The good guys are taking a hit in the ongoing online war between the thugs who profit from phishing and malware, and those who work to stop them.
For two weeks, Web sites like CastleCops.com, which offers help to those hit by malware and also actively works to shut down malicious Web sites, have been under attack. In what's known as a distributed denial of service, black hats are flooding CastleCops with a barrage of garbage data in an attempt to overwhelm the site and knock it offline.
"It's the folks who are out there in the trenches getting hit," says Paul Laudanski, who founded CastleCops five and a half years ago
Attack Spreads
When the attack on CastleCops.com began on August 29, Laudanski says, the site went down for a few hours as he scrambled to apply countermeasures. His site came back up, but the attack soon spread to other helpful sites such as 419eater.com, fraudwatchers.org, scam.com, scamfraudalert.com, and scamwarners.com. Most of these sites are currently unresponsive.
When the hosting provider for another site, aa419.org, dropped the site because the attack became too much for the provider, CastleCops gave aa419.org a home. CastleCops went down again under the combined attack, but is back up again.
The sites are all being hit by botnets, corralled networks of malware-infected computers that can be issued commands by a central controller, or botherder. Botnets are most often used to send money-making spam, but they can also launch denial-of-service attacks where each infected PC sends a steady stream of traffic at a victim site. CastleCops is shouldering the brunt of 20,000 bots as of today, and more than 1,000 additional bots join the fray each day.
Mystery Motive
Laundanski says he and others who work at these sites, many of which are not-for-profit, are still unsure about the attack's rationale. And he's likewise uncertain about whether it's one group or many behind it all. He's been able to gather some details, but doesn't want to share them while the threat continues and let his attackers know what he's been able to find out.
But Paul Sop, CTO of Prolexic, a company that defends clients against DDoS attacks, says "the prevailing street theory is that these guys are having an effect." Their advice is helping malware or phishing victims, and their investigations are helping to shut down criminal operations
"So the botnet guys are targeting them," he says.
Security sites, including CastleCops, have been targeted in the past, but attacks are on the rise, Sop says. In the past five months, he says, there has been an increased focus on attacking organizations on the front lines who try to fight back against the crooks.
Strengthened Resolve
But according to Laudanski, who has started a new online forum documenting the ongoing battles, the attacks may backfire.
"The criminals are in it for the money," he says. "It's a huge business for them. [But] we're in it for the feeling that we get being on the side of right."
So this assault shows that "these sites are definitely doing something right," he says, "because we've got the attention of these scammers. It gives us greater resolve."
Thursday, November 01, 2007
Online Thugs Assault Sites That Specialize in Security Help
Die, Spyware, Die!
Spyware remains a continuing hassle and a potentially serious intrusion on your privacy. We tested the top antispyware programs to see which ones do the best job.
Ryan Naraine, PC World
In the beginning, antivirus software fought viruses and worms, and antispyware software fought spyware and adware. That clean distinction has largely disappeared. The decline of the macro virus and the e-mail worm sent antivirus companies looking for something else to fight, and the complexity of spyware makes it a formidable foe. (See "The Italian Job," for an example of how sneaky spyware can get.)
As we discussed in our recent antivirus roundup, "Virus Stoppers," several antivirus products are effective at fighting Trojan horses and backdoor programs--typically classified as spyware--as well as adware. So the question arises: Are specialized antispyware tools particularly effective at fighting today's threats?
The Contenders
To find out, we looked at six well-known programs. We tested five--Grisoft's AVG Anti-Spyware 7.5, Microsoft's Windows Defender 1.1, PC Tools' Spyware Doctor 5.0, Safer Networking's Spybot Search & Destroy 1.4, and Webroot's Spy Sweeper 5.5--on Windows Vista systems.
The sixth program, Lavasoft's Ad-Aware 2007 Plus, wasn't available in a Vista version during our testing period, so we evaluated its performance on a Windows XP SP2 PC; for this reason, its results are not directly comparable with those for the other apps.
German research company AV-Test.org conducted the malware portion of our tests, bombarding the applications with samples of current adware and spyware. AV-Test.org gauged the products' ability to recognize about 110,000 inactive adware, spyware, and rootkit samples. An inactive sample is like an application you've downloaded and haven't yet installed. You'll want your antispyware product to recognize it--based on a match to a signature database of known threats--before the sample unpacks itself and activates in various areas of your PC.
To learn how the tools would react in such a case, AV-Test also measured each product's ability to recognize the behavior of and subsequently clean up 20 active pieces of adware and spyware. Since each threat can break down into more than 100 components, disinfection can be a tough job. We looked for the programs to clean up major file and Registry changes.
We also looked at the programs' behavior-based capabilities for detecting and blocking changes to key areas of an infected system without having to recognize anything about a specific invader. Spyware writers are continually releasing new threats, and security companies typically take some time to release signatures to catch those threats. An antispyware product's behavior-based detection protects the user during this critical window. We also tested for false positives and for speed; and we evaluated each software's design, price, and ease of use.
The Results
PC Tools' Spyware Doctor 5.0 outperformed its Vista competitors. Grisoft's AVG Anti-Spyware 7.5 and Webroot's Spy Sweeper 5.5 finished some distance behind. Neither Spybot Search & Destroy nor Windows Defender adequately protects against today's threats. And on Windows XP, Lavasoft Ad-Aware, in several performance areas, did not impress us.
For comparative results of the five Vista programs, see our chart, "Best Vista Antispyware." And for further discussion of the results we obtained, see our video, also titled "Die, Spyware, Die!"
Boost VoIP Call Quality, Boost Profits
“Can you hear me now?” That old refrain has become a standard joke when it comes to cell phone and VoIP calling. However, it’s no laughing matter for businesses which can lose thousands of dollars as a result of poor call quality. An inability to make international calls (and especially to make local calls) without background noise decreases the professional credibility of any business, reducing their potential profits every time that the phone rings. In the past, this has been one of the most frustrating aspects of VoIP technology, especially for small businesses seeking to develop a name for themselves and a client base in their industry.
However, things are starting to look up for business professionals interested in using VoIP to make their calls. Call quality has been going up across the board from VoIP service providers who have recognized that this is a problem and worked to remedy the situation. Additionally, hardware and software manufacturers are contributing to creating solutions by crafting new technology that can be installed to improve the quality of all VoIP calls.
For example, NoiseFree VoIP has just launched a beta test version of their new software which is designed to rapidly clear up calls on many VoIP systems.
“Our software easily installs and when used at both ends of a call completely removes the challenges presented by uncontrollable environmental noise. Additionally, NoiseFree VoIP is able to reduce the packet load on a network, mitigating instances of voice distortion due to impacted network nodes. By doing so it enhances overall bandwidth availability.”(Source: SnapVoip blog)
Although it works best when used by both parties in the call, the software can assist in creating improved call quality when used by either party. The benefits of this software over other methods of VoIP noise cancellation include that it takes up very little memory or power, requires no additional hardware, and uses multiple forms of patented technology to reduce background noise and clarify voices during calls.
This can translate directly into dollars for your business. No, you’re probably not going to lose a client or an important deal because of one bad call. But if your VoIP system regularly causes bad connections, you slowly decrease your credibility in the industry. Although we all know that the flaws of technology aren’t necessarily a reflection of our business practices, we also all have a tendency to believe that these things are related. By reducing noise problems with VoIP calling, businesses give their company that polished air of professionalism that can make a difference in profits over time.
Businesses interested in trying out NoiseFree VoIP can use the beta software free through the end of the year by downloading it from the website. This software is similar to that of Solicall which is also available for download.
Is your perception of a business affected when phone calls are interrupted by background noise?
Wireless Slowly Dies After Leopard Upgrade, Users Report
Mac users are reporting a number of problems with their wireless connections after updating to Leopard, according to traffic on Apple's support forums.
Gregg Keizer, Computerworld
Mac users are reporting a number of problems with their wireless connections after updating to Leopard, according to traffic on Apple Inc.'s support forums.
Users writing in a long thread -- as of 3 p.m. EDT it boasted more than 120 messages -- described one issue as a steadily degrading wireless link from their upgraded Macs.
"When you connect to your wireless network, your transmit rate will be 54 (if you're using the 54g standard)," said someone identified as nunofgs. "If you start up a download or something that occupies your bandwidth (even LAN traffic), you will notice that the transmit rate drops to 11, then to 3, then to 1 until finally your downloads will drop, your iChat connections will fail and your browser will not load pages."
Numerous confirmations of the same symptoms were posted by other users. Among them was Gregory Sims. "I am having the same problem. After installing [Mac OS X] 10.5 my Power Mac G4 is very slow on the Internet. The connection is worse than dial-up. I have never had this problem with 10.4 [Tiger]. My MacBook Pro is working fine, with a fast connection. I'm sorry to say 10.5 seems more like beta software than a $129 upgrade. I hope this problem is fixed soon, or I will have to go back to 10.4."
Users suggested a variety of solutions, including applying the post-Leopard update Apple said fixes log-in issues as well as a vaguely-stated "connecting to some 802.11b/g wireless networks " problem. Other ideas ranged from finding and possibly removing the "AppleAirport2.kext" file to toggling IPv6 on/off.
Commonalities between users reporting the problem were difficult to define. Some, for instance, said they had used the "Upgrade" option to move to Leopard, while others said they had picked "Archive and Install" or even wiped their drives clean before installing Leopard from scratch.
Nearly all, however, made a plea similar to this by oxys: "Apple fix please Leopard is useless."
Although Apple hosts the support forums, the traffic is user-to-user only; company technical support personnel do not reveal themselves or offer advice. As of Tuesday, the company had not posted a support document addressing the problem or provided a fix.
Computerworld
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
Google Readies Social Network Apps
After losing its Facebook bid to Microsoft, Google will on Thursday introduce OpenSocial, development tools for numerous sites.
Juan Carlos Perez, IDG News Service
Belatedly recognizing the importance of social networking as an online service and advertising vehicle, Google Inc. this week will unleash its strongest response yet to the rising threat and skyrocketing popularity of MySpace and Facebook.
On Thursday, Google will announce OpenSocial, an initiative with a set of APIs (application programming interfaces) at its core that is designed "to spread social applications across the Web," the company said.
These common APIs have been designed to let developers create social networking applications that will run on multiple Web sites, simplifying the making and distribution of these programs.
Partners supporting OpenSocial include various well-known software developers and social networking sites: Oracle, Salesforce.com, Hi5, iLike, LinkedIn, Slide, Ning, Friendster and Plaxo. Neither Facebook nor MySpace is on the list of partners at press time.
The move is also no doubt intended to dilute the massive success Facebook has had in attracting external developers since it opened up its Web site platform to third-party applications in May.
About 7,000 such applications have been built for Facebook so far, helping to make the social networking site more attractive to people and thus boosting its usage. MySpace recently announced it would follow Facebook's example.
By allowing developers to write an application once and have it work in multiple social networking sites, the OpenSocial initiative could, in theory, water down the appeal of Facebook's ballooning applications catalogue.
Once considered a fad of interest mostly to teens and young adults, social networks have significantly broadened their demographic appeal, attracting many people in their 30s, 40s, 50s and beyond.
Along the way, social networking sites have been created for other purposes beyond entertainment and staying in touch with friends. For example, there are social networks tailored for specific occupations, such as doctors, and interests, such as sports.
Google has had a social networking site named Orkut for several years, but it doesn't seem to have merited much attention from the company until recently, and only after the popularity and potential of this type of site became evident.
Google was reportedly locked in a battle with Microsoft over which one would be chosen by Facebook to buy a stake in the social networking company and earn a deal to provide advertising to it.
Microsoft eventually won, buying a 1.6 percent stake that values Facebook at an eye-popping US$15 billion, although the social networking company reportedly will have revenue of just $150 million this year.
With about 300 employees now, Facebook expects to have about 700 a year from now, its CEO and co-founder Mark Zuckerberg recently said. About 250,000 new users register every day at Facebook, which was founded in 2004.
In June, MySpace had 114.1 million unique visitors worldwide, ranking first among social networking sites, followed by Facebook with 52.2 million [m], according to comScore. Hi5 ranked third with 28.2 million, while Friendster was fourth with 24.7 million. Orkut rounded out the top 5 with 24.1 million.
More information about OpenSocial and resources for developers will be available in this Web site later this week. There will also be a developer sandbox.
