Offline for 3 days; SiteAdvisor bug?; Happy New Year to All!

There’ll be no entry for 3 days.  I’ll be away for a New Year’s celebration.  Off to Hong Kong (that’s the plan since last week) in 2 more hours.

A HAPPY HAPPY NEW YEAR to ALL of you! If you are a Calendar of Updates visitor or member… here’s another New Year Message :) — Don’t worry… there’s no storm worm in my link ;)

BTW, There’s new version of McAfee SiteAdvisor.  Not sure the exact date it was released but the new version was released to fix a bug.  See calendar of updates entries here and here.

What happened:

Install SA for FF.  Install SA for IE.

Uninstall SA for IE only. Keep SA for FF.

Reboot the system.

The bug?  SiteAdvisor for Firefox has been removed even I did not remove it.  I kept it but the removal of SA for IE also removed the SA for FF.

So folks, if you removed SA for IE and noticed the SA for FF is gone… get it again at www.siteadvisor.com

If it’s not a bug then it means the uninstaller of SiteAdvisor will now REMOVE the program for whatever browser it is installed. 

Variant of Nuwar/Storm worm. 10 out of 32 detects it

See earlier report on this happynewyear2008.exe where 14 out of 32 will detect a variant of storm worm.

Today, I’ve been deleting email that contains link to download an infected file:
Domain is familypostcards2008.com

stormwormdec30   stormwormlink

Only 10 (at the time of this writing and submission at Virustotal.com) will detect this variant:

stormwormdec30vt

stormwormdec30vtr

See also http://www.antirootkit.com/blog/2007/12/27/happy-new-rootkit/ for other domains that users should block in addition of blocking familypostcards2008.com

FTC Issues Staff Report on Malicious Spam and Phishing

In a new report, the Federal Trade Commission staff describes findings from its July 2007 workshop, “Spam Summit: The Next Generation of Threats and Solutions” and proposes follow-up action steps that stakeholders can adopt to mitigate the harmful effects of malicious spam and phishing. In addition to proposing action steps for stakeholders, the report provides an overview of the agency’s decade-long role in protecting consumers from the threats of fraudulent spam and phishing. The report also announces results from staff’s 2007 Harvesting and Filtering Study, which suggest that Internet service providers’ spam filters continue to serve an integral role in reducing the amount of spam that reaches consumers’ in-boxes.

During the workshop, panelists confirmed that spam has increasingly become a significant global vector for the dissemination of malware and the propagation of financial crimes.

http://www.ftc.gov/opa/2007/12/spam.shtm

Adobe Spying On Its Customers

It’s not all that surprising these days to hear about software companies having their software “phone home” in some manner or another, though it’s often quite annoying.

Update: John Dowdell, an Adobe employee (and long time Techdirt reader) has replied in the comments, noting that he’s talking to folks at Adobe to find out the whole story, but he thinks it’s the “live update” function. I’m not sure I understand why a live update function would call an analytics firm — or why the ping to that analytics firm should be disguised as a local network ping, but that’s the story coming out of Adobe right now. Will update again if any more details become clear.

Update 2: Further response from Adobe here. It explains what the connection does and also admits that the company should have done a better job making it clear.

http://techdirt.com/articles/20071228/020818.shtml

Add this to your block lists to avoid some Storm worm

Add this to your block lists to avoid some Storm worm

Domain name:             HAPPYCARDS2008.COM
Name Server:             ns.happycards2008.com 75.53.216.142
Name Server:             ns10.happycards2008.com 70.142.192.219
Name Server:             ns11.happycards2008.com 72.128.113.26
Name Server:             ns12.happycards2008.com 72.128.30.86
Name Server:             ns13.happycards2008.com 74.130.106.75
Name Server:             ns2.happycards2008.com 76.237.206.65
Name Server:             ns3.happycards2008.com 64.30.118.241
Name Server:             ns4.happycards2008.com 75.23.73.65
Name Server:             ns5.happycards2008.com 76.253.189.137
Name Server:             ns6.happycards2008.com 74.69.168.236
Name Server:             ns7.happycards2008.com 71.195.165.21
Name Server:             ns8.happycards2008.com 88.171.125.18
Name Server:             ns9.happycards2008.com 67.38.7.98

Domain name:             NEWYEARCARDS2008.COM
Name Server:             ns.newyearcards2008.com 75.53.216.142
Name Server:             ns10.newyearcards2008.com 70.142.192.219
Name Server:             ns11.newyearcards2008.com 72.128.113.26
Name Server:             ns12.newyearcards2008.com 72.128.30.86
Name Server:             ns13.newyearcards2008.com 74.130.106.75
Name Server:             ns2.newyearcards2008.com 76.237.206.65
Name Server:             ns3.newyearcards2008.com 64.30.118.241
Name Server:             ns4.newyearcards2008.com 75.23.73.65
Name Server:             ns5.newyearcards2008.com 76.253.189.137
Name Server:             ns6.newyearcards2008.com 74.69.168.236
Name Server:             ns7.newyearcards2008.com 71.195.165.21
Name Server:             ns8.newyearcards2008.com 88.171.125.18
Name Server:             ns9.newyearcards2008.com 67.38.7.98
Creation Date:           2007.12.26
Updated Date:            2007.12.26
Expiration Date:         2008.12.26

http://www.antirootkit.com/blog/2007/12/27/happy-new-rootkit/

End of Support: Netscape Browser

After February 1, there will be no more active product support for Navigator 9, or any previous Netscape Navigator browser. This includes Netscape v1-v4.x, Netscape v6, Netscape v7 Suite, Netscape Browser v8, and Netscape Navigator/Messenger 9.

We’ll continue to release security patches for the current version of the browser, Netscape Navigator until February 1, 2008.

http://blog.netscape.com/2007/12/28/end-of-support-for-netscape-web-browsers/