[Last week I got quite a number of these messages and I got quite suspicious having read, 3 days earlier, how the FBI planted bugs by tricking users to compromised site.YOU MAY AVOID CLICKING FUNNY ENTICING EMAIL LINKS] [WIRED] http://www.wired.com/politics/law/news/2007/07/fbi_spyware FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats --Excerpts-- FBI agents trying to track the source of e-mailed bomb threats against a Washington high school last month sent the suspect a secret surveillance program designed to surreptitiously monitor him and report back to a government server, according to an FBI affidavit obtained by Wired News. The court filing offers the first public glimpse into the bureau's long-suspected spyware capability, in which the FBI adopts techniques more common to online criminals. The software was sent to the owner of an anonymous MySpace profile linked to bomb threats against Timberline High School near Seattle... ..the spyware program gathers a wide range of information, including the computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL. The CIPAV then settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every computer to which the machine connects for up to 60 days. ---- [WWWhatsup NYC] http://www.informationweek.com/security/showArticle.jhtml?articleID=20120084... Storm Worm Erupts Into Worst Virus Attack In 2 Years Storm worm authors are blasting the Internet with two types of attacks, and both are aimed at building up their botnet. By Sharon Gaudin InformationWeek July 24, 2007 04:19 PM The Storm worm authors are waging a multi-pronged attack and generating the largest virus attack some researchers say they've seen in two years. "We are basically in the midst of an incredibly large attack," said Adam Swidler, a senior manager with security company Postini. "It's the most sustained attack that we've seen. There's been nine to 10 days straight days of attack at this level." Swidler said in an interview with InformationWeek that the attack started a little more than a week ago, and Postini since then has recorded 200 million spam e-mails luring users to malicious Web sites. Before this attack, an average day sees about 1 million virus-laden e-mails, according to Postini. Last Thursday, however, the company tracked 42 million Storm-related messages in that day alone. As of Tuesday afternoon, Postini researchers were predicting they would see that day between 4 million and 6 million virus e-mails -- 99% of them associated with the Storm worm. While the number of spam e-mails has dropped significantly, it's still far above normal levels, so Swidler isn't ready to say the attack is over. The viruses are not embedded in the e-mails or in attachments. The e-mails, many of them otherwise empty, contain a link to a compromised Web site where machines are infected with a generic downloader. This helps pull the computers into the malware authors' growing botnet, while also leaving them open for further infection at a later date. "This is designed to add computers to the botnet," said Swidler. "That's first and foremost their goal." But the Storm worm authors aren't contenting themselves with this one attack vector. Paul Henry, VP of technologies with Secure Computing, said in an interview that the electronic greeting card spam scam that the Storm worm authors launched early in July is stronger than ever. He noted that a friend of his has a company with 100 users and they're being hit with about 300 e-card spams every day. "Back in December, we saw a huge spike in e-card spams because of the holiday," he added. "We are at the levels we were seeing back in December right now Most security professionals thought it would show up for Independence Day and then fade immediately, but it's been escalating for the last few weeks. It's definitely a pain point." Again, the e-card spam message, which install rootkits in the infected computers, are working to build a botnet. Henry could not say if it's the same botnet as the other messages are building. "I have seen thousands of these e-mails since Independence Day. It's got to be working for them or they wouldn't keep doing it," said Henry. Just a few weeks ago, the Storm worm authors began trying to trick users with fraudulent e-mails warning unsuspecting users about virus or spyware infections. Users around the world were receiving spam messages claiming that viruses or spyware had been detected on the users' systems. It was another attempt to lure users to malicious sites where their computers could be infected. ____________________________________________________________________________________ Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center. http://autos.yahoo.com/green_center/