The War on Spam Has Begun!

Several events this week indicate that the war on spam has begun. First, President Bush has signed the "Can Spam" bill which can impose fines of up to $250 per spam message on those that wish to send unsolicited emails. This bill is interesting and of course has several loop holes but I still think it is a good thing. Even if I get 1 less piece of spam a day I'll be happy!

The state of Virginia has indicted two North Carolina men charging them with violating Virginia's antispam laws. Because these guys falsified their identities in the messages, the charges were elevated to felonies. One of these guys is rated the 8th worst spam offender on the Internet. It will be interesting to see what happens.

On Thursday The state of New York and Microsoft files suit against Scott Richter, one of the world's most prolific spammers. Again, the suit is based on the fact that the spam messages use false names as the sender of the message. I don't know about you, but I would be a little nervous if Microsoft was after me! He better have the proper licenses for his software!!

Let's hope this is the beginning of the end of spam. I don't think in the short term that these events will have a major impact. But I do believe it will help. I will be monitoring my spam during 2004 to see if all this legal activity and the spam filters that have been installed on our mail servers and in Outlook 2003 have an effect. What's your bet?

Here is an interesting website devoted to information on spam: The Spamhaus Project

Microsoft Offers $5 Million Reward Money

What to do with all that cash? Wednesday Microsoft announced a $5 Million reserve fund to offer rewards for information leading to the capture of persons responsible for creating various types of cyberproblems (I think I made that word up). The first two targets are the creators of the MSBlaster worm and the SoBig virus. They are offering $250,000 each for information leading to the arrest of the bad guys that created those costly nuisances.

If you think you have information and are interested in getting that $250K you can contact any one of the following:

Any local FBI Office
Interpol [Click Here]
The Internet Fraud Complaint Center [Click Here]

Good Luck!

Solar Flare Could Disrupt Electrical Devices

In case you haven't heard, there has been some solar activity over the last couple of days that has thrown storms of electrical particles at the earth. For the most part although the storms have been notable, they have been relatively harmless. However, a storm was released this morning (10/28) that is the strongest since 1989 and the third strongest on record. In 1989 the storm triggered power outages in Canada. There are some technical variables that may effect how hard we are hit, but the storm is in a direct path to the earth and is expected to hit around noon Wednesday (10/29).

Besides a real colorful sky, satellites and other electrical equipment could be affected. This could include power outages. The storm will last for several hours with the potential for problems decreasing as time passes.

In addition to pulling out the old lead umbrella I would suggest that you be alert for potential issues that could affect your IT equipment. If the power does go out shut equipment that are on UPSs down and power off everything. After the power comes back on I would suggest waiting for a short period before powering everything back up. Many times surges will occur immediately after power is restored that can cause problems.

This should be mostly harmless other than the fact that your cell phone may not work for a while. But it's always better to be prepared! For more information click here.

Fake FBI Site Stealing Information

It starts with an email that appears to come from the FBI. The email message lures the user to a website that has the official FBI look and feel. The site lures the user to enter personal credit information so that it can be checked against a database of stolen credit cards.

The problem: It's all fake. The credit information is actually being stolen.

My question: Why would anyone ......

Do Not Call List Under Fire

The status of the Federal Do Not Call List is up in the air. First a judge decided that the FTC did not have the authority to operate the list. Congress quickly fixed that by clarifying the original law. And now another judge has said that the list prohibits free speech to commercial enterprises because the law excludes charity and political calls and picks on the poor marketing people.

What about the free speech of the 51 million people who have said they do not want these calls? Is no one listening. If 51 million people do not want my product or at least do not want to have it sold to them at 7:30am on a Sunday morning over the phone then I think I would get the hint.

I have an idea. Let's forward all these calls to the judges that are making these ridiculous rulings. At least let's get them all to move to California. I'm sure they could keep themselves busy there and let the 51 million of us that want to eat dinner uninterrupted by sales calls have our way.

Microsoft Takes Another Hit

It seems like Microsoft can't win lately. First, there's the monopoly thing, then all the security issues and of course the licensing that everyone seems to hate. If that's not enough, a group of 7 IT security researchers has published a paper claiming that the fact that Microsoft has an operating system monopoly is a critical national security risk.

Their premise is that because of the dominance of Windows and Office, a flaw might be discovered and if exploited would bring our whole cyberworld crashing down around us. In light of this potential disaster they are suggesting that businesses and governments factor in diversification of operating systems and applications. In addition to making Microsoft look like a potential terrorist nation, the authors claim that it is us purchasers that are dumb enough to let this happen and actually state that "the blame falls mostly on the buyers".

Some times propeller heads make me laugh but today my Microsoft stock went down $1.14! I think these guys have a plot. I wonder how many of them are ex-Novell, IBM, Sun, Unix people that simply have nothing better to do. Is there a risk? To some extent I would agree that this could be a problem. However, there are many other critical infrastructure components that could cause much more damage and much faster than by crashing my computer by breaking Outlook on me. My question to them is what specifically do they suggest other than not buying big bad Microsoft's products.

Microsoft to Release New Version of Office

Microsoft will be releasing Office 2003 on October 21st. The new Office System as Microsoft is calling it, will include upgrades to all the current modules including Word, Excel, Powerpoint, Access and Outlook. It will also for the first time have two new modules available.

Infopath is a new Office 2003 module that allow users to create and share XML based forms. It is a very powerful form tool that integrates with other products that conform to the XML data format.

OneNote is a new application that allows users to store and retrieve information in a notebook metaphor. Notes can be taken via the keyboard, handwriting, voice recognition or any combination of methods. Searches can be performed on keyboard and handwriting text.

I will post pricing and more information on Microsoft Office 2003 here soon.

Preparing For Isabel

At this point it looks like we won't see much of Isabel here in Connecticut. There will be rain and pretty good winds probably starting around midnight Thursday and continuing through mid-day Friday. I would think the most we might see are some power outages and possibly some wind and water damage. As most of this will be happening during a business day, I don't think any special precautions are necessary. Of course things can change.

It's always a good idea to make sure you have an off-site backup and that the tape can actually be read back. If the power does go out in your area, I would advise that at the very least you make sure any power switches on equipment are in the off position. I would actually prefer that as much equipment as possible be unplugged from the wall during a power outage. Most of the problems that occur with power outages occur when the power comes back on. The potential initial surge is the problem. If you have areas that normally flood you should move equipment out. If an area does flood and you have equipment still there be extremely careful if you try to move it, electricity and water do not mix well! It is better to leave it until you can be sure the power to it is shut off.

Over all I don't expect to see many problems here. Unfortunately, I can't say the same for the mid-Atlantic coast. Call our office if you have any questions about this storm and your IT equipment.

E-Mail Virus Fall Out

Even though there is no single major virus running around (as far as we know) at the moment, we are still seeing left over problems from the rash of viruses of a couple of weeks ago. The amount of new virus activity in the last month is just amazing. Click here to see Symantec's current list.

But the fallout can be even worse. We are getting calls from Clients that are getting e-mails bounced back to them as undeliverable for various reasons. After investigating the situation we found that their domains have been blacklisted by services that are supposed to provide ISPs with domains that are suspected of being spammers. The problem is that our Clients are not spammers. How does this happen? Well, let's say one of our virus friends gets let loose on a workstation. This workstation is on the North Pole. The owner of the workstation has 1500 names in her e-mail client (Outlook of course!). The virus picks one lucky address (mine of course) and sends itself to every other e-mail address in Outlook as well as any other e-mail addresses it can find on the workstation. These e-mails are sent from the lucky address (mine). The Blacklist Services detect this mass mailing and in order to help justify the cost of subscribing to the service, add my domain to the blacklist. Note that this message was never sent from me or from anyone in my domain. However, that doesn't matter. My domain is added. Now I send a message to my lovely wife and it gets bounced back to me saying the user doesn't exit. After looking at my wallet photos to verify that I in fact have a lovely wife I start scratching my head. There are many problems here. First, the message being sent back to me does not say I am on a blacklist. It tells me the user doesn't exist, which sends me down the wrong path to try to resolve the problem. Next, some of my messages will go out and some will not. This simply depends on whether or not the receiving e-mail host subscribes to the Blacklist Service that has me blacklisted. It's a pain in the a.... neck!

While the Blacklist Services are meant to be helpful as a deterrent to spam, they in fact can be more of a problem then they are worth. Although you can get removed from these lists, it is a pain and can take some time. In the meantime the spammers already know about the Blacklist Services and are way ahead of them. What is the solution? I wish I knew! However, some basic changes to Internet E-Mail and browsing are need to insure that these problems can not exist. Internet e-mail must be reliable and secure before it can really be used for business critical processes. Until then we will still need to use the good old telephone to call and make sure the intended recipient received our e-mail!

Norton AntiVirus 2004 Released

The latest version of Norton AntiVirus has been released. The latest version includes several tweaks of the 2003 version and for the first time requires Product Activation. Product Activation is a technology being used by more and more software vendors to help prevent software piracy. When Norton AV 2004 gets installed you have up to 15 days to run the activation process. If the product is not activated it will stop working. The process of activation combines a unique software key included with the program with certain hardware details of the computer it is installed on to create an activation code which is then embedded in the program. At that point the original program CD can not be used to install the program on another computer. If you change certain components of your hardware configuration or buy a new computer you must reactivate Norton. Currently, you can reactivate up to 5 times.

Product Activation is used by many vendors including Microsoft. I don't really have a problem with it as long as; 1. It is fast and easy to do, both initially and for reactivation. 2. No personal information is gathered from the workstation and transmitted during the process.

Intuit tried Product Activation on their TurboTax product last year and took a lot of heat for it. They have now announced they will remove it this year. It seems many customers said they would rather use another product rather than activate. McAfee has released their latest version of their AntiVirus product and for now it does not require activation.

Sobig.f Virus Causing Major Problems

This has not been a good couple of weeks for the Internet! First it was the Blaster virus, then a major power outage, then the Welchia (Good Guy) virus, and since Tuesday the sobig.f virus. These things have caused major e-mail issues for almost everyone that owns a computer. The sobig.f virus is now the most distributed virus ever. Previously the Klez virus held that title. Klez was detected 250,000 times in the first 24 hours. Sobig.f was detected over 1 million times in the first 24 hours. Currently, 1 in 17 emails is a product of sobig.f. It is expected that sobig.f will cause a 60% increase in Internet e-mails.

The real sad part about this is that this is your common every day attachment virus. Users that open the attachment trigger the virus immediately. Yes, the email can look like it came from someone they know, however the body of the message and the attachment names are pretty obviously fishy to say the least. Users should be able to smell the fish!

We are handling several calls a day with email related problems. Some people can't get there e-mail reliably while others can't stop the flood of infected emails hitting their mailboxes. Neither victim is happy!

There is a whole list of things that can be done to try and minimize the affects of these types of viruses. The most important being user education (I know I have said that 3,345 times before) and keeping your virus software up to date (3,128 times). For a more detailed list specific to your business contact us. I've thought about carrier pigeons but I think attachments would be a problem.

New Viruses Listed on Symantec's Website

8/18 = 8
8/19 = 3
8/20 = 5
8/21 = 3 (so far)

Educate Users (3,346) and Keep Virus Software Up To Date (3,129)

Blaster/Lovsan Virus Update

This virus and its variants seem to be under control. The last number I have seen is that at least 225,000 computers were affected by this virus. Both McAfee's and Norton's current virus definitions are dated 8/13/03. McAfee's is 4284. If you are using the FixBlast program to clean infected machines it is now at version 1.0.4 dated 8/14/03.

This will be the last update for this virus. We are all probably happy to see this one go. I was going to create a "What We Have Learned" summary yesterday however, I was finding it hard to type in the dark. At this point I am getting ready to go on a bike tour of Martha's Vineyard and prefer to leave all this behind for a day or two. I will post the summary on Monday.

Hosting Update

It appears that most of the T1 lines our hosting company is using are back on-line. E-Mail and Websites have been operational since about 7:05am. I suspect we will see intermittent issues all day today and possibly throughout the weekend.

Realize that if you are having problems sending or receiving e-mail the problem could be at your side or the other person's side. Have patience and don't forget you have a phone and a fax.

Power Outage Still Causing Problems

Oh! by the way there is a major power outage going on! Our area lost power for about 4 hours last night. Power is back on here and we seem to be OK. However, many parts of the Northeast are not as lucky. It appears several major areas will be without power for some time to come.

Our office has full power and Internet access. However, the Internet itself is limping along. Our e-mail and web hosting company is up and running but the T1 lines going to them are not. Therefore websites and e-mail postoffices are not working. As of 5:00am a telco crew was on-site and we are hopeful they will correct the problem(s) soon.

This is the same for many sites on the Internet. I would expect that Internet e-mail will be spotty at best today. You may see no problems or you might be totally down depending on where your particular connection gets routed through.

This will be the same for phone calls. If you are calling someone in New York City you may not get through!

All I can say is this has been a tough week. TGIF

Don't Forget Those Remote Computers!

I was just reviewing our support calls for installing this update for our Clients and found a very important note on one of them (thanks Kim) that I thought would be useful to remind everyone of. If you have remote laptops, workstations, locations connected by VPN, Frame Relay, etc., it is extremely important that these locations are updated with the patch and the latest virus definition files. We have several calls from remote salespeople that have actually caught the virus while connected to the Internet via a dial-up connection. In fact this is the number one method of infection for our Clients at this point. While the fix is simple, this remote device if connected to the home office through a VPN or other type of connection, could infect the home office devices if the patches are not installed on them. It is not unusual for home based offices to have a DSL or Cable Internet connection with either no firewall or an improperly connected firewall. When evaluating your security and disaster recovery issues always consider these remote devices. What can not be seen CAN hurt you.

How To Tell If The RPC Patch Is Installed

I thought it might be useful to know how to tell if the RPC patch (Microsoft Security Flaw Patch) has been installed.

Open Control Panel (Usually Start-Control Panel). Then select Add/Remove Programs. A list of installed programs will appear. If the proper file listed below is shown the patch has been installed on this machine.

Windows 2000 (Server or Workstation)
Windows 2000 Hotfix KB823980

Windows Server 2003
Windows Server 2003 Hotfix KB823980

Windows XP
Windows XP Hotfix KB823980

Windows NT 4.0 (Server or Workstation)
Windows NT 4.0 Hotfix (See KB823980 for more details)


If these items do not appear you MUST get the patch installed! Remember that there are no patches for Windows 95/98 and ME doesn't seem to exist.

Think The Fun Is Over?

As is usually the case with a virus that has some success, (Estimates are that MSBlast/Lovsan has infected over 100,000 computers) the copycats come out. There are two new variants of this virus and just to make things interesting 2 more viruses have appeared and are gaining some momementum.

The key to avoiding the MSBlast/Lovsan type of virus is to install the Microsoft RPC patch. In addition both Norton and McAfee have updated their virus definition files. Norton 8/13/03 McAfee 4285 8/13/03. Everyone should not only update to these versions but should also keep their eyes on the update sites as I expect there will be several updates over the next several days.

One of the new viruses is an email that claims to offer a free Microsoft Security patch (and I bet you thought hackers weren't opportunists). When the attachment is opened several things happen (one of which is critical system files are deleted from the workstation at some date in the future). Check our website for more details on this virus.

MSBlast/Lovsan Virus Update 3

This virus is continuing to spread but is slowing down as measures are being taken. Another piece of the virus is that is is programmed to attack the Microsoft Updates Website on Aug 16th and then several days after that. The object of this piece is to attempt to cripple the update site. Machines that are infected and have not been cleaned will start sending streams of requests to the website. Because of the potential number of machines doing this at the same time the site might become slow or even crash. Microsoft is well aware of the issue and says they are ready.

If you have not applied the Windows patches yet do it now! This is only the first of possibly many attacks that will use this method of intrusion. The patch files can be found here. Remember that your home machines need the update as well.

Check back tomorrow for my "What we have learned" comments.

MSBlast/Lovsan Virus Update 2

Nothing really new with this thing. However, some precautions that should be taken:

1. Make sure all machines have the latest anti-virus data files. These files should be dated 8/11/03 or newer. Physically make sure these files are installed. It would be prudent to do a full scan of each machine once you have verified the latest data files are installed. This does not fix the underlying problem, it only detects these versions of this exploit.

2. If a workstation shuts down by itself with or without an error message, disconnect the workstation from your network immediately. The machine needs to be determined to be clean before reinstalling on the network. This one machine if infected, will infect other workstations almost immediately if left running on the network.

3. Get the Windows Patches installed!

MSBLast/Lovsan Virus Update

As of this morning both McAfee and Norton are indicating that these viruses are probably the same with some slight variances. They are also suggesting that in addition to blocking TCP port 135 and 4444, that firewalls also block UDP port 69.

Once the virus infects one machine via the Internet that machine becomes a host and starts scanning machines on the inside of the firewall and infects those machines that have port 135 open and do not have the MS patch installed.

The virus also performs a DOS (Denial of Service) attack on the Microsoft Update website which is intended to prevent users from downloading the patch.

There are still components of the virus that they are trying to figure out the purpose of. Although this virus seems to be more of a pain in the neck than anything else, the possible variations of this type of attack are enormous. Get your machines patched!

Windows Security Flaw Being Exploited

The anticipated exploit of a flaw in one of the Windows functions called RPC (Remote Procedure Call) has begun. This flaw basically allows a hacker to be able to gain full control of a workstation or server that has not had a patch that has been provided by Microsoft installed. This is a very serious threat! All workstations and servers should have the patch installed. In addition, ports 135 and 4444 should be closed on firewalls and the latest virus definition files should be installed. More information can be found on our website.

More information on the Windows RPC flaw can be found on the Microsoft Site.

Microsoft Office 2003 Getting Ready To Ship

Microsoft is getting ready to ship Office 2003 within the next few weeks. Office 2003 includes a bunch of UI (User Interface) enhancements and some new functionality under the hood. Microsoft is continuing to add collaborative functionality to the Office products as well. Click Here for some detailed information on the differences between Office 2003 and previous versions.

I have been using Office 2003 for a few months now and really like the changes I have seen. Outlook has many enhancements including some pretty good built in spam filtering. There are several other features that enhance the security of your workstation. There is even a first pass at DRM (Digital Rights Management). This technology allows you to create documents that can't be forwarded, edited or copied by unauthorized users. This will be a very useful tool for most businesses. If you are currently using Team Services, Sharepoint Services, or Sharepoint Portal Server, Office 2003 adds more functionality and ease of use.

Overall I think Office 2003 is a good upgrade. If you are running Office 97 you should definitely consider the upgrade. If you are running Office 2000 I believe it is still worth a serious look. If you are running Office XP I don't think it's worth the upgrade unless there are some specific functions that you can't live without.

Microsoft Ends Support of Windows NT Workstation - Windows 98 is Next

Microsoft has ended support for Windows NT 4.0 Workstation. This product will be 7 years old on July 29. Support for Windows NT 4.0 Server will end on December 31, 2004. However, service packs and non-security related hotfixes will no longer be produced after December 31, 2003. Support for Windows 98 is scheduled to end on January 16, 2004.

What does this all mean? In the short term not a lot. The biggest concern is that security hotfixes will no longer be produced for these products. This will leave networks with potential security holes. Most end users do not contact Microsoft for operating system support, so this really won't affect them. However, over the longer term these products will no longer support technologies as they become available. Hardware vendors will no longer create drivers for these products to allow their hardware to run in these machines. For instance, you will not be able to install the latest and greatest video card in your workstation if the current one fails. Over time getting the older products that will run in these older systems will become difficult if not impossible.

The most critical concern of course is with servers. Your data becomes highly at risk on a server with an obsolete operating system. Should the server fail, at the very least there may be substantial down time while the older hardware items are hunted down and at the worst you may not be able to get the server back up!

This does not mean to panic. There is still time. However, if you are running Windows NT 4.0 or Windows 98 on your workstations it is time to begin looking at upgrading them as soon as you can. If you are running Windows NT 4.0 or earlier on your servers it is now time to begin evaluating what will be involved with moving to a new server environment.

Want to know what's involved and what the benefits of moving to a newer operating system are? Give us a call!

Hacker Contest Threatens Websites This Sunday July 6

The Federal Government is warning of a hacker contest that is set to run for 6 hours on Sunday July 6. The goal of the contest is to deface 6000 websites within the 6 hour period. Most of our customers would not be affected by this type of attack as they do not host their own websites. However, I would suggest that everyone verify that their web developer is taking precautions and that the website is backed up.

The object of website defacing is to make changes to web pages. The payoff for the hacker is usually nothing more than bragging rights.

'Do Not Call' Registry Jammed

If you had trouble trying to enter your phone number in the Do Not Call registry, your not alone. On Friday, June 27 when the registry opened 7 million names were entered into the list. 85% of those were done through the website. Between the hours of 6pm and 7pm on the 27th, 158 numbers per second were being entered in the system. I tried the site today and was able to get in without a problem.

I'm thinking about a new class offering... "Spam made easy for the unemployed Telemarketer"

www.donotcall.gov