We just got back from vacation to Florida and Atlanta for the 4th of July. It was 40 hours of driving. You see tons of police on a 2200 mile trip. But I saw all of them thanks to an app suggested by a friend.

I highly recommend the free app Trapster for Iphone. Speed traps, cameras, construction, police hot spots, and more are covered. It’s a user updated app that allows users with a push of a button to update a route with known traffic conditions in real time. You can set the warning distance and fine tune each of the possible alerts. It has voice warnings and push alerts for those of you that have not upgraded to IOS 4. As you come up on each notice there is a posted time of when it was reported, you can vote it up or down based on your experience.

The official answer is “When the DNS server saves the NS records to the cache, the TTL for the A (Glue) record gets changed to be 1 day. The TTL for the NS Record stays at 2 days. When the A records expire, the DNS server starts returning a “Server Failure” response to the client that issues the dns query”

The resolution is as pointed out in KB 968372

1. Start Registry Editor (regedit.exe).

2. Locate the following registry key:

3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

4. On the Edit menu, click New, click DWORD (32-bit) Value, and then add the following value:
Value: MaxCacheTTL
Data Type: DWORD
Data value: 2A300 (172800 seconds in decimal, or 2 days) (the KB says to use 0×2A300 but you’ll find it won’t accept that)

5. Click OK.

6. Quit Registry Editor.

7. Restart the DNS Server service

The first major way viruses spread is through security holes.

Security holes are what you read about most often in the news. Virus writers find holes in the programming of an operating system that allows malicious code to enter the system. Worms are the most common type of virus to use this method. The core purpose of worm is to replicate itself to other machines on a network. Remember that network also includes the Internet. It propagates itself by searching out other computers with the same security hole or emailing itself from the infected host. By itself, the normal results of a worm is the consumption of bandwidth. Basically it causes a traffic slowdown or Denial Of Service (DOS).

Few pure worms exist, normally they also have a payload attached to them. Recent ones of note are Nimda, Code Red and Code Red 2, and Sasser.

Botnets are often created thru worms. Botnets are infected machines where the payload allows remote control of the machine. Besides the normal bandwith consumption of replication as mentioned earlier, botnets become a zombie army of infected machines. An individual on a controller machine now has the ability to harness the power of thousands of machines to perform a specific task. A simple command can cause the controlled machines to email or send information packets at a specific target. Be a company, government agency, or Internet Service Provider. You can read more about Denial of Service and recent attacks here

Why do they (virus writers) do this?

How did I get it?

How do I prevent this from happening again?

We’ll take them in order over the coming days. Today we cover the ‘why’ question.

The short answer is that there is money to be made. A lot of it. Long gone are the days where a viruses sole purpose is to eject your CD-Rom drive or cause your keyboard to type incorrect letters. Data and information is the commodity of the Internet age.

Viruses are appropriately named and very analogous to human viruses. They spread from one place to another, repeating their process again and again. Somebody (actually many somebodies) have the cold right now. Somebody (several million somebodies) are infected with computer viruses right now. From experience cleaning them, those infected computers have multiple viruses at one time.

Theft of information on the Internet requires a new level of thinking in scale and purpose. Many people’s concept of stealing a Credit Card is still centered on one person targeting another in a one on one situation as it is done the ‘real’ world. Viruses are automated thieves running 24/7. The number of active viruses out there broke the one million mark in 2008. That is just the number of active viruses. In Panda Security’s 2009 report, they stated that their virus library over the past 20 years has reached 40 million samples. That’s 40,000,000. Most of them occurring in the past decade. That’s a lot of viruses moving through a lot of computers at any given time.

Identities, Credit Card numbers, login information, passwords, and company data are bought and sold every minute. The number affected is in the millions each year and rising. Credit Cards can be bought for pennies when purchased in bulk on the black market. Bank account numbers and credentials usually cost more due to their usable lifespan before detection of the theft. Sometimes in the thousands of dollars.

Corporations and Government agencies have data that is target for theft. The James Bond of today is also a virtual one stealing intelligence information. Think of all the new technology that comes out yearly. Profits in the billions for the right new technology or insider trading tip.

In our next post we will cover how infections are spread