‘Indestructible’ botnet uncovered
30 June 2011
Last updated at 11:34
Cracking the TDL-4 botnet is going to be hard, say security experts.
More than four million PCs have been enrolled in a botnet security experts say is almost “indestructible”.
The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down.
Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.
Security researchers said recent botnet shutdowns had made TDL’s controllers harden it against investigation.
The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.
The changes introduced in TDL-4 made it the “most sophisticated threat today,” wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.
“The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and anti-virus companies,” wrote the researchers.
Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec.
A botnet is a network of home computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims’ PCs or use the machines to send out spam or carry out other attacks.
The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files.
Continue reading the main story
“Start Quote
It’s definitely one of the most sophisticated botnets out there”
End Quote
Joe Stewart
The virus installs itself in a Windows system file known as the master boot record. This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.
The majority of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.
However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down.
The makers of TDL-4 have cooked up their own encryption system to protect communication between those controlling the botnet. This makes it hard to do any significant analysis of traffic between hijacked PCs and the botnet’s controllers.
In addition, TDL-4 sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines.
“For all intents and purposes, [TDL-4] is very tough to remove,” said Joe Stewart, director of malware research at Dell SecureWorks to Computerworld. “It’s definitely one of the most sophisticated botnets out there.”
However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.
Article source: http://www.bbc.co.uk/go/rss/int/news/-/news/technology-13973805
Got a website? Pay attention, Cookie Law will come
Small businesses need to be careful of the European Union cookie law – although so far most countries seem to be ignoring it.
Many websites drop cookies, a small piece of software, onto visitors’ machines to help with navigation, page view counts and to remember users’ log-in details.
But changes to European privacy law last month mean that cookies are now included in Privacy and Electronic Communications Regulations. Businesses must get users’ consent before installing cookies and follow rules in storing and accessing information gathered from them.
The Forum of Private Business is warning small firms to make sure they’re following the new rules.
The FPB also notes that the UK regulator – the Information Commissioner’s Office – has said it will give firms up to a year to fix any problems.
But the FPB said that with the threat of £500,000 fines for non-compliance, business owners should check their sites are following the new rules. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/06/20/cookie_warning/
Anti-piracy action seeks BT block
28 June 2011
Last updated at 02:31
Please turn on JavaScript. Media requires JavaScript to play.
BT is being taken to court by the film industry in a bid to block access to a website which, it says, promotes piracy
Film-makers are going to court in a bid to block access to a site that links to pirated versions of popular movies.
In a UK legal first, the Motion Picture Association (MPA) has applied for an injunction that would force BT to cut off customers’ access to Newzbin.
The MPA, the industry body for a number of movie studios, said it was targeting BT first as the largest internet service provider in the UK.
BT confirmed it would be in court later but did not make any further comment.
The MPA wants BT to block Newzbin with the same system that stops access to sites hosting child sex abuse images.
The members-only website aggregates a large amount of the illegally copied material found on Usenet discussion forums.
The MPA is the international arm of the Motion Picture Association of America – the industry body representing movie studios such as Warner, Sony, Fox, Disney and Paramount.
Continue reading the main story
“Start Quote
Newzbin has no regard for UK law and it is unacceptable that it continues to infringe copyright on a massive and commercial scale when it has been ordered to stop by the High Court”
End Quote
Chris Marcich
MPA European president
It brought its action against BT because, as well as being the largest ISP in the UK with more than 5.6 million customers, BT supplies the site-blocking system known as Cleanfeed to many other big UK ISPs.
Success in the courts may mean the blocking spreads to those other operators.
Massive scale
The MPA began its legal action against UK-operated Newzbin in 2010, which resulted in the High Court telling the site to remove material it hosted that infringed copyright.
Newzbin went into administration soon after but its assets, including web domains, were sold to new owners and a fresh version of the site has popped up operating out of the Seychelles.
“Newzbin has no regard for UK law and it is unacceptable that it continues to infringe copyright on a massive and commercial scale when it has been ordered to stop by the High Court,” said Chris Marcich, European president of the MPA, in a statement.
“We have explored every route to get Newzbin to take down the infringing material and are left with no option but to challenge this in the courts.”
Court-imposed blocks have been used widely throughout Europe but a success for the MPA would mark the first time the tactic has worked in the UK.
The UK’s Digital Economy Act does require ISPs to help rights holders identify users who may have downloaded music, software and videos illegally. However, it stops short of giving rights holders legal powers to pursue alleged pirates.
In a statement BT would confirm only that it would be appearing in court on Tuesday “following an application for an injunction by members of the MPA”.
The Internet Service Providers Association said it would not comment until the court had made its decision.
Article source: http://www.bbc.co.uk/go/rss/int/news/-/news/technology-13927335
SMEs get hit harder in a market crisis, say biz profs
SMEs, especially riskier RD-led ones, get even harder than one would expect by market crises, according to a new analysis by biz professors.
“We found that during big market crashes, investors adjust their holdings towards bigger corporate stocks that they perceive as being safer, even after controlling for economic exposures,” says David Berger, finance prof.
Berger and his colleague H J Turtle examined market data covering 20 years and eight large emerging crises. They found that SMEs in one country tended to suffer a market hit following a crisis overseas, even if their own national economy remained unhurt overall.
“Investors see big blue chip stocks as the safer ones, and small, RD intensive stocks for example, as riskier,” Berger said. “So the stock of a smaller domestic company could take a hit because of an international shock.”
Berger and Turtle’s full study will be published in the Global Finance Journal. It is available online in advance of press here.
“Because investors start dumping smaller stocks in favor of safer, larger ones, the irony is that larger multinational corporations potentially see positive benefits during international crises,” comments Berger. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/06/22/smes_aiee_in_a_crise/
LulzSec hacking group ‘disbands’
26 June 2011
Last updated at 12:32
The Lulz Security group has used Twitter to draw further attention to itself
A hacker group that has attacked several high-profile websites over the last two months has announced that it is disbanding.
Lulz Security made its announcement through its Twitter account, giving no reason for its decision.
A statement published on a file-sharing website said that its “planned 50-day cruise has expired”.
The group leapt to prominence by carrying out attacks on companies such as Sony and Nintendo.
Broadcasters Fox and PBS, the CIA, and the United States Senate have also been cyber-attacked by the group.
As a parting shot, the group released a selection of documents apparently including confidential material taken from the Arizona police department and US telecoms giant ATT.
Correspondents say LulzSec’s announcement could be a sign that its members are nervous because of recent police investigations, including the arrest of a British man suspected of links to the group, and efforts by rival hackers to expose them.
‘Microscopic impact’
Continue reading the main story
Analysis
The disbanding of LulzSec might seem like an important victory for the forces of law and order – after all, this is the group credited with attacks on everything from Sony to the CIA.
But in this shadowy world of claims, boasts and posturing, nothing is quite what it seems. It may have been other members of the hacker “community” – disgruntled with the antics of LulzSec – who forced the group into retreat. A document posted online in the last 24 hours purports to be a history of LulzSec, complete with full details on its leaders. “We’ve been tracking and infiltrating these kids,” says the document, and its account goes on to name people in the UK, Amsterdam and New York, along with their social networking profiles and other details.
The document, posted by something called the A-Team, looks convincing, with logs from IRC (Internet Relay Chat) conversations amongst the group. It ends by offering the “raw logs of everything” to any law enforcement agency.
But even if LulzSec has gone offline, its members and other hackers trying to make a name for themselves may soon pop up elsewhere. And the other question is whether we should take any publicity-hungry group like this too seriously. The real damage is more likely being done by criminal groups who wouldn’t dream of boasting of their exploits on Twitter or anywhere else.
The group’s identities remain anonymous and it has not been possible to contact its members directly to confirm its statement.
The statement said that “our crew of six wishes you a happy 2011″.
“So with those last thoughts, it’s time to say bon voyage,” it added.
“Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere.”
But LulzSec urged its supporters to carry on.
“We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us,” the statement said.
“Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”
The group had previously told the BBC’s Newsnight programme that it wanted to target the “higher ups” who write the rules and “bring them down a few notches”.
In an online QA, the hacker known as Whirlpool, who described himself as “captain of the Lulz Boat”, said that while the group had begun hacking “for laughs” – for which the word “lulz” is cyber-slang – it evolved into “politically motivated ethical hacking”.
And in an interview with the Associated Press on Friday, a LulzSec member said the group had at least five gigabytes of “government and law enforcement data” from around the world, which it planned to release in the next three weeks.
Ryan Cleary, 19, from Wickford, Essex, was arrested as part of a Scotland Yard and FBI probe into LulzSec and charged with hacking the website of the UK Serious Organised Crime Agency.
Article source: http://www.bbc.co.uk/go/rss/int/news/-/news/uk-13918458
Faking reviews? You should fret about more than illegality
Opinion A recent newspaper investigation uncovered evidence that companies are paying agencies to create false online reviews for their services. But what those companies may not realise is that this is illegal and could ruin their businesses.
The practice is called astroturfing, because it fakes grass-roots support, and it is not only ethically questionable, it is illegal. And if the law doesn’t damage the business of those who engage in it, the verdict of the public will.
The laws surrounding the practice are yet to be fully tested, and business owners might think they can get away with some of the activity uncovered by The Times‘s investigation. But business owners must realise that, law or no law, faking support could cost them their most valuable asset: their reputation.
Individuals and companies have been saying nice things about themselves online since the first web forum opened its virtual doors, but that process has now become professionalised, and positive reviews have become tradeable commodities.
In an investigation earlier this month The Times found that hotel owners in the UK were paying up to £10,000 to agencies that said they could improve travel review rankings and, in some cases, could discredit rival businesses.
Agencies ‘sold’ followers on social media sites for 24p each, the paper found. They used multiple accounts and hired writers who could use different writing styles to fake a groundswell of support for a business and its services.
Consumer service industries have the most to gain from word-of-mouth recommendations. Hospitality businesses, in particular, depend heavily on what people say about them. But this means they have most to lose.
Some proprietors may not be aware that astroturfing is illegal, but it is. The Consumer Protection from Unfair Trading Regulations say that pretending to be a consumer and giving yourself a positive review is ‘an unfair commercial practice’. This is a criminal offence and proprietors are potentially liable for an unlimited fine and a prison sentence of two years.
The practice is also contrary to the UK Code of non-broadcast Advertising, Sales Promotion and Direct Marketing (CAP Code). Astroturfing breaches the CAP Code as the marketing is not fair, legal, decent, honest and truthful – the key principles of the self-regulatory CAP Code.
It may be that some businesses know this, but will be taking the calculated risk that they will not be caught, or will escape prosecution. This, sadly, is a better bet than it might seem.
It is a quirk of the Unfair Trading Regulations that the only bodies which can take action based on them are the Office of Fair Trading (OFT) and Trading Standards.
It is unlikely that they will spend public money on investigating one-off cases of astroturfing, and even less likely that they will prosecute.
Equally, an unscrupulous business owner is unlikely to harbour great fears of the ASA. By far its most frequent response to breaches of the CAP Code is to tell the organisation to remove the offending advert or not use the infringing marketing communication in the same form again.
The real reason that businesses should avoid astroturfing is not legal at all: it should be the fear of being exposed.
Consumer businesses trade on their reputation more than anything else. Hospitality businesses – big users of astroturfing if The Times investigation is to be believed – live or die on their good name. If one of these companies is found to have faked consumer support, it could be fatal to their prospects.
Why? Because it demonstrates a lack of confidence in their own products and services. And because it breaches the fundamental trust that must exist between consumers and the companies that sell to them.
Businesses must have more faith in their own services. If they don’t, they should be spending that £10,000 improving their services, not creating a false impression of them.
For a start, this is because being exposed as a company that relies on cheating review websites looks terrible. And it can’t last. What happens when the astroturfing budget runs out? Real reviews take over again, more virulent than before because the reality has so poorly matched the dream they were sold.
Advertising by its nature has always walked a fine line between truthful boasting and deception, and social media platforms give companies a new way to reach people direct with their messages. But care must be taken, here as with other media, to stay on the right side of the law and, more importantly, on the right side of customers.
Breaking consumer laws looks bad. Deceiving your customers looks worse. To do both could spell the end of your business.
Copyright © 2011, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/06/23/fake_reviews/
Zonkey has a new home
After many weeks of emails, phone calls, visits and paperwork, we’ve finally collected the keys to our new offices. We now have just over a week to decorate and get everything ready, and hopefully BT will keep their side of the deal and turn up on the correct day to install our phone line and broadband. 1st July is our current plan for moving in day so fingers crossed everything goes well! It will be nice to have a permanent base once again, and we’ve got more space to move around as well.
Lots of other things going on this week. We’ve been working with a few new companies looking at getting them setup on the web and advising on how such mediums as Twitter and Facebook can play a part in the promotion of their business. A lot of businesses think they have to be seen to be ‘doing’ Twitter, but few really utilise it in the best way. We’ve been having discussions with a new Bath startup PR firm about how social media plays an important part in any PR and Marketing plan. Nowadays Twitter, blogs, articles, forums and many more online options open up a wide range of methods of getting yourself heard, and not all of them need to cost the earth! If you’re confused about your part in the social media marketplace then give the Zonkey a call and we’ll be glad to talk things through with you.
More updates to follow next week!
‘Super sand’ to help clean water
24 June 2011
Last updated at 12:34
The technology could help improve access to clean water in developing countries
Contaminated water can be cleaned much more effectively using a novel, cheap material, say researchers.
Dubbed “super sand”, it could become a low-cost way to purify water in the developing world.
The technology involves coating grains of sand in oxide of a widely available material called graphite – commonly used as lead in pencils.
The team describes the work in the American Chemical Society journal Applied Materials and Interfaces.
In many countries around the world, access to clean drinking water and sanitation facilities is still limited.
The World Health Organization states that “just 60% of the population in Sub-Saharan African and 50% of the population in Oceania [islands in the tropical Pacific Ocean] use improved sources of drinking-water.”
The graphite-coated sand grains might be a solution – especially as people have already used sand to purify water since ancient times.
Coating the sand
But with ordinary sand, filtering techniques can be tricky.
Continue reading the main story
“Start Quote
Given that this can be synthesized using room temperature processes and also from cheap graphite sources, it is likely to be cost-efficient”
End Quote
Mainak Majumder
Monash University, Australia
Dr Wei Gao from Rice university in Texas, US, told BBC News that regular coarse sand was a lot less effective than fine sand when water was contaminated with pathogens, organic contaminants and heavy metal ions.
While fine sand is slightly better, water drains through it very slowly.
“Our product combines coarse sand with functional carbon material that could offer higher retention for those pollutants, and at the same time gives good throughput,” explained Dr Gao.
She said that the technique the team has developed to make the sand involves dispersing graphite oxide into water and mixing it with regular sand.
“We then heat the whole mixture up to 105C for a couple of hours to evaporate the water, and use the final product – ‘coated sand’ – to purify polluted water.”
Cost-efficient
The lead scientist of the study, Professor Pulickel Ajayan, said it was possible to modify the graphite oxide in order to make it more selective and sensitive to certain pollutants – such as organic contaminants or specific metals in dirty water.
Another team member, Dr Mainak Majumder from Monash University in Melbourne, Australia, said it had another advantage – it was cheap.
“This material demonstrates comparable performance to some commercially available activated carbon materials,” he said.
“But given that this can be synthesized using room temperature processes and also from cheap graphite sources, it is likely to be cost-efficient.”
He pointed out that in Australia many mining companies extract graphite and they produce a lot of graphite-rich waste.
“This waste can be harnessed for water purification,” he said.
Article source: http://www.bbc.co.uk/go/rss/int/news/-/news/business-13895077
Europe-wide ecommerce laws ahoy!
Any European citizen buying from any website within Europe will be protected by the same consumer rights on prices, delivery and returns.
The EU-wide law was passed by the European Parliament this morning.
It means punters will have a two-week cooling off period after receiving goods and must be given precise information on prices and traders’ contact details.
The Parliament’s chief rapporteur Andreas Schwabb believes the law will cut red tape for small and medium businesses as well as improving protection for consumers engaging in cross-border trades.
Regulators believe that European consumers are put off buying across European borders because of questions over regulations. But some big brands oppose unified rules because they like to sell products at different prices in different countries and stop “grey imports’ – good brought from one country to another in order to be re-sold.
A spokeswoman for the British Retail Consortium told The Reg: “By and large this is a good win for businesses. It makes cross-border selling easier and should help protect businesses against the small minority of customers who may seek to abuse return periods. And obviously we’re happy to see consumers better protected too.”
The law now needs approval from the Council of Ministers, expected in July. After that individual nations have two years to pass the rules into national law.
The European Parliament release is here. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/06/23/etail_laws_change/
Bitcoin ‘will recover’ from crash
22 June 2011
Last updated at 00:11
The value of Bitcoins fell from $17.50 to almost nothing in a matter of minutes
The virtual currency Bitcoin will “bounce back” after a hack attack caused its value to collapse, according to one of its senior developers.
Gavin Andresen said he hoped the crisis would lead to better security on sites where Bitcoins are bought and sold.
Prices on the main exchange, Mt.Gox, fell from $17.50 (£10.80) to almost zero when a large number of stolen Bitcoins were dumped on the market.
Trading was suspended and eventually rolled back to pre-crash rates.
Mt.Gox revealed details of the security breach on June 20 with an announcement on its website.
“It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database,” the statement read.
Around the same time, an unidentified person accessed one of the compromised accounts and sold all of its Bitcoins.
They then attempted to buy the coins again and withdraw them in US dollars.
The fraudster was partially foiled when they hit Mt.Gox’s $1000 daily limit.
The decision to reset the Bitcoin rate to a point just before the malicious trades were placed was criticised by some users who had taken the opportunity to buy low.
“Why should everyone who profited from the crash suffer your inability to secure the site?” wrote a user called Elments.
Questionable future
Although the problem was caused by security failings at Mt.Gox, it has raised wider questions about the viability of Bitcoin as a virtual currency.
Continue reading the main story
“Start Quote
Like any start-up, it could change the world but it could also be risk.”
End Quote
Gavin Andresen
Bitcoin developer
“I am sceptical about its longer term prospects,” said David Birch, director of Consult Hyperion, a consultancy specialising in electronic transactions.
“There were two things here – the specific bubble (caused by the dumping of stolen coins) and the exchange mechanism.”
Bitcoin transactions are made by swapping anonymous, heavily encrypted codes which only a specific user can unlock.
Details of who owns each Bitcoin are distributed across a peer-to-peer network, with no central repository.
If an encrypted coin file is deleted, the money is lost.
Legal worries
The system has proved popular with online criminals, keen to keep their financial transactions secret, although it has a wider, legitimate, user base.
Mr Birch said the fact that so many Bitcoins were traded on a single exchange made it vulnerable to market shocks.
He also questioned the fundamental workings of the currency, saying that its emphasis on anonymity and decentralised nature meant there was little recourse for users when things go wrong.
The online freedom group, the Electronic Frontier Foundation (EFF) said it was dropping Bitcoin as a means of donating to its cause because of concerns about consumer protection, taxation and money laundering.
On the same day as the crash, the EFF’s legal director Cindy Cohn wrote: “Since there is no caselaw on this topic, and the legal implications are still very unclear, we worry that our acceptance of Bitcoins may move us into the possible subject role.”
Bitcoin developer Gavin Andresen conceded that current safeguards around the currency may be inadequate.
“I have been the person saying that Bitcoin is an experiment, so you can have confidence in it as much as you can have confidence in any start-up,” he said.
“Like any start-up, it could change the world but it could also be risk.”
Article source: http://www.bbc.co.uk/go/rss/int/news/-/news/technology-13857192
