Month: January 2010

Here’s something they don’t teach in marketing 101: If you’re pushing software that no one wants — like, say, annoying adware — and your downloads are going nowhere, what do you do?

Answer: you push somebody else’s popular software and bundle your junkware with it.

Remember Zango? It was that irritating adware company that spent years and a million weasel words trying to make its operation seem legitimate. It was fined $3 million in 2006 by the U.S. Federal Trade Commission and it unsuccessfully sued anti-virus vendor Kaspersky in Federal Court in 2007 for calling the Zango malcode “malcode?” After several years of sagging revenue amidst a larger collapse of the adware industry, the company finally folded and sold its assets at fire sale prices last April. (Sunbelt Blog story here. )

The buyer, Pinball Publisher Network, is still distributing Zango and sadly enough it still offers users nothing of any value, which is why PPN offers Open Office, 7-Zip and Firefox bundled with it. PPN and its affiliates are simply trying to piggyback on those programs and in the process, leech from their value and good name.

Here’s what its fans get:

“Hotbar’s toolbar for IE, Outlook/Outlook Express and Word provides FREE access to premium content including weather, paid for by advertising. Based on keywords generated by your browsing, Hotbar shows ads in a separate browser window or a temporary Slider, and toolbar search suggestions. ShopperReports provides comparison shopping offers in a Sidebar. Both run continuously and update automatically. Uninstall easily via Add/Remove Programs.”

AND how do you suppose Pinball Network affiliates are persuading people to install adware-laden software that can be had free and clean of Pinball’s software elsewhere on the Net? Here’s a cynical bit of advice from a user on a forum where affiliates discuss their experiences with PPI (pay per install) programs such as Pinball Publisher Network:

“if your users use IE tell them they need firefox to see the website and bingo $$$ pinball is so easy to make money with. All you need is sites that users are looking to download things. Alot of sites are loosing money using silly fill me in to unblock me content, i mean if your users are looking to download they will download!”

VIPRE detects this adware application as “Pinball Corporation. (v)”. Since the installer basically loads all the old Zango files, users who happen across it will probably see VIPRE detecting “Zango” and “Hotbar” as well.

Thanks Adam Thomas and Eric Howes and big hat tip goes to Wendy Ivanoff for getting spammed with this crap and bringing it to our attention

Tom Kelchner

At a privacy roundtable sponsored by the U.S. Federal Trade Commission in San Francisco, Facebook Director of Public Policy Tim Sparapani said that 35 percent of the 350 million Facebook users (that’s 122 million!) actually checked their privacy settings when Facebook suggested it in December.

The BayNewser, a San Francisco media news site, said Sparapani told their reporter that “the industry average for users’ actively engaging with their settings is actually between 5-10 percent.”

Story here.

Tom Kelchner

From Richard Purcell, executive director of The Privacy Projects (www.theprivacyprojects.org), organizing sponsor of Data Privacy Day:

“Most consumers see the benefit of living online, but too few are aware of just how much information is being collected, who is collecting it, and how it is being used. We hope to reach adults and young people and advance privacy awareness with the educational materials and resources available at the Data Privacy Day webpage.”

The Privacy Projects is a Nordland, Washington-based, non-profit research institute that funds academic research into “evidence-based” privacy aimed at enhancing policies, practices and tools necessary to meet the power of the new technologies. An independent voice, TPP seeks to offer insight to companies, governments and consumer advocates as new information-driven businesses are considered, developed and deployed.

News Release here.

Tom Kelchner

Someone hacked into a 3Stars outdoor advertising screen on the Garden Ring road in Moscow about midnight last Thursday and ran a two-minute hardcore video clip.

The showing caused a massive traffic jam but city officials said the good news was that there were no traffic accidents.

3Stars commercial director Viktor Laptev said “There was a hacker attack as a result of which a commercial was replaced with an obscene video in the control computer. It is unclear whether it was an act of hooliganism or competitors’ intrigues.”

The Moscow city advertising committee will investigate.

Story here (and no, there’s no video).

Tom Kelchner

Researchers with Internet security group Team Cymru, headquartered in Burr Ridge, Ill., have reported that in the last six months they found a doubling of the number of botnets controlled through http – indicating easy-to-use point-and-click kits that function in a browser. The number of botnets controlled through Internet relay chat channels – a traditional command-and-control mechanism – has remained steady.

In the report just released, the group said “the kits are becoming more accessible and the easier user interface for http botnets means that they are generally favored over more traditional control mechanisms.”

Well-known Internet security blogger Brian Krebs calls it the rise of “Web Fraud 2.0.”

The hosting locations for botnet IRC channels are overwhelmingly in the U.S. and western Europe. The http servers that are used for botnet C & C are in the U.S., China, Russia and Brazil, Team Cymru said.

Team Cymru Research specializes in monitoring malicious Internet activity.
Their white paper “Developing Botnets – An Analysis of Recent Activity,” by Steve Santorelli can be found here.

Tom Kelchner

Malicious operators are increasing their attacks on .edu sites so they can use them in search engine optimization (SEO) poisoning schemes. The .edu sites are given higher rankings by search engines because they are expected to have more reliable information.

A researcher at SecTheory security firm who was investigating SEO poisoning said he found a surprising number of hacked .edu sites with the Google searches:

inurl:.edu viagra
inurl:.edu cialis
inurl:.edu phentermine

SecTheory CEO Robert Hansen said that many colleges and research institutions have medical and pharmaceutical research and activities described by many of the keywords that the spammers and phishers use.

Story here.

Tom Kelchner

And 350 million Facebookers.

Consumer metrics firm RJMetrics of Camden, N.J, said in a recent report that 75 million people were using Twitter at the end of last year. At that point, there were 6.2 million people joining the micro-blogging service each month, down from 7.8 million who joined in July.

Facebook, with 350 million users, is the largest social media service.

Story here.

Tom Kelchner

At the Cisco Networkers Live 2010 event in Barcelona, a Cisco spokesman estimated that video would make up 90 percent of Internet traffic by 2019. All Internet traffic will grow five times its present volume in the next three years, he also predicted.

Marthin De Beer, senior vice president of Cisco’s emerging technologies group, said the future of collaboration will be in video and will tremendously change education, healthcare, entertainment and business.

At the event, Sean Curtis, Cisco’s technical marketing manager, demonstrated Cisco’s transcribing software and said that much more information on a video will be searchable in the future.

Cisco is introducing telepresence software and advertising its potential for many working situations and home use.

V3.co.uk story here.

Oh? New Internet technology? You have to ask yourself: what is the dark side thinking right now? How about:

— industrial espionage spyware: want to buy a subscription to your competition’s meetings? Want to buy spyware to view your competition’s meetings?
— ransomware: pay now by credit card and we’ll unscramble your video link.
— rogue security products: Buy TeleP Guard 2013 NOW! Protect your company’s meeting video! $49.99!
— hacking: tap in to your classmate’s live slumber party video.
— do-it-yourself spyware applications: what is your spouse doing on video with their friends?
— spam: take your blood pressure on line and **bUy ChEaP mEdS**
— porn: goes without saying. Nothing new here. They’re probably already using telepresence.

Ya know, there just might be a future in this computer security stuff.

Tom Kelchner

Ben Edelman, Harvard privacy researcher and guru has revisited the features of Google Toolbar and was appalled to discover that disabling it doesn’t really disable it. He is recommending that all users uninstall it.

In a long, thorough and well-written piece on his blog Edelman discusses how he monitored the Toolbar’s behavior with a network sniffer and documented the transmission of data back to Google (to toolbarqueries.google.com). Not only does it track a user’s Google searches, but it also phones home information about searches done in other search engines.

And, the privacy policy, he says, is ill-conceived.

“Notice that the Privacy Policy loads in an unusual window with no browser chrome – no Edit-Find option to let a user search for words of particular interest, no Edit-Select All and Edit-Copy option to let a user copy text to another program for further review, no Save or Print options to let a user preserve the file. Had Google used a standard browser window, all these features would have been available, but by designing this nonstandard window, Google creates all these limitations.”

This, of course, prevents a user from using an application like EULAlyzer that points out areas of concern in end user licensing agreements and privacy statements.

His conclusions about what Google should do:

“When a user disables Google Toolbar, all Enhanced Features transmissions need to stop, immediately and without exception. This change must be deployed to all Google Toolbar users straightaway….”

“Google also needs to clean up the results of its nonconsensual data collection. In particular, Google has collected browsing data from users who specifically declined to allow such data to be collected….”

“But these records never should have been sent to Google in the first place. So Google should find a way to let concerned users request that Google fully and irreversibly delete their entire Toolbar histories.

“The current Toolbar installation sequence suffers inconsistent statements of privacy consequences, with poor presentation of the full Toolbar Privacy Statement. Toolbar puts a button on users’ Taskbar unrequested. And as my videos show, once Google puts its code on a user’s computer, there’s nothing to stop Google from tracking users even after users specifically decline. I’ve run Google Toolbar for nearly a decade, but this week I uninstalled Google Toolbar from all my PCs. I encourage others to do the same.”

Update 01/26:

According to PCWorld, Google said it will publish a download update today that will truly disable the monitoring when a user tries to do it.

Tom Kelchner

StopBadware, an anti-malware effort started at Harvard University’s Berkman Center for Internet and Society, has announced that it has begun operating as a standalone non-profit organization called StopBadware, Inc. Google, PayPal and Mozilla have provided initial funding for the launch.

Sunbelt Software is a StopBadware Data Provider.

StopBadware began four years ago today as a Berkman Center project intended to engage the Internet community in fighting what the organization refers to as badware—software such as viruses or spyware that disregard a user’s choice about how his or her computer or network connection will be used. The goal was and remains to build and share knowledge through the collective efforts of a community of web users.

StopBadware works with its network of organizations and individual volunteers to collect and analyze data, to build community momentum for fighting badware and ultimately to advocate for change.

Maxim Weinstein, StopBadware’s executive director said:

“If we want to put an end to badware—or even put a dent in it—we have to change the attitudes and behaviors of individuals, organizations, and governments. That’s no small task, but we know progress is possible by combining the creativity and passion of our BadwareBusters.org community members with the hard facts derived from our Badware Website Clearinghouse.”

The decision to spin StopBadware off from the Berkman Center was made in recognition of the effort’s evolution from research project to mission-driven organization.

Urs Gasser, executive director of the Berkman Center said:

“StopBadware has grown in just a few years from the seed of an idea into an internationally recognized force in the fight against harmful software. We are proud that, by developing a unique mission and becoming independent, StopBadware now follows in the footsteps of previous ventures like Creative Commons and Global Voices that have their roots here at the Berkman Center. We’re grateful for the inspiration and guidance of the project’s leaders, professors Jonathan Zittrain and John Palfrey.”

Palfrey will serve on the new non-profit’s board of directors, along with Michael Barrett (of PayPal), Vint Cerf (Google), Esther Dyson, Mike Shaver (Mozilla), Ari Schwartz (Center for Democracy & Technology) and executive director Maxim Weinstein.

StopBadware has already had success in its goal of changing attitudes and behaviors. Its “badwarealerts,”  which highlight applications that violate its badware guidelines, have led major corporations—including AOL, Real Networks and Sears Holding Corporation—to make changes to their software to protect customer choice. Its collaboration with Google in warning users about websites that can install malware on visitors’ computers, and in assisting with the remediation and prevention of such compromised sites, has increased awareness of the role individual site owners can play in reducing the spread of malware.

“There is still much to do. Badware remains a growing problem, but in the past few years, there’s also been a growing sense that this is a problem we—the Internet community—can and should work together to address. StopBadware is committed to making that happen,” Weinstein said.

StopBadware Home site here.  

About the Berkman Center for Internet & Society

The Berkman Center for Internet and Society at Harvard University is a research program founded to explore cyberspace, share in its study and help pioneer its development. Founded in 1997, through a generous gift from Jack N. and Lillian R. Berkman, the Center is home to an ever-growing community of faculty, fellows, staff and affiliates working on projects that span the broad range of intersections between cyberspace, technology, and society.

Berkman home site here.

Tom Kelchner

Sunbelt Software’s E-mail Security scored a Spam Catch (SC) rate of 98.77 percent in Virus Bulletin’s VBSpam tests. The testing uses VB’s live email stream as well as a spam test set provided by Project Honey Pot. The tests measure false positive rate and the spam catch rate.

Virus Bulletin tested fifteen different antispam products and included two new categories of spam in this test including ‘image spam’ consisting of spam emails that contained at least one image and ‘large spam’ comprised of a body size of at least 50,000 bytes. Both types are notoriously difficult to filter.

“Over the past few years, Sunbelt has become a big name in the world of computer security…the product certainly has a good spam catch rate and won a VBSpam award with relative ease,” wrote Virus Bulletin in the review.

Story here.

Tom Kelchner

Patrick Jordan found this one. Some questionable sites associated with the Winigard family of rogue security products pulls it from this location, which appears to belong to a graphic designer in Canada.

It’s funny and here’s waaaay too much truth there:

Nice one Patrick!

Tom Kelchner

 

Early this afternoon Microsoft released an out-of-band security bulletin patching the vulnerabilities in Internet Explorer. The fix has been at the top of the news since the vulnerabilities it treats are believed to have led to the compromise of Google and about 30 other companies last week in what has been called the “Aurora” attack. The governments of France and Germany suggested that Internet users switch to a different browser until the vulnerability was fixed.

So, I guess, in a way, this is good news:

It means that the word obviously is out that there’s a problem and there’s a fix.

According to Wikipedia, Microsoft’s IE browser (versions 6 through 8) have a 63 percent browser market share. Apparently, every one of them hit Microsoft’s site at the same time for the update.

Update:

Minutes later it worked:

Microsoft Security Bulletin MS10-002 here.

Tom Kelchner

The European Network and Information Security Agency (ENISA) has released a report that says 95 percent of all email is now spam.

The report was based on surveying last year of email traffic by about 100 service providers in 30 countries.

ENISA Executive Director Dr. Udo Helmbrecht said:

“Spam remains an unnecessary, time consuming and costly burden for Europe. Given the number of spam messages observed, I can only conclude more dedicated efforts must be undertaken.

“Email providers should be better at monitoring spam and identifying the source. Policy-makers and regulatory authorities should clarify the conflicts between spam-filtering, privacy, and obligation to deliver.”

ENISA survey here.

Tom Kelchner

Privacy advocate and researcher Ben Edelman has found that Upromise savings, a service that collects commissions from participating merchants for its members’ college savings accounts, scrapes personal information, including credit card numbers, from transactions and transmits it to a Boston area shopper-metrics firm with no encryption. Neither the Upromise installation nor its privacy policy informs a user that the data collection is going on.

According to its web site, Upromise members get 1-25 percent discounts on eligible purchases from 600 online retailers, eight percent discounts at more than 8,000 restaurants “…when you pay with a registered credit or debit card.” and 1-3 percent discount at registered grocery or drug stores, also if they pay with a registered card.

Upromise, owned by Sally Mae, is the biggest private source of college funding contributions in the U.S., having deposited $450 million to members’ college savings accounts.

Edelman writes:

“The install sequence does link to Upromise’s privacy policy. But this page also fails to admit the detailed tracking Upromise performs. Indeed, the privacy policy promises that Personalized Offers data collection will be ‘anonymous’ — when in fact the transmissions include email addresses and credit card numbers. The privacy policy then claims that any collection of personal information is ‘inadvertent’ and that such information is collected only ‘potentially.’ But I found that the information transmissions described above were standard and ongoing.”

“…Upromise’s install screen euphemistically mentions that its ‘service provider may use non-personally identifiable information about your online activity.’ This admission appears below a lengthy EULA, under a heading irrelevantly labeled ‘Personalized Offers’ — doing little to draw users’ attention to the serious implications of Personalized Offers.”

Edelman traced the flow of the user’s data:

“…transmissions flow to the consumerinput.com domain. Whois reports that this domain is registered to Boston, MA traffic-monitoring service Compete, Inc. Compete’s site promises clients access to ‘detailed behavioral data,’ and Compete says more than 2 million U.S. Internet users ‘have given [Compete] permission to analyze the web pages they visit.’

Thanks Ben

Edelman’s blog post “Upromise Savings — At What Cost?” here.

Ben Edelman is based at the Harvard Business school. His blog is here.

Tom Kelchner

Security firm Imperva of Redwood Shores, Calif., found a unique way to gage the quality of the passwords that Web users select: they analyzed the 32 million passwords in the unencrypted file of passwords that miscreants stole from the servers of RockYou.com in December and posted on the Internet.

RockYou creates and distributes entertainment widgets that work with social networking networks.

What they found wasn’t good, according to their report.

“Key findings:
— About 30% of users chose passwords whose length is equal or below six characters.

— Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters.

— Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on).

The most common password among Rockyou.com account owners is “123456”.

They also found that things hadn’t improved much in 20 years.

“In 1990, a study of Unix password security revealed that password selection is strikingly similar to the 32 million breached passwords. Just ten years ago, hacked Hotmail passwords showed little change. This means that the users, if allowed to, will choose very weak passwords even for sites that hold their most private data. Worse, as hackers continue to rapidly adopt smarter brute force password cracking software, consumers and companies will be at greater risk.”

The unusually concise and well-written five-page Imperva report could be really handy for user education. It also contains links to other studies and articles on password security.

Tom Kelchner

Microsoft has said it will issue an out-of-band patch today for critical vulnerabilities in Internet Explorer that allow remote execution of code. The company said yesterday it would not wait until the February “Patch Tuesday” to fix the vulnerabilities.

The much discussed “Aurora” vulnerabilities in IE have been held at least partially responsible for cyber attacks on Google and more then two dozen other major companies. The attacks on Google were aimed at Gmail accounts of dissidents and Google’s source code. The attacks on the other companies were aimed at stealing intellectual property.

“Microsoft Security Bulletin Advance Notification for January 2010” here.

Tom Kelchner

The Danwei web site (Chinese media, advertising, and urban life) is carrying a rippingly funny blog piece by Alice Xin Liu about a recent Chinese government program that would have China Mobile monitor mobile telephone text transmissions for conversations of a sexual nature. Offenders’ (messaging) service would be cut off until they wrote a “self-criticism.”

Xin Lilu said bloggers in China are having a ball with the idea that the government is trying to censor dirty jokes, which apparently are a significant part of the culture of Chinese people (as if they were any different than the rest of us).

The Chinese language, however, is structured in such a way that machine filtering encounters even more complexity than it does in other languages.

“Similar to filtering for the Internet, dirty phrases are targeted, but with the make up of Chinese sentences, two completely unrelated characters could be strung together to make something a lot ruder,” she says.

She said that one student blogged that after he returned from dinner at a friend’s home, he sent the text message to his buddy: “you mom’s stewed post [pork?] is excellent.” The next day he couldn’t send text messages.

There is a Chinese euphemism “meat stick,” but you can read Xin Lilu’s original blog post for that discussion.

Dirty jokes are part of the fabric of life she concludes. “…sex is a kind of entertainment. Furthermore, it’s quite important as a form [of] entertainment.”

Thank you Alice.

Blog piece here.

New York Times story “China to Scan Text Messages to Spot ‘Unhealthy Content’” here.

Tom Kelchner

“Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.”

“Thank you,

“George Stathakopoulos
General Manager
Trustworthy Computing Security”

Thanks George

Tom Kelchner

Microsoft Security Advisory 979352 here.

Virgin Media, the UK telecommunications giant that supplies TV, phone and Internet services, has begun to use deep packet inspection determine if its Internet customers are sharing music or films.

The monitoring system will check transmitted data against a database of copyrighted music and video to spot illegal file sharing.

Virgin Media said the system isn’t keeping track of IP addresses of the transmissions and the technology isn’t designed to catch illegal downloaders, but it could.

Observers have said that the system could be used to implement UK government initiatives to fight Internet piracy by sending repeat offenders warning letters then cutting off their Internet.

Story here.

Thanks Alex.

Thanks Donna’s Security Flash.

Tom Kelchner