Before meeting Randy by chance, had 4 different supposed specialists try to provide a solid and dependable universal WIFI system for my business which covered 6 acres, and had over 70 residents not including motel and RV guests; all to no avail, and thousands of dollars spent.

Within  1 week Randy had ordered the proper equipment and had a viable system that supplied all the service we needed. He maintained and modified the system as needed from where ever he was in the world remotely, and within minutes of my call, he completed all I asked.

My opinion of Randy Vanderveer is; he is a (hyper) intelligent young man, who has laser type focus into all he delves. He is utterly obsessive about perfection in his work. He has shown me absolute promptness in returning all calls, completing work on time, and to specification, and maintaining said work with pride. You could do no better than he for computer technical work. He now maintains all of my families computers (7) remotely. He has become a close friend who will rush to our aid. This man has the highest of work ethics. By having access to my families computers he could easily abscond with exceedingly valuable information and assets at any time.

I have never had a second thought of his integrity being less than my closest confidante. Feel free to call me any time.

-Peter Gordon

Respectfully,

Peter Gordon, Vice President

Carter’s Motel & Mobile Village

2450 S. Ridgewood Ave

Edgewater, FL 32141

(386) 314-4189 Cell

http://www.cartersmotel.com

Original release date: December 2, 2009 at 9:56 am
Last revised: December 2, 2009 at 9:56 am

US-CERT is aware of public reports of a malware campaign circulating.

This campaign is circulating via email messages offering information
regarding the H1N1 vaccination. This email messages contain a link to
a bogus Centers for Disease Control and Prevention website. Users who
click on this link may become infected with malware. Public reports
indicate that these email messages are noted as having subject lines
such as: “Governmental registration program on the H1N1 vaccination”
and “Your personal vaccination profile.” Please note that subject
lines may change at any time.

Original release date: December 1, 2009 at 1:58 pm
Last revised: December 1, 2009 at 1:58 pm

Research In Motion has released a security advisory to address
multiple vulnerabilities in the PDF distiller of some released
versions of the BlackBerry Attachment Service. The advisory lists the
affected versions as BlackBerry Enterprise Server 5.0.0 running on
Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server
5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server
software versions 4.1.3 through 4.1.7, and BlackBerry Professional
Software 4.1.4. By convincing a user to view a specially crafted PDF
file, an attacker may be able to execute arbitrary code or cause a
denial-of-service condition on the system that hosts the BlackBerry
Attachment Service.

US-CERT encourages users and administrators to review BlackBerry
security advisory KB19860 and apply any necessary updates.

Original release date: November 24, 2009 at 2:42 pm
Last revised: November 24, 2009 at 2:42 pm

US-CERT is aware of public reports of malicious code circulating via
phishing email messages that appear to come from the Social Security
Administration. The messages indicate that the users’ annual Social
Security statements may contain errors and instruct users to follow a
link to review their Social Security statement. If users click this
link, they will be redirected to a seemingly legitimate website that
prompts them for their Social Security number. If users enter their
Social Security number and continue to the next page, they will be
given an option to generate a statement. If users attempt to generate
a statement, malicious code may be installed on their systems. This
malicious code attempts to collect online banking traffic to gain
access to the users’ bank accounts.

US-CERT encourages users and administrators to take the following
preventative measures to help mitigate the security risks:
* Install antivirus software, and keep the virus signatures up to
date.
* Do not follow unsolicited links and do not open unsolicited email
messages.
* Use caution when visiting untrusted websites.
* Use caution when entering personal information online.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Users are encouraged to contact the Social Security Administration to
verify the authenticity of any messages. Additional information will
be provided as it becomes available.

Link to Ap story: HERE

Framed for child porn _ by a PC virus

By JORDAN ROBERTSON (AP) – 2 days ago

Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.

Heinous pictures and videos can be deposited on computers by viruses — the malicious programs better known for swiping your credit card numbers. In this twist, it’s your reputation that’s stolen.

Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they’ll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.

Whatever the motivation, you get child porn on your computer — and might not realize it until police knock at your door.

An Associated Press investigation found cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence.

Their situations are complicated by the fact that actual pedophiles often blame viruses — a defense rightfully viewed with skepticism by law enforcement.

“It’s an example of the old `dog ate my homework’ excuse,” says Phil Malone, director of the Cyberlaw Clinic at Harvard’s Berkman Center for Internet & Society. “The problem is, sometimes the dog does eat your homework.”

The AP’s investigation included interviewing people who had been found with child porn on their computers. The AP reviewed court records and spoke to prosecutors, police and computer examiners.

One case involved Michael Fiola, a former investigator with the Massachusetts agency that oversees workers’ compensation.

In 2007, Fiola’s bosses became suspicious after the Internet bill for his state-issued laptop showed that he used 4 1/2 times more data than his colleagues. A technician found child porn in the PC folder that stores images viewed online.

Fiola was fired and charged with possession of child pornography, which carries up to five years in prison. He endured death threats, his car tires were slashed and he was shunned by friends.

Fiola and his wife fought the case, spending $250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car.

An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half.

Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.

The Fiolas say they have health problems from the stress of the case. They say they’ve talked to dozens of lawyers but can’t get one to sue the state, because of a cap on the amount they can recover.

“It ruined my life, my wife’s life and my family’s life,” he says.

The Massachusetts attorney general’s office, which charged Fiola, declined interview requests.

At any moment, about 20 million of the estimated 1 billion Internet-connected PCs worldwide are infected with viruses that could give hackers full control, according to security software maker F-Secure Corp. Computers often get infected when people open e-mail attachments from unknown sources or visit a malicious Web page.

Pedophiles can tap viruses in several ways. The simplest is to force someone else’s computer to surf child porn sites, collecting images along the way. Or a computer can be made into a warehouse for pictures and videos that can be viewed remotely when the PC is online.

“They’re kind of like locusts that descend on a cornfield: They eat up everything in sight and they move on to the next cornfield,” says Eric Goldman, academic director of the High Tech Law Institute at Santa Clara University. Goldman has represented Web companies that discovered child pornographers were abusing their legitimate services.

But pedophiles need not be involved: Child porn can land on a computer in a sick prank or an attempt to frame the PC’s owner.

In the first publicly known cases of individuals being victimized, two men in the United Kingdom were cleared in 2003 after viruses were shown to have been responsible for the child porn on their PCs.

In one case, an infected e-mail or pop-up ad poisoned a defense contractor’s PC and downloaded the offensive pictures.

In the other, a virus changed the home page on a man’s Web browser to display child porn, a discovery made by his 7-year-old daughter. The man spent more than a week in jail and three months in a halfway house, and lost custody of his daughter.

Chris Watts, a computer examiner in Britain, says he helped clear a hotel manager whose co-workers found child porn on the PC they shared with him.

Watts found that while surfing the Internet for ways to play computer games without paying for them, the manager had visited a site for pirated software. It redirected visitors to child porn sites if they were inactive for a certain period.

In all these cases, the central evidence wasn’t in dispute: Pornography was on a computer. But proving how it got there was difficult.

Tami Loehrs, who inspected Fiola’s computer, recalls a case in Arizona in which a computer was so “extensively infected” that it would be “virtually impossible” to prove what an indictment alleged: that a 16-year-old who used the PC had uploaded child pornography to a Yahoo group.

Prosecutors dropped the charge and let the boy plead guilty to a separate crime that kept him out of jail, though they say they did it only because of his age and lack of a criminal record.

Many prosecutors say blaming a computer virus for child porn is a new version of an old ploy.

“We call it the SODDI defense: Some Other Dude Did It,” says James Anderson, a federal prosecutor in Wyoming.

However, forensic examiners say it would be hard for a pedophile to get away with his crime by using a bogus virus defense.

“I personally would feel more comfortable investing my retirement in the lottery before trying to defend myself with that,” says forensics specialist Jeff Fischbach.

Even careful child porn collectors tend to leave incriminating e-mails, DVDs or other clues. Virus defenses are no match for such evidence, says Damon King, trial attorney for the U.S. Justice Department’s Child Exploitation and Obscenity Section.

But while the virus defense does not appear to be letting real pedophiles out of trouble, there have been cases in which forensic examiners insist that legitimate claims did not get completely aired.

Loehrs points to Ned Solon of Casper, Wyo., who is serving six years for child porn found in a folder used by a file-sharing program on his computer.

Solon admits he used the program to download video games and adult porn — but not child porn. So what could explain that material?

Loehrs testified that Solon’s antivirus software wasn’t working properly and appeared to have shut off for long stretches, a sign of an infection. She found no evidence the five child porn videos on Solon’s computer had been viewed or downloaded fully. The porn was in a folder the file-sharing program labeled as “incomplete” because the downloads were canceled or generated an error.

This defense was curtailed, however, when Loehrs ended her investigation in a dispute with the judge over her fees. Computer exams can cost tens of thousands of dollars. Defendants can ask the courts to pay, but sometimes judges balk at the price. Although Loehrs stopped working for Solon, she argues he is innocent.

“I don’t think it was him, I really don’t,” Loehrs says. “There was too much evidence that it wasn’t him.”

The prosecution’s forensics expert, Randy Huff, maintains that Solon’s antivirus software was working properly. And he says he ran other antivirus programs on the computer and didn’t find an infection — although security experts say antivirus scans frequently miss things.

“He actually had a very clean computer compared to some of the other cases I do,” Huff says.

The jury took two hours to convict Solon.

“Everybody feels they’re innocent in prison. Nobody believes me because that’s what everybody says,” says Solon, whose case is being appealed. “All I know is I did not do it. I never put the stuff on there. I never saw the stuff on there. I can only hope that someday the truth will come out.”

But can it? It can be impossible to tell with certainty how a file got onto a PC.

“Computers are not to be trusted,” says Jeremiah Grossman, founder of WhiteHat Security Inc. He describes it as “painfully simple” to get a computer to download something the owner doesn’t want — whether it’s a program that displays ads or one that stores illegal pictures.

It’s possible, Grossman says, that more illicit material is waiting to be discovered.

“Just because it’s there doesn’t mean the person intended for it to be there — whatever it is, child porn included.”

Copyright © 2009 The Associated Press. All rights reserved.

Related articles

• Oh Sh*t: New Viruses Download Child Porn Onto Your Computer
  Gizmodo.com – 25 minutes ago
• AP: Virus Downloads Child Porn to Your Computer
  CBS 21 – 17 hours ago
• Why is Child Pornography on Your PC?
  Blogger News Network (blog) – 1 day ago

UPDATE: Researchers have discovered a new variant of the Conficker Worm on April 9, 2009. This variant updates earlier infections via its peer to peer (P2P) network as well as resuming scan-and-infect activity against unpatched systems. Public reporting indicates that this variant attempts to download additional malicious code onto victim systems, possibly including copies of the Waledac Trojan, a spam-oriented malicious application which has previously propagated only via bogus email messages containing malicious links.

US-CERT is aware of public reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 patch from Microsoft.

Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites: http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx http://www.mcafee.com

If a user is unable to reach any of these websites, it may indicate a Conficker/Downadup infection. The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them. If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet – in the case for home users.

UPDATED: US-CERT encourages users to take the following preventative measures to help prevent a Conficker/Downadup infection:

added March 5, 2009 at 04:08 pm
US-CERT is aware of reports of economic stimulus scams circulating. These scams are being conducted through both email and malicious websites. 

Some of the email scam messages request personal information, which can then be used for identity theft. Other email scam messages offer to deposit the stimulus funds directly into users’ bank accounts. If users provide their banking information, the attackers may be able to withdraw funds from the users’ accounts.

The website scams entice users by claiming that they can help them get money from the stimulus fund. These websites typically request payment for their services. If users provide their credit card information, the attackers running the malicious sites may make unauthorized charges to the card, or charge users more than the agreed upon terms.

US-CERT encourages users to do the following to help mitigate the risks:

• Review the Federal Trade Commission alert about economic stimulus scams.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

added March 4, 2009 at 11:53 am
US-CERT is aware of public reports of malicious code spreading via popular social networking sites including myspace.com, facebook.com, hi5.com, friendster.com, myyearbook.com, bebo.com, and livejournal.com.

The reports indicate that the malware, named Koobface, is spreading through invitations from a user’s contact that include a link to view a video. If the users click on the link in this invitation, they are prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update, it is malicious code.

Additionally, some of the reports indicate that there are multiple bogus Facebook applications being used to obtain users’ private information.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signature files up to date.
• Do not follow unsolicited links.
• Use caution when downloading and installing applications.
• Obtain software applications and updates directly from the vendor’s website.
• Refer to the Staying Safe on Social Networking Sites document for more information on safe use of social networking sites.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

added February 23, 2009 at 05:02 pm

*For Immediate remote support in removing Conficker B++, call (509) 438-0990. For more info, please visit LIVE SUPPORT.

US-CERT is aware of public reports concerning a new variant of the Conficker/Downadup worm, named Conficker B++. This variant propagates itself via multiple methods, including exploitation of the previously patched vulnerability, password guessing, and the infection of removable media. Most significantly, Conficker B++ implements a new backdoor with “auto-update” functionality, allowing machines compromised by the new variant to have additional malicious code installed on them. According to Microsoft, there is no indication that systems infected with previous variants of Conficker can automatically be re-infected with the B++ variant.

US-CERT strongly encourages users to update unpatched systems as soon as possible.

Additionally, US-CERT recommends that users take the following preventative measures to help mitigate the security risks:

Install antivirus software, and keep the virus signatures up to date.

• Review the Microsoft Malware Protection Center blog entry for details regarding the worm.
• Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting removable media.

Conficker A/B Top-Level Control Flow

Figure 1  illustrates a flow diagram of the main thread for both variants of the Conficker agent, A and B.  In both cases, the Conficker agent is distributed and run as a dynamically linked library. Its base code has been compiled as a DLL and its DLLMain function initiates the main thread represented by the diagram.  The agent code proceeds by first checking the Windows version, and based on this result creates a remote thread in processes such as svchost.exe.  This is done by invoking LoadLibrary, where the copy of the DLL is passed as an argument.  The malicious library then copies itself in the system root directory under a random file name. After initiating the use of Winsock DLL, the bulk of the malicious code logic is executed.

Figure 1: Conficker A (left) /B (right): Top-level control flow

Next, Conficker A enters an infinite loop, within which it generates a list of 250 domain names (rendezvous points).  The name-generation function is based on a randomizing function that it seeds with the current UTC system date.  The same list of 250 names is generated every 3 hours, i.e., 8 times per day.  All Conficker clients, with system clocks that are at minimum synchronized to the current UTC date, will compute and attempt to contact the same set of domains. When contacting a domain for which a valid IP address has been registered, Conficker clients send a URL request to TCP port 80 of the target IP, and if a Windows binary is returned, it will be validated via a locally stored public key, stored on the victim host, and executed.  If the computer is not connected to the Internet, then the malicious code will check for connectivity every 60 seconds.  When the computer is connected, Conficker A will execute the domain name generation subroutine, contacting every registered domain in the current 250-name set to inquire if an executable is available for download. 

Conficker B is a rewrite of Conficker A with the following noticeable differences.  First, Conficker A incorporates a Ukraine-avoidance routine that causes the process to suicide if the keyboard language layout has been set to Ukrainian. Conficker B does not include this keyboard check.  B also uses different mutex strings and patches a number of Windows APIs, and attempts to disable its victim’s local security defenses by terminating the execution of a predefined set of antivirus products it finds on the machine.  It has significantly more suicide logic embedded in its code, and employs anti-debugging features to avoid reverse engineering attempts.

Conficker B uses a different set of sites to query its external-facing IP address www.getmyip.org, www.whatsmyipaddress.com, www.whatismyip.org, checkip.dyndns.org.  It does not download the fraudware Antivirus XP software that version A attempts to download.   Conficker’s propagation methods vary among A and B and are described in Section Conficker Propagation.  Furthermore, a recent analysis by Symantec has uncovered that the GeoIP file is directly embedded in the Conficker B binary as a compressed RAR (Roshal archive) file encrypted using RC4 [11]. 

Like Conficker A, after a relatively short initialization phase  followed by a scan and infect stage,  Conficker B proceeds to generate a daily list of domains to probe for the download of an additional payload.  Conficker B builds its candidate set of rendezvous points every 2 hours, using a similar algorithm.  But it uses different seeds and also appends three additional top-level domains.  The result is that the daily domain lists generated by A and B do not overlap.

Binary Download and Validation

Among the key functions of Conficker is that of probing the daily set of Internet rendezvous points for a new Windows executable file to download and execute.  This mechanism provides an effective binary updating service similar to that of other traditional botnets, with the exception that the Conficker update service is highly mobile and its location (i.e., to date we have not confirmed this feature in use by the malware authors) is recomputed each day by all infected clients.    Although many groups have been able to break the domain generation algorithm and  registered rendezvous points, Conficker’s authors have taken care to ensure that other groups cannot upload arbitrary binaries to its infected drones.

Both Conficker A and B clients incorporate a binary validation mechanism to ensure that a downloaded binary has been signed by the Conficker authors.  Figure 2 illustrates the download validation procedure used to verify the authenticity of binaries pulled from Internet rendezvous points.   The procedure begins with Conficker’s authors computing a 512-bit hash M of the Windows binary that will be downloaded to the client.  The binary is then encrypted using the symmetric stream cipher RC4 algorithm with password M.   Next, the authors compute a digital signature using an RSA encryption scheme, as follows:  M^epriv mod N = Sig,  where N is a public modulus that is embedded in all Conficker client binaries.   Sig is then appended to the encrypted binary, and together they can be pushed to all infected Conficker clients that connect to the appropriate rendezvous point.

Original release date: February 6, 2009 at 10:03 am
Last revised: February 6, 2009 at 10:03 am

US-CERT is aware of public reports indicating that phishing scams are
circulating via fraudulent U.S. Internal Revenue Service emails
offering users stimulus package payments. These emails include text
that attempts to convince users to follow a link to a website or to
complete an attached document. The website and document request that
the user provide personal information.

US-CERT encourages users to do the following to help mitigate the
risks:
* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
(pdf) document for more information on social engineering attacks.