Make Money Online

Editor’s Note: The following is an analysis of a set of claims made by Shawn Hogan regarding his time as an affiliate of eBay. The claims made by Hogan are serious in nature but are made in an unstructured fashion, delivered without evidence, and seem to be an attempt at salvaging his image. Such claims thus fall into the realm of rumor and innuendo meant to damage eBay’s reputation. It should be noted that eBay was always in good standing while  a Commission Junction merchant and that they are not currently, nor ever have been,  under investigation for such activities as claimed by Hogan.

Last week I posted about criminal charges being filed by the Justice Department against Shawn Hogan of Digital Point Solutions and Brian Dunning of Kessler’s Flying Circus related to allegations of cookie stuffing in the Ebay affiliate program. These were separate charges following a civil suit filed by Ebay in 2008 for the same activity.

Digital Point Solutions Responds

There are always at least two sides to every story. Yesterday evening I received a ping via Twitter linking to a blog post by Digital Point Solutions, written by Shawn Hogan, responding to these allegations. The post is rather long, rambling, and sensational, to say the least. In the post, Hogan defends himself against the charges of cookie stuffing and makes a few rather serious allegations against eBay.

Cookie Stuffing Timeline According to Hogan

I’ll try to summarize the claims made by Hogan, beginning with those aspects related to cookie stuffing activity. The following are facts according to Shawn Hogan:

• Hogan began working with the eBay affiliate program in the fall of 2004, at which time he began an SEO campaign to rank the term “eBay”. By the end of 2004 he held Google SERPs in the top 5 for “eBay” and maintained those until April 2006.

• The rankings were achieved, in part, through Hogan’s Co-op Ad Network. In early 2005, Hogan’s affiliate account came to the attention of eBay because of activity levels and he was assigned a direct eBay representative.

• In the spring of 2005, eBay suggested that Hogan’s Co-op Ad Network be used as a traditional ad network for delivering ads instead of a mechanism to only increase SERPs. Hogan began displaying a small percentage of the ad inventory with eBay ads (“tens of millions” of ads daily) which were ultimately affiliate links. This grew his affiliate account by “300%”.

• In the summer of 2005, eBay approached Hogan wanting more traffic at the same time suggesting he “experiment” with “gray area” techniques that were technically in violation of eBay’s TOS.  One of those techniques described was cookie stuffing, although Hogan does not specifically call it cookie stuffing in his post.

• Towards the end of the summer of 2005, Hogan’s eBay affiliate account showed up on a compliance report performed for eBay by Ben Edelman, an independent third-party compliance expert. [Author’s Note: At this point in time Edelman’s monthly compliance consulting typically focused on testing for cookie stuffing via adware. It is unclear as to whether Hogan was experimenting with this form of traffic generation or not. The Justice Department’s charges only indicate cookie stuffing via web pages.]

• Hogan was told by eBay that he was free to experiment as long as he didn’t show up in outside compliance reports. Hogan further states that eBay recommended he use geo-targeting to remain outside of areas that Ben Edelman was likely to be testing from. At an unidentified point eBay contacted Hogan to request the Digital Point Geo Visitor tool, which was installed on “millions” of web pages, to direct to eBay’s site when clicked instead of to the expected map. Hogan states this was being done some, but not all, of the time.He also states he informed eBay this violated their TOS, but that after consultation with their legal department, eBay requested that the Geo Visitor icon be occasionally replaced with an eBay icon. Hogan claims he considered this a “bait and switch” tactic and wanted to stop it altogether. However, the “pressure from eBay” ultimately won out and tactic was implemented, resulting in a doubling of his affiliate revenues.

• During a private dinner at eBay Live! in the summer of 2006, eBay again asked Hogan for more traffic. Hogan stated there was no way to drive more traffic without using non-compliant means. Hogan claims that the eBay rep responded: “As long as you don’t show up on compliance reports, it’s compliant as far as we are concerned.”

• Sometime in the fall of 2006, Hogan showed up on Edelman’s compliance report for the second time. eBay told Hogan to change his PID so that Edelman could not connect the accounts in any further testing.

• In the fall of 2006, eBay implemented their Rover links. Hogan was pressured by eBay to change his links over, but repeatedly resisted the change, asking them why they wanted the change. Hogan claims eBay finally responded, after months of questioning, that traffic coming through Rover had no compliance check.

• In June of 2007, eBay ended the affiliate relationship.

Hogan’s Allegations Against eBay

• Hogan speculates that the management staff of eBay’s affiliate program was compensated based on commissions paid to affiliates which caused them to turn a blind eye to his activities.

• Hogan further speculates that when Meg Whitman, eBay’s former CEO, left the new management began looking closely into how eBay was being run, including the affiliate program. The new management decided to “clean house” and he was ultimately used to set an example to all affiliates via the civil suit.

• Finally, Hogan contends that the criminal charges amount to a political favour since one of eBay’s civil lawyers has worked for the District Attorney’s office.

The Digital Point Solutions post might be a peek into the defense strategies which may be used in both the criminal and civil suits still pending before the courts. I am somewhat surprised to see the post at all since most defense attorneys usually aren’t keen on their clients making any kind of statement while litigation is ongoing.

Hogan seems to basically admit to cookie stuffing, along with some other tactics not covered in the indictment, and to knowing that such tactics violated eBay’s TOS. His defense appears to hinge on his claims that he was not only being given permission by staff on eBay’s affiliate team but pressured to use such tactics. However, admitting knowledge of the illegality of his actions does not make him any less culpable for them, regardless of whether or not his behavior was endorsed by an outside party.

Further Allegations Against eBay

Hogan makes further allegations of wrong doing by eBay that are not directly related to cookie stuffing, some of which are pretty serious.  These claims are outlined below:

• Early on during the spring of 2005, Hogan became tired of hearing his eBay contact talk about his “crappy” car. In order not to have to hear the repeated complaints, Hogan made a deal that if he ever made more than $1 million a month with eBay he would buy the rep a new car. Around the time he implemented the Geo Visitors switch and his affiliate commissions doubled, he began earning the $1 million a month. Hogan claims he gave his eBay contact $50,000 so he could buy the car himself.While Hogan admits it wasn’t “extortion” because he made the offer himself, he felt like it was due to continued pressure from the rep. Subsequently, he claims he was “coerced” into buying other items for his contact, including a plasma TV and laptop, and was told that “all the affiliates buy their contacts stuff like this”.

• Hogan claims that eBay admitted to him that their TOS were a “façade” allowing them to engage in any activity they wanted, such as spamming search engines, while providing eBay with deniability to major partners like Google. This way eBay could blame the bad behaviour on affiliates.

• Hogan further claims that during the private dinner at eBay Live! eBay employees informed him of a “black budget” that entailed a large dollar amount to be used at their discretion. This was not reported on the balance sheets or to shareholders. In conjunction with this black budget, Hogan reports being solicited by eBay to spam the web with eBay ads while eBay bought hardware off-shore to run the campaign so that the ads could not be traced back to Digital Point Solutions by Google.He continues by saying eBay expressed their dislike for Google and wanted to pay Hogan out of this black budget to hurt Google anyway he could and to “take down Google datacenters somehow”. Hogan claims that eBay went as far as to fly down an executive from the pay per click division to discuss the possibility.

While most of Hogan’s allegations are serious and involve charges of possible criminal activity on the part of eBay, he posted nothing to substantiate any of his claims. While I know that some companies engage in the kind of activities described by Hogan, it also strikes me that if claims cannot be backed up with proof then they are merely hearsay in the eyes of the Court.

Affiliate Dirty Laundry

While affiliate fraud has been getting increased attention within our industry lately, I am aware that bad behavior isn’t limited just to affiliates. Over the years, I’ve seen questionable tactics and activity coming from networks, affiliate managers, and outsourced program managers. Greed is an equal opportunity corruptor.

Cookie stuffing has been a dirty side of our industry for years and continues to be present today. Indeed there are still numerous posts on Digital Point Solutions forum promoting ebooks and scripts for cookie stuffing (screens shots available).

There is plenty of “dirty laundry” to go around in the business. This includes managers who encourage affiliates to break a programs’ TOS. I know firsthand of such incidents. It is an unseemly side of the business that unfortunately happens. It appears that if either of the cases against Hogan goes to trial, the dirty laundry of affiliate marketing may be paraded across the courtroom, and not just as it relates to cookie stuffing. I wonder what impression of our industry this will leave on jury members.

We Have Choices

When I step back from Hogan’s post and put aside the sensational elements, a few things strike me. First, Hogan admits to engaging in cookie stuffing tactics, albeit with the alleged blessing of eBay. Second, he admits to using Digit Point Solutions tools (the Ad Network and Geo Visitors) to implement some of his tactics. These were tools installed on others’ web sites, undoubtedly with some degree of trust that they weren’t being used by the provider to engage in questionable affiliate tactics.

Hogan further admits knowing these tactics were against eBay’s TOS. His justification for engaging in the tactics seems to be eBay’s condoning and encouragement of the tactics.

We all have choices in our business dealings. No one could force Hogan to remain in the eBay program. No one could force him to engage in activities he knew to be in violation of their TOS (and indeed CJ’s TOS, although he never mentions CJ at all in his post). Even if any part of Hogan’s claims regarding eBay’s conduct is proven to be true, I do not subscribe to a “two wrongs make a right” mentality. And, frankly, neither does our legal system. Any wrongdoing on eBay’s part in no way justifies knowingly engaging in wrongdoing by Digital Point Solutions.

Regardless of what a representative of a merchant or network may tell an affiliate privately, affiliates should keep in mind that there may be someone further up the company food chain who disagrees. Ultimately, Terms of Service are legally binding documents between an affiliate and the merchant/network. It is prudent to abide by those TOS. If you choose not to follow those terms your are legally bound by, it can land you in court, regardless of how honorable or not others around you have behaved.

Read more:
Tweet This Post

The defendants in the following cases are considered innocent until proven guilty in a court of law. Additionally, the general schemes alleged in the cases are practices I have personally observed of numerous affiliates over the years.

Background

On August 28, 2008, eBay filed a civil suit against Shawn Hogan, Brian Dunning and Todd Dunning, along with their respective company entities Digital Point Solutions, Kessler’s Flying Circus, Thunderwood Holdings and BrianDunning.com. The suit alleges numerous actions including fraud, racketeering activity under RICO (Racketeer Influenced and Corrupt Organizations), wire fraud and unauthorized access of eBay’s servers. See full complaint (pdf).

The short version is that eBay alleges that the affiliates named engaged in “cookie stuffing”, specifically generating hidden forced clicks of their Ebay affiliate links. Hidden forced clicks are when an affiliate link is invoked without a physical click by the end user. Various forms of technology and/or coding are used so that the merchant’s site is not actually seen by the end user. The alleged activities in question occurred between 2003 and mid 2007.  eBay claims measures were taken to hide the activity and that the defendants denied any wrong doing when questioned by CJ, which at the time was still running  eBay’s program, regarding suspicious traffic.

While this case should be of significant interest to affiliates, networks and merchants, it is a civil matter. Currently the case is unresolved with the outcome pending before the courts.

Criminal Charges Filed

On June 24, 2010, two separate indictments were handed down by a grand jury in California against Shawn Hogan (pdf) and Brian Dunning (pdf) following an FBI investigation by the Cyber Crimes Department.. The indictments charge Hogan and Dunning with wire fraud and criminal forfeiture. Hogan was charged with ten counts of wire fraud and Dunning with five counts of wire fraud.

On July 22, 2010, Hogan and Dunning appeared before the court. Both were released under a $100,000 property bond and surrendering their passports. Both Hogan and Dunning entered not guilty pleas. Hogan’s next court date is September 9, 2010 and Dunning’s is August 19, 2010.

According to court documents, the maximum penalty in both cases is:

• Imprisonment of 20 years
• Maximum fine of $250,000 or twice the gross gain/loss (whichever is greater)
• 3 years of supervised release
• $100 special assessment (per count)

The indictments parallel the eBay civil suit, accusing the affiliates of engaging in hidden forced clicks within the eBay affiliate program.

For years cookie stuffing techniques have been discussed and debated in the affiliate marketing world. I’ve seen a rather casual attitude taken by some regarding the practice. I’ve seen long debates about what constitutes a physical click by the end user. I’ve seen black hat techniques for cookie stuffing and hiding the behavior discussed publicly. For me, one striking point with the indictments is that the FBI and a grand jury were evidently able to grasp technical aspects of affiliate marketing and tracking, and ultimately arrived at the conclusion that the tactics were criminal in nature.

Indictment Specifics

Several interesting specifics were outlined in both of the indictments:

• Between 2006 and June 2007, Shawn Hogan (Digital Point Solutions) earned approximately $15.5 million in commissions from eBay. Hogan was eBay’s number one affiliate.
• Between 2006 and June 2007, Dunning (Kessler’s Flying Circus) earned approximately $5.3 million in commissions from eBay. Dunning was eBay’s number two affiliate.
• Hogan and Dunning are accused of generating hidden forced clicks on both their own web sites as well as sites not connected with the defendants in order to increase the number of computers storing the eBay affiliate tracking cookie.
• The legal criteria for wire fraud was established not on money (commissions) being transferred over the wires, but because of transmission of the tracking cookie between states and internationally.
• The affiliates attempted to hide the activity from eBay and CJ by not engaging in the cookie stuffing on computers located in San Jose (eBay headquarters) or Santa Barbara (CJ’s headquarters). This is geo-targeting and is readily known to be used by affiliates engaging in questionable activity. Of course, not all geo-targeting activity in nefarious.
• Both Hogan (2005) and Dunning (2006) denied any cookie stuffing behavior when questioned by CJ.
• Each individual wire fraud account is related to a particular incident on an IP address outside California (location of eBay servers) where an affiliate cookie for the defendants was set.

Implications

Hogan and Dunning face serious repercussions if found guilty of the charges handed down by the grand jury. This is in addition to a pending civil suit which potentially carries stiff penalties of its own.

Regardless of the innocence or guilt of Hogan and Dunning, the fact that the U.S. Attorney deems cookie stuffing criminal should be a wake-up call for our industry.

As Linda Buquet stated when she first talked about the case, “For the blackhatters out there that say, ‘cookie stuffing isn’t illegal and all is fair in love and affiliate marketing’ – I say you better take a very close look at this case!”

The behavior outlined by the indictment is behavior, with some minor technical variation, I witnessed only yesterday by some affiliates. Nor is it difficult to find resources on how to engage in these types of activities, whether through web pages, adware, widgets, email or any other vehicle. Maybe now that the practice has been deemed illegal, the higher stakes will deter potential abusers.

Affiliates Indicted For Cookie Stuffing

Tweet This Post

Recently, Avast Anti-Virus released a report claiming that Yahoo’s Right Media YieldManager is the leading distributor of “malvertising”. Malvertising being malware that exploits holes in the web  applications that are used to deliver web ads from the big ad delivery platforms. Yahoo! is not alone, malware was also found to be served by Fox Audience Network’s Fimserve.com, Google’s Double Click, and MySpace.

Visitors to sites like The New York Times, The Drudge Report, TechCrunch, and many others found their computers infected with a trojan that looks for vulnerabilities in Java, QuickTime, and multiple Adobe products. Even security savvy surfers were not protected as computers were infected once the ad loaded, not when the ad was clicked.

Once the dust settled, the finger pointing began. According to a CNET interview with Avast Researcher Jiri Sejtko, the malware is a Trojan Javascript form that targets the Windows operating system. Sejtko said that of the ad networks impacted by the Trojan, dubbed JS:Prontexi, only Double Click took proactive measures against it.

“The Google portion of JS:Prontexi is quite small and has gotten visibly even smaller as they have taken steps to improve the situation. That is not the case with Yahoo and Fox.”

Right Media VP Bennie Smith responded to his  network being accused of serving up malicious ads on TechCrunch:

“Partnering with a third-party ad network is a good thing, but you can’t remove all the risk and shift all the responsibility to the ad network…The user is coming to your site, not to the ad network. The primary responsibility still resides with you.”

That’s right. According to Smith it’s the publisher’s fault that the applications that they have no control over are serving up malware.

Working in web security, there I have seen plenty of web applications that are vulnerable to attacks. If I run a blog that is powered by WordPress, then I need to do everything I can to secure it. If a plug-in has known vulnerabilities I have to either look for a patch, disable it, or replace it.

However, unlike the blog example above, publishers have no way of working with the applications that run these ad networks to better secure it. Instead, they have to trust that the ad manager they are running on their site has been secured. They have to trust that the advertisements have gone through some type of review to insure that they are not delivering up malicious code to the visitors.

Unfortunately for the publishers, when their site infects a visitor, the visitor doesn’t blame the ad manager. They blame the web site. If my computer was infected after visiting TechCrunch, I am going to stop visiting. If The Drudge Report is flagged as unsafe, then I will go elsewhere.

Maybe publishers do need to take the initiative. To protect their visitors, perhaps they need to look at which ad networks are doing everything they can to prevent the spread of malware through their network. Ask them questions like:

•    What is the review process for ensuring an ad does not contain malware?
•    What is done to ensure that attackers cannot exploit the code of legitimate ads?
•    Is there a web application firewall in place to inspect web layer traffic?
•    When was the last time your application underwent a code review?
•    Who do I contact if I suspect an ad is serving malware to my visitors?
•    What will you do if your network serves ads on my site that contain malware?

If your questions can’t be answered to your satisfaction, maybe it is time to take responsibility and look for a new ad network. One who is willing to make sure your reputation isn’t damaged by the content they serve on your web site.

Here is the original post:
prontexi trojan

Tweet This Post

Purveyors of malware and BlackHat SEO’s have been pulling in a great deal of headlines lately. It seems anytime something makes the news, there is a report of illegitimate web sites targeting keywords associated with the story to draw visitors into their malicious site. Earlier this month, I discussed how search poisoning is used to push malicious sites to the top of the SERPs. I figured a nice follow up to this would be a description of what the attacker does once he or she gets you to their site.

Drive-by downloads
The purpose of the search poisoning is usually to drive unsuspecting visitors to a malicious web site where the visitor’s computer downloads malware to their computer without their consent or knowledge.

A drive-by download , or drive-by installation, works by exploiting security vulnerabilities on the browser used to surf the Internet. A malicious web site is set up containing code that actively seeks out these vulnerabilities. When found, they send the visitor to a third-party server where the malware is silently installed on their computer.

Why the third-party server? Even attackers work hard to achieve these high page rankings, albeit through less than ethical techniques. Sending visitors to a third-party server means their ranked page can survive longer since it is not flagged as housing malware.

Examples
In the month of January, four headlines drew a large amount of interest from attackers. The rumors of actor Johnny Depp’s death, actress Brittany Murphy’s death, the earthquake in Haiti and the release of the Apple iPad all found themselves to be targets of a combined SEO poisoning/drive-by download attack.

In each case, the victim downloaded malware to their computer known as “scareware”. Scareware is used to frighten the victim into believing that their computer is infected with malware. In a panic, the victim purchases the advertised security software to clean their system. Selling bogus security software to their victims has been bringing attackers in around 15 million dollars a month. Not hard to believe when you consider that Consumer Reports estimates that 1 in 90 people fall for these scams.

While scareware is the malware du jour, it is not the only method of attack. Some sites install even less conspicuous malware onto their victims’ computers. Using Trojans, attackers can steal passwords, account information or create large botnets of zombie computers that they use to attack web sites, attack networks and spread spam. A prime example of this was when the Stadium for the Miami Dolphin’s web site was injected with a malicious code attacking those looking for Super Bowl information.

More to come
Just next month, the Winter Olympic games kick off and this summer, the World Cup will be in full swing. Security experts are already predicting these to be included in the next round of malicious keywords.

Protecting yourself from drive-by downloads can be tricky. It would be easy to suggest that people only visit well-known web sites, but that is counter-productive to the web. After all, what makes the web so great is the ability to find new and interesting sites.

Tools can be used to help identify sites that could be potentially dangerous. McAfee has introduced SiteAdvisor and Symantec has Norton Safe Web, but unless someone else has been infected by the site it does little to protect you.

The best solution to any malware is to run a legitimate anti-malware , or anti-virus for those stuck in the 1990’s, software on your computer that is updated frequently. Staying proactive is the only way to keep infectious files at bay.

The rest is here:
Drive-by Downloads on the Rise

Tweet This Post

Facebook announced on their blog that they will be partnering with security giant McAfee to help protect their 350 million users from malware by offering quite a few perks to registered users of the social networking site.

To begin with, each Facebook user will be able to use the McAfee security suite free for six months. After this period is up, they will be offered continued protection at a discounted rate. Additionally, they will be adding a great deal of security related content to their site to help educate their users about security related issues.

To round out their new security policy, users who have had their accounts compromised will be required to go through a remediation process where their computer is scanned for malware. Any infections found through this process will be cleaned before the user is able to access Facebook. This is an attempt to prevent further disasters such as the recent embarrassment from FCC Chairman Julius Genachowski’s  Facebook page being hijacked to send out spam to all his “friends”.

Getting the software

As a Facebook user, you can take advantage of this offer for the free six month subscription by logging into Facebook and visiting their security page. From here, click on the “Protect your PC” tab in the upper right hand corner. From here, you simply become a fan of McAfee and you can download the security suite.

However, before you can download this software you will need to provide a credit card because the subscription will automatically renew at the end of the six month period and charge you at a discounted rate, 30% of the standard McAfee subscription price. You can cancel at any time, but you will no longer be able to update the software with the latest signature files that identify malware.

Of course this is quite  marketing boon for McAfee with Facebook handing them truckloads of potential customers on a silver platter.

Secure computing?

Elliot Schrage, Facebook’s VP of global communications, marketing and public policy made the statement that, “Keeping the Internet secure requires that users, security vendors and Internet companies all work together.” Nothing could be further from the truth.  Although I do think that Facebook has made great strides towards holding the user accountable for making sure that their computer does not infect, or attack, others. So in a way, my hat goes off to them.

Unfortunately, Facebook hasn’t been completely unscrupulous with their user base when it comes to protecting their personal content. It wasn’t too long ago that the terms and conditions were rewritten to state that Facebook could use any content on their network in any way they saw fit. This was quickly amended when their users revolted, however just recently they opened up their users’ lives again by permitting Google to search the status updates of public profiles. Again, they found themselves backtracking.

So while I applaud their efforts to make the Internet a safer place, the requirement to scan a computer as part of the remediation process is a cause for concern. True, I don’t want someone spreading malware and spam over a network of over 300 million people, but I also don’t want to put more power in the hands of a company whose track record for user privacy hasn’t quite been exemplary.

See the original post:
Facebook Teams with McAfee, Offers Users Security

Tweet This Post

I got a new computer last week. I burned out yet another laptop. I seem to ride the curve of Moore’s Law.

In setting up my computer, I took the easy way to speed it up and downloaded the Google Pack for Windows 7. It includes Spyware Doctor with Anti-Virus by PC Tools. Cool. We all need protection from spyware.

I was sitting here working when my computer made the sound of an alarm. Uh oh, what’s wrong?!? Spyware Doctor with Anti-Virus is warning me about some serious threats on my computer. There are 22 infections categorized as Application.TrackingCookies and 1 far worse Spyware.Known_Bad_Sites. Are you ready for a chuckle… the bad site was cc-dt.com. Yep, Google had me download software that blocks the cookies from Google’s own Google Affiliate Network.

Stop the Madness

I know that some of the affiliate networks have tried to get their tracking cookies taken out of spyware. I certainly hope that Google will jump on the bandwagon and get PC Tools to remove the domains not only for its own network but also for other affiliate networks.

View original here:
Google Affiliate Network and its Spyware

Tweet This Post

In a recent post I commented on how I believe that Kapersky Labs is wrong when they claim that the amount of fake anti-virus software will decline in the upcoming year. Malicious hackers show no signs of leaving behind the BlackHat SEO techniques that made them rich over the past few years.

Riding the news story of Brittany Murphy’s untimely death just weeks ago, attackers immediately began crafting rogue websites that contain malicious scripts used to trick the visitor into believing that their computer is infected with dangerous malware. This tactic, known as Scareware, frightens the visitor into purchasing anti-virus software or other malware removal tools from the attacker. Of course, this anti-virus solution is bogus and at times the credit card used to purchase the software is often stolen by the attacker as well.

Search Poisoning
To successfully implement this attack, the malicious hacker needs to first draw visitors to their illegitimate site. Using a BlackHat SEO technique known as Search Poisoning, the attacker’s site is pushed to the top of the search engine page rankings. According to Websense, a search for “Brittany Murphy death” returned several malicious links within the top ten results as a result of this technique.

To achieve such a high page ranking, attackers make use of comment spam from legitimate sites such as blogs, comment spam on forum posts and other tricks like back linking. To further enhance their results, many scrape the latest content from legitimate news sources hiking their ranking and fooling visitors into trusting them as a news provider.

Don’t Become a Victim
In mid-December, the Federal Bureau of Investigations addressed this problem by putting out a press release describing how this attack works and what people should do if they encounter scareware, or malvertising as the FBI calls it.

·    Run legitimate anti-virus software on your computer
·    Keep virus definitions and/or signature files up to date
·    Only install software from trusted sources
·    Do not give your personal or financial information to anyone without knowing exactly who it is
·    Report scareware sites to the Internet Crime Complaint Center (IC3)

How it Hurts
Of course, search poisoning hurts by pushing legitimate sites down further in the page rankings. Organizations who work hard at producing quality content are hardly noticeable when their keywords become the target of this technique. In the long run, search poisoning and other BlackHat SEO techniques are going to continue to damage the trust people have in smaller online publishers. While Mashable, TechCrunch, Huffington Post and the other giants may not see much more than a dent in their level of trust among readers, new blogs and websites may find that in addition to fighting for traffic, they will be fighting for legitimacy among visitors.

With the upcoming Olympic Games and another year of sensationalized news stories around the corner, we can only assume that these attacks will escalate, especially when the FBI claims that over 150 million dollars have been spent on bogus anti-virus software. To that end, we can also expect the search engines to look at ways to prevent attackers from working their way to the top of the rankings. With increased scrutiny from both visitors and search engines, publishers need to make sure that the SEO campaigns they employ are both legitimate and ethical. Skirting the boundaries of BlackHat techniques could wind up backfiring once the algorithms and visitors begin to look twice at sites that spam for traffic.

Read the rest here:
Tweet This Post

In a recent post I commented on how I believe that Kapersky Labs is wrong when they claim that the amount of fake anti-virus software will decline in the upcoming year. Malicious hackers show no signs of leaving behind the BlackHat SEO techniques that made them rich over the past few years.

Riding the news story of Brittany Murphy’s untimely death just weeks ago, attackers immediately began crafting rogue websites that contain malicious scripts used to trick the visitor into believing that their computer is infected with dangerous malware. This tactic, known as Scareware, frightens the visitor into purchasing anti-virus software or other malware removal tools from the attacker. Of course, this anti-virus solution is bogus and at times the credit card used to purchase the software is often stolen by the attacker as well.

Search Poisoning
To successfully implement this attack, the malicious hacker needs to first draw visitors to their illegitimate site. Using a BlackHat SEO technique known as Search Poisoning, the attacker’s site is pushed to the top of the search engine page rankings. According to Websense, a search for “Brittany Murphy death” returned several malicious links within the top ten results as a result of this technique.

To achieve such a high page ranking, attackers make use of comment spam from legitimate sites such as blogs, comment spam on forum posts and other tricks like back linking. To further enhance their results, many scrape the latest content from legitimate news sources hiking their ranking and fooling visitors into trusting them as a news provider.

Don’t Become a Victim
In mid-December, the Federal Bureau of Investigations addressed this problem by putting out a press release describing how this attack works and what people should do if they encounter scareware, or malvertising as the FBI calls it.

·    Run legitimate anti-virus software on your computer
·    Keep virus definitions and/or signature files up to date
·    Only install software from trusted sources
·    Do not give your personal or financial information to anyone without knowing exactly who it is
·    Report scareware sites to the Internet Crime Complaint Center (IC3)

How it Hurts
Of course, search poisoning hurts by pushing legitimate sites down further in the page rankings. Organizations who work hard at producing quality content are hardly noticeable when their keywords become the target of this technique. In the long run, search poisoning and other BlackHat SEO techniques are going to continue to damage the trust people have in smaller online publishers. While Mashable, TechCrunch, Huffington Post and the other giants may not see much more than a dent in their level of trust among readers, new blogs and websites may find that in addition to fighting for traffic, they will be fighting for legitimacy among visitors.

With the upcoming Olympic Games and another year of sensationalized news stories around the corner, we can only assume that these attacks will escalate, especially when the FBI claims that over 150 million dollars have been spent on bogus anti-virus software. To that end, we can also expect the search engines to look at ways to prevent attackers from working their way to the top of the rankings. With increased scrutiny from both visitors and search engines, publishers need to make sure that the SEO campaigns they employ are both legitimate and ethical. Skirting the boundaries of BlackHat techniques could wind up backfiring once the algorithms and visitors begin to look twice at sites that spam for traffic.

Read more:
Tweet This Post

In theory, URL shorteners make perfect sense in the world of the 140 character status update popularized by Twitter and used heavily by other social networks. It is commonly accepted that shorter headlines and copy tend to have greater pull with the average user than their longer counterparts. At the same time, URL shorteners could be the Achilles Heel that brings about Facebook’s downfall.

But first a brief lesson on how URL shorteners work. By truncating an otherwise lengthy 200 character URL into a short, compact 40-50 character string,  these tweets, short messages, and micro blog updates have more room for other useful stuff, like emoticons or tags.

As an example a possible message over Facebook’s private message system might look like:

Is this you? What happened to your clothes? http://tiny.url/example.

This has increased the ease with which users direct each other to their favorite content. Such tools have become commonplace with Twitter adopting the use first of Tiny.url and currently of Bit.ly. Even Google has gotten into the game with its own shortner.

Now here is where the trouble starts. Enterprising (or dastardly, depending on your point of view) URL shortener marketers have resorted to coupling linkbait-style snippets with links to malware sites. Clicking on a link can send the user to a page where malware, a trojan, or a virus is installed on the user’s computer.

The result? You might get an ad for colon cleansing, a business opportunity CPA offer, or an offer for a free Apple iPhone, courtesy of your friend, or even your BFF. Or you might end up infecting your computer with something more malicious like a keylogger. With a chain reaction of malware installs and redirects to CPA offers, it’s not too cynical to imagine a RTM (Robert Tappan Morris) style worm infection spreading hyper virally through the uber-connected social networks.

The best or worst part of the deal? The user unleashing this worm across their social network might have no idea of the havoc they’ve unleashed. That is, until they receive a torrent of angry wall posts and messages from their former friends. This scenario has played out frequently on Twitter recently as user’s profiles are targeted through phishing shortened urls.

Facebook users are particularly vulnerable to this form of attack as many may be fairly young, use Internet Explorer as a default browser, and fail to install security updates and operating system patches regularly. With Facebook currently testing its own url shortner, the potential for problems on the heal of its Scamville issues seems quite real. While the damage caused by malware distributed via Facebook messaging appears to be limited, having the problem escalate may result in the mass exodus of users as seen with MySpace a couple of years ago with its rampant bulletin spam.

More importantly, since one of the primary distribution centers for the recent flood of malware infections appears to originate via Facebook’s personal messaging and real time chat system, couldn’t the social network screen and whitelist or blacklist suspicious URLs, especially if multiple users are distributing the same URL?

The immediate fix for this is for the end user to practice security management policies when they come across a URL shortened link on a social network, even if it comes from a trusted party. Using a URL shortener preview tool like PrevURL at least gives an idea of the destination URL. The rule? If in doubt, don’t click.

The rest is here:
Boom in URL Shorteners Equals Boom in Malware and Spyware

Tweet This Post

According to the researchers at Kapersky Lab, the scope of threats computer users will face in the new year seem to be shifting from web applications to file sharing and peer-to-peer (P2P) networks. Of course, some of the newer trends in computing don’t get off easy in this report. Exploiting smartphones like the iPhone and Android will likely be a continuing trend and attempts to find vulnerabilities in Google Wave are predicted to be the challenge that faces malicious hackers.

Looking over their predictions there are some that I expected to see and others that I was shocked by. While the predictions are taken directly from Kapersky Lab’s press release, the commentary that follows represents my own opinions towards them.

A rise in attacks originating from file sharing networks

Exploiting the network itself is actually a brilliant thought and really shows how clever most attackers are. For years, people have known that files shared on these networks are laden with malware, but now malicious hackers are taking this a step further actually launching attacks by exploiting not the files but the actual network itself. Firing up Kazaa can now bring the FBI to your door and an attacker to your Windows.

An increase in mass malware epidemics via P2P networks

Right from the start I was surprised by this statement. For years, security experts have warned people about the dangers of file sharing on sites like Kazaa and Torrent. My shock comes because most people outside of the IT field that I talk to avoid Kazaa and similar sites like the plague because of all the malware that is transmitted through them. While 2009 saw some nasty malware spread across file sharing networks, this is one area I think the researchers from Kapersky are stretching the obvious with this point. Will there be increased malware? Of course, but every year the number of incidents has increased. But I don’t think that there will be any more malware spread over these networks that we already see.

Continuous competition for traffic from cybercriminals

The way this was described by Kapersky was that cybercriminals will turn towards grey areas of income as a result of their armies of botnets. Profits from spam and Denial of Service attacks are expected to increase. I wouldn’t be surprised if these botnets are used to help unscrupulous publishers drive up traffic stats as well. This whole scam is best compared to the garbage routes that earn “legitimate” income for some people.

A decline in fake anti-virus software

This is all over the place currently and I don’t see it slowing down. Especially when some estimates place the monthly income from these scams at close to $11,000 per day.  The rationale behind the prediction is that not only is the market saturated, but that security professionals and law enforcement are starting to watch for these types of scams.  However, due to the potential for high profits and the average computer users’ inability to reliably detect scams, I suspect that this type of software scam will continue into the near future, regardless of increasing levels of monitoring by security.

An interest in attacking Google Wave

I couldn’t agree more with this statement, especially with the strategy Kapersky foresees attackers using: “first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.” Somehow, spammers have already wormed their way into the beta testing and some of their handiwork can be found in some of the public waves out there.

An increase in attacks on iPhone and Android mobile platforms

I see this as a goldmine for attackers in the near future. Already jailbroken iPhones are susceptible to data theft as a result of an SSH vulnerability and Nicholas Seriot, a Swiss software engineer, showed the world how easy it was to build an app that could exploit the device. The Android won’t fare much better as even Rich Cannings, an Android Security Leader, has spoken about how millions of users can be easily hit by a malware attack.

Looking over this list, I think that if I had to choose one of the six  to put money on it would be the last one. As the smartphone market expands, the potential for vulnerable devices proportionately increases as does the potential increase in profits for the hacker.

Continued here:
Tweet This Post

Recently, the web was abuzz with reports of iPhone vulnerabilities that surfaced after it was found that jailbroken iPhones changed the root, or administrator, password to the phone’s Secure Shell, or SSH. As a result, someone could connect to the jailbroken phone using a remote access tool and basically have the ability to see and steal anything stored on the device. Of course, this exploit only affected those who applied the jailbreak to their phone. Those still running the official Apple code were thought to be safe.

However, a presentation (pdf) by Swiss iPhone developer Nicolas Seriot shows that even iPhones that have not been jailbroken are still at risk of malware infections from apps purchased directly from the iPhone app store. To show this, Seriot created a proof-of-concept app called SpyPhone to show how attackers could invade users’ privacy. This app compromises a user’s private data using only officially sanctioned Apple APIs. It makes use of no hacking techniques and no links to a user’s Facebook or Twitter account. In his presentation, Seriot went on to explain exactly what a rogue developer could do with a malicious app:

• Gain access to the address book with the ability to steal entries and even modify entries without the user’s knowledge
• View the browser history and YouTube searches much like traditional spyware does
• Steal account information and user passwords from keyboard cache records
• View the stored screenshots used to produce the iPhone’s famous 3D transition effect
• Guess your location by tapping into the GPS and geotagged photos on your phone

While Apple thoroughly checks each app before it is approved for the store, Seriot went on to further explain that by using simple encoding techniques and encryption, it would be quite easy for a malicious developer to disguise the payload from the reviewers.
What can be done?

Since the iPhone and the app store are such huge money makers for Apple, you can guess that this summer’s release of the iPhone’s OS 4 security concerns will top the list. Additionally, you can probably expect more to be done by developers to encrypt stored data used in their apps, and to overwrite any data that is no longer in use to prevent it from being accessed. While the community would hope that these changes would come out of a sense of responsibility, Apple will most likely be looking at ramping up security efforts from the third-party developers as a result of being in the news twice for security concerns. In the mean time, as an iPhone user, you can do the following to protect yourself:

• Research the developer of any apps you purchase. Visit their web site and poke around a bit. Make sure that they are legitimate.
• Keep an eye on your phone. If you notice anything out of the ordinary, take it in and have it looked at.
• Clear the browser cache frequently. You can also clear your keyboard cache using the Reset keyboard dictionary utility. If this is done often enough, it may help overwrite any stored screenshots as well.

Download the source code for the SpyPhone project at social coding collaborative development site github.

Read the original:
Jailbreak Shows iPhone Apps Vulnerability

Tweet This Post

According to a recent report from the US Computer Emergency Readiness Team (CERT), spammers have exploited the recent H1N1 epidemic with a series of spam emails tricking unsuspecting users to visit a bogus site that mimics the Center for Disease Control’s (CDC) homepage. Clicking the link downloads a Trojan horse by the name of Zbot, or Zeus. This bot Trojan then hijacks the infected Windows computer and uses it to attack others by sending out more spam.

Even those who don’t click on the link are subject to infection. According to AppRiver security researcher Troy Gill, the site also includes an IFRAME element that exploits known vulnerabilities in Adobe Software. This hidden element contains the attack code that can exploit Adobe Reader and Flash Player vulnerabilities to infect the target computer.

The reach of the outbreak

When computers began flooding email inboxes with the spam on December 2nd, the messages were being sent at an average of 18,000 per minute. This comes to a little over 1 million messages being sent over a one hour period. Since then it has slowed to about 9,500 messages sent per minute, but it remains the predominant campaign being run right now.

Protecting yourself

It was only a matter of time before someone capitalized on the recent scare surrounding H1N1 and the lack of vaccinations available. To protect your computer, avoid any email with the subject line that reads, “State Vaccination H1N1 Program,” “Government registration program on the H1N1 vaccination,” or “Create your Personal Vaccination Profile.” Over time, the chances that these subject headings will change are certain, just remember that the CDC does not require registration for the H1N1 vaccine, nor will registration with the CDC help you receive the vaccine any quicker.  Note: for more information on the H1N1 flu virus and the vaccinations provided by the CDC, go here.

Zbot profile

Also called Zeus by some security vendors, the Zbot Trojan compromises computers running the Windows operating system and joins them to the Zbot botnet. At over 3.5 million computers, it is currently the number one botnet for malicious activity. Crafted from a toolkit designed to create malware, Zbot is the same malware that was used by a British couple accused of stealing banking information and passwords.

If you suspect your computer has been infected, Zbot can be removed by most anti-malware programs with updated definitions and/or signature files. For more information about malware removal, go here.

Source:
H1N1 Infects with More Than a Virus

Tweet This Post

I recently wrote about the fact that reviewing is becoming the new advertising. I made the point that reviewing is part of a trend towards transparency: these days consumers want to know all about companies and their products and consumers are anything but shy when it comes to providing their input and feedback.

Well, the ultimate prize for feedback was awarded on September 21, when Netflix gave a group of seven people $1 million for a crowdsourced solution that beat the performance of Cinematch, the company’s own customer recommendation engine. Three years ago, Netflix launched the contest, offering the generous prize to the winner who could beat Cinematch by at least 10 percent. In late June, according to The New York Times,
a multinational team of seven data wonks calling themselves “BellKor’s Pragmatic Chaos” surpassed the 10 percent goal.

Why should we care? Because Netflix, instead of wearing “Not Invented Here” blinders, solicited its users and offered to pay handsomely for a better mousetrap. In essence, Netflix bought a major product development project from an outside group of users. They gained valuable insight from their base, and Netflix will now reap the rewards and directly impact the customer experience.

As The Times story points out:

“The Netflix contest has been widely followed because its lessons could extend well beyond improving movie picks. The researchers from around the world were grappling with a huge data set – 100 million movie ratings – and the challenges of large-scale predictive modeling, which can be applied across the fields of science, commerce and politics.

The way the teams came together, especially late in the contest, and the improved results that were achieved suggest that this kind of Internet-enabled approach, known as crowdsourcing, can be applied to complex scientific and business challenges.”

Until now, crowdsourcing has been limited to relatively minor commercial ventures, such as designers submitting logos or t-shirt designs. But the Netflix experience moves crowdsourcing up into the stratosphere. Netflix is so happy with the results of their first crowdsourced solution that the company is launching another contest.

Today, reviewing may be the new advertising, but tomorrow, crowdsourcing could be the new product development. Reviewing, crowdsourcing, whatever it is… In the end, it represents the ultimate in consumer empowerment.

View original post here:
From Reviewing to Crowdsourcing

Tweet This Post

Lots and lots of posts around about the FTC shutting down known spam, botnet, child pornography, fill in bad stuff, hosting provider Triple Fiber Network (3FN.net), aka Pricewert LLC, APS Telecom and APX Telecom, yesterday affecting 15,000 websites. The FTC said they were actually advertising their services in the dark under belly of the internet, hosting vast quantities of illegal, malicious, and harmful content, including child pornography, botnet command and control servers, spyware, viruses, trojans, phishing related sites, illegal online pharmacies, investment and other Web-based scams, and pornography featuring violence, bestiality, and incest.

While this is great, the more trouble we can cause these guys the better, what does it really mean to these guys? Servers are already popping back online, many sites are already backup at other providers and 3fn themselves say they will be back online in hours or days, so it won’t be long until things are running smoothly for them again, and as has been mentioned, there’s been no noticable dropoff in spam, so while they’ve taken off the head, the body still functions, as far as the spam and botnets go. What is needed is criminal prosecutuion as is mentioned at Security Fix.

“It could be that other law enforcement organizations are using the FTC as a front in order to obtain evidence for later criminal prosecutions,” Rasch said. “What’s interesting about that approach is that in order for these guys to get out from under this court order, they’re going to have to show that they’ve taken steps to clean up their act. But if there is a criminal investigation ongoing against 3FN, then anything their operators say in trying to convince a court to lift the order can and will be used against them later.” Source: FTC Sues, Shuts Down N. Calif. Web Hosting Firm

But how hard would that be? You’re talking tracking em down, extradition, lots and lots of work. What needs to happen is for the FTC to start fining merchants who profit from spam and spyware, they should no longer accept ignorance as an excuse and fine them. After so long, a month or two, fine them again at quadruple the rate, or whatever, and so on until it’s no longer profitable for any of them.

Another possibility would be to fine the networks for allowing the spammers in and promoting them to the merchants. Or that could be a lawsuit from the merchants after they have been fined heavily. I don’t care, it doesn’t matter how it’s done as long as the money dries up.

Excerpted from:
Spammers, Botnets, Child Pornography, Oh My

Tweet This Post

Last summer, CJ settled a Malware class action lawsuit for $1M.  According to the terms of the settlement (see www.cjsettlement.com) after the lawyers take their share (typically 30% I think), the remainder of the class action fund was to be split 70% to CJ publishers and 30% to advertisers, prorated based on the commissions generated between April 20, 2003 and July 22, 2008.

If you are a publisher who generated commissions during that time, you should log into your CJ account, click on the repots tab, and look in your Current Balance for Februrary, 2009.  There you will see a credit amount listed under fees.  That is your share of the pie. 

Don’t spend it all in one place

Original post:
CJ Class Action Settlement Payements Made on Feb 9th, 2009

Tweet This Post