Hacker Leaves Message for Microsoft in Trojan Code

Here's a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.

That's what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.

The message is surprisingly cordial, given that Microsoft's security researchers spend their days trying to put people like Zlob's author out of business. "Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast," the hacker wrote, adding, "Happy New Year, guys, and good luck!"

Zlob is one of the most common types of Trojan programs used to attack Windows these days. In a typical Zlob scam, the victim is sent a link to what looks like an interesting video. When the link is clicked, the user is told to install a multimedia codec file in order to watch the video. That file is actually malicious software.

This isn't the first time this particular hacker has sent a note to Microsoft's security group. Last October he wrote a slightly creepy message, saying, "I want to see your eyes the man from Windows Defender's team."

Unlike the October message, this latest note wasn't caught by Microsoft. It was found Friday by a French security researcher using the hacker handle S!Ri.

According to this latest message, it may be the Zlob hacker's last note to Microsoft. "We are closing soon," he wrote. "So, you will not see some of my great ;) ideas in that family of software."

"It warms my heart that they're 'closing soon,'" wrote Microsoft spokesman Tareq Saade in a blog post Friday.

All things considered, hiding messages in source code may not be the most effective way of reaching the Windows Defender team. "Considering the enormous amount of malware we go through every day, it can be difficult to track follow up samples like this," Saade wrote.

The hacker also claimed that Microsoft had once offered him a job to help improve Windows Vista's security. Microsoft hired a large number of outside security consultants to test Vista's code before it was released in late 2006. "It's not interesting for me," the hacker concluded. "Just a life's irony."

Microsoft's Official Fix for Failing Zunes

Zune owners now have a fix for their failing devices thanks to Microsoft that has posted instructions on how to start the new year off with a working digital music player. Yesterday 30-gigabyte Zunes suffered a crippling glitch causing the digital music players to lock up, reboot themselves, and freeze. Zune users are calling Micorosoft screw-up "Zune 2K9," a reference to the Y2K bug. The problem was caused by the Zune's internal clock and its inability to handle leap years, according to Microsoft.
The Zune fix (outlined below) will work at 7am ET January 1, 2009. Microsoft says it will also issue a fix for the device so that this problem won't re-occur the next leap year, in 2012.

To Fix Your Zune Follow These Steps:

1. Disconnect your Zune from USB and AC power sources.

2. Because the player is frozen, its battery will drain-this is good. Wait until the battery is empty and the screen goes black. If the battery was fully charged, this might take a couple of hours.

3. Wait until after noon GMT on January 1, 2009 (that's 7 a.m. Eastern or 4 a.m. Pacific time).

4. Connect your Zune to either a USB port on the back or your computer or to AC power using the Zune AC Adapter and let it charge.

Once the battery has sufficient power, the player should start normally. No other action is required-you can go back to using your Zune!

Google, Apple, Microsoft Sued Over File Preview

A small Indiana company has sued tech heavyweights Microsoft, Apple, and Google, claiming that it holds the patent on a common file preview feature used by browsers and operating systems to show users small snapshots of the files before they are opened.

Cygnus Systems sued the three companies on Wednesday saying that they infringed on its patent with products such as Windows Vista, Internet Explorer 8 and Google Chrome, which allow users to view preview images of documents on the computer. Mac OS X, the iPhone and Safari also infringe, the company said in court filings. Apple uses this technology in its Finder and Cover Flow Mac OS X features, the filings state.

While Cygnus has sued three very high profile companies, there may not be the only vendors in Cygnus's sites. "They were a logical starting place for us," said Matt McAndrews, a partner with the Niro, Scavone, Haller & Niro, law firm, which is representing Cygnus. "We've identified many other potentially infringing products that we're investigating," he added.

Cygnus's owner and president Gregory Swartz developed the technology laid out in the patent while working on IT consulting projects, McAndrews said. The company is looking for "a reasonable royalty" as well as a court injunction preventing further infringement, he said.

The lawsuit was filed in federal court in Arizona, where Swartz resides, McAndrews said.

Google, Microsoft and Apple did not return messages seeking comment on the lawsuit.

Cygnus applied for its patent (# 7346850) in 2001. It covers a "System and method for iconic software environment management" and was granted by the U.S. Patent and Trademark Office in March of this year.

Microsoft Wages War Against Fake Security Software

In the second month of a campaign against fake security software, Microsoft has booted the rogue application "Antivirus 2009" from almost 400,000 PCs, the company recently claimed.

December's version of the Malicious Software Removal Tool (MSRT), a free utility that Microsoft pushes to Windows users as part of Patch Tuesday, targeted one of the most popular phony security app, Antivirus 2009. According to Microsoft, the MSRT erased the fake from over 394,000 PCs in the first nine days after it released this month's edition on Dec. 9.

Last month, Microsoft trumpeted a similar cleaning operation against another family of bogus security software that it said had purged nearly a million machines of programs like "Advanced Antivirus," "Ultimate Antivirus 2008" and "XPert Antivirus."

December's campaign targeted a different family -- dubbed "W32/FakeXPA" by Microsoft -- that includes fake security software going by names such as "Antivirus XP," "AntivirusXP 2008" and "Antivirus 2009."

Windows users increasingly have been plagued with worthless security software as criminals bundle the money makers with other malware or seed significant users with waves of spam touting the programs. According to one researcher, cybercrooks can pull in as much as $5 million a year by installing the rogue programs on PCs, then dunning users with infection claims and constant pop-ups until the victims pay $40 or $50 to purchase the useless applications.

Windows users can download the MSRT manually from Microsoft's Web site or via the Windows Update service.

Microsoft Extends XP Shipments Until May

Microsoft is giving system builders several more months to get Windows XP for their custom PCs, ensuring XP will be out in the marketplace until almost the scheduled release of Windows 7 in early 2010.

Microsoft confirmed Monday that it is offering a "flexible inventory program" that allows distributors and system builders to place their final orders for XP by the end of January, but have those orders delivered until May 30, 2009.

The company stressed in an e-mailed statement that the move is not "an extension of sales." Still, it gives system builders and distributors the ability to sell PCs with Windows XP preinstalled for a bit longer than they currently have.

The move marks yet another extension Microsoft has had to made to keep XP in the marketplace, which customers have demanded because of lackluster reception for Windows Vista, XP's successor, released to businesses in November 2006 and to consumers in January 2007.

If Windows 7 is released in early 2010 as planned, it means that there will only be about a six- or seven-month gap between when the last XP machines will be for sale and when Windows 7 hits the market. And some feel that Microsoft may even get Windows 7 to businesses by the end of 2009 because the company recognizes it needs to repair the Vista damage.