http://www.informationweek.com/story/showArticle.jhtml?articleID=201204229&cid=RSSfeed_IWK_News

There is a phishing attempt circulating that sends emails claiming to be from the Better Business Bureau.  The subject line is: “BBB Complaint for {Recipient Name} [Case id: #7dcd4491d93a6cd1f1ac30ad32b4d18d]”  The email that I’ve seen came from: “25153F@bbb.com” although I’m sure there are many.  The email body looks like this:

=================================================

Dear Mr./Mrs. {Recipient Name} ({Company Name})

You have received a complaint in regards to your business services. Use the link below to view the complaint details:

CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #B48944

Complaint Case Number: B48944
Complaint Made by Consumer Mrs. Marcia E. Worthington
Complaint Registered Against: {Recipient Name} of {Company Name}

Date: 05/14/2007

Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:

CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #B48944

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:

• Claims based on product liability;
• Claims for personal injuries;
• Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.

The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

© 2007 Council of Better Business Bureaus, Inc. All Rights Reserved.

=================================================

I apologize for not being able to provide the actual message header, the email message was deleted by the client. This email contains the following link, under the title: “CLICK HERE TO DOWNLOAD AND VIEW DOCUMENTS FOR CASE #B48944”

http://document-repository.com/redirect.htm?209696923c59b2a19753c85920ddbbb6=435509f28a129 …

This link directs the user to a webpage containing the BBB logo and a single hyperlink:

http://document-repository.com/Complaint_Details_363619942.doc.exe

Upon clicking on the link on this page, a file called “Complaint_Details_363619942.doc.exe” is executed and the following actions are performed:

Files Created:

C:\microsoft.exe (Virus!  For more details, click here)
C:\microsoft.dll

Registry Entries Created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run: [Win32KernelStart] “C:\microsoft.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce: [Win32KernelStart] “C:\microsoft.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices: [Win32KernelStart] “C:\microsoft.exe”

Registry Keys Changed:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier\Application Path\ Changed “magnify.exe” to “C:\Microsoft.exe”

The files mentioned above can be removed by first deleting Microsoft.dll then Microsoft.exe using a program called Killbox. The registry keys can be deleted manually, but the last one mentioned above must be changed back to its original value of “magnify.exe.

In most pre-Exchange 2007 organizations that were using OWA, a third-party cert for the public FQDN of your mail server was all you needed.  In Exchange 2007, things changed a bit and certificates play a much larger role in the organization.  One of the lingering issues I’ve seen was a certificate error internally saying that the certificate name did not match the name of the server.  This was because the certificate was a third-party issued cert using the public FQDN of the server and not the internal hostname of the server.  To avoid running into this issue any longer, I followed another article I found online and simply created a new forward lookup zone in the internal DNS for the public domain name of our organization (i.e. kazmarek.com).  In that forward lookup zone I created the host (A) record for the mail server and pointed it to the internal IP.  Next, following the article (see link below) I changed the links in Exchange 2007 so that they would reference the public FQDN even when working internally.  What this does is effectively use the same public FQDN for all transactions with the Exchange 2007 server so it will match your existing third-party cert.

http://forums.msexchange.org/m_1800444783/mpage_1/key_/tm.htm#1800444783
(Search down to the section that reads: “Next we need to change the URLs used autodiscover”)

Credit: http://mostlyexchange.blogspot.com/2006/11/e2k3-public-folder-management-ssl.html

I ran in to a problem where I was trying to remove a public folder store from a front-end server. The SSL certificate on the front-end server is wrong (wrong FQDN/CN, unknown CA, and it is expired). I could not manage the public folder hierarchy using Exchange System Manager.

Depending on what I was trying to do, I got this error:

The SSL certificate server name is incorrect.
ID no: c103b404 Exchange System Manager

I also saw this error:
The token supplied to the function is invalid
ID no 80090308

Lots of newsgroup and web discussion forms pointed to this KB article indicating that the problem might be related to SSL being required on the /ExAdmin virtual directory. “You receive an SSL Certificate error message when you view public folders in Exchange System Manager” http://support.microsoft.com/kb/324345 I checked that and it was NOT the case.

Finally found some instructions in a newsgroup that worked. This requires ADSIEDIT and a little bit of Exchange configuration editing.
Run ADSIEDIT  ( DOWNLOAD HERE: http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm )

Navigate to the following object: CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1, CN=Exadmin
Display the properties of the CN=Exadmin object
Locate the msExchSecureBindings attribute, highlight it and click Edit button
If it has a value of :443:, select that value in the Values list, click Remove.
Click OK twice and then close ADSIEDIT
Give this a few minutes to replicate through Active Directory and try it again!

Dial from any phone
1-800-GOOG-411
(1-800-466-4411)  

Google Voice Local Search is Google’s experimental service to make local-business search accessible over the phone.

Using this service, you can:

• search for a local business by name or category.
  You can say “Giovanni’s Pizzeria” or just “pizza”.
• get connected to the business, free of charge.
• get the details by SMS if you’re using a mobile phone.
  Just say “text message”.
• It’s FREE

http://labs.google.com/goog411/

From: http://blogs.technet.com/sbs/archive/2006/06/30/439685.aspx

When you try to send an e-mail message in Microsoft Exchange 2000 Server or in Microsoft Exchange Server 2003, you cannot send the e-mail message. Additionally, you may receive one of the following error messages or one of the following Non Delivery Reports (NDRs):

• Access denied 

• You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator. 

• Unlisted Message Error 

• MAPI_E_NO_ACCESS -2147024891 

• Failed to submit mail message for user USERNAME (HRESULT:-2147024891) Pausing user USERNAME. (Security error - Cannot access the users mailbox.)

NDRs

• You do not have permission to send to this recipient. For assistance, contact your system administrator. 

• The message could not be sent using your mailbox. You do not have the permission to send the message on behalf of the specified user. 

This issue is known to affect the following third-party products:

• Research In Motion (RIM) Blackberry Enterprise Server (BES) 

• Good Technology GoodLink Wireless Messaging 

CAUSE

This issue may occur when one of the following conditions is true:

•     You do not have permissions to send e-mail messages as the mailbox owner in the account that you are using to send the e-mail message.

•     You are running Microsoft Exchange 2000 Server Service Pack 3 (SP3) with a Store.exe file version that is equal to or later than version 6619.4. Version 6619.4 was first made available in the following Microsoft Knowledge Base article:

915358 A hotfix is available to change the behavior of the Full Mailbox Access permission in Exchange 2000 Server

•     You are running Microsoft Exchange Server 2003 Service Pack 1 (SP1) with a Store.exe file version that is equal to or later than version 7233.51. Version 7233.51 was first made available in the following Microsoft Knowledge Base article:

895949 “Send As” permission behavior change in Exchange 2003

Note that this fix is not included with Microsoft Exchange 2003 Service Pack 2 (SP2). If you have installed the Exchange Server 2003 SP1 version of this hotfix, you must install the Service Pack 2 version after you upgrade to Service Pack 2.

•     You are running Exchange Server 2003 SP2 with a Store.exe file version that is equal to or later than version 7650.23. Version 7650.23 was first made available in the following Microsoft Knowledge Base article:

895949 “Send As” permission behavior change in Exchange 2003

Note This change was not included in Exchange 2000 Server SP3, in Exchange Server 2003 SP1, or in Exchange Server 2003 SP2. The change was implemented after release of all of these service packs. However, the change is supported in each of them. The change will be included in future service packs for these products.

If you install Exchange Server 2003 SP2, you must install the additional update to retain the new behavior. You must do this even if you already installed the version of the update for Exchange Server 2003 SP1.

RESOLUTION

Grant the Blackberry or other application’s service account the Send As permission on every user in a container or domain.

To grant Send As for the service account on a single user account, follow these steps:

1. Start the Active Directory Users and Computers management console.

3. View the properties of the user account and click the Security tab.

4. The service account (BESAdmin, for instance) is not listed.

5. Add the service account (BESAdmin, for instance). It will default to having Read permissions, but not Send As.

6. Note: This step is optional. The only permission the service account needs is Send As, so you can remove the Read permissions if you wish.  To do so, uncheck the following checkboxes in the Allow column for the service account (BESAdmin, for instance):

Read

Read Account Restrictions

Read General Information

Read Group Membership

Read Logon Information

Read Personal Information

Read Phone and Mail Options

Read Public Information

Read Remote Access Information

Read Web Information

7. With the service account (BESAdmin, for instance) still selected, check the following box in the Allow column:

Send As

8. Click OK until you have exited and saved all changes. 

9. Restart the Microsoft Exchange Information Store service.

To configure an MMC console to never prompt you to save your settings:

1. Locate the .MSC file on your disk.

2. Right click the .MSC file and press Author.

3. On the File menu, press Options.

1. Toggle the Console mode to User mode - full access.

2. Check Do not save changes to this console.

1. Press Apply and OK.

2. On the Console menu, press Save.

These are pre-SP1 instructions.  POP3 is supported in Exchange 2007 but not turned on by default.  To turn it on (from the management shell):

1) Enable the service:      Set-Service msexchangepop3 -StartupType automatic
2) Start the service:         Start-Service msexchangepop3
3) Enable POP3 for mailboxes:     Set-CASMailbox -identity mailboxname -PopEnabled $true
4) OPTIONAL To enable plain-text authentication:     Set-PopSettings -LoginType PlainTextLogin
5) If you did number 4 then restart the service: restart-service msexchangepop3

Step 1: Click Start button and type Regedit
Step 2: Browse to HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings
Step 3: Create a new DWord with the name MaxConnectionsPerServer (To create a new DWord, right click on the empty space found on the right side box -> Click New -> Click ‘DWORD 32 Bit Value‘)
Step 4: Create another new DWord with the name MaxConnectionsPer1_0Server
Step 5: Double click these new DWords you have created and set the decimal value higher than 2 and lesser than 10 (This number represents the maximum simultaneous download allowed)

I’ve seen this piece of spyware a few times on client machines and its easy to remove with most spyware apps now.  Whats interesting is what the company actually uses it for.  A good read:

http://cexx.org/newnet.htm

WARNING: Sometimes when you remove this spyware, it can take your Winsock components with it, essentially disabling your network access.  If that happens, use this tool to fix it:

http://www.majorgeeks.com/WinSock_XP_Fix_d4372.html

EDIT:  Alternativly you can use functionality introduced by SP2 -

Windows XP Service Pack 2 - New Winsock NETSH commands

Two new Netsh commands are available in Windows XP Service Pack 2.

netsh winsock reset catalog

This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously-installed LSPs will need to be re-installed.

netsh winsock show catalog

This command displays the list of Winsock LSPs that are installed on the computer.