time.chu.nrc.ca
time.ien.it
time.kfki.hu
time.mit.edu
time.nist.gov
time.nrc.ca
time.windows.com
time.xmission.com
timelord.uregina.ca
tock.keso.fi
utcnist.colorado.edu
vega.cbk.poznan.pl
time.windows.com

TCP/IP Patching:

Sober.Y also tries to patch the TCPIP.SYS driver of Windows NT based systems:

%System%\drivers\TCPIP.SYS
%System%\dllcache\TCPIP.SYS
%Windir%\ServicePackFiles\i386\TCPIP.SYS

Note: The worm is surprisingly able to patch different versions of the TCPIP.SYS file (build 2180, build 2505, build 2631 and build 2685) by modifying the CRC sum of the file and changing the number of allowed half-open connections. This patching will actually work only on Windows XP systems (Service Pack 2) and Windows 2003 Server Systems.

Background: This technology was introduced in Germany by lvllord, a german tools programmer ( http://www.lvllord.de ) in the year 2004, exactly the date when the first sober worms started using this technology.

All about Web 2.0

2006-08-03T23:00:00.000+05:30

There are many definitions being thrown about. Ask around, and you'll get answers like "blogs", "RSS", "rich graphical capabilities", "video and rich interaction", "interacting with voice commands".

To put it simply, the Internet industry is approaching "graduation" and looking ahead to identify new applications that will enhance the online user experience.

Companies like Microsoft and Google are introducing new tools and technologies that enable us to create more interactive Web sites and to collaborate more easily with one another when we're online.

These emerging technologies are part of the natural evolution of the Internet, where Web sites in the early days were largely brochureware and their content didn't change frequently. Today, blogs and community sites are the rage, because they turn Web surfers into active users.

But if the focus of Web 2.0 is on the online user and enhancing the user experience, then perhaps the focus of the next era should also be about making it simpler, easier, and faster. We seem to be piling on more features into everything, including mobile phones, computers and Web sites, without making it easier for the user to get to them. Give me a feature that doesn't require more than three clicks to get to it, or doesn't take me a whole afternoon to learn.

For businesses, Web 2.0 is relevant, because more people are going online, and there is no better time than now to use the Internet to engage their existing and potential customers, as well as business partners. What do you think?

The $100 laptop

2006-07-31T18:26:00.000+05:30

The $100 laptop moves closer to reality

A low-cost computer for the masses moved one step closer to reality on Wednesday.

Nicholas Negroponte, the co-founder of the Media Lab at the Massachusetts Institute of Technology, detailed specifications for a $100 windup-powered laptop targeted at children in developing nations.

Negroponte, who laid out his original proposal at the World Economic Forum in Davos, Switzerland, in January, said MIT and his nonprofit group, called One Laptop Per Child, is in discussions with five countries--Brazil, China, Thailand, Egypt and South Africa--to distribute up to 15 million test systems to children.

In addition, Massachusetts is working with MIT on a plan to distribute the laptops to schoolchildren, Negroponte said.

"This is the most important thing I have ever done in my life," Negroponte said on Wednesday during a presentation at Technology Review's Emerging Technologies Conference at MIT. "Reception has been incredible. The idea is simple. It's an education project, not a laptop project. If we can make education better--particularly primary and secondary schools--it will be a better world."

He said a goal of the project is to make the low-cost PC idea a grassroots movement that will spread in popularity, like the Linux operating system or the Wikipedia free online encyclopedia. "This is open-source education. It's a big issue."

Negroponte said the idea is that governments will pay roughly $100 for the laptops and will distribute them for free to students.

The proposed design of the machines calls for a 500MHz processor, 1GB of memory and an innovative dual-mode display that can be used in full-color mode, or in a black-and-white sunlight-readable mode. The display makes the laptop "both an electronic book and a laptop," he said.

One display design being considered is a flat, flexible printed display developed at MIT's Media Lab. Negroponte said the technology can be used to produce displays that cost roughly 10 cents per square inch. "The target is $12 for a 12-inch display with near-zero power consumption," he said.

Power for the new systems will be provided through either conventional electric current, batteries or by a windup crank attached to the side of the notebooks, since many countries targeted by the plan do not have power in remote areas, Negroponte said.

The machines, which will run a version of the Linux operating system, will also include other applications, some developed by MIT researchers, as well as country-specific software. "Software has gotten too fat and unreliable, so we started with Linux," he said.

For connectivity, the systems will be Wi-Fi- and cell phone-enabled, and will include four USB ports, along with built-in "mesh networking," a peer-to-peer concept that allows machines to share a single Internet connection.

"In emerging nations, the issue is not connectivity," Negroponte said. "That was the issue, but there are many people working on it, (thanks to) global competitiveness. But for education, the roadblock is the laptop."

Five companies are working with MIT to develop an initial 5 million to 15 million test units within the year: Google, Advanced Micro Devices, News Corp., Red Hat and BrightStar, Negroponte said. He said the current plan is to produce 100 million to 150 million units by 2007.

Negroponte admits that his goals are ambitious. Currently, the world production of laptops is just under 50 million, he said.

While the initial goal of the project is to work with governments, Negroponte said MIT is considering licensing the design or giving it to a third-party company to build commercial versions of the PC. "Those might be available for $200, and $20 or $30 will come back to us to make the kids' laptops. We're still working on that," he said.

Others have launched low-cost PC ideas in the past, though MIT's project may be the most ambitious.

Last year, Advanced Micro Devices announced plans for its Personal Internet Connector--a prototype with a price tag of at least $185, with no display. And an Indian company called Novatium said it plans to offer a stripped-down home computer for about $70 or $75.

In addition, Microsoft's antipiracy-minded Steve Ballmer last year called for a move toward the $100 PC for developing nations.

(CNetNews.com)

Virus Alert (Bin Laden Trojan)

2006-07-31T18:19:00.000+05:30

(CNetNews.com)

Bin Laden Trojan quickly constrained

A spam e-mail that promises pictures of a captured Osama bin Laden but carries a malicious attachment has failed to spread widely, security experts said Friday.

Millions of copies of various versions of the e-mail were mass-mailed on Thursday, representatives from F-Secure and McAfee said. All versions of the message announced that the al-Qaida leader had been seized and included an attachment called "pics" that, when opened, attempted to download a worm to the victim's PC, the antivirus companies said.

If the download is successful, the worm will attempt to start propagating by e-mailing itself, said Craig Schmugar, virus research manager at McAfee. It can also set the victim's computer up to be used as a relay for spam, he said.

Part of one of the spam messages seen by F-Secure read: "Turn on your TV. Osama Bin Laden has been captured. While CNN has no pictures at this point of time, the military channel (PPV) released some pictures. I managed to capture a couple of these pictures off my TV. Ive attached a slideshow containing all the pictures I managed to capture."

Though the Osama bin Laden e-mail was widely spammed, neither McAfee nor F-Secure had seen many reports of the worm. "That indicates that most people are identifying the suspicious spam or blocking it," Schmugar said.

Ero Carrera, an antivirus researcher at F-Secure, agreed. "The initial numbers made us think that it could be a big outbreak, but in the end it was nothing more than just a big seed," he said, referring to a large number of initial spam messages.

This is not the first time Osama bin Laden's name has been used in an attempt to trick users to open a malicious file. Last year, a message claiming to contain pictures of the al-Qaida leader committing suicide surfaced in Internet news groups. The supposed picture file launched a Trojan to hijack the user's PC.

Saddam Hussein "death" photos have also been used as worm bait.

Myself

2006-07-30T17:48:00.000+05:30

My Hobbies

2006-07-30T17:22:00.000+05:30

I love fiddling with computers. I know Visual Basic, C++, Photoshop and love learning new softwares and programming languages. I also like stamp collection.

Myself

2006-07-30T17:09:00.000+05:30

Hello
I am Deepak Krishnan and this is my personal blog. I am a computer enthusiast and loves programming and gaming. I am currently studying in Kendriya Vidyalaya in my XIIth standard. I am 17 yrs old. I am currently residing in Palakkad (Kerala).