New Malware MosaicLoader Takes Unusual Attack Vector
August 5, 2021
ZDNet warns us about some micro targeting from bad actors in, “This Password-Stealing Windows Malware is Distributed Via Ads in Search Results.” The malware was first identified by Bitdefender, which named it MosaicLoader. The security experts believe a new group is behind these attacks, one not tied to any known entities. Writer Danny Palmer tells us:
“MosaicLoader can be used to download a variety of threats onto compromised machines, including Glupteba, a type of malware that creates a backdoor onto infected systems, which can then be used to steal sensitive information, including usernames and passwords, as well as financial information. Unlike many forms of malware, which get distributed via phishing attacks or unpatched software vulnerabilities, MosaicLoader is delivered to victims via advertising. Links to the malware appear at the top of search results when people search for cracked versions of popular software. Automated systems used to buy and serve advertising space likely means that nobody in the chain – aside from the attackers – know the adverts are malicious at all. The security company said that employees working from home are at higher risk of downloading cracked software. ‘Most likely, attackers are purchasing adverts with downstream ad networks – small ad networks that funnel ad traffic to larger and larger providers. They usually do this over the weekend when manual ad vetting is impacted by the limited staff on call,’ Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNet.”
Antivirus software might catch MosaicLoader—if users have not disabled it because they are downloading illegally cracked software. Oops. Once downloaded, the malware can steal usernames and passwords, farm out crypto currency mining, and install Trojan software through which malefactors can access the machine. Users should be safe if they do not attempt to download pirated software. Sometimes, though, such software does a good job of posing as legitimate. Palmer advises readers to avoid being duped by navigating away if instructed to disable antivirus software before downloading any program. That is always good advice.
Cynthia Murrell, August 5, 2021
Tit for Tat, Not TikTok, Spurs Chinese Innovation
August 5, 2021
I don’t think of Foreign Affairs magazine as a hot technology read. Its articles conjure memories of political science. Yeah, that’s right “science” in politics.
However, I did read an interesting essay called “China’s Sputnik Moment?” (Get your credit card, gentle reader, the information may be behind a paywall.)
The main point is that the humiliation of a Chinese Go expert sounded the alert to Chinese technologists. The result is that the Middle Kingdom shifted gears and started “innovating.” The idea that China was losing to a group of Westerners was unpalatable.
You may want to check out the original essay. I want to highlight one passage from the write up as characteristic of the article:
China’s industrial policy has failed.
Well, there you have it. And what’s China beavering away at?
Beijing is pushing hard for technological self-sufficiency.
And how is that working out? The article asserts:
The combined efforts of China’s state drive and its innovative industry will accelerate the country’s technological advancement.
What’s the outlook for China with regard to US policies?
The author concludes:At this point, no effort on behalf of the U.S. government can deter China’s state from its end goal of industrial self-sufficiency.
Those US teens’ clicks of TikTok are count downs it seems.
Stephen E Arnold, August 5, 2021
Netflixing Textbooks
August 5, 2021
I read an interesting statement in the Financial Times’s article “Pearson Bets On Direct to Student Subscription Shift.” The idea is that students subscribe to textbooks just as one would subscribe to Tesla self driving or to the Netflix movie service.
Here is the statement I circled:
Thomas Singlehurst, an analyst at Citi, … remained cautious about Pearson’s ability to become a Netflix of education.
Pearson has been flexible over the years. It shifted from building stuff to renting textbooks. Now the company is “netflixing”. Well, that’s the plan. Many people love Netflix. Will that love transfer to Pearson?
Stephen E Arnold, August 5, 2021
NSO Group: A Somewhat Interesting Comment
August 5, 2021
I read on August 5, 2021, “Israeli Government Finally Decides To Start Looking Into NSO Group And Its Customers.” The write up contained the interesting word “finally.” There’s nothing like criticizing a government agency for an easy pot shot. But here’s the passage which caught my attention:
the Israeli government has opened its own… something… of NSO Group. But this inquiry is moving much more cautiously with local agencies showing much less urgency.
I think the “delay” suggests differential time measurements. Some government agencies do the mañana thing; others have a cadence set to hippity hop time.
The evidence is in and the judgment is rendered:
This seems to indicate that the list of numbers is actually related to NSO Group and potential targets of its customer base. If the list has nothing to do with NSO or its customers — as NSO has claimed — it likely wouldn’t feel compelled to cut off customers and/or curtail their use of Pegasus malware. While this isn’t an explicit admission of culpability by NSO, the implication is that the company sold its products to governments it knew would abuse them to surveil people they didn’t like, rather than just criminals and terrorists.
Intriguing because specific factual information about the delta in time perceptions is ignored. Just go to the conclusion. Helpful.
Stephen E Arnold, August 5, 2021
Autonomy: An Interesting Legal Document
August 4, 2021
Years ago I did some work for Autonomy. I have followed the dispute between Hewlett Packard and Autonomy. Enterprise search has long been an interest of mine, and Autonomy had emerged as one of the most visible and widely known vendors of search and retrieval systems.
Today (August 3, 2021) I read “Hard Drives at Autonomy Offices Were Destroyed the Same Month CEO Lynch Quit, Extradition Trial Was Told.” The write up contains information with which I was not familiar.
In the write up is a link to “In the City of Westminster Magistrates’ Court The Government of the United States of America V Michael Richard Lynch Findings of Fact and Reasons.” That 62 page document contains a useful summary of the HP – Autonomy deal.
Several observations:
- Generating sustainable revenue for an enterprise search system and ancillary technology is difficult. This is an important fact for anyone engaged in search and retrieval.
- The actions summarized in the document provide a road map of what Autonomy did to maintain its story of success in what has been for decades a quite treacherous market niche. Search is particularly difficult, and vendors have found marketing a heck of a lot easier than delivering a system that meets users’ expectations.
- The information in the document suggests that the American judicial system may find this case a “bridge” between how corporate entities respond to the Wall Street demands for revenue and growth.
Like Fast Search & Transfer, executives found themselves making decisions which make search and retrieval a swamp. Flash forward to the present: Google search is shot through with adaptations to online advertising.
Perhaps the problem is that people expect software to deliver immediate, relevant results. Well, it is clear that most of the search and retrieval systems seeking sustainable revenues have learned that search can deliver good enough results. Good enough is not good enough, however.
Stephen E Arnold, August 4, 2021
DuckDuckGo Email Protection Now in Beta
August 4, 2021
DuckDuckGo has released a new privacy-centric service. The Verge reports, “DuckDuckGo Launches New Email Protection Service to Remove Trackers.” Famous for its non-tracking search platform, the company also offers mobile and desktop browser extensions and is working on its own privacy-focused desktop browser. Metasearch to browser to email: the company aims to protect privacy across the online environment. The article describes how the email service removes trackers, and one can find details on how its other offerings work at its website. It all sounds very effective, and we are glad to see these measures in place. However, we have a question: What about those log files? I suppose we are to assume no admin ever, ever looks at that data.
Writer Dave Gershgorn describes how the Email Protection tool works:
“The company’s new Email Protection feature gives users a free ‘@duck.com’ email address, which will forward emails to your regular inbox after analyzing their contents for trackers and stripping any away. DuckDuckGo is also extending this feature with unique, disposable forwarding addresses, which can be generated easily in DuckDuckGo’s mobile browser or through desktop browser extensions. The personal DuckDuckGo email is meant to be given out to friends and contacts you know, while the disposable addresses are better served when signing up for free trials, newsletters, or anywhere you suspect might sell your email address. If the email address is compromised, you can easily deactivate it. These tools are similar to anti-tracking features implemented by Apple in iOS 14 and iOS 15, but DuckDuckGo’s approach integrates into iOS, Android, and all major web browsers. DuckDuckGo will also make it easier to spin up disposable email addresses on the fly, for newsletters or anywhere you might share your email. Tackling email privacy has been a major goal for DuckDuckGo, as the company pushes for privacy-friendly methods for various online tasks.”
According to this 2017 study, more than 70 percent of email lists employ trackers that tell advertisers when, where, and on what device a message is opened. This information, of course, is then used to build advertising profiles. DuckDuckGo knows switching email addresses is a hassle most users would be unwilling to endure, so it came up with this intermediary layer. Naturally, the tool integrates with the company’s browser extensions. One limitation—while a user can respond to email that comes in to their @duck.com address, one cannot use it to initiate a new email thread. Email Protection is currently in beta; no word on when we can expect the tool to be released to the public.
Cynthia Murrell, August 4, 2021
Another EU Suggestion for the Google
August 4, 2021
I love the Google. I enjoy the delicious usability of Google Maps. The service is brilliant. Waze has data not in the Google Map thing; for example, a restaurant in Louisville called Cocina. Helpful, right? I also like the fascinating interaction of Gmail with the mail client on my phone. Now where did that message go? Oh, right. Auto folders and mystery deletes. What could be more helpful?
But the European Commission is not as flexible as I. I read “EU Warns Google to Improve Hotel and Flight Search Results in Two Months.” Google is working really hard to improve its search system. The core is a couple of decades young and the travel function is as slick as the Gmail system in my opinion.
The write up asserts:
Google has two months to improve the way it presents internet search results for flights and hotels and explain how it ranks these or face possible sanctions, the European Commission and EU consumer authorities have said.
The EC appears to think that Google may or has the potential to mislead people who use the Google to “plan their holidays.” Hmmm. Hello, Covid restrictions.
Google just might be favoring “traders.” Is “traders” a code word for those who purchase ads, are loved by Google sales reps, or individuals with a more Googley approach than others?
I don’t know.
But with France fining the Google the equivalent of eight hours of revenue, the online ad giant is going to view the EC and just maybe the EC should emulate China and its approach to big tech dogs?
Stephen E Arnold, August 4, 2021
YouTube Snaps Up Simsim Video E-Commerce App
August 4, 2021
This seems like a natural extension. Gadgets 360 announces, “YouTube Acquires Indian Video Shopping App simsim, to Introduce E-Commerce Features in Future.” We are told simsim will continue to operate independently, but YouTube is working to help it reach new customers. Google-owned YouTube is sure to build on its new purchase, extending online video commerce to any market it can. Writer Tasneem Akolawala tells us:
“The simsim platform enables e-commerce through videos — creators make videos of products, and viewers can then buy those products from local businesses, through the simsim platform. Video-driven e-commerce is a growing category, which recently saw another company, Firework, launch in this space. Instagram has been a popular platform for small businesses to sell products online, and it appears that YouTube plans to build online video commerce in a similar manner with the simsim acquisition. On simsim, videos are available in three local languages: Hindi, Tamil, and Bengali. YouTube has not offered details on how it plans to introduce this video shopping feature on its platform. YouTube says that it has signed a definitive agreement to acquire simsim and expects to complete the transaction in the coming weeks.”
The company announced the deal in a Google India Blog post, but it did not share the financial details. We can all look forward to seeing some sort of extension of this video e-commerce approach on YouTube soon.
Cynthia Murrell, August 4, 2021
NSO Group and France: Planning a Trip to Grenoble? Travel Advisory Maybe?
August 3, 2021
The PR poster kid for intelware captured more attention from the Guardian. “Pegasus Spyware Found on Journalists’ Phones, French Intelligence Confirms” reports in “real news” fashion:
French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country’s international television station France 24. It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project – a consortium of 17 media outlets, including the Guardian.
The consistently wonderful and objective, media hip newspaper provided a counter argument to this interesting finding:
NSO said Macron was not and never had been a “target” of any of its customers, meaning the company denies he was selected for surveillance or was surveilled using Pegasus. The company added that the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus.
Is NSO Group adopting a Facebook- or Google-type of posture? I think response to implied criticism is to say stuff and nod in a reassuring manner? I don’t know. The Guardian, ever new media savvy, wraps up the PR grenade with this comment:
The investigation suggests widespread and continuing abuse of Pegasus, which NSO insists is only intended for use against criminals and terrorists.
Should NSO Group professionals consider a visit to France and a side trip to Grenoble in order to ride Les Bulles?
Stephen E Arnold, August 3, 2021
China: Pointing a Way to Technology Solution That Sort of Works?
August 3, 2021
China is reasonably good in technology. China is also okay with facial recognition, facial recognition, and exploiting security vulnerabilities despite the best efforts of US cyber threat defense vendors.
China also may have figured out a way to jerk on the halter of the fast-moving technology stallions. How is this possible that a country many people think of as a producer of the inflatable unicorns favored by some Twitch influencers.
China may have a test underway to determine the efficacy of keeping digital services from altering the course of the good old ship of state in the Middle Kingdom.
“China Cracks Down on Its Tech Giants. Sound Familiar?” reports as only a “real news” outfit can just note that the url available to me could go dead. Not much I can do, gentle reader. Because Microsoft… :
China’s Ministry of Industry and Information Technology announced a six-month campaign on Monday to regulate internet companies, particularly practices that “disrupt market order, damage consumer rights, or threaten data security.” That followed repeated fines against tech giants including Alibaba, Baidu, and Tencent for violating antitrust laws, and a new plan to restrict overseas listings by Chinese companies.
It certainly appears from my vantage point in rural Kentucky that China wants to prevent the social complexities visible to anyone with a TikTok account. Heavy handed? Many may find Chinese regulators’ actions at odds with US methods.
That may be the point. If the crackdown works, China is making clear that the “Pacific century” is indeed the path forward. The interesting behavior of some people in the US, France, and other Western nation states suggests that a fresh or different approach should be tested.
This crackdown is, in my opinion, pretty significant. Will Russia hop on board the repression maglev? Oh, right, Russia boarded at an earlier stop.
Times and policies are changing and in real time.
Stephen E Arnold, August 3, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
