Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Check out our CwF + RtB experiment.
Brought to you by Floor64 and the Techdirt crew.

stories filed under: "malware"
Overhype

Overhype

by Mike Masnick

Fri, Oct 30th 2009 4:57am

Share This


Filed Under:
malware, twitter



It Doesn't Matter How Many Twitter URLs Are Malware... Only If People Are Clicking

from the misleading-with-stats dept

Security companies love using stats to make something appear to be a bigger problem than it really is. Take for example this claim that links to malware are "abundant" on Twitter. The problem is that this is totally meaningless. Because you only see the tweets of people you follow, if spammers are putting up malware links, it only matters if anyone's following them and then clicking on the links. The number of links that point to malware alone is meaningless, because one "spammer" could just post a ton of malware links, but that won't mean a thing if no one is following them. The real question should be how often are people getting malware because of clicks on Twitter. Unfortunately, that data isn't provided.

25 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Mon, Aug 31st 2009 1:25am

Share This


Filed Under:
malware, skype, wiretap

Companies:
skype



Proof Of Concept Skype Wiretapping Malware Released

from the not-so-secret-any-more dept

One of the benefits of Skype was that, due to the way it works (P2P, encrypted communications), it made it much more difficult to do any sort of wiretap. This has upset various governments who are used to having the ability to wiretap any voice communications. However, it's never impossible. The most obvious way is to simply create some sort of trojan that gets installed on one user's computer that has audio recording abilities -- and Symantec is going around hyping up the fact that source code for just such a trojan has been released. Of course, even Symantec admits that there's no evidence of the code actually being used in the wild -- it seems more like a proof-of-concept. On top of that, it's hardly a new idea. Nearly a year ago, we talked about how German authorities were accused of using something that sounded quite similar. Still, it is a good reminder that even if you're using an encrypted Skype call, at either end of that call, the audio is decrypted, and a well-placed recording system can capture it.

8 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Wed, Mar 18th 2009 9:33pm

Share This


Filed Under:
atm, malware, security

Companies:
diebold



Turns Out Diebold's ATMs Insecure As Well; Scammers Install Malware

from the what-a-surprise dept

Diebold is pretty well known for being in two separate, though similar, businesses: ATMs and e-voting machines. Its e-voting machines have always had a terrible reputation, with security flaws and bugs galore (the company recently has tried to hide from all the negative publicity by renaming the e-voting division as Premier Election Solutions). However, many people kept asking how the company could get so many things so wrong when it came to e-voting, but still get its ATMs working properly. Of course, as has been noted in the past, the way ATMs work is quite different, and mistakes are likely to be spotted quickly.

However, it's now coming out that Diebold's ATMs also have security problems. Slashdot alerts us to the news that Diebold has issued a patch after discovering that some scammers have been able to install "card sniffing" software on a variety of Diebold ATMs allowing the scammers to get all your card details. Is that Premier Banking Solutions I hear knocking?

9 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Mon, Feb 2nd 2009 1:32am

Share This


Filed Under:
computers, malware, trust

Companies:
google



One More Reason Not To Blindly Trust What A Computer Tells You

from the this-site-is-sooooooo-dangeorus dept

By now, you've probably heard the news that Google had a bit of a "glitch" this past weekend, whereby it warned people that every single site in existence (including Google) was rated as potentially dangerous and could put malware on your computer. It lasted for about an hour Saturday morning, causing amused chatter around the web. But, of course, it does highlight one key issue: whenever we end up with various "automated" warning systems, we tend to start believing what the systems tell us -- even when we know they're fallible. It's something worth remembering -- not to say that computer models are bad, just that we almost always underestimate how much weight people put on them once they're in place, no matter how much we intuitively understand that it's just a model.

23 Comments | Leave a Comment..

 
Legal Issues

Legal Issues

by Mike Masnick

Mon, Nov 24th 2008 8:41am

Share This


Filed Under:
connecticut, julie amero, malware



Connecticut Finally Drops Charges Against Julie Amero

from the too-little-too-late dept

In a case of what appears to unfortunately be "too little, too late" Techmeme points us to the news that Connecticut officials have finally agreed to drop felony charges against Julie Amero. As you may recall, Julie Amero was a substitute teacher who was randomly surfing some webpages on a classroom computer while students were working on some projects. On one webpage, the computer started opening a never ending series of windows showing pornographic pictures -- symptomatic of a computer infected with some malicious spyware. However, Connecticut police and prosecutors chose to try Amero on felony charges, threatening to put her in jail for 40 years, and getting a conviction.

After numerous security experts brought attention to the case, a judge finally granted a new trial, and Connecticut police and officials refused to admit a mistake and still intended to try Amero. However, as noted above, the state finally worked out an agreement with Amero, where the state dropped most of the charges, after Amero agreed to plead guilty to a single charge of disorderly conduct (a misdemeanor) and give up her teacher's license. The article also notes that, due in part to stress from the case, Amero has been hospitalized and is in declining health.

It's great that Connecticut finally decided to drop the charges, but the whole thing remains a travesty. It's unclear what Amero did that was "disorderly conduct" or why she deserves to lose her teacher's license. On top of that, the fact that the state still refuses to admit its mistakes in the case is a tremendous shame. A bunch of technically illiterate folks basically destroyed this woman's life and still stand by what they did.

30 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Tue, Aug 19th 2008 7:49am

Share This


Filed Under:
adware, ftc, malware, popup advertising, zango

Companies:
mpaa, zango



Zango May Have Worked Things Out With The FTC, But What About The MPAA?

from the out-of-the-frying-pan,-into-the-fire dept

We've pointed out for years the various questionable activities performed by adware firm Zango (or one of its earlier incarnations). The company has gone through so many changes it's tough to follow, but every time it insists that it has somehow "cleaned up" its act, it doesn't take long for researchers to find evidence to the contrary. For a while, the company was in hot water with the FTC for tricking people into downloading its adware. It eventually settled with the FTC, paying a hefty fine. These days, once again, the company insists that it's reinvented itself to focus on the "casual gaming market."

However, that doesn't appear to be the case. I recently saw a presentation from the company where it didn't mention casual gaming at all, but instead called itself a "publisher" of content -- though it was quite vague and evasive about just what kind of content. Perhaps that's because it doesn't want parties like the MPAA to know. As Ben Edelman had noticed a few months ago -- and now more and more security researchers are finding, Zango's software is being offered up by folks who are promising fully pirated movies.

It makes you wonder if Zango recognizes that dealing with the MPAA may be a lot less pleasant than fighting the FTC. Of course, maybe the MPAA recognizes that when pirated movies come with intrusive adware like Zango, it only gives pirated movies a bad name.

12 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Mon, Aug 18th 2008 5:09pm

Share This


Filed Under:
clipboard, links, malware, spam



Latest Sneaky Web Attack: Hijacking Your Clipboard To Post Spammy Links

from the now-that's-creative dept

Spammers and scammers keep upping the game against security researchers, sometimes in creative ways. And, in fact, it would appear that the latest sneaky trick making the rounds is almost admirable in its sneakiness. For example, take a look at this latest hack, which hijacks your clipboard, and repeatedly places a link to a site for fake security software. The hijack takes place through flash advertisements (even those found on legit sites), which is all the more reason to use AdBlock or FlashBlock or NoScript or something to protect you. However, what it's banking on, is the fact that plenty of people quickly cut and paste links they want to send around or post in other blogs and forums. When done quickly, many people won't even notice that they're not pasting the link they thought they cut from elsewhere -- thus getting lots of folks to inadvertently spam links. This must be incredibly annoying for those who get hit with it, but that doesn't take away from the creativeness of the attack itself. Even security researchers, like Mikko Hypponen, are grudgingly tipping their hats on this hack: "It is a pretty clever technique. Our work would be so much easier if our enemy would be stupid."

17 Comments | Leave a Comment..

 
Overhype

Overhype

by Mike Masnick

Mon, Aug 4th 2008 1:28am

Share This


Filed Under:
education, george ledin, malware, teaching, viruses



College Classes On Malware Writing Still Piss Off Anti-Virus Firms

from the security-through-obscurity dept

Over five years ago, we wrote about a college that was starting to offer a new computer science class in writing computer viruses. And, of course, various anti-virus companies went ballistic, claiming how dangerous it was. Yet, as we pointed out at the time, anti-virus companies don't have the greatest track record in actually stopping viruses -- so it seemed only reasonable to teach people to better "think like the enemy." Anyway, it appears not much has changed. Theodp writes in to let us know about an article in Newsweek about a very similar course being taught at Sonoma State University by George Ledin, where students are tasked with creating their own malware.

Once again, various security companies are condemning the technique, even sinking so low as to compare Ledin to A.Q. Khan, the Pakistani scientist who sold nuclear technology to North Korea. They even insist they won't hire his students -- which seems particularly short-sighted. As Ledin points out, it appears that this is really more about the security companies wanting to keep the world more scared than they need to be of malware, so as to pretend that they're the only ones who can solve the "problem" -- when the truth is they're not very effective at it. He complains that anti-virus firms keep their code secret (thank you, DMCA). He points out that if they were willing to open it up, and let lots of folks work on improving it, it would get much, much better. All he's trying to do is help more people understand the enemy without first having to work at one of those companies that's been so ineffective in stopping malware -- in the hopes that maybe some of his students can actually come up with a better soltuion.

30 Comments | Leave a Comment..

 
Legal Issues

Legal Issues

by Mike Masnick

Thu, Jul 10th 2008 1:24pm

Share This


Filed Under:
connecticut, julie amero, malware



Connecticut Still Wants To Try Julie Amero

from the sickening dept

You may recall the case of Julie Amero, a substitute teacher in Connecticut who was found guilty of charges that she had showed pornography to children in her classroom, and who faced 40 years in jail. The problem was that the police and the prosecutors seemed unable to understand what had actually happened. The computer in the classroom had been infected by malware, which tossed up porn pop-up ads. It wasn't that she was surfing porn, but that the computer had malware. As news of this wrongful conviction got out, more and more security experts tried to explain to everyone involved why Amero was not the guilty party. Eventually, the judge agreed, and struck down the guilty verdict.

However, the state still has not dropped the case.

In fact, as reader Phil K lets us know, the state has no intention of dropping the case, and appears to want a new trial. No one involved in the case will explain why they won't drop it. In fact, they won't even apologize for what was clearly a wrongful prosecution in the first place. The prosecutors, the police and the school Amero worked for haven't said a word. The fact that they're planning to go through another trial over this matter suggests they still don't even realize what they did.

50 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Wed, Jun 25th 2008 7:17pm

Share This


Filed Under:
censorship, china, great firewall, malware



If China's Great Firewall Is So Effective, Why Can't It Stop All The Malware Hosted There?

from the questions,-questions,-questions dept

We all know about the "Great Firewall" of China that's designed both to keep certain website inaccessible from China, but which is also supposed to block certain content in China from reaching the outside world. While there already are some questions about how effective the Great Firewall really is, it does seem odd that the majority of "badware" sites are all hosted in China. Is it that China just doesn't care or is it that the Great Firewall isn't actually that effective? Perhaps the answer is somewhere in between. The Great Firewall definitely has some holes, and if the purpose of it is more focused on political speech than malware, perhaps it shouldn't be surprising that the powers that be ignore the malware and let it go through. Or, of course, you could take the conspiratorial viewpoint, and say perhaps China blocks malware within the country, but doesn't care if others get it. Given the various rumors and reports lately about Chinese hackers breaking into computers in other countries, that last possibility may not be so far-fetched.

18 Comments | Leave a Comment..

 
Legal Issues

Legal Issues

by Mike Masnick

Wed, Jun 18th 2008 6:01am

Share This


Filed Under:
fired, malware, massachusetts



Massachusetts Worker Cleared Of Child Porn After Malware Discovered On His Machine; Life Still In Shambles

from the not-a-good-situation dept

Remember the ridiculous Julie Amero case in Connecticut? That was the one where a substitute teacher was facing jail time because the computer she used in a classroom had malware that displayed pornographic images. The local prosecutors wanted to send her to jail, despite the fact that it was the malware that put up the porn. It looks like a similar situation (luckily, without the jailtime) is playing itself out in Massachusetts. There, a "computer illiterate" state employee was fired for child porn found on his computer. After hiring a computer forensics expert, who pointed out that the state's IT department hadn't configured the machines securely and that it was chock full of malware, the guy has been cleared of child porn charges -- but that doesn't change the fact that he's been disgraced and out of work for over a year.

42 Comments | Leave a Comment..

 
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Tue, Apr 29th 2008 8:16pm

Share This


Filed Under:
eula, malware

Companies:
symantec



How Do You Enforce An EULA On Malware?

from the honor-among-thieves? dept

We've written about all sorts of crazy things that software companies do in their EULAs (End User License Agreement), but it really says something about how ingrained the concept of an EULA has become that malware companies are starting to offer such draconian EULAs on their products (found via Ars Technica). Among the more amusing features of the EULA is a guarantee to buy any future upgrades. How's that for lock-in? Of course, EULAs are barely enforceable as is, and when you're selling to scammers and crooks they become even less so. Most EULAs are backed up via the power of copyright law, but that obviously doesn't work in this case. So how are the malware authors enforcing it? In typical organized crime fashion: with threats to destroy everything else you've got. Specifically, if it catches anyone violating the terms, it promises to send their botnet code to various antispyware companies -- effectively handing over the location of their secret hideout to the malware police. Who knew that honor among thieves now has taken on an EULA angle? Of course, we already know that almost no one reads normal software EULAs, so I somehow doubt that the online scammers using this software are bothering with the fine print either.

8 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Tue, Jan 29th 2008 5:21pm

Share This


Filed Under:
legit sites, malware

Companies:
google, snopes



Malware Showing Up On Legit Sites

from the it's-everywhere! dept

Since it's fairly well known at this point that sketchy sites can try to trick users into installing malware, it appears that malware creators are increasingly looking for ways to make its malware available from more legitimate sites. Two recent stories highlight this trend. First is the news that some hackers successfully rigged Google to link to sites that installed malware on certain popular searches. It took a fairly elaborate scheme to get it to work -- and it only lasted for a few days -- but it does highlight that just because a site's found via Google, it doesn't mean that it's safe. The second one apparently involves the popular urban legend debunking (or confirming) website, Snopes.com. Apparently, a well-known purveyor of adware has been running questionable or misleading ads (via Slashdot) on the site for over six months. Snopes was apparently told about this ad, but still chose to leave it running.

13 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Mon, Nov 12th 2007 1:38pm

Share This


Filed Under:
india, malware

Companies:
india times



Is The IndiaTimes Website Bombarding Visitors With Malware?

from the can't-be-good-for-repeat-business dept

While it's well known that less well known sites may have been set up to maliciously install malware on your computer, most people assume (reasonably so) that larger, more well known sites are most likely safe to visit. However, one security firm is out raising the alarm that the English-language website of the India Times, a popular newspaper in India (which we've linked to multiple times in the past), is apparently chock full of risky pages that exploit various security vulnerabilities to try to download hundreds of malware apps to your computer. The security firm apparently first noticed this a few weeks ago, but didn't realize the severity until now. What's unclear from the description is how this is actually happening. We've heard stories in the past of scammers hacking into ad servers and serving malicious code that way, but there's no real indication that that's what's happening in this case.

8 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Thursday

4:52pm: What Does It Say When A Comedy Show Does More Fact Checking Than News Programs? (56)
3:33pm: Nordic Music Week: Optimism Galore And Found Songs (11)
2:10pm: Would Top Sites Really Opt-Out Of Google Based On A Microsoft Bribe? (37)
12:57pm: Intel Lawyers Again Go Too Far In Trademark Bullying (22)
11:43am: Mandelson Wants Gov't To Have Sweeping Powers To Protect Copyright Holders (40)
10:47am: Once Again, Walmart Stops People From Printing Family Photos Due To Copyright Law Claims (42)
9:39am: Essayist Writes Popular Essay... Then Sends 'Non-Negotiable' Invoice To Church Who Posts It Online (59)
8:23am: ASCAP, BMI And SESAC Continue To Screw Over Most Songwriters: 'Write A Hit Song If You Want Money' (78)
7:07am: Kicking People Off The Internet Not Enough In South Korea, Copyright Lobbyists Demand More (26)
5:33am: Are The Record Labels Using Bluebeat's Bogus Copyright Defense To Avoid Having To Give Copyrights Back To Artists? (42)
3:53am: Larry Magid Calls For News Tax To Fund Failing Newspapers (29)
1:35am: Judge Says 'There's An Ad For That...' And It's Ok For Now (14)

Wednesday

11:01pm: Oh Look, Some Police Do Know How To Use Craigslist As A Tool (8)
8:43pm: Netherlands The Latest To Propose Mileage Tax That Requires GPS For Tracking Driving (30)
6:40pm: Spain Says Broadband Is A Basic Right (12)
4:22pm: Entertainment Industry Wants More People To Know About OpenBitTorrent Tracker (25)
3:00pm: It's The TSA, Not CSI: Actions Limited To Security, Not Crime Investigation (25)
1:49pm: The More Innovative You Are, The More You Get Sued; Yet Another Patent Lawsuit Over Shazam (7)
12:36pm: Oh No! Nobody Reads! Oh No! It's Too Cheap For Everyone To Read! (18)
11:15am: We See Your 'Copyright Contributes $1.5 Trillion' And Raise You 'Fair Use Contributes $2.2 Trillion' (17)
9:55am: Cable Industry Joins MPAA In Asking FCC To Allow Them To Stop Your DVR From Recording Movies (45)
8:44am: Sony Pictures Having Its Best Box Office Year Ever... Still Blaming Piracy For Killing The Business (38)
7:30am: Jenzabar Finds 'Expert Witness' Who Will Claim Google Relies On Metatags, Despite Google Saying It Does Not (38)
5:52am: China Says Microsoft Violates IP With Windows, Bars Sales (26)
4:01am: Don't Post Comments On StlToday.com Or They Might Tell Your Boss (45)
1:50am: Recording Industry Making It Impossible For Any Legit Online Music Service To Survive Without Being Too Expensive (45)

Tuesday

11:01pm: Crackdown On Loyalty Program Scams Shows How Ridiculously Sucessful They Were (11)
8:56pm: Just Because People Say They'll Pay For Something, It Doesn't Mean They Will (21)
7:02pm: Yes, Bad People Use Facebook Too (8)
5:29pm: Folks Can Digg Shoes For Needy Kids (2)
More arrow
Quick Links
Close
E-mail It