Virus : 2005-Dec-10

Finnish security firm F-Secure has cracked a code used by the Sober worm, the rapidly mutating and the most prolific worm of 2005 that accounts for more than half of all infections in Malaysia and Singapore.

What F-Secure found was that the worm is capable of laying dormant, downloading new variants of itself regularly, and yet be remotely controlled by its creator.

The latest variant is hard-coded to re-activate itself on 5 January.

Spyware : 2005-Nov-23

Two viruses are spreading rapidly, targetting computers running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.

The Sober and Mytob viruses have infected many PCs in Europe, Singapore and Malaysia. Expect overall degradation of Internet services as the infected machines trying to email the virus out.

Do update your virus definition.

Download Symantec Antivirus Definition

If you suspect your PC are infected, you may try running the following tool to scan for and remove this virus.

Sober Removal Tool
Mytob Removal Tool

UPDATE 2005-11-25 : Half of the traffic in Malaysia is consumed by virus-carrying emails, significantly impacting network performance.

Virus : 2005-Nov-12

If you use your computer to play audio CD, your PC may be vulnerable to attack.

In attempting to stop CD copying, Sony quietly introduced its own copy-protection software on its audio CDs. Called XCP (Extended Copy Protection), the software automatically installed itself on Windows XP computers when the CD is played. However the software is flawed, allowing the computer to be controlled remotely by hackers.

Sony has decided to stop shipping the product.

UPDATE 2005-11-14 : Microsoft announced that it would update Windows AntiSpyware, Malicious Software Removal Tool, and the online scanner on Windows Live Safety Center to detect and remove the Sony XCP rootkit software. Detection and removal of the rootkit component will also be in Windows Defender, part of Windows Vista.

Network : 2005-Nov-10

There have been reports of intermittent problems with Telekom's ISDN line and ADSL lines.

Expect overall Internet performance degradation in the coming weeks.

UPDATE 2005-11-20 : We have found one of the problem with TM Net's network. The primary DNS server 202.188.0.133 has not been able to reliably provide name resolution. Ther result manifest itself into slow Internet access (multiple name server needs to be queried) and spotty accessability (DNS sever time-out). To temporarily workaround this problem, you may try lowering the metric of 202.188.0.133 so that it is queried last.

Virus : 2005-Aug-18

The intitially tamed Zotob virus is mutating rapidly to exploit a critical weakness in Microsoft Windows 2000. Microsoft has made available a free software tool to help victims of the worms clean their systems. The cleaning program is an updated version of Microsoft's Windows Malicious Software Removal Tool.

Please perform Windows Update immediately as the virus variants are becoming more potent with each new incarnation.

Please also note that as Microsoft has begun the practice of releasing its Security Bulletin Summary in a rather regular fashion, we will not post any of these reminders in our "Alert" section.

UPDATE 2005-08-26 : The Zotob worm first surfaced one week after Microsoft acknowledged the weakness in its Windows 2000 Operating System. In less than two weeks, the worm had mutated from a nuisance that infected less than 100 PCs to vicious variants that brought down servers in more than 100 large organizations, including CNN, New York Times, ABC News. A team of 50 people started analyzing the worm, and managed to trace its origin to two men, Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, of Turkey. The Federal Bureau of Investigation and Microsoft announced that they had arrested the two suspects in Turkey.

Network : 2005-Aug-12

We are beginning to observe some very strange behavior with TMNet's Streamyx routing.

While it goes without saying that TMNet will assign an IP address to the ADSL modem for Streamyx subscribers with dynamic IPs, the address that you get will affect your connection. Specifically, if the IP has a subnet mask of 255.0.0.0, it is likely that the reply packets from certain IPs will be lost. If the subnet is 255.255.255.0, you have a better chance of establishing a more meaningful connection.

The problem does not affect you if the connection is primarily used for surfing the web, as Streamyx uses transparent proxy to cache web data.

Security : 2005-Aug-2

There is a vulnerability found in Cisco's devices that run its IOS software. A IPv6 loophole has been found that allows an attacker to reset the device, making the network inaccessible. The same vulnerability also allow a skillful attacker to take control of the device.

This security issue is significant because most organizations in this region are confident that their Cisco's devices are secured, and therefore do not actively patch the devices; and that many organizations do not have the expertise to patch a Cisco device.

You should either install the patch from Cisco, or at least disable IPv6 to avoid this vulnerability.

System : 2005-June-24

Our systems had registered numerious mini blackouts in Johor Bahru since June 22nd, 12:15PM. Power line condition were generally very poor in and around the city, and were extremely poor in the industrial areas.

The power instability could cause system to crash or even destroy low-grade power supply unit. You should install good UPS and Surge Protector to prevent extensive damage to your hardware.

In addition, international Internet link seems to be very unstable.

UPDATE 2005-07-06 : These rounds of blackouts have taken its toll. As an indication of how poor the power quality is: within the past week alone, four of our UPSes were burnt out, one server crashed. We had also noted the general instability of all Internet connections.