News from Jun 15, 2009

  2009/06/15
News for June 15
Last changed: Jun 15, 2009 14:30 by Elena_Levashova
TheRegister: Viral web infection siphons ad dollars from Google

by Dan Goodin

A compromise that is moving virally across websites is making unwitting people who surf to them part of a botnet that redirects Google search results, a security researcher has warned.

During the past week, the number of websites identified as infected have almost tripled, according to researcher Mary Landesman with real-time malware scanning specialist ScanSafe tracking the attacks since March. Normally, web compromises die out after a few weeks, as search engines and anti-virus programs grow wise to them. But that's not happening this time.

"The growth rate is very unusual for this type of compromise, and the fact that it's escalating so quickly is what has us concerned," Landesman told The Reg.

The exploit code is unique for every website, making it impossible to identify a compromised site until someone has accidentally surfed there. It uses obfuscated Javascript that's burrowed deep into a website's source code to exploit unpatched vulnerabilities in a visitor's Adobe Flash and Reader programs. Victims then join a botnet that manipulates their Google search results.

The malware also sifts through a victim's computer in search of FTP credentials that can be used to infect still more websites with the malicious Javascript. The combination of its stealth and ability to find new websites is allowing the infection to grow virally, Landesman said.

The goal of the malware appears to be to siphon dollars away from Google's highly profitable advertising franchises. By injecting ads and links into certain searches, infected users see results that are different than they would otherwise be.

The longevity of the mass compromise speaks to the resourcefulness of the attackers. When they first set out, they dropped static attack code into PHP, HTML and other scripts of infected websites, but in time, website owners learned how to detect and remove the infection. The miscreants soon started a second wave of attacks that installed dynamically generated malware on infected sites as soon as the static script was removed.

The source of the latest Javascript is gumblar.cn, which has a Moscow IP address that reverses to ukservers.com.

CNet: When will open source get the SMB market right?

by Matt Asay

Eating dinner with Larry Augustin in London this weekend, we fell to talking about open source's relevance to the SMB (small- and medium-sized business) market. Augustin is currently CEO of SugarCRM, a company with over 5,000 customers, many of them SMBs.

But SugarCRM is the exception to the rule. Open source has long been billed as a savior for the SMB market, but the reality is that open-source adoption has largely been an enterprise IT phenomenon, despite other exceptions like KnowledgeTree, which recently updated its product suite to further appeal to this market.

Why aren't more SMBs adopting open source? Following recent Forrester data, Savio Rodrigues of IBM points out that many SMBs still cling to the perception that open source is not secure and is overly complex.

In many cases, it's not perception. While it's tough to generalize about open source at this point in its history, it's absolutely the case that some open source is complex, some open source is not secure, etc. Much open-source software mimics the enterprise software world it strives to leave behind.

Dell is trying to overcome these concerns by selling prepackaged open-source applications, and I would assume we'll see more companies following Dell's lead.

While some big vendors like Cisco already have significant SMB focus, others, like Oracle, SAP, etc., could use an open-source runway to the SMB market. Unfortunately, as noted, open-source vendors haven't necessarily penetrated the SMB market any better than the proprietary vendors have.

This suggests a strategy for open-source vendors, one that could lead to a big exit: figure out how to pitch to the SMB market, then sell to those big, proprietary vendors that need an entree to SMBs. The new hybrid model for open-source vendors might well be to make the "enterprise" version the one that is easiest to administer and use.

First, however, open-source vendors need to start making software easier to use, and not emulate all the wrong behaviors of the proprietary past. Fortunately, the way to make software easier for SMBs and to monetize it might actually be cloud-based computing.

How fortunate.

InfoWorld: Intel's new Atom chip 'breaks' Moore's Law

by Eric Lai

It seems Moore's Law doesn't apply to the next generation of Intel's Atom chips. The low-cost, power-sipping chips, codenamed "Pineview," will greatly improve upon both of those traits, but at the expense of any significant speed boost, according to authentic-looking specs leaked this month.

The trio of processors is expected to come in single and dual-core versions running at 1.66 GHz. For users, that would be an imperceptible increase over the 1.6 GHz speed of most of today's Atom chips.

Similarly, the graphics chip Intel is said to be planning to pair with the upcoming Atom CPUs will only be slightly faster than its existing one.

Publicly, Intel has all but conceded the lack of speed boost, saying that that the biggest change in Pineview is that the Atom CPU will be integrated with a single chipset that holds both the graphics processor and the memory controller.

This architecture change will bring these components closer together and nearer the CPU, enabling netbooks and net-top PCs running Pineview – or "Pine Trail," as the integrated platform will be called – to be a little faster than today's generation, says Nathan Brookwood, an analyst with Insight64.

Beside the longer battery life that comes with more efficient chips, lower heat also means some netbooks with the new Atom chips will not require a fan.

But more important to Intel, the chief benefit of Pineview is that it will be able to make tinier Atom chipsets for lower cost – a benefit it should be able to pass on to netbook makers.

Chips cool, competition heats up
Analysts say the strategy shows Intel is focused on countering the threat posed by ARM chips, which are cheaper and more energy-efficient than today's Atom processors, and are just starting to make their way into netbooks.

But by mostly ignoring performance, Intel could leave an opening for Nvidia to make inroads with its multimedia-savvy Ion platform.

"Intel wants to serve the broadest market it can, but I think that will leave room for a smaller player like Nvidia to find a niche it can serve very well," said Dean McCarron, an analyst with Mercury Research.

Nvidia's Ion platform bundles an Atom N270 processor with Nvidia's 9400M graphics chip, used in Apple's powerful MacBook Pro.

Posted at 15 Jun @ 2:23 PM by Elena_Levashova | 0 Comments


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact