The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
An article I wrote for Virus Bulletin back in November about using search engines for malware research (and vulnerability assessment) is now available online. You just need to go through the free registration (well worth it, as Virus Bulletin is an outstanding resource).
Link here.
Alex Eckelberry
Follow-up to my earlier posts today about fake sites spoofing legitimate ones, Vladzone, the malware gang behind lots of pain, has more treats in store for us. There is another fake site on the same netblock, but with a different IP. Further research and we have six more fake sites to add to the list:
Exe-prod com — Impersonates the FCC
Fulldvd org — Impersonates DVDTown
Pclem com — Impersonates the Lunar and Planetary Institute
Phpbbscript com — Impersonates FeedForAll
Planetbudtron net — Impersonates the Sharper Image.
Queenshussars com – Impersonates Kings College London
Alex Eckelberry
(Thanks to sharp-eyed Xavier for this latest catch, as well as MJ and Adam Thomas)
It’s been a problem over at Google Groups. Now Google Pages is undergoing an attack by spammers.
No direct malware links (but that can change in an instant), primarily redirects to sites used in spam.
Example, showing results added in the past 24 hours:
The URLs have a particular look to them. Examples:
b2006e.e52bb.googlepages com
te09d0.e2ee.googlepages com
I hope Google can tweak their algorithms rapidly to fix this.
Alex Eckelberry
(Thanks and credit to Jim Murray)
As a follow-up to my post earlier today about a fake CastleCops page, there’s more to the story.
There are other domains sharing the same IP (207.226.177.250):
pepato org
slim-cash com
spyware-wiper com
Cpaypal com
Crazycounter net
All are copying legitimate sites.
Pepato is loading a fake dvdplanet.com page:
Slim-cash is spoofing Allposters.com:
Spyware-wiper spoofs pcworld.com
CrazyCounter copies the European Space Agency:
And Cpaypal copies AboutPayPal.org.
These domains belong to the “Vladzone” malware gang. A while back, we believe that they were responsible for DDoS attacks against webhelper4u.net (Patrick Jordan, who works for Sunbelt) and spamhuntress.com — and maybe a few others. I would not visit these sites…
Alex Eckelberry
(Thanks, Adam)
mezzicodec(dot)net masquerades as the legitimate CastleCops site.
The site is mirroring, in near real-time, CastleCops. It seems to be primarily used for SEO purposes and possibly to steal valid user accounts, but could serve malware or exploits. Avoid this site.
Alex Eckelberry
(thanks MJ)
So now Microsoft is going to pay for results. This is the kind of strategy I would figure coming out of Ask.com (or the old iWon). Not from Microsoft. And it won’t work in the long run. People search to find things. If they’re not finding what they want on a search engine, they won’t use it. And they won’t care about freebies and cash.
I started using Google back in 1998 because it was much better than Altavista (which was the best at the time). And I went to Altavista because it was better than Yahoo.
I’ve stuck with Google ever since. It’s quite simply the best search engine available.
When someone comes up with a better search engine than Google, I’ll certainly look at switching. And I’ll know, because word gets around to people like me when something is better. It spreads like wildfire throughout a technical community.
Microsoft’s problem has nothing to do with its marketing, giving cash back, or what have you. They are in a real quandary: This is one area where gobs of technical leadership is required.
Microsoft is a superbly run company, with many brilliant engineers. Now, I feel bad saying this next thing, because I have a lot of close friends at Microsoft (and I also have a lot of ex-Microsofters working here). But I would respectfully question if the company is internally wired to be a real technology leader. The business side has relied on the OS and low pricing (e.g. free) to push adoption in the past. Their products have always been decent, but rarely revolutionary. Only evolutionary. Now, the chickens have come to roost, because Microsoft is faced with one area where they are simply not innovating as fast as the compettition, and they won’t win unless they do. And they are worried (rightfully) because Google’s SaaS offerings are going to blow them out of the water if they don’t get their online strategy worked out.
Yahoo faces a similar problem. I downloaded some thing from Yahoo the other day for my Blackberry. It was crap. Slow, piggish, and difficult to use. In my eyes, the merger of the two companies would have been similar to what’s currently being proposed with Blockbuster and Circuit City: The flawed business logic that “two wrongs make a right”. Ballmer was right to back out.
Anyway, let’s compare a couple of search results.
Here’s a search for “Hospitals in Spokane, Washington” in Live:
Here’s that same search in Google, arguably better:
How about something more practical: I’ve arrived in Clearwater, Florida, and want to find a place to eat. I input, into my Blackberry, “places to eat in clearwater, florida”.
With Live, I get the first hit being an appliance repair company:
Oh, wait! It’s a sponsored link. But I can’t tell unless I look closely, because apparently Microsoft is trying to get more click-throughs for advertisers by making it impossible to tell if something is real or sponsored. That’s BS and backfires when people are actually trying to find something.
With Google, of course, I get something relevant right off the bat:
The difference is that Google’s first priority is making a good search experience (incidentally, the purpose of a search engine), and then advertisers. And to top it all off, Google implements beautifully on the future platform, mobile devices.
Oh, and while we’re at it, look at the difference between a search for my product, CounterSpy, between Google and Live. Do you think I’m happy about that? More importantly, do you think the customer is well served?
Now, I don’t want to be completely unfair. First, I’m not a heavy Live user. And Live is not that bad (for some searches, you may even prefer it). Plus, Live maps has some nice features (incidentally, it seems to locate some addresses that Google simply can’t — work to be done there, Google). But if I were Ballmer, I would do whatever I could to make Live the best product against Google. And skip the cash gimmicks. It will only buy a temporary bump, but won’t affect a long-term secular trend.
Alex Eckelberry
So why not send spam that links to recognized social networks, that can then act as free hosting (accomplish all the objectives above)?
That’s exactly what’s happening.
Here are some examples from a recent spam:
Administrators who run these sites do need to stay on top of this kind of junk, because it affects the entire internet community.
Alex Eckelberry
(Thanks Adam)
Excellent writeup over at Schneier.
We leave data everywhere we go. It’s not just our bank accounts and stock portfolios, or our itemized bills, listing every credit card purchase and telephone call we make. It’s automatic road-toll collection systems, supermarket affinity cards, ATMs and so on.
It’s also our lives. Our love letters and friendly chat. Our personal e-mails and SMS messages. Our business plans, strategies and offhand conversations. Our political leanings and positions. And this is just the data we interact with. We all have shadow selves living in the data banks of hundreds of corporations’ information brokers — information about us that is both surprisingly personal and uncannily complete — except for the errors that you can neither see nor correct.
What happens to our data happens to ourselves.
This shadow self doesn’t just sit there: It’s constantly touched. It’s examined and judged. When we apply for a bank loan, it’s our data that determines whether or not we get it. When we try to board an airplane, it’s our data that determines how thoroughly we get searched — or whether we get to board at all. If the government wants to investigate us, they’re more likely to go through our data than they are to search our homes; for a lot of that data, they don’t even need a warrant.
Who controls our data controls our lives.
It’s true. Whoever controls our data can decide whether we can get a bank loan, on an airplane or into a country. Or what sort of discount we get from a merchant, or even how we’re treated by customer support. A potential employer can, illegally in the U.S., examine our medical data and decide whether or not to offer us a job. The police can mine our data and decide whether or not we’re a terrorist risk. If a criminal can get hold of enough of our data, he can open credit cards in our names, siphon money out of our investment accounts, even sell our property. Identity theft is the ultimate proof that control of our data means control of our life.
We need to take back our data.
Highly recommended reading. Link here.
Alex Eckelberry
(Thanks Eric)
Over at ZDNet UK. Annoying software: a rogues’ gallery.
I really, really dislike this show. Unfortunately, in a household with two daughters and a wife who practically worship it, I can’t escape it.
However, one has to give Apple kudos for working on a very smart marketing campaign with the promoters.
Go to http://www.sexandthecitymovie.com/macbook/, enter an email address, and “use” Carrie’s Macbook.
Now, one can’t really imagine “using Carrie’s Vista machine” (which is at the heart of Microsoft’s problem of not being perceived as hip). But what about if we all broke with the Great Unwashed Hipsters, and tried “using Carrie’s Ubuntu box”?
No, because it doesn’t come in pink.
Dear Lord.
Alex Eckelbery
Ok, I’m a fan of Estonia. The president of that small country was recently here in Tampa, and while I didn’t get to see him talk, I was impressed with what I heard of the country.
Of course, there’s the extraordinary flat tax system (which actually goes down every year). I can only envy it from afar…
And, the country runs like a well-oiled machine compared to other democracies. The country is heavily online, with about 95% of all government activities done through the Internet. There’s no luddite Series of Tubes nonsense going on over there. These people are very hip to the Internets and The Google.
There’s a darker side: About a year ago, the country was nearly brought to its knees by a massive cyberwar. They fought back successfully, and the result is that the country is to become the center of a seven nation NATO cyberdefense center. I can’t think of a more perfect location, frankly.
So on that note, friend and colleague Gadi Evron wrote a detailed analysis of what happened last April. Recommended reading, and you can find it here.
Go Estonia.
Alex Eckelberry
Update: Counterpoint/debate here.
If you’re wondering why your next book purchase is clogged with pamphlets from local businesses, you can thank real estate marketer Carl White.
Here, whispering conspiratorially, he shows how to sneak into a book store aisle and insert personalized business cards into books.
(Direct link if you’re having problems accessing the video, here.)
The idea of angst-ridden real estate salespeople furtively inserting their business cards into real estate books… well, I admit, the image is funny (and sad), even if it is obnoxious as hell.
Alex Eckelberry
Spam keeps changing. I thought I’d anecdotally highlight some recent trends we’re seeing in spam:
– Fake university degree offers appear to be way up.
– A new type of spam which pushes affiliate links. The look is always the same — green link text, simple headline.
This one pushes AdultFriendFinder:
This one pushes an adult site, again apparently using an affiliate ID.
– Malware-pushing spam is still pandemic. Various interesting subject lines, and even resorting to outright begging:
And so on…
– The plague of “me”: Another very popular spam going around these days is an email with an attachment (usually about 40k–50k in size), featuring a picture of this girl:
The spammers don’t put any extension on the file, which is named “me”. However, it is a jpeg format file.
(This is just a baiting tactic to lure the recipient into a scam.)
Otherwise, for the most part, it’s still the same old fake luxury goods and “Cialis/Viagra/cheap meds” garbage, along with the usual extraordinary amount of spam promising the enlargement of a particular male body part.
Alex Eckelberry
According to press reports, Microsoft wants to buy just the search portion of Yahoo. Joe Wilcox rightly points this idea out as being a “lobotomy”.
I admit to being bewildered by this idea on a number of points. First, how exactly do you separate Yahoo search from the rest of Yahoo’s holdings? Secondly, how does Microsoft integrate Yahoo with Live?
I was also uncomfortable with Microsoft’s first bid to buy Yahoo, seeing that Microsoft would have to go into a fairly staggering amount of debt (for the first time in its history) to make the acquisition.
It’s not that I really care what either company does, but it always bugs me when something doesn’t make sense. Maybe I’m just not getting the whole picture. Anyone smarter than me want to ‘splain it?
Alex Eckelberry
Path Intelligence (featured last December in TechCrunch) makes a technology that monitors cell phone use to develop traffic patterns for malls. Basically, they install a few boxes in a mall, and then the mall owner can track cell phones by signal triangulation as shoppers walk through the mall.
The ostensible use is to to view traffic patterns. The company has been around for a couple of years and is now starting to get traction in the UK, with two malls using it, and three more on the way in the coming months.
They track by IMEI code, which is theoretically anonymous (except that one can match an IMEI code to a person’s real identity through the subscriber’s phone company, an area where there is still some legal fuzziness from a law enforcement perspective).
Here’s an example UI screen:
You can watch a demo of the technology in action at the company’s website, here.
The Times recently wrote about the technology, quoting the UK Government as having given “cautious approval” of this technology:
The Information Commissioner’s Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset’s IMEI code – a unique number given to every device so that the network can recognise it.
But an ICO spokesman said, “we would be very worried if this technology was used in connection with other systems that contain personal information, if the intention was to provide more detailed profiles about identifiable individuals and their shopping habits.”
Your thoughts?
Alex Eckelberry
(Hat tip)
Fake codecs typically push for a special “Active X” or “Codec” install.
Here’s one trying to tell the user they are missing Flash. Notice how convincing it is:
What’s actually pushed is the trojan MediaTubeCodec.
(In case you’re wondering, Flash is certainly installed on that system.)
Alex Eckelberry
(Thanks, Patrick Jordan)
Word is going around that Zango might be in bed with the distributors of Storm. I have a great deal of respect for the people behind this speculation. However, I would offer a cautionary note.
After years of tracking Zango/180, etc., we have a really hard time believing that Zango would knowingly work with distributors of Storm. While there’s no love between us, they’re not complete idiots, and they know that if they got caught they’d be in serious trouble with the FTC.
I hope to get more up on this issue later today, time permitting.
Alex
Update: The Trend blog post has since been modified to reflect a more cautious tone.
Mildly interesting (albeit fairly basic) 10-minute presentation by Matt Cutts of Google on blackhat SEO, splogging, etc.
(If you’re having trouble seeing the embedded image, the direct link is here.)
More here at Matt’s blog.
Alex Eckelberry
