The Bagle Worm

By | November 24, 2011
0 Comment

I’m getting quite a few warnings about a new worm called Bagle, so I thought I’d pass them along. MessageLabs, an email security company, says it’s currently spreading at an alarming rate. The first copy of the worm was intercepted from Germany, and at the moment the majority of copies are being captured as they are sent from Australia. It seems to have several bits to it:

The worm arrives as an attachment to an email with the subject line ‘Hi’ and has a random filename, with a .exe extension. W32/Bagle-mm searches the infected machine for email addresses and then uses its own SMTP engine to send itself to the addresses found. The worm makes a poor attempt to lure users into double-clicking on the attachment by using social engineering techniques.

Further analysis suggests that the worm includes a backdoor component that listens for connections from a malicious user and can send notification of an infected system.

It also appears that the worm may attempt to download a Trojan proxy component, known as Backdoor-CBJ. This Trojan is able to act as a proxy server and can download other code which could be used for key-logging and password stealing.

Here’s more on it from CNet.

More On Camera Phones As Bar Scanners

By | November 24, 2011
0 Comment

Here’s more on a subject I looked at in December (and then promptly forgot about): Using your camera phone as a bar code scanner. Wired says there are at least four software companies that have released applications that let you take a photo of a bar code, which will then trigger the download of coupons, reviews and other information about that product.

Not a bad idea. As the article points out, most phones have inbuilt browsers, so in theory it’s possible to check out competing prices and more information about a product you’re looking at. But who actually does that?

This is what the folk at trendwatching.com call SEE-HEAR-BUY: “the capability to buy everything you see or hear, wherever you are.”

Wired also takes a glimpse at the bit that worries me: The destruction of the small time retailer. If people are just wandering into shops, taking a snap of a product and then wandering off again, how helpful is that going to be to their business? Either they ban camera phones in their shops, or they try to find a way to make it work for them, perhaps by creating ways to make alternative recommendations for a product the customer is viewing. And of course, the edge the bricks and mortar folk have always had: Their extensive knowledge, onsite, online and delivered in human packaging.

Note for Wall Street Journal Europe Readers

By | November 24, 2011
0 Comment

For those readers of The Wall Street Journal Europe: I’m afraid the column is no longer running in the WSJE because of a policy of standardizing some pages so they mirror the U.S. edition. For those readers of the column there, I’m sorry. I enjoyed receiving emails from readers in Europe and had hoped to earn the column a reprieve.

My column will still be available at The Wall Street Journal Online and the Far Eastern Economic Review (both require subscription). And of course, this blog will still offer up a daily dose of stuff. So please keep reading, and keep writing in.

Sending SMS From A Computer

By | November 24, 2011
5 Comments

Here’s a list of some of the available ‘PC to SMS’ services, courtesy of Russell Beattie. My own offerings:

Both Yahoo and ICQ chat offer some kind of SMS service, but I’ve found them to be somewhat unreliable. This is less to do with them and more to do with the end provider, but in the end if you don’t know your SMS has arrived, the service is pointless. The Asian experience, at least, has shown that free services don’t last, and people would rather pay a bit and know their SMSes have arrived, than try the lottery of a service that may or may not always work.

I’ve noticed Americans getting into SMS in the past couple of months, presumably because of improved services over there, which is great. Hopefully this will lead to an improvement in inter-carrier operability. Europe and Asia have long had these services — and the ability to send SMS between continents — so perhaps this is the start of something big.

The Fine Art of Phishing, Or Suckers In Love

By | November 24, 2011
3 Comments

Email scams seem to be getting more and more sophisticated. I got two this weekend that I hadn’t seen before: One nearly fooled me into trotting off to Paypal and giving up practically all my personal data, the other almost convinced me I was being pursued for love.

The Paypal scam, according to Codefish, is ‘exceedingly well done’. The email looks and feels authentic, and, most interestingly, uses a slightly different technique to shield the link from the wary (such scams try to lure the user into entering their password into a website they believe is the legitimate one, so the link to this website in the email needs to look authentic). This email, rather than hiding the real link inside lots of meaningless characters, uses Javascript, so that hovering the mouse over the link will make it look as if the link is www.paypal.com. I hadn’t seen that before and it took Daniel McNamara, who runs the Codefish website on scamming, to explain to me what was happening.

Oh, and if you do go to the website in question, which looks like a PayPal website, the scammers will ask for your Full Name, Address, Phone contacts, Credit Card information, Bank account information, Social Security Number, Card PIN Number, Date of Birth, Mother’s maiden name, Driver Licence Number, Email address and PayPal Password. As Daniel puts it: “What we’re looking at here is nothing less than full on indentity theft. The information the phishers would glean from victim with this scam would more or less allow them to do anything as that person. I’ve not seen a phishing scam go to such lengths before.”

The second scam was weirder:

YOU HAVE RECEIVED A LOVE COMPATIBILITY TEST

Greetings,

You have received a love compatibility test, see how compatible you are by
answering the 20 simple love compatibility questions.

The link was to a page on a website www.lovecompatibilitytester.com and so looks harmless enough. At worst, you think, it’s spam; at best someone really cares about you… But no. Daniel’s taken a look and says going to the link will actually try to install a virus — possibly one called Pinfi — which is probably a password grabber. What surprised me with this is that scammers would go to such lengths in social engineering to lure the unwary. My guess: Just like the lovebug worm, there’s no sucker like a sucker in love. Be warned. Scams are getting smarter.