A rootkit being spread through AOL's popular instant messaging client and AOL chat rooms.

Bundled within the previously identified W32/Sdbot-ADD worm, the lockx.exe rootkit file is installed when users click on the file link within the IM window. Though neither the worm nor the rootkit file are new, it appears to be the worm's first foray into the AIM (AOL's Instant Messenger) network. What's more troubling is that rootkits haven't previously been spread via IM.

Attackers can automatically pass the worm along to users on the Buddy List. Additionally, the rootkit can shut down anti-virus software, alter the users' search page, run CPU usage to 100 percent and automatically download unwanted programs such as 180Solutions, Zango, MaxSearch and others.

After watching Qrio dance, there is no doubt Sony is not just playing with toys here.

According to the WebWatch report, released Wednesday, 80 percent of all American Web surfers are at least somewhat concerned about the threat of identity theft posed by engaging in online activities.

As a result of those concerns, at least 30 percent of the 1,500 people interviewed for the survey said they have reduced the amount of time they access the Internet.

In addition to going online less frequently, 53 percent of the respondents told WebWatch that fears of ID theft have stopped them from giving out their personal information to Web sites and online marketers, while 25 percent said they are no longer purchasing items from e-commerce sites.

Americans are also increasingly skeptical regarding images they find on the Web, with 47 percent reporting that they have viewed what they believed to be manipulated pictures online. Despite that trend, 67 percent said they trust online news sites to use genuine photographs.

While this data is concerning to anyone who owns a web based business. The upside is that it appears that many people are becoming more savvy. With this the first reaction is of course to simply avoid all on line transactions. It is clear that with doubt that everything you see or read might not actually be true. Let's hope that people will learn that going out in town can be equally dangerous. Where ever your credit card is handed to someone who walks to the register with it the same dangers of the web are also present.

Some level of paranoia is a good thing to protect your identy from theft. Making informed decisions about when to offer their trust to a specific web business is very important. I personally like the injections about blogging web sites being untrustworthy. It would seem that the people are smart enough to form their own opinions.

The Measurement Factory has conducted two surveys of Internet-connected domain name servers (DNS) on behalf of Infoblox. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details.

The survey results revealed that many organizations often disregard these critical systems, which perform the functions necessary to make their presence available and accessible on the Internet. The Internet Systems Consortium's BIND software, which performs the domain name resolution function, is often out of date, opening the door to malicious attacks. And, the systems are sometimes mis-configured, potentially compromising network availability.

Following is a summary of the significant survey results:

There are an estimated 7.5 million external DNS servers on the public Internet

Over 75% domain name servers (of roughly 1.3 million sampled) allow recursive name service to arbitrary queriers. This opens a name server to both cache poisoning and denial of service attacks.

Over 40% allow zone transfers from arbitrary queriers. This exposes a name server to denial of service attacks and gives attackers information about internal networks.

In almost 33% of the cases, all authoritative name servers for a zone were on the /24 same subnetwork. This leaves network open to accidental and deliberate denial of service attacks.

Only 60% of the name server records delegating each zone matched the intrazone name server records . Mis-matched records may decrease the number of servers available for resolution, reduce redundancy, increase load, and leave a zone susceptible to denial of service attacks.

57% run the most recent, secure versions of BIND (9.x):

For more information, a press release and reports including methodology, complete results and all findings are available.

Press release Report: June 2005 Report: April 2005

October's round of patches proves how easily people become gun shy about going to get these patches first. Microsoft must understand that these slip ups like October produced makes people take a wait and see approach again. This simply is not in the best interest of MS, making people apprehensive about patching their machines.

While I have read MS position on the first error with MS05-051 the excuse that these things are complex. They went on to explain that we have a difficult job matching the time to deliver the fix against any possible errors. While this is complex for MS; imagine what it is for your mother or grandmother who has no idea what MSDTC is and why they need it, or want it in the first place.

Only a "limited" number of customers have been affected by this problem, and customers who received Update MS05-050 automatically or who correctly followed the steps in Microsoft's security bulletin won't be affected, Microsoft said. More information about the problem can be found here. 

In addition, there has been a significant increase in computer scanning activity -- apparently by hackers looking for targets to attack once an exploit becomes widely available. If you run Windows 2000, you should be very concerned.

The search engine Jux2 has put itself up for sale on the auction Web site eBay, a sign of the times for the hyper-competitive search industry. Winning bid: US $101,100.00

Why are we selling? We started jux2 in our spare time as a research tool to answer questions we had about search. jux2 succeeded both as a research tool (generating thousands of searches per day and providing rich data that answered our questions) and with the search cognoscenti. We felt honored to receive critical acclaim and favorable reviews from many power searchers. To do justice to the opportunity ahead of jux2 would take more time than any of us has right now. So, we’re hoping this auction will put jux2 into the hands of someone who can take it to the next level.

Buying jux2 is a great way to get into the rapidly growing Internet search industry. This auction’s winner will receive sole ownership of a fully operational meta-search engine, including the following:

• The software code running the jux2 meta-search web site

• Written instructions on how to maintain and add to the code

• The graphic files for updating the UI (including a design for adding a fourth search engine)

• The legal rights to the jux2 brand name

• Ownership of the www.jux2.com URL

The winner will not receive any of jux2’s physical assets. You’ll need your own servers, hosting facilities, etc. Also, in the future, we cannot guarantee jux2 will have access to search results from Google, Yahoo, and other search engines. You’ll have to negotiate your own search result access deals.

The first variants were detected after midnight on Thursday and ESET's ThreatSense(TM) technology immediately stopped a new variant of the Sober family of worms, once again underlining the need for proactive protection. ESET's NOD32, a unique anti-threat solution, uses advanced technology, which employs heuristic analysis to detect malicious threats in real-time.
   
   Win32/Sober.R, a part of the Sober family, has a highly-encrypted piece of code that attempts to terminate security software cleaner tools, such as McAfee's Stinger. The worm tries to remove old versions of the Sober virus and in scanning for specified files, can cause the machine to slow down significantly. Sober.R arrives as a .zip file attached to emails written in English or German. The worm can detect regional domain names, which determines the language of the message. Using its own SMTP engine, Win32/Sober.R sends mass-emailed copies of itself to additional email addresses. The message sender is spoofed and the message body may be 'signed' by the names Rita, Sandra, Nicole, Hannelore, Kerstin or Elke.
   
   "The author of the Sober worms is very aware of the AV industry, as this variant appeared during the Virus Bulletin conference in Dublin," said Andrew Lee, chief technology officer of ESET. "It may be that the author is trying to maximize the amount of time before detection by releasing at a time when a significant portion of the antivirus industry is tied up at a conference. However, ESET customers were protected from the Win32/Sober.R worm in real-time due to our powerful, ThreatSense heuristics." 
    
 ESET is providing a free remover for the Win32/Sober.R worm, which can be downloaded at www.eset.com.

Intel Corp. is shipping Xeon server multiprocessors with dual core.

The new dual-core Xeon chips for two-processor servers promise up to a 50 percent improvement over systems with two single-core processors, said Shannon Poulin, director of product marketing at Intel's Server Platform Group.

Both Intel and Advanced Micro Devices Inc. launched dual-core chips this year as a way of gaining performance while controlling power consumption. AMD initially focused on servers while Intel started with chips for desktop computers.

As a result, the new Xeon is arriving about six months after AMD's dual-core Opteron chip made its debut.

Intel's chips will benefit from an ability to handle two tasks, or threads, at once using a technology called Hyper-Threading. As a result, a two-core Xeon chip in a two-processor server can execute eight threads.

Last month, Microsoft issued no new security bulletins as part of its monthly update.

This month, though, the tune has changed, as nine patches are on tap, some of them rated as "critical." According to reports, Windows XP itself may also be getting a Service Pack 3 release in 2006.

True to form, Microsoft is vague in its advance bulletins about patches and has not disclosed the specific issues that will be addressed. Eight of the issues set to be patched will involve Windows, and there's one that specifically affects Microsoft Exchange.

Internet Explorer is among the Windows applications that are likely to be patched. Security firm Secunia reports that there are numerous unpatched vulnerabilities in IE. Among them is the "XMLHTTP" HTTP Request Injection vulnerability which "can be exploited by malicious people to manipulate certain data and conduct HTTP request smuggling attacks."

Great Britain's Cable & Wireless and Sweden's Telia are viewed by experts as the most likely suitors for the U.S. assets of bankrupt carrier PSINet. While Canadian carrier Telus signed a letter of intent with PSINet to acquire all of the fallen carrier's assets in that country, no buyer has yet emerged for any of the U.S. assets — mainly the company's backbone and Web hosting facilities.

Events following PSINet's Chapter 11 filing suggest that those assets will be significantly devalued by the time any offer materializes.

Last week, Cable & Wireless temporarily disconnected from PSINet's pipes, claiming that PSINet is not holding up its end of their peering bargain, which calls for equal bandwidth exchanges. "We notified PSINet 60 days ago that we have seen a precipitous drop in the amount of traffic hosted in the network, the flow becoming unequal," said Chad Couser, a spokesman at Cable & Wireless.

The move is a prelude to PSINet's loss of tier 1 status for its backbone, a somewhat nonscientific category applicable mostly to large carriers that barter their long-distance Internet Protocol traffic. If PSINet can't peer with Cable & Wireless as an equal, its traffic requirements are likely not up to par with other backbones, which means it would have to buy transit from larger carriers.

It's likely that the move could cost PSINet some big customers such as EarthLink, which buys PSINet's wholesale dial-up service. EarthLink's connection with PSINet was down for two days recently before being restored, with PSINet signing a letter of intent saying it would meet Cable & Wireless' peering criteria by increasing traffic flows.

Cable & Wireless itself has been pegged by many in the financial community as a potential acquisitor of PSINet assets. Another potential buyer is Telia, which put together a bid on ZipLink's backbone last year, according to financial industry sources. Another potential buyer of PSINet assets is U.S. up-and-comer Velocita. UUnet founder Rick Adams is also rumored to be interested in the company's Web hosting assets.

Network operator Cogent said Friday that rival Level 3 "has taken the necessary actions" to once again carry its customers' Internet traffic, a sign that days old service disruptions for a significant number of Internet users are over, for now.

It has been reported, Level 3 Communications, has since Wednesday refused to make room for traffic from rival Cogent because of an ongoing dispute about financial arrangements. The nasty turn has disrupted Internet service for a significant number of cogent customers since about Wednesday.

On Friday afternoon, Cogent said Level 3 has restored all peering connections. Level 3, in a statement, said it's done so in order to let Cogent customers make alternative arrangements. "We will maintain this connection until 6:00 a.m. ET, November 9, 2005," Level 3 wrote in a statement.

The apparent turn for the better in the spat follows an outcry for the U.S. government to regulate traffic-swapping arrangements between major communications providers.

These agreements, as the experiences of the last few days shows, are so key that they can bring Internet traffic to a halt for significant amounts of people. Critics contend that more of these spats between operators will erupt, cutting off even more people.

Such spats also highlight arguments from a number of European governments that are calling for the United States to relinquish its unilateral control over Internet governance, in favor of a new body. The United States opposes the changes.

In the beginning telecom firms who owned the fiber optic networks didn't like the idea of selling their services as a commodity. Some made the case that not all networks perform equally well. In addition, most preferred to negotiate prices with customers, rather than be stuck with a one-size-fits-all pricing scheme.

"Carriers have never been big fans of bandwidth trading, because honestly, "They want customers to be confused about pricing."

There's just too much capacity out there and too little demand." On average prices for bandwidth have declined between 30 and 50 percent in the last 18 months. On certain key routes, the freefall is more pronounced. According to RateXchange's Samuels, for example, the price of a standard contract for carrying data traffic between New York and London has declined from $30,000 to $5,000 over the past nine months.

Bandwidth sellers also fear they may have much to lose by dumping excess capacity at bargain prices on an open exchange. One concern is that customers who paid more for the same contract when prices were higher may come back demanding discounts.

Admittedly few ISPs and telecom firms want to use a commodity-style exchange to sell contracts. Deals tend to be negotiated over the phone, often with a broker who gets a fee for arranging the transaction.

Eventually bandwidth will be sold through a commodity-type market, it won't happen overnight. Latest estimates are that it will take three to five years to develop a healthy and viable business for trading bandwidth contracts.

Blog Search is Google search technology focused on blogs. Results include all blogs, not just those published through Blogger; their blog index is continually updated, so you'll always get the most accurate and up-to-date results; and you can search not just for blogs written in English, but in French, Italian, German, Spanish, Korean, Brazilian Portuguese and other languages as well.

There are a few different ways you can get to Blog Search:

• blogsearch.google.com (Google-style interface)
• search.blogger.com (Blogger-style interface)
• The Blogger Dashboard

An Internet security specialist says a new threat forces computers to install faked Google software, which then goes phishing. Phishing is where e-mails, IM (instant messages) or Web sites parody a legitimate company, and try to get users to provide personal information or financial account numbers and passwords.

The latest cases involve bogus Google software spread via IM, and appear to be a variety of the infamous CoolWebSearch phishing scheme, according to Foster City-Calif.-based FaceTime Security Labs. CoolWebSearch has never been spread via IM before.

In the recent cases, IM users unwittingly download a rogue tool bar, which is installed on a Web browser and provides easier access to an Internet search provider.

The only working feature on the fake Google Toolbar saves credit card details, according to Christopher Boyd, the security research manager of Foster City, Calif.-based FaceTime Security Labs. A bevy of others, including one to "enable pornographic ads," do not work.

IM is increasingly a target of phishers, as the latest attacks show. "Full Article"

W32.Sober.Q@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German. It has been reported that it may arrive as one of the following files and that inside the ZIP archive is a file named PW_Klass.Pic.packed-bitmap.exe:

• KlassenFoto.zip
• pword_change.zip

• Also Known As:	CME-151, Sober.Y [Panda Software], W32/Sober.r@MM [McAfee], WORM_SOBER.AC [Trend Micro]
  Type:	Worm
  Infection Length:	Varies
  Systems Affected:	Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

This 2.5" Pocket size Aluminum External Hard Drive Enclosure Case is a portable storage drive case that incorporates USB 2.0, 1394 Firewire & Serial ATA interface! The hot-swappable Plug and Play feature gives anyone great convenience on the road or when using the drive with different computers. We have priced this enclosure for as low as $15.95 and the disk a WD 400UE 2.5 40 gig @ $65.00 or a 60 gig WD 600UE @ $76.00.

In our opinion this is a great combination for any portable remote storage and at this cost it is outstanding value.

Google Inc. took a step toward challenging Microsoft Corp.'s dominance of computer software with the announcement Tuesday of a collaboration agreement with Sun Microsystems Inc.

The move could lead to Google offering next-generation word processing, spreadsheet and collaboration tools that would take on Microsoft's industry-leading Office suite of software.

But for now its significance may be mostly as a symbolic shot across Microsoft's bow, signaling Google's intention of attacking the world's biggest software company head on.

This does not seem to be enough to be a Microsoft Killer. I still feel the company in the best position to take on MS, as if we have to kill the giant would certainly be Apple. I still like windows XP it is a fair priced OS. It does everything I like to do very well. It is for the most part very stable in light of the fact that the entire world is trying to beat it up.

If Apple tomorrow said, we have tested Tiger and you can now install it to any Intel based computer. This would be a serious change in the game.

Scott Hanselman posted a great tutorial for hooking a web cam to Dotnet. I personally found the entire concept a fun weekend adventure.  To read the article "Click Here".

Scott Hanselman is the Chief Architect at the Corillian Corporation, an eFinance enabler. He has twelve years' experience developing software in C, C++, VB, COM, and most recently in VB.NET and C#. 

The U.S. Patent and Trademark Office has rejected two key Microsoft patent applications relating to its File Allocation Table file system. But Microsoft officials still hold out hope that the company ultimately will succeed in the quest to patent FAT.

Microsoft officials said their reaction was upbeat because the USPTO did not reject the patent applications on the basis of prior art claims. In fact, according to David Kaefer, Microsoft's director of business development, the USPTO ruled in Microsoft's favor on all of the FAT prior art claims, including the prior art submitted by Pubpat.

If Microsoft successfully commercializes its six FAT patents—we attacked the oldest and narrowest of them—as it is trying to do with hardware manufacturers like those of flash cards and digital cameras that format such file systems manufacturers, then it could be possible for Microsoft to argue that anybody using a free software system that reads and writes to the MS DOS FAT file system also has to pay a royalty.

Microsoft claims it developed FAT in 1976. FAT has become a ubiquitous format, used for data storage and data interchange between computers and digital devices such as cameras and USB memory sticks.

Can't we all just get along?  With all the data from a recent Bagle outbreak, and most of the identifications are just Bagle, but they're almost all different specific variants.  The confusion this causes, and specifically look at the three big anti-virus companies: McAfee, Symantec and Trend Micro use names bearing no resemblance to each other.

In the heat of a malware outbreak there is usually a lot of confusion about what variant of what worm is involved? Is it just a new variant or a completely new worm? Inconsistencies between vendors about variant indices and virus names add to the confusion.

Larry Seltzer wrote a couple articles on the topic and I am in total agreement. One can only guess at how confused a novice home user is by all the naming issues.

Many times I get this php question; How do I use a different mail server than is mentioned in the Php.ini to send mail from a web site form?

The simple way is to have something like this included as part of the doc. By placing this at the top of the doc you can define it to your php scripts. A special note though many hosts use a internal relay server as a preferred. This is due to the fact that they force authentication in order to send mail from their mail servers. You may wish to check with your web host to make sure if this does not work. They would typically give you the name of the internal relay server that would handle this outbound mail. This would go into the field "mail.domainname.com".

ini_set('SMTP', "mail.domainname.com");
ini_set('sendmail_from', "noreply@domainname.com");

Web browser developer Opera Software has permanently removed the ad banner and licensing fee from its Web browser, focusing instead on creating revenue from integrated search functionality.

"It feels good to be able to do this, because we think it will give users a better experience," said Opera communications director Tor Odland. "For us, it will help us increase market share and make ourselves available to those outside the technological world."

"It's an excellent time for browsers that are an alternative to Internet Explorer," Odland noted. "We're joining Firefox in the crusade to win IE users."

"At one point, Opera had the room to eat away at IE's market, but it could be that now it's too late," he said. "Adoption with Firefox is slowing as the early adopter crowd is drying up. That means Opera and Firefox will have to compete for the mainstream, where there are fewer converts available for alternative browsers."

In addition to its model change, Opera also noted that two security vulnerabilities reported by Secunia on Tuesday have been patched in the most recent browser, Opera 8.50.