Remove Spyware and Viruses today

Deadlocked jurors in the Hal Turner hate blogger case were excused late Wednesday after deliberating two days. It’s the second mistrial in the government’s case to prosecute the New Jersey man for allegedly threatening to kill judges.

Assistant U.S. Attorney William Hogan said a new trial was “highly likely.” A third trial was tentatively scheduled April 12 in New York federal court.

Turner, of New Jersey, blogged at turnerradionetwork.blogspot.com that the three judges of the Chicago-based 7th U.S. Circuit of Appeals should be “killed” for upholding a Chicago handgun ban in June.

“Let me be the first to say this plainly: These judges deserve to be killed. Their blood will replenish the tree of liberty. A small price to pay to assure freedom for millions,” the 47-year-old blogger wrote.

He also posted addresses, photos, maps and other identifying information about Chief Judge Frank Easterbrook and Judges Richard Posner and William Bauer.

The first mistrial in December was declared after jurors, deliberating two days, said they were hopelessly deadlocked. That happened again Wednesday with a new jury. That second jury, and not the first one, heard testimony from the three judges who said they felt threatened by Turner’s writings.

Turner, who remains free, claimed he was an Federal Bureau of Investigation informant paid to disseminate right-wing rhetoric. Facing up to a decade in prison if convicted, the 47-year-old maintained the First Amendment protected his speech.

See Also:

• Lawyer: FBI Paid Right-Wing Blogger Charged With Threats
• Lawyer: FBI Paid Right-Wing Blogger Charged With Threats
• Mistrial in Case of Hate Blogger Charged With Judge Threats …
• Palin Hacker Group’s All-Time Greatest Hits
• Blogger Threatened to Murder Judges, Feds Say

Pink Floyd prevailed Thursday in a legal brawl with its label when a British judge ordered EMI to stop selling individual downloads of the acid-inspired group’s songs without permission.

The artists behind The Dark Side of the Moon and The Wall, and other top sellers claimed its decade-old contract with EMI required the band’s music to be sold as an entire album, not as single tracks in which EMI has permitted iTunes to distribute.

High Court of Justice Judge Andrew Morritt of London agreed, ruling the 1999 agreement with EMI was crafted to “preserve the artistic integrity of the albums.”

Pink Floyd said its musical craft surrounding concept albums was being misrepresented when sold in singles. EMI claimed the contract allowed digital sales of Pink Floyd music, even one song at a time.

The Dark Side of the Moon turned 37 years old on Wednesday. Wired’s Underwire blog declared it “Earth’s reigning concept album.”

Photo: wonderferret/Flickr

See Also:

• Pink Floyd, EMI Brawl Over iTunes Royalties
• Pink Floyd’s Dark Side Eclipses Concept Album Classics
• May 12, 1967: Pink Floyd Astounds With ‘Sound in the Round’
• Pink Floyd’s ‘Echoes’ = 2001’s Space Baby?
• RIP: Pink Floyd’s Richard Wright
• Pink Floyd Wins A Polar! Wait, What’s A Polar?
• Pink Floyd’s Nick Mason on Formula 1 Tech

Pink Floyd prevailed Thursday in a legal brawl with its label when a British judge ordered EMI to stop selling individual downloads of the acid-inspired group’s songs without permission.

The artists behind The Dark Side of the Moon and The Wall, and other top sellers claimed its decade-old contract with EMI required the band’s music to be sold as an entire album, not as single tracks in which EMI has permitted iTunes to distribute.

High Court of Justice Judge Andrew Morritt of London agreed, ruling the 1999 agreement with EMI was crafted to “preserve the artistic integrity of the albums.”

Pink Floyd said its musical craft surrounding concept albums was being misrepresented when sold in singles. EMI claimed the contract allowed digital sales of Pink Floyd music, even one song at a time.

The Dark Side of the Moon turned 37 years old on Wednesday. Wired’s Underwire blog declared it “Earth’s reigning concept album.”

Photo: wonderferret/Flickr

See Also:

• Pink Floyd, EMI Brawl Over iTunes Royalties
• Pink Floyd’s Dark Side Eclipses Concept Album Classics
• May 12, 1967: Pink Floyd Astounds With ‘Sound in the Round’
• Pink Floyd’s ‘Echoes’ = 2001’s Space Baby?
• RIP: Pink Floyd’s Richard Wright
• Pink Floyd Wins A Polar! Wait, What’s A Polar?
• Pink Floyd’s Nick Mason on Formula 1 Tech

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and “disrupt” data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center (CSOC) since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the United States Marshal’s Service Warrant Information Network.

Duchak’s job was to update the CSOC database as new information arrived from these two sources. But on October 15, he was given two weeks notice and told that he would be terminated at the end of the month.

About a week later, on Oct. 22, Duchak allegedly transmitted the malicious code onto a CSOC server that stored data from the U.S. Marshal’s Service, according to the indictment (.pdf). The next day, he allegedly loaded malicious code to a server containing the Terrorist Screening Database. The source involved in the case said the servers “are part of the system that contains the no-fly list” and added that the code, if it had gone undetected, could have traveled to a facility in another state that uses a similar computer system.

Duchak has been charged in the U.S. District of Colorado with two counts of attempting to cause damage to a protected computer. If convicted, he faces a possible prison sentence of 10 years and a $250,000 fine for each count.

Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.

“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”

Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.

“The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”

Lindsey said that his client was not given a clear answer about why he was being let go from his job.

Photo: ellenm1/Flickr

See also:

• Eight-Year-Old on TSA Terrorist Watchlist Gets Frisked
• Former DOJ Official Caught on Terror Watchlist
• Threshold for Getting onto No-Fly List Lowered
• FBI: 19,000 Matches to Terrorist Screening List in 2009

An Estonian virus writer has been sentenced to jail in Harju, Estonia.

The author of the Allaple virus family, 44-year old Mr. Artur Boiko pleaded not guilty.

Nevertheless, he was found guilty and sentenced to 2 years and 7 months in prison.

Allaple is a complex worm using polymorphic encryption. It spreads over network shares and by modifying local HTML files. When such HTML files are uploaded to public websites, they spread the infection further.

Apparently Mr. Boiko had been in a car accident and had ended up in dispute over his insurance claim with If Insurance. As a result, his worm launches DDoS attacks against these sites:

    www.if.ee             (website of the insurance company)
    www.online.if.ee    (customer online interface of the insurance company)
    www.starman.ee    (website of a local ISP)

The DDoS attacks were quite serious — see this post from ISC Diary in 2007.

We detected several variants of Allaple during 2006-2007. The problem is that this is not a botnet — these worms have no command and control channel. The infected machines will attack their targets until they are cleaned. There are still thousands of active, infected computers today around the world, and they are still attacking. And the worm is still spreading further.


Snapshot from F-Secure interface showing new samples on 11th of March 2010

Boiko was sentenced to prison, where he has already been awaiting his trial for 19 months. He was also sentenced to pay the following sums to cover losses:

To If Insurance: 5.1 Million Estonian Kroons (about 330000 Euros or 450000 USD)
To Starman ISP: 1.4 Million Estonian Kroons (about 91000 Euros or 130000 USD)

More info (in Estonian) from ERR Uudised

On 11/03/10 At 11:20 AM