Home Tags Advertise

Tag: Advertise

Several types of malware sold on the dark Web advertise the ability to spy on Android smartphones, encrypt files, and demand payment.
It turns out that "But nobody uses Bing!" isn't actually true.
The new APFS file system is heading mainstream.
Burger King's ad invokes the "OK Google" hotword to advertise fast food; gets blocked.
Windows 10 is a good operating system, the first one since Windows 7.

But Microsoft seems determined to penalize users who adopt it. The latest beta version of the forthcoming Creators Update due this spring is getting attention because it places even more ads in Windows. Windows 10 is already annoying users with ads on the lock screen and in the Start screen, but Microsoft has decided to annoy users even more by bringing ads to File Explorer.

This stupidity will create a backlash if not reversed.[ 5 fatal plans that still dog the new Windows 10. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. | Stay up on key Microsoft technologies with the Windows Report newsletter. ] Silicon Valley has an obsession about forcing advertising down users’ throats.

The “intelligent” voice assistant Google Home got in trouble last week for advertising a Disney movie to its users.

And you know that Amazon Alexa’s real purpose is to promote products, once it gets you hooked on its minor conveniences.

This model of free services in exchange for deep spying on your activities to advertise or otherwise promote products is after all the basis of Google Search, Facebook, and most consumer technology services.To read this article in full or to leave a comment, please click here

Mobile malware evolution 2016

In 2016, the growth in the number of advertising Trojans capable of exploiting super-user rights continued.

Throughout the year it was the No. 1 threat, and we see no sign of this trend changing.
What would happen if we did the same thing that the respected AI experts did? We could come to agreements with other representatives in the cybersecurity area and create a joint project. Meet Rocket AV.
Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan.

Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique.
Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves the network.

The trojan, dubbed Trojan.AndroidOS.Switcher, performs a brute-force password guessing attack on the router’s admin web interface.
If the attack succeeds, the malware changes the addresses of the DNS servers in the router’s settings, thereby rerouting all DNS queries from devices in the attacked Wi-Fi network to the servers of the cybercriminals (such an attack is also known as DNS-hijacking).
So, let us explain in detail how Switcher performs its brute-force attacks, gets into the routers and undertakes its DNS-hijack. Clever little fakes To date, we have seen two versions of the trojan: acdb7bfebf04affd227c93c97df536cf; package name – com.baidu.com 64490fbecefa3fcdacd41995887fe510; package name – com.snda.wifi The first version (com.baidu.com), disguises itself as a mobile client for the Chinese search engine Baidu, simply opening a URL http://m.baidu.com inside the application.

The second version is a well-made fake version of a popular Chinese app (http://www.coolapk.com/apk/com.snda.wifilocating) for sharing information about Wi-Fi networks (including the security password) between users of the app.
Such information is used, for example, by business travelers to connect to a public Wi-Fi network for which they don’t know the password.
It is a good place to hide malware targeting routers, because users of such apps usually connect with many Wi-Fi networks, thus spreading the infection. The cybercriminals even created a website (though badly made) to advertise and distribute the aforementioned fake version of com.snda.wifilocating.

The web server that hosts the site is also used by the malware authors as the command-and-control (C&C) server. The infection process The trojan performs the following actions: Gets the BSSID of the network and informs the C&C that the trojan is being activated in a network with this BSSID Tries to get the name of the ISP (Internet Service Provider) and uses that to determine which rogue DNS server will be used for DNS-hijacking.

There are three possible DNS servers –, and; with being the default choice, while the others will be chosen only for specific ISPs Launches a brute-force attack with the following predefined dictionary of logins and passwords: admin:00000000 admin:admin admin:123456 admin:12345678 admin:123456789 admin:1234567890 admin:66668888 admin:1111111 admin:88888888 admin:666666 admin:87654321 admin:147258369 admin:987654321 admin:66666666 admin:112233 admin:888888 admin:000000 admin:5201314 admin:789456123 admin:123123 admin:789456123 admin:0123456789 admin:123456789a admin:11223344 admin:123123123 The trojan gets the default gateway address and then tries to access it in the embedded browser. With the help of JavaScript it tries to login using different combinations of logins and passwords. Judging by the hardcoded names of input fields and the structures of the HTML documents that the trojan tries to access, the JavaScript code used will work only on web interfaces of TP-LINK Wi-Fi routers If the attempt to get access to the admin interface is successful, the trojan navigates to the WAN settings and exchanges the primary DNS server for a rogue DNS controlled by the cybercriminals, and a secondary DNS with (the Google DNS, to ensure ongoing stability if the rogue DNS goes down).

The code that performs these actions is a complete mess, because it was designed to work on a wide range of routers and works in asynchronous mode. Nevertheless, I will show how it works, using a screenshot of the web interface and by placing the right parts of the code successively. If the manipulation with DNS addresses was successful, the trojan report its success to the C&C So, why it is bad? To appreciate the impact of such actions it is crucial to understand the basic principles of how DNS works.

The DNS is used for resolving a human-readable name of the network resource (e.g. website) into an IP address that is used for actual communications in the computer network.

For example, the name “google.com” will be resolved into IP address
In general, a normal DNS query is performed in the following way: When using DNS-hijacking, the cybercriminals change the victim’s (which in our case is the router) TCP/IP settings to force it to make DNS queries to a DNS server controlled by them – a rogue DNS server.
So, the scheme will change into this: As you can see, instead of communicating with the real google.com, the victim will be fooled into communicating with a completely different network resource.

This could be a fake google.com, saving all your search requests and sending them to the cybercriminals, or it could just be a random website with a bunch of pop-up ads or malware. Or anything else.

The attackers gain almost full control over the network traffic that uses the name-resolving system (which includes, for example, all web traffic). You may ask – why does it matter: routers don’t browse websites, so where’s the risk? Unfortunately, the most common configuration for Wi-Fi routers involves making the DNS settings of the devices connected to it the same as its own, thus forcing all devices in the network use the same rogue DNS.
So, after gaining access to a router’s DNS settings one can control almost all the traffic in the network served by this router. The cybercriminals were not cautious enough and left their internal infection statistics in the open part of the C&C website. According to them, they successfully infiltrated 1,280 Wi-Fi networks.
If this is true, traffic of all the users of these networks is susceptible to redirection. Conclusion The Trojan.AndroidOS.Switcher does not attack users directly.
Instead, it targets the entire network, exposing all its users to a wide range of attacks – from phishing to secondary infection.

The main danger of such tampering with routers’ setting is that the new settings will survive even a reboot of the router, and it is very difficult to find out that the DNS has been hijacked.

Even if the rogue DNS servers are disabled for some time, the secondary DNS which was set to will be used, so users and/or IT will not be alerted. We recommend that all users check their DNS settings and search for the following rogue DNS servers: If you have one of these servers in your DNS settings, contact your ISP support or alert the owner of the Wi-Fi network. Kaspersky Lab also strongly advises users to change the default login and password to the admin web interface of your router to prevent such attacks in the future.
DIY-phishing code advertised YouTube have predictable by-products A malware writer is running YouTube ads for a phishing tool they have secretly backdoored to steal victims' information. The phishing platform is designed to trick victims into entering their Amazon account information into a passable replica of the legitimate website under the guise of a validation check. It requires victims enter their login details, along with account data like name and address, and credit card information. Another phishing platform by the author targeted PayPal and relieved victims of the same sets of information under the guise of account verification checks. Proofpoint researchers analysed the platforms and found the developer had inserted hidden code that would siphon collected users' information to his own Gmail account. They found more examples of phishing and malware being advertised on YouTube in what they suggest is likely evidence YouTube does not have an automated system for detecting and removing blackhat material. "Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links," the researchers say. "They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software. "… multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns." Distributed denial of service attack merchants have long used YouTube as an advertising platform. Multiple offerings exist including buyDDoS ads for whcih have remained online for more than two years despite the service being shut down. ® Sponsored: Customer Identity and Access Management
Enlarge / A computer screen shows the company logo in the Airbnb offices in Paris, France. on April 21, 2015.MARTIN BUREAU/AFP/Getty Images reader comments 4 Share this story New York Gov. Andrew Cuomo signed a bill yesterday that will fine those who advertise short-term rentals that violate New York City's short-term rental laws. The new rules are aimed squarely at illegal ads on the Airbnb platform. Later on Friday, Airbnb filed a lawsuit (PDF) challenging the new law in court. The company says that the law violates Section 230 of the Communications Decency Act, which protects online platforms from liability for their users' statements. The complaint also states that the New York law is an "unjustifiable content-based restriction on speech" that violates the First Amendment. Renting out vacant apartments for 30 days or less is already illegal in New York. The new law imposes liability on anyone who places ads for such illegal rentals, whether the ad is in print, television, radio, or online. Fines range from $1,000 for a first offense to $7,500 for a third offense. "This is an issue that was given careful, deliberate consideration, but ultimately these activities are already expressly prohibited by law," said Rich Azzopardi, a spokesman for the governor, in Bloomberg News. Earlier this week, Airbnb made several concessions to New York lawmakers, including requiring hosts to pay local taxes and blocking hosts from listing more than one house in the city. That was hardly enough, though. "Airbnb’s entire business model is predicated on breaking the law," said bill sponsor Assemblywoman Linda Rosenthal. "At the 11th hour they’re desperate to change the narrative, and we do not negotiate in newspapers, in the press, and especially with the lawbreakers." Airbnb has been blamed for rising rents in big cities like New York and San Francisco, but the company claims that home-sharing helps thousands of middle class people get by. It has accused lawmakers who support the New York bill of siding with the hotel lobby. "A majority of New Yorkers have embraced home sharing, and we will continue to fight for a smart policy solution that works for the people, not the powerful," said Josh Meltzer, head of New York Public Policy for Airbnb. The company's arguments are similar to those it's using to fight the law in its home city of San Francisco, which requires Airbnb hosts to have registration numbers and for the platform to enforce those rules. The company sued San Francisco in June.
EnlargeIan Waldie/Getty Images reader comments 28 Share this story Carl Ferrer, the embattled CEO of Backpage.com, filed papers Wednesday demanding that a local judge dismiss pimping and other charges that were brought against him.

California's attorney general, Kamala Harris, alleges that advertisements in the online ads portal amounted to solicitation of prostitution.

Ferrer is accused of making millions in profits off the backs of women and children who were forced into sexual servitude and made to advertise their services on the Dallas-based site. Carl Ferrer. Ferrer said the First Amendment protects him from the charges, that he is not responsible for ads posted by third parties on the website, and that the Communications Decency Act prevents him from being liable for ads posted by third parties.

Attorneys for Ferrer, who was the subject of a three-year joint criminal investigation by authorities in Texas and California, said neither he nor two Backpage controlling shareholders facing conspiracy charges had any "knowledge" of illegal ads.

The lawyers said the trio had not "participated in any way in creation or posting of the speech." "The First Amendment bars the prosecution because imposing an obligation on publishers to review all speech to ensure that none is unlawful would severely chill free expression," the lawyers wrote (PDF). A hearing on the dismissal motion is set for November 16 in Sacramento County Superior Court. Ferrer, 55, is charged with pimping a minor, pimping, and conspiracy to commit pimping. He was arrested two weeks ago. He had been in a year-long battle with the US Senate, which voted to hold him in contempt for his refusal to comply with an investigation into online sex trafficking. He had claimed the Web portal enjoyed a First Amendment right not to supply documents to the Senate Subcommittee on Investigations about how it reviews third-party ads posted to the site.

The US Supreme Court last month approved the subpoena, but he was arrested before he could comply. Along the way, in what could be a smoking gun in the prosecution, a Senate investigation concluded that there was "substantial evidence that Backpage edits the content of some ads, including deleting words and images, before publication.

The record indicates that in some cases, these deletions likely served to remove evidence of the illegality of the underlying transaction." Harris decried the actions of the trio as "outrageous, despicable, and illegal." "Backpage and its executives purposefully and unlawfully designed Backpage to be the world’s top online brothel," she said. Ferror, and controlling shareholders Michael Lacey and James Larkin, have pleaded not guilty.

They founded the site in 2004. In a letter (PDF) to Harris from their attorneys, the trio said that the state seeks to "impose felony criminal liability" on them solely because the site made $79.60 on the ads connected to the charges. The court record, meanwhile, quotes kids saying they were forced into prostitution, with their services advertised on the Backpage site. Harris said that nearly all of Backpage's income was directly attributable to the "adult" section.

Between 2013 to 2015, the site made $51 million in California, Harris said.
Enlarge / Portrait of Asian-American band The Slants (L-R: Joe X Jiang, Ken Shima, Tyler Chen, Simon 'Young' Tam, Joe X Jiang) in Old Town Chinatown, Portland, Oregon, in 2015.Anthony Pidgeon via Getty Images reader comments 10 Share this story The Supreme Court on Thursday said it would decide, once and for all, whether federal intellectual property regulators can refuse to issue trademarks with disparaging or inappropriate names. At the center of the issue is a section of trademark law that actually forbids the US Patent and Trademark Office (USPTO) from approving a trademark if it "consists of or comprises immoral, deceptive, or scandalous matter; or matter which may disparage or falsely suggest a connection with persons, living or dead, institutions, beliefs, or national symbols, or bring them into contempt, or disrepute." The case before the justices, which they will hear sometime in the upcoming term beginning in October, concerns the Portland-based Asian-American rock band called the Slants. Previously, decisions have come down on both sides regarding trademarking offensive names.

The most notable denial is likely the name of the NFL's Washington franchise, "Redskins." But lesser known denials include "Stop the Islamization of America," "The Christian Prostitute," "AMISHHOMO," "Mormon Whiskey," "Ride Hard Retard," "Abort the Republicans," and "Democrats Shouldn't Breed." In contrast, other potentially offensive names have been trademarked.
Some of these examples include Dangerous Negro, Celebretards, Stinky Gringo, Midget-Man, and Off-White Trash. In the Slants case the justices agreed to review, the US Court of Appeals for the Federal Circuit cited the First Amendment and sided with The Slants and its founder Simon Shiao Tam in December.

The appeals court essentially struck down the entire section of trademark law about disparaging trademarks when ruling (PDF) the Constitution even protects "hurtful speech." Courts have been slow to appreciate the expressive power of trademarks. Words—even a single word—can be powerful. Mr.
Simon Shiao Tam named his band THE SLANTS to make a statement about racial and cultural issues in this country.... Many of the marks rejected as disparaging convey hurtful speech that harms members of oft-stigmatized communities.

But the First Amendment protects even hurtful speech. The government appealed, and the high court took the case Thursday.
In its petition (PDF) to the high court, the USPTO said that it's not a "restriction on speech" to be denied a trademark because trademarks are "federal benefits" to advance intellectual property rights. The bar on disparaging marks "does not prevent respondent from promoting his band using any racial slur or image he wishes," the government wrote. "It does not limit how respondent may advertise, what songs he may sing, or what messages he may convey." Lawyers for Tam told the justices in a court filing that he gave the band that name in 2006 because he was "following in the long tradition of 'reappropriation,' in which members of minority groups have reclaimed terms that were once directed at them as insults and turned them outward as badges of pride.
In recent times, the most conspicuous examples have been words such as 'queer,' 'dyke,' and so on—formerly derogatory terms that have been so successfully adopted by members of the gay and lesbian community that they have now lost most, if not all, of their pejorative connotations." What's the benefit of trademark, anyway? According to the American Bar Association: Registration on either register provides a number of benefits, including: (i) it grants the right to use the registered trademark symbol: ®, (ii) it grants the right to file a trademark infringement lawsuit in federal court and to obtain monetary remedies, including infringer’s profits, damages, costs, and, in some cases, treble damages and attorneys’ fees, (iii) it acts as a bar to the registration of another confusingly similar mark, and (iv) it may serve as the basis for an international trademark application. Here is a list of papers with the Supreme Court about the case.