"Harvey Investment Company" bogus emails

The Harvey Investment Company is a wholly legitimate organisation with a domain name of harveyinvestment.com. However, there are also a series of fake sites run by the people behind the Syndey Car Centre scam which are trying to recruit for fake jobs. The "jobs" offered are illegal money mule designed either to launder stolen money or to cash bogus cheques.

The .ph domain for the website is a Philippines domain, and in this case the bogus site is hosted on 89.38.194.67 in Romania. The fake company claims an address of 32 Route Francois-Peyrot, Geneva, 1218 Switzerland ph: +41225948581, fx: +41225948571 - the REAL company is based in Kentucky in the US.

Subject: our company has announced additional openings for new employees [letter id: xxxxxxxxxxx]

Join Harvey Investment Company team. Our customized employment solutions and personalized approach give job seekers access to great opportunities with competitive salaries. Our company offers comprehensive benefits that allow making good money, without spending too much time for that. Don't put your career in the hands of just anyone; put it in the hands of a specialist. Launch or rejuvenate your career today with Harvey Investment Company and its subsidiaries are equal opportunity employers.

Today we are looking for customer service associates who share our command spirit and are looking to land an outstanding position with a company who has consistently been recognized on the national level for their work in the investment and securities area. We work tirelessly to build solid relationships with well-recognized organizations across the nation to learn about projects and opportunities.

Take a look at the job responsibilities and qualifications below and if you think you would be an asset to the team, we invite you to apply for the position.

Customer service associate is responsible for being in close touch with the staff from the head office, accepting customer payments to his bank account and making further calculations regarding them. The associate should deduct his 10% interest out of every transaction he is going to deal with, as well as all the related charges. The associate further makes a Western Union/MoneyGram transfer of the balance left to the company's regional department.

A position requires excellent customer service skills, employee's ability to manage time and accomplish duties with a minimum of supervision. Ideal candidate should possess 1-2 free hours a day, a bank account, available to be used for the company needs, should be outgoing, dedicated to meeting deadlines and objectives and able to follow procedures.

Whether you're interested in short-term temporary work or full-time permanent hire, we are confident that we have the right job for you. Apply today and let Harvey Investment Company help you realize your true potential.

For further, more detailed information, please visit our web site http://hinvestment.ph/job.php

We are looking forward to hearing from you!

"Vegas Casino World" trojan

This is yet another variant of the Storm worm which has been sending out bogus postcard notifications and the like for some time now. The email is completely bogus and is not related to any real organisation with the name "Vegas Casino World" or similar variants.

Subject: Could you give us a hand?

We could sure use your opinion of our new program Vegas Casino World

Your help will get us ready for our market release. For helping out, you
will receive a free edition and 5 years of updates.

Just download the program, Check it out, and let us know your opinion.
Ready to be a beta tester? Just follow the link to our easy download
center: http://aa.bb.cc.dd/setup.exe

This is fairly widely detected by AV scanners, apart from McAfee. VirusTotal detects it as the following:

File setup.exe received on 08.28.2007 16:33:57 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.29.0	2007.08.28	-
AntiVir	7.4.1.63	2007.08.28	WORM/Zhelatin.Gen
Authentium	4.93.8	2007.08.28	Possibly a new variant of W32/Fathom.3-based!Maximus
Avast	4.7.1029.0	2007.08.27	Win32:Tibs-BFG
AVG	7.5.0.484	2007.08.27	Downloader.Tibs.7.X
BitDefender	7.2	2007.08.28	DeepScan:Generic.Zlob.38F48A71
CAT-QuickHeal	9.00	2007.08.25	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.08.28	Trojan.Small-3637
DrWeb	4.33	2007.08.28	Trojan.Packed.142
eSafe	7.0.15.0	2007.08.28	Win32.Zhelatin.hq
eTrust-Vet	31.1.5091	2007.08.28	Win32/Sintun.AE
Ewido	4.0	2007.08.28	Worm.Zhelatin.hq
FileAdvisor	1	2007.08.28	-
Fortinet	2.91.0.0	2007.08.28	W32/Tibs.GN@mm
F-Prot	4.3.2.48	2007.08.28	W32/Fathom.3-based!Maximus
F-Secure	6.70.13030.0	2007.08.28	Email-Worm.Win32.Zhelatin.hs
Ikarus	T3.1.1.12	2007.08.28	Email-Worm.Win32.Zhelatin.hq
Kaspersky	4.0.2.24	2007.08.28	Email-Worm.Win32.Zhelatin.hs
McAfee	5106	2007.08.27	-
Microsoft	1.2803	2007.08.28	Trojan:Win32/Tibs.DV
NOD32v2	2488	2007.08.28	Win32/Nuwar.Gen
Norman	5.80.02	2007.08.28	W32/Tibs.ASFB
Panda	9.0.0.4	2007.08.28	-
Prevx1	V2	2007.08.28	-
Rising	19.38.12.00	2007.08.28	-
Sophos	4.21.0	2007.08.28	Mal/Dorf-E
Sunbelt	2.2.907.0	2007.08.25	VIPRE.Suspicious
Symantec	10	2007.08.28	Trojan.Packed.13
TheHacker	6.1.9.175	2007.08.28	W32/Zhelatin.genw
VBA32	3.12.2.3	2007.08.28	-
VirusBuster	4.3.26:9	2007.08.27	Trojan.Tibs.Gen!Pac.132
Webwasher-Gateway	6.0.1	2007.08.28	Worm.Zhelatin.Gen
Additional information
File size: 140367 bytes
MD5: 1ef03f4830c530799c57d67e1ccadc59
SHA1: 7d4677db2b158ba0296d112a696fecf2880167bd
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Netgear WG511 V2 Review

What do I think of the Netgear WG511 V2? This is what I think of the Netgear WG511 V2.. a completely and utterly useless wireless networking card let down by very poor drivers and bad reliability. Even when using a Netgear router, the WG511 V2 will drop out randomly, the supplied drivers are poor but the drivers from the website are positively dangerous and will cause all sorts of unexpected problems with your PC.

If you're having problems with the Netgear WG511 V2 then I suggest that you take the approach as pictured, where I have upgraded it hammer, the excellent Draper Model 9001 (stock nunmber 51223). This Draper hammer is a 16 ounce model with a soft grip that makes it easy to handle and very good all-around characteristics. Recommended for dealing with heavy-duty problems, such as permanently decommissioning the Netgear WG511 V2.

Extreme measures? Perhaps, but the Netgear WG511 V2 has played me up for 18 months now in an environment where every other network card works perfectly. I have wasted a significant amount of time on this unreliable piece of junk. Good riddance, and I certainly will give Netgear NICs like this a wide berth in the future.

(PS, as you might guess.. I'm in the market for a new wireless NIC. Any recommendations would be appreciated!)

Email "dating scams"

Sometimes scammers will try to lure you with a "dating scam" - usually a trick to gain money or possibly a visa. The basic setup is described here at Hoax-Slayer.com.

Often, these scams will use a throwaway email address at Hotmail, Yahoo or Gmail for responses, however these are often shut down so the latest trick is to register domains that look like genuine webmail addresses but aren't. Here's an example:

Hello! I am bored this afternoon. I am nice girl that would like to chat with you. Email me at mcmm@mailmessagecenter.info only, because I am writing not from my personal email. Don't miss some of my naughty pictures.

(Note the phrase "I am writing not from my personal email", because this comes from a spoofed address to make it harder to block.)

Now, mailmessagecenter.info looks like the sort of domain name you'd associate with a webmail account. In fact, it's hosted on a Chinese server at 124.254.2.226 along with a number of other domains. It appears that all of these domain names have been created to pursue this scam, so if you receive and email from any of them then just delete it.

• Freemailwap.info
• Imailmessage.info
• Imailvision.info
• Jumpcutpost.info
• Jumpemail.info
• Latinmailemail.info
• Lonelyheartwaiting.com
• Lovegalaxys.com
• Loveisspecial.com
• Loveonlylove.com
• Mailmessagecenter.info
• Mailmessageonline.info
• Mailownemail.info
• Mailvisionworld.info
• Outmaildirect.info
• Penmailpro.info
• Postionvision.info
• Presummermail.info
• Romanticloveforever.com
• Simpleitislove.com
• Thaibestmail.info
• Theamericanmail.info
• Thefriendlymail.info
• Thelovingplace.net
• Tonsofloves.com
• Worldmeetlove.com

Some of these sites are fake mail sites, others are fake dating sites. Unlike many scams, there's a fair level of sophistication to this one so it's quite possible to see that it might drag in some unsuspecting victims.

"Comcast Automated Systems" Trojan

A trojan embedded in a ZIP file this time. It's attempting to use a filename of statement.pdf[lots of spaces].exe

Subject: Important Notice-July 2007 Statement 0000000


PLEASE DO NOT REPLY TO THIS E-MAIL. THIS E-MAIL ADDRESS IS USED BY
COMCAST AUTOMATED SYSTEMS AND IS NOT MONITORED.

Your August 07, 2007 Bank billing statement is ready for viewing. To
view your bill download attached Adobe Acrobat PDF file.

If you would like to discontinue receiving a hard copy billing
statement in the mail, you may do so by selecting the UPDATE STATEMENT METHOD
link once you have logged into your account. From there, simply select
the option for Electronic Statement Only.

You received this e-mail because you enrolled Account feature.
If you no longer wish to receive these e-mails, you will
need to cancel your enrollment. To cancel your enrollment, please log
in to your account and from the Update Profile screen, select the cancel
link from the bottom of the page.

As far as we can tell, the filename enclosed in the ZIP file won't extract properly because there are too many spaces and the filename it too long, but the spammers will probably figure it out eventually.

If you're using Postini, then the attachment manager can be easily configured to block all .exe files, and this also applied to .exe-in-.zip files.

Detections are patchy with some AV products picking up the executable packer. When the .exe files run it will attempt to install other malware, some of which will be picked up by AV products. According to VirusTotal:

File statement.pdf____________________ received on 08.08.2007 17:44:19 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.3.0	2007.08.08	-
AntiVir	7.4.0.57	2007.08.08	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.08.08	-
Avast	4.7.1029.0	2007.08.07	-
AVG	7.5.0.476	2007.08.07	-
BitDefender	7.2	2007.08.08	-
CAT-QuickHeal	9.00	2007.08.08	(Suspicious) - DNAScan
ClamAV	0.91	2007.08.08	-
DrWeb	4.33	2007.08.08	-
eSafe	7.0.15.0	2007.07.31	suspicious Trojan/Worm
eTrust-Vet	31.1.5043	2007.08.08	-
Ewido	4.0	2007.08.08	Downloader.Agent.bhl
FileAdvisor	1	2007.08.08	-
Fortinet	2.91.0.0	2007.08.08	-
F-Prot	4.3.2.48	2007.08.08	-
F-Secure	6.70.13030.0	2007.08.08	Trojan-Downloader. Win32.Small.ehe
Ikarus	T3.1.1.12	2007.08.08	-
Kaspersky	4.0.2.24	2007.08.08	Trojan-Downloader. Win32.Small.ehe
McAfee	5092	2007.08.07	-
Microsoft	1.2704	2007.08.08	VirTool:Win32/Obfuscator.C
NOD32v2	2444	2007.08.08	a variant of Win32/Spy.Nuklus
Norman	5.80.02	2007.08.08	-
Panda	9.0.0.4	2007.08.08	Suspicious file
Prevx1	V2	2007.08.08	-
Rising	19.35.22.00	2007.08.08	-
Sophos	4.19.0	2007.08.01	-
Sunbelt	2.2.907.0	2007.08.07	Infostealer.Nuklus
Symantec	10	2007.08.08	-
TheHacker	6.1.7.164	2007.08.08	-
VBA32	3.12.2.2	2007.08.07	Trojan-Spy.Win32.Small.gv
VirusBuster	4.3.26:9	2007.08.08	Trojan.DL.Small.Gen!Pac25
Webwasher-Gateway	6.0.1	2007.08.08	Trojan.Crypt.XPACK.Gen
Additional information
File size: 13824 bytes
MD5: 38ac63f8b7ef22d9a07138ba73de7178
SHA1: 6337e3178eba2859fd0e2e1188eab8b528696933
packers: UPack

-----

"S-Pharm" scam

Another money laundering/money mule scam, this time from "S-Farm". As before, money transfers of this type are illegal and you will get into serious trouble if you get involved.

Dear Sir/Madam,

S-Pharm is a USA company selling medical and consumer goods. We have
reached big sales volume of pharmaceuticals in the UK and now are trying
to penetrate the European market. Quite soon we will open
representative offices and pharmacies or authorized sales centers in the UK and
therefore we are currently looking for people who will assist us in
establishing a new distribution network there. The fact that despite the
British market is new for us we already have regular clients also speaks for
itself.

WHY YOU?
The international money transfer tax for legal entities (companies) in
USA is 25%, whereas for the individual it is only 7%. That.s why we
need you! We need agents to receive payment for our products (by
electronic money transfer) and to resend the money to us. This
way we will save money because of tax decreasing.

HOW MUCH WILL YOU EARN?
7%-9% from each sale/resale operation! For instance: you receive 1000
GBP to your bank account. You will withdraw the money and keep 70GBP (7%
from 1000GBP) for yourself! At the beginning your commission will
equal 7%, though later it will increase up to 9%!

ADVANTAGES
You do not have to go out as you will work as an independent contractor
right from your home office. Your job is absolutely legal. You can
earn up to 3000 GBP-4000 depending on time you will spend for this job.
You do not need any capital to start. The employees who make efforts and
work hard have a strong possibility to become managers. Anyway our
employees never leave us.

If you are interested in our offer, please feel free to ask for the
general provisions of the Contract.

Best regards,
S-Pharm Manager

Wheredidyoubuythat.com spam - update

I got a nice comment from the company on this one:

My name is Karine Kong, Director from www.wheredidyoubuythat.com
First of all, please accept our sincere apologies for the inconvenience you are experiencing.
Unfortunately we have never received your email mentionning this spam issue, otherwise we would have responded to you within 48 hours. However, now we are aware of it, our technical team is looking into this to see how & why this is happening.
I would like to reassure you that for security reasons, our database does not hold customers card details so even if some malicious virus have broken into our database, there is little they could do except annoying our customers with spam emails. I shall let you know how this is resolved as soon as possible. In the meantime, do not hesitate to contact me if you have any queries.
Kind regards

I must say that this sounds 100% plausible. It looks as if the email addresses have been harvested off an infected machine.

Incidentally, wheredidyoubuythat.com does have some really nice stuff :)

"Syndey Car Centre" scam

This particular scam has been around for a few weeks now, for a wholly fictitious company called the Syndey Car Centre. Although they do have a website, it's a copy of the legitimate Stratford Car Centre in the UK who are not connected in any way with the scam.

Just to prove that spammers are actually morons, this was sent to the abuse role account.

The scam is the usual money laundering / money mule operation - if you have received one of these delete it, if you have been "recruited" then you need to speak to your local police before they speak to you.

While we may have high expectations of our associates, we also give them high rewards. Imagine being part of a stable organization with a sterling reputation - a place where the Sydney Car Centre is an integral part of all that we do. With our car centre personality, you'll not just succeed - you'll thrive. And, with our strong commitment to promoting from within, you'll definitely enjoy your rise to the top.

Today the Sydney Car Centre is looking for an industrious regional assistant to fasten the process of the delivery of customer payments to the suppliers. The position offered is a part-time job, and will only require from you to be available for 1-2 hours a day.

As a regional assistant, you will be supposed to operate with the payments from those customers, based in your country. You will be expected to accept 2-3 transactions to your bank account every week, make certain calculations about every transaction (you will be precisely instructed about it), & transfer the funds to the suppliers by means of western Union/Money Gram less your fee & the charges of the Western Union/Money Gram. You will be continuously communicating with the manager from the head office, who will instruct you & give advice regarding every new payment.

The ideal candidate will be industrious, goal-oriented person, with the availability of a personal/business bank account suitable to be used for the company needs. Knowledge of English, computer literacy and sociability are appreciated.

The company guarantees to pay NET 10% fee out of the amount of every payment you dealt with and to provide you with the regular income & flexible schedule. All the related expenses you might have (like the Western Union/Money Gram chargers, related expenses on traveling) are covered by the company.

The more detailed information is available on our web-site http://vacancy-024788504.sydncar.kg/vacancies.php, where you can fill in the on-line application form for this position.

We would be glad to welcome you in our team!

We are looking forward to hearing from you as soon as possible!

Yours sincerely, Octavio Mcnair

One odd thing is the use of a .kg domain which is Kyrgyzstan. No doubt the scammers don't come from there, they've just found a registry that is easy for them to do business with. In this particular case, the website was hosted on a compromised DSL-connected machine in the UK.

Empireonline.com compromised

The popular movie site Empireonline.com was compromised this morning, with a rogue IFRAME - this was around 9am UK time this morning. The site now appears to be fixed.

The IFRAME connects to a page called g.htm on g.ignfile.cn which appears to be a malware server hosted on 61.151.239.13 in China. For obvious reasons, I'm not including a clickable link but see the screenshot of the source below:



g.htm loads a couple of IFRAMES and has a web counter.



014.htm has some nasty obfuscated javascript:



The other IFRAME is called imags1.htm, this leads to a compromised file on a server called sexbb888.com. It is likely that the server has been hijacked, and the site owners are unaware of the problem.



Both appear to be using variants of the MS07-017 vulnerability from April 2007, although the nature of the payload is uncertain.

In any case, the problem appears to be fixed and anyone with a fully patched system should have been protected. Still, it's a good example of how trusted sites can fall prey to malware pushers.

Wheredidyoubuythat.com spam II

Another phish sent to the compromised Wheredidyoubuythat.com mailing list, again targetted to the UK. Again, no evidence to say that Wheredidyoubuythat.com is actually sending out these phishing emails, but they're being sent to an address ONLY ever used to buy from their web site.

Subject: Account Update
From: "Halifax Plc."
Date: Fri, July 20, 2007 6:58 am
To: *****************


Security
Center Advisory!





Dear
Customer

Halifax PLC. has been receiving complaints from our
customers for unauthorised use of the Halifax Online accounts. As a
result we are making an extra security check on all of our Customers
account in order to protect their information from theft and
fraud.


Due to this, you are requested to follow the
provided steps and confirm your Online Banking details for the
safety of your Accounts. Please Click Here To Start .


However, Failure to do so may result in
temporary account suspension. Please understand that this is a
security measure intended to help protect you and your account. We
apologize for any inconvenience.
Thanks for your
co-operation.

Fraud Prevention Unit
Security Center Advisory
Halifax PLC.






Please do not reply to
this e-mail. Mail sent to this address cannot be
answered.For assistance, log in to our account and
choose the "Help" link in the footer of any
page.

To receive email
notifications in plain text instead of HTML, update your preferences
here.

Thank you for using
Halifax!

Wheredidyoubuythat.com spam

Online gift shop Wheredidyoubuythat.com had its email database compromised a little while ago. I'm currently getting a spate of fraudulent emails sent to an address only used for Wheredidyoubuythat.com and nothing else. Although I don't believe that they are responsible for the fraudulent spam, equally as well they never responded to my report that they had a security breach. Approach that particular merchant with care.

The fraudsters are currently sending out UK-targetted spam to the addresses which indicates that they know full well where the harvested email addresses come from.

To: ***********
From: LloydsTSB Online Banking
Subject: Account Update

Dear Customer

Lloydstsb Bank has been receiving complaints from our customers for unauthorised use of the Lloydstsb Online accounts. As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.


Due to this, you are requested to follow the provided steps and confirm your Online Banking details for the safety of your Accounts. Please Click Here To Start .


However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Thanks for your co-operation.

Fraud Prevention Unit
Legal Advisor
Lloydstsb Online Banking

"Sup-Cables International Limited" scam

"Sup-Cables International Limited" is another money mule scam - the basic operation here is usually laundering stolen money or cashing fake cheques. There is no such company, and any company of a similar name will be unrelated to this fraud.

Note the reverse psychology used with lines such as "if anybody gets away with our money they will definitely get hold of such individual and will face the full wrath of the law".

Dear Sir/Madam,

Sup-Cables International Limited is a Latvian textile company.We
produce and distribute clothing materials such as batiks,assorted
fabrics and traditional costume worldwide.We have reached big sales
volume of textile materials in the U.S and now are trying to penetrate
the Europe market. Quite soon we will open representative offices or
authorized sales centers in Europe and therefore we are currently
looking for people who will assist us in establishing a new
distribution network there. The fact is that despite the Europe market
is new for us we already have regular clients also speaks for itself.

WHAT YOU NEED TO DO FOR US?
The international money transfer tax for legal entities (companies) in
Latvia is 25%,whereas for the individual it is only 7%.There is no
sense for us to work this way, while tax for international money
transfer made by a private individual is 7% That's why we need you! We
need agents to receive payment for our textiles ( in American express,
cashier and official checks) and to resend the money to us via Money
Gram or Western Union Money Transfer. This way we will save money
because of tax decreasing.

JOB DESCRIPTION?
1. Receive payment from Clients
2. Cash Payments at your Bank
3. Deduct 10%, which will be your percentage/pay on Payment processed.
4. Forward balance after deduction of percentage/pay to any of the
offices you will be contacted to send payment to/ or any of our
clients overseas (Payment is to be forwarded by Money Gram or Western
Union Money Transfer).

NOTE: All charges of the WESTERN UNION MONEY TRANSFER will be deducted
from the money, so you are rest assured that you wouldn't spend a dime
out of your personal money.

HOW MUCH WILL YOU EARN?
10% from each operation! For instance: you receive 4000 USD via checks
on our behalf. You will cash the money and keep 200 USD(5% from the
money you receive ) for yourself! At the beginning your commission
will equal 5%, though later it will increase up to 10%!

ADVANTAGES
You do not have to go out as you will work as an independent
contractor right from your home office. Your job is absolutely legal.
You can earn up to 3000-4000 USD monthly depending on time you will
spend for this job. You do not need any capital to start. You can do
the Work easily without leaving or affecting your present Job. The
employees who make efforts and work hard have a strong possibility to
become managers.
Anyway, our employees never leave us. But the problem we have is
trust, we have made arrangement with the FBI in Washington, that if
anybody gets away with our money they will definitely get hold of such
individual and
will face the full wrath of the law.

MAIN REQUIREMENTS
18 years or older,legally capable,Responsible ready to work 3-4 hours
per week.With PC knowledge e-mail and internet experience
(minimal).Please know that everything is absolutely legal.If you are
interested in our offer, please respond with the following details in
order for us to reach you:

# FULL NAME:..............
# CONTACT ADDRESS:..........
# PHONE NUMBERS:(Valid and Working)..........
# AGE:.............
# SEX:..............
# OCCUPATION:........
# MARRIAGE STATUS:.......
#YOUR BANK NAME:(only your bank name and nothing else)........

Thanks for your anticipated action. And we hope to hear back from you.

PETER HARRISON
(Director)

MS07-039 clarification

Yesterday was Patch Tuesday, and amongst the usual load of vulnerabilities was MS07-039 - Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) - however in this case Microsoft are a little vague about exactly which servers are impacted, referring only to "Active Directory Servers".

Well, what are Active Directory Servers? If you're running an AD environment then all servers are members servers of Active Directory. Does these mean that all servers needs patching, or is it restricted to Domain Controller (DC) and Global Catalog (GC) servers only? Patching DCs and GCs isn't too big a deal.. patching all servers for MS07-039 would be a nightmare.

One the clue is in Knowledgebase article 926122 which explains that this really is limited to servers performing the DC/GC role:

A hotfix was created to work around a problem in which the domain controller has to be restarted to let users renew their certificates. However, this hotfix let any user renew a certificate. This security update includes a hotfix to modify this behavior. After you install this security update, authentication is required for certificate renewal.

After you install this security update, only domain administrators and network administrators can renew certificates. Also, an administrator cannot delegate the right to renew certificates.

For such a critical vulnerability, Microsoft's wording is particularly vague. It does seem that it doesn't apply to member servers, but just to Domain Controllers (including Global Catalog servers, FSMO servers etc). These are critical servers, so you should patch them soon before the bad guys get to them.

Another employment scam

Received a few of these from the faked name "Colin Scowcroft" (you can be assured that no person with that name is involved). It's clearly fraudulent, although the scammer is vague about the exact nature of the job. Typically this will be money laundering, processing fake or bogus cheques or laundering goods obtained from fraudulent online auctions.

Dear employee,
Our International Corporation is looking for new employees on various vacancies.
We suggest you financial Independence right now. Only our corporation can offer you
to gather a good
income in a short period of time. You do not need to invest any sum of money and we
do not ask you
to provide us with your bank account requisites! We are engaged in completely legal
activity and working
in our corporation you can achieve career growth at a permanent job. We are looking
for representatives from
any point of the world. Average earnings of our employee is 3450-4500$ per month,
but you can earn much more. Here is the top 10 of our representatives’ salaries:

Top 10 employees
Per month:
1. 45750 $
2. 42185 $
3. 38590 $
4. 25808 euro
5. 32000 $
6. 15700 GBP
7. 27200 $
8. 24300 $
9. 22750 $
10. 18730 $

It is easy to be in ours Top 10!
Everything is simple enough and it depends only of you.
We are waiting the creative approach and purposefulness from our employees. You can
work full time or part time.
You determine the schedule of you work at our corporation. We pay you for result.
The best regional representative becomes the head of regional office of our company
and receives a full social packet and bonus at a rate of 50 % from
his annual salary. Many of our employees have made excellent career, received full
financial independence and have embodied all their dreams in a reality less than in
2-3 years of working in our company.

The preference is given to employees with knowledge of foreign languages.
If you are interested in our offer please send us the following information:
1) Full name
2) Address of residing
3) Phone numbers
4) Languages
5) Part time job/Full time
Please send this information to our email: sockadverttadvert2k7[at]yahoo.com
Please specify in the subject line: Application for the local rep position. Number
100711

If you are not interested in our offer or you received this email by mistake please
reply with Unsubscribe
in subject line and specify all your emails addresses to unsubscribe44919 (at)
gmail.com.
We apologize In advance.

Yours faithfully,
Colin Scowcroft

Any legitimate job offer should already know most of your contact details, and it wouldn't use a Yahoo! email account. There's no detail on the company name or address, nature of the work, contact telephone number or anything else. Of course, some scammers do go the extra mile with a fake website and phone number, but not in this case.

Google to acquire Postini for $625m

Big business, this spam thing. Google has just announced a $625m plan to buy Postini (more here). The deal is an outright cash purchase to be completed by end Q3 2007.

Postini is best know for its corporate spam filtering solution, but it is also active in the areas of instant messaging, compliance and mail archiving. These neatly complement Google's application rangen (especially for products like Gmail/Google Mail). It will also mean that Google will acquire some large Blue Chip corporations that have so far been outside its reach.

Beborn Beton

One of those things that you discover with Pandora - Beborn Beton is a seriously underappreciated German electronic band, mostly active in the 90's but still nominally around today.

They're a sort of cross between Depeche Mode, the Pet Shop Boys and Kraftwerk.. in the UK their music is very hard to track down, but I ordered their Truth album from amazon.de along with Nightfall - Truth features the sort of peculiar but enigmatic lyrics that only non-English speakers can come up with:

Some are straight and settle in the daylight
Smear face when the rain pours down
I remember the words of a stranger
Live fast and you die with a sound

or

Are we coming to the point of no return
Are we still being fearless taking pride
In the moment the curtain is drawn
We're giving the stuff to the spawn
The show must go on

What the heck does that mean? It's still a fantastic, moody and somewhat paranoid album. All the tracks are in English apart from the quite mellow Eisplanet which is in German.

I can't tell you much about Nightfall.. because the case was empty. If you thought ordering stuff in a language you didn't speak was hard, you should try returning it!

It's 30 for a reason..

I was just about to settle down to Dr Who, some beer and a pizza this evening when then was a horrible sound of a vehicle going out of control and then smacking into the side of my house.

This MG ZR was apparently doing 50-60 mph in the 30 mph zone on the road outside when it came around the corner in the middle of the road to see a bus heading towards it.. it over-corrected and clipped a kerb and then span out of control, smacking into the gate and the corner of the house at some speed. We didn't see it.. we just heard 5 seconds of tortured screeching followed by an impact.

The car actually ploughed into our gate and fence sideways, demolishing it and then hit the corner of the house. As you can see, the side of the ZR (being based on the old Rover 200) is not that strong in a side-impact collision.

There was a passenger in the back of the car who was taken to hospital with what appeared to be minor injuries. Fortunately the 100 year old gatepost gave way and absorbed some of the impact before it hit the wall.

I think the (very young) driver is in enough trouble without me having to name and shame him here. Fortunately, the car missed the bus, some pedestrians and anything really solid. Not quite everyone managed to walk away, but nobody was killed.

Perhaps the driver will pay more attention to 30mph signs when they are finally allowed behind the wheel of a car again.

Motorola RAZR2 V9 and V8

A couple of new handsets from Motorola which look nice on paper.. the Motorola RAZR2 V8 is a GSM device with the very similar RAZR2 V9 which is 3G with HSPDA. They have just about the largest external display that I've seen, a 2.0" 240x320 pixel panel with a 2.2" internal one. There are some cool looking external media controls too.

On the RAZR2 V8 there's plenty of internal memory, a whopping 420MB expandable with microSD cards, a so-so 2 megapixel camera and lots of multimedia goodies. Talktime is an impressive 8 hours. The 3G RAZR V9 has much less memory and of course a shorter talktime but is otherwise pretty similar.

What's the catch? Well, predictably from the name "RAZR2" these look pretty much like all the other RAZRs you've ever seen. And if (like me) you're fed up with the predictable styling and you hate that nasty RAZR keypad then you'll never buy one.. regardless of all the other features.

The RAZR2 is Motorola's idea of a brand new phone - and if you look under the hood it seems to be rather good. But most customers will just see it as the same old same old and will avoid it in droves.. after all, there are plenty of other 2G, 3G and 3.5G RAZRs on the market which just aren't shifting.

Moto pulled off another trick too and announced four other "new" handsets.. which appear to be four already announced devices with their names changed.

Fundamentally these all seem to be very capable devices but Motorola has made them fashion phones.. and the RAZR is definitely out of fashion. The fact the Motorola have repeated the same mistake with the RAZR2 that they have made several times before tells me that this company is not capable of learning. I certainly wouldn't like to be a shareholder!

Link - Why the RAZR is killing Motorola

Elstow Village Fete

It rained. And then it stopped.. which was nice. This is a picture of the maypole dance on the village green, you can just see the Moot Hall to the right.

Trivial fact learned today: The Slough of Despond is pretty much just outside my front door. Hmmm.

Patch Tuesday

A number of nasty looking vulnerabilities. These are my takes on the seriousness of these flaws, you should evaluate them against your own organisation.


MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
A series of flaws in Microsoft Exchange 2003 and 2007, the most serious of which is a MIME decoding flaw which can allow a remote attacker to take complete control of the system through a specially crafted email message. This is an extremely serious problem because most corporate firewalls will not offer any protection against messages of this type. There are no known current exploits, but these usually come about very quickly after the vulnerability is announced.
Client impact: low
Server impact: high


MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
A critical flaw in the DNS server service can allow a remote attacker to take complete control of a system. This is clearly a significant threat to any servers running the DNS service role and will patching as soon as possible. This is being actively exploited at the moment. Corporate firewalls will mitigate against this somewhat, until an infected machine enters your network.
Client impact: low
Server impact: high


MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
A depressingly familiar flaw in MS Office impacting Excel 2000, 2002, 2003 and 2007 and even Excel 2004 for the Mac. WSUS or some other patching method should be used to roll these out to client workstations. Safe server practices should mean that this is not so important for corporate servers.
Client impact: high
Server impact: low

MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Another Office flaw, this time for Word 2000, 2002 and 2003 plus Microsoft Works 2004, 2005 and 2006 - but not Word 2007. This is being actively exploited and should be authorised for rollout as soon as possible.. Office 2000 installations will require manual remediation.
Client impact: high
Server impact: low

MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
A vulnerability in the way Office handles drawing objects can be exploited by a specially crafted Office document (e.g. attached to an email) or an object embedded in a web site. This affects Office 2000, 2002, 2003 and 2007 and also Office 2004 for the Mac - primarily the Excel, Publisher and FrontPage components. It also impacts Excel Viewer 2003. This should be authorised for rollout to clients as soon as possible. Office 2000 will require manual remediation.
Client impact: high
Server impact: low

MS07-027 Cumulative Security Update for Internet Explorer (931768)
Various flaws in IE6 and IE7 on Windows 2000, XP, 2003 and Vista. Safe practice on servers should mitigate against this (i.e. restrict use of IE to Windows Update only). Some of these flaws are being actively exploited, so patch as soon as possible.
Client impact: high
Server impact: low

MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
Well, obviously high if you use this product, else few people will be at risk.
Client impact: low
Server impact: low