The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
Something cute that we saw with an Antivirus XP 2008 install (to clarify, this is a fake error page generated through a running process from the Antivirus XP 2008 Trojan).
When I get some time, I hope to get a video of something else that is similar.
Alex Eckelberry
(Thanks, Adam Thomas)
This ad, which is impossible to read (white text on black background being one of the Bad Things in advertising), is a poking-fun, sarcastic kind of thing ad to sell HP notebooks with an AT&T broadband wireless card.
But if you can actually read it (doubtful), you might find some oddness in it, like this:
“Of course, we don’t recommend this, but you could drive through residential neighborhoods to look for homes with Wi-Fi that isn’t encrypted. Tip: sometimes the password is “password”. Be sure to have all your important files on your hard drive. Don’t count on somebody to send you files.”
I get the point, but…
Alex Eckelberry
(Thanks to Adam Thomas)
These are good folks and I’m happy we’re working together. They are using our Linux-based CounterSpy SDK (soon evolving to a Linux-based VIPRE SDK).
Clearswift today announced a new partnership with Sunbelt Software to further enhance its powerful MIMEsweeper Web Appliance, the most sophisticated web browsing security engine on the market today. Sunbelt Software’s award-winning CounterSpy technology has been integrated within the MIMEsweeper Web Appliance to provide superior anti-spyware security and detection.
As one of the layered security defences within the MIMEsweeper Web Appliance, CounterSpy’s highly-tuned gateway anti-spyware solution is specifically designed to stop all known and suspected spyware before it penetrates a network and infects users’ machines. CounterSpy works in concert with Clearswift’s URL filter, anti-virus/malware and Web 2.0 content filtering engine to ensure maximum protection.
Link here.
Alex Eckelberry
(And yes, blogging has been light as I’ve been busier than a one-legged Riverdancer. I hope to catch my breath soon and get back to writing again.)
Today, I’m really pleased to announce that Michael St. Neitzel, one of the industry’s leading antimalware researchers, has joined Sunbelt Software in the newly created position of vice president, threat research.
Mike is widely regarded as one of the foremost experts on malware and its malicious mechanisms, and has authored a number of technical papers and publications, as well as being a noted speaker at industry conferences.
Mike comes to us from FRISK Software, makers of F-Prot Antivirus, where he was a senior antivirus architect and spokesperson on behalf of the company. Prior to FRISK Software, he was a senior virus researcher with ESET s.r.o., where he worked on the Nod32 antivirus product. Previously, he was with Comodo Security, where he managed the team responsible for the Comodo firewall and antivirus products as executive director in Chennai, India.
Michael will be working on our upcoming VIPRE antivirus+antispyware product, where his work will be essential in developing proprietary heuristics and behavioral detection that is so critical in today’s complex malware environment.
Welcome, Michael. We’re thrilled to have you as part of the Sunbelt team.
Alex Eckelberry
There is a phishing attempt going on against Facebook. Recipients may see something like the following:
If you look in the source of the email, you see that the actual link address is different:
Upon clicking the link, the user is directed to a site, ostensibly allowing the user to log in to Texas Holdem.
Once the user enters their account information, they are then redirected to to the real Facebook site.
Alex Eckelberry
“It could be a long time before Omar Khan goes to college: as long as 38 years, according to Orange County prosecutors, who have arrested and charged the 18-year-old student with breaking into his prestigious high school and hacking into computers to change his test grades from Fs to As.”
Link here.
Alex Eckelberry
You may have seen a wave of fake job offers disguised as coming through CareerBuilder. The recipient is asked to contact the employer through an email address. Email addresses we have observed so far are:
ejobrt @gmail.com
rsmbcompany @gmail.com
homdepmb @gmail.com
Samples:
Sadly, if you’re hoping you’re going to get a job out of this, it’s a scam.
But the good news is that we’re hiring.
Alex Eckelberry
What we reported yesterday about Zango having laid off employees is now officially reported through news channels.
From John Cook over at the Seattle PI:
Sources say that two executives have also departed, including Executive Vice President of Corporate Development York Baur and Chief Technology Officer Ken Smith. Smith, who co-founded the company in 1999, is the brother of Chief Executive Keith Smith. A Zango spokesman declined to comment on the departures.
Ken Smith also talks a bit about his departure here.
The stated reason for the layoffs is the company’s focus on its new Platrium product, a so-called casual gaming experience. One commenter isn’t that excited, referring to it as a “generic search bar with games thrown in.”
In fact, it looks awfully familiar to Zango, just without pop-up ads. Here’s what it says when it’s installing (EULA here):
Platrium is your access key to premium content. It is FREE, paid for by advertising. While online & using keywords sent to Platrium from your Internet browsing, Platrium software (with Weather forecast) will show targeted ads in a temporary Slider; relevant search suggestions in the Playbar; & comparison shopping offers in a Sidebar browser pane. The Playbar provides easy access to 1000s of emoticons, avatars, games & more, when online. Platrium runs continuously & updates automatically, ensuring access to the freshest content. Uninstallation is easy via Add/Remove Programs.
In other words, it has a search function which redirects searches to sponsored results on “Shopbrite”, it hijacks error pages and sends them to Shopbrite, it changes your home page to the Platrium home page, and your screen may end up by looking like the following:
You do get access to games, though (I don’t know if they’re good, mediocre or bad).
Alex Eckelberry
It’s been a while since we all saw a big stock spam push.
Well, recently our honeypots saw a wave of a new style of stock spam pushing Angstrom Microsystems stock. According to the folks at Spam-List, their quick analysis shows that started on Sunday. Zero revenue, but the promise of future revenue. The Pink Sheets has put this on their Caveat Emptor list (would be great if Yahoo and Google started doing the same thing for these types of stocks).
It hasn’t helped the price much, but volume sure has benefited.
You may see a wave of this spam as antispam engines adjust.
Alex Eckelberry
Zango tells employee’s they’re good to go: We received a report that Zango laid off 70 people today.
And in other news, blog reader Andrew was kind enough to send me a link to a website (watchsouthparkonlineepisodes com) pushing Zango, under the auspices of being able to watch South Park episodes for free (this looks to be a Zango affiliate, not Zango itself, nor South Park).
It’s worth noting that South Park episodes are freely available at the South Park website, http://www.southparkstudios.com/, with no adware.
Alex Eckelberry
How horrible. Brings forward memories of Julie Amero (who is still awaiting a new trial):
A child porn possession charge lodged against a Department of Industrial Accidents investigator fired for having smut on his state-issued laptop has been dismissed because experts concluded he was unwittingly spammed.
“The overall forensics of the laptop suggest that it had been compromised by a virus,” said Jake Wark, spokesman for Suffolk District Attorney Daniel Conley.
Nationally recognized computer forensic analyst Tami Loehrs told the Herald Michael Fiola’s ordeal was “one of the most horrific cases I’ve seen.”
“As soon as you mention child pornography, everybody’s senses go out the window,” she said.
Loehrs, who spent a month dissecting the computer for the defense, explained in a 30-page report that the laptop was running corrupted virus-protection software, and Fiola was hit by spammers and crackers bombarding its memory with images of incest and pre-teen porn not visible to the naked eye.
Two forensic examinations conducted by the state Attorney General’s Office for the prosecution concurred with that conclusion, Wark said.
More here.
Alex Eckelberry
(thanks, Richard)
![CEC-DXY-M-US-Dollar-Index-Futures-Spot-Price-RTH.jpg-6.14-789735[1]](http://sunbeltblog.eckelberry.com/wp-content/ihs/alex/CEC_2DDXY_2DM_2DUS_2DDollar_2DIndex_2DFutures_2DSpot_2DPrice_2DRTH.jpg_2D6.14_2D789735%5B1%5D.jpg)
I was intrigued by a post this morning by my brother, Marc Eckelberry (a futures trader) on his blog. He believes that the dollar may soon exit its six-year decline.
Is the dollar six year decline coming to an end? The monthly chart shows a descending wedge which could soon give ammunition to dollar bulls. We will need two important confirmations. The first would be a monthly close above the 10 month moving average, presently at 74.73. The second and most important test will be a close above the confluence of two major trendline resistances between 76 and 76.90. An all clear would be a close above the 2004 low of 80.39.
If true, this would impact the price of oil, something I’ve commented on previously on this blog.
Alex Eckelberry
“A Federal judge has dismissed a lawsuit by a man who was barred from the New London police force because he scored too high on an intelligence test.”
Link here.
(Longtime readers of this blog may see an oblique reference in this.)
Alex Eckelberry
It starts with “Hello” in Korean. Then an attractive graphical rendition of the word Viagra (an attempt at concrete peotry, perhaps?) Then a quotation from the Mahabharata Vana Parva, one of the great late-Vedic sanscrit masterpieces.
But wait… there’s also secretely more when the text is highlighted… is this some type of user-selectable ambigram?
Perfect.
Alex Eckelberry
As an active user of technology, I hate bad support and poor customer service. Just last week, I had to get support from a major vendor. It was easy to get a salesperson, but harder to get a support person, something which always baffles me (what, I’m not as important after I’ve bought the product than I was before?).
If I walk into a business and see some sign which says “Lack of planning on your part does not constitute an emergency on ours”, or a “suggestion box” shaped like a grenade, I walk right out, and you should too.
We hate bad support. We refuse to install those wretched IVR systems (we use these antiquated things called “people” to pick up the phone); we refuse to outsource our support overseas; and our entire senior management team (including me) is available directly to interact with customers. I also don’t hire MBAs for management positions, unless they had a very poor GPA in school (ok, that’s a joke… well, mostly).
Surprisingly, it’s not as expensive to give great support as one might think, and from a bottom-line standpoint, good support helps the P&L through the tough times (by keeping customers loyal) and makes the better times better (by getting you more customers). Support is something that can be quantified, and made into pigeonholes, and therein lies the problem: It’s easy to sort support metrics into various chunks that can be easily outsourced, thus “saving” money for the company (reference above statement about MBAs).
Having worked in the industry for many years, I’ve been in those senior level discussions about “the cost of support”. There seems to be some idea that “support costs need to be controlled”. It’s an easy department to pick on, because the effects of bad support aren’t necessarily felt by senior management (unlike the effects of a bad sales department).
True, cost control is key in any company, but being a CEO is kind of like being a symphony conductor — you have many different components, and all need to work together efficiently and correctly to make, well, a decent sound.
Support is part of the broad holistic system, a gestalt, that makes up a company. Sometimes it’s hard to explain to senior managers, because it’s obvious that great support alone doesn’t guarantee success (look at Wordperfect, a company with some of the greatest support ever, and now practically in the grave). But if you want the whole machine to work right, you have to have great support, you have to have great products, you have to have a great sales team, a great marketing team… you get the picture.
Some starry-eyed managers pump their fists about “great support”. Well, that’s good, but it’s a bit more than that. Good support has to be part of the fabric of a company. It’s something that has to be lived and breathed.
It also helps if you only hire good, decent, nice people. That sounds a bit like a Hallmark card, but it’s kind of a basic thing in a business. Nothing is ever perfect in any company — people make mistakes, things break, someone trips over a power cord and takes down the server room, etc. — but good, decent, nice people are the glue that will keep it all going in the right direction.
In the end, here’s a simple answer to the problem: Vote with your pocketbook. That goes for all the companies out there, mine included. We all should have our feet to the fire to do the right thing.
Alex Eckelberry
Roger Grimes’ scathing editorial on companies treating customers badly today is spot on. He’s focused on security, but his words apply to our whole industry.
At first I thought it was solely due to my crackerjack customer service, but then I realized that the other common thread was that they were mad at a computer security vendor whom they previously loved or passionately wanted to buy from. It was only because of boneheaded, strategic decisions made by the company that their customers were looking to competitors.
There’s a common theme involved. Each of the vendors started with a good product that solidly filled a particular niche, gained market share and industry accolades, and then made inopportune decisions that riled their existing, or new, customers to a point that the customer gave up trying to give them their business. I’m convinced that the vendor’s CEOs are oblivious to how much discontent their company is causing with the very people they should be striving to satisfy. Instead of letting the vendors suffer lower market share without understanding why, I’ve decided to share some representative stories in this blog column.
Right on.
Alex Eckelberry
We’re at Tech.Ed this week. Robert LaFollette, our creative director, took some pictures and I’ve uploaded them to Flickr, here.
A lot of people are coming to the booth. Then again, we’re giving away a lot of remote control helicopters…
Alex Eckelberry
Brian Krebs reports on a new trojan that changes router settings.
A new Trojan horse masquerading as a video “codec” required to view content on certain Web sites tries to change key settings on the victim’s Internet router so that all of the victim’s Web traffic is routed through servers controlled by the attackers.
According to researchers contacted by Security Fix, recent versions of the ubiquitous “Zlob” Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim’s domain name system (DNS) records so that all future traffic passes through the attacker’s network first. DNS can be thought of as the Internet’s phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking
More here.
Alex Eckelberry
Many of us are at Tech.Ed this week. If you’re there, drop by and say hello.
Alex Eckelberry