Data gathered by Microsoft’s antimalware products has identified a list of common infected PDF files and they are listed on the Microsoft MSDN blog. Here they are:

• pdf_new[1].pdf
• auhtjseubpazbo5[1].pdf
• avjudtcobzimxnj2[1].pdf
• pricelist[1].pdf
• couple_saying_lucky[1].pdf
• 5661f[1].pdf 7927
• 9fbe0[1].pdf 7065
• pdf_old[1].pdf

More information is available at the Microsoft Malware Protection Center.

Height of security! This error message was generated when Windows 2000 users logged into an MIT Kerberos realm and got a shock of their lives on attempting to change their password. They were given a seemingly impossible task of setting a password with 18,770 characters that was different from the last 30,689 passwords. Thankfully, this uncommon error was fixed with the release of SP3 for Windows 2000.

!!!!!!!!!! RED ALERT for YOUR COMPUTER

Please circulate this notice to your friends, family and contacts!

In the coming days, warning: do not open any message containing an attachment called Archive (Windows live) regardless of who sends you. This is a virus that burns the entire hard disk. This virus comes from a known person you have in your mailing list, which is why you should send this message to all your contacts. If you receive a message called "UPDATING WINDOWS LIVE", even if is sent by a friend, do not open it and stop immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus that ever existed. The virus was discovered yesterday afternoon by McAfee, and there is no chance of repair for this type of virus. Simply destroys Sector Zero of the hard disk. Just copy and paste..

C’mon, people! A simple check of snopes.com would reveal any such virus hoax.

A study by Ofcom, the UK communications watchdog…, “Adults’ Media Use and Attitudes Report 2013″, [comprising] a poll of 1805 adults aged 16 and over discovered that 55% of them used the same password for most – if not all! – websites.

Unbelievable! Will they ever learn? It’s precisely this kind of thing that gives us Network Administrators nightmares, especially when these same people are given access to resources on our networks. Don’t they realize that if one site gets compromised, the hackers have access to all of them?

This is compounded by the types of passwords people tend use, i.e., easy-to-remember passwords such as birthdays, pet names, etc. The study found that 26% of the people polled do this.

If you are one of these people, or if you know someone who is, please see to it that the passwords get fixed as soon as possible.

Log out of those sites and shut down your PC or laptop.

The podcast is nicely summarized in this AskMisterWizard video:

Hats off to Ellen DeGeneres for exposing a useless and insecure product–Internet Password Minder–and doing it in an amusing way while helping to raise awareness of password security issues.

And thanks to Naked Security for bringing it to my attention. Seriously funny.

Subject lines of the emails vary, but include:

• 2 Explosions at Boston Marathon
• Aftermath to explosion at Boston Marathon
• Boston Explosion Caught on Video
• Video of Explosion at the Boston Marathon 2013

According to Sophos’s blog, nakedsecurity:

If installed, the malware makes changes to the Registry and installs the following files, allowing hackers to gain remote access to infected computers:

<System>\drivers\npf.sys
<System>\Packet.dll
<System>\wpcap.dll

The file NPF.sys is registered as a new service named “NPF”, with a display name of “WinPcap Packet Driver (NPF)”.

Never accept “news” from other than legitimate news sources, especially not from unsolicited emails.

Your <redacted> Server was found to be part of a network of compromised machines
leading a Distributed Denial-of-Service Attack (DDoS Attack) against other servers.

*******************************************************************************
IMPORTANT: In order to prevent further criminal activity from your <redacted> Server,
we have suspended access pending an investigation and resolution.
*******************************************************************************

The logs they sent me show UDP packets indicating that this could be part of a DNS amplification attack. Take a look:

Please see the firewall logs below for details:
1365103763.526228 IP xxx.xxx.111.16.44223 > xxx.xxx.149.195.80: UDP, length 1
1365103763.526232 IP xxx.xxx.111.16.44223 > xxx.xxx.149.195.80: UDP, length 1
1365103763.526234 IP xxx.xxx.111.16.44223 > xxx.xxx.149.195.80: UDP, length 1
1365103763.526236 IP xxx.xxx.111.16.44223 > xxx.xxx.149.195.80: UDP, length 1

That’s all I know for now. I have to contact the provider, open a window of time to gain access, and secure the server. I’ll keep you posted.

• Emails with the subject “Happy Easter.” Make sure they are actually from someone you know and don’t click any links or open any attachments until you have verified that the send is who they say they are.
• Fake ads for animals such as bunny rabbits and ducklings. Buy them live from a local dealer. Don’t have them shipped.
• Solicitations by “charities” using the Easter holiday as the motivator. One such scam I have seen tugs your heartstrings by showing hungry children and tying it to Easter’s resurrection theme. Don’t fall for it.
• Cheap “clearance” sales of Easter candy. Some of it has been known to be five years old and rancid. It could make you or your children sick.
• Cheap Easter toys and baubles that come from countries that still use lead-based paints.

And, for those of you who celebrate the holiday, Happy Easter!