Did You vile spammers create Sobig specifically to enable more spam? If so the FBI is onto your horrendous, criminal scheme
The Sobig viruses--the first of which was created in January--are thought to be created as a moneymaker. The viruses turn every infected PC into an "open proxy," or a system that can be used to send spam. Security experts believe that the programmers of Sobig sell the list of open proxies to underground bulk e-mailers that need to send anonymous e-mail.
Mixed in with the spam bounces from some vile spammer I'm also getting bounces originating from Sobig F along with lots of mail with attached .pif files. I know how to stop it. (spread the word :-)
According to Symantec's security response for Sobig.F
Sobig.F can download arbitrary files to an infected computer and execute them. The author of the worm has used this functionality to steal confidential system information and to set up spam relay servers on infected computers.
This functionality may also be used as a worm self-update feature. Under the correct conditions, Sobig.F attempts to contact one of the list of master servers, which the author of the worm controls. Then, the worm retrieves a URL that it uses to determine where to get the Trojan file, downloads the Trojan file to the local computer, and then executes it.
There are 20 specific computers on the net which Sobig.F will contact to determine the URL of a file to download. Last week the antivirus community shutdown the 20 servers before any additional damage could be done. But it didn't take long for some bad guy to introduce a variant of Sobig.F which addresses this weakness.
The new Sobig.F variant contains an encrypted list of the names of seven servers operated by Time Warner Telecom (TWT)... Two of the servers are SMTP ... servers, ... the other five [are] apparently domain name servers.
I substantially snipped that quote to draw attention to the use of SMTP and especially DNS. The new strain no longer hard-codes the ip addresses of a finite number of servers. Instead it's hard-coded seven domain names. It implies there will be secondary attacks where the bad guys will crack DNS servers, or more likely Active Directory servers, so that they can control the IP addresses that are mapped to the Time Warner domain names.
The bad guys are breeding a virus that actively looks for mutations of itself. That ought to scare the hell out of you.
Here's how to stop it. Sobig is looking to download and execute code from some server. The mutations are playing games to allow the bad guys to control where that server is. Use their own code against them. Change your DNS servers to point the Time Warner addresses (with my apologies to Time Warner) to a server you control. Put a Sobig uninstaller there and let the viruses dutifully remove themselves from the infected systems.
That won't be the end of it. Viruses and immune systems evolve together. Every mutation in one creates selective pressures on the other. This process will continue indefinitely and we are going to see some truly nasty viruses in the future. Microsoft might now be genuinely concerned about tightening their security, but the world is still going to be suffering the consequences of their many years of monopoly laziness for a long time to come.
The best hope we have to limit the damage future viruses can cause is to rebuild our computer world with diverse operating systems and software. The Windows mono-culture is enormously vulnerable, both for its size and for Microsoft's past sins. The more Windows users who switch to any other operating system the better. We can pretty much count on the fact that not everyone is going to switch. So there's little danger that some other OS will take Window's place. Optimistically, if Windows were only 30% of the market with Solaris, Mac OS, Linux, FreeBSD, OpenBSD, and others splitting the rest of the market, we'd be in a much better position as far as viruses are concerned.
Here's an incentive to you reluctant Windows users: you can switch today and live in a much less hostile computing ecosystem.
Not only have you imposed your marketing scam on an enormous list of uninterested recipients, you've presented yourself as ME, you slimey, wicked, cowardly impostor! You are twice despicable for each vulgar message you send: once for your selfish imposition on the recipient and once for the bounced replies to me. You may evade the direct consequences but you cannot evade the fact of your abusive, devious, shady, swindling character. You draw to yourself the same that you deal out. Your own villainy will gnaw you to the marrow of your bones.
Master: What is this I hold before you in my hand?
Apprentice: It is a staff, Master.
Master: Correct. But wrong. (whap) hits the apprentice on the arm
Apprentice: Ouch!
Master: What is this I hold before you in my hand?
Apprentice: It is four feet long and made of wood, Master.
Master: Correct. But wrong. (whap) hits the apprentice on the thigh
Apprentice: Ouch!
Master: What is this I hold before you in my hand?
Apprentice: It is a walking stick, carved from the limb of an ancient tree and given to you by your Master.
Master: Correct. But wrong. (whap) hits the apprentice on the arm
Apprentice: Ouch!
Master: What is this I hold before you in my hand?
Apprentice: It is a collection of molecules, atomic particles, and sub-atomic particles bound together by various energies and wielded as used to aid walking or as a weapon.
Master: Correct. But wrong. (whap) sweeps the legs out from under the Apprentice (thud)
Apprentice: Ouch! gets back on his feet
Master: What is this I hold before you in my hand?
Apprentice: It is an extension of your body, Master.
Master: Correct. But wrong. (whoosh)
Apprentice: ducks the master's shot to the head
Master: Excellent! What is this I hold before you in my hand?
Apprentice: Painful, Master.
Master: Correct. But wrong. (whoosh)
Apprentice: jumps over a sweeping attack at the legs
Master: Excellent! What is this I hold before you in my hand?
Apprentice: I do not know, Master.
Master: Then you must study it more closely. hands it to the Apprentice and exits
No description or label can capture the wholeness of the instrument held in the master's hand. Words are a flashlight in a dark cavern. They illuminate one small spot and cast the rest into shadow.
You are in dark. You are likely to be eaten by a grue.
A few weeks ago, Sarah and I were talking about our respective days when she suddenly changed the subject. "Oh!" By her facial expression I could tell she was remembering something fun. "What do you think about wikis?" She asked with a mischievous grin, catching me completely by surprise. She was pretty proud of herself for springing something unquestionably geeky that she didn't hear about first from me. She'd heard an article about wikis on All Things Considered. I told her a little about Ward Cunningham and the c2 wiki and connected a few dots to past conversations about Extreme Programming.
Last night, I was telling Sarah about a new requirement I learned about at work. She nodded knowingly and with a gleam said "dontcha just hate scope creep?" I keep telling her that she's got geek potential, but she coyly denies it.
This weekend we're celebrating our first anniversary. It's been a turbulent year. We honeymooned in Nova Scotia. Shortly after our return I was laid off from PlanetCAD. She nearly abandoned but ultimately finished her masters thesis in December, thanks in large part to organizational and motivational help from her friend Emily. We spent a couple weeks in New Zealand in February with her mom, brother and sister-in-law -- thanks Mom! It's hard to believe this is the first I've blogged that. The US invaded Iraq. After seven months of unemployment, I landed a contract with the City and County of Denver in April. Just this month, renewal of that contract has been held up by predictable delays under the city's new administration. We've just moved back into my condo. It is really too small for us but radically less expensive than the place we were renting. Ellie, Sarah's sweet pit bull, has to move because the home owners association forbids dogs. They've kindly granted a two week exception while we make other arrangements. Someday soon we'll be looking for a house with a yard so Ellie can move back.
Happily, through all of these external stresses we've nourished each other and our relationship in all sorts of wonderful ways. How completely blessed I am!
My brother has been enjoying LAUNCHcast since before Yahoo! bought them. He reminded me about it today. After DSL came up I went to check it out. How truly annoying!
Hello Support at LAUNCHcast.
This service is pretty unfriendly to Mac OS X users. The form for customizing a radio station cannot be submitted with either Safari 1.0 (v85) or Mozilla Firebird 0.6. The links to existing stations claim to be "Launching your radio player" and never do anything. In Internet Explorer 5.2 the custom form can be submitted. Only with IE and only after completing the form do I see a message that OS X is not supported.
I filled out the dang form three times only to learn that I have to pay the Microsoft tax to enjoy your service. It's a long form. At the very least your site should notify OS X users before they complete the form that you don't support the platform. You could also make it self-evident that your service depends on Window Media Player. The link to the LAUNCHcast system requirements it too deeply nested.
Thanks for wasting my time.
ps. Your feedback form requires that I tell you which Windows Media Player I'm using. Since I'm not actually using Window Media Player, please disregard that part of my reply.
This morning I spent some time on the phone with Matt at Indra's Net trying to get my DSL activated. It didn't go smoothly, but I'm still very happy with my ISP. DSL is up!
I like Indra's Net. Real human beings answer the phone -- no voice menu. Everyone I've ever spoken with has been genuinely courteous: not artificially sweetened, and not formulaic, and never rude nor impatient. In this particular case Qwest had not scheduled my service to be installed until tomorrow. We would have saved several phone calls if Matt had noticed that detail earlier. I appreciate that he was honest about that mistake. He didn't blame Qwest and didn't make any other excuses.
A couple hours later he made the extra effort to call me back when he noticed my line come up. Qwest finished their work early. Qwest gets credit too, but Matt made a point of calling me back. In fact, it seems likely that the calls we made to Qwest moved me up their queue. So it may not have been smooth, but I've got bandwidth a day early.
Yippie!
Just noticed that I haven't seen a chain letter in months. No NPR funding myth, no bogus virus warnings, no warnings to send this to five friends or Bad Things will happen.
I'm not sure I'm happy with the change. But I think the spam meme has drown the chain letter meme, at least for my inbox.
Please note: this is not an invitation to send me chain letters!