* Posts by zcat

29 publicly visible posts • joined 1 Mar 2008

Anatomy of a malware scam

zcat
Linux

I know someone who paid for it

Someone I know managed to install this software (or something very similar) and after a few attempts to remove it themselves, they were also misguided enough to pay the $45 in the hope that it would stop bothering them so frequently. Paying didn't make any difference and they got me to remove it about a month later. They also said that there were no other charges on their credit card. Perhaps the number of people who pay the $45 is already high enough and the scammers don't want to 'kill the golden goose' by making more obviously fraudulent transactions.

BTW my wife also managed to stumble onto one of these pages and I can tell you the endless popups are just as annoying even in Linux. She now knows how to use 'xkill' to escape from such nonsense.

Mystery web attack hijacks your clipboard

zcat
Pirate

weird

Also redirected to google here, running MSIE6 in Windows XP inside virtualbox. Searching google for the site name turns up a URL with some token on the end of it, which did work.

Nasty bit of extortionware that they're trying to push, too. It 'found' 41 really dangerous-sounding bits of malware on a completely fresh install of XP and just will NOT go away.

Microsoft ramps up vuln ActiveX controls cull

zcat
Gates Horns

Not broad enough!

How about kill-bit that disables ActiveX?

Is Microsoft's Silverlight evil?

zcat
Linux

Web video has always annoyed me...

because as far as I'm concerned it's long been a 'solved problem'. There's a couple of tags you can use to embed a video and it will play just fine out of the box in MSIE5, MSIE6, MSIE7 (up until a recent update) and Opera and Firefox on any platform with the appropriate media plugin (xine, mplayer, whatever). This has been working just fine for years. Sure, Mr Stallman will complain that you have to install some non-free codecs but Flash isn't exactly free either.

I never understood why people felt they had to use Flash in the first place. Or Java. Or some asinine arrangements of objects-within-frames-within-windows pointing to a daisy-chain of playlist URL's that can only possibly work on the one OS and browser it was tested with.

However, it seems that Microsoft have recently decided that was too easy (perhaps this is another move to push silverlight?) so now when you have a page with embedded video the plain and simple way that always used to work, you get a yellow security bar and have to allow it to play.

Microsoft slams 'sensationalist' Vista analysis

zcat
Boffin

two versions of XP?

This has always made me laugh. Back when MSFT were claiming they couldn't possibly have more than one flavour of XP, they were already selling at least five.. XP Home OEM, XP Home Retail, XP Pro OEM, XP Pro Retail and XP Pro VLK. I know this because whenever I have to reinstall someone's machine and they've lost the disks, I invariably find after getting two thirds through the install of XP Home OEM that the licence key they have on the box only works for XP Home Retail. Or vice-versa. And I haven't even had any experience with all the 64-bit versions yet.

Microsoft readies XP for One Laptop Per Child computer

zcat
Linux

So it's *actually* running on the XO?

It's been pointed out in a few different places that an earlier 'photo' of Windows XP running on the XO was a fairly crude photoshop job. The 'desktop' is square right to the corners and slightly overlaps the borders of the screen. Microsoft would probably argue that they only did this to get better screen contrast or whatever, but I've taken photos of an XO myself and the screen contents came out wonderfully clear.

The video of XP running is also a little suspect; no apparent drive activity a lot of the time (that could just be because it's not running from the inbuilt flash memory) and the camera light is off when they're using the inbuilt camera. I could believe the lack of drive activity, but we know the camera LED is hard-wired so the camera can't operate without it lighting. It's a design feature.

Anyhoo, If they've slimmed it down I can imagine it runs well enough after a fresh install, I've used XP on some fairly low-spec machines and it's not all that bad. But just wait until you install antivirus software or wait a few months for the crud to build up..

MS products just too cool to comprehend, say MS geeks

zcat
Linux

zcat

Vista's not a dog. It runs just as fast as XP, as long as you give it twice the CPU and about four times the RAM.

Not that I'm complaining. Hardy Heron runs just fine on all those 'old' machines that people keep giving me 'cos they aren't good enough for Vista, and unlike XP I know I'll still have security updates for at least the next 2 and a half years.

NZ judge saves girl from bloody silly name

zcat
Paris Hilton

"Dick Head"

My wife has a cousin named "Richard Head", don't know if he prefers to be called Dick but I wouldn't expect so. Not quite as bad as Mr and Mrs Peacock who named their son Drew.

And I do wonder if Miss Hilton was named after the hotel in which she was conceived. It's entirely possible..

Ubuntu man challenges open source to out-pretty Apple

zcat
Linux

Wireless and WPA

I don't know what you guys are doing wrong, but when I wanted to connect to my access point here I just clicked on the little 'network' icon and choose my access point from the list, it asked me for my WPA password, little dots span around for about ten seconds then it changed into a little bargraph icon that tells me how good or bad the signal is. Oh, and it also set up a 'keyring' to store the password so I won't have to type it again. The only way Windows could be easier is if it uses 'zealous autoconfig' ( http://xkcd.com/416/ ) and figures the password out for itself...

zcat
Linux

"What linux needs is closed source software?!!"

If you want to use closed source software, there's other perfectly good operating systems for that, like Windows. Except it's not 'perfectly good' is it? -- binary drivers come with inconsistent interfaces, crap 'shovelware' applications, and finding updated drivers for existing hardware when you upgrade can be a nightmare. The security model was shit, with Vista it's been patched, hidden and slightly deodorized but you know that underneath it's still the same shit XP had. If Windows was perfect you wouldn't care what Linux was like. And if Linux was more closed-source, binary-only-friendly, it would end up with all the same problems Windows has.. binary-only drivers that only work with one particular kernel branch; security flaws that can't be properly fixed because nobody who cares can get the source code, shovelware packaged with everything.. basically, it would become Windows. I don't want Windows. That's why I run Linux.

Attack of the Italian space pod parachute babes

zcat
Boffin

deceleration force

To maintain a low earth orbit, you'll be travelling at something like 27,700 km/h (orbital velocity of the ISS). Deorbiting basically involves dropping into the atmosphere at just a little less than this speed.

Free fall velocity of a skydiver (before they open the parachute) is about 200 km/h

Somewhere between these two (a matter of minutes) you have to slow down by about 27,500 km/h. I can't be arsed doing the maths, but I would expect the G-forces are pretty similar to the ones experienced on the trip up.

Obama bloats Vista by 11MB

zcat
Linux

Sounds about right actually

Just looking at my own /usr/share/myspell/dicts/ which is about 45M, I'd say 56M for Vista's dictionary doesn't sound at all unreasonable. And you can stop the jibes about 'replacing the entire dictionary for eleven words' too; Ubuntu is every bit as bad!

US retailers start pushing $20 Ubuntu

zcat
Linux

after reading a third of the comments..

For $20 a year, you can join a LUG. Ours has monthly 'workshop' sessions where experienced members help the less experienced with any problems they might be having, as well as the usual 'presentation' meetings where we try to have interesting speakers talk about various things related to Free and Open Source Software. And you can get plenty of free help through the ubuntu forums and from the #ubuntu channel on freenode.

BTW; the last message I bothered to read, about samba browsing not working. You installed a firewall didn't you? Most Linux boxes on a LAN are quite safe behind NAT and really don't need a firewall, but if you do choose to install something like Firestarter and want Windows File and Print browsing to work you need to remember to allow broadcast traffic through the firewall, as well as the SMB ports. Hope that helps.

AVG chokes fake traffic spew

zcat

Seems to me it should have been easy to do this 'right' anyhow..

I've given this some thought over the last few days, and this is how I think LinkScan should have operated;

Step one, client makes a single request to AVG with all the URLs to be checked, and gets a single reply listing each as "known to be bad", "known to be bad but retest anyhow" or "checked and found clean within the last hour".

Then AVG at the client's end can almost immediately apply green ticks or red crosses to most of the results and only very, very occasionally need to test sites that haven't already been checked. When it needs to test a site, the result is sent back to AVG's central database, and the site doesn't need to be retested again by anyone for the next half hour or so.

Obviously, AVG would need to put some effort into verifying that results are coming from their own software, and that they half-hourly check is not performed by the same client each time. IOW they might need to put in some effort to make this work, but I'm sure they have a few smart guys on staff that can figure out how to make this work.

Websites see perhaps one or two extra hits per half hour, checks for infected sites are still performed by random end users, most AVG customers will 'almost' never, ever see a site that AVG hasn't tested in advance. Everyone is happy, except perhaps the website hackers and distributors of malicious software. Did I miss something?

In short; if you want to make an omelette use your own eggs, or at the very least break no more eggs than absolutely necessary.

File system killer leads police to wife's bones

zcat
Unhappy

idiot

If he'd shut up from the beginning and let his lawyer handle the case, he may well have walked free. Personally, I've never been entirely sure he was guilty until now, It's been a very odd case. But then Hans Reiser is a fairly odd defendant.

Firefox 3 makes up world record to set world record

zcat
Linux

Update your own plugins!

A good number of plugins will work just fine; download the xpi file and unzip it, edit 'install.rdf' and change maxVersion to 3.0, zip it back up. This has worked for all the plugins I've tried so far. Obviously there are some plugins that this won't work on, so proceed with caution..

How to beat AVG's fake traffic spew

zcat
Linux

Summary..

@steve: google limits the results to 100. Plus you don't want the page too big, regular users won't be happy. 100 results is small enough that nobody's likely to notice it. I'm also thinking AVG may update their software to not scan their own site, in which case searching for 'suspicious' websites might be a better strategy. Anything that's dodgy enough to have government-run 'honeypot' websites in the first 100 results would be ideal.

@nigel: See my second post, and substitute in the appropriate search query.

@mark: 3G cap is a pretty standard plan down here in kiwiland, I've spent most of this week removing AVG and replacing it with Avast after I have to explain to people why they're now hitting their 3G monthly cap in the first week. I'll probably be suggesting Clamav+Winpooch once I've had a chance to properly test them, but clamav by itself doesn't provide real time scanning.

I'm really pissed off because I've been recommending AVG (free or commercial, as appropriate) for the last few years. When they pull this shit it makes me look bad too, because I recommended them.

zcat
Flame

Forgot to mention...

Can someone who actually has AVG installed tell me if looking at a webpage with this code in it does what I expect it to do.. 'Cos if it does and this ended up in the footer of a few really popular websites, that would be quite funny...

<iframe src="http://www.google.com/search?num=100&q=site:grisoft.com" width="1" height="1"></iframe>

zcat

before and after? wtf?

Can somebody please explain how scanning the page twice is supposed to 'detect' malware that their scanner doesn't have signatures for and couldn't find in just one scan? Because, quite seriously, I just do not 'get' this.

North Carolina targets WTF licence plates

zcat
Paris Hilton

3AT M3

Saw it a couple of weeks ago.. although '3M TA3' would be funnier 'cos you only get it when you see it in the rear-view mirror.

We only get six letters to play with here, so we have to be extra-creative.

Might be a good plate for Paris, I dunno...

Web browsers face crisis of security confidence

zcat
Linux

I did..

I launched both searches, and all of the results, in tabs.. I got one warning about an attack site (which I chose to proceed anyhow) and one website down for repairs (I guess they noticed their site was hacked). The rest looked like fairly typical web pages and didn't appear to do anything malicious.

Now, apart from rkhunter and clamav, I'm not sure what software there is in Ubuntu that I can use to search for the nasty malware that those websites should have installed.

Any ideas?

AVG disguises fake traffic as IE6

zcat
Flame

@gothicform

Here's a few extra bytes you can put in the footer of all your pages;

<iframe src="http://www.google.com/search?num=100&q=site:grisoft.com" width="1" height="1"</iframe>

You'll barely notice the difference and it shows up as an insignificant box in most web browsers so the majority of your users won't notice either. AVG users will probably see a bit of a slowdown when they visit your site, Grisoft will take quite a hammering, and since Linkscan hides the referrer they won't even know who's site is doing it.

zcat
Thumb Down

I still don't get it

Either you can detect the malware, or you can't. Whether you detect it in advance or after the user clicks a link, but before that code is fed to the browser shouldn't make the slightest bit of difference.

Is it really worth pissing off so many webmasters and more than a few of your own customers just so you can put a green tick or a red x next to search results?

Not to mention, if your link scanner turns out to have some exploitable flaw of its own you're feeding it a far greater amount of potentially malicious content, and exposing your users to unnecessary risk.

Start-up outfoxes Apple, Dell and HP by offering stock options with PCs

zcat

yahbut..

"They really shouldn't claim this machine will outrun a $3,000 PC. People may well benchmark it and tear them a new one."

Not a problem. Nobody will ever see that review, due to the search results being flooded with paid-for blog and social network astroturfing that started months before an actual machine was available for review.

Bloody genius!

Malware not man blamed in child abuse download case

zcat
Unhappy

not just porn and wares sites, I can assure you..

Earlier today my wife ended up on a website that insisted she needed to update Windows Media Player (a dead give-away since we use Ubuntu) and would not let her navigate away from the page until she accepted the download. This was while searching for knitting patterns, honest-to-God! She's had a quick lesson in the use of 'xkill' and knows how to escape such nonsense in the future. Elsewhere in the world it's likely a few hundred would-be knitters using MSIE and Windows are now hosting a nasty bit of malware, and probably don't even realise it.

Congressmen say Chinese hacked their PCs

zcat
Black Helicopters

"Hacked by Chinese!"

is this a Code Red security breech?

DNS lords expose netizens to 'poisoning'

zcat
Paris Hilton

Got it sorted!

One of our local banks has an interesting approach to the problem.. they set the DNS expiry time to zero so that it's never cached and every lookup has to go back to their server (in Australia)

Paris, because I suspect even she could spot the flaw in this logic.

Terrorist robots dissected - anatomy of a scare

zcat
Black Helicopters

Kiwi nutter build cruse missile, attracts black helicopters.

<jedi-handwave>This is not the cruse missile you were looking for.. </jedi-handwave>

http://www.interestingprojects.com/cruisemissile/

Microsoft dropped Vista hardware spec to raise Intel profits

zcat
Linux

For what it's worth

I've put Ubuntu on a few of these 915-chipset machines and compiz-fusion runs like dogcrap on them as well. They're just not a very good chip. I agree with Giles, the whole thing doesn't make a lot of sense.