Make Money Online

Purveyors of malware and BlackHat SEO’s have been pulling in a great deal of headlines lately. It seems anytime something makes the news, there is a report of illegitimate web sites targeting keywords associated with the story to draw visitors into their malicious site. Earlier this month, I discussed how search poisoning is used to push malicious sites to the top of the SERPs. I figured a nice follow up to this would be a description of what the attacker does once he or she gets you to their site.

Drive-by downloads
The purpose of the search poisoning is usually to drive unsuspecting visitors to a malicious web site where the visitor’s computer downloads malware to their computer without their consent or knowledge.

A drive-by download , or drive-by installation, works by exploiting security vulnerabilities on the browser used to surf the Internet. A malicious web site is set up containing code that actively seeks out these vulnerabilities. When found, they send the visitor to a third-party server where the malware is silently installed on their computer.

Why the third-party server? Even attackers work hard to achieve these high page rankings, albeit through less than ethical techniques. Sending visitors to a third-party server means their ranked page can survive longer since it is not flagged as housing malware.

Examples
In the month of January, four headlines drew a large amount of interest from attackers. The rumors of actor Johnny Depp’s death, actress Brittany Murphy’s death, the earthquake in Haiti and the release of the Apple iPad all found themselves to be targets of a combined SEO poisoning/drive-by download attack.

In each case, the victim downloaded malware to their computer known as “scareware”. Scareware is used to frighten the victim into believing that their computer is infected with malware. In a panic, the victim purchases the advertised security software to clean their system. Selling bogus security software to their victims has been bringing attackers in around 15 million dollars a month. Not hard to believe when you consider that Consumer Reports estimates that 1 in 90 people fall for these scams.

While scareware is the malware du jour, it is not the only method of attack. Some sites install even less conspicuous malware onto their victims’ computers. Using Trojans, attackers can steal passwords, account information or create large botnets of zombie computers that they use to attack web sites, attack networks and spread spam. A prime example of this was when the Stadium for the Miami Dolphin’s web site was injected with a malicious code attacking those looking for Super Bowl information.

More to come
Just next month, the Winter Olympic games kick off and this summer, the World Cup will be in full swing. Security experts are already predicting these to be included in the next round of malicious keywords.

Protecting yourself from drive-by downloads can be tricky. It would be easy to suggest that people only visit well-known web sites, but that is counter-productive to the web. After all, what makes the web so great is the ability to find new and interesting sites.

Tools can be used to help identify sites that could be potentially dangerous. McAfee has introduced SiteAdvisor and Symantec has Norton Safe Web, but unless someone else has been infected by the site it does little to protect you.

The best solution to any malware is to run a legitimate anti-malware , or anti-virus for those stuck in the 1990’s, software on your computer that is updated frequently. Staying proactive is the only way to keep infectious files at bay.

The rest is here:
Drive-by Downloads on the Rise

Tweet This Post

Facebook announced on their blog that they will be partnering with security giant McAfee to help protect their 350 million users from malware by offering quite a few perks to registered users of the social networking site.

To begin with, each Facebook user will be able to use the McAfee security suite free for six months. After this period is up, they will be offered continued protection at a discounted rate. Additionally, they will be adding a great deal of security related content to their site to help educate their users about security related issues.

To round out their new security policy, users who have had their accounts compromised will be required to go through a remediation process where their computer is scanned for malware. Any infections found through this process will be cleaned before the user is able to access Facebook. This is an attempt to prevent further disasters such as the recent embarrassment from FCC Chairman Julius Genachowski’s  Facebook page being hijacked to send out spam to all his “friends”.

Getting the software

As a Facebook user, you can take advantage of this offer for the free six month subscription by logging into Facebook and visiting their security page. From here, click on the “Protect your PC” tab in the upper right hand corner. From here, you simply become a fan of McAfee and you can download the security suite.

However, before you can download this software you will need to provide a credit card because the subscription will automatically renew at the end of the six month period and charge you at a discounted rate, 30% of the standard McAfee subscription price. You can cancel at any time, but you will no longer be able to update the software with the latest signature files that identify malware.

Of course this is quite  marketing boon for McAfee with Facebook handing them truckloads of potential customers on a silver platter.

Secure computing?

Elliot Schrage, Facebook’s VP of global communications, marketing and public policy made the statement that, “Keeping the Internet secure requires that users, security vendors and Internet companies all work together.” Nothing could be further from the truth.  Although I do think that Facebook has made great strides towards holding the user accountable for making sure that their computer does not infect, or attack, others. So in a way, my hat goes off to them.

Unfortunately, Facebook hasn’t been completely unscrupulous with their user base when it comes to protecting their personal content. It wasn’t too long ago that the terms and conditions were rewritten to state that Facebook could use any content on their network in any way they saw fit. This was quickly amended when their users revolted, however just recently they opened up their users’ lives again by permitting Google to search the status updates of public profiles. Again, they found themselves backtracking.

So while I applaud their efforts to make the Internet a safer place, the requirement to scan a computer as part of the remediation process is a cause for concern. True, I don’t want someone spreading malware and spam over a network of over 300 million people, but I also don’t want to put more power in the hands of a company whose track record for user privacy hasn’t quite been exemplary.

See the original post:
Facebook Teams with McAfee, Offers Users Security

Tweet This Post

According to McAfee, Inc., celebrity searches can be hazardous to your computer, containing viruses, spyware, adware, spam and phishing. Actress Jessica Biel has been the top search that has a one in five chance of getting one of these threats to your computer.

“Cybercriminals are star watchers too – they latch onto popular celebrities to encourage the download of malicious software in disguise,” McAfee’s Jeff Green said in a statement.

“Consumers’ obsession with celebrity news and culture is harmless in theory, but one bad download can cause a lot of damage to a computer.”

Other celebrities that may cause a threat to your computer were Beyonce, Jennifer Aniston, Kim Kardashian and Miley Cyrus.

Who would have thought that cybercriminals use celebrities to spread viruses? Just a heads up to everyone to be careful when you search for the latest celebrity news. I stick to People.com.

Here is the original:
Celebrity Searches Can Be Hazardous… To Your Computer

Tweet This Post

As you may have read, I’ve had an interesting week. I got a reminder of the way big companies operate. It’s not a pretty sight. I have also gotten an education in how McAfee’s SiteAdvisor works thanks to Yahoo’s new SearchScan.

To cut to the chase, SiteAdvisor has some serious flaws. I am saying this not to beat up McAfee for listings a false positive spammer rating (red alert) for three of our websites but to try to help McAfee fix the problem. I am publishing these (a) so McAfee can read them and take action, (b) so people who are wrongly targeted by McAfee as spammers can get a better understanding of what is happening (and get a nice dose of empathy by knowing they are not alone) and (c) to force McAfee to fix at least one that can be taken advantage of by people with no morals as they will see how to use it to harm their competitors.

Five Flaws

1) False Positive from a spammers hack

I don’t know what else to call this one. This is what happened to AnyCoupons. There was a false positive because McAfee thought that we sent e-mail to the account it used to sign up. McAfee doesn’t use an obvious e-mail address. I can’t find any in our database that use mcafee, siteadvisor or any variation of spam that I can attribute to McAfee.

The Sample Inbox below shows some of the e-mail that McAfee claimed we sent. Note that SiteAdvisor appears in 4 of the 5 listed e-mails. The problem is that we didn’t know that SiteAdvisor had registered. We took only an e-mail address, not a name. As I pointed out above, we have no record of SiteAdvisor in an e-mail address in our database. How could we have put the name with a random e-mail address? Well, we didn’t.

This seems to happen a lot and McAfee doesn’t appear to have a good system in place to correct it or to sniff out when this mistake happens. I would assume that McAfee has seen many situations like this and that the bright engineers at McAfee could write algorithms to tell when a false positive occurred based on the false positives it has retested.

As Richi Jennings pointed out on my original post, Rule #1 is that Spammers lie. That makes it tough for anyone to get rid of a false positive as they are guilty until proven innocent (which is rather un-American in my opinion). McAfee needs to have a better system for site owners to appeal its decisions. I have read far too many complaints on the Web (one from Angie Vandenbergh in the comments on the other post) about people who cannot get a retest. We lucked out as I write at a blog that is well-read. Most people don’t.

2) McAfee gets what McAfee asks for

I found that Excite.com was red flagged as a spammer in Yahoo search results. The executive at IAC whom I contacted is out of the country this week. We’ve had trouble connecting. So I contacted someone I know at another IAC company to see first about working together and once my problem was solved, helping them out. The response from someone at Excite was bizarre-big-company-speak. Basically, they said I should fend for myself. Good move. No retest for Excite.

The issue that Excite faces is that the registration form at Excite.com includes the following:

Excite may make the information that I supplied available to selected Third party companies so that they may contact me regarding services that may be of interest to me.

From what I understand, McAfee uses a bot to subscribe. The bot did not change the selection for receiving third party e-mail from Yes to No, so it requested to receive such communication.

Guess what… McAfee received that communication (all from the domain excite-partners.com), decided that it was unwanted (even if it requested) and deemed it to be SPAM. Bad McAfee!

McAfee needs to either redefine third party e-mail when requested or teach its bot to opt out. If McAfee is opposed to opt out options, it should make that public and it should notify websites that get a red flag for this so they can decide either to continue the practice and have a red flag or cease the practice.

3) Sub-domains

A non-techie friend read my last post. Because of it, he knew exactly what the red warning in Yahoo was about. he was surprised when he found it for a church! I wonder what the priest at Saint Peter the Apostle Catholic Church thinks of being labeled a spammer by Yahoo.

I don’t think that the church spams. The church in question has its website at naples.net. Some spammer probably used an account at naples.net (or there was another false positive). As a result, anyone with a site at naples.net is being dubbed a spammer by Yahoo! McAfee must correct this and take into account sub-domains. Imagine if Blogspot or Vox got pegged with this.

4) Use of HTML forms in ads on your site

OK, I don’t get all of the details on this one. It is Greg Yardley’s theory and you can find it on his post about McAfee’s SiteAdvisor. We don’t use ads like that so I can’t see how this happened to us.

5) Spammers link to good sites

Today I decided to check our other sites in SiteAdvisor. I was shocked to see that two of them were flagged as spammers. The reason? They had inbound links from, you guessed it, anycoupons.com, a site formerly known to McAfee to be an alleged spammer. AnyCoupons had a yellow flag at this point but these other sites were not updated. I don’t know if they ever would be. Another place that McAfee needs to improve is updating related sites.

This was cleared up today, thanks to Shane who commented on my last post. Again, there would have been no way for the average site owner to achieve this. Thank you, Revenews.

Why is this a problem? If you don’t like someone, build a new site on a shared server with a hidden domain registration. Put a form on the site. Request McAfee to review the site. Spam the hell out of any e-mail addresses you get. Just use some of the spam you get in your own inbox for templates. BAM! You now have a red flagged site. Now start adding a lot of outbound links to your competitors and watch their ratings turn red.

You can also use this if you want to see the type of e-mail addresses that McAfee uses to register. There were some questions about that in my last post.

Best Practices

I searched the SiteAdvisor website and was unable to find any best practices (e.g. never use opt out options for receiving third party e-mail) for websites. If McAfee is going to judge websites for commonly-used practices, it is in effect dictating best practices and should inform its victims of what it is doing, thus giving them the choice to comply or fight.

What to do if you get flagged by SiteAdvisor

Step 1 is to go to the SiteAdvisor site and request a retest. That won’t work but you have to do it.

Step 2 is to write an article on a well-read blog.

Step 3… I have no idea. If you have a suggestion for a more realistic Step 2, please post it below.

Read the original post:
McAfee SiteAdvisor

Tweet This Post

I received an interesting call on Friday from our rep at Outrider. It seems that Yahoo thinks that AnyCoupons sends SPAM. To be perfectly clear: I hate SPAM. I hate it to the point that my company does too little e-mail marketing. We do not and will not ever SPAM.

So, you ask, why does Yahoo think that AnyCoupons sends SPAM and how did our rep Outrider know this?

Yahoo now publishes a bright red warning about AnyCoupons its search engine results pages (SERPs). For any keywords where AnyCoupons remains in Yahoo, you will see the following warnings (this one for the keyword online coupons):

Yahoo’s New SearchScan

It looks like Yahoo may be looking for ways to lose to Google after thwarting Microsoft’s acquisition attempt. Yes, SearchScan is in beta but generally when a service is in beta, a company is responsive to issues, especially where a company is wronging an innocent party. The reason to put beta on a new service is to let users know that there are bugs. The responsibility that goes with that is to do something when users notify you of bugs.

SearchScan is supposed to warn users when Yahoo has bad search results. Yahoo is unable to root out sites that send SPAM or that have malicious downloads. Today Techcrunch reported that Yahoo had listed Google as distributing malware. It was an error in a listing and Yahoo corrected that error with little more than a blog post on Techcrunch… within hours. As you will read, we have had no such luck. If anyone at Excite has seen it, they haven’t had any luck either.

Why does Yahoo think AnyCoupons sends SPAM?

As I started to investigate why AnyCoupons was targeted by Yahoo as a spammer, I found that Yahoo bases its rating on information provided by McAfee. The McAfee report on AnyCoupons was interesting. When I first saw the Sample Inbox (see image below), I thought it was a sample of what the inbox might have looked like. As I viewed reports for other websites, I realized it was a partial list of e-mails that were received when McAfee tested AnyCoupons. I am guessing that McAfee registers with a random-looking e-mail address and then watches the inbox. The e-mail address assigned to AnyCoupons received 22 in a week last October. The only problem is that we didn’t send them and we didn’t sell the address. We don’t send SPAM and we never sell our members’ information.

Correcting Their Mistakes

Now you’re thinking that it’s a mistake and it should be easy to get it fixed. Welcome to my hell.

I submitted the form at McAfee to fix it. I didn’t expect to hear anything back and I have not.

I submitted the Ratings Dispute for at Yahoo. There is a form specifically for this issue so I knew that Yahoo would look at it, see its mistake and fix it. Why else would Yahoo have a form for this if it weren’t going to do anything about it. Here’s the response I received:

From: Yahoo! Search Webmaster [mailto:search-webmaster@cc.yahoo-inc.com]

Sent: Saturday, May 10, 2008 11:27 AM

To: David Lewis

Subject: Re: Rating Dispute (KMM124900088V43986L0KM)

Hello David,

Thank you for writing to Yahoo! Search Webmaster.

We receive data from our partner, McAfee, about security risks on certain web sites. We display that data on our search results page, depending on the preferences you have set on your Yahoo! Search preferences page:

http://search.yahoo.com/preferences/preferences

In order to dispute or change a rating for your site, please contact McAfee by emailing them directly at:

support@siteadvisor.com

or visiting:

http://www.siteadvisor.com/feedback.html

Regrettably, Yahoo! cannot change a McAfee decision on a site’s rating, as their decision is final.

Thank you again for contacting Yahoo! Search Webmaster.

Regards,

Gabriel

Yahoo! Search Webmaster Customer Care

A templated answer. Obviously Gabriel didn’t understand the situation so I thought I would point out that Yahoo is, in fact, responsible for what it publishes on its website. This isn’t part of a search listing being reproduced from a website. This is editorially added by Yahoo and is libeling my website. So I wrote back:

That is an interesting reply. Unfortunately, it is not acceptable and it is not correct.

Yahoo MUST take responsibility for what it places on its SERPs. It is Yahoo and not McAfee that is disparaging AnyCoupons. It is Yahoo who has created a policy to give inaccurate information on its SERPs. It is Yahoo that has chosen to remove AnyCoupons from Paid Inclusion. Yahoo has chosen to rely on McAfee’s inaccurate information and must take responsibility for what it does with that inaccurate information.

Why is there a link on the page for a Rating Dispute if Yahoo is unwilling to take action? It looks as if Yahoo does know that it is responsible but someone at Yahoo made a decision that Customer Service should send the misguided template below as an answer to disputes from legitimate websites.

I expect this warning to be removed from all listings for AnyCoupons on Yahoo and for our Yahoo Paid Inclusion campaign to be reinstated by Monday, May 12, 2008. Removal of our listings from Yahoo’s search engine is NOT an acceptable solution. If any action was taken by Yahoo regarding our Paid Search campaign or our Yahoo Directory listing, I expect those to be corrected as well by Monday.

Thank you for your immediate action on this matter.

-David

Good now Gabriel would escalate it as he will see that a template doesn’t fit the situation. Yahoo made a mistake in its new beta service. He will submit it to McAfee through the system that I am sure the two companies set up. (I used to negotiate deals like this with multi-billion dollar companies so I know that you set up direct lines of communication and escalation procedures. There are always bugs and mistakes when a new system comes online. You want to make sure that you catch them early and that your team is well-trained to keep problems in check.)

Gabriel’s reply:

Hello David,

Thank you for writing to Yahoo! Search Webmaster.

As previously stated, Yahoo! cannot change a McAfee decision on a site’s rating, as their decision is final. Please contact McAfee to resolve any issues regarding your sites rating.

Thank you again for contacting Yahoo! Search Webmaster.

Regards,

Gabriel

Yahoo! Search Webmaster Customer Care

WOW! Yahoo not only won’t take responsibility but it won’t do anything to try to correct it. Apparently Yahoo is content with having inaccurate information that damages another company on its website and won’t do anything to correct it… unless it’s Google.

It gets worse: Paid Inclusion

We used to get listed on Yahoo through its Paid Inclusion program (formerly Inktomi). I say used to because Yahoo terminated us from the program due to our alleged spamming. Again, we do not SPAM! I spoke to our rep at Outrider. (Yahoo transitioned our direct relationship for Paid Inclusion to a company that was bought by a company that recently was bought by Outrider.)

I know that Outrider, a massive ad agency specializing in search, will have a communication channel set up with Yahoo to handle issues with Paid Inclusion. You guessed it. My Outrider rep said that there is nothing he can do. He sent an e-mail to Yahoo and heard that it was up to McAfee. I cc’ed him on my e-mail exchange with Gabriel over the weekend but have heard nothing back.

There’s more: Paid Search

Now you’re remembering that I worked at GoTo.com / Overture in the early days. Surely my old company would know that I’m not a spammer and would call before taking any drastic actions.

On Friday we received a slew of e-mails notifying us that our campaigns were taken offline. Almost all of them. I don’t know why some were left.

So we contacted our latest rep who, like every other search engine rep, has told us repeatedly how helpful he wants to be. He was out of the office on Friday. Today his response came:

Hi David:

Hope all is well with you. Stephen contacted me regarding the declined ads you have in your account. After looking further into it, it turns out that your ads were identified by McAfee as leading to a site that appears to violate our guidelines. As a result, these ads may no longer appear in our search results. We welcome the opportunity to accept ads from you that comply with our guidelines. Examples of web site content that does not meet our guidelines include:

• Automatic downloads (threat of viruses, worms and Trojans to visitors of the website.)
• Security breaches (threat of downloads that may include spyware, malware, etc.)
• Sites that send spam emails to visitors of the site without their consent

For more information, please visit http://www.siteadvisor.com/

Also, please do not hesitate to contact me if you have further questions. Thank you!

Again, Yahoo claims to be helpless at correcting its on-going and growing mistakes. It is heartwarming to know that Yahoo welcomes the opportunity to accept ads from you that comply with our guidelines. All of our ads do comply except when Yahoo runs them through an erroneous filter.

What does this mean for traffic?

They say that a picture is worth 1,000 words… it’s obviously not worth a lot of clicks…

Hey Yahoo… Get a clue!

So there you have it. My life as a spammer according to Yahoo. We have a hideous warning on algorithmic/natural results. We’ve been terminated from Paid Inclusion and mostly from Paid Search… and Yahoo says it’s not responsible. Of course by some miracle, the warning that Google is a provider of malware vanished today. Lest someone point it out in comment, we are not Google.

It wouldn’t have been an issue had Yahoo taken responsibility for its own site. It wouldn’t have been an issue had Yahoo or Outrider recognized that my company has had relationships with each them for several years and that I used to work at what is now Yahoo’s paid search division. I’m not looking for favors. I just think that there are ways to operate companies and ways to treat your partners. This isn’t it.

I have one last relationship with Yahoo. Do you think I should expect to have my Yahoo Instant Messenger account terminated?

View post:
Tweet This Post