The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
Yesterday, we blogged about a “vaporware trojan” which tells people they’re “infected”, collects money for a “solution” and doesn’t actually deliver anything (except a popup that tells the user they’re protected).
It should be noted that this trojan is using graphics from the legitimate folks over at VirusFighter — which in itself is disgraceful. However, we certainly want to make sure people know that the folks at VirusFighter are NOT associated with this trojan.
Alex Eckelberry
Remember F*cked company? Well, there’s a new website out that’s vaguely similar, but only now, for the current mortgage crisis — the Mortgage Lender Impode-o-Meter. Plus a bonus — the Hedge Fund Impode-O-Meter.
Alex Eckelberry
(Thanks, Paul)
Ok, look at this list. It’s TRUSTe’s list of certified “Trusted Download” applications.
Putting aside how you might feel about some of these apps being listed as “Trusted Downloads”, here’s the Big Question of the Day:
Smart Shopper shows up on TRUSTe’s website here as being a Trusted Download.
But it’s not on the list above.
Must be a simple mistake, right?
Well…no.
Ben Edelman contacted TRUSTe, curious.
The answer he got back is, frankly, baffling:
SmartShopper is certified by our Trusted Download Program and Web Privacy Seal Program as indicated on the validation page. In certain very rare exception cases,
TRUSTe may allow a company to not appear in our TDP whitelist even though they are certified by us.
Something smells rotten in Denmark.
Why wouldn’t SmartShopper want to appear on the list of Trusted Downloads? And how many other “very rare exceptions” are there?
This is a bit unnerving. It shows that in at least one instance, TRUSTe has chosen not to broadly publish the fact that an application has been certified as trusted. So, the list on their website is not complete.
A consumer “watchdog” organization like TRUSTe will only survive and gain respect if it consistently shows a policy of full and open disclosure and transparency.
Alex Eckelberry
Update 9/7: This response was received by Ben Edelman from TRUSTe:
“This is the only exception we have made. TRUSTe evaluated the request and approved the exception for the Beta period. SmartShopper is subject to the same disclosure and monitoring requirements as any other certified TDP application.
“During the Beta period, we are still evaluating what types of information will be listed on the TRUSTe whitelist and how we will present the information on our site. In preparation to roll out the full version of the program in 2008, we are seeking public comment during this beta phase and appreciate and welcome your input.”
Sunbelt researchers have discovered a bizarre Trojan.
It tries to scare you into buying a security application to handle a non-existent “infection”. Ok, nothing odd there — that’s standard rogue antispyware behavior.
But what’s bizarre is that it collects your payment, and never actually gives you an application. Instead, you get a popup that says “you’re protected”.
We call it the vaporware Trojan. But today, we are rolling out detections for it as Trojan.VirusFighter.
(It’s worth noting that the credit card number and other data are transmitted in clear text to a server in Germany.)
And that’s it — only a popup that tells you you’re protected. Nothing more.
Alex Eckelberry
Update: We want to make sure everyone understands that this trojan is not associated with the legitimate folks over at VirusFighter.
I’ve written about how our post-9/11 security policies have affected the travel industry. But is it affecting legal immigration?
Despite internment camps during World War II, decades of stereotyping and even lynchings, my grandfather’s generation never lost its belief that America was the greatest place on Earth.
Their zeal was inspired by Philip Mazzei, an olive grower from Tuscany who immigrated to 18th-century Virginia. Mazzei became friends with Thomas Jefferson and, as the story goes, helped the Founding Father construct the passage “all men are created equal.”
Today, as Davide Tidona tells it, that conviction in the Declaration of Independence vanished in the fear-mongering aftermath of Sept. 11.
“It just seems that America is now against everybody who isn’t already an American,” says Tidona, proprietor of the Ibl@Cafe in the village of Ragusa Ibla.
Link here.
Alex Eckelberry
Yesterday, researchers at Sunbelt discovered a minor XSS issue in McAfee’s SiteAdvisor. It lasted all of about 30 minutes and was rapidly and deftly handled by the SiteAdvisor team. In my eyes, the speed and responsiveness of the handling was a real credit to their organization and we were impressed.
We threw up a quick blog post on it and moved on. The post was only intended in the spirit of a bit of fun — we knew the issue was extremely minor and that the SiteAdvisor team was already handling it.
Regrettably, our little post apparently generated quite a bit of upset by some of our friends at McAfee — and for that, I apologize. We work closely with other security companies, including McAfee, on a broad range of security issues, and it’s not our intention to create rancor with other companies. Rest assured that Sunbelt deals with any major security issues under industry standard responsible disclosure guidelines. So to our friends at McAfee — we apologize. Drinks at VirusBulletin are on us (and I may really regret that offer…).
Alex Eckelberry
What caused the WGA goof-up
Last week, computer users experienced problems in trying to validate and activate their Vista systems with the Microsoft Windows Genuine Advantage (WGA) system, a situation that lasted for about 20 hours. Now it appears the culprit has been found: preproduction code that was installed on production servers. It’s fixed now, but not before frustrating many users. Read more here.
How to find out what programs on your computer are connecting to the Internet
Wondering if there’s a spyware program on your computer that’s surreptitiously sending information over the Internet? Want to know which of your legit programs are “calling home?” There’s a command line utility that will help you find out, and it works in both XP and Vista.
This displays a list of running programs, the protocol being used by each to connect to the Internet, and the IP address and port being used. You might be surprised to see, for instance, that PowerPoint is connected to the Internet – but it will be if you use the online Help function, search for clip art, etc.
Where, oh where are our Windows Home Servers?
Microsoft’s new Windows Home Server operating system was released to manufacturing way back in July, but we still haven’t seen any hit the retail shelves yet. What’s going on? Well, according to the official Home Server blog they’ve discovered ways to make it “even better,” and that accounts for the delays. WHS boxes are expected to be available in early September. Ummm, it’s early September now, guys.
Vista Service Pack 1 beta coming soon; expected to be a big one
SP1 for Vista is eagerly anticipated by many, including those users who have been waiting for it before they upgrade their operating systems. The service pack is in beta testing now and will go to 10-15,000 beta testers in September. One thing you can look forward to is a big file: about a gigabyte. Although that may not seem like much when today’s hard disks can easily hold 500 to 750 GB for a reasonable price, to put it in perspective consider that the entire Windows XP installation pack was less than 1 GB in size. Link here.
Chicago abandons plan for city-wide wi-fi
Just a few weeks after our editorial questioning the feasibility and appropriateness of spending taxpayer money to fund city-wide wireless networks, Chicago officials have announced that they’ve shelved their plans for 228 square mile wi-fi coverage due to the high cost. It appears they are, however, building a WiMax network there. Read more here.
New Yahoo Mail goes live at last
Yahoo has been beta testing its new mail software for almost two years, but it’s finally going live and several pundits, including Walter Mossberg (technology writer for the Wall Street Journal) say it outdoes its top two competitors, Hotmail and Gmail. It has built-in IM and even lets you send text messages to cell phones. It also offers unlimited free storage for email and attachments (Gmail limits you to 2.9 GB and Hotmail has just increased their limit to 5 GB). The new version of Yahoo Mail is rolling out in the next few weeks. If you use Safari or other incompatible browsers, you can continue to use the old (“Classic”) version.
Windows SideShow gives your laptop the “wow” factor
One of the coolest new features in Vista unfortunately isn’t supported by most of the hardware on which the OS is running today. That’s Windows SideShow, which allows a secondary display device on the outside of laptop computers to retrieve information from the computer and display it even if the computer is closed, asleep or turned off. For example, this small outer display could display email messages or web information through the use of gadgets, the same small applets that run in the Vista Sidebar.
Although laptops are the most common usage of the technology, it can also run on remote controls, keyboards, mobile phones and other hardware devices. Now if only we can get more hardware available that supports this. Meanwhile, you can read more about it here.
Cell Phone Security
My son recently lost his cell phone, and I had a few moments of sheer terror. I’ve read horror stories about lost or stolen phones resulting in five digit phone bills. I immediately called Verizon to have them suspend the account. We got lucky; it had dropped out of his backpack into the seat of a rental car and the car agency found my number in his speed dial settings and called the next day to tell me they’d found it. Verizon turned it back on (after I satisfactorily identified myself to them) and all was well again.
But many people who carry cell phones everywhere they go don’t realize the consequences if those phones fall into the wrong hands. This article recounts some real life experiences and offers tips on how to protect yourself.
What’s the best way to deploy redundant Internet connections?
QUESTION: I have been thinking seriously for the last couple of months, after my service went down for a morning, about getting redundant connectivity in the form of DSL. I currently have the very high speed version of Time-Warner’s Roadrunner. For the price of [approximately] $30 to $40 month more I can get DSL. My questions are:
ANSWER: Having two Internet connections from different providers is the best protection against being left without a connection – and with the right equipment, you can aggregate the connections into one faster connection when both are working.
The key is a router with dual WAN (wide area networking) links. That means two (or more) WAN ports to which you can connect your cable and DSL modems. The SonicWall TZ 170 is one of the best, but it’s pricey and may have more features than you need (or want to pay for). It’s around $500. The Xincom Twin WAN Router is available for around $200 and provides load balancing and backup. You can get it from Amazon here. D-Link and Linksys also make dual WAN routers.
Memory leak causes XP to lock up
If you have a program using Windows Management Instrumentation (WMI) running on your XP computer, you might get lock ups (unresponsiveness) because of a memory leak that occurs when the RPC cache gets too big. There is a hotfix for the problem, but you’ll need to submit a request to Microsoft Online Customer Services to get it. To find out more, see KB article 890196.
Safely Remove Hardware doesn’t work in Vista
Sometimes when you click the Safely Remove Hardware icon in the Vista system tray (notification area), the device may not be removed properly because of a timing issue that prevents the system from being able to find the information it needs about the device. SP1 is expected to fix this, but if you’re being severely affected and don’t want to wait, you can get an individual hotfix by submitting a request to Microsoft Online Customer Services. See KB article 91619.
Deb Shinder
Seems as if everybody who’s anybody has his/her own domain these days. A recent Associated Press article reprinted in many newspapers and online venues recounts how the latest trend is for parents to reserve domain names for their babies soon after they’re born – or even before – to ensure that the name won’t be snatched up before the child is old enough to want it.
One report stated that Angelina Jolie had reserved several variations of domain names for her new daughter within hours of the birth.
That might seem a little extreme, but if you happen to become well known, owning the domain named after you can become important. Those of us with fairly distinctive names usually don’t have much trouble getting the domain we want (I didn’t have to compete with anyone else for www.debshinder.com), but what if your name is John Jones or Mary Smith? Things might get a tad more complicated.
For celebrities, the issue can be even more perplexing. In a number of cases, fans have registered the names of famous folks as domains before the owner of the name got around to it. Many of these are fan sites, but what if the person who snags your domain namesake doesn’t like you and uses the site to post derogatory information about you?
Then there are the “cybersquatters” who buy up domain names with no intention of actually putting up web sites, but with the hope that those who do want sites with those names will pay dearly for them. Some people have made substantial amounts of money reselling domain names in this manner. Opponents of the practice accuse them of holding the names hostage. The squatters argue that they are just legally buying something that’s up for sale and then legally selling what they own to someone else – the same thing any retailer does. It can be a lucrative business. Business.com sold for somewhere between $7 million and $8 million, depending on which report you read, and sex.com is reported to have gone for 11 million euros, which translates to almost 15 million U.S. dollars.
Popular names are sometimes put up for auction. Last January, names such as hillaryrodhamclinton.mobi and duncanhunterforpresident.us were announced as available for public auction.
Not surprisingly, there have been many lawsuits filed over the ownership of domain names, especially in cases where the name is a trademark, as in the case of most celebrities. The World Intellectual Property Organization (WIPO) runs a domain name dispute resolution service that deals with many of these cases. According to their web site, they’ve handled 1425 cases in 2007 through the end of August.
Their policy labels registration of a domain name as being “in bad faith” if it’s done primarily for the purpose of selling or renting it to the owner of a trademark or to a competitor of the owner, if you do it to disrupt the business of your competitor or if you use it to defraud web site visitors by making them think the site belongs to or is endorsed by the trademark owner.
How important is it to have your own domain, anyway? Your mom will probably be just as impressed by your web site at www.earthlink.com/bobsmith as she would be by www.bobsmith.com, but in certain fields – especially the tech biz and the entertainment industry, owning a “real” domain is expected. And with registration as low as $6.99/year, it’s within the financial reach of almost anyone (of course, in order to make use of your registered name, you might need to pay a web hosting company or have a business-class Internet connection that allows you to host your own web server, or you may get free web hosting with your consumer-level Internet connection).
What about you? Do you have your own domain? If not, what’s stopping you? Is your name already taken? Don’t want a web site? Have a web site but see no need for your own domain? Should people be allowed to register domain names that are the names of other people? Should famous people be able to “take back” their domain names without paying? Or should domain names be registered strictly on a first come, first served basis and resold at whatever the market will bear? Would you reserve a domain name for your child, or is that just silly? Do you have more respect for a business person, author, or entertainer who has his/her own domain or does it not matter at all?
Deb Shinder
Go to http://www.siteadvisor.com/lookup/ and enter the following:
Alex Eckelberry
(Thanks to Sunbelt researcher Francesco)
Update: My compliments to my colleagues at McAfee. They fixed this xss bug with alacrity — literally in minutes. Well done — very impressive. (And apologies for my little bit of mischief.)
Its back online. ComputerWorld writes about it:
As a result of the breach, persons coming to the bank’s site were likely to be temporarily redirected to another site where Trojans and other malware were downloaded onto their computers, the employee said. The user was then brought back to the bank’s site.
Well, not exactly. If you weren’t fully patched, your machine was basically hosed with crap while you were happily viewing the site.
The bank’s IT staff thought they had the situation under control Friday morning, until they found that each time they changed the index page for the site, it was immediately replaced by the hackers. The bank then decided to bring the site down.
“The Web site was hosted externally by a hosting company in the U.S.,” the employee said. The bank has since changed the company hosting the service, though the employee clarified that the change in hosting provider had been on the cards even before the hacker attack.
Ok, that might have had something to do with it…
The attack on the Web site did not affect the bank’s online banking operations, according to the employee. The bank’s customers access online banking services through a link on the home page of the bank’s site. The online banking service is provided to users from well-protected servers hosted and monitored within the bank by Hewlett-Packard Co., the employee said.
Well, this perhaps needs clarification. If someone visited the home page of the site, and they were vulnerable, they got infected — and it has nothing to do with whether the servers were protected from HP or anyone else. It’s true that this was not a hack of the bank itself, but we did find at least one data-stealing trojan that someone could have gotten just viewing the site’s homepage.
The bank is as yet not clear about the identity of the hackers, although Sunbelt suggested in its blog that it was a criminal gang, called the Russian Business Network (RBN). “We have called for the logs from the hosting provider in the U.S., and we may have some definite information then,” the employee said.
No, it was RBN.
And from the Height of Irony Department, this article from back in January extols the security initiatives of the Bank of India.
I’m not picking on the Bank of India. This kind of stuff is all too common, and it simply highlights the fact that anyone who has a presence on the web is responsible for insuring that their site is clean and safe for visitors — and especially when you have people like RBN out there, just looking for any vulnerability to use to infect users.
As a final note, credit (long overdue) for the discovery of this hack last week goes to Adam Thomas, in Sunbelt’s malware research team.
Alex Eckelberry
