FTC goes after Winfixer

Major news: The FTC is going after Innovative Marketing, which has marketed products like WinFixer and other rogue antispyware programs.  These deliberate scams and frauds have been a plague on the internet now for several years.

At the request of the Federal Trade Commission, a U.S. district court has issued a temporary halt to a massive “scareware” scheme, which falsely claimed that scans had detected viruses, spyware, and illegal pornography on consumers’ computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of those responsible for the scheme, to preserve the possibility of providing consumers with monetary redress.

According to the FTC’s complaint, the defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements. The defendants falsely claimed that they were placing Internet advertisements on behalf of legitimate companies and organizations. But due to hidden programming code that the defendants inserted into the advertisements, consumers who visited Web sites where these ads were placed did not receive them. Instead, consumers received exploitive advertisements that took them to one of the defendants’ Web sites. These sites would then claim to scan the consumers’ computers for security and privacy issues. The “scans” would find a host of purported problems with the consumers’ computers and urge them to buy the defendants’ computer security products for $39.95 or more. However, the scans were entirely false.

According to the complaint, the two companies charged in the case – Innovative Marketing, Inc. and ByteHosting Internet Services, LLC – operate using a variety of aliases and maintain offices in various countries. Innovative Marketing is a company incorporated in Belize that maintains offices in Kiev, Ukraine. ByteHosting Internet Services is based in Cincinnati, Ohio.

We have a long history of tracking Innovative Marketing’s sleazy deals.  They are pure, unadulaterated slime, a statement I can back it up with extensive in-house research.

This is really good news.  Really.

Press release here, complaint here.

Alex Eckelberry

Learning and classification of malware

Thorsten Holz and Carsten Willems, our partners in Sunbelt CWSandbox, have collaborated with Konrad Rieck, Patrick Dussel and Pavel Laskov on a paper, “Learning and Classification of Malware Behavior”.

The abstract explains it well:

Malicious software in form of Internet worms, computer viruses, and Trojan horses poses a major threat to the security of networked systems. The diversity and amount of its variants severely undermine the effectiveness of classical signature-based detection.

Yet variants of malware families share typical behavioral patterns reflecting its origin and purpose. We aim to exploit these shared patterns for classification of malware and propose a method for learning and discrimination of malware behavior.

Our method proceeds in three stages: (a) behavior of collected malware is monitored in a sandbox environment, (b) based on a corpus of malware labeled by an anti-virus scanner a malware behavior classifier is trained using learning techniques and (c) discriminative features of the behavior models are ranked for explanation of classification decisions. Experiments with different heterogeneous test data collected over several months using honeypots demonstrate the effectiveness of our method, especially in detecting novel instances of malware families previously not recognized by commercial anti-virus software.

PDF link here (alternate).

Alex Eckelberry
(And forgive me, if you’re not a malware wonk, this will not be interesting.)

More CCTV insanity

000005679834Small
CCTVs, already shown to have questionable effectiveness in preventing crimes, are now to take on a new Big Brother task: Predicting crime.

According to the Mail, “the cameras can alert operators to suspicious behavior, such as loitering and unusually slow walking. Anyone spotted could then have to explain their behavior to a police officer.”

This is such a horrible idea. Trying to replace good, solid community policing with technology in this way is absurd. A beat cop, with feet-on-the-street instincts and local knowledge, will do far, far more to prevent crime than such an automated system.  Beat cops “know” the good kids (who may loiter or walk slowly) and the bad kids (who may also loiter or walk slowly).

And that’s not even considering the chilling effects on personal liberties.

Alex Eckelberry

The Julie Amero forensic analysis

It all started with a blog post, with the next several months being a period of intense work and coordination. The culmination was the original conviction being overturned. In the end, Julie ended her four–year battle last week with the State of Connecticut in an empty courtroom, pleading to a lesser charge.

At some point, I may find the time to chronicle all the events. There are all kinds of stories from the time. I met some wonderful people — some of the most decent, just and hard-working folks I’ve ever met. It was an extraordinary experience, shadowed only by Julie’s terrible predicament.

But for now, I have something to post: the analysis that our group of security and forensic experts performed of the evidence available (this analysis was then provided to the defense team to aid them in their efforts). This was all done by these experts on a volunteer basis. To that group, I am truly thankful for your help: Glenn Dardick, Joel A. Folkerts, Alex Shipp, Eric Sites, Joe Stewart and Robin Stuart.

The document has been kept to only a small group of people until today. I am now making it available here (pdf). (Note that this document is primarily a review of the trial testimony against the evidence available — notably, a Ghost copy of the hard drive. As mentioned in the document, our group did not have access to all the evidence available, most importantly the firewall logs.)

To some, it may be an interesting read.

Alex Eckelbery

Don’t you wish you could have done this?

Robert LaFollete, our creative director, was asked by the Lowry Park Zoo to photograph a pair of seven-week old white tiger cubs born at the zoo.

In their cage. Up close.

First, he had to pass by mummie and daddy (in their cage), and then go to the babies. That was rather harrowing.

But the payoff was 15 minutes of photographing and petting these beautiful little cubs. He described their fur as being like “rough cotton”.

One got a little playful and started munching on his leg:

3960

No worries though, Robert took it in stride, and was pleased that they were comfortable enough with him to want to play.

More, with pics, at his blog post, here.

Alex Eckelberry

Black Friday pricing

Our crazy marketing department again…

Sunbelt Software … today announced an unprecedented price cut on its top-selling high-performance security product, VIPRE Antivirus + Antispyware(TM) starting Black Friday (the day after Thanksgiving), November 28, 2008. A single one-year subscription license is being offered for $9.95, close to 70% off the normal $29.95 retail price. Users that desire more than one user license can also take advantage of a flat $20 discount on any other VIPRE licensing option, including the unlimited home site license where all PCs in a single household are protected with a single site license.
Link here.

Alex Eckelberry

Amero: Prosecution still believes Amero was guilty

I found this statement to be just, well, outrageous:

New London County State’s Attorney Michael Regan told me late Friday the state remained convinced Amero was guilty and was prepared to again go to trial.

“I have no regrets. Things took a course that was unplanned. Unfortunately the computer wasn’t examined properly by the Norwich police,” Regan said.

“For some reason this case caught the media’s attention,” Regan said.

Link here.

Alex Eckelberry

BREAKING — The Julie Amero horror is over

Julieamero

(Photo credits to Rick Green at the Hartford Courant).

After 4 years and 2 months, Julie Amero is now free.

You’ll recall that Julie Amero was convicted of 4 felony counts, each count carrying a maximum of 10 years, for exposing school children to pornography.

The reality is that Julie, a 40–year old, pregnant substitute teacher, found herself in a storm of popups and didn’t have any idea as to what was going on, or how to fix the situation.

Julieameroasdf1003-1232
Julie leaving the courthouse last June with her husband after the original conviction was overturned.

There were numerous technical errors made during the trial, and I led a team of forensic investigators into analyzing a copy of the hard drive. We ultimately published a report which was used in Julie’s original conviction being overturned, for a new trial last June (I am seeing if I can get the report published).

This afternoon, at an empty Norwich Superior Court, Julie pled to the misdemeanor charge of disorderly conduct, in a deal negotiated by her pro-bono attorney, William Dow.

Her fine was a $100 charge, and her Connecticut teaching credentials are revoked (Julie told me she really doesn’t care, that she has no plans ever to teach in that state again).

I wish the whole thing had been dropped by the prosecution. But that was just not something they were willing to do. And Julie needed her life back.

According to Julie, the courtroom was empty. It was just Julie; her husband, Wes; her attorney, Dow; the prosecutor, David Smith; and the judge, a Judge Young.

Smith continued to say that the State felt that they had enough of a case, but that due to Julie’s declining health, that he and William Dow had agreed to a lesser charge.

Dow told Smith that he’s more than willing to try the case, if the State is still willing.

Smith went on to describe all the terrible things that he believed Julie did. The judge interrupted him, telling him that he was only opening a wound, picking at a scab.

Now that it’s over, I hope this story gets told. Broadly. We can’t have another Julie.

Many thanks to many people for all of their help. There are so many — literally, in the thousands. Walter Hooper, who worked tirelessly with me when this whole thing first broke. Herb Horner, the original defense witness who became Julie’s strongest voice. The pro-bono forensic investigators – Glenn Dardick, Ph.D., Joel A. Folkerts, Alex Shipp, Eric Sites, Joe Stewart and Robin Stuart. Ari Schwartz at the CDT, who helped us immensely getting legal help. The pro-bono attorneys, William Dow, Clint Roberts and… some others that have chosen to remain behind-the-scenes. The many champions, including Rick Green, Randy Abrams, Steve Bass, Ryan Russell, Roger Thompson, Robin and Paul Laudanski, Ray Burns, Phil Malone, Chris Boyd, Eric Howes, Nancy Willard, Merja Lehtinen, Lindsay Beyerstein, Karoli Kuns, Joe Scalia, Frank Krasicki, Charles Neville, Brian Krebs, Bob Johnston, Ben Edelman, AJ Fontaine and so, so many others. I’m blogging fast, so if I missed you — forgive me. It’s not intentional. Just send me a note.

While I wish Julie would have been fully exonerated, this at least brings the subject to a close. The reality is, her health has been in a precipitous decline. I really don’t think she was prepared mentally and physically for the pain of another trial.

She acquiesced to the lesser misdemeanor charge, and while it may have been a bitter pill to swallow, she can at least can move on now without this sick cloud hanging over her head. It was less than two years ago that Julie was facing felony charges with a maximum of 40 years in prison.

Hopefully, we can help other “Julies” who may find themselves in a similar terrible situation.

(The ever-awesome Rick Green is following this closely, subscribe to his blog for the latest news. And my history of posts on the subject can be found here. )

Alex Eckelberry