Reminder: it’s Monster Patch Day from Microsoft…

Patches include five Windows update, one for Microsoft Office, one for MS Messenger, and one for Microsoft Exchange.

An updated version of the malicious software removal tool will also be released, along with a couple of non-security related updates for Windows. On Wednesday, April 13th, there will be a Webcast discussing the technical details of the April security bulletins. You can get more info here.

Home users, you can let Windows AutoUpdate do the trick or go to Windows Update for operating system updates, and Office Update to update Office. Note that even if you do AutoUpdate, you might want to manually check Windows Update later to see if there’s anything AutoUpdate didn’t download automatically.

And as I’ve blogged about earlier, everyone should look at updating to Windows Media Player 10, which is available on the Microsoft site.

Alex Eckelberry

Cool google map hacks

Ok, this is completely off the topic of security, but Google maps is just too cool.

Some great hacks are available:

Mygmaps

Sourceforge hacks

Another google mapping site.

Flickr photo sharing with Google maps.

Real estate project

Thanks to Jeff Nolan’s excellent tech blog for bringing these to my attention.

And then there’s Mapping Google News, a different take on Google and maps.

Alex Eckelberry

Pew survey on spam

Pew has released a “Data Memo” on CAN SPAM a year later.

No surprises, it’s well known in the industry that CAN SPAM is a complete joke.

Basically, Pew says:

-Spam is up (no surprise), despite AOL’s pronouncement in December that it was down.

-People don’t care about it as much.

-Porn emails have dropped.

-Phishing is up.

Really, no surprises, but worth a glance through the Pew document.

Alex Eckelberry

Web bugs in Acrobat?

Web bugs are little graphic “bugs” that are usually used in email. Some newsletter publishers use these to track who opens up their newsletters. Spammers also use them to see if they have a “live body”.

Web bugs get activated if you view an email, even in Outlook’s preview pane. That’s why Outlook 2003 has the ability to not download graphics (which is why newsletters and such can come through looking all broken-up).

Now this blog entry from beSpecific mentions an article by lwn.net that Acrobat 7 can be used for these bugs. It’s all from a company called Remote Approach.

According to Remote Approach, opening up a PDF file enabled with Remote Approach gives the following information: IP Address, domain type (com, edu, gov, etc.) and other stuff like what kind of browser you use, your local time, what service provider you use, etc.

Note that this type of data collection is not unusual on the web (every time you got a website, the website operator can collect this type of data). It’s not getting your name, address, credit card number, etc. However, it’s the first I’ve heard of it for PDF documents.

Alex Eckelberry

180 buys one of its distributors

Interesting article here.

They can buy whom they want. The problem is that stealth installs are still occurring and we can’t see why this can’t be fixed.

A distributor installs an older version which installs without the user’s knowledge. Then the update to the new “certified spyware free” version doesn’t tell the user that they got a 180Solutions program. This is the infamous “CBC Force Prompt” issue we have written extensively on.

So what is CDT? Check their websites out:

Loudcash and Searchbarcash

Nice music.

Alex Eckelberry

Dept. of Homeland Security Privacy Panel

Remember that Dept. of Homeland Security privacy review board — the one that Claria exec Reed Freeman was appointed to? News.com has this interesting article.

Appointed to the chair: a die-hard champion of the Total Information Awareness program, Paul Rosenzweig. TIA, you’ll recall, was the most massive data mining project in history.

Best quote of the article:

“I don’t really regard Paul as a privacy advocate,” said Lee Tien, a lawyer with the Electronic Frontier Foundation in San Francisco. “I think he’s much more focused on whatever homeland security mission there is. He tends to view privacy as something to be circumvented.”

This is all just too weird.

Alex

CNET’s new spyware policy

Good stuff. Looks like CNET has publicly announced the policy and provided criteria for determining whether an application is regarded as “adware.”

And here is the type of letter they’re sending people:

Dear Publisher,

Since the launch of CNET Download.com more than eight years ago, we have worked hard to promote a trusted, safe, and secure downloading experience for both our end users and our publishers. With that in mind, we screen thousands of software submissions each month for elements we think might interfere with an end user’s satisfaction. Beginning April 18, this will include enforcement of a no-adware policy.

Your product has been identified by our production team as currently containing some form of adware. For it to remain live on our network of sites after April 18, we ask that you remove the adware component and resubmit the updated version through Upload.com. All files containing some form of adware will be removed by April 22. If you plan to resubmit an updated file but cannot complete the development process by then, you can always submit the update at a later date and still retain the product’s original download counts.

For more information about this new policy, please click here.

The Upload.com Team

Alex Eckelberry

Dangerous twist in Nigerian scam

4/12/05 Update. Subscriber Charles Arthur makes this good point: “I think though it’s not the Nigerian scam. It’s phishers looking for middle people. Money goes from bank account of person in US to person who signed up for this thing. They forward it to “company” in other country. They are phishing middlemen. Usually unwitting.”

We’re (hopefully) all familiar with the infamous “Nigerian” scams (also called 411 or 419 scams, after the section of the Nigerian penal code that deals with these type of fraud schemes).

However, this email was received today, and it carries a new twist. It looks legitimate–it’s not some Nigerian official who is trying to get his money out of Nigeria. Instead, it’s an email that looks like a reasonable commercial venture trying to get an agent in the US. There’s even a VCF card attached to the email (nothing in the VCF but a name).

Of course, these types of scams rely on someone “posting some money” or some such nonsense.

As always, caveat emptor.

Dear Sir/Madam,

I represent Grambest [a scam name–Grambest is not a real company] International Import and Export Company based in the UK. My company exports cocoa, rubber and timber for world trade.
We are searching for representatives who can help us establish a medium of getting to our customers in Europe and America as well as making payments through you as our payment officer. Most of our customer pay out in cheques and we do not have an account in your country that will clear this money. It is upon this note that we seek your assistance to stand in as our representative in your country.

Note that, as our representative, you will receive 10% of whatever amount you clear for the company and the balance will be paid to us.

If you are interested in this business transaction, forward to us the information below:

(1)Your full names
(2)Contact address
(3)Phone/fax numbers.

All further correspondences should be emailed to
(grambest@outgun.com/william-mark@excite.com)

Thank you for your time.

Very Respectfully,

Mr. William Mark
President,
Grambest Import/Export co.
Goods for Import/Export
Freight Fwdg. Svcs.

—————Xheader info—————
Microsoft Mail Internet Headers Version 2.0
Received: from tfdsmtp1.mail.isp ([213.4.129.48]) by exchange.sunbelt-software.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 4 Apr 2005 02:18:50 -0400
Received: from teleline.es ([10.20.4.99]) by tfdsmtp1.mail.isp (Netscape Messaging Server 4.15 tfdsmtp1 Mar 14 2002 21:29:48) with ESMTP id IEES7602.57M; Mon, 4 Apr 2005 08:18:42 +0200
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181
From: “LUCAS_DAM”
To:
Reply-To:
Message-ID: <471e90e3.90e3471e@teleline.es>
Date: Mon, 04 Apr 2005 07:18:41 +0100
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-language: es
Subject: Representative
X-Accept-Language: es
Content-Type: multipart/mixed;
boundary=”–6a71dfa160313ed”
Return-Path:
X-OriginalArrivalTime: 04 Apr 2005 06:18:51.0137 (UTC) FILETIME=[2B5D7F10:01C538DE]
—————

Wayne Porter on 180…

To those of you following the whole “is 180 Solutions making products that deserve the adware/spwyare moniker?” debate, Wayne Porter just posted some interesting stuff on his blog. Mr. Porter, who runs a company that makes a competitor to our CounterSpy, does an excellent job here with 180Solutions. Read the Preface and then the response from 180.

Our team (along with rest of the antispyware community) will be examining 180’s responses to Wayne…).

4/4 Update: Suzi at SpywareWarrior blogs on this issue.

Alex Eckelberry

Spyware in Mac land again

Gartner got themselves a load of free press about the potential for spyware on Macs. There’s still articles hitting the wires on this subject!

I blogged on this subject a few days back.

In my opinion, this is a complete non issue. There is very little (if any) spyware on Macs, and it’s painfully obvious that as Mac’s grow in popularity, there will be spyware.

But the sky is not falling on the Mac.

The biggest thing people forget is that spyware is a one-two punch game. A) you need to make the spyware and B) you need distribution for the spyware.

So spyware developers joyously creating Mac spyware in the basement of some Russian brothel will still be stuck with the problem of actually getting it on the machines of users. It’s not easy. You need all kinds of trickery and legerdemain marketing to get people to download this stuff. Free song lyrics! A better search experience! Free screensavers! Use our P2P program!

You get the picture.

Right now, if you don’t want spyware, either practice safe computing (a lengthy separate discussion) or buy a Mac. And as someone commented in my other blog entry, you actually can get right-click mouse functionality with OS/X (a personal peeve of mine). Hmm…..

Alex Eckelberry

Spyware in Mac Land?

Gartner got some press by saying that Mac’s are potentially in danger of getting spyware in the future (the Gartner guy said a lot more than just that as well). This follows on the heels of Symantec’s warning of increasing dangers in the Mac platform .

Personally, I really don’t see any of this as much of a story, except to provide cruel pleasure to us PC users who have been taunted for years by Mac users about the superiority of their platform.

At Sunbelt, we’ve heard almost nothing about Mac spyware. There is the forum on MacScan that covers the area but there’s little actual information (lots of spam though).

And the only Mac antispyware product I know of is MacScan, and it doesn’t support OS/X.

I was curious about the whole Mac spyware thing this afternoon and went over to our lonely Mac in our testing department. I went to my favorite spyware download site, lyricsdomain, and was pleased to actually be able to navigate the site without it trying to download spyware to my machine.

Mac people, I used to be one of you back in the 80s. I left for the PC business and watched the Mac become the machine of choice for Gap-clothed literati and graphic artists, most of them smug about the Mac’s superiority against PCs — while ignoring the endless system crashes and the outrageously high prices of Mac systems.

But my oldest son has a Mac, and my three other kids have iPods, and I admit after trying to get my kid’s iPods to connect up with the various aging systems in my house, I am actually tempted to go Mac for my kids. The Macs are cheaper and apparently more stable now, even though the software is still pricey and there is no right mouse button (maddening, that).

Alex Eckelberry