Microsoft Offers Reward for Information on Rustock Botnet

In a further move against international cyber criminals, Microsoft has offered a reward of $250,000.00 reward for information that results in the identification, arrest and criminal conviction of those responsible for controlling the notorious Rustock bot-net.

Microsoft says that IP address infections of Rustock have reduced by more than 50% worldwide since the company took action in March. Microsoft took the infamous Rustock botnet down earlier this year alongside U.S. enforcement agents, and claims that it remains dead.

The Rustock botnet was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. The take down was part of Microsoft’s fight against illegal botnets, designed to stop the spread of malware and spam mail.

Anyone with information on the Rustock botnet or its operators should contact Microsoft at avreward@microsoft.com.

To find out more about Microsoft Offering a Reward for Information on Rustock Botnet, click here to see the post on the Official Microsoft Blog.

If you have missed previous TechCo Support posting about the fight against the menace of Botnets and the progress of the Microsoft Digital Crimes Unit please see:

Microsoft Reward Document

Add a Mac Mini Server to your network

Have you ever considered adding a Mac server to your gadget collection, but were afraid of the hassle? Does your Mac work group need a server to share essential resources like your media library, without cluttering up your individual machines? Have you ever wondered if you could set up a Mac server to control your Mac work stations?

Well the answer may be to get yourself a Mac Mini, preloaded with Snow Leopard Server. You can buy one of these little dynamite machines for less than £900 including VAT in UK, or $950 US, and be up and running in less than an hour. The standard Apple Mac Mini Server comes with a 2.66GHz Intel Core 2 Duo processor, 4 GB RAM, and two 500 GB Hard drives as standard, with a Geforce 320M graphics adapter, and of course Snow Leopard Server 2 installed.

Be warned, however, that this machine does not include an optical drive, as does it’s client cousin, or a keyboard or mouse, and you will need your own display. It does have two graphics ports, a HDMI port, with an included HDMI to DVI conversion lead. It also includes Wi-Fi wireless networking (based on 802.11n specification; 802.11a/b/g compatible), Gigabit Ethernet wired networking (10/100/1000BASE-T), Bluetooth 2.1 + EDR (Enhanced Data Rate) for connecting with peripherals such as keyboards, mice and cell phones, and four USB 2.0 ports and a FireWire 800 port. Not bad in such a tiny form factor!

If you want to use a VGA display you can buy an optional adapter Mini DisplayPort to VGA adapter, which allows you run up to 2560-by-1600 resolution. Please note that the Mac Mini Server has a Mini DisplayPort, not a Mini DVI port, so you need an Apple MB572Z/A Mini Display Port to VGA Adapter cable, or equivalent. See the link below for a suitable product, or contact Apple.

The setup is quite simple, with a Mac quality Assistant to guide you through the process. One note of caution is offered here; if the server you are setting up will serve as an Open Directory Master and DNS server, you should not set up a new Open Directory domain until you have read and understand the implications. One of the pitfalls of simply walking through Mac OS X Server’s automatic Server Assistant tool, is that the Assistant offers you the option of setting up a new Open Directory domain. This can cause problems if the server you are setting up will serve as an Open Directory Master and DNS server. See Understanding Mac OS X Open Directory later for more information.

Another thing to be aware of of if you are a hands on person and just want to get going. Make sure you have the server software serial number cards that are essential during the setup process! That is one of the first things the Server Assistant requires, and if you have thrown away the packaging in your enthusiasm to get going, you will have a problem. Not that anyone we know would have done that, you understand!

In use, the Mac Mini Server runs cooler that the client version with its built in internal optical drive. Is seems that the internal optical drive generate most of the heat in a Mini, while the disk drives generate very little, which contributes to the heat savings claimed by Apple. As a benchmark, a Mini with Snow Leopard Server should handle a work-group or small business of 25 users with a bit of room to spare.

For the corporately minded, who like the server bolted into a 19″ rack, there is even a nifty little attachment you can buy, which allows two Mac Mini Servers to be secure in a 1U rack mounted enclosure. Neat!

Further reading about Mac OS X server:

Microsoft Floors The Coreflood Botnet

With headlines like “More Than 2 Million Computers Infected with Keylogging Software as Part of Massive Fraud Scheme”, the U.S. Department of Justice (DoJ) and Federal Bureau of Investigation announced the filing of a civil complaint, the execution of criminal seizure warrants, and the issuance of a temporary restraining order as part of the most complete and comprehensive enforcement action ever taken by U.S authorities to disable an international botnet.

The U.S. Attorney’s Office for the District of Connecticut has filed a civil complaint against 13 “John Doe” defendants, alleging that the defendants engaged in wire fraud, bank fraud and illegal interception of electronic communications.

The Coreflood botnet is a particularly harmful type of malicious software that records keystrokes and private communications on a computer. Once a computer is infected with Coreflood, it can be controlled remotely from another computer, known as a command and control (C & C) server.

Interestingly, the US Government also obtained a temporary restraining order (TRO), granting authorization to respond to signals sent from infected computers in the United States in order to stop the Coreflood software from running, thereby preventing further harm to hundreds of thousands of unsuspecting users of infected computers.

Essentially the DoJ was allowed to impersonate the commanding servers and send a Stop command to the botnet agents that were tethered to the 5 illegal computers, known as a command and control (C&C or CnC) servers. This is believed to be a precedent, and opens the door for more active countermeasures against these criminal money-making machine networks.

Following on from the earlier successes against the Rustock botnet in March, and the Waledac botnet in February, this action takes the war against these cyber crimanls a stage further.

Other links on the subject:

Microsoft Claims Rustock Botnet Takedown

Have you missed your daily dose of spam emails advertising everything from Viagra to fake pharmaceuticals and watches this week? According to a link spotted on eWeek, Microsoft is claiming responsibility for the takedown of the massive Rustock botnet, which stopped sending out spam midmorning on 16 March 2011.

This operation, known as Operation B107, is the second high-profile takedown in Microsoft’s joint effort between Microsoft Digital Crimes Unit (DCU), Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused.

The previous operation against the Waledac botnet (B49) followed a judgement by the US District Court of Eastern Virginia, that upheld a recommendation to grant Microsoft’s motion for the transfer of the domains behind the Waledac botnet to Microsoft.

The Rustock Botnet is estimated to have infected up to 1.7 million computers worldwide, and up to the end of 2010 may have been responsible for almost 50% of the spam sent worldwide. At times Rustock was capable of sending 30 billion spam e-mails per day.

The Rustock Botnet was identified as being more complicated than the Waledac botnet, using hard coded IP addresses rather than domain names, and peer-to peer command and control servers. To combat this Microsoft obtained a court order allowing them to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis.

The amount of computers which can be linked in a botnet is mind boggling, and because the bots are so versatile their use is limited only be the imagination of their controller, or bot-herder.

In order to combat botnets, Microsoft encourage every computer owner to make sure their machine isn’t doing a criminal’s dirty work. If you believe your computer may be infected by Rustock or other type of malware, we encourage you to visit support.microsoft.com/botnets for free information and resources to clean your computer.

Further links and resources

Finally, for everyone who likes comics, check out the Microsoft comic strip Terrifying Tales of Digital Delivery

Microsoft launches Internet Explorer 9

Microsoft has launched the finished version of its Internet Explorer 9 web browser, and at the same time started a campagn to rid the world of the dreaded IE6. The site called The Internet Explorer 6 Countdown, appears to be set on moving the world off Internet Explorer 6 – and about time too!

However, the joy at the launch of IE9 may not be ubiquitous; While Windows Vista or Windows 7 users can now download the full release version of IE9, XP users and Mac OS X or Linux users are not so fortunate. There are plenty of other browsers of course, including Firefox, Chrome, Safari, Opera, and many others to chose from, so there are plenty of alternatives to IE6.

Meanwhile on another front, a Downing Street petition is calling for the UK government to drop IE6 and move to a more modern browser. The petition highlights IE6 security flaws and uses outdated technology, creating a burden for developers. The petition comes as the Department of Health advised the NHS to move away from the old browser. How long will it be before other government departments catch on and realize that it is time to ditch the bad egg, which is well past it’s use by date.

If you are running Windows Vista or Windows 7, you can click here to download IE9

For a more critical view of the new browser from the Microsoft stable, read Five Reasons not to “Upgrade” to Windows’ Internet Explorer 9

Microsoft Takes Down The Waledac Botnet

In a post on the Official Microsoft blog, entitled Cracking Down on Botnets, Microsoft announced the takedown of the Waledac botnet, one of the 10 largest botnets in the United States and a major distributor of spam globally. Microsoft achieved this after a federal judge granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals.

In a complaint filed in the Eastern District of Virginia on the 22 February against John Does 1-27 et al, Microsoft alleged that the “Doe defendants have undertaken the forgoing acts with the knowledge that such acts would cause harm through the .com domains located in Virginia and through user computers located in Verginia, therby injuring Microsoft, its customers and others both in Virginia and elsewhere in the United States”. This argues that the Virginia Court has jurisdiction over the case regardless where the perpetrator reside.

The takedown of the Waledac botnet, or Operation B49 as it was known internally in Microsoft, was the result of months of investigation. The Waledac botnet is believed to have had the capacity to send over 1.5 billion spam emails per day. From Microsoft’s analysis, between 3-21 December 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone.

This legal and industry operation against Waledac is the first of its kind, but hopefully it won’t be the last. Microsoft has acted with experts from the international security communication to combat this menace to computer users everywhere. However, taking down the botnet is not the end of the story.

Thousands of computers are still infected with the Waledac computer worm, a self-replicating malware computer program. Although the zombies are now largely out of the bot-herders’ control, they are still infected with the original malware. Microsoft advise users people running Windows machines to visit the Microsoft Security Web site, where they can find Microsoft’s Malicious Software Removal Tool, which removes Waledac.

Links and resources relating to Microsoft Takes Down The Waledac Botnet:

Increase Your Productivity with Multi Monitor Graphic Cards

Have you ever wanted to see more of your spreadsheet on screen in one glance, without having to zoom out until the text is almost unreadable? Do you find that you are telling yourself that the job would be much easier if you could open two documents at one time and have them side by side on the screen? Do you feel that you could be even more productive if your display area was bigger?

This week we are looking at ways to increase your productivity using Multi Monitor Graphic Cards. Rather than opening up your PC case and installing another graphics card, a non-starter for laptop users, why not use an external device that splits your video output between two or more monitors? This is especially useful for notebook users, as it allows you to have maximum desktop space in the office, for maximum productivity, while still allowing you freedom on the move.

Matrox D2G-A2A-IF DualHead2Go Analog Edition Graphic Card

The first product we are looking at is the Matrox D2G-A2A-IF DualHead2Go Analog Edition Graphic Card

An external multi-monitor upgrade for notebooks and desktop computers which is ideal for business and professional users looking to increase their productivity with a dual monitor setup. Supports up to dual 1280 x 1024 Video Output, that is 2560 x 1024 (dual 1280 x 1024) at 60 Hz, provided your graphics card has enough memory.

This small box lets you run different applications on each monitor or view one application across two monitors. DualHead2Go is available in analog and digital editions.

Warning About Buying A Wireless Microphone System

Buying A Wireless Microphone System?
Are you considering purchasing a wireless microphone system, and are wondering which one to buy? There are a few questions you might like to ask your supplier before parting with some hard earned cash!

  • Do I need a licence to use it now, or in the future?
  • Will it be legal after 1st January 2012?
  • Can it use an unlicenced frequency band?

Users of Professional Wireless Microphone System (PWMS), should be wary of changes made to the wireless spectrum by Ofcom, the independent regulator and competition authority for the UK communications industries, will mean that after 1st January 2012, some equipment will have to change frequencies or be illegal. This affects equipment such as wireless microphones, wireless instrument links and in-ear monitors, which use Channel 69. Ofcom are having at the moment is regarding Channel 69, and selling those ranges off… the question is, what happens to wireless microphones that are currently licensed to use Channel 69?

The answer is that after 1st January 2012, users of wireless microphones, or any of the other equipment mentioned above on Channels 69 will run the risk of prosecution by Ofcom. After that, Channel 70 will still be free but will only have 4 usable frequencies and could be useless if other users (other events, churches, theatres, clubs etc.) are in range.

Using existing equipment on Channels 69 and 70 is OK without a licence until Jan 1st 2012. For specific details of frequencies that will be available in your area, see the UK Shared Wireless Microphone Spectrum tool provided by JFMG, below.

Ofcom have proposed to provide funding to eligible PMSE users who are affected by the clearing channel 69, but as usual there are some hoops to jump through, if you think you are going to be affected. First, users will need to register claims through the appointed PMSE funding scheme administrator, Equiniti Ltd. Registration opened on 23 September 2010 and will close at the end of December 2010.

Who is eligible for funding?
To be eligible for funding, a user must have held a licence to use channel 69 equipment on 2 February 2009 (when Ofcom gave notice that they planned to clear channel 69), or in the 12 months before this date. The only exception to this requirement is companies who can prove their business involves hiring out, rather than using, equipment which needs a channel 69 licence.

Users will only be able to receive funding for working equipment that tunes to channel 69 but not channel 38. They must have bought that equipment before 30 June 2009 (when Ofcom confirmed channel 38 would be replacing channel 69).

The Ofcom proposed funding scheme aimed to help those affected by the changes can be summarized as follows. Those eligible would be:

  • Users who purchased before 2nd February 2009 equipment capable of tuning to Channel 69 but not Channel 38 and were in possession of a valid Channel 69 licence after 2nd February 2008.
  • Licensed users who needed to buy Channel 69 equipment between February 2009 and 30 June 2009.
  • and Rental companies

Users who will not be eligible for funding under the proposals are:

  • Channel 31 – 37 users.
  • Channel 60 – 68 users.
  • Users whose equipment does not tune to Channel 69.
  • Users whose equipment tunes to Channel 69 but also tunes to Channel 38.
  • Users who have never held a licence to operate Channel 69.
  • Users who purchase Channel 69 equipment after 30 June 2009.

To find out more check out the following links:

If you are currently considering buying a wireless microphone system, make sure that you ask the supplier to confirm that it will operate in the free Channel 70, or consider buying a licence for channel 38. After 2012 only channel 70 may be used for free, and channel 38 may only be used with a licence. You have been warned!

The Network for the Post-Bureaucratic Age Featured Blog

The featured Blog this week is The Network for the Post-Bureaucratic Age, which is a WordPress Blog hosted at WordPress.com. It uses the Freshy theme by Jide and may be described as a comparative newcomer in the blogosphere, with its first post date-stamped on 28th June 2010.

The current headline post dated 8th September 2010 is a leader for a report entitled Better for Less: How to make Government IT deliver saving. This critical report by Liam Maxwell investigates the quagmire of government IT. In fact you might say that he has slammed the whole way that Government IT procurement is handled. The report is linked from the site, and should be read by anyone in government IT with responsibility for procurement.

The main reasons for singling out this site as a featured blog, is more about what it represents rather than it’s august history. This is a Think Tank, close to government which is criticizing the status quo. We consider that at least five of the seven examples of potential saving have merit, and the others may be examples where savings could be made without massive changes to the infrastructure

  • A test environment for development companies with easy access to rack-space
  • Open Source on the desktop through the use of Open Document Format
  • New models sought for software framework (may we suggest Apache, My SQL, PHP for a start)
  • Commoditization of Email and office productivity
  • Common Security Framework
  • Migrating Schools to Free email services
  • Prizes for IT innovation in education

Plaudits to The Network for the Post-Bureaucratic Age for hosting this message on WordPress.com and using the most popular blogging platform on the planet – WordPress!

Click here to visit The Network for the Post-Bureaucratic Age

Town uses Google Earth to find Swimming Pools

The Town of Riverhead, Long Island, New York, has earn itself a place in the history of technology by employing the services of Google Earth to find swimming pools which did not have a permit. Chief Building Inspector Leroy Barnes Jr. declared that 250 permit-free pools had been identified thanks to Google’s technology. According to Chris Matyszczyk, The town has reportedly earned $75,000 through this activity.

I wonder if Google will be contacting the Chief Building Inspector to ascertain the amount of compensation to be paid for breach of the Google Earth End User License Agreement, which I note reads as follows:

1. USE OF SOFTWARE The Software is made available to you for your personal, non-commercial use only. You may not use the Software or the geographical information made available for display using the Software, or any prints or screen outputs generated with the Software in any commercial or business environment or for any commercial or business purposes for yourself or any third parties.

Riverhead’s no doubt honorable intention would be to stick within the letter of the law, so may I suggest that they donate the additional revenue to charity, as being income that they would not otherwise have been able to legally obtain. Remember, you can’t even use free Google Earth at work for personal reasons.

Then there is just the matter of the unpaid fees to Google…

To read the original article by Chris Matyszczyk, click here to see his posting on Technically Incorrect.

For more on the use of Google Earth, see the WordPress blog post by James Fee on Geospatial Technology, Web Mapping and Spatial Services website

Search Google Google Earth to find Swimming Pools