[SecurityRatty] tag: cheap

Antivirus superhero comes to the rescue

Thu, 09 Oct 2008 20:00:00 +0000

Japan's cheap and pervasive high-speed Internet connections are finally catching up with the country.

Fake Windows XP Activation Trojan Wants Your CVV2 Code

Mon, 06 Oct 2008 15:01:01 +0000

In a self-contradicting social engineering attempt, a malware author is offering to sale a (updated version of Kardphisher) DIY fake Windows XP activation builder, which despite the fact that it claims "We will ask for your billing details, but your credit card will NOT be charged", is requesting and remotely uploading all the credit card details required for a successfully credit card theft.

Perhaps among the main reasons why such simplistic social engineering attempts never scaled in a "malicious economies of scale" approach, is because sophisticated crimeware kits capable of obtaining the very same data automatically, started leaking for everyone to start taking advantage of - including yesterday's cybercriminals using such DIY fake message builders.

Moreover, according to recently reseased survey results, end users cannot distinguish between fake popups and real ones, and on their way to continue doing what they were doing, click OK on that pesky warning message telling them that they're about to get infected with malware. Taking into consideration the fact that the popup windows the researchers used look like cheap creative compared to the average fake security software's layout high quality GUIs, it is perhaps worth restating your research questions with something in the lines of - What motivates end users to install an antivirus application going under the name of Super Antivirus 2009 or Mega Virus Cleaner 2008? The fact that the fake status bar is telling them that they're infected with 47 spyware cookies, or the fact that they ended up at the fake site while browsing their trusted web services?

The increase of rogue security software domains is happening due to the high payout affiliation based model, the standardized creative allowing the participants to come up with their own fake names if they want to, and due to the fact that the fake security threats scareware approach seems to be perfectly taking advantage of the overall suspicion on the effectiveness of their legitimate security software.

Darpa Wants Clean, Cheap Jet Fuel... From Coal

Fri, 12 Sep 2008 08:36:00 +0000

The Air Force is flying everything from supersonic fighter jets to hulking cargo planes on a synthetic fuel blend, derived largely from coal. The problem is, that stuff is worse for the environment as the old-school fuel. And it's expensive Enter Darpa,which is kick-staring a new, $4.5 million research effort to figure out how to turn coal into liquid fuel cheaply.

Summarizing August's Threatscape

Wed, 10 Sep 2008 02:57:32 +0000

Following the previous summaries of June's and July's threatscape based on all the research published during the month, it's time to summarize August's threatscape.

August's threatscape was dominated by a huge increase of rogue security software domains made possible due to the easily obtainable templates for the sites, several malware campaigns targeting popular social networking sites, Russian's organized cyberattack against Georgia with evidence on who's behind it pointing to "everyone" and a few botnets dedicated to the attack making the whole process easy to outsource and turn responsibility into an "open topic", several new web based botnet management kits and tools found in the wild, evidence that the 76service may in fact be going mainstream since the concept of cybercrime as a service is already emerging, and, of course, a peek at India's CAPTCHA solving economy, where the best comment I've received so far is that every site should embrace reCAPTCHA, so that while solving CAPTCHAs and participating in the abuse of these services in question, they would be also digitizing books. As usual, August was a pretty dynamic month for the middle of summer, with everyone excelling in their own malicious field.

01. McAfee's Site Advisor Blocking n.runs AG - "for starters"
False positives are rather common, especially when you're aiming to protect the end user from himself and not let him gain access to "hacking tools", but you're flagging security tools as badware and missing over half the SQL injected domains currently in the wild due to the fact that SiteAdvisor's community still haven't reviewed them - that's not good

02. The Twitter Malware Campaign Wants to Bank With You
Twitter, just like every Web 2.0 application, isn't and shouldn't be treated as a unique platform for dissemination of malware, since it's dissemination of malware "as usual". This particular malware campaign was not just executed by a lone gunman, but also, was taking advantage of a flaw allowing the author to add new followers potentially exposing them to the malicious links serving banker malware. For the the time being, MySpace, Facebook and Twitter accounts are the very last thing a malicious attacker is interesting in puchasing accounting data for, but how come? It's all due to the oversupply of automatically registered accounts at other popular services, whose ecosystem of Internet properties empower cybercriminals with the ability to launch, host and distribute malware in between abusing the very same company's services for the blackhat SEO campaign and redirection services. Theoretically, a distributed network build upon the services provided by a single company is faily easy to accomplish due to the single login authentication applied everywhere. A singly bogus Gmail account results in a blackhat SEO hosting blogspot account, flash based redirector hosted at Picasa, and a couple of thousands of spam emails sent automatically sent through Gmail in order to abuse it's trusted email reputation

03. Compromised Web Servers Serving Fake Flash Players
If aggressiveness matter, this campaign consisting of remotely injected redirection scripts at legitimate sites next to on purposely introduced malware oriented domains, was perhaps the most aggressive one during the month. Fake flash players, fake windows media players and fake youtube players are prone to increase as a social engineering tactic of choice due to the template-ization of malware serving sites for the sake of efficiency

04. Pinch Vulnerable to Remotely Exploitable Flaw
With Zeus vulnerable to a remotely exploitable flaw allowing cybercriminals to hijack other cybercriminal's Zeus botnet, private exploits targeting the still rather popular at least in respect to usefulness Pinch malware are leaking, allowing everyone including security researchers to take a peek at a particular campaign running unpatched Pinch gateway

05. Phishers Backdooring Phishing Pages to Scam One Another
Backdooring phishing pages is perhaps the most minimalistic approach a cybercriminal wanting to scam another cybercriminal is going to take. The far more beneficial approach that I've encountered on a couple of occassions so far, would be to backdoor a proprietary web malware exploitation kit, release it in the wild, let them put the time and efforts into launching the campaigns, then hijack their botnet. In fact, the possibilities for backdooring copycat web malware exploitation kits in order to take advantage of the momentum while introducing a non-existent kit has always been there at the disposal of malicious attackers. One thing's for sure - there's no such thing as a free web malware exploitation kit, just like there isn't such thing as a free phishing page

06. Email Hacking Going Commercial - Part Two
In between the scammers promising the Moon and asking for anything between $20 to $250 to hack into an email account, there are "legitimate" services taking advantage of web email hacking kits consisting of each and every known XSS vulnerability for a particular service in an attempt to increase the chances of the attacker. And given that the majority of these have been patched a long time ago, social engineering comes into play. Do these services have a future? Definitely as more and more people are in fact looking for and requesting such services, in fact, they're willing to pay a bonus considering how exotic it is for them to have any email that they provide hacked into and the accounting data sent back to them

07. The Russia vs Georgia Cyber Attack
Event of the month? Could be, but just like every "event of the moth" everyone seems to be once again restating their "selective retention" preferences. What is selective retention anyway? Selective retention is basically a situation where once Russian is attacking another country's infrastructure, you would automatically conclude that it's Russian FSB behind the attacks and consciously and subconsciously ignore all the research and articles telling you otherwise, namely that the FSB wouldn't even bother acknowledging Georgia's online presence, at least not directly. Moreover, talking about the FSB as the agency behind the cyberattacks indicates "selective retention", talking about FAPSI indicates better understanding of the subject.

In times when cybercrime is getting ever easier to outsource, anyone following the news could basically orchestrate a large scale DDoS attack against a particular country in order to forward the responsibility to any country that they want to. In Russia vs Georgia, you have a combination of a collectivist society that's possessing the capabilities to launch DDoS attacks, knows where and how to order them, and that in times when your country is engaged in a war conflict drinking beer instead of DDoS-sing the major government sites of the adversary is not an option.

Selective retention when combined with a typical mainstream media's mentality to "slice the threat on pieces" instead of turning the page as soon as possible, is perhaps the worst possible combination. Furthermore, coming up with Social Network analysis of the cyberattacks would produce nothing more but a few fancy graphs of over enthusiastic Russian netizen's distributing the static list of the targets. The real conversations, as always, are happening in the "Dark Web" limiting the possibilities for open source intelligence using a data mining software. Things changed, OPSEC is slowly emerging as a concept among malicious parties, whenever some of the "calls for action" in the DDoS attacks were posted at mainstream forums, they were immediately removed so that they don't show up in such academic initiatives

08. 76Service - Cybercrime as a Service Going Mainstream
The reappearance of the 76Service allowing everyone to log into a web based interface and collect all the accounting and financial data coming from malware infected hosts across the globe for the period of time for which they've bought access, indicates that what used to be proprietary services which were supposedly no longer available, are now being operated in a do-it-yourself fashion. Goods and products mature into services, so from a cost-benefit analysis perspective, outsourcing is naturally most beneficial even when it comes to cybercrime

09. Who's Behind the Georgia Cyber Attacks?
If it's the botnets used in the attacks, they are known, if it's about who's providing the hosting for the command and control, it's the "usual suspects", but just like previous discussion of the Russian Business Network, it remains questionable on whether or not they work on a revenue-sharing basis, are simply providing the anti-abuse hosting, or are the shady conspirators that every newly born RBN expert is positioning them to be.

Cheap conversation regarding the RBN ultimately serves the RBN, and just for the record, there's a RBN alternative in every country, but the only thing that remains the same are the customers, tracking the customers means exposing the RBN and the international franchises of their services, making it harder to identify their international operations. And given that the "tip of the iceberg", namely RBN's U.S operations remain in tact, talking about taking actions against their international operations in countries where cybercrime law is still pending, is yet another quality research into the topic building up the pile of research into the very same segments of the very same ISPs.

Just for the record - these "very same ISPs" are regular readers of my blog, and if you analyze their activities, they're definitely reading yours too, ironically, surfing through gateways residing within their netblock that are so heavily blacklisted due to the guestbook and forum spamming activities that their bad reputation usually ends up in another massive blackhat SEO campaign exposed.

10. Guerilla Marketing for a Conspiracy Site
Conspiracy theorists may in fact have a new wallpaper to show off with

11. Banker Malware Targeting Brazilian Banks in the Wild
When misinformed and not knowing anything about a particular underground segment, a potential cybercriminal would stick to using such primitive compared to the sophisticated banker malware kits currently in the wild. These sophisticated banker malware kits are often coming in a customer-tailored proposition, with their price increasing or decreasing based on the specific module to be included or excluded. For instance, a module targeting all the U.S banks that has been put in a "learning mode" long before it was made available to the customers can be requested and is often available with the business model build around the customer's wants

12. Compromised Cpanel Accounts For Sale
Despite the massive SQL injection attacks, accounting data for Cpanel accounts coming from malware infected hosts seems to be once again coming into play, which isn't surprising given the filtering capabilities and log parsing tools today's botnet masters are empowered with. These very same compromised Cpanel accounts and the associated domains often end up so heavility abused that it's tactics like these that are driving the underground multitasking mentality, namely, abusing a single compromised account for each and every malicious online activity you can think of - even hosting banners for their blackhat SEO services

13. A Diverse Portfolio of Fake Security Software - Part Two
In August we saw a peek of fake security software, neatly typosquatted domains whose authors earn revenue each and every time someone installs the software. The vendors behind this software are forwarding the entire process of driving traffic to those excelling in aggregating traffic and abusing it. As anticipated, underground multitasking started taking place within the fake security software domains, with the people behind them introducing client-side exploits in order to improve the monetization of the traffic coming to the sites

14. DIY Botnet Kit Promising Eternal Updates
There's no such thing as a (quality) free botnet kit. What's for free is often the leftovers from a single feature of a more sophisticated proprietary botnet kit. This one in particular is however trying to demonstrate that even a plain simple GUI botnet command and control software can achieve the results desired by an average script kiddie, and not necessarily satisfy the needs of the experienced botnet master

15. A Diverse Portfolio of Fake Security Software - Part Three
As far as trends and fads are concerned, the majority of the domains are currently parked at up to four different IPs, with most of them going into a stand by mode once they get detected and reappear back couple of weeks later

16. Fake Celebrity Video Sites Serving Malware - Part Two
Due to the template-ization of fake celebrity video sites, and simple traffic management tools combined with blackhat SEO tactics, these sites are also prone to increase in the next couple of months

17. Web Based Botnet Command and Control Kit 2.0
It's releases like these that remind us of the amount of time, efforts and personal touch that a malicious attacker would put into such a management kit, currently acting as a personal benchmark as far as complexity and features indicating the coder's experience with botnets is concerned. What's he's failing to anticipate is that this kit is sooner or later going to turn into the "MPack of botnet management"

18. A Diverse Portfolio of Fake Security Software - Part Four
Keep it coming, we'll keep it exposing until we end up getting down to the "fake software vendor" itself

19. Automatic Email Harvesting 2.0
Email harvesting is slowly maturing into a vertically integrated service provided by vendors of managed spamming services. This email harvesting module is aiming to close the page on text obfuscation in respect to fighting spam, and is successfully recognizing and collecting such publicly available emails. From a psychological perspective though, the end users who bothered to obfuscate their emails are less likely to fall victims into phishing scams, with the obfuscation speaking for a relatively decent situational awareness on how they emails end up in a spammer's campaign

20. Fake Porn Sites Serving Malware - Part Three
As a firm believer in sampling in order to draw conclusions on the big picture, an approach that has proven highly accurate in modeling historical and upcoming tactics and behavior, a single fake porn site serving malware campaign usually exposes a dozen of misconfigured redirectors, which thanks to their misconfiguration despite the evasive features available within the kits, expose another dozen of malware campaigns

21. Facebook Malware Campaigns Rotating Tactics
With no particular flaw exploited other than the social engineering tactic of using already compromised Facebook accounts who would automatically spam all their friends with links to flash files hosted at legitimate services, the more persistent the campaign is, the higher the chance that it will scale enough. This campaign in particular is mainly relying on rotation of tactics, namely different messages, different services and file extensions used in order to trick someone's friend into visiting the URL. With the number of users increasing, the most popular social networking sites are naturally going to be permanently under attacks from cybercriminals

22. Fake Security Software Domains Serving Exploits
Despite that it's a single brand, namely the International Virus Research Lab that's introducing client-side exploits within it's portfolio of domains, the opportunity for abuse may be noticed by the rest of the brands pretty fast

23. Exposing India’s CAPTCHA Solving Economy
Taking into consideration the mentality surrounding a particular country's cybercriminals, how they think, how they operate, what do they define as an opportunity, and how much personal efforts are they willing to put into their campaigns, I wouldn't be surpised if a Russian vendor offering 100,000 bogus Gmail accounts for sale has in fact outsourcing the account registration process to Indian workers, paid them pocket change and is then reselling them ten to twenty times higher than the price he originally paid for them.

The text based CAPTCHAs used at the major Internet portals and services, are so efficiently abused by this approach that continuing to use is directly undermining the trust these email providers and services often come with as granted

Business In Thailand - Part 1: The Challenge

Thu, 04 Sep 2008 10:16:36 +0000

Recently someone asked about business in Thailand. Here is my first post on this topic:

First of all, I learned the Thai alphabet nearly 20 years ago, so I have have a pretty good foundation for the Thai language. I can read (slowly) and speak better than 99.99+ percent of all foreigners in Thailand; so, I thought it was time to redirect my career to a “new challenge” in the business climate of Thailand.

This was no small decision. Your career changes dramatically when you give up a successful consulting practice in the US and dive into business in a foreign land for a new challenge. I can frankly tell you that often the challenge is sometimes overwhelming. It is quite difficult as a foreigner to do business in Thailand.

First of all, it is not legal for foreigners to own land in Thailand. Foreigners can ”own” land using a variety of legal loopholes, proxy owners and shell companies; but all of this is risky and not advised. Foreigners lose a lot of money coming to Thailand and attempting to buy land. Some get lucky, but the entire process of foreigners buying and selling land is quite risky.

Foreigners can own condos, under certain conditions, but this results in inflated prices for condos in Thailand that are traded in an artificial market place. Condos that are up-to-par with condos in the US can easily cost more than condos in major cities in the US. Hence, the cost of living is not as cheap as some might believe.

Business can best be described as “protectism” where the government has placed many barriers to entry to foreigners working in Thailand. Every foreigner must have a work permit and these work permits are expensive and time consuming to maintain. If you own a business you must pay high professional service fees for auditors to perform annual and semiannual audits even if your business has no income yet. Firms in Thailand charge thousands of dollars for these ”audits”.

In addition, if you operate a business, you must have a place of business, so you are forced to lease office space. Foreigners from the US must be paid a minimum of 50,000 Thai Baht per month, so the government will take 10 percent of that each month as their share of tax withholdings. Therefore, to start a company, you will pay a lot of money in startup fees, permits, tax, leases, visas, etc. The entire system is designed to secure money from you, even if you do not have a penny of incoming revenue.

Of course, generating incoming revenue can be quite difficult in a climate of protectionism. In Thailand, it is easy when you are spending money. When you are trying to generate income from Thailand, as a foreigner the challenge can seem overwhelming at times. Many foreigners here give up because the barriers to business here are very high.

On top of all these challenges, which I have not described in detail, is the overall global business slowdown combined with a climate of political instability, which I am sure you have seen in the news.

Most people I know say it is better to be a tourist here. Being a tourist is completely different. Money flows from you, so life in Thailand is fun and friendly, complimentary to the “Land of Smiles” you have heard about. However, when you are working to have money flow the other direction, flow to you versus away from you, you don’t see the “Land of Smiles” as tourists experience.

Without getting into too many details, I can simply say that a foreigner doing business in Thailand experiences protectionism and, to a certain degree, discrimination, and sometimes I wonder if coming here for a “business challenge” was a good idea. I was seeking a “new challenge” and I got more than I bargained for!

In a future post on business in Thailand I will discuss issues regarding how little value is placed in intellectual property in Thailand and how this adversely impacts professional services. I will also touch on how this lack of regard for intellectual property impacts a consulting practice. Also, I will touch on some cultural differences in how Thais appear to view teamwork, which is very different than in the US.

Zango And The Batman Online Videogame

Wed, 03 Sep 2008 07:00:00 +0000

This is Newsarama, a site (mostly) geared around comics and other related media:

Click to Enlarge

You'll notice Batman, over on the right there. Let's take a closer look:

"Free Online Batman Game"? Well, that's curious because I follow comics pretty closely and I'd be the first to know if an "Online Batman Game" had been in the works (this advert has been doing the rounds on numerous comic-related websites. Visit the URL in the ad - Batmangame.info - and you'll see this...

Click to Enlarge

There it is again - "Online Batman Game". Furthermore, the text goes on to say:

"Batman Online lets you do anything and every little thing you'd like in a Batman game. From leveling up your character to destroying villans, it has it all. Download and play this amazing game now, all for free! I'm sure you'll be playing for hours on end, it's that much fun.

    Level Up Your Character

   Explore a Huge Vast World

   Play Online With Your Friends

   Hundreds of Quests To Finish

   Perfect Battle System

So start your Batman adventure today! Download the full game below and fight them all!"

Note that they specifically call it "Batman Online". It specifically sounds like a text blurb you'd expect to see with a MMORPG. However, something isn't quite right here.

1) The only DC licensed MMORPG anybody knows of is this, and it isn't due out until 2009. It's not Batman-centric, either.

2) The screenshots are lifted from the Batman Begins videogame, which came out in 2005. If you were offering a "Batman Online Game", wouldn't you use screenshots from that instead of an unrelated title?

3) Absolutely no licensing, copyright or legal mumbo-jumbo on the page anywhere. DC and Warner Bros don't roll like that.

4) The website - Batmangame(dot)info - is registered anonymously. Not exactly something you see everyday for websites related to licensed DC franchises such as Batman videogames.

5) "To download and play the Batman Online Game you must download and install Zango as well. It is free, very easy to install and will give you access to the full game."

Shall we continue?

Click to Enlarge

A Zango installer prompt, complete with picture of Batman at the top. If you say "No" to the install, you end up on Google.com. What happens if you click "Start"? Well, you'll get the usual collection of Zango installer screens including one that rather humorously has a guy in a superhero costume.

Once everything is installed, you're taken to another page and from here things just get plain confusing. Remember, up to this point you've been promised an "Online Batman Game", the description of which is clearly intended to evoke images of a MMORPG. However....

Click to Enlarge

All of a sudden, you're being told you're downloading "Batman: Vengeance" on a cheap-looking splash page and shown what looks like an unofficially ripped Batman: Vengeance trailer on Youtube.

In case you're unaware, Batman: Vengeance is a videogame first launched way back in 2001 for consoles (followed shortly after by a PC version). What does this have to do with an "Online Batman Game"? Well, nothing, actually. Aside from the fact you were presented with one thing and are now handed another, things get even stranger when you see the download location:

Click to Enlarge

Have you ever heard of an officially licensed game being offered via Rapidshare downloads? It's possible, I guess, but it seems a little odd. However, the real oddness is reserved for the "Online Batman game" itself.

Remember, we've been promised "Hundreds of quests", "A huge vast world", the ability to "level up your character" and (of course) the "play online with your friends" promise of greatness.

Click to Enlarge

Imagine your dismay, then, when you've installed Zango, downloaded the game from Rapidshare using up around 140MB of bandwidth, installed it and....

Oh dear.

Not only are you given a totally different game than what was advertised, you're given a DEMO VERSION of that game with four short sample levels present, no online functionality and quite a few less quests than the "hundreds" advertised.

Hilariously, you can download a 100% legit copy of this demo here at Fileplanet, sans Adware. Setting aside the issue of whether this file is actually sitting on Rapidshare with either Ubisoft or DC / Warner Bros permission (and if it IS okay to be there, I'm pretty sure it's NOT okay to falsely advertise it as some kind of MMORPG) there are some questions that need to be raised here.

When this guy approached them with his website, did nobody stop to think that this game did not actually match up with the "Online Batman" game it was touted as? Didn't someone at Zango Quality Control actually download the game and see the big "This is a demo" wording as soon as it starts up? Or question why the screenshots on the website don't look like the graphics for Batman: Vengeance in the slightest?

However you look at it, this is a scam, pure and simple. Whoever came up with the idea of an "Online Batman Game" is lying through their teeth. Of course, because their website is registered anonymously we have no idea who the culprit is, unless of course Zango want to deposit them on the steps of Gotham City and let me dispense some Batman-style justice to their posterior.

However, based on the way these things tend to go - God forbid anyone ever offer up the identity of someone happily scamming the public at large, even when that person is dragging the name of the company associated with them through the mud by their antics - I think I might be waiting some time for the Bat Signal...

Copycat Web Malware Exploitation Kits are Faddish

Wed, 03 Sep 2008 03:18:08 +0000

For the cheap cybercriminals not wanting to invest a couple of thousand dollars into purchasing a cutting edge web malware exploitation kit -- a pirated copy of which they would ironically obtained several moths later -- with all the related and royalty free updates coming with it, there are always the copycat malware kits like this one offered for $100.

Taking into consideration the proprietary nature of some of the kits, the business model of malware kits was mostly relying on their exclusive nature next to the number, and diversity of the exploits included in order to improve the infection rate. This simplistic assumption on behalf of the coders totally ignored the possibility of their kits leaking to the general public, or copies of the kits ending up as a bargain in particular underground deal where the once highly exclusive kit was offered as a bonus.

"Me too" web malware kits were a faddish way to enjoy the popularity of web malware kits like MPack and Icepack and try to cash in on that popularity by coming up average kits lacking any significant differentiation factors in the process. But just like the original and proprietary kits, whose authors didn't envision the long term growth strategy of integrating different services into their propositions or the kits themselves, the authors of copycat malware kits didn't bother considering the lack of long-term growth strategy for their releases. Branding in respect to releasing a Firepack malware kit to compete with Icepack which was originally released to compete with Mpack, has failed to achieve the desired results as well.

And with malware kits now a commodity, and underground vendors excelling in a particular practice with the long term objective to vertically integrate in their area of expertise -- think spammers offering localization of messages into different languages and segmented email databases from a specific country -- would we witness the emergence of managed cybercrime services charging a premium for providing fresh dumps of credit card numbers, PayPal, Ebay accounts or whatever the buyer is requesting?

That may well be the case in the long term.

Related posts:
Web Based Botnet Command and Control Kit 2.0
DIY Botnet Kit Promising Eternal Updates
Pinch Vulnerable to Remotely Exploitable Flaw
The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw
The Small Pack Web Malware Exploitation Kit
Crimeware in the Middle - Zeus
The Nuclear Grabber Kit
The Apophis Kit
The FirePack Exploitation Kit Localized to Chinese
MPack and IcePack Localized to Chinese
The Icepack Exploitation Kit Localized to French
The FirePack Exploitation Kit - Part Two
The FirePack Web Malware Exploitation Kit
The WebAttacker in Action
Nuclear Malware Kit
The Random JS Malware Exploitation Kit
Metaphisher Malware Kit Spotted in the Wild
The Black Sun Bot
The Cyber Bot
Google Hacking for MPacks, Zunkers and WebAttackers
The IcePack Malware Kit in Action

ASCII Art Spam

Wed, 27 Aug 2008 04:35:14 +0000

I recently had a chat with Stephen Shankland over at CNET regarding the weird and wacky world of ASCII Art Spam. It's been around for some time now, and every now and again there's a little surge (currently most of it seems to be coming out of Korea & China) before dying down again.

Of course, it has an element of visual appeal to it in some cases:

A bowl of spammy noodles, originally uploaded by pragmatic_pete.

They're pretty cool noodles, however you look at it. The biggest problem (for the spammers, anyway) continues to be the fact that, for the most part, the spam is largely unintelligble.

ASCII Art Spam, originally uploaded by schoschie.

.....wha? Sexy....grrmfs? Girls? Gorillas? Who knows. The problem with mangled text also extends (somewhat more crucially) to the URLs they happen to be pimping:

Spam, originally uploaded by cablejimmy.

They're not doing too badly there until they reach the web address, at which point it might as well say

www. absolutelynoideawhatthatsays .com

Of course, the last thing I'm suggesting is that I long for the day when the spammers get it right, but at least they can provide us with some cheap laughs regarding how hopeless their spam is in the meantime.

ScienceLogics 5-Year Anniversary

Wed, 20 Aug 2008 18:39:16 +0000

August 2003. The largest blackout in U.S. history darkens the Northeast and Midwest, the Blaster worm has been unleashed and Madonna and Britney create a stir at the 2003 MTV Music Video Awards. In the midst of this hot summer madness, ScienceLogic was founded.

To kick off our celebration of our first five years, we asked ScienceLogic founders Dave Link, Richard Chart and Chris Cordray for their thoughts and memories on events leading to today’s milestone. How and why did they set out on this venture? What happened along the way – expected and unexpected? Why were they successful in times when other new (and established) businesses have come and gone?

How did you three put together this team?

We all worked together at a large Managed Service Provider for a couple of years before leaving to start ScienceLogic, so we all knew each other and knew our collective strengths. More importantly, each of us had worked with network management tools on some level (sales and marketing, engineering and product development), and knew first-hand all of the customer pain points, from every perspective. So we left and began rapidly figuring out how to build a better network management solution based upon our real world operational experience..

Dave: One interesting aspect is that our areas of expertise don’t overlap, which has contributed to our success. Chris is excellent with developing the product front-end and interface, Richard handled the backend architecture and engineering and I focused on the technical business side of sales and marketing. Our roles have been to build a product that works well and that provides real value to operations teams that experience the same day to day frustrations that we felt.

Whose idea was it to start the company?

Dave: It was really a collective effort. We were all passionate about “getting it right” and not just starting a company. We knew the industry need and between us, we had the knowledge and skill sets to address all of the right aspects of developing a product and a building a business around it.

What process did you go through to get started?

Richard: From the beginning we knew the type of solution the market needed and we knew that we wanted to build it as an appliance. From different vantage points, we had each experienced the effects of long, difficult and expensive installations that still exist with traditional network tools. Every install has unique variations: there are always different server types, varying hardware and software versions, different patches installed, and on and on. Every installation was time consuming and unpredictable. We knew that an appliance model would address all of these variables and save a lot of time on how quickly customers could achieve immediate value.

The harder decisions were around actually starting the business, assessing the market and of course determining the product pricing.

EM7 completely flips the traditional model of complex, lengthy and expensive deployments. How did you convince others that the EM7 Meta-Appliance product was valid?

Dave: Yes, EM7 totally disrupts the traditional model for network management. While others take a narrow approach, we intentionally designed EM7 to focus on the broad problem – managing the data center. How do you cover a variety of technologies and make sure they work seamlessly together? The vision was to make it easier, not harder, for customers.

Chris: I have to give it to Dave – very early on, he realized the power of a demo. If Dave could get in front of someone, he’d make them a believer. He’d use the Peter Falk/Columbo technique of “let me show you one more thing.” It was very effective. It’s getting easier, but even today people sometimes have to see EM7 in action before they become believers.

Can you describe the early days of running a new business?

Dave: ScienceLogic is a classic case of entrepreneurship. For the first year we worked out of our basements. We kept the costs low in every conceivable way and spent the first year developing the product before we even made a sale.

Chris: We stayed at lots of odd places when we were on the road, took cheap flights with multiple layovers and purchased lots of our first test equipment on eBay. This was during the dot-com bust so there was lots of equipment for sale on eBay, really cheap!

Richard: The amount of equipment I had in my house was absolutely crazy. Back then, servers were huge – I had a Cisco 6509 Catalyst, a Compaq Proliant DL380, Brocade switch, IBM Netfinity 4500R, and tons of other machines.

Chris: I had to install a new circuit box at home because I was blowing breakers. I remember when that 6509 crashed, we revived it and it died again. The second death was final.

So you started in your houses – what was your first office space?

Dave: My friend, the CEO at Ernst & Young Technology had a few extra cubes and a data center in their office that they graciously allowed us to use. Their help was an important step in helping us really formalize the business. We started doing well and adding people, but ironically, their company was downsizing. Before long, many of their original YET people were gone and the ScienceLogic team kept growing in to the open cubes.

Our first leased space was converted warehouse space in Chantilly, VA that once housed an internet radio station. It was cool – it had a large salt water fish tank, a loft, a spiral staircase and a Star Trek door that retracted into the walls with the customary lights and “whooshing” sound.

We outgrew the Chantilly space, leading to our current office in Reston, VA.

Who was the first ScienceLogic customer?

Our first paying customer was Martins Point Health Care. We deployed there in July 2004 and are pleased to say they continue to be a ScienceLogic customer. Other early (and still) EM7 customers include Navy Knowledge Online and the Department of Transportation. Nearly all of our customers are still actively using EM7 and renewing their maintenance.

Where do you see the company in the next 5, 10 or 15 years?

Well, our revenue has doubled year-over-year in each of the last three years, so of course we’d like to continue to grow like that or even faster. In five years we’ve gone from three founders to the point where Dave does not know everyone’s fondest childhood memory. We’ll continue to scale our growth to cover the demands of our growing customer base.

Where do you see the industry going over the coming years?

Chris: IT is always moving and gaining in complexity, so network management is also becoming more complicated. There’s increasing diversity, new standards, virtualization and cloud computing. All of these are today’s technologies. Customers have a mix of the old and the new, so EM7 has to accommodate and support both.

Richard: Each generation of products has a new set of ways to monitor, but the “old” doesn’t go away. Even when a new, hot technology comes along, the old technologies still need to be supported. We work to ensure EM7 keeps up with both.

Dave: After five years we’re just hitting our stride and we’re just now reaching the tipping point in awareness of ScienceLogic and EM7. We’re all still passionate about the product and as Chris and Rich said, there’s still a lot do. We’ll continue disrupting the market with EM7. Our vision hasn’t changed, and with the increasing levels of automation that customers demand, the market needs are greater than ever. Our future is as bright, or brighter, than ever and we’ll continue to be looking for smart ways to automate traditionally manual IT Operations processes.

What’s your advice for someone interested in starting their own business?

Chris: Be passionate. That’s what has gotten me through the tough times. I didn’t really appreciate this thought when I heard others say it before. But it’s very true.

Richard: I agree. We met and talked with lots of people who told us, “That’s been done before.” But we kept going because we truly believed in what we were doing and we knew that while our approach was different, that it would be successful.

Richard: Be fearless. You can’t be too nervous and you need to be able to expect and handle the stress because it will be there. You have to learn to accept the stressful times as a necessary part of the process of starting out on your own.

Dave: Know your niche from the beginning and give potential customers a compelling reason to trust you and really benefit from your solution. You have to know the problem, see the gap and have a clear and consistent vision of how to solve the problem. Then you have to execute. If you don’t build your team with “doers” you won’t make it.

Chris: It helps to have friends. ScienceLogic was built on friendships and relationships, starting with the three of us. If you look at our team, most of our hires are referrals – people who developed and maintained great connections with other great people throughout their careers. Maintain your connections and keep in touch with your network of friends.

Spammers Take A Cheap Shot...

Tue, 19 Aug 2008 10:24:05 +0000

I'm on holiday this week, but thought I'd better give this a mention anyway (plus, when did being on holiday ever stop me from posting stuff on blogs, right?)

I was surprised to see this posted to the comments section of the Sunbelt Blog:

I was about as surprised as The Dean was!

To quote a further post from The Dean:

"Well, that's weird. Isn't spywareguide Paperghost's blog? I know he wouldn't spam here. And, the link on the first comment goes to a 404 page."

So, we have someone spamming with broken English, dropping links to 404 pages on Spywareguide. Curious.

Now, I did have some suspicions on this - for starters, the recent blogs regarding the pirate movie websites that pop Zango installers just hit a few news websites. As this article mentions, a lot of the sites involved in this are from Asian regions - China, Indonesia etc. I couldn't help but notice the name of the poster was "Tam" - a common name in certain parts of Asia.

Coincidence? Or a possible affiliate not too happy about this being highlighted? Well, a quick email later and the results for the spammer are in:

A potentially forged Reverse DNS aside, it's a strange thing indeed that they just happen to resolve to Vietnam given that a good portion of these sites are in Asia, isn't it?

I think I'll see if any are owned by someone called "Tam".

When I return from my holiday, of course....