Miscellaneous ramblings on miscellaneous topics
Archive for the ‘Spam and Malware’ Category.
Spam messages are rarely amusing enough for me to post anymore, but this one takes the cake:
Subject: Hegihten the qulaity of your ereictons with Soft (ialis.
Biggest_bIowout_sale of \/aIium in our onIine pharmacy
Sorry guys, but SpamBayes wasn’t fooled. You’ll have to do better than misspelled words and ASCII art to get past it.
Wow, this is a blast from the past — a worm that overwrites the Master Boot Record (MBR) of the hard drive. I haven’t seen one of those since the early nineties. But believe it or not, that’s not really destructive… just fdisk /mbr to rebuild the MBR, and unless the worm has done a lot more to your system, you’re back in business.
It’s a very long article, so I’ve only skimmed the answers that their chosen experts gave, but it’s very odd to me that the answers were so varied. Market share was brought up several times, as an argument for a Mac (or Linux, though that was barely mentioned), but others said that market share matters a lot less now than it used to. Others mentioned that applications are the important ingredient nowadays, not OSes. And several pointed out that social engineering works the same on any OS.
Probably the most interesting response, to me, was the one from independent researcher Dino Dai Zovi:
Neither. Consumers should see if Apple’s iPad or the forthcoming devices based on Google’s Chrome OS suit their needs because both are significantly more secure than any general-purpose desktop system, Linux, Mac, or PC.
He’s got a point, but I can’t recommend an iPad, at least right now. The same features that make it “significantly more secure” also make it significantly less useful, in my opinion.
This does look like a problem. Here’s an idea for an easy solution, though.
In the address bar, the browser could display both the address (as it does now) and the script name. Unicode is split up into different well-defined sections for different language scripts, so this shouldn’t be very difficult to implement. In the case of the Russian “raural” text that the article shows, you’d be able to tell that the site wasn’t really PayPal because you’d immediately see that it was from the Cyrillic section of Unicode, not the Latin section (which English uses) that you expected. Or you’d see that it was from mixed scripts, which would be a huge red flag in most cases.
It’s not a perfect solution, but it would allow moderately savvy Internet users protect themselves from this kind of thing.
If no one else attempts this, I might try writing a Firefox extension that does it, once Unicode domain names are possible.
And the game of cat and mouse continues, with the good guys looking decidedly mouse-like at the moment.
I’m sure this is good for us, on the whole. It forces us to continue improving the state of the programming art, in much the same way that disease forces us to continue improving the medical arts. But it’s also a major pain in the posterior.
The last paragraph is particularly heartening:
FireEye researchers said the key to dismantling the giant ring was a coordinated effort that worked in multiple directions all at once so that bot herders didn’t have a chance to counteract. “As it turns out, no matter how many fallback mechanisms are in place, if they aren’t all implemented properly, the botnet is vulnerable,” they wrote.
Complete text of a spam I recently received:
Get an omnipotent porksword!
Omnipotent porksword?! Running out of synonyms, guys? 
I’ve mentioned before that I no longer run antivirus software on most of my Windows machines, but Bruce Schneier has just posted a persuasive argument in favor of it in most cases, despite the flaws.
But persuasive or not, it doesn’t change my opinion or my stance on the systems I control. Antivirus is generally a good thing, but on several CPU-challenged systems that I run, it’s more of a hassle than a help. If malware manages to penetrate one of those systems at some point, I may re-think that. Until then, it stays off.
(For the curious, and those about to flame me in the comments, please read the original article that Schneier is responding to first. Like Ranum, I am using other — and more effective — forms of security on those machines, just not an antivirus program.)
I don’t know why ISPs didn’t start doing this ten years ago. It was easily possible then, and there was certainly a need for it at that point too. I hope more of them pick it up in the future.
Haven’t seen one of these in a while, but this one appeared recently in my spam folder:
Congratulations!
You have won money in our annual e-mail lottery!
You may find the gift check in attachment to this e-mail.
Please print the check, to get your money prize.
E-mail lottery.
USA Mega Millions.
[URL removed]
The attachment is Bank_check_XXXXXXXX.zip (the Xs are a presumably-random hexadecimal number), containing a 64KB executable by the same name. These days, it almost certainly installs a back-door Trojan, to open the systems of anyone foolish enough to run it to further exploitation.
Maybe in a recession more people succumb to greed (desperation?) and stupidity, so this kind of thing gets better results. Or maybe the scammers are doing as badly as everyone else, and they’re getting desperate and trying all the moldy oldies to see if anything will sucker people these days.
Now that I think about it, I like that mental image. 