UW Computer Security Research and Course Blog

(article) The RIAA is trying to push the PRO-IP bill through Congress, which would grant them more protection under copyright law, including the ability to sue even more for illegal copying of media. Thought $9,000 per song was too much? Try $1.5 million per CD…

(article1) (article2) The Motion Picture Association of America and the International Federation of the Phonographic Industry, among other media giants, are backing Sweden’s decision to charge the individuals responsible for running a public torrent site known as “The Pirate Bay”. The charge is accessory and conspiracy to break copyright law. Many think the charges have no grounds, but even if they lose the trial, according to them, the site isn’t going anywhere.

(article) Since September, when the RIAA lost the Interscope vs. Rodriguez case because of lack of evidence supporting their complaint, the association has attempted to add more details to their case; most notably the IP address connected with the alleged offender. Many believe that this isn’t good enough either.

I would like to expand upon this last bit, which happens to be directly connected to computer security. (Read on …)

A new botnet, called Mega-D, is currently responsible for an estimated 32% of all spam, compared to the Storm botnet’s peak estimate of 21% in September 2007.

The Mega-D botnet runs on a distributed peer to peer network, and the virus disables itself if it is run in a virtual environment.  The virus spreads via malicious e-mails, which trick its victims into visiting fake websites and downloading the trojan.

E-mails are made to mimic invites to social networking sites such as Facebook, and will ask users to update their Flash player, when in fact they are downloading the virus.  Other malicious e-mails used subjects mentioning the recent death of Heath Ledger to trick users into reading the e-mail and visiting a malicious web page.

Mega-D is used to advertise male enhancement pharmaceutical products, and is gaining momentum in Asia and North America, where broadband availability is high.

The Storm botnet’s activity has been declining, largely in part to Microsoft’s malicious software removal campaign.  Storm had received a lot of publicity, whereas there is little media coverage on Mega-D.

Security experts at Marshal (www.marshal.com), a security company that monitors spam and botnet trends, found that Mega-D is the current juggernaut of e-mail spam.  Marshal also reports that 70% of all spam is delivered from five botnets: Mega-D, Pushdo, HTML, One Word Sub, and Storm.

While the Storm botnet is the most infamous, it is estimated that Storm currently contributes around %2 of spam, meaning we now need more attention on the other botnets.

http://www.securecomputing.net.au/news/69328,megad-botnet-stronger-than-storm-promotes-male-sexual-pills.aspx

http://www.zdnet.com.au/news/security/soa/Mega-D-sticks-it-to-Storm-in-spam-contest/0,130061744,339285587,00.htm

http://en.wikipedia.org/wiki/Storm_botnet

http://www.scmagazineus.com/Malicious-banner-ads-appear-on-Expedia-Rhapsody-sites/article/104827/

Recently, malicious ad banners that deliver malware had appear on both Expedia and Rhapsody.  Clicking on the malicious flash ad banner, SWF_ADHIJACK.A, leads to several re-directions, which eventually result to the installation of a rogue antispyware detected as TROJ_GIDA.A.

They are definitely not  the first victims, as there have been reports of such discovery on other popular websites, such a MBL and NHL(www.crn.com/security/203101675).  However, what surprised me is that Expedia and Rhapsody, both being web-oriented company, failed to prevent such ads from reaching the site.  Unlike MLB.com, both Expedia and Rhapsody  have the knowledge and expertise to easily identify such malicious banners.  They just decided not to filter ads provided by ad-serving network.