November 17, 2024

Koobface Gang Uses Facebook to Spread Powerful Worm

Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and to have pocketed several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook and several independent computer security researchers.

The men live comfortable lives in St. Petersburg — and have frolicked on luxury vacations in places like Monte Carlo, Bali and, earlier this month, Turkey, according to photographs posted on social network sites — even though their identities have been known for years to Facebook, computer security investigators and law enforcement officials.

One member of the group, popularly known as the Koobface gang, has regularly broadcasted the coordinates of its offices by checking in on Foursquare, a location-based social network, and posting the news to Twitter. Photographs on Foursquare also show other suspected members of the group working on Macs in a loftlike room that looks like offices used by tech start-ups in cities around the world.

Beginning in July 2008, the Koobface gang aimed at Web users with invitations to watch a funny or sexy video. Those curious enough to click the link got a message to update their computer’s Flash software, which begins the download of the Koobface malware. Victims’ computers are drafted into a “botnet,” or network of infected PCs, and are sent official-looking advertisements of fake antivirus software and their Web searches are also hijacked and the clicks delivered to unscrupulous marketers. The group made money from people who bought the bogus software and from unsuspecting advertisers.

The security software firm Kaspersky Labs has estimated the network includes 400,000 to 800,000 PCs worldwide at its height in 2010. Victims are often unaware their machines have been compromised.

The Koobface gang’s freedom underscores how hard it is to apprehend international computer criminals, even when identities are known. These groups tend to operate in countries where they can work unmolested by the local authorities, and where cooperation with United States and European law enforcement agencies is poor. Meanwhile, Western law enforcement is awash in computer crime and lacks the resources and skilled manpower to tackle it effectively, especially when evidence putting individuals’ fingers on keyboards must be collected abroad.

On Tuesday, Facebook plans to announce that it will begin sharing information about the group and how to fight them with security researchers and other Internet companies. It believes public namings can make it harder for such groups to operate and send a message to the criminal underground.

None of the men have been charged with a crime and no law enforcement agencies have confirmed they are under investigation.

The group investigators have identified has adopted the tongue-and-cheek name, Ali Baba 4: Anton Korotchenko, who uses the online nickname “KrotReal”; Stanislav Avdeyko, known as “leDed”; Svyatoslav E. Polichuck, who goes by “PsViat” and “PsycoMan”; Roman P. Koturbach, who uses the online moniker “PoMuc”; and Alexander Koltysehv, or “Floppy.” )

Efforts to contact members of the group for comment have been unsuccessful.

Weeks after early versions of the Koobface worm began appearing on Facebook, investigators inside the company were able to trace the attacks to those responsible. “We’ve had a picture of one of the guys in a scuba mask on our wall since 2008,” said Ryan McGeehan, manager of investigations and incident response at Facebook.

Since then, Facebook and several independent security researchers have provided law enforcement agencies, including the Federal Bureau of Investigation, with information and evidence. Most notably, Jan Droemer, a 32-year-old independent researcher in Germany, has provided important information and leads, including a password-free view inside Koobface’s command-and-control system, known as the “Mothership.” Mr. Droemer spent nights and weekends for four months in late 2009 and early 2010 unmasking the gang members using only information available publicly on the Internet.

The F.B.I. declined to comment.

That computer crime pays is fueling a boom that is leaving few Internet users and businesses unscathed. The toll on consumers alone is estimated at $114 billion annually worldwide, according to a September 2011 study by the security software maker Symantec.

Article source: http://feeds.nytimes.com/click.phdo?i=750362dfbcefecdb93ac97b03dd9f87c

Advertising: Using Google’s Data to Sell Thermometers to Mothers

Google correlated billions of flu-related Web searches from 2003 to 2008 with actual Centers for Disease Control and Prevention data over the same period. Then, because Web searchers’ Internet addresses indicated location, Google devised a formula to estimate regional flu activity based solely on searches, with a reporting lag of only about a day, outdoing C.D.C. flu reports, which typically are published a week or two after outbreaks.

In 2009, researchers from Google and the C.D.C. wrote an article summarizing their findings in the journal Nature, and stated that the new predictive model — now called Google Flu Trends and accessible in an interactive format online — could be a boon to public health. “Up-to-date influenza estimates may enable public health officials and health professionals to better respond to seasonal epidemics,” they wrote.

What the researchers probably did not predict was that the Google flu data would end up being the cornerstone of an advertising campaign.

For the Vicks Behind Ear Thermometer, a new product that determines temperature when placed in the soft area behind the ear, marketers wanted to reach mothers, the primary purchasers of thermometers.

•

A mobile campaign by Blue Chip Marketing Worldwide, which is based in Chicago, places the ads for the thermometer within popular apps like Pandora that collect basic details about users, including their sex and whether they are parents, and can pinpoint specific demographics to receive ads.

But not all mothers will see the ad on their smartphones. Rather, the ads will be sent only to devices that, according to Google, are in regions experiencing a high incidence of flu. Also, the ads will only be delivered to mothers within two miles of retailers that carry the thermometer, including Walmart, Target and Babies “R” Us.

“Flu levels in your area are high,” says the banner ad within an app. “Be prepared with Vicks revolutionary Behind Ear Thermometer.”

Tapping the ad, which also notes the nearest store that sells the thermometer (“Buy at Rite Aid .3 miles away.”), brings users to a product page with items including an informational video and a list of nearby retailers. Tapping a retailer reveals directions there.

Also handling the campaign, which was introduced in a limited way early in December and will be at full throttle when flu season peaks in January and February, is Where, the location-based mobile advertising network that is a division of PayPal, a unit of eBay.

“It understands how this mom lives and shops, and she receives the message in the most relevant manner,” said Stanton Kawer, chief executive of Blue Chip, about the campaign. “It is so fantastically targeted that it’s really amazing.”

The new thermometer is made by Kaz, which through licensing agreements markets thermometers under the Vicks and Braun brands (both owned by Procter Gamble), and which also makes Vicks humidifiers.

Sales for thermometers follow flu season, picking up in October, peaking in January and February, and tapering off in March and April, according to Lara Peterson, a vice president for marketing at Kaz, a subsidiary of Helen of Troy Limited.

Smartphones are used by 53 percent of Americans ages 18 to 24 and 64 percent of those 25 to 34, according to Nielsen. Google reports that 79 percent of owners use them for shopping purposes like comparing prices and locating a retailer.

Organizations including the American Academy of Pediatrics now recommend against mercury thermometers (citing the danger of both mercury and glass). Sales of digital thermometers are up, growing about 17 percent from 2005 to 2010, according to a report from Mintel, a market research firm.

The American Academy of Pediatrics still recommends taking temperature rectally for newborns under 3 months, and not taking it orally until children are at least 4 years old. The newest generation of digital thermometers measure parts of the body including the underarm, forehead and inside the ear.

The new Vicks thermometer, with a suggested retail price of $40 to $50, is the first in the category made specifically to measure behind the ear, according to Ms. Peterson, of Kaz.

“It measures fever in a very noninvasive way,” said Ms. Peterson, adding that the location’s proximity to the carotid artery, which carries blood to the brain, ensures accurate readings.

•

Because feverish children can be particularly fidgety, the ease of use strikes a chord with parents. Kaz recently commissioned a study where the device was used to take the temperature of napping babies at a day care center, and 95 percent slept through it.

In addition to print and online advertising, also by Blue Chip, commercials for the thermometer will be shown in more than 2,600 pediatricians’ offices for two months beginning Jan. 15, through a deal with KidCare TV, which provides informational programming to waiting rooms.

As for the mobile campaign aimed at mothers in high-flu areas, Brian Morrissey, editor in chief of Digiday, an online publication that covers digital marketing and media, said being tracked by advertisers had a “creepy factor” for some consumers.

Many Facebook users, for example, balked when in 2007 it introduced Beacon, a program that shared their online purchases with their social network. “Creepiness comes in when consumers are surprised,” Mr. Morrissey said.

But he predicted consumers would actually like the thermometer campaign.

“It seems like they’ll pull it off, because they’re using the data in a smart way, for advertising that’s more relevant and useful,” Mr. Morrissey said.

Article source: http://feeds.nytimes.com/click.phdo?i=607345f41686efddd2ed22ae1174d33a

Data Centers’ Power Use Less Than Was Expected

The report, by Jonathan G. Koomey, a consulting professor in the civil and environmental engineering department at Stanford University, found that the actual number of computer servers declined significantly compared to 2010 forecasts because of this lowered demand for computing and because of the financial crisis of 2008 and the emergence of technologies like more efficient computer chips and computer server virtualization, which allows fewer servers to run more programs.

The slowing of growth in consumption contradicts a 2007 forecast by the Environmental Protection Agency that the explosive expansion of the Internet and the computerization of society would lead to a doubling of power consumed by data centers from 2005 to 2010.

In the new study, prepared at the request of The New York Times, Mr. Koomey found that electricity used by data centers worldwide grew significantly, but it was an increase of only about 56 percent from 2005 to 2010. In the United States, power consumption increased by 36 percent, according to Mr. Koomey’s report, titled “Growth in Data Center Power Use 2005 to 2010.”

“Mostly because of the recession, but also because of a few changes in the way these facilities are designed and operated, data center electricity consumption is clearly much lower than what was expected, and that’s really the big story,” said Mr. Koomey.

Though Mr. Koomey was unable to separate the impact of the recession from that of energy-saving technologies, the decline in use is surprising because data centers, buildings that house racks and racks of computers, have become so central to modern life. They are used to process e-mail, conduct Web searches and handle online shopping as well as banking transactions and corporate sales reports.

Moreover, in the period studied, more services that depend on data centers, like cloud computing and streaming of music and movies, became popular.

The influential report issued by the E.P.A. in August of 2007 estimated that national energy consumption by computer servers and data centers would nearly double from 2005 to 2010 to roughly 100 billion kilowatt hours of energy at an annual cost of $7.4 billion. It predicted the centers’ demand for power in the United States would rise by 2011 to 12 gigawatts of power, or the output of 25 major power plants, from 7 gigawatts, or about 15 power plants.

Industry consultants and executives agreed with Mr. Koomey’s new analysis, but they also indicated that the slower growth might be temporary.

“Of course, the market is expanding,” said Jimmy Clidaras, principal engineer for platforms and infrastructure at Google. “We’re doing stuff today in the cloud that we never would have thought of. Music used to be at home and now it’s in the sky.”

“The numbers do make sense,” said Kenneth Brill, founder of the Uptime Institute, an industry consulting group based in Santa Fe, N.M. “But they shouldn’t be taken as indicating the problem’s over. There is certainly increasing energy consumption and that should be a concern for everyone.”

The slowdown in the rate of growth of electricity use is particularly significant because it comes in the midst of the biggest build-out of new data center capacity in the history of the industry.

Fueled by an insatiable demand for new Internet services and a shift to so-called cloud computing services that are largely hosted in commercial data centers and in the large data farms operated by companies like Amazon, Apple, Google, Microsoft and Facebook, there has been an increasing discussion about the growing percentage of the nation’s electricity that will be consumed by vast data centers being constructed at a record pace.

But the new report indicates that electricity used by global data centers in 2010 remained relatively modest. “Electricity used in global data centers likely accounted for between 1.1 percent and 1.5 percent of total electricity use, respectively. For the U.S. that number was between 1.7 percent and 2.2 percent,” according to the report.

In an earlier paper, Mr. Koomey reported that the power used by servers in data centers represented about 0.5 percent of world electricity consumption in 2005. When cooling and auxiliary infrastructure were included, that figure was about 1 percent, he wrote. The worldwide demand for data center power in 2005 was equivalent to the output of about 17 1,000-megawatt power plants.

As part of his latest research, Mr. Koomey was able to get a more detailed estimate of Google’s contribution to the global growth of power consumption by data centers than has been previously publicly available. Google, which generally builds custom computer servers for its data centers, has been secretive about the number of servers that it uses to power services like Google Search and YouTube.

However, in May a Google executive told Mr. Koomey that the company’s total data center electricity use was less than 1 percent of the Koomey report’s estimate of electricity consumed by data centers worldwide.

If the estimate is accurate, it could confirm the widely held industry perception that Google, with its many large data centers, is relatively more efficient than the mainstream of the data center industry. A vast majority of data center designers choose to use standard industry equipment, not equipment specialized for particular computing tasks.

Article source: http://feeds.nytimes.com/click.phdo?i=fc8f0adeb364a2d54abd27f9e09c2110