There is spam out there that tries to get you to download IE 7. It’s fake, of course. When you click on the image, you are then offered to download a trojan (Sunbelt Sandbox analysis here, VirusTotal results here). Antivirus coverage is mediocre.
And just for fun, check out the source code of this spam.
Alex Eckelberry
I’m going to give you a sneak peek of a very cool skunkworks project going on over at Mayhemic Labs.
One thing that a lot of people have commented on (and particularly the good folks over at F-Secure) is that phishers register domains using words like “Chase”, “ebay”, etc. This makes it easier to foil their victims (such as having a URL like “chase-banking-center.com).
Of course, a great idea is to have the domain registrars simply refuse to register domains with these names (or at least trigger a review of a suspicious domain before allowing it to register). However, that’s not always easy to get done.
But what if new suspicious domain registrations were automatically tracked in a format that allows everyone to see what’s going on?
That’s just what Ben Jackson did over at Mayhemic Labs: He developed a “Domain Tracker System” to track domain registrations by using DomainTools' Domain Mark reports.
Called the Crow's Nest, it aggregates submissions of domain mark reports containing keywords that would be likely used in a phishing domain. The system processes these reports and adds them into a database. The submitter (or other volunteers) can then flag domains that look suspicious. These domains are then monitored for activity. Every 6 hours registration and DNS records are checked to see if the domain is hosted and or still registered. If the site is hosted, the user can then check the site and see if something phishy is going on, and if so, notify the parties affected.
For now, this site is only being used by security researchers. There’s also lots of people who helped him in this, and when it goes public, I’m sure he’ll thank those that don’t mind being publlicly acknowledged.
Expect this site to be public in a few weeks. And then those Phishers will feel a whole lot of hurt.
Alex Eckelberry
Over the holidays, I bought myself a Canon Rebel XTi as a Christmas present. It’s my first digital SLR (I have an analog 35 mm SLR and plenty of digital point and shoots, but never made the leap to digital SLR) and I’ve been learning slowly but surely, with a bit of help from Robert LaFollette, Sunbelt’s creative director (and an uber-guru on photography).
One area I’ve been playing with is HDR (High Dynamic Range), using PhotoMatix. I love the effect but there are tricks to learn to do it well. Of course Robert’s done plenty of HDR and he sent me this incredible HDR photo he took in Miami a few weeks ago.
You can see more of Robert’s pics here. And if you want to see lots of HDR flicks, there’s also a HDR section on Flickr.
Alex Eckelberry
Normally from a group associated with running haxdoor monstrosities, we see this opportunity to be a mule.
Your task as a Smart Transfer manager will consist in transferring payments from one of our clients to another.
Due to the fact that our company works in securities market, we constantly buy and sell payments, so you will work with this money. Also there will be tasks to receive charity money from our donators worldwide and resend them to our HQ for future resending.
Your profit depends on how fast money circulates in the world transaction system. You have nothing to loose while doing this one-click job. Just check your email for a message from us with information about wire transfer to your checking account and instructions what to do with it. The faster you send the money further, the higher numbers of transfers to process you get. No office work, no need in special financial skills, flexible timetable. You choose work time yourself. 1-2 hours of occupation a day. For each transaction you will get 140$.
For the first month you should receive about 15 transactions, later, depending on your speed and accuracy you can get more. You will get paid on the 10th day from your first transfer, and after that monthly. We guarantee that you receive at least 15 transfers a month, what makes minimal payment of 2100$.
Registered to Fidel Castro in Havana. Cuba libre!
Alex Eckelberry
(Thanks Patrick)
The practice of advertising in spyware directly supports spyware itself. It’s something that’s garnered some attention, with the New York AG’s office coming to a settlement in January with three major online advertisers over the matter.
However, Ben Edelman shows how this practice is continuing.
“…despite their duties to the NYAG, both Cingular and Travelocity have failed to sever their ties with spyware vendors. As shown in the six examples below, Cingular and Travelocity continue to receive spyware-originating traffic, including traffic from some of the web's most notorious and most widespread spyware, in direct violation of their respective Assurances of Discontinuance. That said, Priceline seems to have succeeded in substantially reducing these relationships -- suggesting that Cingular and Travelocity could do better if they put forth appropriate effort.”
It’s worth noting that advertisements are typically placed through third party advertising networks (to see how this works, read my earlier blog entry here). Because they are using an intermediary, some advertisers may claim that they can’t control where their ads are placed, which is a crock. Just because you buy ads through a third-party ad network does not mean you can’t control it. For example, when one major security software company found its products being advertised inadvertently in spyware, they found the source and clamped down — and this is a company that advertisers a lot online. The same goes for a number of other companies.
To avoid getting ads placed in spyware, an advertiser can, at the least, a) choose third party ad networks that have a demonstrated track record of not placing ads in spyware and b) make the third party ad network attest in writing that they will not place your ads in spyware.
Things have gotten better in the third party ad network side. When AOL bought Advertising.com, they immediately dumped $100 million in business that was being done through spyware. And a number of other third party ad networks are clamping down, refusing to advertise through spyware programs.
But as Ben writes, it’s still happening. And that money spent by advertisers directly supports the makers of spyware.
Alex Eckelberry
If you’re in the software development space, you’ll get this little humorous exchange that someone here at Sunbelt wrote:
Development: "You want answers?"
Product Management: "I think we are entitled to them!"
Development: "You want answers?!"
Product Management: "I want the truth!"
Development: "You can't handle the truth!!!
Son, we live in a world that requires software. And that software must be built by people with elite skills. Who's going to build it? You, Mr. Marketing? You, Mr. Sales? You, Mr. Finance? You, Mr. Human Resources? I don’t think so.
We have a greater responsibility than you can possibly fathom. You scoff at our open work areas and you curse our big screen monitors. You have that luxury. You have the luxury of not knowing what we know — that while the cost of delivering software may be excessive, it drives revenue and saves money. And my very existence, while grotesque and incomprehensible to you, drives BUSINESS!
You don't want to know the truth because deep down in places you don't talk about at staff meetings... you want me managing the project. You NEED me managing the project!
We use words like refactoring, test-driven development, continuous integration, sprint, velocity, and release planning. We use these words as the backbone of a life spent delivering something. You use them as a punch line!
I have neither the time nor inclination to explain myself to people who rise and sleep under the very blanket of software I provide and then question the manner in which I provide it. I would rather you just said "thank you" and went on your way. Otherwise I suggest you log in to a computer and write some code. Either way, I don't give a damn what you think you're entitled to!"
Product Management: "Did you cut the monthly scheduler feature?"
Development: "I did the job I was hired to do."
Product Management: "Did you cut the monthly scheduler feature?"
Development: "I delivered the release on time."
Product Management: "Did you cut the monthly scheduler feature?"
Development: "You're g%$#@*& right I did!"
Alex Eckelberry
This is why you don’t give in to foreign governments with abysmal human rights records. You just don’t.
Moments later, government agents swarm through the front door -- 10 of them, some in uniform, some not. They take Wang away. They take his computers and disks. They shove an official notice into Yu's hands, tell her to keep quiet, and leave. This is how it's done in China. This is how the internet police grab you
Five years later, Yu, 55, sits in the dining room of a small house in Fairfax and weeps softly. She is a slight woman -- 100 pounds and barely 5 feet tall in slippers. Her eyes betray her exhaustion; but she is determined, too. She carries a thick stack of notes with her, and she has scrawled more on her left hand.
"Yahoo betrayed my husband and deprived him of freedom," Yu says through a translator, her voice trembling. "Yahoo must learn its lesson.”
Link here, much more at BoingBoing.
Yahoo was in an ackward position, where the law of the land required them to turn over the data. But what if you know that turning over this data may result in someone losing their life, or facing years in prison?
I know for a fact that Yahoo people aren’t evil. In fact, it is a group largely made of really good, well-meaning people who are actually sickened by this whole situation. So don’t blame the whole company.
But sometimes, decisions are made by individuals in organizations that result in this type of action. It’s a lesson in organizational ethics: Set the standard, and then lose the damn business, fire the MBA moron who is harping about the opportunity, walk away. Just don’t bother with it.
Alex Eckelberry
OEM OS frustrations, revisited
Many of you wrote in regard to last week's link to an article about the many folks who are having problems getting their promised OEM upgrades to Vista. It seems Dell (the subject of the original article) isn't the only culprit; I also heard from people who had bought computers from Acer, Toshiba and other manufacturers with the upgrade option and have not been able to get their upgrades.
On a different but related note, many of you tell me that now that Vista has been released, many hardware vendors aren't giving you any choice about it. Attempts to buy new computers with XP installed have resulted in many of you being told by Dell, HP, Acer and others that the model you're buying can't be ordered with XP installed.
Vista update released
Although no security patches were released on this month's Patch Tuesday, Microsoft did release an update for Vista that will address compatibility issues with several applications. Several of these are games, but it also improves compatibility with some third party security-related software such as Trend Micro's PC-cillin and AOL's Safety and Security Center. If your Vista machine has automatic updates turned on, you'll get the update automatically. If not, you can download it here.
Windows CardSpace makes identity management easier
If you peruse the Vista Control Panel, you'll run across a brand new applet called Windows CardSpace. If you're like most new Vista users, you won't have any idea what it is. CardSpace is the client piece of Microsoft's information card technology, an "identity selector" that allows users to select from a set of cards holding their personal information to authenticate to certain web sites or services, without having to remember all those user names and passwords. You can read all about it here.
How to add or change a user's picture in XP
You can display a photo next to your name in the list of user accounts on the XP Welcome screen and on the Start menu. Here's how to change the picture:
Another way is to use the scroll wheel on your mouse or trackball. With the cursor on the desktop, press and hold the CTRL key and scroll the wheel to make icons larger or smaller.
IE 7 vulnerability lets phishers attack
A new vulnerability has been discovered in Internet Explorer 7 that could allow phishers to display fake content for trusted sites, without creating a false URL. The exploit takes advantage of the "Navigation Cancelled" page, and it's recommended that you not click any links on that page until there's a fix for the flaw. IE 7 is affected on both XP and Vista. Read more about it here.
Using XP on a computer with a quad core processor.
Is a quad core considered a single processor or as four? Well, good news for quad core fans: Microsoft has specifically defined a "processor" as a single chip that houses a collection of one or more cores. This was first announced in the document titled Multicore Processor Licensing that was published on the Microsoft web site in 2004 in expectation of the release of the first dual core processors. This document explicitly states that "Windows XP Professional can support up to two processors, regardless of the number of cores on the processor."
Troubleshooting startup problems in Windows XP
Can't get XP to start up properly? Unfortunately, there are a number of different possible causes, from corrupted files to hardware problems. You can find a quick guide to help you diagnose and fix the most common startup problems in KB article 308041.
How to set special permissions for files and folders in Windows XP
Special permissions are customizable sets of permissions that you can apply to files and folders stored on an NTFS-formatted partition. If your computer doesn't belong to a domain, you'll need to disable simple file sharing in order to set these permissions. KB article 308419 explains what all the available special permissions are and how to view, set and remove them.
How to use the Bootrec.exe tool to troubleshoot and repair Vista startup issues
If you have problems with the master boot record (MBR), boot sector or boot configuration data store (BCD store) that cause startup problems in Windows Vista, you can use the Bootrec.exe tool in the Windows Recovery Environment to figure out what the problem is and repair it. Find out how in KB article 927392.
Deb Shinder
Well worth reading. Really.
Russian malware authors are finding new ways to steal and profit from data which used to be considered safe from thieves because it was encrypted using SSL/TLS. Originally, this analysis intended to provide insight into the mechanisms used to steal that data, but it became an investigation into the growing trend of malware sold not as a product, but as a service. Eventually it lead to an alarming find and resulted in an active law enforcement investigation.
Link here.
Alex Eckelberry
(Hat tip to Richard Smith)
We’ve had a couple of updates to the Sunbelt Kerio Personal Firewall but they have not been delivered through the auto-update feature. It’s a reminder to check the website for the latest version.
The latest version is 4.3.744. You can get it here.
Alex Eckelberry
This came to me recently: A site threatening to sue us because we scan for their cookies in CounterSpy:
Company: Searchalot, Inc.
Company website: http://www.searchalot.com/ Contact name:
Gerald ODea
Product name affected: http://www.searchalot.com/ Product versions
affected: All Product is detected as: Cookie?
Software can be downloaded here: None
------------------------------------------------------------
Brief description of software:
No software, and our site has absoultely no cookies. Please remove it
from your list or we will need to pursue this further with our law
firm, and you'll be responsible for all of our legal fees.
------------------------------------------------------------
Reason for submission:
to remove the searchalot.com site from your list as having some type
of bad cookie. we set no cookies on the site, so your description is
absoultely incorrect and it causing us to lose users. We will use the
emails from users having a concern about using our site, because of
your software, as evidence of lost revenue, and we will definitely
prevail in court.
------------------------------------------------------------
Code: DEV_SPYWARE
Needless to say, they’re right, they have stopped pushing cookies pushed from that site, so we have taken them off.
But the idea of suing us because we scan for their cookies is just… out there. They need to listen to CookieMonstor disco and relax...
Alex Eckelberry
Last week, I blogged about the practice of buying up negative names as a defensive PR measure.
As a follow-up, I’m posting part of an email I got from a blog reader (who asked to remain anon).
In the year 2000 (no this isn't a Conan O'Brien skit) 2600 Magazine ran an article in their print version about how Verizon (which was a brand new company at the time) was registering about 700 domain names along the same lines. The article included every single domain name the 2600 writers could find. I've been searching 2600 online and can't find that exact article (I'm not sure if they put the print articles on-line or not) but I can find several references to it, and to the 'cyber-squatting' suit Verizon filed against 2600 and Emmanuel Goldstein for registering 'verizonreallysucks.com'. Link.
While searching through 2600 for the right article I came across a PDF of a deposition Eric Corley (aka Emmanuel Goldstein) gave when sued by Ford for registering 'fuckgeneralmotors.com' and pointing it to Ford's website. Link here and here.
In item 24 Eric/Emmanuel describes Carl Rove registering 30 some odd domain names like "bushsucks.com' and Verizon registering 700+ domain names.
In that point he also references a '"Lucentsucks" case'. A quick search of 'lucentsucks' reveals that some jokester registered that domain and put up a porn site. Lucent sued but the case was dismissed due to Lucent's failure to comply with the Anti-cybersquatting provisions. Which is a bit off topic... but perhaps is part of the rationale behind mass domain registration.
So as my loyal reader points out, there’s other people doing this and it’s been going on for some time [apparently at least since 1998 (Earthweb) but possibly earlier].
Any other examples out there you know of? Feel free to comment.
Alex Eckelberry
Recently, I wrote about the massive amount of crap comment spam pages in Live Italy, directing users to potential malware sites.
Fellow blogger Didier Stevens pointed out something really interesting to me: He did an analysis last fall on how many people actually click on these sites. How? He used the infamous AOL data, a veritable fount of fascinating information for researchers.
And he found that about 1% of AOL users were landing on these sites. Link here, with another related story here.
So…multiply 1% against the universe of computer users… that’s a lot of people hitting illegitimate sites (these sites may be pushing snake oil, cell phones — whatever — or malware).
Alex Eckelberry
Last week, I ran across this article from the Associated Press about how the anonymity (or perception of same) that we have on the Internet leads some people to say and do things they would never say or do in their "real life" relationships.
It's a phenomenon I’ve discussed here before, but some of the responses to last week's blog post (which I'll quote - at least those that are fit for a family forum) brought that fact home again. Some people get downright mean when they're communicating electronically, and it's hard to believe that all of them act that way in their offline lives.
Now, this is by no means a universal thing. It seems as if being online often has an effect similar to imbibing alcohol. You know how some folks, when they drink, still act pretty much the way they do when they're sober but a little more relaxed, while others get all happy and funny and still others turn vicious? Likewise, people are affected differently by the act of slipping into an online persona.
For instance, there's a person I had known in the "real world" for many years and had never been at all close to. I found her loud and abrupt and often rude, avoided her socially whenever possible but stayed connected to her because of other mutual relationships. Then we found ourselves exchanging email - and the person she became in her written messages was like someone entirely different. The negatively I had come to expect from her in response to everything I said was gone. Her messages were polite and friendly and thoughtful, and for the first time, we become friends of a sort.
But I've seen the opposite happen too many times, watching in amazement as someone I had always liked turned into an online monster, flaming people left and right, using language I'd never heard them speak, taking offense at the slightest disagreement.
When I write on a controversial subject, I expect to get lots of replies from those who disagree with my opinions. And after many years at this, I expect that a certain number of those won't be very nice about it. In fact, I know a lot of writers - and their publishers - who feel the more heated the responses, the better; it always means a higher hit count and for every reader who says "I'm unsubscribing because I think you're an idiot," three more start reading because after all, it's human nature to crave a little spice now and then, both in our food and in our discussions.
In fact, quite a few media personalities of all political persuasions have built multi-million dollar careers by ranting and raving on every topic. Those who have become household names get lots of hate mail, but their books keep selling, their radio and TV shows keep getting top ratings, and the money keeps pouring in.
When they're espousing ideas we don't like, we think of them as hotheads. When their philosophies and ideologies match our own, we tend to see them as brave souls who "tell it like it is." Abe Lincoln said you can't please all the people all the time, but pleasing half the people and making the other half mad as heck seems to be a formula that works very well for those with thick skins and a penchant for fame and fortune.
Maybe one reason for the popularity of extremists is the very fact that most people don't dare express themselves that strongly in their own everyday lives. Expressing every negative thought that crosses your mind tends to have a less than positive impact on career growth, marital happiness, budding friendships and other real life circumstances that are important to most of us. So traditionally, we've let the professional ranters speak for us.
The Internet has made it easier for ordinary folks to let their hair down and pull out all the stops and express all those secret, nasty feelings themselves. The phenomenon of "flaming" - launching personal attacks on others out of proportion to whatever the flamer is responding to - first gained a foothold in newsgroups and mailing lists. It's carried over to blogs, where you don't even have to give your opponents the opportunity to respond if you don't want to. And on the 'Net, you can say mean things without risking your reputation by using a "screen name" that gives no clue to your real identity.
But has the Internet really made people meaner and less civilized? There have always been times and places where people say cruel things (listen in to any group of teenagers discussing those outside their clique). Some people just aren't very nice, in general. And some people who generally are nice get carried away with their emotions when they feel very passionately about a subject. I'm not so sure that, deep down, people are any meaner today than they were a few decades or centuries ago (after all, they often gunned one another down in the streets in the Old West, and look at all the beheadings and such in Medieval times). But the 'Net has made it easier to do your dirty work more anonymously and to spread it to a wider audience.
What do you think? Are you surprised at the nastiness that sometimes comes out in online discussions? Do you say things in email that you wouldn't say in person, or do you know others who seem to turn into a different person when communicating online? Do you think the Internet is causing us to become less civilized?
Deb Shinder
We’ve had a couple of updates to the Sunbelt Kerio Personal Firewall but they have not been delivered through the auto-update feature. It’s a reminder to check the website for the latest version.
The latest version is 4.3.744. You can get it here.
Alex Eckelberry
This came to me recently: A site threatening to sue us because we scan for their cookies in CounterSpy:
Company: Searchalot, Inc.
Company website: http://www.searchalot.com/ Contact name:
Gerald ODea
Product name affected: http://www.searchalot.com/ Product versions
affected: All Product is detected as: Cookie?
Software can be downloaded here: None
------------------------------------------------------------
Brief description of software:
No software, and our site has absoultely no cookies. Please remove it
from your list or we will need to pursue this further with our law
firm, and you'll be responsible for all of our legal fees.
------------------------------------------------------------
Reason for submission:
to remove the searchalot.com site from your list as having some type
of bad cookie. we set no cookies on the site, so your description is
absoultely incorrect and it causing us to lose users. We will use the
emails from users having a concern about using our site, because of
your software, as evidence of lost revenue, and we will definitely
prevail in court.
------------------------------------------------------------
Code: DEV_SPYWARE
Needless to say, they’re right, they have stopped pushing cookies pushed from that site, so we have taken them off.
But the idea of suing us because we scan for their cookies is just… out there. They need to listen to CookieMonstor disco and relax...
Alex Eckelberry
Last week, I blogged about the practice of buying up negative names as a defensive PR measure.
As a follow-up, I’m posting part of an email I got from a blog reader (who asked to remain anon).
In the year 2000 (no this isn't a Conan O'Brien skit) 2600 Magazine ran an article in their print version about how Verizon (which was a brand new company at the time) was registering about 700 domain names along the same lines. The article included every single domain name the 2600 writers could find. I've been searching 2600 online and can't find that exact article (I'm not sure if they put the print articles on-line or not) but I can find several references to it, and to the 'cyber-squatting' suit Verizon filed against 2600 and Emmanuel Goldstein for registering 'verizonreallysucks.com'. Link.
While searching through 2600 for the right article I came across a PDF of a deposition Eric Corley (aka Emmanuel Goldstein) gave when sued by Ford for registering 'fuckgeneralmotors.com' and pointing it to Ford's website. Link here and here.
In item 24 Eric/Emmanuel describes Carl Rove registering 30 some odd domain names like "bushsucks.com' and Verizon registering 700+ domain names.
In that point he also references a '"Lucentsucks" case'. A quick search of 'lucentsucks' reveals that some jokester registered that domain and put up a porn site. Lucent sued but the case was dismissed due to Lucent's failure to comply with the Anti-cybersquatting provisions. Which is a bit off topic... but perhaps is part of the rationale behind mass domain registration.
So as my loyal reader points out, there’s other people doing this and it’s been going on for some time [apparently at least since 1998 (Earthweb) but possibly earlier].
Any other examples out there you know of? Feel free to comment.
Alex Eckelberry
Recently, I wrote about the massive amount of crap comment spam pages in Live Italy, directing users to potential malware sites.
Fellow blogger Didier Stevens pointed out something really interesting to me: He did an analysis last fall on how many people actually click on these sites. How? He used the infamous AOL data, a veritable fount of fascinating information for researchers.
And he found that about 1% of AOL users were landing on these sites. Link here, with another related story here.
So…multiply 1% against the universe of computer users… that’s a lot of people hitting illegitimate sites (these sites may be pushing snake oil, cell phones — whatever — or malware).
Alex Eckelberry
