31.1.08

QTRAX

Review #1 of QTRAX: A P2P Legal file sharing program


By:Ed Quinn
7:57 AM 1/31/2008

As with any program, or most, the download and install went smooth. Unlike Morpheus or Limewire, you do not have to Open any extra ports on your computer. Maybe because The SONGBIRD Browser part of this is basically a FireFox browser. It Does Listen On Ports 1573, 1575, 1577. Although a browser, remember it is a file sharing program able to Serve others request.

So I run the program and look around. The first thing I did was click on a link on the home page. I thought I was going to listen to a song. It didn't happen. What did happen was it loaded all 15 songs in to the songbird player. After it did this, it didn't and wont play them. So I tried again with the same results.

I wanted to try it out so I thought, maybe I have to register just to listen. So I click on register and proceed to do so. Unlike other P2P apps this is not required and I don;t know why it is here, unless some time in the future they want too prosecute you for Downloading songs. Anyway, short of your actual street address everything else is required. Full Name, user ID you select, password, Date of Birth, ZIP Code, Country, Email address. I don't know why they need all this info.

After filling out the required info I hit the submit button and waited. And Waited and waited and waited and, well you get the point. A couple of times during this submission process it returned a blank page. After it doing this a couple of times, I filled out the form again and re-submitted. And waited and ,.... get it. I don't know if my information was accepted or not.

As I thought might happen with this being a Browser and a P2P program bundled, it sucks as of this post. The only thing that does seem to work at this time are the Banner adds. From looking at the home page of this browser there are only 37,835 users online at this time, with 9,695,469 tracks available.

So I shut it down and reboot hoping this will have some affect, but I doubt it. So I type in my user name and password and hit enter. What do I get back, INVALID ID or password. So I guess it didn't take the first three time so I will now try again. It must work because there are now 38,308 users online. Up 203 from last look.

Success!!!! The registration went through.

I go to my email to retrieve the activation code. I click the link to activate and , NOTHING HAPPENS. The page wants to load as before when trying to create an account but doesn't. So I decide to go to my email on another box,One that is running Linux. I open the mail and click the link and It goes through. I do not understand this. None the less, my account is NOW activated. So now we will go back on the other box and try and log in. Success....we are able to log in. Now we shall see what we are allowed too do after going through all this, and providing them with more Information than I care to share. It better be worth it.

Well at this point everything I click on pops up a window that tells me, "DOWNLOADS COMING SOON". From the Home page of this program I see that the Most downloaded songs are from LED ZEPPELIN and BARBARA STREISAND, Neither of which I have ever cared for. At my age, most people I grew up with were in to Zeppelin. But I will see if I can DL some ZEP just to see.

I am NOT A HAPPY CAMPER AT THIS POINT......Everything I try to DL say the same thing, "DOWNLOADS COMING SOON". Well I am going to play with it some more, but I don't think It will get any better.

I have used other P2P programs with MUCH better luck, and more users online than this. I also noticed that my clock has been reset. It has been moved 3 hrs back. I Don't know why this would happen unless it installed some spyware/malware or some other hack. We will find out shortly. They do tell you that it does not contain any on their website. How many times have you heard that before. This is why it is always best to run these type and any other programs you want to try, on a TEST BOX if you are lucky to have more than one.

Sad, but at this point the ONLY thing they are serving are Multiple Banner adds, trying to sell you something. I will continue and post an update sometime later. Until then remember, If it sounds to good to be true, It usually is! In this case, It doesn't sound at all. You cant even play the damn songs. All you can do is look at the pages. So I end this review with giving it 1 out of 10 stars. 1 because it looks good.

If you want too try your luck, heres the link: http://www.qtrax.com/

30.1.08

Where do they come from

If you don't watch this, you may miss the best Laugh of your day.

Seriously..........

29.1.08

World's Most Powerful Rail Gun Delivered to Navy

For true sci-fi fans, any mention of a real-world rail gun will draw an instant, slightly audible gasp. Instead of relying on chemical propellants -- such as gunpowder -- a rail gun uses magnetic "rails" to launch a solid, nonexplosive projectile at incredible speed. Theoretically, rail guns would be able to precisely strike targets at extreme ranges, and would negate the risks associated with carrying around tons of explosive ammo. More to the point, they're cool-sounding, just like lasers.

Which is why the news that BAE Systems has delivered a functional, 32-megajoule Electro-Magnetic Laboratory Rail Gun (32-MJ LRG) to the U.S. Naval Surface Warfare Center in Dahlgren, Va., is exciting. Installation of the laboratory launcher is currently under way, and according to BAE, this is the first step toward the Navy's goal of developing a tactical 64-megajoule ship-mounted weapon.

The lab version doesn't look particularly menacing -- more like a long, belt-fed airport screening device than like a futuristic cannon -- but the system will fire rounds at up to Mach 8, drawing on tremendous amounts of electricity to generate the current for each test shot. That, of course, is the problem with rail guns: Like lasers, they're out of step with modern-day generators and capacitors. Eight and 9-megajoule rail guns have been fired before, but providing 3 million amps of power per shot has been a limitation. At 32 megajoules, this new system appears to be the most powerful rail gun ever built, and the Office of Naval Research is installing additional capacitors at the Dahlgren facility to support it. The planned 64-megajoule weapon, if it's ever built, could require even more power -- a staggering 6 million amps.

Full Report Here- www.military.com

Also see - How Rail Guns Work There is a cool graphic that lets you fire the Rail Gun, on the second page. [I think it's Cool, your opinion may vary.]

27.1.08

Better Integrated Spy Chip ???

Method of reliably electroless-plating integrated circuit die

Abstract

The present invention is a reliable method of electroless-plating integrated circuit die that achieves high yield. Die are attached to a holder using a polyimide adhesive to eliminate voltage differences on bond pads which would otherwise interfere with the plating. The die are aggressively cleaned using multiple cleaning solutions, one heated to a user-defined temperature. Each cleaning is followed by an aggressive rinse in de-ionized water. Die are immersed into multiple metal solutions at user-definable temperatures. Each immersion is followed by an aggressive rinse in de-ionized water, one with heated de-ionized water.


Inventors: Pal; Rathindra N. (Beltsville, MD), Berlin; Kingsley R. (Odenton, MD)
Assignee: The United States of America as represented by the National Security Agency (Washington, DC)
N/A (
Appl. No.: 11/253,879
Filed: October 19, 2005


More:http://tinyurl.com/356pby

23.1.08

Call-jacking VOIP / More Worms for Cellphones

New VOIP 'Call-Jacking' Hack Unleashed


JANUARY 22, 2008 Dark Reading

Now there's a way for attackers to hijack a user's voice-over-IP service: "call-jacking" could let the bad guys launch sophisticated phishing attacks as well as perpetrate lucrative toll fraud.

Researchers from the hacker group GNUCitizen have released a proof-of-concept for call-jacking via a BT Home Hub user's router. The attack exploits cross-site request forgery (CSRF) and authentication bypass vulnerabilities in the router that were previously discovered by the researchers. The attack works even if the default password in the router has been changed.

"We believe that this technique, which we coined as 'call jacking,' is completely new. There is nothing like this in the public domain as far as we know," says Adrian Pastor, a senior IT security consultant for an unnamed penetrating testing firm in London. "The beauty of the attack is that the victim user thinks he/she is receiving a phone call, but in fact he/she is making the phone call and paying for it. We find this quite innovative and unique, hence the need for coining a new term."

The exploit could be used in a phishing attack, where the victim would get a phone call from his "bank" after clicking a link in a phishing email. Phishers typically don't know their victims' phone numbers, he says, so the phone call would help the attacker appear legitimate and gain the victim's trust.

Another attack scenario involves toll fraud, where the victim's router would be forced to dial a toll number. "Premium numbers are very expensive, and allow the identity who registered them -- in this case, the attackers -- make money every time someone dials them," Pastor says.

+++++++++++++++++++++++++++++++++++++++++

Malicious MMS worm hits Nokia handsets


January 22, 2008 (TechWorld.com)

-- Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks.

Fortinet's threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include the Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.

The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3 or Love.rm. Fortinet warned this is deceiving users into unknowingly installing the malicious software onto their phones.

Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon "clicking" on the attachment. "Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software," warned Fortinet.

After installation, the worm harvests all the phone numbers located in the phone's contact lists and targets them with a viral MMS carrying a SIS-packed (Symbian Installation Source) version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers as well.

19.1.08

Final UPDATE: Storm of the Century - 2008 ?

This is an update to a previous post. You can read it HERE.

Further UPDATEs will be added to This POST.

As soon as the Rain/Sleet changes to SNOW, I will post Pictures and Video.

Yes, it is a BIG DEAL when it snows this far South.

++++++++++++++++++++++++++++++++++++++++++++++++++
Bummer.....In my area we 'Did NOT' get any Snow. We Didn't even get any Flurries. All we got was a little Sleet and Not very much of that, So I have No pictures of snow for my area. I look forward to seeing what the rest of the Winter season holds for my area as we usually have our Snow in Late February through Mid March.

Final UPDATE: Snowfall Amounts- January 19, 2008


On January 19, 2008 A low pressure system over the northwest Gulf of Mexico spread abundant moisture over a cold airmass to produce widespread snow across northern Georgia. The precipitation began in the form of rain in the hours around daybreak...but quickly changed to mostly snow between midmorning and the noon hour. Since the ground was relatively warm...and temperatures during the event were generally slightly above freezing...some of the snow that fell melted. This resulted in snowfall accumulations that were fairly light.


Reports from individual counties...

LOCATION COUNTY AMOUNT COMMENTS

5 S. CUMMING FORSYTH 2.00
ALPHARETTA N. FULTON 1.75
MATT FORSYTH 1.50
WOODSTOCK S. CHEROKEE 1.50
STOCKBRIDGE HENRY 1.25
DOUGLASVILLE DOUGLAS 1.25
PINE MOUNTAIN HARRIS 1.00
SANDY SPRINGS N. FULTON 1.00
MIDTOWN FULTON 1.00
DALLAS PAULDING 1.00
DECATUR DEKALB 1.00
VININGS COBB 1.00
LA GRANGE TROUP 1.00 SPOTTER REPORTS 0.5-1.0 ACRS CNTY
PALMETTO COWETA 1.00
CARROLLTON CARROLL 1.00
ZEBULON PIKE 1.00
GRIFFIN SPALDING 1.00
CONYERS ROCKDALE 1.00
GREENVILLE MERIWETHER 1.00
6 NNE DALLAS PAULDING 0.80
SUCHES UNION 0.80 EMA REPORTS 0.5-1.0 ACRS CNTY
ATL AIRPORT CLAYTON 0.80 HARTSFIELD-JACKSON OFFICIAL OBS
SENOIA COWETA 0.50
DAHLONEGA LUMPKIN 0.50
PEACHTREE CITY FAYETTE 0.50
CEDARTOWN POLK 0.50
GAINESVILLE HALL 0.50
LAWRENCEVILLE GWINNETT 0.50
FRANKLIN HEARD 0.50
COVINGTON NEWTON 0.50

National Weather Service Forecast Office
Peachtree City, Georgia
http://www.srh.noaa.gov/ffc/html/sno11908.shtml
++++++++++++++++++++++++++++++++++++++++++++++++++

Heavy Snow Warning



URGENT - WINTER WEATHER MESSAGE
NATIONAL WEATHER SERVICE PEACHTREE CITY GA
406 AM EST SAT JAN 19 2008

...ACCUMULATING SNOW HEADED FOR PORTIONS OF NORTH AND CENTRAL
GEORGIA TODAY...

++++++++++++++++++++++++++++++++++++++++++++++++++

UPDATE 2


The NWS has canceled the 'Heavy Snow Warning' for my area, but still say we are to get 2"- 4" of Snow. It hasn't made it to my area yet but it's coming.

In the meantime , here are some images of Snow in the Atlanta area pulled from the Department of Transportation Cameras.
The cameras can be found on this site, http://www.georgia-navigator.com/





18.1.08

Save Windows-XP

You may have NOTICED the banner at the top of the Home page asking you to help Save Windows-Xp. Why Save Windows-XP, you might be asking yourself. Because there are some of us out here that still use it, and will continue too use it. But Why you ask, Don't you want VISTA? Well sure some of us want Vista. We just can't afford it.

I have 3 boxes running Xp-pro and it would cost me a pretty penny to replace them with ones that could run Vista.

They say you would be able to buy a NEW Computer with XP installed for awhile, you just wont be able to go and buy the OS as a stand alone. I have gone to ALL of the stores in my area and it is NO where to be found.I have ask the sales people at these stores if they could Order me a copy and the Answer was NO.

My other reason besides the one above is- 'If it ain't Broke, why fix it'.

There are many more reasons and you can find them HERE

They walk among us........

Jon sends: Subject: Priceless

A man was being tailgated by a stressed out woman on a busy
boulevard. Suddenly, the light turned yellow, just in front of
him. He did the right thing, stopping at the crosswalk, even
though he could have beaten the red light by accelerating through
the intersection.

The tailgating woman was furious and honked her horn, screaming
in frustration, as she missed her chance to get through the
intersection, dropping her cell phone and makeup.

As she was still in mid-rant, she heard a tap on her window and
looked up into the face of a very serious police officer. The
officer ordered her to exit her car with her hands up.

He took her to the police station where she was searched,
fingerprinted, photographed, and placed in a holding cell. After
a couple of hours, a policeman approached the cell and opened the
door. She was escorted back to the booking desk where the
arresting officer was waiting with her personal effects.
He said, "I'm very sorry for this mistake. You see, I pulled up
behind your car while you were blowing your horn, flipping off
the guy in front of you, and cussing a blue streak at him." I
noticed the 'What Would Jesus Do' bumper sticker, the 'Choose
Life' license plate holder, the 'Follow Me to Sunday-School'
bumper sticker, and the chrome-plated Christian fish emblem on
the trunk; naturally ... I assumed you had stolen the car."

Priceless. --

17.1.08

Internet billing based on usage


I guess this is the Wave of the future, like most European countries.

So, Time Warner Cable Inc said on Wednesday it is planning a trial to bill high-speed Internet subscribers based on their amount of usage rather than a flat fee.

I don't have Time Warner as my ISP. If I did And they Jacked My Bill they would more than likely Lose a customer.

My Provider from what I have been able to find Charges one of the Highest Rates in the country for high-speed Internet. I don't have a package deal or Bundle where you have Cable TV, Phone and Internet for one LARGE price. I don't watch much of the BOOB-TUBE, nor do I make long distance or international calls. I only have high-speed Internet and Pay $60.95 a Month. If, in the Near future my provider follows suit, I would hope my bill would decrease. If it doesn't decrease and stays the same I will continue my service. If it goes Up, I will cancel my service because I feel what I already pay is extreme.
So what if I have multiple boxes in my network. It is very rare that all are on at the same time. I don't DL videos or large files. I do run Limewire once in awhile, but even then I don't DL any videos or MP3's. [Yes, there are other types of Files out there that do contain information.]

I have family that Has high-speed Internet with a different ISP than myself. Their Monthly rates are anywhere from $24.95 / $42.00. I wish I could Change my ISP but that is part of how they screw you. You would think I could as we Live within a Mile of each other, yet the services offered seem to Stop on the Property lines. Go figure. I guess it really doesn't matter though, as we all have a different ISP by name, They are ALL Operated By AT&T.

I don't look forward to going back to Dial-up service, but it may come to this.

Anyway, this is my rant.

16.1.08

Malware Quietly Reaching 'Epidemic' Levels

New reports say malware increased by a factor of five to 10 in 2007


JANUARY 16, 2008 | 5:40 PM
By Tim Wilson
Site Editor, Dark Reading

Everybody knew it was bad, but few knew it was this bad.

In separate studies released yesterday, two research firms now say that malware increased between 500 percent and 1,000 percent in 2007, and it shows no signs of slowing down.

"The number of new strains of malware that appeared in 2007 increased tenfold with respect to the previous year," said PandaLabs, Panda Security's research arm, in a report issued yesterday. "Over the last year, PandaLabs has received an average of more than 3,000 new strains of malware every day. This represents a malware epidemic which -- although silent, with little media coverage and no widespread alerts -- is nevertheless dangerous."

The results indicate that signature-based defenses for malware are no longer effective, the research firm said. Some 72 percent of networks with more than 100 workstations -- and 23 percent of home users -- are currently infected with malware, despite having operative antivirus or other signature-based tools in place, PandaLabs said.

Experts at AV-Test, an independent testing organization, also reported skyrocketing incidence of malware yesterday. After a detailed count, the organization said it identified nearly 5.5 million different malware files in 2007 -- more than five times as many as in 2006.

AV-Test counted the number of files with different MD5 hashes, sometimes called "fingerprints." This includes malware which is packed using a different run-time packer or is differently encrypted, the testing organization said.

In 2007, AV-Test found almost 5.5 million such files, up from about 973,000 in 2006 and 333,000 in 2005, the report said. And the trend is accelerating: The group already has identified more than 118,000 different malware files in the first two weeks of January.

The results drove AV-Test to concur with PandaLabs's assessment. "The figures clearly demonstrate that the signature-based approach of current anti-virus software is no longer appropriate," the report said.

15.1.08

Storm of the Century - 2008 ?

[Disclaimer: I am NOT a Meteorologist.]

With that being said, If you are in the Southeast I would get your Supplies NOW!

I have been watching this take shape for about 5 days now. I had Just mentioned this to My Family this past Sunday.I told them the indications that I see reminded me of the 'Super Storm of 1993', or the 'Storm of the Century', as it was Called.

As we know, Meteorology is a Science based on gathering information and making a Forecast/Speculation. Even the PRO"S are wrong 30% of the time. So on with my Speculation....er, Forecast....

First a little History of 'The Storm of the Century' from 1993-

On March 12, 1993, a newly formed cyclone moved into a low level baroclinic zone already in place over the Gulf of Mexico and began to rapidly intensify. The deepening cyclone turned northeastward and the center of low pressure made landfall in northwestern Florida during the early hours of March 13.

Photobucket - Video and Image Hosting

Photobucket - Video and Image Hosting



As you can see from this CURRENT[as of this post] image the Low Will be about in the SAME position as was in 1993, if not a little further south as compared to the above Storm Track image.


Photobucket - Video and Image Hosting


These next images Show the Forecasted development of this system.


Photobucket - Video and Image Hosting

Photobucket - Video and Image Hosting

Photobucket - Video and Image Hosting

Photobucket - Video and Image Hosting



In this image you can see the projected path of this current storm through Thursday January 17,2008.


Photobucket - Video and Image Hosting

In this Image you can see where the Storm in 1993 made landfall in Florida.


Photobucket - Video and Image Hosting

The area for land fall is similar, as are the conditions in the rest of the US, meaning the COLD temperatures.
This is the Loop of the 'Storm of the Century' from 1993.


Satellite Loop.


When all was said and done, 270 people were dead and total property damage estimates exceeded $3 billion. According to the National Disaster Survey Report (NDSR 1994), twenty-six states were affected, impacting the lives of nearly 100 million people, approximately half the nation's population. More than a foot of snow fell from Alabama into Maine, combined with record cold in the storm's aftermath. Seventy record lows were set on March 14, with an additional 75 that following morning.

Sources:
http://ww2010.atmos.uiuc.edu/(Gh)/arch/cases/930312/hist.rxml
http://www.nws.noaa.gov/outlook_tab.php

12.1.08

Micro$oft or MicroShaft

I reformatted my Laptop back in December to a Dual-Boot running WinXP-Pro and Linux-Kubuntu. I didn't update winXP until this morning. I have another box running Win-XP pro and Another Dual-Boot running the same as the Laptop,so I had plenty too play with. Anyway............After I downloaded the updates on the laptop I went to install them. I always Choose the custom install as I don't require all the BS Micro$oft wants to install, such as the Malicious Software Removal Tool. After My first experience with running it some time ago, when it would detect some of my NON-Microsoft programs and wanted me to let it 'FIX MY PROBLEM'.......Well you get the point.

So after removing the CHECK by the updates I didn't want and installing the updates, I also check Do not show these un-installed updates again. The prompt says It will Not Show them Again,so I reboot. After doing this 4 times and doing the same as stated above, I decide I would Capture what was going on. PAY Attention to the Video especially if you like many others don't really pay attention to the Prompt when Installing updates in the custom mode.

The catch when doing it the custom way is, when it is complete the Next Prompt should be to restart your computer so I pretty much just click the next or restart button Without Paying Attention. I know those of you out there know what I'm talking about. Anyway Long story short, Watch the Screen capture Below. It isn't the Best Quality.




If you want a FREE open-source Screen Capture Program, this is the one I used.

http://camstudio.org/

9.1.08

Nationwide alert is issued for missing Lancaster oil truck

Have you seen me?

January 9, 2008


DENVER, Pa. (AP) — A nationwide alert is out for a fuel truck that was stolen from Leffler Oil Company in Lancaster County.

The 1992 truck has Leffler markings on the doors but not on the tank.

The truck was last seen parked at a fuel station on North Sixth Street in Denver, Pa.

The alert went out on Monday when a driver noticed the truck was missing. The truck was carrying about $3,500 worth of a low-sulfur fuel.

The truck is valued at $25,000.

http://www.globalincidentmap.com/eventdetail.php?ID=6634

__________________________________________

Commet DC admin:

Notice how they try to SCARE you with the remark "low-sulfur fuel". Do you know why? Because this is the same type of Fuel used in the OKC bombing that was mixed with fertilizer[ammonium nitrate].

What is low-sulfur fuel?

In simple speak, it is #2 Diesel fuel or as some in areas where they use it to HEAT their homes call it, 'Heating Oil'.
The low-sulfur part is about Vehicles that use Diesel such as the Very Truck used to transport it and Many other Big rigs on the road today which emits less pollution. High-Sulfur #1 fuel is used in Farm equipment or Off road equipment and is DYED RED.

Speculation:

I can almost bet this FUEL was stolen because people that use it for Heating can not AFFORD it, and if the person responsible sells it for Half price he'll make a pretty penny and make the buyer nice and warm. If he doesn't get caught.

However, We can not RULE out a Truck Bomb. So have you seen this truck, or one like it? If so Contact your local Law Enforcement. Oh yeah, It will probably have NO NAME [Leffler Oil Company] on the DOOR's any more.

6.1.08

Hackers from China force Pennsylvania to shut down state government's Web site

Could all the recent hacks from China just be a way of covering up domestic hacking? I say this because if you the General American Public knew this was happening from within your own country, you would 5hit even more.

"Administration spokeswoman Mia DeVane said there was no reason to think anyone's personal data had been compromised."

Would they really tell you if it was?

I also wonder if this is another attempt to sway the Vote in the upcoming election. Pennsylvania with 21 electoral votes is a large state and could be in the running again this year as the swing state.

http://thestar.com.my/news/story.asp?file=/2008/1/5/apworld/20080105085041&sec=apworld

HARRISBURG, Pennsylvania (AP) - Hackers from China infiltrated the Web site of the Pennsylvania state government, but officials said they found no evidence of damage.

Four state departments had security problems with their Web pages, leading to a decision to take down nearly all of the state's Internet site on Friday morning.

Office of Administration spokeswoman Mia DeVane said there was no reason to think anyone's personal data had been compromised or that any damage occurred when a hacker "got into what we would say is a back door.''

By late afternoon, nearly all of the state's site had been put back online. "It was more that we needed to take down those sites to make sure a virus couldn't spread,'' she said.

The problems arose at pages of the departments of Labor and Industry, Education, and Military and Veterans Affairs, as well as the Pennsylvania Lottery's page.

Investigators tracked the source to a domain registered in China, she said.
Wow, they traced it to China. There are many different ways I could make you think I hacked you from another place than from where I am actually at.

It is not unusual for the state's computer system to be the target of hackers, but having problems at four separate branches of state government prompted the decision to take down nearly the entire system, she said.

DeVane said Pennsylvania's information technology officers learned during a conference call held by the Multi-State Information Sharing and Analysis Center that four other states and one state university had been attacked in a similar manner.

3.1.08

Digital photo frame contains Virus/Malware part2

In a previous post HERE
we learned of people either buying or receiving NEW hardware loaded with a virus or malware. While the reports speculate that this is not widespread, or in the wild, this can not by any means be the end of this. Since most,'not unlike myself' do not suspect a NEW device to contain a virus, we don't even think of looking/scanning for it on said device. This being the case, I am sure there are many others out there in the world that have become infected in this manner and don't even realize it.

In my previous post on this subject I said:
"Well the who seems fairly easy. Correct me if I'm wrong. The who is China. I say this due to the fact most of these types of electronics and damn near everything else comes from them. Under the Direction of whom is all together another Question."
This appears to have been somewhat CONFIRMED in this latest post from SANS Internet Storm Center where a reader reports, "Google-ing the name of the virus executable turns up three Chinese-language links."

What makes this all the worse is that some have an autorun.exe file. For those that don't know/understand what this is I'll try and simply explain. You know when you put a music CD or a movie DVD in and it starts Automatically, that's what autorun does. If this is the case, there is NO WAY to SCAN the device to detect the infection before it runs.

As I stated before this is BIG, and NO telling how many devices are infected without people realizing it.
_______________________________

http://isc.sans.org/diary.html?storyid=3807

Digital Hitchhikers Part Two
Published: 2008-01-04,
Last Updated: 2008-01-04 02:51:08 UTC
by Marcus Sachs (Version: 1)

Several days ago David Goldsmith posted a diary concerning a digital photo frame that came with a value added feature. Since then, two more readers have sent us notes concerning malware on digital photo frames that were purchased or received as Christmas presents last week. We've been in contact with the security team of the retail store chain where they were purchased as well as the product vendor and both swear that no malware is on the units they are selling.

So, dear readers, here is your first project for the New Year. If you either purchased or were given a digital photo frame, GPS unit for your car, external hard drive, or any other device that connects to your computer via a USB cable and
appears to your operating system as one or more mounted drives, please let us know via our contact form if you experienced any suspicious behavior that smells like malware.

To give you an idea of what we are talking about, here are edited excerpts from the three notes we have received so far:

First notification.

Behavior after attaching the USB digital photo frame to the PC:

1. MSCONFIG would not run - it would briefly open and then terminate

2. Blue screen when starting in safe mode

3. Many antivirus websites would result in browser terminating

4. Various popups for random name.exe "not valid image messages"

Using the CA AV2008 product, a new aggressive virus named Win/32Mocmex.AM was found on the photo frame (filename: kwjkpww.exe ). No detailed info on it is listed yet in their database. (More information was later available at http://www.prevx.com/filenames/394470622808329496-0/KAWDHZY.DLL.html.)

Second notification.

The attached file is from a digital picture frame. This file was originally named "autorun.inf", was marked as a hidden, system file, and was located along-side the sample pictures shipped with the picture frame. The program file launched by this autorun was deleted, but is a variant of the trojan Win32/Agent virus. This file was also marked as hidden.

It did appear all seals were intact and the product was carefully wrapped when it was unpacked. However, I can't say for sure that this frame was not a victim of a prior connection.

The virus scanner I'm using tagged the virus .exe file "cfhskjn.exe" as shown in this log entry:

Threat Name:Trojan:Win32/Agent

Detection Date and Time:1/1/2008 4:23 PM

File Name:G:\kwjkpww.exe

Threat Severity:Severe

Threat Category:Trojan

Threat found by On Demand Scan:(ANTIVIRUS_ONDEMAND)

Threat Status:Removed

so I'm thinking it was not the autorun.inf worm or "silly worm" as described in this link. Although I've not dug into this particular .exe code that was found on this frame, the classification as a Win32/Agent threat tells me it is not of a worm (self-propagating) type and behaves more as a Trojan threat.

Google-ing the name of the virus executable turns up three Chinese-language links. Using the Google-translate function, you get this web page from the first link:

http://tinyurl.com/28w8vc

which tells me this virus has been in circulation since at least Oct 30 of 2007.

Third notification.

I too connected a digital picture frame to my computer and received the nastiest virus that I've ever encounterd in my 20 plus year I/T career. The product vendor tells me it's not true however I know exactly what, how and when. The virus absolutely came from the frame. Is there any way to cooberate this?

This virus was indeed on the frame. It propagates to any connected device by copying a script, a com file and an autorun file. It hides all systems files and itself while completely eliminating the user admin ability to show hidden files. It creates processes that negate any attempt to go to anti virus and anti spam web sites. It prevents the remote installation of any anti virus components. I was able to remove it by using the attrib command to unhide then delete the files, then run Symantec anti virus. I also manually deleted the files from my USB drive and and flash drive that I used to back up my data. I then had to long format and rebuild my computer because I had no trust that it was safe.

I was using my computer the morning that it crashed without any troubles at all. I web mailed, VPN connected to my business network which is FDA regulatory compliant and very secure. When I completed my work I then connected the picture frame and my system immediately went crazy. After this happened I ceased to use my system and went to a second computer here I your publication that re-enforced my immediate conclusion.

By the way, I also received a digital photo frame for Christmas but have not had any problems with it other than the resolution totally sucks. But that's a subject of another diary some day. The GPS unit I bought in November mounts as a drive letter in Windows but it too had no malware on it. We are pretty certain that this is not a wide-spread problem but we need to know if others have experienced anything like this. Please use our contact form to report any observed malware-like behavior in any of these external devices you recently purchased or received as gifts. Please be sure to include information about the model name, where you bought it, and if you've been in contact with the store or product vendor. We'll provide a summary in a few days with details on what was reported.

Many thanks to readers Edd, Larry, and Rick for bringing this issue to our attention.

Marcus H. Sachs
Director, SANS Internet Storm Center

2.1.08

Military Issues Warning on Chinese Hackers

I have known about China hacking various nations for awhile. They[meaning you know who] try and keep things like this from making the snooze in the USA. Hell, I'll go as far to say that 85% of all hacks come from China. At least thats what my Smoothie tells me.

Military Issues Warning on Chinese Hackers

By Jung Sung-ki
Staff Reporter
01-01-2008
http://www.koreatimes.co.kr/www/news/nation/2008/01/205_16537.html


The South Korean military has issued a warning that computer systems of soldiers and defense institutes have become the victims of presumed Chinese hacking activities, a military source said Tuesday.

The source said hackers, believed to be Chinese nationals, penetrated computers of soldiers by sending e-mail involving hacking programs falsely titled ``the situation on North Korea's arms power.''

``We are now investigating several cyber hacking cases believed to be conducted by Chinese nationals based on evidence that the hackers stole information stored in soldiers' computers,'' the source said, asking not to be named.

The hackers appeared to have penetrated Web sites of military units and retired soldiers to steal e-mail adresses of individuals registered to the sites, he said.

The Defense Security Command recently distributed up-to-date vaccine programs to service members as a precautionary measure, he added.

Cyber attacks from China have become frequent and aggressive in recent years, according to reports.

The Chinese military created a cyber-hacking unit named ``NET Force'' in 2000 operated by about 1 million hackers, the reports said.

In 2004, the state-funded Korea Institute for Defense Analyses was hacked by a Chinese person.

Reports said last year Chinese military hackers were preparing a detailed plan to disable America's aircraft carrier fleet as part of an aggressive push by Beijing to achieve ``electronic dominance'' over each of its global rivals by 2050, particularly the United States, Britain, Russia and South Korea.

The U.S. Department of Defense said China's military regards offensive computer operations as ``critical to seize the initiative'' in the first stages of a war.

gallantjung@koreatimes.co.kr
Of course you do know who pretty much controls the South Korean government;.........don't you? Of course you do.......