loose wire | blog – Page 92 – Jeremy Wagstaff: ex Reuters/BBC/WSJ etc. Now consulting and writing. Blogging here since 2001

KL’s Airport Gets Infected

By jeremy | November 22, 2011

If there’s one place you hope you won’t get infected by a computer virus, it’s an airport.

It’s not just that the virus may fiddle with your departure times; it’s the wider possibility that the virus may have infected more sensitive parts of the airport: ticketing, say, or—heaven forbid—flight control.

Kuala Lumpur International Airport—Malaysia’s main international airport—was on Friday infected by the W32.Downadup worm, which exploits a vulnerability in Windows Microsoft patched back in October. The worm, according to Symantec, does a number of things, creating an http server on the compromised computer, deletes restore points, downloads other file and then starts spreading itself to other computers.

Enlargement of the photo above. The notification says Symantec Antivirus has found the worm, but has not been able to clean or quarantine the file.

KL airport clearly isn’t keeping a tight rein on its security. The virus alert pictured above is at least 12 hours old and the vulnerability it exploits had been patched up a month before. Says Graham Cluley of UK-based security software company Sophos: “What’s disturbing to me is that over a month later, the airport hasn’t applied what was declared to be an extremely critical patch, and one which is being exploited by malware in the wild.”

What’s more worrying is that this isn’t the first time. It’s the first time I’ve noticed an infection on their departures/arrivals board, but one traveller spotted something similar a year and a half ago, with a Symantec Antivirus message popping up on one of the monitors. I saw a Symantec Antivirus message on one monitor that said it had “encountered a problem and needs to close”, suggesting that the worm had succeeded in disabling the airport’s own antivirus defences:

So how serious is all this? Cluely says: “Well, it’s obviously a nuisance to many people, and maybe could cause some disruption.. but I think this is just the most “visible” sign of what may be a more widespread infection inside the airport. I would be more concerned if ticketing and other computer systems were affected by the same attack.”

He points to computer viruses affecting other airports in recent years: In 2003, Continental Airlines checkin desks were knocked out by the Slammer worm. A year later, Sasser was blamed for leaving 300,000 Australian commuters stranded, and BA flights were also delayed.

For me, the bottom line about airports and air travel is confidence. As a traveler I need to feel confident that the people deciding which planes I fly and when are on top of basic security issues. And that doesn’t mean just frisking me at the gate. It also means keeping the computer systems that run the airport safe. This is probably just sloppy computer habits but what if it wasn’t? What if it was a worm preparing for a much more targeted threat, aimed specifically at air traffic?

(I’ve asked KL International Airport and Symantec for comment.)

The Periphery of the Brand

By jeremy | November 22, 2011

2 Comments

(Updated Dec 8 with comment from IKEA)

I’m always amazed at how companies work really, really hard on their brand, and then blow it all on the periphery.

The pictures here are taken from the Milton Keynes branch of IKEA, an otherwise wonderful store that caters to kids, has the usual IKEA range of stuff and generally lives up to the company’s brand in spades.

Except at the entrance. The trash repository is right in front of the door, and is littered with cigarette butts, burger wrappers, ash, IKEA cups and a half-drunk glass of orange that, presumably, came from the IKEA cafeteria:

It stands out like a sore thumb, depressing newcomers and those leaving the store alike. At a guess it’s not maintained, or maintained enough, because it’s just beyond the scope of the store, and so is probably not, strictly speaking, the responsibility of the store. There’s probably no guideline for this sort of situation in the IKEA manual. But IKEA is the only user of the building, and the stuff being left here is all from IKEA shoppers—some of it sporting the IKEA logo.

The periphery of the brand is often just beyond the reach of all the normal boxes a manager would tick in ensuring the brand is looking good. But that is often the exact point of contact for a customer—coloring either their first impression or the lasting one they have when they leave.

IKEA have promised to address the problem: In an email, they said: “At IKEA Milton Keynes, we strive to maintain high standards of tidiness across our store both inside and out to give our customers the best possible shopping experience. On this occasion, the maintenance of the bin does not reflect these standards however, we are addressing this, and are stepping up measures to make the necessary improvements.”

del.icio.us Tags: marketing,brand,IKEA,rubbish,trash,image

A New Kind of Anti-Piracy Scam?

By jeremy | November 22, 2011

1 Comment

Turns out it is possible to make money from having your products pirated. You put them out there yourself, and then sue anyone who takes them.

This is what, allegedly, is happening between a U.S. pornographer, a German anti-piracy organisation, and a firm of UK lawyers. Here’s how the scam—allegedly—works. The pornographer cuts a deal with the anti-piracy group to distribute about 300 of its movies. The anti-piracy group uploads them to peer to peer networks like e-Donkey, KaZaa, BitTorrent, etc.

People download them. Then the lawyers come in. They go to the ISP and demand names and addresses of downloaders. Then they send them nasty letters demanding £500 for “copyright infringement” or, else the likelihood of facing a high court action. Most pay up. Many have no idea what they’re talking about.

How do we know all this? Well, there’s a great piece on it by TorrentFreak, who explains it in some detail. The screenshot above is taken from what purports to be a contract [PDF] between the pornographer, John Stagliano, and the German anti-piracy group, DigiProtect. The document states clearly:

To achieve the purpose outlined in clause 1, LICENSOR grants DIGIPROTECT the exclusive right to make the movies listed in Appendix 1 worldwide available to the public via remote computer networks, so-called peer-2-peer and internet file sharing networks such as e-Donkey, Kazaa, Bitorrent, etc. for the duration of this agreement.

DigiProtect then sought and obtained a court order demanding that UK ISPs reveal

the name and postal address (“personal data”) of the registered subscriber or subscribers to each of the Respondents’ internet account or accounts that were assigned to the internet protocol address listed in Schedule 1 hereto, on the dates and times shown therein and which relate to the Respondents.

The rest—that the lawyers have been hired to essentially blackmail perceived downloaders–seems to be based on assumption. Techdirt has a good account here, and concludes:

In other words, it’s quite clear that this has nothing to do with preventing content from getting on file sharing networks. Instead, they’re specifically putting it there themselves, apparently hoping to get it as widespread as possible, in order to send out the threat letters more widely, so they can collect on the “settlements” from people scared that they’re about to get sued. It’s hard to see how that’s not a massive abuse of copyright law.

Interestingly, the Guardian piece linked to above, which indicates the extent of the lawyers’ blitz, does not refer to the involvement of the copyright holder (the pornographer) or the suspicious looking contract. This is odd, since the article—the most recent on the topic, posted on Saturday—does refer to a Southampton-based law firm, Lawdit, which is charging clients £50 to fight the demands.

Neither does Lawdit refer to the leaked document in its own advice on the matter, made public on November 19. The lawyer involved is Michael Coyle, who has offered free legal representation in the past on a somewhat similar case.

The lawyers’ firm involved on behalf of DigiProtect is none other than Davenport Lyons, which has something of a reputation in this field.

Needless to say, knowing the IP address doesn’t indicate that the person in whose name it’s held is going to be the one downloading the file in question. Indeed, if there’s any illegality involved, it’s very unlikely someone would use their own Internet connection to do so. More likely they’d use a public connection or piggyback an unsecured WiFI connection.

The lesson: Secure your WiFi network. And don’t pay up if you got one of these letters and you didn’t do anything. If you did, find a lawyer who’s keen to pursue the possibility that this is not a simple case of an aggrieved copyright holder trying to recover its due, but someone who intentionally seeded P2P networks with its content in order to make a killing.

Facebook Scams: Not Out of the Woods

By jeremy | November 22, 2011

2 Comments

Facebook may have just won a theoretical warchest from a spammer, but it’s not put its house in order when it comes to scams. Indeed, I suspect they’re getting worse. Now you can get infected without even having to visit your Facebook account.

What happens is that, if you have set your profile to receive email updates when someone sends you a message on Facebook, these trojan scams actually make their way direct into your inbox. Facebook is just the vector:

Here’s a message, as it looks in Gmail:

Click on that link and it takes you, not to the Facebook message page, but straight to the dodgy website. In this case the website is still active. It will have a name like YuoTube:

and a YouTube-like interface:

The message in the ‘player’ says “Your version of Flash Player is out of date.” Without you doing anything the download window will appear:

Of course, if you install that you’re in trouble. But are you in trouble if you’ve already visited the page? I’m still working on that.

The Undignified Death of Social Networks

By jeremy | November 22, 2011

0 Comment

I’m intrigued, and slightly depressed, at how social networking sites deteriorate so quickly into what are little more than scams. I think it started about a year ago, when a number of sites started pulling the stops out to build up membership.

Now, it seems, it’s all about the money. Take Quechup, for example, which has never had a very good reputation, though some say it’s undeserved. I don’t think anyone would try to argue that now.

I opened an account at Quechup about a year ago, and left it, with no friends. no connections, no activity (a bit like my real life.) I didn’t get anything until last month. In the past month I’ve received more than 30 messages. All of them from people I don’t know; all of them, from the subject line, spam:

So what’s the scam, then?

Well, if you’re fool enough to open one of these messages, that’s your limit. Suddenly your inbox looks like this:

The message is basically that you can’t open any messages until you upgrade your membership:

Upgrading, of course, costs. Not a lot, but if you’re curious to find out who’s been scamming you, sorry, flirting with you, you have to cough up:

My question is this: Who is behind the spam in my inbox?

Admittedly, my profile is a bit provocative:

Still. One can’t help feeling that either the spam is being allowed by Quechup as a money-making exercise, or, the only other explanation I can think of, it’s spamming its members with silly messages in the hope they’ll be curious enough to upgrade and read them.

Either way, it’s a social network that’s dead from the neck up.

Sad, really.