TechLuver.com

At Last !!!  Finally StopBadware.org brought the Real Malware, RealPlayer from RealNetworks, to the light of the day.

StopBadware has brought just some of the bad practises out in the open, while you can find about it in much more details in reader comments I’ve found on highly recognized technology sites like CNET’s News.com, tehRegister.co.uk and PCWorld.com, posted by their tech savvy readers.

Just in case, if you are wondering who / what is this StopBadware.org ?
Stopbadware, an industry-academia group designed to raise public awareness about software that violates fair information and privacy practices, is a collaboration between Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute, with support from companies like Google, Lenovo, and Sun Microsystems.

Cambridge, MA — StopBadware.org, the consumer protection initiative developed to combat badware, on Jan 31, released an alert about RealNetworks Inc.’s RealPlayer software application.

The group found RealPlayer version 10.5 to be badware because of inadequate disclosure of advertising behavior and RealPlayer version 11 to be badware because it bundles an additional application without disclosure.

RealPlayer 11 is the current version of the application, offered on Real (dot) com as an internet video and multimedia player. RealPlayer 10.5 is an older version which is still widely distributed through such sites as BBC Radio and through the Firefox web browser’s “missing plug-in” capability.

The report highlights two areas of concern:
• The Software does not fully, accurately, clearly, and conspicuously disclose the principal and significant features and functionality of the application prior to installation - The advertising software bundled with RealPlayer is misleadingly called a ‘message center’, and is described incompletely and inconspicuously in the EULA as software designed to provide useful software updates. When RealPlayer 10.5 is installed, the advertising features of this ‘message center’ are enabled by default for users who choose not to register their personal information with RealNetworks after the software is installed.
• Software installs deceptively - RealPlayer 11 does not disclose that it installs Rhapsody Player Engine, and does not remove this software when RealPlayer is uninstalled. Users are not informed by the installer or uninstaller of the connection between RealNetworks and Rhapsody Player Engine.

“Software producers have a responsibility to inform users, clearly and unambiguously, about what software will be installed on their computers and what it will do,” said Maxim Weinstein, manager of StopBadware.org at the Berkman Center for Internet & Society at Harvard Law School. “RealNetworks does not allow users to make an informed choice about how their computers will be used. We hope to see a new version of RealPlayer soon that addresses these
concerns.” More at StopBadware.org (in pdf).

According to StopBadware.org’s definition of badware it is “malicious software that tracks your moves online and feeds that information back to shady marketing groups so that they can ambush you with targeted ads.”

Here are some of the reader comments I’ve found on PC world in response to their article on the issue:
User “Yert” writes at January 31, 2008 8:59 PM PT
“About freaking time. Real Player is the worst media software ever. And its competitors have DRM systems in place!

Seriously though, I don’t use Real Player, and uninstall it whenever I am authorized. It is not safe, not sane, and bloated, even compared to iTunes. Real Player should have lost the EU judgement on the fact that their product sucks!”

User “OnlineSolutions” writes at February 03, 2008  6:55 AM PT
“I installed RealPlayer’s suite once as an experiment and signed up to Rhapsody for their 30 day trial. I immediately changed my mind, but was unable to cancel using their website. They required a phone call to cancel, but the 800 number they gave didn’t work. After repeated emails and phone call attempts, I had to change my credit card number to stop the $19 / month in charges that had continued for 6 months. These people are either incompetent or crooks.”

Reader comments on CNET’s News.com:
Reader “GermanVermin” writes:
“realplayer sucks: Yeah. I have always hated realplayer. its chock full of advertisements, a pain to install, and runs background and startup services that slow down your computer. For an official client of a common propreitary video codec, RealPlayer should be more professional.

Use RealAlternative instead, it allows you to play realplayer videos inside of windows media player.”

Reader “MadLyb” writes:
“What a surprise: I stopped using RealPlayer years ago because of their intrusive software and policies. I’m surpised it took this long for someone to ding them.”

Reader “Electric.81″ writes:
“Real Player: Real Player is a piece of ‘crapolla’ and always has been since day one….now they’ve been caught with thier hand in the ‘cookie jar’ ;>) ”

Reader comments I’ve found on theRegister.co.uk:
Reader “Kev K” writes:
“Real Player & Quicktime both suck : QT lite and Real Alternative from free-codecs.com do the job very nicely for me without the bloat or constant nagging.”

Reader “Anonymous” writes:
“It’s been 3 years: since I stopped using this shyteware, just because of this annoying ODRealSched process of theirs that was getting reactivated once in a while despite I deleted it and removed any link to it.

How come you can trust such a company. Good thing they are named and shamed. At last !!!! ”

Reader “Robert Moore” writes:
“Die RealPlayer die!!! : I have come to accept that most media players (In windows) are resource hogs these days, but Real takes it to a whole new level.

I used to work for a retailer, in their service center, and I would regularly get in computers that the complaint was “Choppy DVD playback” or words to that effect. In most cases a quick uninstall of RealPlayer would fix it right up. Only PH would be foolish enought to install RealPlayer.”

Excerpts from the reader janimal’s comment:
“Real Malware: Have you ever read the Real license?? I’m pretty sure satan was involved because, it goes way beyond the usual accepted rights buggery and weasleness of the standard software license.

Happily if you want to view RM files these days (thanks for the access BBC bastards . I complain to them regularly about Real software) you can use Real Alternative avalable here..

http://codecguide.com/about_real.htm

I choose thumbs up because that’s what Real like to put up people’s bottoms.”

Finally, I never get that, when there are choices of free Windows Media Player 11 and Open Sourced VLC Media Player, why in the world any one need to use RealPlayer? Ok how to play the contents that are available only in Real Media ? I just never play those files

Dec 08, ‘07 — Gadi Evron, a Security Architect for Afilias global registry services, an expert on corporate security and counterespionage, botnets, e-fraud and phishing, and the founder of the Zero-Day Emergency Response Team (ZERT), writes an excellent in-depth article on effectively fighting spam at ZDNet.

Excerpts from Gadi Evron’s article:
“Working in the Israeli city of Netanya, next door to our offices was a spam operation with roughly 30 employees. One day they weren’t there anymore.

They were blog comment spammers, but officially were doing Search Engine Optimization or SEO. Instead of optimizing content, they posted illicit comments on many blogs with commercial or misleading messages leading to their clients’ web sites, mainly for the purpose of increasing their clients’ web sites visibility in search engines such as Google. They would do this using an illegal tool such as botnets, and make quite a bit of money.

The reason for their disappearance soon became clear; nearly all their clients were gone. A law was passed in the United States which addressed online gambling operations (”Unlawful Internet Gambling Enforcement Act” - UIGEA). As a result, the public gaming industry ceased accepting online wagers. More than that, UIGEA addressed processing payments to and from Internet gambling sites. In a day, most of US-based gambling web sites ceased to exist (others moved over-seas, although quite a bit of the world’s credit processing is done by US firms).

This effectively caused the death of numerous black hat SEO companies–comment spammers. Perhaps the UIGEA measure against processing of payments proved too difficult to overcome. Not being a lawyer I can’t say exactly how UIGEA caused this death. No matter, US online gambling operations were effectively destroyed.

Spam decreased. The underlying cause for that was that the clients weren’t there due to the inability to process payments because of the online Casinos law. Not only black hat SEO companies suffered, many spam operations lost clients. There is nearly no more Casino spam in our mail inboxes. Isn’t that grand?

A long time ago I heard somebody say they asked a corporate take-over lawyer on how he’d take down spam. He said: Legalize and regulate it. It seems like he was right, just on a deeper level.” More at ZDNet.

Wellington, New Zealand — Nov 29, ‘07 — Police nabbed the suspected teenage kingpin of an international cyber crime network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims’ bank accounts, officials said.

“Working with the FBI and police in the Netherlands, New Zealand police arrested the 18-year-old in the North Island city of Hamilton, said Martin Kleintjes, head of the police electronic crime center. The suspect’s name was not immediately available.

Kleintjes charged that the ring was responsible for stealing at least $20 million using bank account and login details detected by their illegal spyware.

The 18-year-old Hamilton man is now co-operating with police after they carried out searches at Canterbury, Northland and Waikato addresses.

The FBI believes “AKILL” is the ringleader of a “botnet” – in this case a cluster of over a million computers infected by a malicious virus letting the perpetrator gain control of them, access private information and attack other computers.

The arrest was part of international probe into the criminal use of “botnets,” in which hackers gain control of third-party computers through malicious software and then use them as remote-controlled robots to crash online systems, accept spam and steal users’ personal information.

Eight people have been indicted, pleaded guilty or convicted since the investigation started in June. Thirteen additional warrants have been served in the U.S. and overseas in the investigation, which the FBI says has uncovered more than $20 million in economic losses.

New Zealand police searched the residence of the 18-year-old suspected to be the ringleader earlier this week. The federal agency identified the person by the online handle “AKILL.”

Earlier this month, Ryan Goldstein, 21, of Ambler, Pa., was indicted in the case. Authorities allege that the New Zealand suspect and Goldstein were involved in crashing a University of Pennsylvania engineering school server Feb. 23, 2006.” More at Stuff.co.nz

Nov 29, ‘07 — BBC News is reporting on a huge campaign to poison web searches and trick people into visiting malicious websites has been thwarted.

“The booby-trapped websites came up in search results for search terms such as “Christmas gifts” and “hospice”. Windows users falling for the trick risked having their machine hijacked and personal information plundered.

The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.

While computer security researchers have seen small-scale attempts to subvert search results before now, the sheer scale of this attack dwarfed all others. “This was fairly epic,” said Alex Eckelberry, head of Sunbelt Software - one of the firms that uncovered the attack.

Eckelberry said tens of thousands of domains, many based in China and only a couple of days old, were used in the vanguard of the attack.

Websites loaded on these domains were booby-trapped with malicious software that looked for vulnerabilities in copies of Microsoft’s Internet Explorer used to browse them. “If your machine was not fully patched you were going to get hosed,” said Eckelberry.

The criminals who bought the domains convinced Google, MSN and Yahoo they were good and popular sources of information, said Mr Eckelberry, by using comment spam on blogs to push the pages up the search index rankings.

He speculated that the campaign was being waged by the Russian Business Network - a hi-tech criminal gang known to favour web-based attacks.

But, said Eckelberry, this attack was likely to be a harbinger of many more. “This is not going to go away,” he said.” More at BBCNews.

Nov 16, ‘07 — Too long have we suffered in silence under the tyranny of idiocy. In the beginning, the internet was a place where one could communicate intelligently with similarly erudite people.

Then, Eternal September hit and we were lost in the noise. The advent of user-driven web content has compounded the matter yet further, straining our tolerance to the breaking point. It’s time to fight back. Says StupidFilter Project.

What is StupidFilter Project

The solution we’re creating is simple: an open-source filter software that can detect rampant stupidity in written English. This will be accomplished with weighted Bayesian or similar analysis and some rules-based processing, similar to spam detection engines. The primary challenge inherent in our task is that stupidity is not a binary distinction, but rather a matter of degree. To this end, we’re collecting a ranked corpus of stupid text, gleaned from user comments on public websites and ranked on a five-point scale.

Eventually, once the research is completed, we plan to release core engine source code for incorporation into content management systems, blogs, wikis and the like. Additionally, we plan to develop a fully implemented Firefox plugin and a Wordpress plugin.

Project Status

This project is currently in the design and analysis phase. We’ve gathered a fairly large (225K+ comments) database of comments, primarily from Youtube, that ever-inspiring font of stupidity. We’ve implemented a web-based comment ranking system to seed our stupidity corpus and that’s proceeding nicely.

Moderator applications are now open and we’re going through them as quickly as possible. We’re testing CRM114 as a classification platform, initial tests with the bit entropy and correlative classifiers are pretty promising. Additionally, we’ve moved to a new dedicated server better suited to the heavy database work we’re doing. We’re still on track for a late December alpha code release date. StupidFilter.

Nov 02, ‘07 – A New Jersey man was sentenced to more than two years in prison on Friday for helping send “spam” e-mails to more than 1.2 million America Online subscribers.

Todd Moeller, 28, was sentenced 27 months in prison in a federal court in New York after he was caught making a deal with a government informant to send junk e-mails — known as spam — advertising a computer security program in return for 50 percent of the profits, the U.S. Attorney’s Office in Manhattan said.

Moeller and Adam Vitale of New York pleaded guilty earlier this year to breaking anti-spam laws and defeating AOL’s filter system by using a variety of computer servers and changing the header information on e-mails to ensure they could not be traced, court papers said. Vitale will be sentenced November 13.

Spam is now being served in audio form. Its Latest Twist on a Security Threat. Scammers are now using MP3 file attachments to pitch stocks in pump-and-dump schemes.

The latest in unwanted electronic communication is an MP3 file that began landing in inboxes around the world last week. It features a spooky, synthesized Darth-Vader-sounding female voice touting the stock of Exit Only Inc., traded on the lower-standard Pink Sheets.

“Hello, this is an investor alert!” the halting, at times unintelligible voice says. Her pitch invokes the growth prospects of Exit Only, a Web site operator that runs Text4Cars.com, which links auto buyers and sellers via text messages.

Computer security researchers say the audio blasts — MP3 files with misleading names attached to spam e-mails — reflect spammers’ need to slip their messages through increasingly sophisticated e-mail filters.

The MP3s masquerade as cell phone ringtones or carry names like “bartsimpson.mp3″ and “justintimberlake.mp3,” said Keith Crosley, director of market development for Proofpoint Inc., which sells e-mail security software and hardware.

Spammer have had to change tactics as the filters have gotten smarter at blocking traditional text-based spam, spam sent as image attachments — such as GIFs or JPEGs — and even the latest rage, spam hidden inside attachments created with Adobe Systems Inc.’s ubiquitous Portable Document Format, or PDF.

Santa Monica, Calif.-based Exit Only said the e-mails are being sent by someone trying to pump up the company’s stock before dumping it.

In the audio version, the user receives an MP3 file that is socially engineered with a name that invites clicking-either because it is a popular band name or title that seems personal. Some documented titles include: dadsong.MP3, oursong.MP3, weddingsong.MP3, santana.MP3, sayyousayme.MP3, smashingpumpkins.MP3, bbrown.MP3, bspears.MP3, gloriaestefan.MP3, beatles.MP3; answeringmachine.MP3, coolringtone.MP3, listentothis.MP3 and elvis.MP3, according to researchers at Cyberoam, who are tracking the problem. The files range in size from 88KB to 150KB.

When opened, the user hears a synthesized voice pitching the penny stock. The quality is extremely poor. Here’s a sample (126KB) from the labs at SecureWorks, which are also tracking the audio spam.

More here and here