18th > October > 2003 Archive

‘Kill Bill’ Trojan fails to rack up body count

A new backdoor (spying program) which poses as a DivX file containing subtitles from the latest Quentin Tarantino film Kill Bill has been spotted on the Net. The low-spreading Manda-A (AKA PWSteal.Salira) Trojan arrives as a .RAR archive with a malformed header. This archive, 35347 bytes in size, has a movie subtitle name Kill Bill. Subtitles are used alongside DivX movie clip files to enable foreign language speakers to follow the plot of a film. As a social engineering trick, sending infectious files that pose as movie subtitles would seem to be of questionable effectiveness. Indeed very few copies of the Trojan have been spotted so far, making Manda more of a curious nuisance than a serious threat. Which is just as well, as the Trojan payload contained in Manda is quite nasty, according to BitDefender. The Romanian AV firm warns that some badly-configured archivers may execute the Trojan on a simple archive view. "It tricks users into executing the backdoor, using the name of the movie 'Kill Bill'. The ZIP file was specially crafted, so most antivirus products will not identify the file inside as executable," said Patrick Vicol, virus researcher at BitDefender Lab. "The backdoor sends network and internet passwords, as well as statistical system information by email, to the virus author", he added. Details inside the virus body may indicate that the author is a Romanian fan of underground music, according to BitDefender. A technical description of the Trojan can be found here or from Symantec here. ®
John Leyden, 18 Oct 2003

Palm's Nagel risks SEC wrath with OS claims

PalmSource's CEO David Nagel faces questions about his claims that the company is in talks to license PalmOS to SonyEricsson. The handset manufacturer has flatly denied any such talks are taking place. SonyEricsson would represent a major win for Nagel's PalmSource licensing operation. Nagel's comments encouraged a rally on Palm stock. Company officials are notoriously wary about making such predictions, and share watchdog the Securities and Exchange Commission obliges "forward looking statements" to be carefully worded. The boast is surprising from Nagel, a straight arrow and one of Silicon Valley's more thoughtful CEOs. Nagel's stewardship has revived Palm's fortunes and the company is finally set to separate its hardware and software into separate companies: the hardware division becoming palmOne. Palm shareholders are set to approve the split on October 28. Was Nagel talking up the share price? Palm had not responded to our calls at press time. A SEC spokesman told us that false statements made with the intention of manipulating the share price have formed the basis of cases in the past. "You have to prove intent," he said. As it can only pursue civil cases, SEC needs to a show preponderance of evidence. And that's something only an investigation can produce. ® Related Products Buy Palm Tungsten E and T3 from the Register's PDA store
Andrew Orlowski, 18 Oct 2003

Options dwindle for London baseball mavens

Baseball fans in London have just ten online destinations to follow their favorite sport, if Google is to be believed. Last week Google offered fourteen. Of course Google finds far more matching results than it reports: 330,000, it tells us. It simply deems 329,993 of them as unfit for browsing, and we can't see them. Why? Plagued by link farms and blog noise, Google's engineers have resorted to brute force suppression of the search results, in the process, throwing out the baby with the bathwater. Recently rival search engines with much smaller resources - they index fewer pages - have trumped Google by offering clearer, more useful results. In this example, the word 'watch' triggers the anti-spam filter. (You'd think that a better search term for baseball fans which avoids the noun - Watching baseball London would far better: but it doesn't. Google returns just ten out of 94,400 results. So is Google's policy of indexing more pages more often better? Or do users simply value a few good results? And what are we missing? ® Related Stories Emergency fixes for blog-clogged Google Google bug blocks thousands of sites Blog noise achieves Google KO Blog noise is 'life or death' for Google Google to fix blog noise problem
Andrew Orlowski, 18 Oct 2003