110,000 PC-strong Kelihos botnet sidelined

A new version of the Kelihos spamming botnet has been sidelined by using the peer-to-peer distribution mechanism to basically hijack it, researchers announced today.

The botnet, which was used mostly to distribute spam for Canadian pharmaceutical firms but also stole bitcoin wallets containing virtual currency, was about three times larger than an earlier variant, according to CrowdStrike, the security firm that worked with Kaspersky, Dell SecureWorks, and Honeynet Project to shut down the botnet.

The researchers reverse-engineered the malware code and wrote their own software that rerouted infected computers to communicate with servers controlled by researchers and law enforcement rather than servers operated by the malware creators where they would get instructions for sending spam.

"Last week they began poisoning Kelihos.B using the peer-to-peer mechanism and within minutes we were talking to 110,000 infected machines and sending them to our sinkhole," which is composed of benign servers controlled by researchers, Adam Meyers, director of intelligence at CrowdStrike, told CNET. "This is a cool factor. That we were able to use one of the attributes of the botnet, the peer-to-peer networking, against it."

The researchers injected their code into the botnet by sending it out to a number of infected computers that in turn sent it on to others in a viral distribution manner. "Eventually, the code overtakes the network and the bad guys lose control," Meyers said.

The sinkhole collects data from the infected computers, such as IP address and operating system version. The statistics allowed indicated that more than 9,400 computers were running Windows 7, just a few hundred more than those running Windows XP.

Researchers are working with Internet service providers to identify the infected machines and help get the malware removed from them, according to Meyers.
It's unclear who is behind Kelihos, he said. It was created last October after Microsoft used a sinkhole to halt the original Kelihos botnet, which had infected about 41,000 computers.

The latest Kelihos used servers with hosts registered in Sweden, Russia and Ukraine that were controlled by a botmaster, according to CrowdStrike. The command-and-control infrastructure used by the botnet was abandoned by the gang operating it two days after the researchers began hijacking it using the peer-to-peer feature, the company said.

Earlier this week, Microsoft announced that U.S.Marshals seized command-and-control servers used to control Zeus botnets that had been used to steal more than $100 million via 13 million infected computers.
Updated 7:47 a.m. PT to clarify that Windows 7 had the most infections.

For any and all your computer needs visit us at www.nicholspchelp.com

With ‘Play,’ Google Serves Up Its iTunes Moment

Google unveiled Google Play on Tuesday, a grand plan to unify all the media it serves up from various portals to one recognizable brand identity and location. Call it Google’s iTunes moment.

Instead of separating media by category — Google Music, Android Market, Google Books — all of Google’s disparate sources will be accesible from a very iTunes-like storefront, accessible via the web or through apps on Android smartphones and tablets.

“This is about going beyond just Android,” said Google engineering director Chris Yerga in an interview.

It’s a branding thing, sure, but more than that. It’s part of a maturing process that Google’s steady introduction of cloud-based media options has more or less compelled. Even as Android devices rose to a position of market leadership over the past four years, Google’s content-side efforts have floundered; Google took 2.5 years to unveil an Android app web store, and more than three years to launch its music retail service.
Success may hinge as much on a simpler experience as what sounds … inviting. Do you prefer the word “Android,” or “Play?”

As one would hope, your files won’t move, your past purchases won’t change. And as always, you’ll log in with your Google account information to access all of your content from mobile devices or the web.

As big a step Google Play is, not a great deal will change. Movies, music and apps aren’t going anywhere; instead, they’ll be rebranded across the app and web interfaces. The Google Music app, for instance, becomes “Play Music” on your Android devices. Google Books, similarly, changes to “Play Books.” But gone is “Android Market” — in name only. Google rebranded the market as the “Play Store,” which, like the Market, will be available both on the web and on phones and tablets.

The unification exercise aims to address a natural fragmentation which came from rolling out services piecemeal. Android Market, for instance, made sense as a go-to destination for Android apps, programs to be used on Android devices. But Google Music users may not be inclined to go to — or even think of going to — the Android Market for MP3 purchases. And Google Books was practically off in its own orbit, with a web store entirely separate from the Android Market until recently.

Contrast this with Apple’s iTunes model, a desktop application which pre-dates even the iPod (and all of mobile) and funnels all Apple-sold music, movies and books through one unified, idiot-proof storefront.

Google’s unification efforts, though, aren’t as simple as Apple’s early iTunes days. Part of Android’s great allure has been its ability to sync content across devices wirelessly, with no need to hardwire your smartphone or tablet in to your laptop for app or music file transfer. That’s been Apple’s greatest negative (until the recent launch of iCloud), and Google’s biggest potential advantage.

It’s a start. Ultimately, Google needs to execute well to boost its mobile content bottom line. In Apple’s last fiscal quarter alone, iTunes sales accounted for $1.7 billion in company revenues. Google isn’t sharing any information on its mobile content sales business (which isn’t a good sign), but has seen over 10 billion app downloads, and has cultivated a customer base of over 4 million Google Music users since the service’s full roll-out in November.

U.S. users should expect to see the changes appear in the form of Google app updates and a web portal face lift in the coming days. Only limited offerings will appear in Canada, the U.K., Australia and Japan for now, though Google has made it clear the initiative will eventually be a global one.

For any and all your computer needs visit us at www.nicholspchelp.com

If you're using 'Password1,' change it. Now.

The number one way hackers get into protected systems isn't through a fancy technical exploit. It's by guessing the password.
That's not too hard when the most common password used on business systems is "Password1."

There's a technical reason for Password1's popularity: It's got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft's (MSFT, Fortune 500) widely used Active Directory identity management software.
Security services firm Trustwave spotlighted the "Password1" problem in its recently released "2012 Global Security Report," which summarizes the firm's findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations.

Around 5% of passwords involve a variation of the word "password," the company's researchers found. The runner-up, "welcome," turns up in more than 1%.
Easily guessable or entirely blank passwords were the most common vulnerability Trustwave's SpiderLabs unit found in its penetration tests last year on clients' systems. The firm set an assortment of widely available password-cracking tools loose on 2.5 million passwords, and successfully broke more than 2.1 million of them.

Verizon came up with similar results in its 2012 Data Breach Investigations Report, one of the security industry's most comprehensive annual studies. The full report will be released in several months, but Verizon (VZ, Fortune 500) previewed some of its findings at this week's RSA conference in San Francisco.

Exploiting weak or guessable passwords was the top method attackers used to gain access last year. It played a role in 29% of the security breaches Verizon's response team investigated.

Verizon's scariest finding was that attackers are often inside victims' networks for months or years before they're discovered. Less than 20% of the intrusions Verizon studied were discovered within days, let alone hours.

Even scarier: Few companies discovered the breach on their own. More than two-thirds learned they'd been attacked only after an external party, such as a law-enforcement agency, notified them. Trustwave's findings were almost identical: Only 16% of the cases it investigated last year were internally detected.
So if your password is something guessable, what's the best way to make it more secure? Make it longer.

Adding complexity to your password -- swapping "password" for "p@S$w0rd" -- protects against so-called "dictionary" attacks, which automatically check against a list of standard words.

But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion.

Even a few quadrillion options isn't a big deal for modern machines, though. Using a $1,500 computer built with off-the-shelf parts, it took Trustwave just 10 hours to harvest its first 200,000 broken passwords.

"We've got to get ourselves using stuff larger than human memory capacity," independent security researcher Dan Kaminsky said during an RSA presentation on why passwords don't work.
He acknowledged that it's an uphill fight. Biometric authentication, smartcards, one-time key generators and other solutions can increase security, but at the cost of adding complexity.

"The fundamental win of the password over every other authentication technology is its utter simplicity on every device," Kaminsky said. "This is, of course, also their fundamental failing."

For any and all your computer needs visit us at www.nicholspchelp.com

New Blog!

Nichols PC Help your Everything Technology company, is now keeping you up to date with all the latest need to know information about Viruses, New Software, and great Deals! Add Nichols Pc Help to your bookmarks and check with us often!

For any and all your computer needs visit us at www.nicholspchelp.com