Archive for November, 2008

Valor, Navy Crosses, and United States Marines

November 23, 2008

Marines to be awarded Navy Cross posthumously

By Dan Lamothe – Staff writer
Posted : Saturday Nov 22, 2008 7:46:45 EST

Two Marines who died in Iraq stopping a small water tanker filled with explosives will be posthumously awarded the Navy Cross, the nation’s second-highest combat honor, a Marine spokeswoman said.

Lance Cpl. Jordan Haerter, 19, and Cpl. Jonathan Yale, 21, were standing guard April 22 in Ramadi when a truck filled with 2,000 pounds of explosives roared toward a joint Marine-Iraqi headquarters, Marine officials said. The two riflemen opened fire and stopped the vehicle before it reached the gate, but the truck exploded, killing the two Marines.

Maj. Gabrielle Chapin, a Marine spokeswoman in Iraq, confirmed the award decision, first reported Thursday on the Web site of the Los Angeles Times.

Haerter, of Sag Harbor, N.Y., was assigned to Camp Lejeune, N.C.-based 1st Battalion, 9th Marines. The Sag Harbor-North Haven Bridge on Long Island was renamed the Lance Cpl. Jordan Haerter Veterans Memorial Bridge on Nov. 15, according to the New York Daily News.

Yale, of Burkeville, Va., was assigned to Lejeune-based 2nd Battalion, 8th Marines. He was described by family as an outdoorsman who participated in the school robotics and drama clubs in high school, according the Washington Post.

In May, the Corps said the actions of the pair saved 33 Marines, 21 Iraqi police officers and numerous civilians resting beyond the gate of the outpost.

“They saved all of our lives,” Lance Cpl. Benjamin Tupaj, a rifleman with 1/9 on post that morning, said in the Corps’ statement. “If it wasn’t for them that gate probably wouldn’t have held. The explosion blew out all of the windows over 150 meters from where the blast hit. If that truck had made it into the compound, there would’ve been a lot more casualties. They saved everyone’s life here.”

Haerter and Yale were both posthumously awarded the Purple Heart and nominated for “an award for valor,” according to the statement released in May. It did not specify which award they were nominated to receive.

SOURCE

If Democracy Doesn’t Work, Try Anarchy

November 23, 2008

Chuck Norris lands a knock out blow with the following piece. Just think! Anarchy as a respectable alternative to Democracy?

If Democracy Doesn’t Work, Try Anarchy
By Chuck Norris

Protestors of Proposition 8 in California (the marriage amendment) shoved aside a 69-year-old woman who was bearing a cross. They reportedly spit on her and stomped on her cross. They then aligned themselves in a human barricade, blocking the media from getting to or interviewing the woman.

Prop. 8 supporter Jose Nunez, 37, was assaulted brutally while distributing yard signs to other supporters after church services at the St. Stanislaus Parish in Modesto.

Calvary Chapel Chino Hills was spray painted by vandals after they learned that the church served as an official collection point for Prop. 8 petitions.

Letters containing white powder (obviously mimicking anthrax) were sent to the Salt Lake City headquarters of the Mormon church and to a temple in Los Angeles. (Thankfully, the FBI said the substance was nontoxic.)
The 25-year artistic director of the California Musical Theatre, who also happens to be a Mormon, was muscled to resign because of his $1,000 donation to the campaign to ban gay marriage in California.

A pro-homosexual, pro-anarchy organization named Bash Back marched into the middle of a church service and flung fliers and condoms to the congregants. They also hung a banner from the balcony that featured two lesbians in provocative positions at the pulpit.

And lastly, the tolerance-preaching activists also have taken their anger to the blogosphere, where posts have planted ideas ranging from burning churches to storming the citadels of government until our society is forced to overturn Prop. 8. You even can find donor blacklists online. The lists include everyone who financially backed Prop. 8 — even those who gave as little as $46 — with the obvious objective that these individuals will be bantered and boycotted for doing so.

What’s wrong with this picture? Lots.

First, there’s the obvious inability of the minority to accept the will of the majority. Californians have spoken twice, through the elections in 2000 and 2008. Nearly every county across the state (including Los Angeles County) voted to amend the state constitution in favor of traditional marriage.

Nevertheless, bitter activists simply cannot accept the outcome as being truly reflective of the general public. So they have placed the brainwashing blame upon the crusading and misleading zealotry of those religious villains: the Catholics, evangelical Protestants, and especially Mormons, who allegedly are robbing the rights of American citizens by merely executing their right to vote and standing upon their moral convictions and traditional views.

What’s surprising (or maybe not so) is that even though 70 percent of African-Americans voted in favor of Proposition 8, protests against black churches are virtually nonexistent. And everyone knows exactly why: Such actions would be viewed as racist. Yet these opponents of Prop. 8 can protest vehemently and shout obscenities in front of Mormon temples without ever being accused of religious bigotry. There’s a clear double standard in our society. Where are the hate-crime cops when religious conservatives need them?

There were many of us who passionately opposed Obama, but you don’t see us protesting in the streets or crying “unfair.” Rather, we are submitting to a democratic process and now asking how we can support “our” president. Just because we don’t like the election outcome doesn’t give us the right to bully those who oppose us. In other words, if democracy doesn’t tip our direction, we don’t swing to anarchy. That would be like the Wild West, the resurrection of which seems to be happening in these postelection protests.

I agree with Prison Fellowship’s founder, Chuck Colson, who wrote: “This is an outrage. What hypocrisy from those who spend all of their time preaching tolerance to the rest of us! How dare they threaten and attack political opponents? We live in a democratic country, not a banana republic ruled by thugs.”

Regardless of one’s opinion of Proposition 8, it is flat-out wrong and un-American to intimidate and harass individuals, churches and businesses that are guilty of nothing more than participating in the democratic process. Political protests are one thing, but when old-fashioned bullying techniques are used that restrict voting liberties and even prompt fear of safety, activists have crossed a line. There is a difference between respectfully advocating one’s civil rights and demanding public endorsement of what many still consider to be unnatural sexual behavior through cruel coercion and repression tactics. One thing is for sure: The days of peaceful marches, such as those headed up by Dr. Martin Luther King Jr., seem to be long gone.

The truth is that the great majority of Prop. 8 advocates are not bigots or hatemongers. They are American citizens who are following 5,000 years of human history and the belief of every major people and religion: Marriage is a sacred union between a man and a woman. Their pro-Prop. 8 votes weren’t intended to deprive any group of its rights; they were safeguarding their honest convictions regarding the boundaries of marriage.

On Nov. 4, the pro-gay community obviously was flabbergasted that a state that generally leans left actually voted right when it came to holy matrimony. But that’s exactly what happened; the majority of Californians — red, yellow, black and white — voted to define the margins of marriage as being between one man and one woman. California is the 30th state in our union to amend its constitution in doing so, joining Florida and Arizona in this election.

Like it or not, it’s the law now. The people have spoken.

source

Profiles of valor: U.S. Army Sgt. James Brasher

November 23, 2008

United States Army Sgt. 1st Class James Brasher was serving as platoon sergeant for 2nd Platoon, Company A, 1st Battalion, 508th Parachute Infantry Regiment in December 2007. His company was part of Operation Mar Kararadad, a mission to clear the Taliban stronghold of Musa Qal’eh, Afghanistan. On the night of 7 December, the company flew by helicopter to a point just outside the city and occupied a hill overlooking it. At dawn, the company began taking enemy fire from a town at the bottom of the hill, so they moved to clear the town. At one point, Sgt. Brasher killed an attacking jihadi before he could injure or kill any U.S. soldiers, and Brasher also took out an enemy position with a fragmentation grenade.

Brasher then led his men against other enemy positions as they systematically cleared the town. Repeatedly exposing himself to enemy fire, Brasher continued to lead the Americans in pursuit of retreating insurgents, killing several more. The Taliban consolidated behind a defensible compound, but Brasher kept fighting even after he was hit in the right forearm and bicep by an enemy round. In fact, the medics had to force him to take medical care. On 9 October 2008, Brasher was presented the Silver Star for “daring acts of intrepidity and gallantry in the face of a numerically superior and determined force,” according to the citation. “SFC Brasher’s fearless actions and dedication to mission accomplishment enabled Second Platoon to destroy over 20 well trained Taliban fighters. His quick decisions and aggressive stance against the enemy saved the lives of his men.”

The more things change, the more they stay the same: Poly Sci 101

November 23, 2008

Change! That was the mantra of the Obamasia was it not? Well, so far it appears that we will be having a rerun of the Clinton years. Are we really wanting to see things going on like that again? I mean, after all is said and done can we truly be proud of the things that went on with the “Crew.” From one thing after another it was a very bad time for America. So much change that Hillary Clinton will be Secretary of State?

What follows is from last Fridays Patriot Post, enjoy.

As the Obama administration begins to take shape, “change” has become little more than a bag of recyclables from the Clinton years. On a near-daily basis, it seems, Barack Obama has stocked his shelves with Clinton retreads or other longtime Swamp-dwellers. The next attorney general, for one, will be Eric Holder, Bill Clinton’s deputy attorney general from 1997-2001. Holder was instrumental in returning young Elian Gonzales to Communist Cuba at gunpoint, and in processing that rogue’s gallery of Clinton pardons in January 2001. Nothing like the smell of change…

The post that everyone is talking about, however, is that of secretary of state. Swamp gossip points to Hillary Clinton as the prime candidate, but despite some wishful thinking, it is not a done deal. History has proven that the best secretary of state is the one who acts as the mouthpiece of the president. Think Henry Kissinger or James Baker III. Those who do not promote the president’s ideological stance tend to be failures, pushing America’s foreign policy off the rails. Think Colin Powell. With that in mind, it’s hard to picture Hillary Clinton as the person charged with acting as the international mouthpiece of President Obama.

On the campaign trail, these two held strongly opposing views on American foreign policy. It could be said that Obama wants Clinton on board precisely because she can make up for his own inadequacies in foreign policy. If that is the case, then what does one do about the elephant in the room — i.e., Bill? As we all know, he has made a cottage industry of the ex-presidency, raking in millions of dollars from overseas speeches, consulting and philanthropy. As a private citizen, he’s of course allowed to keep many of his dealings secret, but how many of those secret deals will run into direct conflict with the interests of the United States if his wife is secretary of state? Clintonistas say this is not an issue, which means it’s a huge issue.

Furthermore, Hillary still has a future to consider. She has made a name for herself in the Senate, and another run for the White House isn’t out of the question. However, if she is tied to Obama’s administration and it falters, then she is likely to absorb a share of the blame. Perhaps the best advice came from former UN ambassador John Bolton: “Obama should remember the rule that you should never hire somebody you can’t fire.”

Meanwhile, what happened to John Kerry, who was openly vying the secretary of state post? He was recently named chairman of the Senate Foreign Relations Committee — ironically, the very committee to which he testified in 1971 that U.S. soldiers in Vietnam were committing war crimes. According to Kerry, our military personnel in Vietnam “personally raped, cut off ears, cut off heads, taped wires from portable telephones to human genitals and turned up the power, cut off limbs, [blew] up bodies, randomly shot at civilians, razed villages in fashion reminiscent of Genghis Khan, shot cattle and dogs for fun, poisoned food stocks, and generally ravaged the countryside of South Vietnam in addition to … the normal and very particular ravaging which is done by the applied bombing power of this country.” Kerry then added, “There are all kinds of atrocities and I would have to say that, yes, yes, I committed the same kind of atrocities as thousands of other soldiers have committed.” So now we have a confessed war criminal in charge of the Foreign Relations Committee. That’s a change, all right.

Yet more bugaboo’s from the left…

November 23, 2008

On one blog the liberals are yet again trying to push the failed ideology of universal health care as some sort of inalienable right. Well? It might be thought that is so in Canada and other places. It is not listed in the Bill of Rights or anywhere else in the Constitution of the United States. The following by Mona Charen sums things up rather nicely concerning that, as well as what I see as a pretty decent assessment of the last election cycle. This was in last Fridays Patriot Post.


Unlike some who shall, in the interests of comity, remain nameless — conservatives do not cry foul when they lose elections. They do not whine that the election was stolen, or secured through dirty campaign tricks, or otherwise illegitimately won. Instead, they ask themselves where they went wrong.

The National Review Institute, a think tank founded by the late William F. Buckley and now headed by the dynamic and perspicacious Kate O’Beirne, hosted a daylong conference in Washington, D.C., to examine where conservatives need to go from here. It was a very clarifying day.

Yes, the Democrats got a big win on Nov. 4 and there is no gainsaying that Republicans and conservatives were rejected. Then again, it would have defied 200 years of American history if the party holding the White House for two terms and presiding over a huge financial panic should have been successful. Add to that the essentially content-free McCain campaign and you have yourself a drubbing.

But did liberal ideas win? Identification with the Republican Party is down. But the number of voters who identify themselves as liberal (22 percent) is nearly identical to the results four years ago (21 percent). Thirty-four percent, the same as in 2004, still identify as conservatives. And while slightly more voters expressed a desire for more government activism in 2008 than in 2004, the panting eagerness in the press for a reprise of the New Deal (note the cover of Time magazine) is not widely shared by the electorate.

Lacking political strength for the battles to come, conservatives will have to rely on the strength of their ideas. The most important battle, Yuval Levin of the Ethics and Public Policy Center argued, will be health care. If health care is successfully nationalized in America, the case for a smaller and less bureaucratic state becomes immeasurably more difficult. Throughout the developed world, in countries that have adopted socialized medicine, every call to limit the size and scope of government is instantly caricatured as an attempt to take medicine away from the weak and sick. People become awfully attached to “free” medical care even though it is emphatically not free (it is supported through higher taxes), even though it requires waiting periods for care (even in cases of cancer and other serious illnesses), and even though it deprives people of the latest technology (the city of Pittsburgh has more MRI scanners than the entire nation of Canada).

National Review’s Jim Manzi stressed a theme that has been circulating in the works of Ross Douthat, Ramesh Ponnuru (both of whom spoke later in the day), David Frum, and others, namely that the Republican Party erred by failing to address concerns of the broad middle class. Republicans tended to talk only of income taxes, neglecting the FICA or payroll tax that all wage earners pay. Douthat, author (with Reihan Salam) of “Grand New Party,” expanded on that theme. He outlined three traps facing the American right: 1) Demography. The groups that tend to vote Democrat — single women, Hispanics and other minorities — are expanding. The groups that vote for Republicans — married women, white Christians — are contracting. 2) Socio-economic. Middle-class wage stagnation over the past couple of decades has made the welfare state look better to more people (also, see single mothers above — the collapse of the two-parent family is probably a greater threat to future Republican success than any other single factor). 3) Ideological. Douthat argues that conservatives have confused policy with principle and have become wedded to particular solutions (like school vouchers) instead of flexibly seeking conservative approaches to new challenges.

We will need that flexibility as well as a renewed commitment to conservative principles now more than ever as we face a charismatic new president and a Democratic Congress. Republicans have been (myopically) tax-focused, which is a diminishing asset now that fewer and fewer Americans pay income taxes.

Not all of the cultural indicators are negative. Abortion is down, as is the divorce rate (though more people are cohabiting, which is terrible for kids). Crime declined when no one predicted that it would. Conservatives have won tough domestic battles (welfare reform) before — even with Democratic presidents. The next big battle is health care. After that, we shore up the traditional family. It won’t be easy, but this is the land of opportunity — and despair is a sin.

Copyright 2008 Creators Syndicate, Inc.

Forget Bretton Woods II – we need a gold standard

November 20, 2008

Seems that what I have said over the years, as well as many others have about fiat money is getting some press…

Too much credit and easy money. Those were the biggest culprits behind this financial crisis. Yet, apallingly, the government’s rescue attempt is built on more credit and even easier money. That’s like giving a procrastinator a deadline extension. By choosing this course, Washington has steered us on to the “road to Weimar” – the road to runaway inflation.

It didn’t have to come to this. And it still doesn’t. But the proper remedy will take tremendous political courage: Bring back the gold standard. That, more than any byzantine regulations that emerge from the Bretton Woods II conference this weekend, would provide stability and safety for nations and individuals around the world.

Sadly, current policy seems to reflect a desire to weaken the dollar as quickly as possible.

The Federal Reserve’s own data tells the story. The headline is the doubling of Federal Reserve credit, the main component of the US monetary base. Since Labor Day 2008, it’s risen from $894 billion to $2.2 trillion.

That’s the greatest monetary expansion in the Fed’s 95-year history. How the Fed is doing it matters almost as much. It has nearly abandoned its traditional instrument for monetary policy, open-market operations, which involves the purchasing and selling of full-faith-and-credit US Treasury securities. With increasing frequency and amounts, it has relied primarily on “discount window operations” – lending to specific institutions for specific purposes instead of general injections of funds into an open market – since August 2007. This shift may weaken its ability to “tighten” monetary conditions should inflation reach dangerous levels.

A gold standard offers exactly the kind of discipline that’s missing from the Fed. But its impact would be wider: Both in substance and in symbolism, gold provides integrity to the entire global financial system. Governments, however, have historically bridled at the constraint and accountability a gold standard brings. After all, when currency can be exchanged for gold, it’s harder for governments to inflate the money supply, which they’re tempted to do in order to spend beyond their means or cheat on their debts.

~snip~ Full story here

Related story from the Wall Street Journal

WATERFOWL HUNTING CLINIC IN COLORADO SPRINGS

November 20, 2008

The Colorado Division of Wildlife (DOW) will host a Waterfowl Hunting Clinic in Colorado Springs Nov. 20, from 6-9 p.m.

The class will be led by a trio of DOW biologists who will cover the basics on waterfowl hunting with subject matter geared for the novice waterfowl hunter.  Topics will include hunting tactics, regulations, duck identification, hunting techniques, and where to go and what to look for in a hunting location.

The class is free, but space is limited to 50, so participants must call (719) 227-5207 to pre-register.

The Division of Wildlife office is located at 4255 Sinton Road.

For more information about Division of Wildlife go to: http://wildlife.state.co.us.

SPECIAL SEASON OFFERS ANOTHER CHANCE FOR YOUNG TURKEY HUNTERS

November 20, 2008

Get off your butt, and take a kid hunting!

DURANGO _ Young hunters who did not fill their fall turkey tags will have a second chance at bagging a holiday bird at the end of November.

A special late fall season for all Colorado hunters under age 18 is set for Nov. 22-30. Any youngsters who did not get a turkey during the regular fall season can hunt in southwest Colorado. Each hunter must be accompanied by a mentor who is 18 or older. The mentor cannot hunt and must have a Colorado Hunter Safety Card.

The special season opens a new opportunity for youth in Colorado’s southwest corner, said Tom Spezze, southwest regional manager for the Colorado Division of Wildlife.

“Unlike other areas of the state, in the southwest we don’t have upland game birds,” Spezze said. “Turkey hunting gives our young hunters a great opportunity to learn about hunting, and this special season will encourage families to get out together to hunt.”

Turkey hunting is somewhat easier in the fall than the spring. Hunters can take birds of either sex in the fall, and turkeys travel in flocks and can be tracked on the ground. Turkeys are abundant in southwest Colorado and large expanses of public land allow hunters to enjoy a high-quality experience during this season.

The season also follows the last big game season.

“This is a great time of year to hunt; people will have the woods to themselves,” Spezze said. “And you never know, your son or daughter could provide your family with a turkey for Thanksgiving or Christmas.”

Young hunters who previously purchased a regular fall turkey license anywhere in the state for 2008 are eligible for this special season. Separate licenses will not be sold for this season.

The season will be open in these game management units: 52, 54, 55, 60, 61, 62, 64, 65, 66, 67, 68, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 82, 83, 411, 521, 551, 681, 682, 711, 741, 751 and 771. For more information refer to one of the Colorado hunting brochures or the DOW Web Site (http://wildlife.state.co.us) for the exact locations of these units.

For more information about Division of Wildlife go to: http://wildlife.state.co.us.

LICENSE STRUCTURE CHANGE FOR ANGLERS AND SMALL GAME HUNTERS

November 20, 2008

This is something that was long over due, and all that I can say is better late than never!

The Colorado Division of Wildlife (DOW) would like to remind anglers and small game hunters that the license structure for fishing and small game hunting has changed.

Beginning April 1, 2009, all annual licenses including fishing, senior fishing, small game, furbearer, combination fishing and hunting, Colorado waterfowl stamps, habitat stamps and walk-in access permits are valid from April 1 through March 31 of the following year.

“Annual licenses will no longer expire on January 1,” said Henrietta Turner, DOW licensing manager.  “We’ve changed the calendar-based system to a season-year format, so licenses coincide better with our small game seasons.”

All licenses purchased in 2008 will remain valid through March 31, 2009.

Anglers should continue using the 2008 Colorado Fishing Regulations brochure through March 2009. The 2009 Colorado Fishing Regulation brochure will be available mid-to-late March at all DOW offices and license agents statewide. The new brochure will be valid until March 31, 2010, coinciding with the new license structure.

All 2009 annual fishing, small game, furbearer and combination licenses will be available for purchase beginning on December 15.  These licenses will remain valid through March 31, 2010.

Licenses make great holiday gifts and are available on the DOW Web site (www.wildlife.state.co.us), at license agents or by calling: 1-800-244-5613.

For more information about Division of Wildlife go to: http://wildlife.state.co.us.

An ongoing Internet threat

November 20, 2008

I know, I usually don’t post about Internet security threats. On occasion though it seems like a good idea. Windows Secrets free news letter arrived today landing in the in-box with all the subtly of a sonic boom. Seems that Microsoftas well as the AV companies are hard pressed to come up with a solution for this super trojan. Do yourself a favor, and sign up for Windows Secrets via the link.


TOP STORY

Don’t be a victim of Sinowal, the super-Trojan

Woody Leonhard By Woody Leonhard

The sneaky “drive-by download” known as Sinowal has been, uh, credited with stealing more than 500,000 bank-account passwords, credit-card numbers, and other sensitive financial information.

This exploit has foiled antivirus software manufacturers time and again over the years, and it provides us in real time a look at the future of Windows infections.

Imagine a very clever keylogger sitting on your system, watching unobtrusively as you type, kicking in and recording your keystrokes only when you visit one of 2,700 sensitive sites. The list is controlled by the malware’s creators and includes many of the world’s most popular banking and investment services.

That’s Sinowal, a super-Trojan that uses a technique called HTML injection to put ersatz information on your browser’s screen. The bad info prompts you to type an account number and/or a password. Of course, Sinowal gathers all the information and sends it back home — over a fancy, secure, encrypted connection, no less.

Washington Post journalist Brian Krebs wrote the definitive overview of Sinowal’s criminal tendencies in his Oct. 31, 2008, column titled “Virtual Heist Nets 500,000+ Bank, Credit Accounts” — a headline that’s hard to ignore. Krebs cites a detailed analysis by RSA’s FraudAction Research Lab: “One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accounts.”

Sinowal has been around for many years. (Most virus researchers nowadays refer to Sinowal as “Mebroot,” but Sinowal is the name you’ll see most often in the press. Parts of the old Sinowal went into making Mebroot. It isn’t clear whether the same programmers who originally came up with Sinowal are also now working on Mebroot. Mebroot’s the current villain.)

Microsoft’s Robert Hensing and Scott Molenkamp blogged about the current incarnation of Sinowal/Mebroot back in January. RSA has collected data swiped by Sinowal/Mebroot infections dating to 2006. EEye Digital Security demonstrated its “BootRoot” project — which contains several elements similar to Sinowal/Mebroot — at the Black Hat conference in July 2005.

That’s a long, long lifespan for a Trojan. It’s important for you to know how to protect yourself.

A serious infection most antivirus apps miss

I haven’t even told you the scariest part yet.

Sinowal/Mebroot works by infecting Windows XP’s Master Boot Record (MBR) — it takes over the tiny program that’s used to boot Windows. MBR infections have existed since the dawn of DOS. (You’d think that Microsoft would’ve figured out a way to protect the MBR by now — but you’d be wrong.)

Vista SP1 blocks the simplest MBR access, but the initial sectors are still programmatically accessible, according to a highly technical post by GMER, the antirootkit software manufacturer.

The key to Sinowal/Mebroot’s “success” is that it’s so sneaky and is able to accomplish its dirty work in many different ways. How sneaky? Consider this: Sinowal/Mebroot doesn’t run straight out to your MBR and overwrite it. Instead, the Trojan waits for 8 minutes before it even begins to analyze your computer and change the Registry. Digging into the MBR doesn’t start until 10 minutes after that.

Sinowal/Mebroot erases all of its tracks and then reboots the PC using the adulterated MBR and new Registry settings 42 minutes into the process. Peter Kleissner, Software Engineer at Vienna Computer Products, has posted a detailed analysis of the infection method and the intricate interrupt-hooking steps, including the timing and the machine code for the obfuscated parts.

Once Sinowal/Mebroot is in your system, the Trojan runs stealthily, loading itself in true rootkit fashion before Windows starts. The worm flies under the radar by running inside the kernel, the lowest level of Windows, where it sets up its own network communication system, whose external data transmissions use 128-bit encryption. The people who run Sinowal/Mebroot have registered thousands of .com, .net, and .biz domains for use in the scheme.

Wait, there’s more: Sinowal/Mebroot cloaks itself entirely and uses no executable files that you can see. The changes it makes to the Registry are very hard to find. Also, there’s no driver module in the module list, and no Sinowal/Mebroot-related svchost.exe or rundll32.exe processes appear in the Task Manager’s Processes list.

Once Sinowal/Mebroot has established its own internal communication software, the Trojan can download and run software fed to it by its creators. Likewise, the downloaded programs can run undetected at the kernel level.

Sinowal/Mebroot isn’t so much a Trojan as a parasitic operating system that runs inside Windows.

Windows XP users are particularly vulnerable

So, what can you do to thwart this menace? Your firewall won’t help: Sinowal/Mebroot bypasses Windows’ normal communication routines, so it works outside your computer’s firewall.

Your antivirus program may help, for a while. Time and time again, however, Sinowal/Mebroot’s creators have modified the program well enough to escape detection. AV vendors scramble to catch the latest versions, but with one or two new Sinowal/Mebroot iterations being released every month, the vendors are trying to hit a very fleet — and intelligent — target.

Peter Kleissner told me, “I think Sinowal has been so successful because it’s always changing … it is adjusting to new conditions instantly. We see Sinowal changing its infection methods and exploits all the time.”

Similarly, you can’t rely on rootkit scanners for protection. Even the best rootkit scanners miss some versions of Sinowal/Mebroot. (See Scott Spanbauer’s review of free rootkit removers in May 22’s Best Software column and Mark Edwards’ review of rootkit-remover effectiveness in his May 22 PC Tune-Up column; paid subscription required for the latter.)

Truth be told, there is no single way to reliably protect yourself from Sinowal/Mebroot, short of disconnecting your computer from the Internet and not opening any files. But there are some historical patterns to the exploit that you can learn from.

First of all, most of the Sinowal/Mebroot infections I’ve heard about got into the afflicted PCs via well-known and already-patched security holes in Adobe Reader, Flash Player, or Apple QuickTime. These are not the only Sinowal/Mebroot infection vectors by a long shot, but they seem to be preferred by the Trojan’s creators. You can minimize your risk of infection by keeping all of your third-party programs updated to the latest versions.

Windows Secrets associate editor Scott Dunn explained how to use the free Secunia Software Inspector service to test your third-party apps, and how to schedule a monthly check-up for your system, in his Sept. 6, 2007, column.

In addition, according to Peter Kleissner, Sinowal/Mebroot — at least in its current incarnation — doesn’t infect Vista systems. Windows XP remains its primary target, because Vista’s boot method is different and its User Account Control regime gets in the worm’s way.

Don’t look to your bank for Sinowal safeguards

So, you’d figure the banks and financial institutions being targeted by Sinowal/Mebroot would be up in arms, right? Half a million compromised accounts for sale by an unknown, sophisticated, and capable team that’s still harvesting accounts should send a shiver up any banker’s spine.

I asked Rob Rosenberger about it, and he laughed. Rosenberger’s one of the original virus experts and was also one of the first people to work on network security at a large brokerage firm.

“I’ll be labeled a heretic for saying this, but … from a banking perspective, frauds like this have never qualified as a major threat. A banker looks at his P&L sheets and writes off this kind of fraud as simply a cost of doing business. Such fraud may amount to billions of dollars each year, but the cost is spread across all sectors of the banking industry all over the world.

“Banks have dealt with this kind of fraud for many, many decades,” Rosenberger continued. “Forget the Internet — this kind of fraud existed back in the days of credit-card machines with carbon paper forms. The technology of fraud gets better each year, but this type of fraud remains consistent. From a banking perspective, the cost to obey government regulations dwarfs the cost of any individual case of fraud.”

If the bankers aren’t going to take up the fight against Sinowal/Mebroot, who will? The antivirus software companies have a long tradition of crying wolf, and their credibility has suffered as a result.

In this particular case, the major AV packages have failed to detect Sinowal/Mebroot over and over again. It’s hard to imagine one of the AV companies drumming up enough user interest — or enough business — to fund a mano-a-mano fight against the threat. Besides, the AV companies are chasing the cows after they’ve left the barn, so to speak.

The folks who make malware these days constantly tweak their products, often using VirusTotal or a proprietary set of scanners to make sure their programs pass muster. A day or an hour later — before the AV companies can update their signatures — the bad guys unleash a new version. AV companies know that and are moving to behavioral monitoring and other techniques to try to catch malware before it can do any harm.

The only company that seems to be in a position to fix the Master Boot Record problem is Microsoft. But it’s hard to imagine MS management devoting the time and resources necessary to fix major security holes in a seven-year-old product, particularly when XP’s successors (I use the term lightly) don’t appear to have the same flaw.

This is short-sighted, however. It’s only a matter of time before Sinowal/Mebroot — or an even-more-dangerous offshoot — finds a way to do its damage on Vista systems as well.

If Microsoft decides to take on Sinowal/Mebroot, the company is up against a formidable opponent that draws on many talented programmers. John Hawes at Virus Bulletin says “I recently heard someone estimate that a team of 10 top programmers would need four full months of work to put together the basic setup.”

As Peter Kleissner puts it, “I personally think most people behind the [Sinowal] code do not know what they have done. I would bet that more than half of the code was written by students around the world.”

Kleissner’s in a good position to judge. He’s a student himself, 18 years old. I’m glad he’s on our side.


Follow

Get every new post delivered to your Inbox.

Join 205 other followers

%d bloggers like this: