Coldplay: This Band May Harm Your Computer
Eh-oh! Only slightly more po-faced than Coldplay.
Coldplay. Globe-straddling stadium-filling rock gods.
Also po-faced over-sincere celebrity chuggers. In March frontman Chris Martin was slagged off by U2's Bono, who called him a dysfunctional cretin wanker. A bit harsh. Especially coming from the king of po-faced over-sincere celebrity chuggers.
Anyway, how can this worthier-than-thou band harm your computer? Well, this month security company McAfee published their latest report on "The Web’s Most Dangerous Search Terms" (PDF). The company puts thousands of popular search terms into five different search engines, and analyses how many of the resulting websites harbour viruses and other nasties.
The most dangerous categories to search for are song lyrics and free stuff. The most dangerous song lyric to search for in particular is... Viva La Vida, by Coldplay. Actually, there is a whole alternative music chart of dangerous lyrics, with Chris Martin and company at number one. Here's the full run-down, pop-pickers:
| 1. | Coldplay | Viva La Vida |
| 2. | Mariah Carey | Touch My Body |
| 3. | Sara Bareilles | Love Song |
| 4. | Lil' Wayne | Lollipop |
| 5. | The Game featuring Lil' Wayne: | My Life |
| 6. | M.I.A. | Paper Planes |
| 7. | Jordin Sparks featuring Chris Brown | No Air |
| 8. | Chris Brown | With You |
| 9. | Leona Lewis | Bleeding Love |
Although Coldplay are the most heinous, Lil' Wayne and Chris Brown both feature twice in the list. What with Coldplay's preaching, Lil' Wayne's addiction to, um, cough syrup, and Chris Brown's Rihanna-beating they're certainly a bad bunch.
How come these songs in particular are so dang radioactive? Well, we've seen before that hackers are not daft, and they didn't target these search terms by accident. They follow the news and use tools like Google Trends to find out what people are searching for, then focus their hacking efforts on servers hosting popular pages for those terms.
Incidentally, the UK's chart of most dangerous search terms includes Alistair Darling and Gordon Brown. But that's another story.
Bot That’s Another Story
There's a secret global army. A malevolent force hidden within multinational corporations, government agencies and even our own homes. The troops are well camouflaged, receiving and executing their master's commands without detection.
What is this evil legion? Well, it's millions and millions of compromised computers — some estimate up to a quarter of all PCs — which are participants in huge networks known as "botnets". What do they want from us? That one's easy: they want our money. And they make a grab for it with spam emails, credit card fraud and other scams.
It wasn't always this way. Early computer viruses were written solely to prove that their author was very clever. They were often whimsical, displaying poems or cryptic messages on the screen, but sometimes destructive — erasing the user's hard drive. For example, the Michaelangelo virus (discovered in 1991) laid dormant until the Renaissance artist's birthday on March 6, then proceeded to trash all the hapless user's files.
Photo by squacco
Hackers have matured and instead of committing pranks with no tangible benefit to themselves, have got into bed with organised crime. The paradox is that while their exploits have a financial motivation — and attract a lot more attention from law enforcement — they're actually less annoying. What would you rather have, all your data erased or lots of spam? Having said that, the internet has made them much more rampant and we must now hide behind anti-virus software, personal firewalls, spyware scanners and automatic security-hole patchers.
Anyway, back to the botnets. This is how it works: the botnet commanders, with pinky raised to their lips and one eyebrow arched, rent out infected machines by the thousand to any spammers and scammers willing to pay. The renters can then log the user's keystrokes, send out spam, hold websites to ransom and do pretty much anything else they feel like with the infected computer.
In March 2009 the BBC got in on the act and, as part of a report into the phenomenon, bought its own network of 22,000 machines from hackers in Russia and the Ukraine. The software controlling the botnet wasn't what you would expect from movie portrayals: no screens of cryptic text commands or flying through abstract 3D worlds made of circuit boards. No, it was just a slick graphical interface in the same vein as the applications you use everyday. The Beeb researchers sent out 10,000 spam emails (to their own accounts) and brought a volunteer website to its knees my sending scores of simultaneous requests — which is how hackers hold real websites to ransom.
Botnets sound like fantasy, but they're real, and aren't going anywhere fast. Which is a shame, because it's neither difficult nor expensive to protect yourself. At the moment if you patch your software, update your antivirus, and run a firewall you're pretty safe. But, like any kind of crime, when one opportuntity is closed down the crooks don't just give up and go home, sighing "it's a fair cop, guvnor." No, they find another way in. And that we do have to watch out for.
Parking, Tasting and Squatting
What’s the link between these words? No, it’s not a creepy combination of dogging and wine appreciation, followed by a nice long sit down in a cubicle. In fact, these words are all related to the domain name business, specifically earning big bucks passively – from little more than just owning a bunch of names.
A domain name is a simple thing: a memorable combination of letters, numbers, and dashes that translates to a numerical address so a computer can be located on the Internet. For example: google.com, en.wikipedia.org, www.number10.gov.uk. Domain names can be up to 255 characters in length, but each “label” – the bits separated by the dots – has to be less than 63 characters long.
Domain names are cheap to register (around £10 per year for a dot-com) and can be renewed by the owner indefinitely. There are lots of ways to combine 60+ letters and numbers, but each one is unique, and once it’s been taken the only way to get that same name is to buy it from it’s owner. This is where the money can get a little crazy, because a second-hand domain name is worth whatever someone is willing to pay for it. The current record holder is fund.com, which sold in 2008 for $10 million, with $50 change. porn.com comes just behind, presumably with its trousers around its ankles, with a sale of $9.5 million in 2007.
This is where the squatting comes in. Cybersquatters register domains with names identical (or very similar) to existing companies, brand names or famous people, with the intention of extracting money from the affronted party or diverting their visitors. It doesn’t generally work, because if the squatter registered the domain name in bad faith, the courts will order that it is handed over. It gets more complicated when two genuine companies have identical names, which happened in the case of the British Broadcasting Corporation and Boston Business Computing; in 1999 Auntie Beeb bought bbc.com from the Bostonians for $375,000.
Parked Domain Girl
Despite the lack of wheels, engine, gearbox and fluffy dice, domain names can be parked*. Actually, domain parking means that instead of setting up a proper website, the owner signs up with a company that fills the site with automatically generated ads. The advertisers pay for each ad click, and the owner receives a percentage of the revenue. The real losers here are the people who visit parked domains; they arrive at these advertising sewers because they type an URL directly into their browser address bar, and either make a typo or simply enter a common word, hoping that a useful site would be on the end of it.
You have probably visited lots of parked domains, but might not have noticed because, like a teenage boy’s poor excuse for a moustache, they barely impinge on the conscious mind. But if you have ever seen the most famous lady on the Internet – Parked Domain Girl – you must have visited a parked site.
We’ve parked and squatted, so now let’s taste. Under the rules of the Internet Corporation for Assigned Names and Numbers (ICANN) registrars must refund the price of registration if a domain name is cancelled within five days. Domain tasters abuse this by registering hundreds of thousands of names, parking them, and cancelling the ones that don’t look set to make a profit over the course of the year – which is the vast majority. In February 2007 nearly 95% of all domains registered were being tasted, and were cancelled within five days. ICANN introduced a limit on cancellations in June 2008, and the practice has largely vanished. And Parked Domain Girl became a little less famous.
Parked Domain Girl in Happier Times
* To pass advanced domain name investment exams you also need to reverse a domain around a corner, and turn a domain through 180 degrees without hitting the kerb.
Will Strip For Food, Money, and Image Recognition
When did the web go all hallucinogenic? Every form that you have to fill in features a box with squiggly random letters, in all the colours of the rainbow, with some sort of trippy 3D fractal landscape in the background. It’s not there because web designers are fanatical about prog-rock album covers, although that may be true. It’s there to check you are human and it’s called a CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Yes, I know that’s a glaring cheat. They must have thought nobody would notice.
The inspiration for CAPTCHAs came from Alan Turing, a British mathematician who designed one of the world’s first computers and whose code-cracking genius helped bring the Second World War to an end. Now his name comes up in a technology that exasperates us with barely decipherable characters to make us prove we are homo sapiens. Disgraceful.
If we have to prove we are human to comment on a blog or get a Hotmail account, it follows that there are non-humans trying to do the same thing. Who are these anti-people? Does their existence prove that we are being visited from other worlds, or that there truly is an abominable snowman? Well, sadly not. They are just computers, known as bots, programmed by plain old humans to send us spam and litter the web with unwelcome advertising. Set up a forum or blog today and the spam-bots will find you long before any real people come along.
This evokes a bizarre scenario where, if all the humans stopped visiting the web, the computers could continue chatting amongst themselves for decades to come. If they could evolve to advertise stuff computers need like hard drives and monitors, rather than willy enlargers and Nigerian bank scams, we could have a whole new economy going on.
Anyway, that can’t happen – because computers can’t figure out CAPTCHAs. Hackers and scammers, however, aren’t known for giving up easily, and have circumvented this security idea with a great piece of lateral thinking: just use humans to decipher the fuzzy images. But who would sit at a computer all day squinting at wobbly letters? Well, either third-world workers paid a pittance or – and you can almost taste the irony here – you and me.
So how can you make people do something they hate, not just once, but over and over again? Simple. You show them a picture of an attractive lady and say she’ll take her clothes off if they solve a CAPTCHA. They do that, she takes a little something off, then you give them another CAPTCHA. And that’s exactly what a group of hackers did – they wrote a virus, detected by security firm Trend Micro in October 2007, which infected computers and enticed users, via a sequence of striptease images, to solve lots of CAPTCHAs for them – which they could then use to register email accounts and send out spam.
With clever ideas like that these hackers could go far in the world, but most employers want people with a stronger moral compass. That said, they would fit right into the banking industry. Or politics.
The catchily-named TROJ_CAPTCHAR.A virus
We’re All Abandoners Now
I’ve just been shopping. Well, sort of. I visited a well-known retailer and had a casual browse around, chucking a few vaguely interesting items into my trolley. After about thirty seconds I got bored and headed over to the checkout. The total wasn’t to my liking so I booted the trolley onto its side and bowled out of there. No-one batted an eyelid.
OK, so I’ve omitted one key fact. I wasn’t in a real shop made of solid stuff like bricks, just an online store. And I hadn’t risked an ASBO by throwing a tantrum in public; I just wanted to see how much their delivery charges were. No big deal. Well, not to consumers like you and me, but to retailers it’s a huge problem and they call it shopping cart abandonment.
Yes, abandonment: a word normally reserved for walking out on children or losing all self control (if it’s in a good way then it’s normally preceded by ‘gay’). Not so long ago shopping cart abandonment could only mean dumping a trolley in a canal or by lock-up garages. But in the virtual world it means not bothering to type your credit card number into a web page, or neglecting to click ‘Submit’ – in fact, it’s any time you add something to your basket but don’t follow through and pay. (Incidentally, I once used a real abandoned shopping trolley to move to a new flat only a hundred yards from my old one; arduous and humiliating but I couldn’t give in once I’d committed to the idea.)
Photo by Mike Warren
Should we feel bad about abandoning our shopping carts? Of course not you cry, why the hell should we? Well, here’s a reason: every half-decent online retailer has an ecommerce manager responsible for the store’s performance. The main measure of their worth as a human being is the shop’s conversion rate – the percentage of visitors who actually buy stuff – so every time a visitor dumps their trolley in a virtual canal, another little bit of them dies inside.
And don’t think they’re not watching you. Modern traffic analysis software can show visitor behaviour in real-time, and send alerts when carts are ditched. In their annual Performance Index report, software company MarketLive estimates typical abandonment rates at over 60 percent, so ecommerce managers spend a lot of time watching shoppers load up their baskets then stroll right out the door, blissfully unaware that their actions are of interest to either man or machine. The virtual shopkeepers must claw at their screens in despair, tears of frustration rolling down their cheeks, as they plead for the return of customers who don’t even know they exist.
So next time you’re nonchalantly lobbing stuff in an online cart, with little intention of making a purchase, spare a thought for the backroom geeks hanging on your every click. If you decide to buy, you might just make their day. But don’t get too carried away. After all, in some dark corner of the ‘net there’s a huge canal, deeper than the abysses of hell, that’s full to overflowing with virtual abandoned shopping trolleys. Throwing yours on top won’t make that much difference.
Categories
Archives
Subscribe
