Posted by Maxim Weinstein
Thu, 31 Jan 2008 15:00:00 GMT
StopBadware has released an alert identifying RealPlayer as badware. See our press release here and the complete alert here.
Interestingly, RealPlayer 10.5 and RealPlayer 11, both of which are distributed widely, both violate our badware guidelines, but in different ways.
RealPlayer 10.5 is badware because it doesn’t tell the user that its “Message Center” feature will pop up ads from the system tray if the user doesn’t register the application.
RealPlayer 11 is badware because it installs the Rhapsody Player Engine without notifying the user. When the user uninstalls RealPlayer, Rhapsody Player Engine is left behind, unless the user also knows to uninstall it separately.
RealNetworks, Inc., the publisher of RealPlayer, has been upfront about these behaviors in our conversations with them. They point out that version 11 does not install the ad-serving Message Center by default, and they acknowledge that it was a mistake on their part to not offer to uninstall Rhapsody Player Engine when uninstalling RealPlayer 11. We expect that the next version of RealPlayer will correct the issue and provide better disclosure, and we encourage RealNetworks to work with their downstream partners to ensure that older versions are replaced by the new version.
Posted in homepage, all | Tags badware, realplayer, stopbadware
Posted by Erica George
Wed, 05 Dec 2007 20:32:00 GMT
The Bits blog at the New York Times yesterday highlighted a disturbing twist to a common spammer practice. Search engine spam, or spamdexing, involves spammers gaming search engine results by creating pages that pretend to have useful content, often based on current news items. Instead of new content these pages have links and text scraped from other sites, and are loaded with ads or badware.
The shameless twist observed by the Times is the exploitation of recent obituaries as news items, leading grieving friends and relatives to spam and badware sites instead of information about their departed loved ones. In the case profiled by the Globe, a website offered what it claimed was a video of the memorial service for a recently deceased woman. When a visitor clicked the link, he was prompted to download a video codec that included badware.
For friends and relatives who are dismayed to see their loved ones’ memories tarnished by search results full of spam and badware, there are some ways to fight back. Most major search engines offer a place to report search spam – here are reporting links for Google, Yahoo!, and MSN. Google also offers a way to report pages with badware that are found in its index, here.
Posted in all | Tags action, badware, search, spam
Posted by Erica George
Thu, 29 Nov 2007 21:33:00 GMT
In the last few days, there has apparently been a surge of badware-distributing web sites that trick search engines into thinking they’re legitimate. Researchers at Sunbelt Software first reported the gaming of Google results a few days ago, with articles following from the BBC, ComputerWorld, and others. Google* has reportedly removed the offending sites from its results, saying violations of its quality guidelines can lead to removal from its index. The gaming attacks have also affected other major search engines, though reports indicate the exploits on the malicious websites were coded to target only Google searchers.
The attacks were carried out on massive numbers of newly registered domains, apparently primarily hosted in the US but registered in China. Be suspicious of highly ranked search results that appear to be from a US-based site, but that link to a .cn (Chinese) or other national domain in the website’s address, and of websites whose addresses are entirely strings of random characters without any words or names. As always, an important part of protecting yourself online is keeping your software – including browsers, anti-virus and anti-spyware applications – up to date. If you suspect your computer may have been infected, check out our tips for badware removal.
* Note: Google is a StopBadware sponsor and partner.
Posted in all | Tags badware, Google, hacking, search
Posted by Erica George
Fri, 09 Nov 2007 15:54:00 GMT
The internet security community is buzzing with the news that the Russian Business Network (RBN), a notorious group of professional badware distributors and online criminals, has pulled down its websites and abandoned its IP addresses, effectively vanishing from the internet. The RBN has been behind numerous large-scale attacks, and has been traced as an attacking source of several sites that have ended up in the Badware Website Clearinghouse.
Unfortunately, it seems clear that the RBN’s disappearance is simply a technique for moving deeper underground, a move likely precipitated by recent increased attention and publicity around the RBN. The anti-malware company Trend Micro is already reporting observing RBN-like activity in China and other parts of Asia.
It’s unlikely that the RBN will consolidate operations in any new home in the same way it operated for so long in Russia, instead diversifying the locations of both its online and on-the-ground operations, making it harder to track. For security researchers and makers of protective software, the disappearance of the RBN is less a victory than a new challenge.
Posted in all | Tags badware, crime, hacking, RBN, RussianBusinessNetwork
Posted by Erica George
Mon, 05 Nov 2007 18:44:00 GMT
At StopBadware, we often talk with regular internet users, from the novice to the sophisticated, about internet security and precautions users can take. One comment we hear again and again is the belief that some operating systems – such as Mac OS X – are immune to badware.
The truth is, badware production is driven by the potential for monetary gain, and while the market share of the Mac operating system is not high, it’s starting to be recognized as a potentially valuable target.
The security world has long known that it was possible to create a virus that would affect Mac OS X – several researchers have demonstrated various “proof of concept” viruses that, because they were created by the good guys, were never released into the wild.
Last week saw the first public debut of a trojan apparently created for Mac OS X by organized criminal producers of badware. The trojan relies on social engineering pulls – the lure of pornography, and the confidence of Mac users – to convince users to download and install it, posing as a “codec” required to view video files.
For more on this issue, see StopBadware co-director Jonathan Zittrain’s blog post or check out the coverage at the SunBelt Software blog.
Posted in all | Tags apple, badware, codecs, mac, osx, trojans
Posted by Erica George
Tue, 02 Oct 2007 13:56:00 GMT
StopBadware is proud to release our 2007 update on the state of badware on the web – “Trends in Badware 2007: What internet users need to know.” The short report is a plain-English explanation of badware threats to user privacy and security, based on our research over the past year. It explains online security issues such as compromised websites, social networking scams, and other badware trends that pose significant risk to the average internet user.
For many visitors to StopBadware.org, threats such as legitimate websites that have been hacked to distribute badware may not be news. We’re hoping our security-conscious visitors will help us spread the word to those who aren’t yet aware of the dangers. “Trends in Badware” is written with nontechnical internet users in mind – folks who love using the internet, but who may not yet have learned about newer badware threats.
As StopBadware’s co-director John Palfrey says in our press release, “Now, users can get infected by simply browsing a reputable website or clicking on links posted to their favorite blogs or social networks. We want to make sure that consumers have up-to-date information on emerging trends so they know what to look for when online.”
StopBadware’s mission is to help educate consumers and average internet users about badware, and to help the community fight back. We hope that “Trends in Badware 2007” can help clear the fog around online dangers and empower ordinary internet users to take charge of their computers’ security.
You can download “Trends in Badware 2007” here.
Posted in homepage, all | Tags badware, consumer, education, stopbadware
Posted by Erica George
Fri, 06 Jul 2007 21:06:00 GMT
The Washington Post today has a fascinating look at how three UK-based terrorists used badware and phishing scams to finance their criminal operations. The scale of the scams is mind-boggling, though unfortunately not as unusual as you might think.
The article notes that, “All told, investigators said al-Daour and his compatriots made more than $3.5 million in fraudulent charges using credit card accounts they stole via online phishing scams and the distribution of Trojan horses—computer programs embedded in innocent-looking e-mail messages or Web sites that give criminals control over infected computers.”
This highlights the strong ties between badware and crime of all stripes. The identity and financial information being stolen through trojans and keyloggers isn’t just lining the pockets of rich gangsters – it’s also helping finance acts of terrorism.
Read the full article here (may require free registration).
Posted in all | Tags badware, crime, terrorism
Posted by Erica George
Fri, 20 Apr 2007 20:08:00 GMT
A CNet article this week discusses badware and the increasingly subtle tricks employed by badware distributors to hide malicious code on apparently innocuous websites. As CNet notes, “[m]alicious JavaScript can be embedded in a Web page and will typically run without warning when the page is viewed in any ordinary browser.” Some websites intentionally distribute badware, while others are legitimate websites that have been hacked to install malicious code without the site owners’ knowledge. Either way, it’s getting harder for the average internet user to know if a website they want to visit is safe.
According to Jose Nazario of Arbor Networks, initially, those distributing badware through the web left the malicious code undisguised, often in plain javascript that could easily be revealed by checking a site’s source code. Recently, however, attacks have tended to hide the malicious code inside obfuscated javascript, which must be decoded before its harmful nature is visible. Obfuscated javascript is harder for website owners to recognize as a threat, and is often not detected by antivirus software.
How can internet users protect themselves? StopBadware recommends using the most up-to-date versions of web browsers, as many vulnerabilities targeted by malicious code are intended to exploit security holes that are patched in newer versions of browser software. Lists of websites that host badware – such as StopBadware’s Badware Website Clearinghouse – can help show sites to avoid. If you are a website owner, visit StopBadware’s page of security tips to learn more about keeping malicious code off your site. To find out more ways to get involved in fighting badware on the web, click here.
Posted in all | Tags badware, news
Posted by Erica George
Mon, 26 Mar 2007 19:55:00 GMT
If you’ve been following StopBadware’s work over the past few months, you know that we have witnessed a sharp increase in the number of websites distributing badware. More and more of these sites are turning out not to be malicious distributors of bad software, but otherwise innocent websites that have been hacked and made to distribute badware without the knowledge of the sites’ owners. In the past weeks, we’ve even seen hacking attacks hit the sites of several friends of the Berkman Center, StopBadware’s parent institution at Harvard.
Berkman fellow Ethan Zuckerman shares a detailed and insightful account of one such attack in a recent post to his blog. A website owned by a friend of Zuckerman’s was hacked, and subject to a Google search warning and listing in the Badware Website Clearinghouse. Zuckerman initially assumed that his friend’s site must be listed by mistake, but quickly learned that the site had been compromised. As Zuckerman tracked down what had happened to his friend’s site, he uncovered the source of the attack – an organized crime outfit known as the RBusiness Network, currently based in Panama.
How risky is an infected site to visitors? Zuckerman examines one of the exploits used by RBusiness, noting that “[b]asically, when you load this iframe, it runs a small script which downloads and runs a Windows executable file. That file downloads a rootkit, a password sniffer and opens a backdoor into the user’s system.” Badware producers then use these invisible downloads to steal financial data for use in fraud or identity theft.
StopBadware is not the only group noticing increases in this kind of website hack. Symantec’s recent Internet Security Threat Report, for example, noted an increase in malware designed to steal financial data from victims.
How can you protect yourself? If you run a website, check out StopBadware’s Security Tips page, and talk to your hosting provider to be sure your site is secure. When browsing the internet, be sure your computer is running up-to-date, fully patched software, with anti-virus and anti-spyware protection. Last, if you do come across badware as you surf the internet, please share your story. The more we know about badware and the criminals who produce it, the better we can help internet users and webmasters keep themselves safe.
Posted in homepage, all | Tags badware, hacking
|
