Report

For anyone that missed Microsoft CEO’s Q&A during the Search Marketing Expo West yesterday, a transcript is now available online. I went through and picked out key quotes, so that you don’t have to read the whole thing. Several things stand out from Ballmer’s comments: Mobile operators that want a search engine other than Bing can’t have Windows Phone 7 Series. Microsoft almost certainly is stirring up trouble for Google in Europe through third parties. Microsoft isn’t interested — at least for now — in releasing a Bing application for Android phones. A Bing for iPhone search deal is still possible, simply because Ballmer deflected the question rather than denying it. Twitter is a great Microsoft partner, but the value of an acquisition is “not clear.” My favorite quote from the Q&A: “I haven’t found that when you’re trying to sell something to somebody yelling is very effective.” How funny is that. coming from boisterous Ballmer? ...

“Big Brother Brazil” is a Brazilian reality TV program adapted from the popular Big Brother television series. The show is about a group of people living together in a purpose-built Big Brother house, isolated from the outside world, while being monitored by cameras 24×7. The television series is viewed by scores of people during primetime hours, but live feeds are also available from multiple cameras in the house on the Web. Part of the popularity is due to the fact that some of the videos are suitable only for adult viewing. ...

According to latest State of Spam and Phishing report, scam and phishing messages accounted for 21 percent of all spam, which is the highest level recorded since the inception of the report. For comparison, these types of spam represented only 10 percent of total spam a year ago. Historically, the primary vector for spam attacks was to blast out as many messages as possible, hoping that someone would open a message and click on the call to action. The call to action could be anything from clicking on a link to purchase medications, to visiting an adult website. While we continue to see high volumes of spam originating from expansive botnets, spammers are also moving towards a sophisticated and more targeted approach to spam. Two primary examples of this trend are 419/Nigerian type scams and phishing messages. ...

Criminals like to attack the biggest target because BIGGER generally provides a better Return On Investment (ROI). Windows is a good example. Mac is indeed safer than Windows but it isn’t necessarily because Mac is more secure. Windows has a larger market share and that equals more potential victims. How about search engines? What is the biggest search engine on the block? Google — and the bad guys know it. The result? ...

Last month, Baidu, the leading search engine in China, filed suit against US-based Internet registrar Register.com, in a legal event that took place at the height of the debate over Google’s continued business dealings with China. Baidu accused the registrar of changing its DNS records, so that customers were redirected to a completely different site purporting to represent the “Iranian Cyber Army.” But that original suit was heavily redacted, so we didn’t know the specifics of the alleged defacement. This week, US District Court in New York released the unredacted version of Baidu’s complaint, and now, as the man once said, we know the rest of the story. ...

In Additional to my last Post: http://boelectronic.blogspot.com/2010/03/free-fakeav-at-virus-total-thats-not.html VirusTotal.com [http://en.wikipedia.org/wiki/VirusTotal.com] is a brilliant site that helps both public and researchers alike determine if an executable file they have is potentially malicious or not. Julio Canto (of VirusTotal fame) has noticed that somebody decided to cash in on the good name of the site with the following domain: virus-total(dot)in Go there, and you’ll see a message claiming the site is a “free online antivirus scanning service, click SCAN to begin scanning:“ ...

If history is any gauge, this is probably the first of several incidents like this. The Register – which is worth reading twice a day for its insanely funny headlines if nothing else – is reporting that a hacker (hacktivist?), possibly British, who goes by the handle Neo, has gotten his hands on tax documents for about 1,000 companies and is tweeting the salaries of Latvian bank managers and other execs to Latvian TV. ...

Since January we publish monthly reports about the categories of the spam messages which got sent around the last month. These categories are detected by Avira’s AntiSpam engine. Between January and February 2010 there didn’t change much in the spam landscape. The top 3 is still occupied by Pharmacy, Other (spams which don’t fit any category) and watches. However, this month the Malware category made its way on the 4th with 4.9% after it was only 0.5% in January. ...

In this post I want to highlight how SEO attacks are working: Pages using server side kits to fool search engine bots into ranking them high in results are uploaded to legitimate web sites. If all goes to plan, when a user searches for a popular term, high up in the search engine results are links to these pages. In the example below, the malicious SEO page was the 2nd item in the search results (highlighted in blue). When the user arrives on such a page (highlighted in green in the example below), the referrer is typically checked to ensure they came from a search engine. If so, there are redirected (302 redirect) to another site (orange below). There are typically additional levels of redirection from this point. In the example shown below, the user is bounced from the .org to the .in site (purple). Finally, the user will be redirected to the fake AV distribution site (red). This is where the user receives the usual visual trickery, in order to fool them into installing the rogue application. ...

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY. It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site: Unfortunately, the old site also contains a malicious script, appended after the closing /HTML tag. There are several ways of migrating users to a new website: ...