New Botnet?

Over the last 24-hours I’ve intercepted several emails containing malicious attachments in .zip files. There’s nothing odd about that, expect these are coming from ‘clean’ IP addresess.

Is this a new Botnet, spreading fast?

Yesterday the subject was “your mailbox has been deactivated” and they pretended to come from the IT support team at your domain name. If you don’t have an IT support team it’s a bit of a giveaway. The message continued:

We are contacting you in regards an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, technical support.

Today they’ve got the subject “Payment request from , where the company varies.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

The full text is:

We recorded a payment request from "" to enable the charge of $ on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as "".

If you didn't make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

The interesting thing is that none of these have come from IP addresses that are currently listed as part of a botnet, known spam sources or anything. They’re completely clean. I’ve no proof that the two attacks are related, but I’m suspicious.

If anyone has more parts to the jigsaw, please share them with a comment.

Helen Goodman – Labour’s most sexist minister

Amidst the hysterical hand-wringing over the MP’s expenses scandal there’s still plenty to be dug from the deep vein of genuine stupidity that is our government. To be clear, these are appointed by the prime minister to run the country, and are presumably the best New Labour has to offer.

The latest is Work and Pensions minister Helen Goodman (salary £96K per year). She’s attacked the new rules on expenses, claiming that the ban on funding domestic cleaning staff will prevent her and other women from becoming MPs, and is therefore sexist. Her stated assumption is that only women do domestic chores and therefore the ban on cleaners will affect women MPs disproportionately. If her’s isn’t a sexist attitude I don’t know what is.

She was appointed in June this year, and has yet to be sacked. In fact Gordon Brown and her colleagues don’t seem to have reacted at all to her utterances on the matter.

Her expenses fraud history, as revealed by the Daily Telegraph, involved claiming for some hotel receipts that pre-dated her election as an MP. On top of which there was £500 for a holiday cottage, which she maintained was necessary for her work. Her constituents in Bishop Auckland will, presumably, vote for anything with a red rosette stuck on it.

Cleaning an LCD Monitor or TV

I needed to clean a large LCD screen today. My usual recommendation for such things is to us a soft dry cloth (preferably microfibre), and to do it gently so as not to crack the glass. But this screen had a stubborn smear – possibly caused by a hand being wiped across. It had the appearance of a water mark of some sort – mineral deposits left by a cloth or tissue dampened with tap water perhaps?

The soft cloth wasn’t going to shift it, so a liquid was called for. But what?

You certainly don’t want to use use alcohol based cleaners on the delicate plastic of an LCD. It might be okay on some, but if it’s not you’ll trash it permanently. So a quick trawl of the web found me the favoured recipe, and everyone’s consistent about it distilled water plus vinegar, mixed 1:1. Any everyone’s wrong!

Vinegar is a great cleaner, and I use it for lots of things. But the idea of a 50% solution is a big warning – how strong is the vinegar to begin with? It’s too precise a recipe using imprecise ingredients. I tried it nonetheless, and ended up with a smear covering most of the screen rather than the original area I was trying to clean.

Time for some home cooking, and the solution is simple. Distilled water, a bit of vinegar and a small drop (no more) of washing up liquid (detergent). This lifted the deposits into suspension or solution on contact. The other trick you need to use is a double cloth – wipe off immediately after wiping on, before it has had a chance to dry.

I used soft kitchen paper towels for the process, but I thought the monitor was made of fairly hard plastic. A micro-fibre cloth would be safest if you’re not sure.

Spammer without a Motive

Anyone who knows what I’m about will have guessed that I’d take an interest in the spamming attempts on this blog site. And indeed I have. However, a couple of weeks ago I had a slew of comments for which I can’t deduce a motive.

They took the form of meaningful comments to half a dozen posts – the sort of thing you’d normally let through even they they didn’t add any useful knowledge. They were also well written, by someone who clearly spoke English. But they didn’t add up.

The author purported to be an American cleric, and the comments were written from that viewpoint. However, they didn’t smell quite right – there were a few slips that suggested they weren’t written by a west-coast American priest. Investigation revealed they were, in fact, sent from a computer in Manchester or thereabouts.

So what’s the game? Well there were no links or other nasties in any of the posts. The web site of the poster (which may well have been blocked anyway) was a religious blog in the USA, but it hadn’t seen any activity since mid-2006.

Could this person have been creating an identify for a sock-puppet? Well having waited a couple of weeks, the name hasn’t appeared anywhere else. It could be that the poster failed to convince anyone, but the Internet is a big place and most blogs aren’t posted by computer security experts.

The only explanation I can think of is someone trying to create an identity with enough rights that subsequent posts could get through unmoderated. This would have taken a great deal of further work, especially as the email address provided was an anonymised temporary one.

So, I’m still stumped!

Some of the comments were quite funny, so I might let them through anyway and see what happens.

Scan Computers has been around for some time, and they’ve always been tricky when it comes to faulty goods (I have a pile of DOA hard disks on my shelf to prove it). Now they’ve gone a step worse. Their latest wheeze is to add ‘installation insurance’ to your order without you knowing about it. There is a check-box, but it doesn’t always seem to stick and to make it trickier they don’t add it as an invoice line, they add it to the tax and shipping.

Watch out.

They’re still using a premium rate telephone number (without the required Ofcom warning) as their sole contact method if you have query about this extra charge. Incidentally, if you want the standard rate number for them it’s 01204 474747.

Nonetheless, I’ve sent them an email asking for an immediate recharge, or I’ll put a dispute on it with the credit card company. Let’s see what happens.

It’s a shame when this happens, because the people at Scan are basically very decent and helpful when you do manage to contact them, and they’re the place to go for high-end graphics systems. Like many companies, it seems they have someone in the money-making department dreaming up such schemes in the short term, and hack-off the punters long-term. Although this was less than 0.5% of the order value (it was only applied to some cooling fans – the big stuff wasn’t covered anyway), little things like this do get noticed and create a bad feeling – and everyone has a choice. Continue reading “”

Another health and safety gone mad

I’m not a fan of electric fires, but a relative lives in some flats where they’re the only option. So off we went shopping.

Bar fires seem to be long-gone – now they’re either fan-heaters, or fan-heaters dressed up to look like real fires when viewed with a great deal of imagination. This is the type that was required, as it was to fit into a traditional fireplace.

A fan heater is a fan heater. They convert electricity into heat, so a 2W heater produces 2W of heat and that’s about all there is to it, other than aesthetics and noise level. This means that in order to choose the best one for your purposes you really need to see them set up and running. So we worked out where we could see as many on sale as possible, and set off to Watford.

B+Q had a large selection screwed to the walls, but none were running. The same was true of Homebase and a couple of other shops. Still, brochures were collected and an interim decision was made on the assumption that the unit would look okay in action. Finally we got to Wickes, where there were a few fires available but not in that store. The assistant was kind enough to call another branch to check as to whether they had a display, and confirmed that they did – but none were connected.

By now I’d had enough of this, so asked why they didn’t bother wiring them up. The displays were obviously substantial, with fire surrounds built in, and there was power available for display lighting. After all, you don’t need to run the heating element, just the visual effects – it’s just a fancy lamp!

The reason was a stunner – they won’t wire them up for health and safety reasons because they’re dangerous. Now let’s get this streight – the idea of an electric fire is that it is not dangerous. There are no hot surfaces, the elements are inside the works, with only hot air blown out. There shouldn’t be any live wiring anywhere on the outside. That’s the point. You can have them on the floor with children in the room without worrying, and they should not spontaneously burst into flames.

Do all these shops sell fires that are too dangerous to leave on display?

I realised I was on a looser at this point and ordered a Valor Dimension from an Internet dealer based on its brochure. We’ll see when it arrives, but the photo looked just as good, if not better, than anything we saw not working in the shops.

If retailers are worried about customers switching to the Internet they’re not exactly going out of their way to lure customers back. It’s not going to end well for them.

Update: The Valor Dimension was spectacularly good – I can thoroughly recommend it. As a fan heater, it’s a fan heater, but the flame effect has to be seen to be believed.

Saga of Sunon fan in Acer PC

As regular readers might remember, when IBM’s PC division became Lenovo I got worried, and bought a few Acer machines to see if they were any good. Their backup was dreadful, so I stuck with Lenovo. As is the way of things, one of the samples ended up as my main PC and has been purring along ever since. Until this morning.

It showed all the symptoms one would expect of a dead PSU. That is to say, the mains lead was live but the PC wasn’t.

Luckily the PSU is pretty standard and I had a spare on the shelf, but while I had the case open I gave the fans a twirl. I didn’t expect to find a problem as the machine ran silently, but to my amazement the CPU fan was ceased. Completely solid. I couldn’t shift it.

I removed the heat sink to get the fan off, and saw to my disgust that it was a special with a built-in thermistor and a fourth wire on the cable.

Computer case fans generally have two or three wires. If it’s just two it’s simple, a +ve and GND. The third wire is a spin sensor: usually yellow wires give a pulse as the fan completes a revolution and this the motherboard (or fan controller) can sense the actual fan speed. A white third wire generally indicates either spinning or ceased up completely. The type you need depends on the complexity of your control system.

The fourth wire, if there is one, tends to be for controlling the fan speed. There are basically two ways to vary the speed of the fan – vary the voltage or modulate it. Varying the voltage can be a bit tricky: dropping a voltage generally means converting it to heat somewhere along the line, and this is best avoided. Pulse Width Modulation, on the other hand, is great. You keep the voltage the same but you turn it on and off. If it’s off for 50% of the time and on for 50% of the time you’re only getting half the power to the fan, so it’ll turn half as fast (gross simplification, but you get the idea). The pulses, of course, have to be fast. Switched mode power supplies work using the same principle.

Naturally I had a box of fans, but none of them supported pulse-width modulation. I pretty much knew that before I looked. Never mind, I though – I’ll run a standard fan at a fixed speed and be done with it. Foiled again! This fan is 20mm thick whereas every other 80mm fan is 25mm thick. And the extra 5mm matters, because it won’t fit on the heat sink otherwise.

The fan in question is a Sunon FMD1208PKV1-A. Decoding this shows that it’s a FMD series, 12V, 8cm, 20mm thick and so on but doesn’t say whether it’s a ‘special’ – that could be what the –A is all about as Sunon do make special versions for OEMs.

It’s actually quite a fancy fan – maglev bearing and other leading-edge refinements. According to its data sheet it can shift more air with thinner blades than most of the competition. Hmm. It’s not like the case is so cramped that 5mm had to be shaved off the thickness of the fan!

A quick trawl revealed that RS Components (Radio Spares to my generation) stocked the beast, for about €30. Sorry, RS, but I don’t do Euros and certainly don’t have 30 of them to spend on a fan.

Com-Com, who recon they carry spares for most servers, advertised the part but you have to call them for a price. So I did. They don’t actually have any, but could get a box of 100 if I really wanted them that badly. Well they are nice fans and 100 would keep me going a long time so I enquired as to the price – £1500. They’re nice fans, but not that nice. The bloke there suggested I call Acer to see if they can sell me a spare. Calling Acer “Customer Services” is bad for my blood pressure, and has never resulted in anything good – basically some fool reading from a script that appears to have inadvertently been designed put you off buying anything for Acer ever again.

Next I tried running the box without a fan, as it clearly hadn’t had one for a while. The CPU temperature was hovering around 70C, which is a bit hot. In-spec, possibly, but not the best way to ensure it has a long and healthy life.

So I had a closer look. The fan can’t fit far enough down the heat-sink due to its thickness – it fouls the fixing posts. However, it’s held on to the heat-sink with a pair of off-set brackets, and these are reversible. If you swap them over the fan will just about clear the fixing posts once they’re screwed down. That’s the key…

Remove the heat-sink, fan and brackets. You then have to replace the heat-sink and screw it down – the screws will be inaccessible with the fan in place. Then re-fit the brackets the wrong way around (swap them over). It’s a fiddle, but you can screw the fan onto the brackets with the heat-sink in position – well the outer two anyway. The inner two could probably be managed if you were keener than I was.

A standard three-pin fan plug will fit the 4-pin connector on the motherboard; just push it over the appropriate three pins and avoid the one the blue wire would have been connected to.

Although the fan is now offset by nearly an inch, the CPU is really cool – about 25C. The down side is that it’s always running full-blast and it’s a tad noisy. Does anyone know where I can get a FMD1208PKV1-A with a PWM wire cheap?

New Trojan scam

Earlier this evening I intercepted a single instance of a new Trojan malware ploy, which may be of interest.

Unlike most of these scams, this one was written in good English and sounded very plausible. It was sent directly to a mail host and was pretending to come from the administrator of that host, stating that the mail server was going to be upgraded on a specific date in the near future and the SSI(sic) certificate was going to change. It instructed the recipient to download an update for the (supposed) Windows PC you were using, and this would install he new certificate. It used a mangled URL that looked like it came from the mail hosting provider.

These people are using ‘clean’ IP addresses to send from so they won’t appear in lists of known spammers. The URL for the download ( was freshly registered, and this was the only thing about it that an automated spam detector would have noticed.

A lot of people may be fooled by this. Watch this space.

Micro Men – Acorn vs Sinclair

The BBC has, for once, come up with a one-off programme I actually enjoyed – Micro Men. It’s screening now (several times) on BBC4, and if you were around at the start of the micro computer era you really should watch it. It looks like it was made for us nerds.

It deals with the rivalry between Sinclair and Acorn in the UK home computer market. Okay, it takes a lot of liberties with events and totally ignores the rest of the industry – the best you can say is that it’s fiction based on history. But if you look beyond that, the background detail was completely amazing. And I’m not just talking about having the correct covers on the issues of PCW, although this was nice to see.

For a start, look at the posters on the walls – they’re spot on. Then look at the electronics they’re playing with in the lab. That’s either the guts of a real Acorn Atom or it’s a very good reproduction, even though the chips, which would have been more interesting, are hidden on the reverse. The software on the shelves at WH Smith looks like the real thing, in the real packaging.

In the closing scenes, where Chris Curry and Herman Hauser are discussing where it all went wrong, the whiteboard behind them contains the instantly recognisable design goals of the Acorn RISC Machine (ARM). Even the briefcases the men from the ministry carried – I bought one just like that in 1978 and I’ve still got it!

Someone was obviously paying a great deal of attention to such detail, and I didn’t see anyone mentioned in the credits who could have supplied it. But could it have been Roger Wilson, the genius I’ve always believed to be behind Acorn/BBC BASIC? He featured prominently in the depiction of the Acorn team, whereas Andy Hopper was nowhere to be seen; although this is perfectly reasonable from a dramatic sense

Roger Wilson has subsequently changed to Sophie Wilson, and I got a call from an old friend claiming that she appeared (unaccredited) in a cameo role as the barmaid. I never remember meeting Roger Wilson in person, so can’t tell, but it’s plausible when looking at it again.

The final scene, where Clive Sinclair drives a C5 down a runway only to be overtaken by two lorries, one from Microsoft and one from HP is obviously symbolic of the thrust of the whole film. Romantic, but wrong, of course. We’d all been using microcomputers with Microsoft software for a couple of years before either Sinclair or Acorn came on the scene with their ultra low-cost offerings. Like most people I knew, we avoided the newcomers because they were too cut-down an unsuitable for general nerd activities – particularly interfacing to things. And their manufactured PCBs used hairline copper tracks that were covered in solder-resist – difficult to rework.

Acorn and Sinclair started too late, and ended up building the machines we all wanted in 1980. By 1984 the bulk of computers were being sold not to enthusiasts, but users wanting pre-packaged software running CP/M or MS-DOS – and the Apple Macintosh was on the scene showing the way forward. The Mac booted into user-mode whereas previous machines started with the BASIC programming prompt.

What they didn’t realise was that we were never going to become a nation of computer programmers, we were going to become computer users. And the rest is history.

Outlook Send and Receive Dialog

If you’re having problems with Outlook insisting on showing you a send/receive dialog even when you have checked the box to hide it in future the solution seems to be simple. Go to the View menu and make sure “Status Bar” is ticked at the bottom.

It appears that if there is no Status Bar to display progress, Outlook will display the Send/Receive dialog regardless of the preferences you’ve set.

If this doesn’t work for you, please leave a comment below.