According to Kim Zetter of Wired Magazine:

"Rep. Peter Hoekstra (R-Michigan), the lead Republican on the House Intelligence Committee, said the U.S. should conduct a 'show of force or strength' against North Korea for a supposed role in a round of attacks that hit numerous government and commercial websites this last week."

Hoekstra further claimed "the best people in America" believe the attacks originated in North Korea and that "this couldn't be the work of some amateurs".

In reality, security experts believe the DDoS attacks were the result of a derivative of the MyDoom worm - a malware choice that has amateur written all over it. First discovered in January 2004, the original MyDoom worm attempted to launch a DDoS attack against the SCO website, with a subsequent variant of the worm targeting Microsoft. Both attempts failed.

On July 3, 2009, attackers apparently edited the original MyDoom, modifying it to launch the DDoS attack against nearly 40 websites located in the U.S. and South Korea. The worm was then distributed to an estimated 20,000 computers in the AsiaPac region - the same region hit hard by the Microsoft zero day ActiveX exploit. These computers then began automatically (and constantly) sending malicious GET requests to the target websites.

On July 10 at 00:00GMT the infected computers then self-destructed. Code in the worm overwrote the hard drive, rendering the machines inoperable and the data largely unrecoverable.

Rather than make sweeping and unsubstantiated assumptions about the alleged perpetrators of the attack, it might better serve our country - and the Internet population as a whole - if lead politicians of the House Intelligence Committee hammered home the need for widespread adoption of antivirus software and leveraged sanctions against companies that allowed critical security vulnerabilities to go unreported and unpatched for over a year.

An unpatched buffer overflow vulnerability in an ActiveX control used by Microsoft DirectShow is being actively exploited in-the-wild. A large number of websites in China have been compromised and are being used to distribute the exploit. Malicious ads targeting game sites are also employing the zero day exploit. The exact malware that results depends on the attack vector encountered, but thus far consist of a range of data theft and password-stealing trojans.

According to Shavlik Technology, the problem-causing ActiveX control "doesn’t serve any purpose within Internet Explorer" - which makes it even more alarming that Microsoft has known about the problem for over a year and neglected to fix it.

To workaround the problem while awaiting a patch, Microsoft recommends setting a kill-bit for the offending ActiveX control - a protection method that can lead to application problems and has a not-insignificant failure rate (as in, it may not protect you).

My recommendation: switch to Firefox with NoScript. Now.

Just got an email from a PR agency which reads in part:

Given the emergence of online consumer tech support services over the past year we thought a trend story about how these new services are offering consumers a cost-effective and highly efficient way to resolve home computing security issues (and much more) would be very timely.

To substantiate the need for the service, the same email includes a Consumer Report estimate that "U.S. consumers spent $7.8 billion over the last two years for computer repairs, parts and replacements".

The PR message offers, "...for a more in-depth service review we'd be happy to provide you with access to BluePhone -- let us know and we will have the company set it up."

I looked up BluePhone and discovered they charge between $30-$100 per incident. Flat rate is $200 a year. The population of the U.S. is approximately 306 million, so the estimated $7.8 billion over two years works out to less than $15 a year per citizen.

How exactly is going from less than $15/yr to paying $200/yr considered cost effective?

Sometimes mistakes happen. Whether the result of a false positive from antivirus software or a misunderstanding of a file's function, on occasion a valid system file can be inadvertently deleted or quarantined. Sometimes, the results can seem disastrous - a looping blue screen each time you try to boot up the PC. Other times, a stop error with a cryptic message may be the result. Here's how to replace the missing file(s) to get your system operational again. >> How to Restore System Files