[SecurityRatty] tag: receive

Technology Tales from Thailand: KBank Fraud Management

Wed, 20 Aug 2008 03:16:51 +0000

In The Magical ATM Card and SMS Message in Thailand we talked about booking flights and securely paying using a SMS PayCode and ATM transfer, avoiding the possibility of on-line credit card fraud; and in Keyloggers: Why Banks Need Two-Factor Authentication I described how KBank uses SMS-based one-time-passwords (OTP) to authenticate transactions.

In addition to the above services, KBank offers a service that permits users to receive an SMS message that details any change in account balance and/or point-of-sale (POS) transaction with your debit card. I really like this service and the feeling of security knowing when, where and by how much my balance changes or my debit card is used in a transaction. The KBank POS SMS notification is so fast that when I present my card to a merchant I normally receive an SMS message detailing the transaction before the merchant returns for my signature. (There is an unfortunate lag in the balance change notification that can run minutes to hours behind real-time, but the POS VISA debit card notification is real-time).

As the story goes, I should have been using my KBank card and account a few weeks ago and not my US-based VISA debit dard. Why?

My US-based VISA debit card was cloned sometime on or before August 8th. I am really careful with this card, so I was surprised the magnetic strip was cloned at a POS merchant. The fraudster made 7 fraudulent transactions beginning on August 8th for a total of around $2500 USD, mostly on August 11th, before I discovered the fraudulent transactions viewing my account on-line.

This would not have happened with KBank SMS-based transaction notification services.

The first transaction with my cloned VISA debit card was less than $50 USD (I assume the fraudster was “testing the water”). If I was using my KBank card, I would have received an immediate SMS message detailing a POS transaction in Bangkok when I was physically far away from Bangkok in Chiang Mai. I could have immediately called the bank (or logged in) and blocked the debit card, limiting potential losses to the bank or the merchant to one fraudulent transaction, not seven.

In addition, KBank offers what they call a Web-Shopping VISA card, where you can go into your on-line account (verified by SMS OTP as mentioned) and request a VISA debit card number (with expiration date, CCV etc). You set the limit from 0 to 500,000 THB (Thai Baht) per day; and you can login to your account and change this anytime (authenticating your transaction with another SMS-based OTP). You can also block or cancel this number anytime and apply for another one.

I am amazed that in Thailand I receive much better anti-fraud prevention and detection services than with banks in the US. I know of no bank or brokerage in the US that offers the same quality of service and security as KBank in Thailand.

Why can't POP3 clients receive Exchange Server email?

Tue, 19 Aug 2008 20:00:00 +0000

Get tips on how to download POP3 email to Microsoft Outlook mailboxes in a Microsoft Exchange Server setup.

VMware Big-Time Boo-Boo

Tue, 12 Aug 2008 14:49:54 +0000

VMware needs some good press these days. What it certainly does not need is this VI 3.5 update snafu which can shutdown “thousands of virtual infrastructures” and breaks VMotion.

Alert – do not upgrade to Virtual Infrastructure 3.5 Update 2.

Apparently there’s some problem with the license expiration time and the workaround suggested by a Virtualization.Info reader is to set the date back to August 10 – which of course messes up your logs and any monitoring that you may be doing. No immediate solution forthcoming from VMware and in fact, good luck getting in touch with the company.

“At the moment it seems that the entire VMware Knowledge Base collapsed. Calling the support line customers can just receive a brief message saying that the problem will be solved within 36 hours.
Additionally, VMware removed the capability to download any affected product.”

Soldiers Receive All-in-One Nonlethal Warfare Kit

Fri, 08 Aug 2008 10:45:00 +0000

There are many ways to skin a cat without killing him, apparently, as the U.S. Army demonstrates with an array of new, nonlethal weapons designed for everything from checkpoint control to quelling rioters.

Fake IE7 Downloads Advertised Via EMail

Thu, 07 Aug 2008 10:56:21 +0000

There seem to be quite a few of these in circulation over the past day or so:

Download the latest version!

About this mailing:
You are receiving this e-mail because you subscribed to
MSN Featured Offers. Microsoft respects your privacy.
If you do not wish to receive this MSN Featured Offers e-mail,
please click the "Unsubscribe" link below. This will not
unsubscribe you from e-mail communications from third-party
advertisers that may appear in MSN Feature Offers.
This shall not constitute an offer by MSN. MSN shall
not be responsible or liable for the advertisers' content
nor any of the goods or service advertised. Prices and item
availability subject to change without notice.

2008 Microsoft | Unsubscribe |
More Newsletters |
Privacy

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

As you might have guessed, it's fake. Microsoft don't send out EMails asking you to download files from random, non-Microsoft websites. This:

....is not what it appears to be. Run the file, and instead of IE7, you're actually more likely to see a fake antivirus program appear on your desktop:

Click to Enlarge

This particular fake AV is also being pushed quite heavily via the recent CNN videos scam. You can see another example of these emails here. There is more than one URL being used for this attack, so be alert!

Pinch Vulnerable to Remotely Exploitable Flaw

Thu, 07 Aug 2008 06:22:01 +0000

In the very same way a cybercrime analyst is reverse engineering and sandboxing a particular piece of malware in order to get a better understanding of who's being it, and how successful the campaign is once access to the command and control interface is obtained, cybercriminals themselves are actively reverse engineering the most popular crimeware kits, looking, and actually finding remotely exploitable vulnerabilities allowing them to competely hijack someone's command and control, and consequently, their botnet. The Zeus crimeware kit, which I've been discussing and analyzing for a while, is the perfect example of how once a popular underground kit start acting as the default crimeware kit, cybercriminals themselves start looking for vulnerabilities that they could take advantage of. And those who look, usually end up finding.

A remotely exploitable flaw allowing cybercriminals to remotely inject a web shell within another cybercriminal's web command and control interface of the popular Pinch crimeware that's been around VIP underground forums since June, 2007, is starting to receive the necessary attention from script kiddies catching up with the possibility of hijacking someone's malware campaign due to misconfigured command and control servers.

With the exploit now in the wild, retro cybercriminals still taking advantege of the ubiqutous command and control interface that could be easily used by other malware rathar than Pinch, "cybercriminals are advised" to randomize the default file name of the gate, and apply the appropriate directory permissions.

Monocultural insecurities are ironically started to emerge in the IT underground with the increasing commoditization of what used to be a proprietary web exploitation malware kit or a banker malware kit, allowing easy entry into the malware industry through the unregulated use of what some would refer to as an "advanced technology" that only a few cybercriminals used to have access to an year ago. Just like legitimate software vendors, authors of crimeware kits are also trying to enforce their software licenses and forbidding any reverse engineering of their kits in order to enjoy the false feeling of security provided by the security through obscurity. The result? Cybercrime groups filing for bankruptcy unable to achieve a positive return on investment due to their intellectual property getting pirated and their inability to enforce the licenses that they issue to their customers.

We're definitely going to see more trivial, but then again, remotely exploitable vulnerabilities within popular crimeware kits, which can assist both the cybercrime analysts and naturally the cybercriminals themselves. For the time being, even the most sophisticated malware campaigns aren't fully taking advantage of the evasive and stealth tactics that the kits, or their common sense allows them to - let's see for how long.

Related posts:
Russia's FSB vs Cybercrime
Crimeware in the Middle - Zeus
The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw
Coding Spyware and Malware for Hire

Cross-site scripting CAN be used to hack a server

Tue, 05 Aug 2008 18:06:00 +0000

Likely you remember when Joseph Pierini at McAfee Secure / Hacker Safe said XSS wasn't important because "cross-site scripting can't be used to hack a server. You may be able to do other things with it. You may be able to do things that affect the end-user or the client. But the customer data protected with the server, in the database, isn't going to be compromised by a cross-site scripting attack, not directly."
That gem has made McAfee Pwnie worthy (winners announced tomorrow!); may the Lamest Vendor win.
That said, anyone with a clue knows that XSS attacks are ideal for credential theft, and if you can steal credentials, you can hack a server.
Looking for a textbook example? Check out mckt's new blog, skeptikal.org.
Here's a highlight:
"Every cPanel user's account contains a file titled .contactemail in its home directory. This is used to tell the server and administrators who to email when things go south, and can be changed by the user through the cPanel interface, the file manager tool, FTP, or through local scripts. It's only a text file, after all. Assuming we set our email address to:
"onmouseover="alert(1337)
When the friendly system administrator tries to reset our email address (because we forgot our password, obviously), he will receive an alert box in his browser.
But an alert box doesn't really demonstrate anything. Fortunately the WHM (Web Hosting Manager) interface has enough functionality that we can perform just about any system-level task we want. This one will reset the root password to 'owned':
"onmouseover="f=document.forms[0];f.action='/scripts/passwd';f.user.value='root';
f.removeChild(f.domain);d=document.createElement('input');f.appendChild(d);
d.name='password';d.value='owned';d=document.createElement('input');f.appendChild(d);
d.name='password2';d.value='owned';f.submit()
Of course, the only limit is your imagination- WHM can set up cron jobs, add and delete users, send full backups to a server of your choice, and reformat hard drives."

Hmm...I'd say that would be a server hack. ;-)
Welcome, Mike...keep up the good work.

del.icio.us | digg

Compromised Web Servers Serving Fake Flash Players

Tue, 05 Aug 2008 10:50:04 +0000

The tactic of abusing web servers whose vulnerable web applications allow a malicious attacker to locally host a malicious campaign is nothing new. In fact, malicious attackers have been building so much confidence in this risk-forwarding process of hosting their campaigns, that they would start actively spamming the links residing within low-profile legitimate sites across the web.

This campaign serving fake flash players is getting so prevalent these days due to the multiple spamming approaches used, that it's hard not to notice it - and expose it. From a strategic perspective, having a legitimate low-profile site -- of course with the obvious exceptions being on purposely registered for malicious purposes within the participating sites -- hosting your malicious campaign is pretty creative in terms of forwarding the responsibility, and the eventual blocking of a legitimate site to the its owner. As far as the owner's are concerned, it appears that some of them are already seeing the malware page popping-up on the top of their daily traffic stats, and have taken measures to remove it.

Moreover, Adobe's Product Security Incident Response Team (PSIRT) issued a warning notice about the attack yesterday, which could come handy if the attackers weren't taking advantage of client-side vulnerabilities, putting the unware end user is a situation where he wouldn't even receive a download dialog :

"We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.We’d like to take this opportunity to reiterate the importance of validating installers and updates before installing them. First off, do not download Flash Player from a site other than adobe.com – you can find the link for downloading Flash Player here. This goes for any piece of software (Reader, Windows Media Player, Quicktime, etc.) – if you get a notice to update, it’s not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."

The structure of the malware campaign is pretty static, with several exceptions where they also take advange of client-side vulnerabilities (Real player exploit) attempting to automatically deliver the fake flash update or player depending on the campaign. On each and every site, there are dnd.js and master.js scripts shich serve the rogue download window, and another .html file, where an IFRAME attempts to access the traffic management command and control, in a random URL it was 207.10.234.217/cgi-bin/index.cgi?user200. A sample list of participating URLs, most of which are still active and running :

joseantoniobaltanas .com

automoviliaria .es/hotnews.html
risasnc .it/fresh.html
carpe-diem .com.mx/fresh.html
kotilogullari .com.tr/hotnews.html
ferrariclubpesaro .it/hotnews.html
imobiliariacom .com.br/default.html
misoares .com
osniehus .de/fresh.html
mydirecttube .com/1/5098/
madosma .com/default.html
tutotic .com/checkit.html
veit-team .si/default.html
antigewaltkurse .de/stream.html
kwhgs .ca/topnews.html
vorgo .com/stream.html
ankaraspor .com.tr/default.html
xxxdnn0314 .locaweb.com.br/watchit.html
ossuzio .com/watchit.html
cit-inc .net/default.html
negocioindependiente .biz/default.html
ambermarketing .com/topnews.html
web27 .login-7.loginserver.ch/stream.html
moretewebdesign .br-web.com/stream.html
omdconsulting .es/topnews.html
parapendiolestreghe .it/hotnews.html
campodifiori .it/topnews.html
212.50.55.81 /stream.html
logisigns .net/fresh.html
intimaescorts .com/default.html
ghioautotre .it/live.html
geckert .de/stream.html
yuricardinali .com/watchit.html
retder .com/fresh.html
valdaran .es/default.html
getadultaccess .com/movie/?aff=5274
bauelemente-giering .de/stream.html
newyork-hebergement .com/watchit.html
allevatoritrotto .it/live.html
exoss2 .com/hotnews.html
soundandlightkaraoke .com/stream.html
land-kan .com/stream.html
grimaldi.nexenservices .com/watchit.html
inconstancia .com.br/watchit.html
gretelstudio .com/stream.html
sumacyl .com/watchit.html
mysna .net/fresh.html
gimnasioyx .com.ar/watchit.html
lagalbana .com/watchit.html
bielizna.tgory .pl/topnews.html
bcs92.imingo .net/stream.html
lapiramidecoslada .es/topnews.html
raulortega .com/stream.html
go-art-morelli .de/hotnews.html
wowhard.baewha .ac.kr/watchit.html
dianagraf .es/default.html
komma10-thueringen .de/hotnews.html
miavassilev .com/stream.html
swampgiants .com/watchit.html
compagniedephalsbourg .com/fresh.html
arla-rc .net/hotnews.html
salacopernico .es/watchit.html
drfinster .de/checkit.html
healthylifehypnotherapy .com/stream.html
ecotrike-bg .com/fresh.html
paoepalavra .org/watchit.html
jureplaninc-sp .com/topnews.html
fichte-lintfort .de/default.html
hergert-band .de/checkit.html
izliyorum .org/topnews.html
lideka .com/stream.html
athena-digitaldesign .com.tw/hotnews.html
e-paso .pl/stream.html
colombeblanche .org/stream.html
teatromalasa .es/watchit.html
mesporte.digiweb.com .br/stream.html
bistrodavila.com .br/watchit.html
hausfeld-solar .de/topnews.html
nakedinbed.co .uk/topnews.html
csr.imb .br/stream.html
herion-architekten .de/default.html
jbhumet .com/default.html
gruppouni .com/hotnews.html
francex .net/fresh.html
galvatoledo .com/topnews.html
cmeedilizia .eu/topnews.html
kroenert .name/default.html
textilhogarnovadecor .com/topnews.html
keithcrook .com/stream.html
elpatiodejesusmaria .com/checkit.html
neticon .pl/hotnews.html
malerbetrieb-pelzer .de/hotnews.html
easterstreet .de/fresh.html
piogiovannini .com.ar/watchit.html
ser-all .com/topnews.html
petzold-dieter .de/checkit.html
beatmung-brandenburg .de/checkit.html
ossuzio .com/watchit.html
teatromalasa .es/watchit.html
vuelosultimahora .com/topnews.html
zelenaratolest .cz/pornotube/index1.htm
ambulatoriovirtuale .it/topnews.html
10a3 .ru/index1.php
izliyorum .org/topnews.html
collectedthoughts .co.uk/index12.html
afg .es/topnews.html
albertruiz .net/topnews.html
bielizna.tgory .pl/topnews.html
blueseven.com .br/topnews.html
bollettinogiuridicosanitario .it/topnews.html
caprilchamonix.com .br/topnews.html
carlolongarini .it/topnews.html
champimousse .com/topnews.html
cheviot.org .nz/topnews.html
contrapie .com/topnews.html
gruppouni .com/topnews.html
hausfeld-solar .de/topnews.html
herbatele .com/topnews.html
houseincostaricaforsale .com/topnews.html
alim.co .il/topnews.html
allevatoritrotto .it/topnews.html
amafe .org/topnews.html
ambulatoriovirtuale .it/topnews.html
atelier-de-loulou .fr/topnews.html
automoviliaria .es/topnews.html
autoreserve .fr/topnews.html
izliyorum .org/topnews.html
jureplaninc-sp .com/topnews.html
kwhgs .ca/topnews.html
lapiramidecoslada .es/topnews.html
last-minute-reisen-4u .de/topnews.html
marcadina .fr/topnews.html
maremax .it/topnews.html
corradiproject .info/topnews.html
dantealighieriasturias .es/topnews.html
deliriuslaspalmas .com/topnews.html
ecchoppers .co.za/topnews.html
elianacaminada .net/topnews.html
fonavistas .com/topnews.html
fraemma .com/topnews.html
fundmyira .com/topnews.html
galvatoledo .com/topnews.html
grafisch-ontwerpburo .nl/topnews.html
markmaverick .com/topnews.html
micela .info/topnews.html
motoclubnosvamos .com/topnews.html
nebottorrella .com/topnews.html
negozistore .it/topnews.html
neticon .pl/topnews.html
norbert-leifheit.gmxhome .de/topnews.html
segelclub-honau .de/topnews.html
snmobilya .com/topnews.html
splashcor .com.br/topnews.html
stephanmager .gmxhome.de/topnews.html
svcanvas .com/topnews.html
tautau.web .simplesnet.pt/topnews.html
textilhogarnovadecor .com/topnews.html
theflorist4u .com/topnews.html
thewindsorhotel .it/topnews.html
vuelosultimahora .com/topnews.html
aliarzani .de/topnews.html
ambermarketing .com/topnews.html
arnold82.gmxhome .de/topnews.html
ocoartefatos.com .br/topnews.html
omdconsulting .es/topnews.html
parapendiolestreghe .it/topnews.html
positive-begegnungen .de/topnews.html
projetsoft .net/topnews.html
rbc.gmxhome .de/topnews.html
beatmung-sachsen .eu/topnews.html
campodifiori .it/topnews.html
clickjava .net/topnews.html
cmeedilizia .eu/topnews.html
dammer .info/topnews.html
embedded-silicon .de/topnews.html
ferrariclubpesaro .it/topnews.html
fgwiese .de/topnews.html
fswash.site .br.com/topnews.html
fytema .es/topnews.html
gildas-saliou. com/topnews.html
go-art-morelli .de/topnews.html
go-siegmund .de/topnews.html
guerrero-tuning .com/topnews.html
gut-barbarastein .de/topnews.html
japansec .com/topnews.html
komma10-thueringen .de/topnews.html
koon-design .de/topnews.html
lanz-volldiesel .de/topnews.html
lauscher-staat .de/topnews.html
losnaranjos.com .es/topnews.html
medical-service-krause .de/topnews.html
nakedinbed.co .uk/topnews.html
nepi.si/topnews .html
radieschenhein. de/topnews.html
residenceflora .it/topnews.html
sabuha .de/topnews.html
ser-all .com/topnews.html
siemieniewicz .de/topnews.html
viajesk .es/topnews.html
allevatoritrotto .it/live.html
bollettinogiuridicosanitario .it/live.html
carlolongarini .it/topnews.html
maremax .it/topnews.html
negozistore .it/topnews.html
parapendiolestreghe .it/live.html
www.donlisander .it/stream.html
aerogenesis .net/watchit.html
allevatoritrotto .it/live.html
atelier-de-loulou .fr/topnews.html
bistrodavila.com .br/watchit.html
bollettinogiuridicosanitario .it/live.html
caprilchamonix.com .br/topnews.html
cheviot.org .nz/live.html
condorautocenter .com.br/watchit.html
dantealighieriasturias .es/live.html
ecchoppers .co.za/topnews.html
elianacaminada .net/live.html
fonavistas .com/topnews.html
fundmyira .com/topnews.html
g6esporte .com.br/stream.html
grafisch-ontwerpburo .nl/topnews.html
gretelstudio .com/stream.html
gutierrezymoralo .com/watchit.html
healthylifehypnotherapy .com/stream.html
herbatele .com/live.html
jureplaninc-sp .com/topnews.html
lacomercialsrl .com.ar/stream.html
lagalbana .com/watchit.html
lapuertaestrecha .com.es/watchit.html
marcadina .fr/topnews.html
maremax .it/topnews.html
myadultcube .com/flash//aff=5176
myadultcube .com/flash//aff=5810
myadultcube .com/movie//aff=5155
newyork-hebergement .com/watchit.html
norbert-leifheit.gmxhome .de/topnews.html
omdconsulting .es/topnews.html
oyakatakent46537 .com/stream.html
parapendiolestreghe .it/live.html
regesh. co.il/watchit.html
rikkeroenneberg .dk/watchit.html
s215847279 .onlinehome.fr/stream.html
salacopernico .es/watchit.html
seekzones .com/watchit.html
seicomsl .es/watchit.html
sigma-lux .ro/watchit.html
soundandlightkaraoke .com/stream.html
stephanmager.gmxhome .de/topnews.html
tartuinstituut .ca/watchit.html
teatromalasa .es/watchit.html
vuelosultimahora .com/topnews.html
wowhard.baewha .ac.kr/watchit.html
aliarzani .de/topnews.html
ambermarketing. com/live.html
bilbondo .com/watchit.html
bollettinogiuridicosanitario .it/live.html
colombeblanche .org/stream.html
donlisander .it/stream.html
fgwiese .de/topnews.html
geckert .de/stream.html
helene-taucher .de/watchit.html
lanz-volldiesel .de/topnews.html
mairie-margnylescompiegne .fr/watchit.html
medical-service-krause .de/topnews.html
nakedinbed.co .uk/topnews.html
ossuzio .com/watchit.html
piogiovannini .com.ar/watchit.html
sabuha .de/topnews.html
sumacyl .com/watchit.html
swampgiants .com/watchit.html
xn--glland-3ya .de/stream.html
yuricardinali .com/watchit.html
nepi .si/topnews.html
dammer .info/topnews.html
atelier-de-loulou .fr/topnews.html
galvatoledo .com/topnews.html
allevatoritrotto .it/topnews.html
hausfeld-solar .de/topnews.html
micela .info/topnews.html
bistrodavila .com.br/watchit.html
hausfeld-solar .de/topnews.html
csr.imb .br/stream.html
herion-architekten .de/default.html
gruppouni .com/hotnews.html
galvatoledo .com/topnews.html
kroenert .name/default.html
keithcrook .com/stream.html
elpatiodejesusmaria .com/checkit.html
malerbetrieb-pelzer .de/hotnews.html
dantealighieriasturias .es/topnews.html
oyakatakent46537 .com/stream.html
89.19.29 .13/stream.html
slobodandjakovic .com/fresh.html
cqcs.com .br/stream.html
seekzones .com/watchit.html
pascosa .it/stream.html
caprilchamonix .com.br/topnews.html
positive-begegnungen .de/topnews.html
ferien-urlaub-lastminute .de/default.html
mueggelpark .info/watchit.html
hillner-online .de/fresh.html
guiasaojose .net/default.html
deliriuslaspalmas .com/topnews.html
fraemma .com/topnews.html
morsbaby .net/default.html
vickywhite .com/fresh.html
micela .info/topnews.html
corradiproject .info/topnews.html
liguehavraise .com/live.html
capacitacaoemlideranca .com.br/fresh.html
materialesyacabados .com.mx/stream.html
208.112.7.68 /checkit.html
152.10.1.37 /1.html
carlolongarini .it/topnews.html
splashcor.com .br/topnews.html
lobpreisstrasse .org/1.html
motoclubnosvamos .com/hotnews.html
hk-rc.com /1.html
taaf.re /stream.html
dulceysalao .com/default.html
amafe .org/topnews.html

Sample detection rate : flashupdate.exe
Scanners Result: 35/36 (97.23%)
Trojan-Downloader.Win32.Exchanger.hk; Troj/Cbeplay-A
File size: 78848 bytes
MD5...: c81b29a3662b6083e3590939b6793bb8
SHA1..: d513275c276840cb528ce11dd228eae46a74b4b4

The downloader then "phones back home" at 72.9.98.234 port 443 which is responding to the rogue security software AntiSpy Spider (antispyspider.net) :

"AntiSpy Spider is a cutting-edge anti-spyware solution.This revolutionary anti-spyware program was created by the industry's top spyware experts in order to protect your computer and your privacy.html, while ensuring optimal system performance.With the ability to locate, eliminate and prevent the widest range of spyware threats, AntispyStorm is able to offer its users a safe, spyware-free computing experience; and with it's convenient automatic update feature, AntispyStorm ensures continuous up-to-date protection."

Sample detection rate : antispyspider.msi
Scanners Result: 11/35 (31.43%)
FraudTool.Win32.AntiSpySpider.b;
File size: 1851904 bytes
MD5...: 2f1389e445f65e8a9c1a648b42a23827
SHA1..: e32aa6aa791e98fe6fdef451bd3b8a45bad0acd8

The bottom line - over a thousand domains are participating, with many other apparently joining the party proportionally with the web site owner's actions to get rid of the malware campaign hosted on their servers.

Related posts:
Lazy Summer Days at UkrTeleGroup Ltd
Fake Porn Sites Serving Malware - Part Two
Fake Porn Sites Serving Malware
Underground Multitasking in Action
Fake Celebrity Video Sites Serving Malware
Blackhat SEO Redirects to Malware and Rogue Software
Malicious Doorways Redirecting to Malware
A Portfolio of Fake Video Codecs

Library QUSRSYS not completely installed

Mon, 04 Aug 2008 09:31:52 +0000

If you receive an error following a QUSRSYS install on the AS/400, you may need to reinstall while making sure to keep a back-up of the previous library because it contains user data.

VCsChoosing How to Invest

Mon, 04 Aug 2008 06:23:13 +0000

Don Dodge has a series going on about VCs and why startups fail, and he says VC’s say no to startups 99% of the time, yet still choose failing companies 33% of the time or so. Interestingly he compares the selection process to the way investors choose their stocks –

I would guess that every one of you reading this blog have a stock portfolio with 5 to 10 individual stocks or mutual funds. There are more than 5,000 publicly listed companies to choose from, and another 5,000 mutual funds. But, out of 10,000 possible companies you chose 10 to invest in. Why? Why did you reject the other 9,990 companies? Obviously there are more than 10 good companies to invest in. Other investors chose to invest their money in the other 9,990 companies…why not you?

I suppose the difference must be that many investors aren’t actively involved in their investments (maybe entrepreneurs are more so, since they have to know a certain investment space quite well)…

It sounds to me a lot like the editorial selection process for book manuscripts, articles, and so forth — editors receive a ton of submissions and they have to be choosy. Sometimes they don’t pick winners; sometimes they pick losers. More importantly, each has a personal style, opinions, preferences, and they are trying to appeal to a certain audience. It’s interesting to think that VCs are similar but makes sense–the end question of “What will be successful” really depends on the consumer base and industry, and VCs are just people who probably know and prefer to interact with a certain type of consumer base or audience.