The summary is wrong. The author didn't say the service has been operating for decades. It said its likely to have been responsible for several decades' worth of attacks, which this service measured in seconds. Since the service allows many concurrent attacks, Krebs said that in four months time the site was responsible for 8 years ("DDoS years) worth of attacks.
Pull skimmer equipment off the ATM and walk away with it and your are likely to get busted by feds or local cops who may be monitoring the machine.
If not, you are likely to be confronted by the scammer who put the thing there in the first place. It's not uncommon for these things to disappear the minute someone from the bank notices something's wrong and goes inside to report it. That's because the thieves often are somewhere nearby watching the machine.
Wondering how much this "story" actually differs from the Trusteer press release, below:
NEWS RELEASE
FOR IMMEDIATE DISTRIBUTION
Trusteer Researchers Find Criminals are Diversifying Financial Attacks with New Version of Bugat Malware
Bugat Quietly Distributed in Recent LinkedIn Phishing Assault; Unlike Zeus Trojan, it is Less Well Known and Harder to Detect
NEW YORK, Oct. 12, 2010 -Trusteer, the leading provider of secure browsing services, today announced that its researchers have discovered a new version of the Bugat financial malware used to commit online fraud. Bugat was distributed in the recent phishing campaign targeting LinkedIn users, which was generally considered to be trying to infect machines with the more common Zeus Trojan. The emergence of this new version of Bugat appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known and therefore harder to detect and block.
Bugat is similar in functionality to its better known financial malware brethren Zeus, Clampi and Gozi. It targets Internet Explorer and Firefox browsers and harvests information during online banking sessions. The stolen financial credentials are used to commit fraudulent Automated Clearing House
(ACH) and wire transfer transactions mostly against small to midsized businesses, which result in high-value losses. Bugat is three times more common in the US than Europe, but its distribution is still fairly low.
In last week's attack, LinkedIn users received emails reminding them of pending messages in their account and providing a malicious URL. When a victim clicked on the link they were directed to a fraudulent website where a java applet fetched and installed the Bugat executable. LinkedIn spam email is an effective tool to push malware to enterprise users, and is being used to gather credentials for commercial bank accounts and other sensitive services used by businesses.
"Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection,"
said Mickey Boodaei, CEO of Trusteer. "We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet."
Trusteer warns that the recent industry focus on Zeus is making it easier for other Trojans, like Bugat, SpyEye, and Carberp which are less wide spread but equally sophisticated, to avoid detection. Carberp currently targets nine banks in the United States, Denmark, The Netherlands, Germany, and Israel. These lesser known financial malware platforms are expected to increasingly compete with the Zeus toolkit to become the new Trojan of choice for criminal groups.
Blocking and Removing Bugat
The Trusteer Secure Browsing Service protects banking and other online sessions by blocking attacks and then disinfecting machines that are infected with Bugat and other financial malware including Zeus, SpyEye, and Carberp. When a Trusteer user browses to sensitive websites such as internet banking, Webmail, or online payment pages, the service immediately locks down the browser and creates a tunnel for safe communication with the web site. This prevents malware like Bugat from injecting data and stealing information entered and presented in the browser. The service is directly connected to the bank (or other online business protected by Trusteer) and to Trusteer's 24x7 fraud analysis service. Attempts to steal money from consumers protected by Trusteer are immediately detected by the bank or operator of the website and are blocked using various layers of protection.
the malware discussed in the blog posts linked from the summary illustrates how the crooks are defeating securID-like tokens, as well. Zeus, eg., is often seen in an attack rewriting the HTML of the bank's Web site as the victim sees it in his or her browser. In the simplest case, where the code is required at login, the attackers simply serve the victim with a maintenance page (down for maintenance, please try back in 15 min).
e.g., Beware of Error Pages at Bank Web Sites
Some banks require businesses to provide a SecurID or other token key when they initiate a wire or ACH transfer. This is getting closer to the solution, but a lot of commercial banks don't like to require that because many customers initiate such a high number of transfers each day, that it becomes impractical.
The hard-to-attack solution, which really doesn't address the usability issue -- is to require the SecurID number both on login and on transfer.
From their press release:
"In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening."
I would tell anyone who'd listen that if you own one of these cheapish but otherwise excellent point-and-shoot cameras (mine is a Canon Powershot A510), if you're looking for a great use for it, consider putting it to use as a Web cam, or a motion detector.
I spent quite a bit of time researching this project, and am not affiliated with either company I mention here, nor do I stand to gain from mentioning them. I only cite their names here b/c I was looking for a cheap way to get good quality, auto-recorded video and photo shots of hummingbirds and other birds visiting our feeder, and was amazed at how easy and cheap this was given the alternatives (crappy webcams, etc).
First step up was downloading PSremote, which works with most brands of point and shoots, but most particularly Cannon. It lets you control the camera entirely, from the zoom to the shutter speed and exposure -- from the computer, assuming it's connected to the PC using the supplied cable.
Add to that setup Webcam Zone Trigger, which interacts with that software to let you define "hotspots" and the level of motion detection that should trigger recording in those spots, and you now have a new life for that old camera you don't use anymore. Total cost: $100.
in my experience, domain squatters are more likely to be domain tasters, in that they are only looking to see if your domain generates enough weekly traffic to warrant the $6 registration fee per year. If your site had a few dozen visitors a week, I'm sorry to report that you will probably lose the domain. However, if it was a hobby site and generated very few visitors, I would simply check back every few days for a couple of weeks to see if it has become available again. I know that sounds like lame advice, but it often works.
from the story:....Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious "spreader" programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a "Trojan horse" program downloaded to their machine, an invader that then tried to fetch the malicious bot program."
Read more at this link here.
The Post also ran a much longer, more in-depth piece looking at the process of passing freeze legislation in Delaware, easily the most banking- and business-friendly state in the union.
That piece is here
One highlight, which looks at the role of the Consumer Data Industry Association (CDIA), the lobbyist group that works for the data broker industry and the credit bureaus:
"Goldberg, who has worked with advocates in more than a dozen states to enact freeze legislation, said that in 2005 the CDIA and the credit-reporting agencies shifted their strategy. They no longer were outright opposed to credit-freeze laws; instead, they worked to convince states to allow the bureaus to charge as much as possible when consumers place, lift or remove credit freezes. "The credit reporting agencies clearly want consumers to pay more for the security freeze than we certainly think they should," Goldberg said. "But given that those same agencies collect all of this sensitive financial data about consumers and then turn around and sell it, we think they should also have the obligation to protect the consumer, and that's where the security freeze comes in.
I think the most interesting part from the Post piece on this is this last line, about LiveJournal's Mischa Spiegelmock, who co-presented this Firefox malarky.
"The Toorcon talk was given by Mischa Spiegelmock a software engineer for Six Apart's LiveJournal blogging service, and a guy speaking under the pseudonym "Andrew Wbeelsoi."
Also, Wbeelsoi, or "Weev" as he is called by friends, is part of a group that calls itself "Bantown," a loose-knit outfit that claimed responsibility for a fairly high-profile Javascript attack against close to a million LiveJournal users, an attack that Security Fix profiled in January."
There is an update at the Washington Post's SecurityFix blog that includes this info about the back and forth between Apple and SecureWorks:
"A number of news outlets and blogs have picked up on these various statements and clarifications, but nowhere have I seen this tidbit: Apple's Fox said that prior to the Black Hat demo, SecureWorks did contact Apple about a wireless flaw in FreeBSD, the open-source code upon which Apple's OS X operating system is based. In January, FreeBSD released a patch to fix the problem, which according to the accompanying advisory, related to a flaw in the way FreeBSD systems scanned for wireless networks that could be exploited to allow attackers to take complete control over the targeted machine.
I looked through the last eight months of patches from Apple and could not find any evidence that it also shipped an update to correct this flaw. Fox said she would check with Apple and get back to me. Fox also said Apple staff were already aware of the flaw when SecureWorks contacted them about it prior to their Black Hat presentation, and that Apple had already determined that the wireless flaw addressed in the FreeBSD patch was not exploitable on any of the Mac products.
"SecureWorks has not be able to exploit this for us," Fox said. "No one has been able to show us a way to exploit our internal [wireless] device drviers with that flaw."
Yeah, all the sites are working? Haha. Check out the Youtube homepage:
"We're currently putting out some new features, sweeping out the cobwebs and zapping a few gremlins.
We'll be back later. In the meantime, please enjoy a layman's explanation of our website..."
Gremlins, my ass.
Gee. Wonder why it's not written for the techie/slashdot crowd. Huh. Oh yeah, it's The Washington Post. It has to be understandable to people who aren't complete geeks.
According to a writeup at the SANS Internet Storm Center, the message generated by the virus reads:
"What is love? Sending her 999 roses knowing she doesn't love him.
What is waste? Sending her 999 roses know she loves him."
That SANS advisory also notes that 3 (count 'em THREE) proof of concept exploits have been published for this vulnerability.
Brian Krebs over at WaPo.com's Security Fix blog is reporting that lawyers are now asking a judge to certify a class-action suit against Microsoft, charging that "the company violated anti-spyware laws in California and Washington state when it collected information about consumers without clearly disclosing that activity in its end-user license agreement."
Looks like the spammers are continuing their attacks against Blue Security, even after it threw in the towel. This from The Post's Security Fix blog:
"Hours after anti-spam company Blue Security pulled the plug on its spam-fighting Blue Frog software and service, the spammers whose attack caused the company to wave the white flag have escalated their assault, knocking Blue Security's farewell message and thousands more Web sites offline.
Just before midnight ET, Blue Security posted a notice on its home page that it was bowing out of the anti-spam business due to concerted attacks against its Web site that took millions of other sites and blogs with it. Within minutes of that online posting, bluesecurity.com went down and remains inaccessible at the time of this writing.
According to information obtained by Security Fix, the reason is that the attackers were hellbent on taking down Blue Security's site again, but had trouble because the company had signed up with Prolexic, which specializes in protecting Web sites from "distributed denial-of-service" (DDoS) attacks."
Americans burn the candle at both ends far too much, and don't get nearly enough sleep. One of the biggest contributors to all kinds of illness, disease, and the ability to properly recover from both is the lack of sleep.
Get YOUR facts straight. For all of you who haven't bothered to read the text of the Anti-Cybersquatting Consumer Protection Act, for a judge or jury to find for the plaintiff on one of these typosquatting cases, they must merely find that the defendant's domain on balance violated five or more of the following nine factors listed as violations of the law:
(i) the trademark or other intellectual property rights of the person, if any, in the domain name;
(ii) the extent to which the domain name consists of the legal name of the person or a name that is otherwise commonly used to identify that person;
(iii) the person's prior use, if any, of the domain name in connection with the bona fide offering of any goods or services;
(iv) the person's bona fide noncommercial or fair use of the mark in a site accessible under the domain name;
(v) the person's intent to divert consumers from the mark owner's online location to a site accessible under the domain name that could harm the goodwill represented by the mark, either for commercial gain or with the intent to tarnish or disparage the mark, by creating a likelihood of confusion as to the source, sponsorship, affiliation, or endorsement of the site;
(vi) the person's offer to transfer, sell, or otherwise assign the domain name to the mark owner or any third party for financial gain without having used, or having an intent to use, the domain name in the bona fide offering of any goods or services, or the person's prior conduct indicating a pattern of such conduct;
(vii) the person's provision of material and misleading false contact information when applying for the registration of the domain name, the person's intentional failure to maintain accurate contact information, or the person's prior conduct indicating a pattern of such conduct;
(viii) the person's registration or acquisition of multiple domain names which the person knows are identical or confusingly similar to marks of others that are distinctive at the time of registration of such domain names, or dilutive of famous marks of others that are famous at the time of registration of such domain names, without regard to the goods or services of the parties; and
(ix) the extent to which the mark incorporated in the person's domain name registration is or is not distinctive and famous within the meaning of subsection (c)(1) of this section.
Read these through: If you know anything about the law, you will probably come to the conclusion that a large share of these look-alike typo domains violated the ACPA (particularly the ones that feature ads that link directly back to the REAL site of the ACTUL trademark holder...or claim to and then lead the visitor into a circle hell of other ad pages).
Who does this hurt? The flip side of Google encouraging this kind of speculation is mentioned in the story for all of you slashdorks fixated on this bistbuy.com example:
"Of the 30 million dot-com names registered worldwide last month, more than 90 percent were dropped, according to domain name registrar GoDaddy.com. As a whole, the Internet has only 54 million active.com and.net addresses, according to VeriSign Inc."
Tons of people each day who run a small web site or business online find their sites swept out from under them the second after their domain expires because some speculator decided the site got enough traffic that it would be worth $6 to redirect all of that site's previous traffic to some porn site or ad-laden site like the ones mentioned in this story. Yes, this type of activity happened seven years ago, but it's much more efficient and widespread than ever before.
Looks like this wasn't really a browser problem. I just spotted this in the comments section of the Post's story, probably written by the author:
"Wiredog -- Shoot, I forgot to address that in the posting. LJ considered the flaw related to a Firefox problem, but Bantown says that's not really the issue here. From my discussion with the Bantown people:
"Livejournal assumed the majority of our javascript injection attacks involved malicious code implanted in style sheets or user posts, and they have heavily audited this area for bugs. The changes they made were for a Firefox-specific bug-- they assumed it was the key to the XSS attacks that we were doing. Ours affect all browsers though, and we were not using this Firefox-specific vulnerability."
I'm sorry I don't have more info about the FF specific bug.
Posted by: Bk | Jan 20, 2006 1:03:27 PM"
RTFA from the Washingtonpost.com. He's saying most keyloggers used by the bad guys don't record everything you type, contrary to popular perception: Many people may have the impression that keyloggers record everything a victim types on their keyboard. While a few keyloggers in use do that (usually the commercial variety designed to help parents spy on their kids' home computer use), the bad guys generally aren't interested in reading reams of IM chat conversations and silly e-mails. Plus, that's a huge amount of data to be sending out of an infected machine.
Rather, a keylogger employed by viruses and worms usually works off a predefined list of financial and e-commerce sites. The keylogger program lies in wait until the victim visits one of those sites, at which time it intercepts any information entered into credit card and other personal data fields and transmits the information back to attackers.
Slashdot Mirror
The summary is wrong. The author didn't say the service has been operating for decades. It said its likely to have been responsible for several decades' worth of attacks, which this service measured in seconds. Since the service allows many concurrent attacks, Krebs said that in four months time the site was responsible for 8 years ("DDoS years) worth of attacks.
Pull skimmer equipment off the ATM and walk away with it and your are likely to get busted by feds or local cops who may be monitoring the machine. If not, you are likely to be confronted by the scammer who put the thing there in the first place. It's not uncommon for these things to disappear the minute someone from the bank notices something's wrong and goes inside to report it. That's because the thieves often are somewhere nearby watching the machine.
Wondering how much this "story" actually differs from the Trusteer press release, below: NEWS RELEASE FOR IMMEDIATE DISTRIBUTION
Trusteer Researchers Find Criminals are Diversifying Financial Attacks with New Version of Bugat Malware
Bugat Quietly Distributed in Recent LinkedIn Phishing Assault; Unlike Zeus Trojan, it is Less Well Known and Harder to Detect
NEW YORK, Oct. 12, 2010 -Trusteer, the leading provider of secure browsing services, today announced that its researchers have discovered a new version of the Bugat financial malware used to commit online fraud. Bugat was distributed in the recent phishing campaign targeting LinkedIn users, which was generally considered to be trying to infect machines with the more common Zeus Trojan. The emergence of this new version of Bugat appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known and therefore harder to detect and block.
Bugat is similar in functionality to its better known financial malware brethren Zeus, Clampi and Gozi. It targets Internet Explorer and Firefox browsers and harvests information during online banking sessions. The stolen financial credentials are used to commit fraudulent Automated Clearing House
(ACH) and wire transfer transactions mostly against small to midsized businesses, which result in high-value losses. Bugat is three times more common in the US than Europe, but its distribution is still fairly low.
In last week's attack, LinkedIn users received emails reminding them of pending messages in their account and providing a malicious URL. When a victim clicked on the link they were directed to a fraudulent website where a java applet fetched and installed the Bugat executable. LinkedIn spam email is an effective tool to push malware to enterprise users, and is being used to gather credentials for commercial bank accounts and other sensitive services used by businesses.
"Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection,"
said Mickey Boodaei, CEO of Trusteer. "We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet."
Trusteer warns that the recent industry focus on Zeus is making it easier for other Trojans, like Bugat, SpyEye, and Carberp which are less wide spread but equally sophisticated, to avoid detection. Carberp currently targets nine banks in the United States, Denmark, The Netherlands, Germany, and Israel. These lesser known financial malware platforms are expected to increasingly compete with the Zeus toolkit to become the new Trojan of choice for criminal groups.
Blocking and Removing Bugat
The Trusteer Secure Browsing Service protects banking and other online sessions by blocking attacks and then disinfecting machines that are infected with Bugat and other financial malware including Zeus, SpyEye, and Carberp. When a Trusteer user browses to sensitive websites such as internet banking, Webmail, or online payment pages, the service immediately locks down the browser and creates a tunnel for safe communication with the web site. This prevents malware like Bugat from injecting data and stealing information entered and presented in the browser. The service is directly connected to the bank (or other online business protected by Trusteer) and to Trusteer's 24x7 fraud analysis service. Attempts to steal money from consumers protected by Trusteer are immediately detected by the bank or operator of the website and are blocked using various layers of protection.
the malware discussed in the blog posts linked from the summary illustrates how the crooks are defeating securID-like tokens, as well. Zeus, eg., is often seen in an attack rewriting the HTML of the bank's Web site as the victim sees it in his or her browser. In the simplest case, where the code is required at login, the attackers simply serve the victim with a maintenance page (down for maintenance, please try back in 15 min). e.g., Beware of Error Pages at Bank Web Sites Some banks require businesses to provide a SecurID or other token key when they initiate a wire or ACH transfer. This is getting closer to the solution, but a lot of commercial banks don't like to require that because many customers initiate such a high number of transfers each day, that it becomes impractical. The hard-to-attack solution, which really doesn't address the usability issue -- is to require the SecurID number both on login and on transfer.
From their press release: "In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening."
I would tell anyone who'd listen that if you own one of these cheapish but otherwise excellent point-and-shoot cameras (mine is a Canon Powershot A510), if you're looking for a great use for it, consider putting it to use as a Web cam, or a motion detector.
I spent quite a bit of time researching this project, and am not affiliated with either company I mention here, nor do I stand to gain from mentioning them. I only cite their names here b/c I was looking for a cheap way to get good quality, auto-recorded video and photo shots of hummingbirds and other birds visiting our feeder, and was amazed at how easy and cheap this was given the alternatives (crappy webcams, etc).
First step up was downloading PSremote, which works with most brands of point and shoots, but most particularly Cannon. It lets you control the camera entirely, from the zoom to the shutter speed and exposure -- from the computer, assuming it's connected to the PC using the supplied cable.
Add to that setup Webcam Zone Trigger, which interacts with that software to let you define "hotspots" and the level of motion detection that should trigger recording in those spots, and you now have a new life for that old camera you don't use anymore. Total cost: $100.
in my experience, domain squatters are more likely to be domain tasters, in that they are only looking to see if your domain generates enough weekly traffic to warrant the $6 registration fee per year. If your site had a few dozen visitors a week, I'm sorry to report that you will probably lose the domain. However, if it was a hobby site and generated very few visitors, I would simply check back every few days for a couple of weeks to see if it has become available again. I know that sounds like lame advice, but it often works.
from the story:....Schiefer said he and his friends spread the bot programs mainly over AOL Instant Messenger (AIM). By using malicious "spreader" programs such as Niteaim and AIM Exploiter, Schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. Anyone who took the bait had a "Trojan horse" program downloaded to their machine, an invader that then tried to fetch the malicious bot program." Read more at this link here.
The Post also ran a much longer, more in-depth piece looking at the process of passing freeze legislation in Delaware, easily the most banking- and business-friendly state in the union. That piece is here
One highlight, which looks at the role of the Consumer Data Industry Association (CDIA), the lobbyist group that works for the data broker industry and the credit bureaus:
"Goldberg, who has worked with advocates in more than a dozen states to enact freeze legislation, said that in 2005 the CDIA and the credit-reporting agencies shifted their strategy. They no longer were outright opposed to credit-freeze laws; instead, they worked to convince states to allow the bureaus to charge as much as possible when consumers place, lift or remove credit freezes. "The credit reporting agencies clearly want consumers to pay more for the security freeze than we certainly think they should," Goldberg said. "But given that those same agencies collect all of this sensitive financial data about consumers and then turn around and sell it, we think they should also have the obligation to protect the consumer, and that's where the security freeze comes in.
Available at this link (PDF)
Might not be a bad idea to update the summary with a link to the full story mentioned in the blurb.
I think the most interesting part from the Post piece on this is this last line, about LiveJournal's Mischa Spiegelmock, who co-presented this Firefox malarky.
"The Toorcon talk was given by Mischa Spiegelmock a software engineer for Six Apart's LiveJournal blogging service, and a guy speaking under the pseudonym "Andrew Wbeelsoi."
Also, Wbeelsoi, or "Weev" as he is called by friends, is part of a group that calls itself "Bantown," a loose-knit outfit that claimed responsibility for a fairly high-profile Javascript attack against close to a million LiveJournal users, an attack that Security Fix profiled in January."
"A number of news outlets and blogs have picked up on these various statements and clarifications, but nowhere have I seen this tidbit: Apple's Fox said that prior to the Black Hat demo, SecureWorks did contact Apple about a wireless flaw in FreeBSD, the open-source code upon which Apple's OS X operating system is based. In January, FreeBSD released a patch to fix the problem, which according to the accompanying advisory, related to a flaw in the way FreeBSD systems scanned for wireless networks that could be exploited to allow attackers to take complete control over the targeted machine.
I looked through the last eight months of patches from Apple and could not find any evidence that it also shipped an update to correct this flaw. Fox said she would check with Apple and get back to me. Fox also said Apple staff were already aware of the flaw when SecureWorks contacted them about it prior to their Black Hat presentation, and that Apple had already determined that the wireless flaw addressed in the FreeBSD patch was not exploitable on any of the Mac products.
"SecureWorks has not be able to exploit this for us," Fox said. "No one has been able to show us a way to exploit our internal [wireless] device drviers with that flaw."
Yeah, all the sites are working? Haha. Check out the Youtube homepage: "We're currently putting out some new features, sweeping out the cobwebs and zapping a few gremlins. We'll be back later. In the meantime, please enjoy a layman's explanation of our website..." Gremlins, my ass.
Gee. Wonder why it's not written for the techie/slashdot crowd. Huh. Oh yeah, it's The Washington Post. It has to be understandable to people who aren't complete geeks.
According to a writeup at the SANS Internet Storm Center, the message generated by the virus reads: "What is love? Sending her 999 roses knowing she doesn't love him. What is waste? Sending her 999 roses know she loves him." That SANS advisory also notes that 3 (count 'em THREE) proof of concept exploits have been published for this vulnerability.
Brian Krebs over at WaPo.com's Security Fix blog is reporting that lawyers are now asking a judge to certify a class-action suit against Microsoft, charging that "the company violated anti-spyware laws in California and Washington state when it collected information about consumers without clearly disclosing that activity in its end-user license agreement."
More here: Microsoft Re-Issues Anti-Piracy Tool, Lawyers Sue
Looks like the spammers are continuing their attacks against Blue Security, even after it threw in the towel. This from The Post's Security Fix blog:
"Hours after anti-spam company Blue Security pulled the plug on its spam-fighting Blue Frog software and service, the spammers whose attack caused the company to wave the white flag have escalated their assault, knocking Blue Security's farewell message and thousands more Web sites offline.
Just before midnight ET, Blue Security posted a notice on its home page that it was bowing out of the anti-spam business due to concerted attacks against its Web site that took millions of other sites and blogs with it. Within minutes of that online posting, bluesecurity.com went down and remains inaccessible at the time of this writing.
According to information obtained by Security Fix, the reason is that the attackers were hellbent on taking down Blue Security's site again, but had trouble because the company had signed up with Prolexic, which specializes in protecting Web sites from "distributed denial-of-service" (DDoS) attacks."
More here.
Americans burn the candle at both ends far too much, and don't get nearly enough sleep. One of the biggest contributors to all kinds of illness, disease, and the ability to properly recover from both is the lack of sleep.
Get YOUR facts straight. For all of you who haven't bothered to read the text of the Anti-Cybersquatting Consumer Protection Act, for a judge or jury to find for the plaintiff on one of these typosquatting cases, they must merely find that the defendant's domain on balance violated five or more of the following nine factors listed as violations of the law:
(i) the trademark or other intellectual property rights of the person, if any, in the domain name;
(ii) the extent to which the domain name consists of the legal name of the person or a name that is otherwise commonly used to identify that person;
(iii) the person's prior use, if any, of the domain name in connection with the bona fide offering of any goods or services;
(iv) the person's bona fide noncommercial or fair use of the mark in a
site accessible under the domain name;
(v) the person's intent to divert consumers from the mark owner's online location to a site accessible under the domain name that could harm the goodwill represented by the mark, either for commercial gain or with the intent to tarnish or disparage the mark, by creating a likelihood of confusion as to the source, sponsorship, affiliation, or endorsement of the site;
(vi) the person's offer to transfer, sell, or otherwise assign the domain name to the mark owner or any third party for financial gain without having used, or having an intent to use, the domain name in the bona fide offering of any goods or services, or the person's prior conduct indicating a pattern of such conduct;
(vii) the person's provision of material and misleading false contact information when applying for the registration of the domain name, the person's intentional failure to maintain accurate contact information, or the person's prior conduct indicating a pattern of such conduct;
(viii) the person's registration or acquisition of multiple domain names which the person knows are identical or confusingly similar to marks of others that are distinctive at the time of registration of such domain names, or dilutive of famous marks of others that are famous at the time of registration of such domain names, without regard to the goods or services of the parties; and
(ix) the extent to which the mark incorporated in the person's domain name registration is or is not distinctive and famous within the meaning of subsection (c)(1) of this section.
Read these through: If you know anything about the law, you will probably come to the conclusion that a large share of these look-alike typo domains violated the ACPA (particularly the ones that feature ads that link directly back to the REAL site of the ACTUL trademark holder...or claim to and then lead the visitor into a circle hell of other ad pages).
Who does this hurt? The flip side of Google encouraging this kind of speculation is mentioned in the story for all of you slashdorks fixated on this bistbuy.com example: "Of the 30 million dot-com names registered worldwide last month, more than 90 percent were dropped, according to domain name registrar GoDaddy.com. As a whole, the Internet has only 54 million active .com and .net addresses, according to VeriSign Inc."
Tons of people each day who run a small web site or business online find their sites swept out from under them the second after their domain expires because some speculator decided the site got enough traffic that it would be worth $6 to redirect all of that site's previous traffic to some porn site or ad-laden site like the ones mentioned in this story. Yes, this type of activity happened seven years ago, but it's much more efficient and widespread than ever before.
You have no job. Get over it!
these people are the source of this entire story. the link to their post should be included in the summary of the main entry
Looks like this wasn't really a browser problem. I just spotted this in the comments section of the Post's story, probably written by the author:
"Wiredog -- Shoot, I forgot to address that in the posting. LJ considered the flaw related to a Firefox problem, but Bantown says that's not really the issue here. From my discussion with the Bantown people: "Livejournal assumed the majority of our javascript injection attacks involved malicious code implanted in style sheets or user posts, and they have heavily audited this area for bugs. The changes they made were for a Firefox-specific bug-- they assumed it was the key to the XSS attacks that we were doing. Ours affect all browsers though, and we were not using this Firefox-specific vulnerability." I'm sorry I don't have more info about the FF specific bug. Posted by: Bk | Jan 20, 2006 1:03:27 PM"
RTFA from the Washingtonpost.com. He's saying most keyloggers used by the bad guys don't record everything you type, contrary to popular perception:
Many people may have the impression that keyloggers record everything a victim types on their keyboard. While a few keyloggers in use do that (usually the commercial variety designed to help parents spy on their kids' home computer use), the bad guys generally aren't interested in reading reams of IM chat conversations and silly e-mails. Plus, that's a huge amount of data to be sending out of an infected machine.
Rather, a keylogger employed by viruses and worms usually works off a predefined list of financial and e-commerce sites. The keylogger program lies in wait until the victim visits one of those sites, at which time it intercepts any information entered into credit card and other personal data fields and transmits the information back to attackers.
or is it just deja vu all over again?