Sign up for our Technology Newsletter 
Is Malware Wreaking Havoc On XP?
One of the top three malware programs affecting businesses in the second quarter is a worm that takes advantage of the large number of companies still using Windows XP, Trend Micro has warned.
The worm, dubbed DOWNAD, also known as Conficker, can infect an entire network via a malicious URL, spam email, or removable drive. Windows XP is particularly susceptible to this threat because it is known to exploit the MS08-067 Server service vulnerability in order to execute arbitrary code.
DOWNAD also has its own domain generation algorithm (DGA) that allows it to create randomly-generated URLs. It then connects to these created URLs to download files to the system. Trend Micro said that around 175 IP addresses are found to be related to the DOWNAD worm and that these IP addresses use various ports and are randomly generated via the DGA capability of DOWNAD.
“During our monitoring of the spam landscape, we observed that in Q2, more than 40 percent of malware related spam mails are delivered by machines infected by DOWNAD worm,” said Trend Micro anti-spam research engineer Maria Manly in a blog post.
“A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems. And with Microsoft ending the support for Windows XP this year, we can expect that systems with this OS can be infected by threats like DOWNAD.”
The security company warned that spam campaigns delivering FAREIT, MYTOB, and LOVGATE payloads in email attachments are attributed to DOWNAD infected machines. FAREIT is a malware family of information stealers that download variants of the Zeus Trojan, while MYTOB is an old family of worms known for sending a copy of itself in spam attachments.
The other top sources of spam with malware are the CUTWAIL botnet, together with Gameover ZeuS (GoZ). Manly said CUTWAIL was actually previously used to download GoZ malware but now a malware called UPATRE employs GoZ malware or variants of ZBOT which have peer-to-peer functionality.
“In the last few weeks we have reported various spam runs that abused Dropbox links to host malware like UPATRE,” Manly said. “We also spotted a spammed message in the guise of voice mail that contains a Cryptolocker variant. The latest we have seen is a spam campaign with links that leveraged CUBBY, a file storage service, this time carrying a banking malware detected as TSPY_BANKER.WSTA.”
According to Manly, cybercriminals and threat actors are probably abusing file storage platforms to mask their malicious activities and go undetected in the system and network.
“As spam with malware attachment continues to proliferate, so is spam with links carrying malicious files. The continuous abuse of file hosting services to spread malware appears to have become a favoured infection vector of cyber criminals most likely because this makes it more effective given that the URLs are legitimate thereby increasing the chance of bypassing anti-spam filters,” she added.
Rackspace Goes Onmetal
Rackspace has launched Onmetal Cloud Servers, a service that combines the on-demand nature and scalability of cloud servers with the performance and total control of bare-metal servers.
The Onmetal Cloud Servers service will be available from July, initially at Rackspace’s Northern Virginia data centre only, but is expected to roll out internationally during 2015.
The service brings all the power and flexibility of cloud computing to applications previously considered unsuitable to run in a virtualised environment, according to the firm. It is an API-driven, single-tenant infrastructure-as-a-service (IaaS) offering that enables customers to provision dedicated servers with whatever operating system and services stack they require.
Rackspace has been looking at bare-metal provisioning since at least last year, when the firm introduced its Performance Cloud Servers tier for customers with more demanding workloads. However, there has been growing interest in the ability to own the entire server, according to the firm, because of the “noisy neighbour” problem in multi-tenant environments, where another workload on the same host may degrade network latency, disk input/output (I/O) and compute processing power.
Rackspace president Taylor Rhodes said, “Virtualisation and sharing a physical machine are fantastic tools for specific workloads at certain scale; however, we’ve learned that the one-size-fits-all approach to multi-tenancy just doesn’t work once you become successful, so we created Onmetal to simplify scaling for customers to stay lean and fast with a laser-sharp focus on building out their product.”
Onmetal Cloud Servers make use of the Ironic Bare Metal Provisioning project in the Openstack cloud computing framework. This is still in incubation rather than a full core part of Openstack, but Rackspace has a policy of introducing cutting-edge features in its cloud services.
The physical hardware itself is compliant with Open Compute Project specifications, and available in three different tiers aimed at specific workloads.
These comprise a compute-optimised configuration for application servers supporting 20 threads and 32GB memory, while a memory-optimised configuration for tasks such as in-memory analytics supports 24 threads and 512GB.
An I/O-optimized configuration supports 40 threads with 128GB memory and a 3.2TB PCI Express flash drive. The latter is best for traditional databases, NoSQL and online transaction-processing applications, Rackspace said.
Pricing has not been disclosed, but Rackspace said customers will be able to pay by the minute, with utility-style billing only for the resources they use.
Oracle Takes A Fall
Oracle posted fiscal fourth-quarter results that were just horrible for investors looking for more progress in web-based services, sending its shares lower.
The company had been expected to report a pickup in its software business and progress in cloud computing, shares of Oracle had gained 10 percent over the past three months. However yesterday it was clear that Oracle is getting a kicking from the competition like Salesforce.com and Workday which have been offering competitive software and Internet-based products at prices that often undercut Oracle.
Tech spending is likely to fall as more companies move to the cloud. Oracle has been rolling out its own cloud-based products but they remain under five percent of its overall revenue. For the fiscal first quarter, Oracle expects software and cloud revenue to grow between 6 percent and 8 percent. That forecast includes expectations for software- and platform-related cloud services to grow between 25 percent and 35 percent.
Oracle said it expects its hardware system revenue to be in a range of down 1 percent to up 3 percent.
For its latest fourth quarter, Oracle said overall revenue rose 3 percent to $11.3 billion. That was less than the $11.48 billion analysts had expected on average. Net income fell 4 percent to $3.6 billion.
Revenue from Oracle’s hardware systems products grew 2 percent to $870 million.
Microsoft’s Killswitch Incoming
July 1, 2014 by admin
Filed under Smartphones
Comments Off on Microsoft’s Killswitch Incoming
Responding to mounting pressure, Google and Microsoft will follow Apple in adding an anti-theft “kill switch” to their smartphone operating systems.
The commitment comes at a time when new data shows a dramatic drop in theft of Apple iPhones and iPads after the September 2013 introduction of iOS 7, which included a kill-switch function that allows stolen devices to be remotely locked and deleted so they become useless.
In New York, iPhone theft was down 19 percent in the first five months of this year, which is almost double the 10 percent drop in overall robberies seen in the city. Over the same period, thefts of Samsung devices — which did not include a kill switch until one was introduced on Verizon-only models in April — rose by over 40 percent.
In San Francisco, robberies of iPhones were 38 percent lower in the six months after the iOS 7 introduction versus the six months before, while in London thefts over the same period were down by 24 percent. In both cities, robberies of Samsung devices increased.
“These statistics validate what we always knew to be true, that a technological solution has the potential to end the victimization of wireless consumers everywhere,” San Francisco District Attorney George Gascon told IDG News Service.
Gascon and New York State Attorney General Eric Schneiderman have been leading a push to get smartphone vendors and telecom carriers to include kill switches in their products as a way to curb phone theft.
The joint work had early success with Apple but other carriers and phone makers dragged their feet. However, resistance to the idea appears to be dropping as several bills that mandate kill switches make their way through state legislatures and the U.S. Congress.
The bills demand a function that would enable a phone owner to remotely delete and disable a phone if stolen. The function could be disabled by consumers before a theft takes place if desired, but crucially new handsets would be supplied with it switched on by default.
Intel Reveals 750 Series SSD
During the 3D Revolution 2014 presentation held in Rome, Intel has showed its updated SSD roadmap unveiling the new August Ridge SSD 750 Series which will be available in multiple form-factors, including lately popular M.2.
Spotted by Techpowerup.com, the Intel SSD 750 Series will be aimed at both the consumer and the professional market segments and be available in three form-factors, including 2.5-inch SATA 6Gbps, mSATA 6Gbps as well as the M.2 form-factor.
The new 750 SSD Series will most likely be available in all the popular capacities, up to 960GB, and be based on 20nm MLC NAND flash.
Unfortunately, the roadmap does not reveal many details regarding the performance of the SSD 750 Series but does note that it should launch in Q4 2014.
Can Malwarebytes Protect XP?
Malwarebytes has launched anti-exploit services to protect Windows users from hacking attacks on vulnerabilities in popular targets including Microsoft Office, Adobe software products and Java, a service which even offers protection for Windows XP users.
Consumer, Premium and Corporate versions of the service are available, and are designed to pre-emptively stop hackers from infecting Windows machines with malware.
“An exploit will typically first corrupt the memory of an application process, take control, then execute code,” said Malwarebytes director of special projects Pedro Bustamante.
“From the shell code it executes a payload that tells the exploit what to do and that in turn usually downloads malware from the internet and executes it. The final stage is usually where antivirus kicks in, when it’s being downloaded from the internet, and starts doing things like behavioural analysis to see if it’s malicious.
“We don’t care about that, what we do comes before then. We just look for exploit-like behaviour and block anything that looks like it at the shellcode or payload stages. We come into play before the malware even appears on the scene.”
The Consumer version of the anti-exploit service is free and offers basic browser and Java protection.
The Premium version costs $37.00 per user and adds Office and Adobe protection services as well as the ability to add custom shields to other internet-facing applications, like Messenger or Netflix.
The Corporate version costs$40.00 person user and offers complete anti-exploit protection and comes with Malwarebytes’ Anti-malware service and a toolkit for IT managers.
Bustamante explained that the technology is designed to help businesses and general web users defend against the new wave of exploit-based cyber attacks.
“Traditional security can’t deal with exploits. Every day we see people getting infected, even if they have the latest up-to-date antivirus readers, because of exploits,” he said. “This is why we care about the applications you run – Firefox, Chrome, Internet Explorer, Java, Acrobat [and Microsoft] Word, Excel [and] Powerpoint.”
Bustamante added that the service is doubly important for Windows XP users since Microsoft officially ceased support for the OS in April.
“We’re still seeing over 25 percent of our users running XP. For them this product is even more important,” he said.
“We see new zero-days if not every week, every month, and for XP users who are not getting any more patches from Microsoft this product will be essential.
“Every month Microsoft will be releasing security patches for newer versions of Windows. Every time Microsoft does this it’ll be a treasure map for hackers to find exploits on Windows XP.
“It’ll show them exactly where the vulnerabilities are, so every month will see an influx of new exploits targeting Windows XP.”
Cheaper Windows Phones Forthcoming
June 16, 2014 by admin
Filed under Smartphones
Comments Off on Cheaper Windows Phones Forthcoming
Lower priced smartphones running Microsoft’s Windows Phone operating system are on the way, according to Microsoft.
Speaking at the Computex trade show in Taipei, Microsoft’s Nick Parker, who handles the company’s partnerships with device makers, said the new handsets could be out by the end of the year.
Compared to current models, which are in the “fours, fives and sixes,” he said referring to prices between $400 and $699, the new phones would have price points in the “ones, twos and threes.”
Asked to clarify if he was referring to end-market prices without carrier subsidies, Parker said he was.
He didn’t identify the manufacturers that would be bringing the phones to market, but there’s a good chance they are among nine companies Microsoft signed up to its Windows Phone development program earlier this year.
In addition to existing partners Nokia, Samsung, HTC and Huawei, Microsoft added Foxconn, Gionee, Lava (Xolo), Lenovo, LG, Longcheer, JSR, Karbonn and ZTE.
Some of the new partners have significant market share in developing countries where phones generally have lower prices than in developed markets.
Microsoft launched the latest version of its Windows Phone operating system, Windows Phone 8, in late 2012 to critical praise. The operating system was slow to catch on with consumers though, perhaps due to the absence of several popular apps on the platform, but has been slowly increasing its market share.
Windows Phone had a 3 percent share of the smartphone market in the fourth quarter of 2013, up from 2.6 percent in the last three months of 2012, according to IDC. In contrast, Google’s Android dominated the smartphone market at the end of 2013 with a 78.1 percent share. Apple’s iOS was in second place at 17.6 percent.
IDC forecasts Windows Phone will continue to increase its market share to hit 7 percent in 2018.
GPUs Down In Q1
June 5, 2014 by admin
Filed under Around The Net
Comments Off on GPUs Down In Q1
According to Jon Peddie Research (JPR), shipments of discrete graphics cards were down in the first quarter of the year. This is in line with seasonal trends, as the market cools down after the holiday season.
The sequential drop was 6.7 percent, which was still better than the overall desktop PC market, which slumped 9 percent. However, on a year-to-year basis add-in-board (AIB) shipments were down 0.8 percent. PC sales were down 1.1 percent.
Nvidia still controls two thirds of the market
Total AIB shipments in Q1 were just 14 million units. AMD and Nvidia both saw their shipments decrease 6.6 percent, so their market share did not change much.
Nvidia controls an estimated 65 percent of the market, up from 64.2 percent last year. AMD’s market share in Q1 was 35 percent, down from 35.6 percent a year ago.
The overall volume remains weak and in the long run things could get even worse, as on-die integrated graphics have already taken a big toll on sales of entry level discrete cards. As integrated GPUs become even faster, they are likely to cannibalize the low end market even further.
JPR points out that the AIB market peaked in 1999, with 114 million units shipped. Last year saw only 65 million units and the stagnant trend is likely to continue this year.
It’s not all bad news for AIBs
Although the slump in discrete GPU shipments is hurting AMD and NV hardware partners, JPR offers a rather encouraging outlook.
It points out that graphics cards are one of the most powerful, essential and exciting components in the PC market today. PC gaming is hardly dead, in fact it is going through what can only be described as a small renaissance. PCs will offer 4K/UHD gaming years ahead of consoles and the Steam Machine concept is looking good, too.
The compute market is another driver, as JPR points out:
“The technology is entering into major new markets like supercomputers, remote workstations, and simulators almost on a daily basis. It would be little exaggeration to say that the AIB resembles the 800-pound gorilla in the room.”
The AIB market is quite a bit less colourful and eventful than it was back in the day, but at least AIBs still have a lot on their hands and they are trying to tap new markets.
Dell Goes Plastic
Dell is manufacturing a line of PCs using plastics obtained by expanding its recycling program.
The company has expanded the hardware take-back program to more places worldwide, aiming to collect and reuse more extracted plastic and metals in PCs, monitors, hardware panels and other products.
Dell’s OptiPlex 3030 all-in-one, which will ship next month, will be the first product of that effort. Starting next year, more laptops, desktops and monitor back-panels will be made using recycled plastic, said Scott O’Connell, director of environmental affairs at Dell. The products will be certified as sustainable by UL (Underwriters Laboratories).
Dell will save money by reusing plastic, but O’Connell did not say whether the savings will be passed on to customers through lower prices. But it will be easier for more people to recycle electronics and Dell will also provide a PC mail-back option, O’Connell said.
Dell’s plan to establish a recycling chain internally could reduce the need for “virgin” plastics, which can be environmentally damaging to make, said Gary Cook, senior IT analyst at Greenpeace International.
Incineration of plastic from disposed computers can be toxic and reusing plastics in new computers or other parts reduces “dirty energy,” Cook said.
“We need to see plastics last longer,” Cook said.
Companies like Apple have helped raise expectations of sustainability in computers and others are following suit, Cook said. PC makers are using more metals in computer chassis and handset makers are using more nonpetroleum plastics.
Dell was criticized last year by Greenpeace for veering away from its carbon-neutral goals and sustainability advocacy. The company ranked 14th among most green IT companies, behind Microsoft, IBM, Hewlett-Packard, Wipro, Fujitsu and Google, among others.
Dell curbed its sustainability strategy when it was trying to go private last year, but has now reinvigorated that effort.
“They are trying to show some initiative,” Cook said.
Is RedHat Being Open?
Red Hat has responded to claims that its implementation of Openstack isn’t as open as it should be.
A report at the Wall Street Journal this week suggested that Red Hat was blocking customers from using alternatives to the bespoke version of Openstack that it offers.
Red Hat provides Openstack with extended support by the company, however in spirit of open source, users should be entitled to use another vendor’s Openstack software, the generic Openstack, or create their own fork.
In reality though, the Wall Street Journal report suggests that Red Hat customers have been advised that Red Hat will not support mixed vendor software, that it has claimed it would cost the company too much to support multiple Openstack distributions and that Red Hat Linux and Red Hat Openstack are too closely intertwined to be separated.
Openstack’s open character is part of what makes it what it is, it’s embedded in the name, and Red Hat has been quick to distance itself from the report, though it does hedge a bit.
In a blog post, Paul Cormier, president of the company’s Products and Technologies division said, “Red Hat believes the entire cloud should be open with no lock-in to proprietary code. Period. No exceptions. Lock-in is the antithesis of open source, and it goes against everything Red Hat stands for.”
However, he went on to warn, “[Red Hat Enterprise Linux OpenStack Platform] requires tight feature and fix alignment between the kernel, the hypervisor, and Openstack services. We have run into this in actual customer support situations many times.”
In other words, its advice to customers is seemingly ‘of course you can do it, but you’d have to be a bit daft’.
He went on to explain, “Enterprise-class open source requires quality assurance. It requires standards. It requires security. Openstack is no different. To cavalierly ‘compile and ship’ untested Openstack offerings would be reckless. It would not deliver open source products that are ready for mission critical operations and we would never put our customers in that position or at risk.”
Which suggests that Red Hat will let you use your own version, unless it’s not happy with it, in which case it won’t.
In a swipe at HP, Cormier concluded by attacking its rival, saying, “We would celebrate and welcome competitors like HP showing commitment to true open source by open sourcing their entire software portfolio.”
HP, which recently launched its HP Helion brand for Openstack, would probably argue that it has already done this, so the war of words might just be beginning.