TechLuver.com

At Last !!!  Finally StopBadware.org brought the Real Malware, RealPlayer from RealNetworks, to the light of the day.

StopBadware has brought just some of the bad practises out in the open, while you can find about it in much more details in reader comments I’ve found on highly recognized technology sites like CNET’s News.com, tehRegister.co.uk and PCWorld.com, posted by their tech savvy readers.

Just in case, if you are wondering who / what is this StopBadware.org ?
Stopbadware, an industry-academia group designed to raise public awareness about software that violates fair information and privacy practices, is a collaboration between Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute, with support from companies like Google, Lenovo, and Sun Microsystems.

Cambridge, MA — StopBadware.org, the consumer protection initiative developed to combat badware, on Jan 31, released an alert about RealNetworks Inc.’s RealPlayer software application.

The group found RealPlayer version 10.5 to be badware because of inadequate disclosure of advertising behavior and RealPlayer version 11 to be badware because it bundles an additional application without disclosure.

RealPlayer 11 is the current version of the application, offered on Real (dot) com as an internet video and multimedia player. RealPlayer 10.5 is an older version which is still widely distributed through such sites as BBC Radio and through the Firefox web browser’s “missing plug-in” capability.

The report highlights two areas of concern:
• The Software does not fully, accurately, clearly, and conspicuously disclose the principal and significant features and functionality of the application prior to installation - The advertising software bundled with RealPlayer is misleadingly called a ‘message center’, and is described incompletely and inconspicuously in the EULA as software designed to provide useful software updates. When RealPlayer 10.5 is installed, the advertising features of this ‘message center’ are enabled by default for users who choose not to register their personal information with RealNetworks after the software is installed.
• Software installs deceptively - RealPlayer 11 does not disclose that it installs Rhapsody Player Engine, and does not remove this software when RealPlayer is uninstalled. Users are not informed by the installer or uninstaller of the connection between RealNetworks and Rhapsody Player Engine.

“Software producers have a responsibility to inform users, clearly and unambiguously, about what software will be installed on their computers and what it will do,” said Maxim Weinstein, manager of StopBadware.org at the Berkman Center for Internet & Society at Harvard Law School. “RealNetworks does not allow users to make an informed choice about how their computers will be used. We hope to see a new version of RealPlayer soon that addresses these
concerns.” More at StopBadware.org (in pdf).

According to StopBadware.org’s definition of badware it is “malicious software that tracks your moves online and feeds that information back to shady marketing groups so that they can ambush you with targeted ads.”

Here are some of the reader comments I’ve found on PC world in response to their article on the issue:
User “Yert” writes at January 31, 2008 8:59 PM PT
“About freaking time. Real Player is the worst media software ever. And its competitors have DRM systems in place!

Seriously though, I don’t use Real Player, and uninstall it whenever I am authorized. It is not safe, not sane, and bloated, even compared to iTunes. Real Player should have lost the EU judgement on the fact that their product sucks!”

User “OnlineSolutions” writes at February 03, 2008  6:55 AM PT
“I installed RealPlayer’s suite once as an experiment and signed up to Rhapsody for their 30 day trial. I immediately changed my mind, but was unable to cancel using their website. They required a phone call to cancel, but the 800 number they gave didn’t work. After repeated emails and phone call attempts, I had to change my credit card number to stop the $19 / month in charges that had continued for 6 months. These people are either incompetent or crooks.”

Reader comments on CNET’s News.com:
Reader “GermanVermin” writes:
“realplayer sucks: Yeah. I have always hated realplayer. its chock full of advertisements, a pain to install, and runs background and startup services that slow down your computer. For an official client of a common propreitary video codec, RealPlayer should be more professional.

Use RealAlternative instead, it allows you to play realplayer videos inside of windows media player.”

Reader “MadLyb” writes:
“What a surprise: I stopped using RealPlayer years ago because of their intrusive software and policies. I’m surpised it took this long for someone to ding them.”

Reader “Electric.81″ writes:
“Real Player: Real Player is a piece of ‘crapolla’ and always has been since day one….now they’ve been caught with thier hand in the ‘cookie jar’ ;>) ”

Reader comments I’ve found on theRegister.co.uk:
Reader “Kev K” writes:
“Real Player & Quicktime both suck : QT lite and Real Alternative from free-codecs.com do the job very nicely for me without the bloat or constant nagging.”

Reader “Anonymous” writes:
“It’s been 3 years: since I stopped using this shyteware, just because of this annoying ODRealSched process of theirs that was getting reactivated once in a while despite I deleted it and removed any link to it.

How come you can trust such a company. Good thing they are named and shamed. At last !!!! ”

Reader “Robert Moore” writes:
“Die RealPlayer die!!! : I have come to accept that most media players (In windows) are resource hogs these days, but Real takes it to a whole new level.

I used to work for a retailer, in their service center, and I would regularly get in computers that the complaint was “Choppy DVD playback” or words to that effect. In most cases a quick uninstall of RealPlayer would fix it right up. Only PH would be foolish enought to install RealPlayer.”

Excerpts from the reader janimal’s comment:
“Real Malware: Have you ever read the Real license?? I’m pretty sure satan was involved because, it goes way beyond the usual accepted rights buggery and weasleness of the standard software license.

Happily if you want to view RM files these days (thanks for the access BBC bastards . I complain to them regularly about Real software) you can use Real Alternative avalable here..

http://codecguide.com/about_real.htm

I choose thumbs up because that’s what Real like to put up people’s bottoms.”

Finally, I never get that, when there are choices of free Windows Media Player 11 and Open Sourced VLC Media Player, why in the world any one need to use RealPlayer? Ok how to play the contents that are available only in Real Media ? I just never play those files

BUCHAREST, Romania – On Tuesday, Dec 18, BitDefender announced that BitDefender antivirus analysts have detected a new trojan, which hijacks Google text advertisements, replacing them with ads from a different provider.

The threat, which is identified by BitDefender as Trojan.Qhost.WU, modifies the infected computers’ Hosts file (a local storage for domain name / IP address mappings, which is consulted before domain name servers and is considered authoritative).

The modified file contains a line redirecting the host “page2.googlesyndication.com” which should point to an IP of the form 6x.xxx.xxx.xxx to a different address, of the form 9x.xxx.xxx.xxx, so that the infected machines’ browsers read ads from server at the replacement address rather than from Google.

“This is a serious situation that damages users and webmasters alike,” said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”

Users are advised to let BitDefender software delete the trojan. More info on the ad-hijacking trojan at BitDefender here and Real-time Virus Reporting here.

Beware of the Love Bots!

So you think you’ve found Mr. or Ms. Right online in, of all places, a Chatroom. Beware! A Russian company has just come up with software that can simulate online flirting, genuinely fooling people into thinking they’re making overtures to a real person.

The program, so far available only in Russian, will go on sale around February 15, just after St Valentine’s Day, said the CyberLover.ru website.

San Francisco, Calif — PC Tools, on Dec 12, uncovered new software developed in Russia that flirts with females or males seeking relationships online in order to collect their personal data.

The software, CyberLover, can conduct fully automated flirtatious conversations with users of chat-rooms and dating sites to lure them into a set of dangerous actions such as sharing their identity or visiting web sites with malicious content.

According to its creators, CyberLover can establish a new relationship with up to ten partners in just 30 minutes and its victims cannot distinguish it from a human being.

PC Tools is concerned about the program’s ability to mimic human behavior during online interactions and urges internet users to beware of this new breed of software that can easily be used for malicious purposes. The concept behind this software could be the catalyst for a dangerous new trend in malware evolution.

“As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” says Sergei Shevchenko, Senior Malware Analyst at PC Tools. “It employs highly intelligent and customized dialogue to target users of social networking systems.”

“Internet users today are generally aware of the dangers of suspicious attachments and URLs they receive, the documents they open or the websites they visit, but CyberLover employs a new technique that is unheard of – and that’s what makes it particularly dangerous.”

“CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention. If it’s spawned in multiple instances on multiple servers, the number of potential victims could be very substantial,” says Shevchenko.

According to PC Tools researchers, the CyberLover software:

- offers a variety of profiles ranging from ‘romantic lover’ to ‘sexual predator;’

- uses a series of easily configurable “dialogue scenarios” with pre-programmed questions and discussion topics;

- is designed to recognize the responses of chat-room users to tailor its interaction accordingly;

- compiles a detailed report on every person it meets and submits then to a remote source – the reports contain confidential information that the victim has shared with the bot, which can include the victim’s name, contact details and personal photo(s);

- invites victims to visit a “personal” website or blog which could in fact be a fake page used to automatically infect visitors with malware.

Though Cyberlover is currently targeting Russian web sites, social networkers and online daters in the are urged to stay alert to unusual activity credited to programs like CyberLover.

To protect themselves, PC Tools recommends:

• Never give your personal details to anyone over the internet.
• Consider using aliases/fake names on social networking sites and when chatting online.
• Carefully monitor the online behavior of your family members and educate them of the dangers.
• Ensure you have up-to-date AntiVirus and Anti-Spyware installed, with real-time and behavioral protection.

PC Tools warns the security industry to prepare itself for this potential new trend of malware which uses “natural language dialogue systems” – already deployed within gaming technologies. PC Tools.

Dec 08, ‘07 — Gadi Evron, a Security Architect for Afilias global registry services, an expert on corporate security and counterespionage, botnets, e-fraud and phishing, and the founder of the Zero-Day Emergency Response Team (ZERT), writes an excellent in-depth article on effectively fighting spam at ZDNet.

Excerpts from Gadi Evron’s article:
“Working in the Israeli city of Netanya, next door to our offices was a spam operation with roughly 30 employees. One day they weren’t there anymore.

They were blog comment spammers, but officially were doing Search Engine Optimization or SEO. Instead of optimizing content, they posted illicit comments on many blogs with commercial or misleading messages leading to their clients’ web sites, mainly for the purpose of increasing their clients’ web sites visibility in search engines such as Google. They would do this using an illegal tool such as botnets, and make quite a bit of money.

The reason for their disappearance soon became clear; nearly all their clients were gone. A law was passed in the United States which addressed online gambling operations (”Unlawful Internet Gambling Enforcement Act” - UIGEA). As a result, the public gaming industry ceased accepting online wagers. More than that, UIGEA addressed processing payments to and from Internet gambling sites. In a day, most of US-based gambling web sites ceased to exist (others moved over-seas, although quite a bit of the world’s credit processing is done by US firms).

This effectively caused the death of numerous black hat SEO companies–comment spammers. Perhaps the UIGEA measure against processing of payments proved too difficult to overcome. Not being a lawyer I can’t say exactly how UIGEA caused this death. No matter, US online gambling operations were effectively destroyed.

Spam decreased. The underlying cause for that was that the clients weren’t there due to the inability to process payments because of the online Casinos law. Not only black hat SEO companies suffered, many spam operations lost clients. There is nearly no more Casino spam in our mail inboxes. Isn’t that grand?

A long time ago I heard somebody say they asked a corporate take-over lawyer on how he’d take down spam. He said: Legalize and regulate it. It seems like he was right, just on a deeper level.” More at ZDNet.

Wellington, New Zealand — Nov 29, ‘07 — Police nabbed the suspected teenage kingpin of an international cyber crime network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims’ bank accounts, officials said.

“Working with the FBI and police in the Netherlands, New Zealand police arrested the 18-year-old in the North Island city of Hamilton, said Martin Kleintjes, head of the police electronic crime center. The suspect’s name was not immediately available.

Kleintjes charged that the ring was responsible for stealing at least $20 million using bank account and login details detected by their illegal spyware.

The 18-year-old Hamilton man is now co-operating with police after they carried out searches at Canterbury, Northland and Waikato addresses.

The FBI believes “AKILL” is the ringleader of a “botnet” – in this case a cluster of over a million computers infected by a malicious virus letting the perpetrator gain control of them, access private information and attack other computers.

The arrest was part of international probe into the criminal use of “botnets,” in which hackers gain control of third-party computers through malicious software and then use them as remote-controlled robots to crash online systems, accept spam and steal users’ personal information.

Eight people have been indicted, pleaded guilty or convicted since the investigation started in June. Thirteen additional warrants have been served in the U.S. and overseas in the investigation, which the FBI says has uncovered more than $20 million in economic losses.

New Zealand police searched the residence of the 18-year-old suspected to be the ringleader earlier this week. The federal agency identified the person by the online handle “AKILL.”

Earlier this month, Ryan Goldstein, 21, of Ambler, Pa., was indicted in the case. Authorities allege that the New Zealand suspect and Goldstein were involved in crashing a University of Pennsylvania engineering school server Feb. 23, 2006.” More at Stuff.co.nz

Nov 29, ‘07 — BBC News is reporting on a huge campaign to poison web searches and trick people into visiting malicious websites has been thwarted.

“The booby-trapped websites came up in search results for search terms such as “Christmas gifts” and “hospice”. Windows users falling for the trick risked having their machine hijacked and personal information plundered.

The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.

While computer security researchers have seen small-scale attempts to subvert search results before now, the sheer scale of this attack dwarfed all others. “This was fairly epic,” said Alex Eckelberry, head of Sunbelt Software - one of the firms that uncovered the attack.

Eckelberry said tens of thousands of domains, many based in China and only a couple of days old, were used in the vanguard of the attack.

Websites loaded on these domains were booby-trapped with malicious software that looked for vulnerabilities in copies of Microsoft’s Internet Explorer used to browse them. “If your machine was not fully patched you were going to get hosed,” said Eckelberry.

The criminals who bought the domains convinced Google, MSN and Yahoo they were good and popular sources of information, said Mr Eckelberry, by using comment spam on blogs to push the pages up the search index rankings.

He speculated that the campaign was being waged by the Russian Business Network - a hi-tech criminal gang known to favour web-based attacks.

But, said Eckelberry, this attack was likely to be a harbinger of many more. “This is not going to go away,” he said.” More at BBCNews.

Nov 16, ‘07 — Adam L. Penenberg at FastCompany.com writes an article on iPhone hacking demoed by a UNIX specialist and consultant from Sedona, Arizona, Rik Farrow.

In his words, “Of course, the Web is rife with braggadocio, and just because a few computer engineers could gin up an obscure software exploit or two didn’t mean anyone had actually unleashed any. Still, my editors and I wondered just how vulnerable is the “Jesus Phone” to an unscrupulous hacker? Could it really be turned into a tool of espionage?

So we purchased an iPhone for Rik Farrow and commissioned him to crack through its defenses, which he did using H D Moore’s Metasploit, a popular platform for testing security systems. The result is this video, in which Farrow was able to take complete control of an iPhone and demonstrate the ability to eavesdrop on conversations, intercept voice mail and e-mail, and upload nefarious software programs. “Physical access to an iPhone,” Farrow points out, “is not required.” Although in Farrow’s demo the Wi-Fi was turned on — common enough for iPhone users, since AT&T’s EDGE network makes Web surfing slow and laborious — Moore says his exploit can work on EDGE, too.

Now, our lawyer would like us to emphasize that Farrow was careful not to offer a cookbook, or how-to guide, on how to hack Apple’s touch screen marvel. He just showed what was possible.

As for the iPhone, however, Apple engineers have made it easier to attack by running all software applications as “root,” which means they offer the same full-system privileges. Locate a security flaw in one — say, e-mail or the Web browser — you can control them all. Standard security protocol dictates providing layers of protection to guard against this, which the iPhone does not.

As a result, there are a number of ways to exploit the iPhone’s defenses. If you know your target’s phone number, you could text message a link to a malicious Website, which would covertly install a third-party application executing malicious code. The corollary would be to send your target an e-mail with a nefarious attachment; he clicks on it and the attacker “owns” the phone.

Or there’s always the “man-in-the-middle” (MITM) attack, which is perhaps the most James Bondian: You sit in, say, Starbucks with a laptop set up, as part of the ruse, to operate as a Wi-Fi access point, so a target’s Web browsing and e-mail pass through your computer first. (How can you tell who has an iPhone as opposed to someone with a standard laptop, rival smartphone, or PDA? Simple — the exploit only works on iPhones.) “This method would allow exploitation of any application that downloads images from the Internet,” Moore says. “This covers standard Web-browsing using Safari, but also includes the iTunes Music Store, the YouTube video browser, and the Google Maps application.”" More at FastCompany.com

Los Angeles, CA — Nov 10, ‘07 — A Los Angeles  computer security consultant entrusted with making personal computers safer has admitted to hacking into them to create a rogue network of as many as 250,000 PCs, which he used to steal money and identities.

Federal prosecutors Friday said that John Kenneth Schiefer, a 26-year-old computer security consultant, used an army of hijacked computers, known as a “botnet,” to carry out a variety of schemes to rip off unsuspecting consumers and corporations.

Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles.

Schiefer, who used the Internet name “acidstorm,” is the first person charged under federal wiretapping law with operating a “botnet,” or network of compromised computers, Assistant U.S. Atty. Mark Krause said.

“People hired him to fix their computers, to make sure they’re safe,” Krause said. Instead, prosecutors contend that Schiefer and his associates installed malicious computer code, called malware, that gave them remote access to the computers without the owners’ knowledge.

The “zombie” computers then eavesdropped on the users’ electronic communications. The vast number of computers that Schiefer compromised — as many as 250,000 — highlights a stealthy online crime spree on the rise.

These botnets, short for “robot networks,” remotely harvest personal information, including user names and passwords, to give their operators access to credit card information and online bank accounts.

Schiefer culled user names, passwords for the PayPal online payment service, and other account information that he used to make unauthorized purchases and passed on to others, prosecutors said.

In all, the federal indictment includes four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. Federal authorities were still trying to identify victims and the scope of their losses, Krause said.