New information-theft malware 'Napolar' is gaining traction, researchers warn

A new piece of information-stealing malware that appeared earlier this year has been rapidly gaining traction during the past few weeks, with hundreds of infection attempts being detected every day by antivirus vendors.

The malware is called Solarbot and its creator first started to advertise it to cybercriminals in May, security researchers from antivirus vendor Avast said Wednesday. The number of infection attempts using this malware increased significantly over the past few weeks, the researchers said.

Researchers from antivirus vendor ESET have also been tracking the same threat. "We have uncovered many details about this bot since it became active at the end of July, with in-the-wild infections starting mid-August," they said. "There have been reports of thousands of infections, many of them in South America."

Both Avast and ESET antivirus products detect the malware under the name Napolar.

Solarbot/Napolar is advertised through a professional-looking and publicly accessible website that lists the malware's features and tracks the development progress in an actively updated changelog. The site also provides a manual for using the malware and information on how to develop plug-ins for it.

According to the ESET researchers, buying the malware's binary file, which can be used to infect computers, costs US$200.

Solarbot is able to launch several types of DDoS (distributed denial-of-service) attacks, can act as a reverse SOCKS5 proxy, steal POP3 and FTP login credentials from many email and FTP clients, and steal information entered by victims into Web forms in Internet Explorer, Mozilla Firefox or Google Chrome.

However, the malware's functionality can be extended through plug-ins. The bot's developers offer a plug-in SDK (software development kit) and also provide some example plug-ins to steal Bitcoin wallets or collect computer information.

According to data received by Avast from installations of its products, infection attempts with Solarbot are detected on several hundred unique computers every day. The malware's distribution seems to be global, but the most-affected countries are Colombia, Venezuela, Peru, Mexico, Argentina, Philippines, Vietnam and Poland.

Researchers from ESET suspect that the malware is spread through compromised Facebook accounts, because some of the samples found so far have names like "Photo_032.JPG_www.facebook.com.exe." The malware can steal Facebook log-in credentials using its form-grabbing feature, so attackers can use those credentials to access Facebook accounts and spread the malware to other people, the researchers said.

Although this bot is similar in functionality to Trojan programs like Zeus or SpyEye that are already widely used, its popularity might grow because it is actively maintained, easy to use and can be extended easily through plug-ins, the ESET researchers said.

Due to its solid malicious performance and reasonable price of $200, this bot could be on the rise in the near future, the Avast researchers warned.

View the original article here

Bitcoin is legal, let it evolve into its role, researchers urge

As the tech industry grapples with the potential benefits and risks of the digital currency Bitcoin, policymakers should take care not to impose heavy-handed restrictions on an innovative platform that could transform global commerce, a pair of researchers at George Mason University's Mercatus Center argue in a new policy paper.

As a starting point, the researchers suggest that the proper way to evaluate Bitcoin is "not necessarily as a replacement for traditional currencies, but rather as a new payments system," and acknowledge that it "exists in something of a legal gray area."

"This is largely the case because Bitcoin does not exactly fit existing statutory definitions of currency or other financial instruments or institutions, making it difficult to know which laws apply and how," write Mercatus Center researchers Jerry Brito and Andrea Castillo.

The researchers credit Bitcoin for achieving, at a large scale, what no other payments system has been able to do: provide direct, trusted exchanges of currency over a distributed peer-to-peer network that keeps track of debits and credits.

That network, they note, serves the same function of trusted third parties like PayPal or MasterCard that act as ledger keepers, ensuring through a form of public-key cryptography that the value of an electronic payment is deducted from the payer's account and transferred to the payee's.

That absence of an intermediary to verify and process transactions could make Bitcoin a far more economical platform for global payments, the researchers suggest, imagining the currency put to use for micropayments, improving access to capital and other innovative applications.

MercatusAndrea Castillo

"On the other hand, Bitcoin's decentralized nature also presents opportunities for crime," they write. "The same qualities that make Bitcoin attractive as a payment system could also allow users to evade taxes, launder money and trade illicit goods."

"The challenge, then," they add, "is to develop processes that diminish opportunities criminality while maintaining the benefits that Bitcoin can provide."

On the most fundamental question—whether Bitcoin is even legal—the researchers conclude that it probably is, given the U.S. Constitution's ban on states issuing their own currency does not extend to private currencies.

Brito and Castillo explore a variety of avenues where U.S. regulators could establish oversight over Bitcoin, including through anti-money laundering laws administered by the Treasury Department, at the Commodities Futures Trading Commission or under the laws that govern money transmitters like PayPal.

Ultimately, Brito and Castillo conclude with a series of recommendations for policymakers outlining a cautious approach that would seek to curb the malicious use of the service without overly restricting the development of "a revolutionary technical achievement." That includes a warning against the kneejerk reaction to crack down on the Bitcoin in response to media reports that have linked it to online criminal activity.

MercatusJerry Brito

"[A]s a technology, Bitcoin is neither good nor bad; it is neutral. Paper dollar bills, like bitcoins, can be used in illicit transactions, yet we do not consider outlawing paper bills. We only prohibit their illicit use. Furthermore, there is only anecdotal evidence about the extent to which bitcoins are utilized in criminal transactions. It would be wise to put the criminal use of the technology in perspective alongside its legitimate uses. As the bitcoin economy grows, legitimate uses of bitcoins will likely dwarf criminal transactions, just as we see with paper dollar bills."

Further, because Bitcoin, like BitTorrent, is a distributed peer-to-peer network, rather than a single company, Brito and Castillo argue that it "is virtually impossible to shut down," and that a blanket prohibition on the service would foreclose on productive, legitimate uses of the service, while ensuring "that criminals alone will use the technology."

Instead, they advise that regulators at the Financial Crimes Enforcement Network work with white-hat developers and other Bitcoin users to a clarify the agency's guidance on the service.

More broadly, they suggest that regulators should develop a new classification for Bitcoin that would dispel the confusion surrounding a platform that "does not comfortably fit any existing classification or legal definition."

The report comes amid growing concern among some lawmakers that the virtual currency operates outside of the scope of conventional regulations, and that it is used to facilitate the flow of illicit commerce on the Web.

Two years ago, Senators Chuck Schumer (D-New York) and Joe Manchin (D-West Virginia) wrote to Attorney General Eric Holder and Michele Leonhart, the administrator of the Drug Enforcement Administration, asking them to take action against the online drug marketplace Silk Road, which uses Bitcoin as a currency along with the anonymizing software Tor.

Earlier this month, the chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee wrote to DHS Secretary Janet Napolitano expressing concern about the rise of digital currencies that operate without and backing from a central bank or government entity.

"They can be sent nearly anonymously, leaving little or no trail for regulators and enforcement agencies," Tom Carper (D-Delaware) and Tom Coburn (R-Oklahoma) wrote.

Adam Crowe

"The speed at which they can be sent globally and the potentially profitable investments that can be made trading virtual currency have made them attractive to entrepreneurs and investors alike. However, their near anonymous and decentralized nature has also attracted criminals who value few things more than being allowed to operate in the shadows," they added.

Carper and Coburn cite a case that the Securities and Exchange Commission brought last month against a Texas man who was charged with operating a Ponzi scheme based on Bitcoin, as well as the Government Accountability Office's call for the IRS to expand its tax guidance on virtual currencies, along with other government activity in the space.

The homeland security committee is in the midst of an ongoing inquiry into the uses and implications of virtual currency.

"The expansive nature of this emerging technology demands a holistic and whole-government approach in order to understand and provide a sensible regulatory framework for their existence. As with all emerging technologies, the federal government must make sure that potential threats and risks are dealt with swiftly; however, we must also ensure that rash or uninformed actions don't stifle a potentially valuable technology," Carper and Coburn wrote.

Given the use of the public-key technology, the George Mason researchers take issue with the description of Bitcoin as an anonymous payment service. Because each transaction is tied to a public key, and therefore is marked in the overall record of Bitcoin activity, known as the block chain, they contend that the transactions are properly described as pseudonymous, rather than anonymous, like a basic cash transaction.

"Tying a real-world identity to a pseudonymous Bitcoin address is not as difficult as some might imagine," Brito and Castillo write, pointing out that users' IP addresses and other identifying information are often recorded in the process of making a Bitcoin transaction or exchanging bitcoins for dollars.

The researchers also note the severe fluctuations in value that Bitcoin has seen, with a single unit rising from its initial value of pennies to a peak of more than $260 in April 2013. Citing an estimate from the end of May, the researchers peg the total market capitalization of the Bitcoin economy at more than $1 billion.

That volatility could pose a risk to newcomer investors, the researchers acknowledge, though they suggest that Bitcoin's enduring merit might be to serve as a medium of exchange, rather than a vehicle for storing wealth, thus insulating users from the fluctuations in value.

"Customers who purchase Bitcoins to make a one-time purchase don't care about what the exchange rate will look like tomorrow," the authors write. "They simply care that Bitcoin can lower transaction costs in the present. Bitcoin's usefulness as a medium of exchange might explain why the currency has grown more popular among merchants in spite of its price volatility."

Follow TechHive on Tumblr today.

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
More by Kenneth Corbin, CIO

View the original article here

Browsers block ads, threaten free sites, researchers say

Nearly one in four browsers are armed with an ad-blocking tool, reducing revenue at free-content websites, an Irish company said last week.

The popularity of ad blocking—driven by users' frustrations with intrusive, distracting or just-plain-ugly-and-noisy ads—threatens the free-for-all model of the Internet, said PageFair, a company that's helping content publishers audit the problem and try to stem some of the bloodletting.

"It's a vicious cycle," said Neil O'Connor, CEO of Dublin-based PageFair. "Ads are becoming more aggressive to capture eyeballs, but that forces more people to install ad-blocking software. It's a lose-lose situation."

But without ads and the revenue they generate, most content publishers cannot sustain operations. Sans ad revenue, the only options are to charge for access—the path taken by publishers like the Wall Street Journal and the New York Times—or fold the tent. [Note: Computerworld and most IDG news sites rely on advertising for revenue.]

PageFair mined its data from the past 11 months and found some surprising nuggets about ad blocking.

"We started this because we were a publisher ourselves, in the game space," said O'Connor. "We wanted to know how many of our users were dropping out by installing ad blockers, and thought it was maybe as high as 10 percent. But we found that 30 percent were blocking our ads. That was shocking to us."

On average, 22.7 percent of the users who browsed to the several hundred sites monitored by PageFair since September 2012 used an ad blocker, but the range was very wide, from just 1.5 percent to 65 percent.

The more technically savvy a site's audience, the more likely they will block ads, said O'Connor. Game-related websites, for instance, deal with an average ad-blocking rate of 30 percent, the highest of any category. More mainstream websites, however, have a lower percentage of ad-blockers: The average for travel sites is around 5 percent

"The severity of ad blocking on a given site is positively correlated to the technical ability of its audience," said O'Connor in a report PageFair published recently ( download PDF).

That's because browser ad blocking relies on add-ons, which not all users are comfortable installing, or even know exist. AdBlock Plus, which offers add-ons for Chrome, Firefox, Safari, Opera, and most recently, Internet Explorer, is the best known.

Firefox users block ads more than those running any other browser, said O'Connor, perhaps because the Mozilla browser has long trumpeted its add-on ecosystem. Also, AdBlock Plus has supported Firefox the longest of any browser.

According to PageFair's data, 37 percent of Firefox users block ads. Google's Chrome took second place with a 30 percent blocking rate. IE's rate was miniscule, under 1 percent.

Corroborating PageFair's numbers is difficult. A May 2012 analysis ( download PDF) by ClarityRay, which like PageFair works with companies to counter ad blocking, pegged the percentage of browsers running blockers at 9.3 percent. But the two companies agreed on many points, including Firefox users' greater interest in ad blockers and technical sites' increased likelihood of being blocked.

Ad blocking is becoming more popular, O'Connor contended. Of the 38 sites for which PageFair has the most data, the annual growth rate was 43 percent, meaning a site that saw 10 percent of its visitors using blocking tools one year could expect that number to climb to 14.3 percent the next.

And appealing to users to not block a site they patronize has proved futile. PageFair offers site owners tools that make such appeals, reminding customers that the site depends on advertising to survive. The efforts have been disappointing.

"It's as if people don't care," said O'Connor. "Even for those who visited a site every day, only 3 percent to 4 percent would turn off ad blocking for that site. And those were smaller sites. For bigger publishers, it's even more difficult."

So what's the answer for sites struggling to deal with ad blocking?

"They have to rethink how they advertise," O'Connor said. "Rather than just chasing the click, they need to really engage customers in the advertising."

One way to prevent even more users from adopting ad blockers, said O'Connor, is to ditch the most intrusive and annoying ads—especially ones that use distracting animations and sounds—and rely on more discrete text-based ads.

The fact is, however, that display ads, which do not restrict themselves to text, are most sites' most effective advertising.

Some companies have taken to working with ad blocker makers—AdBlock Plus in particular—rather than fight the tide. Earlier this year, reports claimed Google had paid AdBlock Plus to get on the latter's "white list" as an acceptable advertiser. AdBlock Plus kicked off an acceptable ads program late in 2011, and does require large advertisers to pay to be on the list.

AdBlock Plus dismissed the claims, saying in a blog-based response that "you cannot 'buy' your way into the stack."

O'Connor said in lieu of a Google-like effort to get on AdBlock Plus' whitelist, he recommended that sites "put in place much more acceptable forms of advertising," those that won't prompt users to turn to ad blockers in the first place.

PageFair is working on a platform that will help site publishers do just that, perhaps with a two-tier system of ads, one acceptable to ad blockers like AdBlock Plus, another more aggressive, then ask users to opt in to one or the other.

"But short term, for some sites, it's already too big a problem," said O'Connor, again citing gaming sites as an example. "For them, they don't have time to wait for online advertising to adapt."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news.
More by Gregg Keizer, Computerworld

View the original article here

Researchers send data without battery, transmitter

Engineers at the University of Washington have developed a way to communicate over short distances using devices that don’t require batteries or transmit any signals.

They’ve developed a pair of devices that can successfully exchange data at speeds of up to 10kbps over a distance of up to 1 meter—something that could be useful in applications as varied as wearable devices or building sensors.

The secret to the unusual communications method is the TV broadcasting signals that fill the airwaves of cities and towns across most of the world.

The signals are some of the strongest on the air but reception can be degraded as reflections from buildings, trees and even aircraft affect the signal level received by an antenna. The researchers have taken advantage of the difference reflection can make as the basis for their system.

They’ve developed a couple small devices that can communicate by reflecting or absorbing TV signals.

Both devices are tuned to work over channels 22 to 29 of the UHF TV broadcasting band, and the TV signals are used in two ways, said Joshua Smith, an associate professor at the University of Washington and co-author of a paper on the system.

First, a few 10s or 100s of microwatts can be induced from the over-the-air signals to charge up a small capacitor that acts as a battery for the simple circuitry.

Second, data transmission works by having one of the devices reflect or absorb the received TV signal while the other watches for changes in the received signal level of the TV broadcast. When the first device is reflecting, the level of signal received at the second device should be higher and when it’s absorbing the signal level should fall. By detecting the difference between the two, the system has the basics for binary data transmission.

Data can be sent as fast as 10kbps when the two devices are about 30 centimeters apart. This falls to around 100bps at one meter, but the researchers believe it should be possible to increase the speed and distance with additional error detection.

And because the devices are looking for fast, momentary changes in signal level occurring hundreds of times per second, they are not affected by signal level changes at slower speeds, such as that might happen when a car drives nearby.

Researchers see the system as potentially useful for short-range communication between wearable electronics devices or for sensor networks in construction or agriculture. They have also hypothesized use of the technology in near-field communications applications.

Details of the research were published at the Association for Computing Machinery’s Special Interest Group on Data Communication 2013 conference in Hong Kong this week. It won the conference’s best-paper award.

Follow TechHive on Tumblr today.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service.
More by Martyn Williams, IDG News Service

View the original article here

EU researchers get 2T bps capacity thanks to network upgrade

European Union researchers using the GEANT network will, from Wednesday, be able to access capacity of up to 2 terabits per second.

GEANT is the superfast pan-European research network that helped discover the Higgs Boson particle at the CERN Large Hadron Collider near Geneva. It was also the only Internet connection to Egypt during the so-called Arab Spring revolution in 2011, according to the European Commission.

The upgrade to the network began in September 2012 and was coordinated by DANTE (Delivery of Advanced Network Technology to Europe), which leads the project consortium of 41 partners.

Using the Infinera DTN-X optical transmission platform deployed on the GEANT backbone—more than 5300 miles of fiber—and 35 Juniper MX series universal routers, testers were able to activate 2T bps of long-haul superchannel optical capacity in June. The test route was between Amsterdam and Frankfurt, as this was deemed to be one of the busiest in Europe.

This superchannel is now permanently available to users of Europe’s National Research and Education Networks (NRENs), including 32,000 universities, 22,000 primary and secondary schools, research institutes, libraries, museums, national archives and hospitals. This will allow data transfer at speeds of up to 100G bps throughout the core GEANT network. The 24 European points of presence can be configured statically or dynamically, offering bandwidth on demand.

Speeds like this will enable faster collaboration on research projects and meet the increasing demand for data transfer capacity. The amount of data that needs to be distributed, analyzed, stored and accessed is increasing exponentially as more global research projects come online, according to the Commission, which has to date provided  $402 million in funding for the GEANT network.

“We need high speed and high capacity to keep in the global research race. The data side of the research equation is almost as important as the research itself today,” said Digital Agenda Commissioner Neelie Kroes in a statement. “With this upgrade, this project is essentially future proofing GÉANT until 2020,” she said.

Jennifer Baker reports on the European Union: Commission, Parliament, technology policy, regulation, and competition.
More by Jennifer Baker, IDG News Service

View the original article here