Get Paid to Install Malware

Get Paid to Install Malware

Botnets are using affiliate programs to infect PCs.

By Erica Naone

Sites like Amazon offer affiliate programs that pay users for sending them new customers. And now, malware authors, always quick to adopt tactics that work elsewhere, have developed their own affiliate program, which was described in a talk given today at the Black Hat DC computer security conference in Washington, DC.

Kevin Stevens, an analyst at Atlanta-based security consulting company SecureWorks, says sites with names like "Earnings4U" offer to pay users for each file they can install on someone else's PC; the practice is called "pay per install." Stevens found sites offering rates ranging from $180 per 1,000 installs on PCs based in the U.S. to $6 per 1,000 installs on PCs based in Asian countries.

As he researched the practice, Stevens says he discovered a number of companies engaged in pay per install. These companies periodically change their names to dodge the authorities. He also found forums where users shared tips for making more money, and a variety of sophisticated tools developed to make it easier for them to install malware. "It's almost like a real, legitimate business," he said.

People who sign up for the affiliate programs often download "malware cocktails" that they then try to distribute as widely as possible. One common technique is to combine the malware with a video and offer it for download on a peer-to-peer file sharing site. Another is to host the malware somewhere on the Web, and use search engine optimization techniques to attract traffic to it.

Stevens outlined several types of software that a malware affiliate can use. "Crypters," for example, are programs that mask malware from antivirus programs. One popular crypter costs about $75 initially, and then $25 to buy fresh pieces of code that keep the malware masked once antivirus programs have begun to recognize the original. Stevens estimates that it's possible to get by for two to three weeks on each such update.

For about $225, a malware affiliate can multiply his earnings by obtaining a Trojan download manager. This program allows him to pump multiple malware cocktails into each infected PC, getting paid for each one on each compromised computer. One Trojan download manager comes with add-ons that allow a user to harvest e-mail addresses from an infected system, which could then be used to send spam or phishing messages.

Stevens estimates that some of the larger companies offering pay-per-install programs are responsible for about 2.8 million malware installs each month.

Engineering the Computer of the Future, One Atom at a Time

By Charles Q. Choi, TechNewsDaily Contributor, posted: 01 February 2010 06:19 pm ET

del.icio.us

Digg It!

Newsvine

reddit

 

Using computers based on the mind-boggling physics of the quantum world, researchers now hope to simulate reality on the molecular scale better than ever before.

Scientists want to simulate molecules on computers to better understand and improve how they might react – for instance, how a drug might behave in the human body. But attempts to simulate complex molecules using modern supercomputers fall short because increasing the number of atoms they have to analyze leads to an exponential spike in computation time.

"If you simulate anything larger than four or five atoms – for example, a chemical reaction, or even a moderately complex molecule – it becomes an intractable problem very quickly," said researcher James Whitfield, a quantum information chemist at Harvard University. At best, he explained, regular computers only can get a rough approximation of how these systems work.

Quantum computers
 
That is why scientists are now turning to quantum computers, which rely on the bizarre properties of atoms and the other construction blocks of the universe. The world becomes a fuzzy, surreal place at its very smallest levels – things can seemingly exist in two places at once or spin in opposite directions at the same time.

While normal computers represent data as ones and zeroes – binary digits known as bits that they express by flicking tiny switch-like transistors either on or off – quantum computers use quantum bits, or qubits (pronouced "cue-bits") that are both on and off at the same time. This enables them to carry out two calculations simultaneously. In theory, quantum computers could prove incredibly faster than regular calculators for certain problems because they can run through every possible combination at once.
The particles and molecules that scientists want to investigate are quantum objects.

"If it is computationally too complex to simulate a quantum system using a classical computer, why not simulate quantum systems with another quantum system?" said researcher Alán Aspuru-Guzik, a quantum information chemist at Harvard.

Calculating with light
 
The quantum computer the researchers conducted their molecular simulations with relied on photons, or packets of light, as its qubits. While Aspuru-Guzik, Whitfield and their colleagues provided the software and performed key calculations, their collaborators in Australia assembled the hardware and ran the experiments.

Using this two-qubit computer, they simulated the smallest molecular system, the hydrogen molecule, and calculated its energy in terms of how it might react with other molecules. They ran their simulation process 20 times in a row, with each cycle working off the data from the last one, to achieve very precise values. "That's enough precision to simulate experiments with," Aspuru-Guzik told TechNewsDaily.

The great challenge that lies ahead is creating quantum computers with more qubits, which are needed to simulate molecules with more atoms. Although a 2,000-qubit computer would be roughly enough to, say, simulate cholesterol binding with a protein, the most qubits anyone has uncontestably made a quantum computer with so far is roughly a dozen, Aspuru-Guzik said.


"We are now working to make larger experiments to continue our successes with larger and larger systems," said he said.

The research was detailed online in a recent issue of the journal Nature Chemistry.

Facebook plans PHP changes

Facebook plans PHP changes

Hardware saver?

By Gavin Clarke in San Francisco, 1st February 2010 23:24 GMT

On Tuesday, Facebook is expected to unveil changes to PHP, the language that helped make the social networking site a success - along with millions of other web sites.

SD Times has outed the planned change here. Facebook wouldn't provide details when contacted by The Reg but said it would make more details available Tuesday morning, Pacific time.

The changes have been described as either a re-write of the PHP runtime or a compiler for PHP.

A change to PHP would be Facebook's latest donation to the language, which has also had contributions from Microsoft and the former Sun Microsystems over the years.

PHP co-founder Andi Gutmans, said his company Zend Technologies was aware Facebook's been planning a change and told The Reg he thinks it will be "significant." But he wouldn't elaborate further.

"We have to see what come out," Gutmans said. "Generally speaking...I think there's been some good innovation at Facebook. I imagine some of it could help community PHP."

When it comes to run-times, there have been projects such as Caucho's Quercus - a Java implementation of the PHP language - and the Project Zero PHP runtime that have generally failed to get-traction. Gutmans said this was because open-source PHP has remained the industry's de-facto standard.

He's also not overly worried that what Facebook unveiled could lead to a fork of PHP, noting the community is not as political - for example - as the former Sun's MySQL community. He expects what ever Facebook announces to be under a community friendly license and said if it is innovative then he'd be happy to see it find its way into PHP.

He said developers would continue to get their PHP source from the community.

Gutmans noted Facebook might be introducing changes because of the scale of its operations and that changes in the language might help it cut the number of servers it needs.

"We've got to remember Facebook is a very different user - a very atypical user compared to the majority of users. The performance requirements at the scale they run is very different from even heavily loaded web sites that have tens or hundreds of servers. Saving 10 per cent can be thousands of servers," he said. ®

Rewriting European privacy law for digital age

Rewriting European privacy law for digital age

January 31, 2010 by Sophie Estienne Enlarge

European legislation covering the protection of private data is being dragged into the digital age in a potential threat for social networking sites like Facebook where users display foibles, often without a thought for consequences.

European legislation covering the protection of private data is being dragged into the digital age in a potential threat for social networking sites like Facebook where users display foibles, often without a thought for consequences.
 

European Commissioner Viviane Reding cited the arrival of privacy issues raised by such social networking sites when she announced last week a flagship drive to rewrite European law for the Internet generation, turning the old 1995 text into something fit for purpose.

Data protection for private citizens is a sensitive issue in Brussels, which has been in conflict with the United States for years seeking greater controls on personal details gathered under anti-terror drives there.

The European regulators have also successfully pushed web and computing giants Google, Yahoo! and Microsoft to reduce the length of time they hold details that can be classed as personal, such as browser logs.

One of Microsoft's directors, Brad Smith, came to Brussels last week to call for "an advanced framework of privacy and security that is more closely aligned with the ways in which not only computing, but also the interaction between people, is evolving."

All the more necessary as the computer world -- and already public authorities in the US at least -- switches increasingly towards 'cloud' computing, which essentially means the storage of data in shared servers over the Internet.

Clear rules are needed to avert the sort of polemic that erupted around Google's 'Street View' application -- where entire cities are photographed for 'walk-through' online appreciation -- or around each change to confidentiality rules implemented by Facebook.

Canada this week opened a fresh probe into the leading social networking site, following its December decision to no longer allow members -- who number more than 200 million worldwide -- to hide certain details including pictures and personal profile, including lists of 'friends' or group memberships.

Facebook founder Mark Zuckerberg defended the move this month saying "social norms" had changed when it came to what individuals were willing or eager to share.

"In the last five or six years, blogging has taken off in a huge way and all these different services that have people sharing all this information," he said.

"People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people."

But the result is that Internet searches can bring up very personal details, with studies repeatedly showing how recruiters use these services to 'vet' potential candidates.

A recent addition, by researchers Cross-Tab, shows that 41 percent of recruiters said they had already refused candidates because of details about their lifestyles picked up through this medium. The figure hit 70 percent in the US.

Comments posted online and "inappropriate" pictures or videos can all trigger worries over lifestyle.
Recruiters "are for the most part comfortable searching for information that would be unethical or even illegal to ask a candidate to provide," the authors underlined.

(c) 2010 AFP

Toyota Recall Is Moment to Counter China’s Rise

Commentary by William Pesek

Feb. 1 (Bloomberg) -- Naoto Kan isn’t alone in his “sense of sadness.” He shares it with 126 million Japanese.

Japan’s finance minister is blue over how quickly China is gaining on Asia’s biggest economy. Two years ago, anyone who said China would overtake Japan in 2010 was laughed into submission. Fantasy may soon become reality and the Japanese media can’t churn out enough dire stories about it.

“Generally speaking, it’s a good thing that China and Asia are growing and Japan needs to make efforts to ensure it can benefit from that,” Kan, 63, told reporters in Tokyo last month. “Coming from a generation that experienced high growth, my honest feeling is a sense of sadness.”

Far from being sad, Kan should see this moment for what it really is: one that shakes Japan out of its 20-year slumber.

PricewaterhouseCoopers LLP’s recent prediction that China will overtake the U.S. as the largest economy by 2020 is the talk of Tokyo. It’s shock enough for Japan to fathom playing second fiddle in Asia, never mind China being the globally dominant power 10 years from now. Expect a corresponding surge in sake and whiskey sales around Japan.

Adding insult to injury, the great Toyota Motor Corp. is recalling cars in China, and Japan Airlines Corp. is bankrupt. Add in deflation and the threat of a Standard & Poor’s downgrade and it’s hard not to conclude 2010 is getting off to a dreadful start for Japan.

Silver Lining

The silver lining is the China effect. On the face of it, China’s economy should be larger than Japan’s -- its population is almost 11 times bigger. If China’s currency weren’t 40 percent or so undervalued, it would already be No. 2. As many in Japan say, though, size will matter more when China matches Japan on a per-capita income basis. Japan’s is 13 times China’s.

That’s many a year off, of course. As the process unfolds, Japan could be well-positioned to benefit. What’s so bad about having a massive economy growing 10 percent in your neighborhood? With the U.S. consumer limping along, Japan needs all the demand for exports it can find.

Policy makers in Tokyo are officially out of reasons to delay the radical change Japan needs. To date, they have had more than their share of warnings: the collapse of the 1980s bubble economy, the “Lost Decade” of the 1990s, the Asian crisis in 1997, the U.S. credit meltdown, you name it. They just haven’t answered them, opting to add more debt and yen to punt big reforms forward.

Chinese Jolt

China is a jolt that Japan can’t manage around. Muddling through isn’t an option when the largest manufacturer and exporter is bearing down on you. Also, China is now the U.S.’s main creditor, reducing Japan’s leverage in Washington.

Amid all this China buzz, Japan is left to grapple with uncompetitive labor costs, a rapidly aging population and dwindling fiscal options. If Japanese officials intend to hit the snooze bar and sleep in for a few more years, S&P is standing by to give it a nudge.

S&P last week lowered the outlook on Japan’s AA sovereign credit rating to negative because of diminishing flexibility to cope with the world’s largest public debt. China is making the world quake because of its $2.4 trillion of currency reserves. Japan is spooking the world with its financial frailty.

Stability in China isn’t a given. The immediate risk is overheating. The longer-term problem, the one on which hedge- fund managers are fixated, is that today’s loans may turn sour tomorrow. China must get more serious about asset bubbles and narrowing the gap between rich and poor.

Filling the Void

Even moderate growth from China may help fill the void left by the highly leveraged U.S. consumer. Japanese Prime Minister Yukio Hatoyama is mending ties with China, whose global influence is increasing as America’s declines. Japan still needs the U.S. for security reasons, yet economic realities are drawing its attention toward Asia.

One example of how China could be the catalyst that has eluded Japan is services. An obsession with manufacturing means Japan neglects its services industry, which is a far bigger part of the economy. China’s threat will focus attention where it needs to be: deregulating services and increasing productivity.

And don’t count Toyota and JAL out in the long run. Toyota seems to be taking a page from Johnson & Johnson’s playbook with its total recall. In 1982, J&J pulled millions of bottles of Extra Strength Tylenol from store shelves after someone in the Chicago area put cyanide in the capsules, resulting in seven deaths. The recall restored J&J’s reputation. We could very well be witnessing Toyota’s Tylenol moment.

JAL is now in the hands of electronics tycoon Kazuo Inamori after last month’s bankruptcy filing. His powerful political connections and maverick ways could give him the means to shake up Asia’s biggest carrier by sales in ways that none of his predecessors dared.

China’s great economic leap forward is in many ways a good- news story for corporate Japan. Officials such as Kan clearly hear the alarm bells in their midst and must act accordingly. With China’s arrival, sleeping on the job isn’t an option.

To contact the writer of this column: William Pesek in Tokyo at +81-3-3201-7570 or wpesek@bloomberg.net
To contact the editor responsible for this column: James Greiff at +1-212-617-5801 or jgreiff@bloomberg.net