The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
It just appeared on our radar 24 hours or less.
AFAIK, signature will get released any time from our AV labs as well.
It's also a polymorphic one (if I got this one right), that's why analysts performs more tests on this one.
Also, if one reads VirusTotal list, it can be seen that:
- two vendors name it Trojan.Win32.Kryptik.BCISU and second Trojan.Win32.Kryptik.CISU (good thing a letter differ between two different vendors)
- others name it Trojan/Generic or Malware Gen, which is usually another name for "we know is doing something bad but we don't really know what is"
- Symantec signed it with Suspicious.Cloud.5 which is documented from 2010, but the virus is first seen on 2014/08/14 (yesterday); I don't know what to think here
- Sophos name it AIJV[^] and also mention it as AviraTR/Agent.CISU.1 (CISU again !)
All in all, I'm not in an AV guy, but I know enough to read between the lines that this is
1. an 1-day item
2. drops on computer only if clicked and downloaded and executed (from Dropbox in the sample I have seen)
3. quite easy to detect and remove (registry key modification, relatively large size - 188 Kb)
* * *
That does not mean it is something the regular user can ignore.
But they do.
No matter how many times I tell my father
"if someone you don't know and looks suspicious pops up at the door, do you let him in? it's the same with programs; you don't know what is, you don't trust who did it or why pops, close it and never look back"
he keeps clicking on Yes on anything it moves.
I promised myself than one day I will do a MessageBox with something like
"Is your mom a very nasy slut?"
I bet that at least 75% of the users will click on yes.
I seem to remember someone posting on CP a while ago that these phishing messages were written with intentionally poor grammar and spelling so that they target the more uneducated that are seemingly more liable to fall for the scam. That way they are focussing their efforts. Not sure on the legitimacy of that claim, but I can see some of the logic.
these phishing messages were written with intentionally poor grammar and spelling
This is the conclusion reached by the Freakonomics team and published in "Think Like A Freak" and other works thereof. It makes sense. Your average scammer doesn't want to be bothered with anybody who has the nous to spot the danger at some point. That's just wasted time and effort for no reward. So they're more than happy for the likes of us to dismiss their mail as spam/scam and maybe have a giggle at the ineptitude before binning it. It's zero loss after all (they don't even have to pay for postage any more). Their only interest is in those who can be fooled.
When I see stupid phishing attempts like this I always wonder: "How much money can the people stupid enough to fall for this sort of thing have to steal?"
This is the saddest part about the whole thing. They target poor and the elderly. Those types of people fall for this, not 'stupid' people as everyone is saying. Someone with very little money may see that and click without thinking out of desperation. Also, elderly people who have no idea how the Internet works fall for it. They are ignorant, not stupid. I've taught elderly how to use computers before, and they are not stupid, it's just a different world for them. Just wait until you grow old and technology has left you behind, and see how you feel.
That's what makes these people the scum of the earth, they not only steal, they target the less fortunate and the elderly who don't know any better. They know that rich people are less likely to fall for it, so they target the less fortunate. And for that, to bring back one of my favorite quotes from Shepherd Book, they deserve to burn in a very 'special hell'.
I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone - Bjarne Stroustrup
The world is going to laugh at you anyway, might as well crack the 1st joke!
My code has no bugs, it runs exactly as it was written.
In my experience, most marketers think that managers do everything; there are no developers. Marketer gives requirements to a manager, that manager goes off and "makes it happen", and the details just aren't important enough for them to care.
I would agree as well. However, it's not that way working in smaller companies. What tends to happen is they read about something that sounds great, then you have to show them how to use it. When they can't figure something out, you have to learn that feature. Then, when something either is missing or happens to not "work correctly" you are expected to "patch" the third party program they've adopted.
Also, I find it difficult to get management to buy tools. Especially if they believe it's cheaper just to "write something real quick" instead of pay the fees for third party stuff.
Overall though, I agree with what the guy is saying. I think if people spent more time using things that are already available it would be good for everyone. Not only would we not have to write stuff that already exists, but I think users would become more accustom to software as a whole... which would help us/me in the long run.
I work in a medium size foundation, there are about 80 people spread around the globe and I've worked in a startup of about 25 people, and haven't had that problem, but both places focused on hiring smart technical people across the board.
For my current job, we have a really solid breakdown of things that are unique to the mission of the foundation, things that directly support the mission, and everything else. We build custom software for the unique things, and then buy software for the others, which is working out well.
[Marketers] must run experiments, tag, and track new events all the time. They can’t afford to wait for a developer to tweak a graph in the dashboard. [Marketers] need data, and they need it now.
so...yeah. That's killer logic right there. "We need data! Data! Data! Data! And we don't have time to wait for anyone to make it available for us!!!"
In general, marketers need to get over themselves that they may be the ones that determine the criteria for information (in the hierarchy of signals: noise->data->information->knowledge->wisdom) but "give me all the things and give them to me now" is not a reasonable request from marketing. I can dump a log and I can spool every message that has passed through the queue pretty easily and you can spend 3 months looking for a needle in a haystack that will mean nothing to you by the time you find it. OR, you can know your place, leave the data analysis and software development to professionals, provide me requirements, and then I will deliver your information to you.
It's kind of cliché, but you don't see business passengers interfering with aerospace engineers trying to modify their designs of an airplane "I need to get to my destination faster and I need the plane built quicker. Chop chop chop!"
The paradox of our profession is that we're supposed to make it look easy for someone like a marketer to procure the things they need to perform in their role. There is no physical product being delivered; no planes to fall from the sky, no buildings to topple over, "just" software. So its importance and complexity gets trivialized by neophytes that think they know better.
Or the off-the-shelf product won't integrate with the new application. "Sure, we can install that CMS, but it'll be empty unless you tell us how to feed data into it."
Let the marketers feed new information into it. When they realize that the off the shelf application doesn't let them customize the product they will either have to live with it or request (pay for) an in house solution.
Once you lose your pride the rest is easy.
I would agree with you but then we both would be wrong.
The report of my death was an exaggeration - Mark Twain Simply Elegant DesignsJimmyRopes Designs
The really dangerous marketers are the ones that know the way to R&D and talk to us; if you're foolish enough to tell them about your latest blue sky project, they want, want, want, and pretty soon it's on the list of future features before you even get past feasibility.
Not only marketers, everyone waits for a developer. The director of an internet publishing dept told me that his dept was in fact the corporate communication center. He had to participate in almost every meeting in the corporation.
Wow, I was hoping this kind of stuff was stopping, not getting worse.
While some of the points are not so far out there, the level of insanity is quite high.
It reminded me of an interview for a lead developer position. The company was behind schedule,
it was all the developers fault, of course. They were hiring me to get them over the hump and
lead things better after that. But get this. They bought a Major Ad spot in 3 magazines, that
were going to start the next month. They were clearly 90 days behind being able to do this.
Lets just say... I didn't take the job. I ran from that interview.
And the funny part, is that on another team, I had a marketing guy pull me and and write on MY Whiteboard:
Product - Sales = Shht! (without the typo)
So I wrote up there:
Sales - Product = Fraud!
After a short while of talking it out, we got each other, and it all went quite well after that.
He agreed to not market what we don't have, and I agreed to push for ONE "MARKETING" feature per quarter
to make it in the software.
There seem to be some legit frustrations in what the author is saying, but he is clueless when it comes to blaming the developers, it sounds like a collection of management/process issues.
What really struck me is when he says that:
"All landing pages have a lot in common: they include compelling sales copy supported by a nice image or video, and they invite the visitor to press a big, shiny button or to fill out a lead generation form. Nothing crazy here — no animation, no bells or whistles. So why the heck would you need a coder to do this for you?"
So, in other words, if he can't see a bunch of fancy animations on the page then it must not take any coding at all. Nevermind that the fancy visual stuff is the designer's territory and not much of a coding thing. Nevermind what happens when that button is clicked.
He is clearly absolutely clueless about back-end processing, which shows that he has absolutely no idea about what the developers are actually doing. Which makes his rant about developers asinine.
Starting a couple of days ago, I've been seeing the site in plain html mode, no color, etc. in chrome. When I check the messages, it seems I'm getting a too many redirects message, so the script and css are not loading. Anyone else experience this? Sorry if this has already been asked, I can't see the messageboard in it's original format anymore
Mike Hankey does not, in fact, own a hankie.
Not many people know that the word Panky was added after his name in honour of his legendary Don Juan status, leading to this becoming common usage
Mike Hankey invented oxygen. Prior to Mike Hankey, people died very young
Mike Hankey is capable of time travel. He is, in fact, his own brother, grandfather and 3rd uncle on his mothers side.
Mike Hankey is the real name of Bob