Friday, August 31, 2007

Security: gotcha! just a hoax

I forgot jokes, or hoaxes if you will, using javascript exist nowadays, all I ever encounter were malware, badware, c***ware.




MissU!~miau@92.80.144.168 MSG!#bucuresti http://sg.geocities.com/viceadmiralcongo/dont_click.htm

Don't worry, it's a pure annoying javascript joke (at the point of writing). Imagine a lot of windows or info boxes popping up and alerting you one by one... now imagine clicking "OK" each time ;) You can stop imagining and follow the link above. Sometimes this kind of jokes can be educational, making you aware of several dangers hidden to the eye (that is if you don't check the source of the website).

I love the singing part:
...
alert("Jingle bells,");
alert("Batman smells,");
alert("Robin laaaaaid an egg,");
alert("Batmobile lost its wheel,");
alert("And Joker's really gh3y,");
...

Wednesday, August 29, 2007

Security: script kiddies have switched to IPv6

My 101st post - wow! Anyway, it seems like (mirc) script kiddies have decided to play with IPv6 from now on:



Free4U!~dfgdgd@ACA67BD9.ipt.aol.com MSG!#romania
Just Free!!! http://1050180165/horde/config/update/www.microsoft.com/vista/download/filename
(where filename = update-vista.scr)

Notice the "1050180165". The IP is the new shiny IPv6 (click to read more about it on Wikipedia). The file is a trojan mirc script, allowing the controller to do whatever he wants with your PC. Imposing as a "microsoft vista update", the controller will probably have several hits. Fortunately, it's detected as Parite.B by most antivirus vendors, as tested in Virustotal.

The IPv6 will be a problem to be detected by some IRC channel protection scripts. Thankfully, without the http:// part, it is not clickable, therefore not easy for the newcomers to copy&paste.

Tuesday, August 28, 2007

Motherboard went *puff*

No, this blog is not dead yet, although my motherboard is. R.I.P. K7N2 Delta2-FSR...

I couldn't turn my computer on for two whole days, I tried almost every "dirty" trick and I finally decided to buy a new one, which took almost a week. Apparently my 4-year old motherboard choked out of the many hours of uptime (one more reason to turn it off every now and then) :(

At least I managed to pull 350€, money meant for "emergency" only. Some could say this was really an urgent matter and since I was buying new stuff, I didn't want to spend it on some old junk. I prefer to buy something that will last for a lot of years. Hence, this is my new computer:

SYSTEM INFORMATION
Running Ubuntu Linux, the 4.0 release.
GNOME: 2.18.1 (Ubuntu 2007-04-10)
Kernel version: 2.6.20-16-generic (#2 SMP Thu Jun 7 20:19:32 UTC 2007)
GCC: 4.1.2 (i486-linux-gnu)
Xorg: 7.2.0 (04 April 2007)
Hostname: ubuntu
Uptime: 0 days 0 h 17 min

CPU INFORMATION
GenuineIntel, Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Number of CPUs: 2 (Oh yeah!)
CPU clock currently at 1998.000 MHz with 4096 KB cache
Numbering: family(6) model(15) stepping(11)
Bogomips: 4658.47
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr lahf_lm

MEMORY INFORMATION
Total memory: 2027 MB (2x1GB Kingston)
Total swap: 996 MB

STORAGE INFORMATION
SCSI device - scsi0
Vendor: ATA
Model: WDC WD800JD-00MS
SCSI device - scsi1
Vendor: ATA
Model: WDC WD3000JS-60P

HARDWARE INFORMATION
MOTHERBOARD
Host bridge
Intel Corporation 82P965/G965 Memory Controller Hub (rev 02)
Subsystem: Micro-Star International Co., Ltd. Unknown device 7235
SOUND CARD
Multimedia controller
Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 02)
Subsystem: Micro-Star International Co., Ltd. Unknown device 7235

NETWORK
1GB/s LAN
512/128 ADSL (Serbia's a *bit* back on modern stuff)

NVIDIA GRAPHIC CARD INFORMATION
Model name: GeForce 7300 GT
Card Type: PCI-E 16x
Video RAM: 256 MB
GPU Frequency: 350 MHz


Two tiny problems though:
- It looks like the DVD-RW drive can't boot any live cd; And no, it's not the CD or DVD! I'm going to need another 20€ for a new DVD-RW drive, but it is burning media as well as it reads them, so I'll postpone that for now.
- I also have a Parallel ATA (PATA?) in, which the BIOS and the Windows XP operating system detect, but Ubuntu Linux doesn't. Maybe I should reinstall the operating system, or I'll just wait for 7.10 to arrive, since I'm flushed out of "emergency" money :)

- 512/128 kbits/s ADSL will have to be downgraded to 256/64 until I get my emergency fund back up. I never risk that fund!

Thursday, August 23, 2007

Still here, no reason to panic!

You're probably wondering where have I been these days. Well I've added a gallery called "Ελληνικούρες" (pronounced elinikures). The general idea of the gallery is pretty much like Srbovanje in Serbian - you find a picture that makes people laugh, you upload it and share it with your friends!
It has to be connected with Greek, but you're all welcome to fill it up with goodies (there's an approval step, when a moderator will take a close look at what you're uploading)!

A forum will be added soon to the Ellinikoures project, as soon as I see that everything "rolls" well.

Monday, August 20, 2007

Security: Sohanad and win32.VB worms still alive

Sometimes Godaddy and their affiliates, i.e. Servage, make me wonder just how effective their actions are against their own clients that abuse godaddy's ToS (Terms of Service).
One of the things that made me consider this as a blog topic is their apparent inaccessibility to shut down the main domain names. For those who don't know what's going on, the story goes like this:
- thecoolpics.net was ended, after some 6+ months of running the Sohanad.* and win32.VB.* worms
- thecoolpics.com and quicknews.info redirect to a new target as of yesterday, as far as I can tell: http://72.232.123.170/~windy/ auct_photo/temp/ (deliberately put a space between, do NOT visit the website)
- The exploit used here is a VB script exploit, which is actually encoded using Javascript
- The exploit downloads YMworm.exe and worm2007.exe which can be found in the same folder the above mentioned link
- YMworm.exe is actually an AutoIt script and gives a bad name to the good folks of that project. worm2007.exe is just a "backup" program as far as I can tell. It connects to thecoolpics.com and tries to download these two programs from there, probably used when the websites, this lamer (langnghe.net owner) hacked and redirects to, go down.

Final comment: They might be cheap & good in sales, but their abuse team doesn't handle reports very well.

Removal tool: Cwean antimalware package

Update: If you try a Google search for the old hacked website, http://horse.he.net/~dynasty/albums/style/, you'll notice a nice warning message ;) I sure hope they applied that in the Web Forgery system implented in Firefox

I did a google search on the IP of the new one, I found another exploit: http://72.232.123.170/~hotcam /AutoVoLam.html (deliberate space added between) - downloads spider.exe from the same directory.

Saturday, August 18, 2007

Websites: Shop with Ashop

There are times I regret that I'm Cypriot/Serbian. Mostly because websites like Amazon and Ebay are all abroad and I have to pay several extra dollars for shipping & handling. If I was in a big first-class country, I'd surely pick up a local e-shop to do my online shopping; speaking of that, Ashop has a lovely presentation on the internet, providing the essential eye-catching shopping cart software for Internet trading businesses. Get your shopping cart ready and we're going in for a review!

Although you might not have an "e-biz" to test it, you definitely have to consider the features provided here:
- Easy shopping cart management
- You don't have to be a programmer to use it
- Free tech support
- Free trial period
- Live presentation (which most companies don't have)

You can choose between 4 pricing plans to suit your online business currently listed as: Light, Ashop 500, Ashop 2000 and Ashop Plus. Each "step" of the plans provides more and more features for e-commerce managers.

To sum it up, I'd say they have what it takes to become one of the few good leading ecommerce software companies. They say they will help their customers with all the steps required for a successful start-up, they gear them up with several easy-to-use editors to customize their websites as much as possible and their tech team is also there to help when things go bad ("oops, low value for load average!").

Friday, August 17, 2007

IRC: irssi 0.8.11 released

In case you're wondering whether there is an advanced IRC for console (KDE konsole or GNOME terminal), irssi is the application for that. Unfortunately, Ubuntu Linux does not provide the new version, only in backports, where most applications are 'shaky'.

Well I've downloaded the application from the packages.ubuntu.com website (here's a direct link to the irssi package, i386 and amd64 compiled). The dependencies can be satisfied with the feisty packages, so it's good to go! I've been using it several days now and I haven't detected any bugs, in fact they fixed most bugs I reported (The joys of open source programming).

When you download the .deb, just double click and hit "install package", it will ask for the administrator password (and you type it of course). Then just open your terminal/konsole (preferrably maximize the windows) and type: irssi

IRC: mIRC 6.3 released

There you have it, from 6.21 a major jump to 6.3, one of the most popular irc client programs. You can grab it from mirc.com. I'm not a Windows fan, so this is beyond my 'reviewer cap', but I'll present the changelog in short:
  1. U3 support.
  2. Full Vista compatibility, all your saved data will be in Application Data\mIRC by default.
  3. mIRC is installed according to your administrator/standard user account.
  4. Traytips are integrated and the balloon messages will be available only if mIRC is not the active application.
  5. Minor bugfixes and updates
Read the rest here.

Thursday, August 16, 2007

Security: undetected trojan - svhost.exe

Some people really believe their antivirus software is the best... Here's a proof that they're not. This malware (trojan) is packed with Themida, which most antivirus companies have not yet bothered to include in their blacklists. Not that I'm saying it's good to blacklist packers, but at times I really wonder if it's better than waiting for someone to use it, pack their malware and start spreading it.

Spammer: Fetitz{-A-}!~Ghici@Lov3You.users.undernet.org
Message: poze cu mine si filumete de sex cu mine http://zenzion.net/filename si pe cine intereseaza id meu sexyandreeeaaa pt cei care vor o noapte frt ieftin :) pt mai multe detali intrati pe id meu :) fac si masturbare prin web ce doriti voi :) http://zenzion.net/filename http://zenzion.net/filename http://zenzion.net/filename (language = romanian, filename = album.rar)

album.rar contained poze.exe, which I've sent to be analyzed using the Anubis project, here are the results.
The executable creates a connection with Undernet IRC Network, waiting for its creator to remotely control and abuse!

Main program: C:\Windows\system32\svhost.exe (the legit one Windows uses is svChost.exe)

MD5 Hashes:
7560272abe35a5b1092779f407c7f03c poze.exe
efc6a66e2884e2d77dab32f7725f31d4 album.rar

I've tried to upload the program to the Kaspersky website, and guess what - it doesn't allow more than 1MB to be uploaded. The archive/executable were about 1.4MB.

Removal tool: Cwean antimalware package

Computers: When printers don't work...

This is why I never use a printer, they're sooo evil!

Operation Sleepwalk (Part II)

Resuming from this article...

Relaxation - How relaxed are you? Were you feeling comfortable lying all day in bed? Well, studies have shown that relaxation level does not provide a good sleep. And this does not include yoga, since stretching your legs to a perfect 180 degree or curling it around your neck is actually a (painful at start?) form of exercise

Working out - Your body begs for attention, as does your brain. And I'm surely not recommending working out 10 consecutive hours. That is called exhaustion which further causes debilitation, not exercise! (double click for word definition) I personally have to say that my sleep is better after a 1km walk, 2x1=2km in total if you consider going back to your original starting point (For the American readers: 2 km is about a mile).

Computer gaze - As much as I hate to say it, hours you spend in front of your computer deteriorate your eyesight, make you fatigue (especially programmers gamers and article readers/researchers) and above all gazing at a computer all day can really worsen and aggrevate your sleep. Shut down your computer and take a look outside - there's a whole new world out there just waiting to be explored! You do not need Blizzard to make you a knight with +1 brain skill!

Well this article has come to an end. I hope you liked all the recommendations and suggestions pinpointing problems in sleep and sleepwalking (I might concentrate in insomnia next time). I also believe that after this article you will reconsider at least once before taking medicaments called sedatives :)

Wednesday, August 15, 2007

What was John thinking when Andrew wasn't?

I just had to post this! It looks like someone woke up on the wrong side of the bed... I must admit I've never seen the website John refers to (neither Google Cache nor WayBack provide a link).
He forgot one thing though. With all the ranting going around, John forgot that he is actually providing free traffic and PageRank from a 6/10 website to a minuscule 1999-style blog as he wrote. Bad move #1!

On the other hand, Andrew at andrewtalk.com received free traffic and a mega link from a money making baron. And what did he do? Take the website down for complete re-construction. Bad move #2!

Seems like this person didn't appreciate the "lovely" review from JohnChow. If I were Andrew, I'd make a million dollar homepage instead of a poor "to do" notification. Make bad publicity into good advertising campaign. Come to think of it, he'd definitely gain some Agloco points.

Well my blog isn't that bad I guess, since I dare to post things like this, the only stuff that's not mine on this blog are the images, for which I give a damn good credit with links and quotes.

Tuesday, August 14, 2007

Security: @RISK Newsletter

@RISK Newsletter and Tippingpoint warn about the security of the following widely used software:
(1) CRITICAL: Multiple Cisco Products Multiple Vulnerabilities
(2) CRITICAL: VMware ActiveX Control Multiple Remote Command Execution Vulnerabilities
(3) HIGH: HP OpenView Products Multiple Vulnerabilities
(4) HIGH: Symantec Norton Multiple Products ActiveX Controls Buffer Overflow
(5) MODERATE: Microsoft DirectX SDK ActiveX Control Buffer Overflow
(6) MODERATE: Astaro Security Gateway Multiple Vulnerabilities

I'd consider a full update/upgrade along with a set of tutorials on how to do it by the products mentioned above, especially VMWare & DirectX users ;)

I'd also like to recommend to use a Mozilla Firefox addon, NoScript, which I personally endorsed a year back and still love it!

A minor news, a new virus has been found called 'Storm Worm'. Read more about it here.

Monday, August 13, 2007

Software: High volume caused poor sound output in Ubuntu Linux

I've noticed a month ago that sound while playing several mp3 songs in Ubuntu Linux has deteriorated. The sound was fine and more than perfect while using Windows XP, and I couldn't remember changing anything.

Then it struck me and I almost yelled "Eureka". I'm using Rhythmbox in Ubuntu so I thought of checking the volume, because I remembered that too high values could cause a bad output!
So I went to Applications > Sound & Video > Volume Control:
I set it to about 90% and the sound was better already, then I went to alter Rhythmbox's internal volume bar:

There, all done! Who said Linux can't be a breeze? It needs some substantia grisea to work though.

Sunday, August 12, 2007

Care

How careless of me, in the need to study and the urge to fill my website with my thoughts as much as possible, I forgot a smart topic I started a couple of months back: Trust. In trust lies the truth or vice versa. But what if trust isn't good enough? What if someone or something is neglected and forgotten, because of the many responsibilities we have in this modern world we live in? What if...

There are many "what ifs" buzzing currently inside me, I'd get lost in the list of them just to put them all down! But who cares? "Hm, care." I mumbled just a few seconds ago, "Interesting word - and topic!".

Browsing answers.com the other day I figured this would be a nice way to test just how readily the Answers website provides a researcher with accurate results. And I was amazed to see that people care for a lot of things: children, money, fame, ratings, family, any objects that remind them of the past or which help them to face towards the right direction...

A troubled or anxious state of mind - strong feeling.
A cause to distress or anxiety - strong cause of feelings.
Careful forethought to avoid harm or risk - strong precaution.
Attractiveness to detail - strong focus and attention.
...watching, guarding, or overseeing - strong protection and providing of guidance.
Systematic application of remedies to effect a cure - strong will to help a fellow human in need using medical knowledge.

All these terms are correct and that's what they are; just terms and explanations. What about the practical real world feeling? The care for children? The attention to the homeless? The help for the neglected, the protection of the family, the urge to cure an ailing person, the need to preserve the environment? All these questions are also problems of the real hard cold-blooded egoistic community we live in, and these problems won't go away on their own. Someone has to care; let that be us!

Volunteers subscribe all the time on various topics, find a project that you'd like to help and just show a sign that you care, by any means possible. The world needs you, the Earth needs you, that chair you're sitting on right now doesn't. Stand up and face problems, be part of something good. Pick up a can of Coke and throw it in the trashcan. Hold the hand of a HIV-positive person with AIDS syndrome. Give a hug to a little abandoned girl (and watch your pockets, I said help and care, not be stupid).

I hope that I've motivated you and you're already on the way somewhere and I believe I've put some light to the right pathway-websites for adequate information on each topic.

Friday, August 10, 2007

Bad Websites: summer.7p.com - do not buy!

Sizzlin rip-off! The owner of this website is the notorious scammer Mike Ogden (or mogden) from Canada. This person pretends to be selling goods on the internet at prices that no smart person would sell, as they'd have to used for 10 years to reach so low prices.
In short, if you know what's good for you:
DO NOT BUY ANYTHING FROM MIKE!

The website is marked as bad in WOT, an addon for Mozilla Firefox internet browser. It's a good plugin to check whether a website can be trusted or not.

The Canadian police doesn't give a damn about that, he's spamming on the irc about "cheap sales" and rips off people by receiving the money and never sending any goods.
The email he uses at the moment seems to be summergoods@gmail.com - Send him my "regards" ;)

Thursday, August 09, 2007

Websites: Smart Smorty

I've just been approved on Smorty, and I give them a personal big thanks for giving me a chance! Have you ever considered getting paid to blog or even blog advertising? Blogging for money isn't a first thing, there's a dozen of bloggers out there making a living out of simple reviews. It's good to have high ratings on google searches, as smart bloggers can identify what's hot and what's not (we've been through Google Trends).
Smorty is one of many outstanding service networks which actually connect those who want to be advertise and those who, well, like to get paid to review (or advertise if you will). This way, bloggers not only express their personal mind into some products sold or advertised in the Internet, but also they can earn a respected amount of money by doing it.

The only thing bloggers must be aware of is that they pick the right reviews for their websites, merge it somehow in their content. Smorty is actually a new service, I expect to see it grow as my website grows as well :) It has a well-organized website, easy to use as far as I've seen, no extra images, not bloated with 3rd party advertising content, just pure text and links and of course some pending advertisers that would love to be reviewed.

Give it a shot, you'll probably have to wait a couple of months if you own a new website, but it's worth the wait! While you're waiting, you could impress them (any reviewing service can be impressed) with some free reviews of products you personally adore.

P.S. You can browse through my reviews so far by clicking on the reviews label below

Tuesday, August 07, 2007

Medicine: Operation Sleepwalk

Sleepwalking (somnambulism or noctambulism)is a serious sleeping disorder, which can be caused by a number of reasons, all building up together to the event of sleepwalk. Sleepwalking does not necessary imply just 'walking', the persons who suffer from this usually begin activities that are normally associated with or supposed to be done while awake, but instead they occur while asleep or in a sleeplike state.
Sleepwalkers can remember several stuff that happened, but not everything, just like when a person tries to remember their younger years and all they get is just bits of memory (leftovers as I like to call them). On the other hand, they could also not remember anything.

What can cause it? I can name a million reasons, but let's be more specific for the real world:
  • Smoking - Nicotine, one of the chief ingredients of cigarettes and a poisonous alkaloid (C10H14 N2), and the number of cigarettes you smoke daily may increase your awareness, but they also increase your stress and wrath levels disrupt your healthy portion of sleep each day.
  • Stress level - Stress is an important part of nowadays life, people running around just to reach their goals - whatever they may be - always trying to achieve as much tasks possible for the day. This can make a person anxious and that's definitely not good for anything.
  • Emotional state - It's very important to be or feel relaxed at least an hour before sleeping. Being tense even when going to sleep could resort to nightmares and of course sleepwalking.
  • Food - Spicy food has been mark as bad for a good night sleep. Bad indigestion could also play an important role here.
  • Alcohol - Wine, beer, whiskey and all beverages that contain alcohol
  • Caffeine - Compared to nicotine, this baby actually tries to help you stay awake, even when your brain requires some rest. Drinking lots of coffee cups while you require to sleep is a really bad idea.
To be continued...

Sunday, August 05, 2007

Security: Undetected potential malware spammed at IRC

I'm not sure if both of the files are malware, but the latter is surely something, if you take a look at the file analysis by the Anubis project. The files were scanned with Virustotal.

#1 where filename = album.exe
Analysis of the file
OnA|R!~Spumant@OnAIR.users.undernet.org MSG!#bucuresti
care vrea sa vada un album erotic al unei fete de 22 de ani din bucuresti ? romirc.com/site/filename

(Romanian - something about an erotic album of a 22-year old girl from bucharest)

#2 - where filename = Maria_Lena_YouTube_Video.avi.exe
Analysis of the file
maria19d!~maric@ACB173A2.ipt.aol.com NOTCCHAN!#cyprus
hi sou, me lene maria kai ime skyla!! an thes na me deis sto youtube video pou ekana me mia fili GYMNES pata edo ->
http://www.top10asians.com/filenameServer

Anikiti19!anikiti@216.131.100.184 NOTCCHAN!#limassol
hi sou, me lene maria kai ime skyla!! an thes na me deis sto youtube video pou ekana me mia fili GYMNES pata edo -> http://www.top10asians.com/filenameServer


(the actual file that can be downloaded is without Server at the end - the language here is Greeklish [greek using latin characters], it says the file is a youtube video, pretends to be a porn video)

Important executables:
c:\program files\windows media player\wm player.exe
c:\windows\system32\Registry3311.exe
c:\windows\system\Full_Video_View.exe
c:\windows\system32\Uninstal.exe

The file #2 is added in the list Add/Remove programs of Windows as MyProduct

Removal program suggestion: Cwean antimalware package

Saturday, August 04, 2007

Science: Smokin' star

(The image is not part of the article) Astronomers from France and Brazil have detected a huge cloud of dust around a star. This discovery is evidence for the theory that such stellar puffs are the cause of the repeated extreme dimming of the star.
Patrick de Laverny, leader of the team said:
Two hundred years after the discovery of the variable nature of R CrB, many aspects of the R CrB phenomenon remain mysterious.

Friday, August 03, 2007

Studies: The journey begins... again!

August is a critical month for me, I have to choose between fun and studying. I chose studying :) I might delay some days on displaying news, but this blog will always be here to bring something exciting! Bear with me, you don't have anything to lose if you subscribe at my feeds.

Have a lovely Friday night!

Wednesday, August 01, 2007

Websites: Blog to get blogulate.com'ed!

Well I was reviewed for a change, and I requested negative or positive review. The outcome was a quite lovely (and positive!) review by thinkdj. His "thing" is internet an technology, as I can see from his posts. Short interesting posts, always to the point and of course accurate to the public standard requests (what people like to read). As a part of the website's promotion, if you'd like to get a free linkback and increase your PageRank in Google search engine, you'd have to pay him a visit.
Some of blogulate.com's most recent posts:
Bye Bye desktops
‘Genuine Windows’ on Ubuntu (you just have to read this!)

Software: Mozilla Firefox 2.0.0.6 released

Mozilla Firefox 2.0.0.6 is released on the 30th of July 2007. The changelog consists of two major security fixes, apart from the older updates (I mean the whole firefox v2 updates). You're strongly advised to update as soon as possible (ASAP). For known issues and further release notes, read here: http://www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/

Spam: Replying to spammers (Part II)

It's been some time, but it's not my fault GMail has a good spam protection or its users have great high IQ to distinguish an email from a spam email. You can view the second spam mail that passed through published on Google Documents.

This time it looks like yours truly (to be accurate 'my email') is congratulated of winning something; "Congratulations Your E-mail Won". Further reading gives some more details, i.e. it has to do with the UK National Lottery - wow! Although I've been to the United Kingdom twice in my life so far, I can't really say that I've given this email anywhere, because this email is just several months old. Now the tricky part: who to contact? As expected, they use a free email provider, such as Yahoo, and in order to make it more credible they used a .co.uk one - yahoo.co.uk! I must tell you I believe in miracles, but I don't intend to give my personal details to one ;)

Try again spammers.