1700 Martin Luther King Jr Way

Frank Zappa was a great man. Just saw his son Dweezel play on Wednesday in Santa Cruz. He’s making his dad proud.

Our office is at the corner of Martin Luther King and Virginia Street. There are two elementary schools, a preschool, and Totland park within two blocks.

Over the last many years we have witnessed numerous accidents and heard numerous screeches as cars have come to grinding emergency halts. This intersection is very dangerous. Thirteen months ago Jacki started requesting that the city take a look at this intersection and install some sort of warning for drivers to watch for and slow for pedestrians. Many many phone calls and e-mails later, Jacki was victorious. Four new signs were installed that will hopefully slow traffic.

We want to specifically thank Hamid Mostowfi in the Berkeley Public Works Department.

Well ain’t that just grand!

Today is the 40th birthday of the Internet.

This blog reports on a variant of the ZBot trojan that’s making its way through the tubes of the internet. It’s a classic scam, where the bad guys pose as, in our case, lmi.net tech support. They send you a link via email. The link is obfuscated to make it look like it points to an lmi.net server, but the actual link is to a server off-site. The server has several IP addresses, so that if one is shut down, you may still have a hope of infecting your system. The link leads to a page that tells you to download an executable called YOURNAME-settings.exe.

If you download the exe file and run it, it does a bunch of fun stuff. From the previously mentioned blog:

Regarding ZBot: it is a trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.

The trojan will create a file %System%\sdra64.exe and the hidden files %System%\lowsec\local.ds and %System%\lowsec\user.ds in combination with a hidden directory %System%\lowsec. There were new memory pages created in the address space of the system process(es): services.exe, lsass.exe, alg.exe, iexplore.exe and svchost.exe.

Several registry settings are modified and the trojan could make connection to a remote host on the IP 195.93.208.106 on port 80. Data requested is: hxxp://195.93.208.106/livs/rec.php, hxxp://195.93.208.106/lcc/ip1.gif and hxxp://195.93.208.106/ip.php.

This is nasty stuff. Always be sure to write back to us if you think we’ve sent you an email request for your password, or to download any file at all, and make sure you’re responding to an lmi.net address – a lot of these emails include a reply-to address different than the from address.