As a Fry's employee (while no fanboy), I thought I would point something out.
Vastech is NOT a "rebate processor hired by Fry's Electronics", it is the manufacturer who offered the rebate. They make small PC mods and accessories such as case fans and USB harddrive enclosures. You can see their webiste at http://www.vastechinc.com/
Fry's Electronics does not offer any rebates themselves. All the rebates are though the manufacturer of the item you are purchasing. We even have a rebate department in each store to try and help you force though rebates or resubmit them.
While everyone likes to poke fun at Fry's (the Walmart of electronics stores, I call them), they were not really in the wrong here, it really should be Vastech found at fault. I do hope Fry's sees this as an opportunity to put in some good will and issue their own refund checks to all affected customers.
I work for a major electronics retailer, and we had originally sold our systems in bundles only for approx. $1200 each, with later bundles around the $900 range. We are getting approx. 10 of these bundles being returned a day. We started getting the majority of them after December 20th or so., which would be around the last day to ship from eBay. We are acepting these items back for return, but alot of the folks who bought them on the 17th are stuck with a $1200 store credit.
All the scalpers are mostly saying that "We didn't need it", "We got 2 for christmas", etc. One guy I talked to was honest and told me he bought it to flip on eBay, but the market fell out. Now he's waiting on a Wii to buy for himself.
We have lots of PS3s here at the store gathering dust (we got the largest shipment per store of any electronics retailer), people just aren't interested in them at all anymore.
I work as a Department Manager for a certain Best Buy competitor in the Service Department.
I always hear the same gripes about the Geek Squad, and I don't buy any of them. Anyone who's worked in a retail service environment knows how much different it is than the "mom and pop" style repair stores.
One main difference with a smaller operation is almost all the customer walking in the door are going to be paying you cash. If you charge $100 for a virus removal, you're going to be doing a great job and doing it quickly. Word of mouth is your best way to increase your sales. In the retail space, the majority of the customers are coming in to get an item repaired under a manufacturer or store warranty, get an item processed for return, and only a handful of the customers are paying you cash for your service, of which you see a tiny portion of that on your check. You may be pulling in 1-2k a day in part/labor sales, but you get around $80 of that.
There's no real motivation to do a job quickly or effeciently except for pride, which fortunately alot of my techs have. They like to make the customers happy, and take pride in their work. Other than that, you do whatever job will make you the most money with the least work. If i can spend 3 hour hunting down drivers, dlls and missing OS files to fix a corrupted windows install for $69, or just do a data backup and reformat for $69 + $49, which one will I do? With the condition the systems coming in here, it almost always a better option to reformat than to try and salvage the system.
There's no money in fixing a hardware issue anymore either. We have eMachine systems that all fail in the same way, motherboard/power supply fails. With the cost of new PSU, mobo and new CPU for the new sockets, it gets to over $350 parts/labor. We got Compaq PCs for $279. Why bother?
Here's just a few of the common problems we deal with on a daily basis. -Systems with virus/spyware so bad that removal results in windows corruption. Customers insist this is covered by their "warranty" -Systems infested with rodents or insects including cockaroaches. Customers insist this is covered by their "warranty" -System with cracked screens, snapped off D/C jacks, or broken hinges. Customers insist this is covered by their "warranty"
Look, I'm not making excuses for a poor tech. We get our fair share of these jokers in here, but luckily we require A+ certification and have a strict "probabtion" period. But the types of customers that come into our stores and the GeekSquad are the most basic computer novices looking for help. They could care less if you fixed the problem with a painstaking OS image and repair install, or if you just reformatted and pushed "My Documents" to disc. As long as they can get the unit back online to check email and download "Cool Screensavers!!", they're happy.
Danseglio said malicious hackers are conducting targeted attacks that are "stealthy and effective" and warned that the for-profit motive is much more serious than even the destructive network worms of the past. "In 2006, the attackers want to pay the rent. They don't want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money.
And therein lies the problem. I've said time and again that you can forget about viruses and worms in the sense of traditional mail mailing worms and the likes. The "antivirus" market has for the most part finally gotten through to consumers and they've been educated enough to contain virus outbreaks to small flareups, but not major outbreaks.
But when you've got a multi-million dollar company, permission based marketing, and some unscruplious hackers with ties to the russian mafia, the spy/adware outbreak is causing far more havok and is going pretty much unnoticed.
When I do virus/spyware removal at my job (I work for a service center at a retail electronics chain, so I deal with "average customers", not IT staff) it always comes to removing 100 pieces of spyware. The consumers all seem to just think that it's just the system getting old. When I tell them they're infected with spyware, most of their responses are to simply by a new PC (and get infected once more). I can tell you hundreds of horror stories, like the system I did last week that was turned into a server, uploading over 14k files to the Kazaa network, or the customer's system that was so badly infected it would cause all network traffic to halt on her home network because the system was sending out so much data traffic.
It's alot harder to bury a company like 180 solutions, Aluria, and the like when they've got million in revenue, backing of big companies like Ford and eBay using their advertising, and being able to hide in the EULA of some screensaver program.
The age of the half-hacker virus writer is dead. It's gotten much more organized once the money started coming in.
One interesting aspect is that on certain cell phones, you can call a cell phone with the caller id spoof being the number you are dialing, and it will throw you right into the voicemail system with no authentication necessary.
Older versions of FF will open it natively. (pre 1.0 I believe)
Newer versions of FF and Opera will pull it up but will ask if you'd like to open the image with MS Picture and Fax viewer or whatever associated program. If you click no, you should be safe. If you click yes, you're infected.
If this thing gets stored on you HDD or your cache somewhere though, the mere act of single clicking on the file or even the folder in some cases can trigger it. And if you have Google Desktop Search installed, google will index and execute the code as soon as it hits the drive. Some DOS boxes are getting infected this way even.
This too slips right past Internet security packages such as Norton and McAfee. For the money people pay for AV protection the vendors really need to get their act together in my opinion.
But this is where the issue lies and why IMO viruses are of virtually no threat anymore, it's going to be all ad/spyware from here on. For instance, I finished up a cleanup of a machine yesterday. Went through it with 1 AV scanner, and 7 different AntiSpyware tools, plus had to go in by hand and do manual removals. 1 virus, over 36 different ad/spyware programs from over 900 traces. Norton was of course expired and hadn't been updated in 8 months.
When the virus fight used to be AV Companies vs. Johnny Scriptkiddy, it's now AV Companies vs. Permission Based Marketing (read: Adware) companies, or an army of zombie bots controlled by the Russian Mafia.
Companies like Symantec, Mcafee, and Microsoft are very careful to step on toes in labeling other companies products as ad/spyware. Those very companies profiting from the adware also have their own army of lawyers and will file suit against anyone who dare defile their product! After all, you read the EULA right?
So when a customer tells me she still has Norton and she wants to know why she is still getting popups, I have to explain to her what the difference between viruses and adware, and why Norton just plain sucks for the new threats we face.
Never thought I would wish for the days of Melissa again, lol
BTW, Sometimes after a cleanup I install MS AntiSpy and Firefox with the IE Theme (http://www.firefoxie.net/). Just change that blue "e" to point to FF, and they're just a bit more secure.
...Because it's a simple image. Who would think that an image can deliver such a nasty payload?
It doesn't need any user interaction. This blows right through fully patched copies of windows, and IE opens and executes it automatically (video here - http://www.websensesecuritylabs.com/images/alerts/ wmf-movie.wmv)
Does your website have an image on it? It can be exploited that way.
Does your email render html, even with scripting turned off? It can be exploited that way.
A few trusted sites have been compromised with this exploit. Some seedier as networks (with hundreds or thousands of affiliates) are using this to generate cash.
There is no patch for Windows ME, 98, or 95 and there will never be as these OSes are unsupported. These systems will ALWAYS have this vulnerability.
I work for a major electronics retailer in the Service department. Most of our duties are simple PC repair, data backup, and virus/spyware removal.
I have seen in the past week our work increase 5 fold because of this exploit. What is normally a very slow time of the year for us has become very busy for us and it's making me nervous myself.
We had a few customer that bought brand new computers and laptop and are bringing them back the same day with this exploit. A quick check reveals that their Norton was up-to-date, yet this stuff still slipped in. Other customers are getting this thing left and right. Unfortunately I have not much to tell them except to keep updating all your security products daily as it's only going to get worse before it gets better. Hand them a copy of Norton and Sunbelt Counterspy and tell them good luck.
I do believe there is a bit a social engineering planned into this. Customers with year-end financials, tax season starting up, holiday credit card payments and statements coming through. Very ripe time to plucking financial and personal data. And with this being an extended holiday weekend, this exploit has a bit of time to fester and refine itself before the big trojan/virus with a major payload slips past the AV and Adware detections and onto millions of computers. What happens when someone combines with exploit with a backgood into a major ad server network? Imagine the damage then.
I'm doing the best I can at my house against this thing, but looking at the 7+ Windows boxes I'm now worrying about updating, installing, patching and unregistering, and the 1 Apple laptop I haven't had to restart in 6 months, and I wonder if this is going to be the big one that really gives Microsoft the black eye it can't recover from.
Slashdot Mirror
As a Fry's employee (while no fanboy), I thought I would point something out.
Vastech is NOT a "rebate processor hired by Fry's Electronics", it is the manufacturer who offered the rebate. They make small PC mods and accessories such as case fans and USB harddrive enclosures.
You can see their webiste at http://www.vastechinc.com/
Fry's Electronics does not offer any rebates themselves. All the rebates are though the manufacturer of the item you are purchasing. We even have a rebate department in each store to try and help you force though rebates or resubmit them.
While everyone likes to poke fun at Fry's (the Walmart of electronics stores, I call them), they were not really in the wrong here, it really should be Vastech found at fault. I do hope Fry's sees this as an opportunity to put in some good will and issue their own refund checks to all affected customers.
I work for a major electronics retailer, and we had originally sold our systems in bundles only for approx. $1200 each, with later bundles around the $900 range. We are getting approx. 10 of these bundles being returned a day. We started getting the majority of them after December 20th or so., which would be around the last day to ship from eBay. We are acepting these items back for return, but alot of the folks who bought them on the 17th are stuck with a $1200 store credit.
All the scalpers are mostly saying that "We didn't need it", "We got 2 for christmas", etc. One guy I talked to was honest and told me he bought it to flip on eBay, but the market fell out. Now he's waiting on a Wii to buy for himself.
We have lots of PS3s here at the store gathering dust (we got the largest shipment per store of any electronics retailer), people just aren't interested in them at all anymore.
Happy cows do come from California!
Not so much :(
Hate to say it, but I predicted this back on January 1st http://it.slashdot.org/comments.pl?sid=172683&cid= 14375232
I work as a Department Manager for a certain Best Buy competitor in the Service Department.
I always hear the same gripes about the Geek Squad, and I don't buy any of them. Anyone who's worked in a retail service environment knows how much different it is than the "mom and pop" style repair stores.
One main difference with a smaller operation is almost all the customer walking in the door are going to be paying you cash. If you charge $100 for a virus removal, you're going to be doing a great job and doing it quickly. Word of mouth is your best way to increase your sales. In the retail space, the majority of the customers are coming in to get an item repaired under a manufacturer or store warranty, get an item processed for return, and only a handful of the customers are paying you cash for your service, of which you see a tiny portion of that on your check. You may be pulling in 1-2k a day in part/labor sales, but you get around $80 of that.
There's no real motivation to do a job quickly or effeciently except for pride, which fortunately alot of my techs have. They like to make the customers happy, and take pride in their work. Other than that, you do whatever job will make you the most money with the least work. If i can spend 3 hour hunting down drivers, dlls and missing OS files to fix a corrupted windows install for $69, or just do a data backup and reformat for $69 + $49, which one will I do? With the condition the systems coming in here, it almost always a better option to reformat than to try and salvage the system.
There's no money in fixing a hardware issue anymore either. We have eMachine systems that all fail in the same way, motherboard/power supply fails. With the cost of new PSU, mobo and new CPU for the new sockets, it gets to over $350 parts/labor. We got Compaq PCs for $279. Why bother?
Here's just a few of the common problems we deal with on a daily basis.
-Systems with virus/spyware so bad that removal results in windows corruption. Customers insist this is covered by their "warranty"
-Systems infested with rodents or insects including cockaroaches. Customers insist this is covered by their "warranty"
-System with cracked screens, snapped off D/C jacks, or broken hinges. Customers insist this is covered by their "warranty"
Look, I'm not making excuses for a poor tech. We get our fair share of these jokers in here, but luckily we require A+ certification and have a strict "probabtion" period. But the types of customers that come into our stores and the GeekSquad are the most basic computer novices looking for help. They could care less if you fixed the problem with a painstaking OS image and repair install, or if you just reformatted and pushed "My Documents" to disc. As long as they can get the unit back online to check email and download "Cool Screensavers!!", they're happy.
And therein lies the problem. I've said time and again that you can forget about viruses and worms in the sense of traditional mail mailing worms and the likes. The "antivirus" market has for the most part finally gotten through to consumers and they've been educated enough to contain virus outbreaks to small flareups, but not major outbreaks.
But when you've got a multi-million dollar company, permission based marketing, and some unscruplious hackers with ties to the russian mafia, the spy/adware outbreak is causing far more havok and is going pretty much unnoticed.
When I do virus/spyware removal at my job (I work for a service center at a retail electronics chain, so I deal with "average customers", not IT staff) it always comes to removing 100 pieces of spyware. The consumers all seem to just think that it's just the system getting old. When I tell them they're infected with spyware, most of their responses are to simply by a new PC (and get infected once more). I can tell you hundreds of horror stories, like the system I did last week that was turned into a server, uploading over 14k files to the Kazaa network, or the customer's system that was so badly infected it would cause all network traffic to halt on her home network because the system was sending out so much data traffic.
It's alot harder to bury a company like 180 solutions, Aluria, and the like when they've got million in revenue, backing of big companies like Ford and eBay using their advertising, and being able to hide in the EULA of some screensaver program.
The age of the half-hacker virus writer is dead. It's gotten much more organized once the money started coming in.
Suggested Reading: Sunbelt Blog
You're over thinking.
This ain't rocket science.
One interesting aspect is that on certain cell phones, you can call a cell phone with the caller id spoof being the number you are dialing, and it will throw you right into the voicemail system with no authentication necessary.
Older versions of FF will open it natively. (pre 1.0 I believe) Newer versions of FF and Opera will pull it up but will ask if you'd like to open the image with MS Picture and Fax viewer or whatever associated program. If you click no, you should be safe. If you click yes, you're infected. If this thing gets stored on you HDD or your cache somewhere though, the mere act of single clicking on the file or even the folder in some cases can trigger it. And if you have Google Desktop Search installed, google will index and execute the code as soon as it hits the drive. Some DOS boxes are getting infected this way even.
But this is where the issue lies and why IMO viruses are of virtually no threat anymore, it's going to be all ad/spyware from here on. For instance, I finished up a cleanup of a machine yesterday. Went through it with 1 AV scanner, and 7 different AntiSpyware tools, plus had to go in by hand and do manual removals. 1 virus, over 36 different ad/spyware programs from over 900 traces. Norton was of course expired and hadn't been updated in 8 months.
When the virus fight used to be AV Companies vs. Johnny Scriptkiddy, it's now AV Companies vs. Permission Based Marketing (read: Adware) companies, or an army of zombie bots controlled by the Russian Mafia.
Companies like Symantec, Mcafee, and Microsoft are very careful to step on toes in labeling other companies products as ad/spyware. Those very companies profiting from the adware also have their own army of lawyers and will file suit against anyone who dare defile their product! After all, you read the EULA right?
So when a customer tells me she still has Norton and she wants to know why she is still getting popups, I have to explain to her what the difference between viruses and adware, and why Norton just plain sucks for the new threats we face.
Never thought I would wish for the days of Melissa again, lol
BTW, Sometimes after a cleanup I install MS AntiSpy and Firefox with the IE Theme (http://www.firefoxie.net/). Just change that blue "e" to point to FF, and they're just a bit more secure.
Does your website have an image on it? It can be exploited that way. Does your email render html, even with scripting turned off? It can be exploited that way. A few trusted sites have been compromised with this exploit. Some seedier as networks (with hundreds or thousands of affiliates) are using this to generate cash. There is no patch for Windows ME, 98, or 95 and there will never be as these OSes are unsupported. These systems will ALWAYS have this vulnerability.
Imaginine if someone uploaded this to MySpace (http://www.alexa.com/data/details/traffic_details ?q=&url=www.myspace.com/), as they allow full html formatting, embed, iframes and all kinds of crazy crap. One exploit on a popular blog will cause A LOT of damage.
I work for a major electronics retailer in the Service department. Most of our duties are simple PC repair, data backup, and virus/spyware removal.
I have seen in the past week our work increase 5 fold because of this exploit. What is normally a very slow time of the year for us has become very busy for us and it's making me nervous myself.
We had a few customer that bought brand new computers and laptop and are bringing them back the same day with this exploit. A quick check reveals that their Norton was up-to-date, yet this stuff still slipped in. Other customers are getting this thing left and right. Unfortunately I have not much to tell them except to keep updating all your security products daily as it's only going to get worse before it gets better. Hand them a copy of Norton and Sunbelt Counterspy and tell them good luck.
I do believe there is a bit a social engineering planned into this. Customers with year-end financials, tax season starting up, holiday credit card payments and statements coming through. Very ripe time to plucking financial and personal data. And with this being an extended holiday weekend, this exploit has a bit of time to fester and refine itself before the big trojan/virus with a major payload slips past the AV and Adware detections and onto millions of computers. What happens when someone combines with exploit with a backgood into a major ad server network? Imagine the damage then.
I'm doing the best I can at my house against this thing, but looking at the 7+ Windows boxes I'm now worrying about updating, installing, patching and unregistering, and the 1 Apple laptop I haven't had to restart in 6 months, and I wonder if this is going to be the big one that really gives Microsoft the black eye it can't recover from.