Data Recovery in the Event of a Hard Drive Failure

Recently I blogged about the dramatic reduction in spam across the Internet, literally overnight. It seems that nothing lasts forever. The huge crime cartel responsible for the majority of spam sent across the Internet managed to resurrect itself after being shut down back in November. The post is copied below for your review. All the more reason to have a GOOD Antispam solution in place for your company. The money you spend for employees to sift through this junk would amaze you, and the cost of a decent antispam solution will immediately pay for itself, many times over in a very short period of time. 

To Your Success, 

 Tim

 

A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals.
The "Srizbi" botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer at FireEye Inc., when the infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia.
Srizbi was knocked out more than two weeks ago when
McColo Corp., a hosting company that had been accused of harboring a wide range of criminal activities, was yanked off the Internet by its upstream service providers. With McColo down, PCs infected with Srizbi and other bot Trojan horses were unable to communicate with their command servers, which had been hosted by McColo. As a result, spam levels dropped precipitously.
But as
other researchers noted last week, Srizbi had a fallback strategy. In the end, that strategy paid off for the criminals who control the botnet.
According to Gong, when Srizbi bots were unable to connect with the command-and-control servers hosted by McColo, they tried to connect with new servers via domains that were generated on the fly by an internal algorithm. FireEye reverse-engineered Srizbi, rooted out that algorithm and used it to predict, then preemptively register, several hundred of the possible routing domains.
The domain names, said Gong, were generated on a three-day cycle, and for a while, FireEye was able to keep up -- and effectively block Srizbi's handlers from regaining control.
"We have registered a couple hundred domains," Gong said, "but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."
Once FireEye stopped preempting Srizbi's makers, the latter swooped in and registered the five domains in the next cycle. Those domains, in turn, pointed Srizbi bots to the new command-and-control servers, which then immediately updated the infected machines to a new version of the malware.
"Once each bot was updated, the next command was to send spam," said Gong, who noted that the first campaign used a template targeting Russian speakers.
The updated Srizbi includes hard-coded references to the Estonian command-and-control servers, but Gong was unaware of any current attempt to convince the firm now hosting those servers to yank them off the Web.
In the meantime, FireEye is working with several other companies -- including
VeriSign Inc., Microsoft Corp. and Network Solutions Inc., a domain registrar -- on ways to reach the more than 100,000 users whose PCs FireEye has identified as infected with Srizbi.
Discussions about how to best handle any future McColo-Srizbi situation are also ongoing, Gong said. "We're trying to find a solution, and talking about ideas of how they can help fund efforts for some period of time to [preemptively] register domains," he said
.

With Christmas shopping in full swing, do not be swayed by salespeople trying to sell you Microsoft Office Home and Student Edition for your business. You CANNOT legally use this version of Office in your business operations. If you want proof, the licensing terms are here.

 In the licensing terms, you will find the following listed under INSTALLATION AND USE RIGHTS under section a. It says: “Licensed Device. You may install one copy of the software on three licensed devices in your household for use by people who reside there. The software is not licensed for use in any commercial, non-profit, or revenue generating business activities.”

 It's written in plain and simple english. You can't do it, regardless of what someone at the big box store on the freeway tells you. Don't put your business in the position of using unlicensed software. It may just cost you a whole lot more than what you initially saved. 

To Your Success, 

 Tim

Today, Microsoft released a patch out of band (OOB) or separate from its normal patch schedule. This is the second time Microsoft has released a patch in this fashion in as many months. This patch resolves a publicly known vulnerability called the "Zero Day Exploit" that affects Internet Explorer in various versions. 

If you haven't applied this patch to your systems yet, I highly recommend you do so immediately. You can find the information regarding the issue and the patch at Security Bulletin MS08-078. 

It should be noted that there seems to be mixed feelings among IT professionals on whether this patch should have been released out of band, or bundled during the normal "patch Tuesday" for Microsoft products. I, for one, am glad to see Microsoft step up and offer this patch out of band. You can never be too careful, IMHO. 

 To Your Success, 

 Tim

I am proud to announce that I will be hosting a daily Monday through Friday computer radio show starting sometime in late January. We have tentatively named the show the "Geek Free Radio Show". 

The show will air on KSET (stands for Southeast Texas) 1300AM. This new station is an ALL local talk format, which is sorely lacking in this area. I intend to focus the show on small and medium business technologies and how they affect those businesses. We will also cover home users, and other computer related news. Interviews with various technology vendors, software reviews, and a lot more to come. The station will also stream via the Internet. I hope you will join us. 

I welcome your comments on the show name, suggestions for topics, etc. I will post more details in the coming days. 

 To Your Success, 

 Tim