That’s right, the combined revenues of Microsoft, Google, Amazon, eBay, Yahoo!, Apple, Netflix and EarthLink. You’re not really surprised, are you?

Even if you are an infrequent user of the Internet, it is probable that you have been exposed to unwanted porn while surfing the web.

Now, I hold no moral, religious, or political views on the availability of pornography on the Internet; except of course that which is clearly illegal or morally reprehensible, such as child pornography.

My main concern with pornographic Websites is focused instead on the primary/secondary use that many of these sites are designed for – as a vehicle for the distribution of potentially harmful malware applications that can be surreptitiously dropped onto unwitting visitors computers.

WOT, (Web of Trust) has just released a study of 19 million sites covered by the website reputation database which was conducted from March to May 2008 and focused on dangerous sites – such sites amount to 1 in 20 Internet sites.

The survey employed sophisticated algorithms to ensure the filtering of non-adult content, and to enhance the accuracy of the finale results.

For those that are unfamiliar with WOT; it is a free Internet Browser resource (my personal favorite), that has established an impressive 4.5/5.0 star user rating on CNET, tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping users avoid unsafe web sites.

According to the key findings of the study, Websites offering adult content are the single most significant security threat exposure for Internet users, both home users’ and corporate users’, with 31% of dangerous websites falling into the category of adult sites.

Experienced computer users are generally aware that pornographic web sites are notorious for spyware, viruses, browser exploits and phishing attacks on insufficiently protected computers.

The credibility of this view is emphasized by Esa Suurio, CEO of Against Intuition Inc., the company that supports Web of Trust, who concludes from the survey that “Visiting the red light district of the Internet makes the user vulnerable to spyware, viruses and leakage of confidential information which can cause significant damage.”

Esa goes on to say “Given the size of the problem there has been surprisingly little debate on the topic. Perhaps the suffering parties, individuals and companies, hesitate to express their complaints in public.” No doubt this last can be explained by the old Puritan view, still held by many, that condemns the viewing of pornographic material.

Recently I came across statistics that indicate 91% of corporate computer users’ routinely break their company’s Internet usage policies. WOT’s survey makes it clear that such lack of responsible usage, particularly where inappropriate sites are accessed, can “put their company at risk by introducing malware, viruses and spyware which can cause a security breach in the organization. The potential for damage is enormous, from inside and outside their firewalls, considering that confidential data can be stolen by keyloggers and tracking cookies, a common form of malware used by porn sites”.

As a result of this survey WOT has been enhanced its database with double the coverage of pornographic sites than it had previously. Parents who are concerned for the safety of their children on the Internet will be glad to know that WOT has information on nearly 1 million sites that are rated poorly for child safety.

Supporting statistics:

4.2 million pornographic websites

420 million pages of adult content

11 new porn sites are created each hour

34% of Internet users received unwanted exposure to porn

The average age of first Internet exposure to pornography is 11

Malware and phishing attacks cost computer users $18 million per year

Download WOT

WOT Demo video

Market facts, related links and research about Internet safety

W grudniu 2006 roku wśród badaczy rootkitów (zarówno czarnych, jak i białych kapeluszy), rozeszły się pogłoski o tym, że ktoś stworzył i wypuścił "całkowicie niewykrywalnego" rootkita, znanego jako Rustock.C, którego nie można wykryć na komputerach, na których jest aktywny, przy pomocy żadnego istniejącego rozwiązana do zwalczania wirusów czy rootkitów.

Długie poszukiwania "mitycznego rootkita" okazały się bezowocne. W rezultacie, wszelkie informacje o rootkicie Rustock.C traktowane były w kręgach badaczy rootkitów jak żart. Sytuacja ta trwała do maja 2008 roku.
Diagnoza "lekarska". Na początku maja rosyjska firma Dr.Web poinformowała społeczność antywirusową, że ich eksperci wykryli nowego rootkita o nazwie Ntldrbot, znanego również jako Rustock.C. Wiadomość ta była równie nieprzyjemna co sensacyjna.

Według firmy Dr.Web, rootkit uniknął schwytania przez producentów antywirusowych od października 2007 roku. Pojawiły się głosy, że Rustock.C został wykorzystany do stworzenia jednej z największych dzisiaj sieci zombie służącej do rozsyłania spamu. Dr.Web powoływał się również na badanie przeprowadzone przez Secure Works, według którego botnet stworzony przy użyciu rootkita Rustock stanowił trzecią pod względem wielkości sieć zombie, zdolną do rozesłania w ciągu jednego dnia nawet do 30 bilionów wiadomości spamowych. Jednak szacunki Secure Works nie mogły mieć nic wspólnego z nowo wykrytym rootkitem, ponieważ aż do maja 2008 roku był on nieznany. Eksperci Secure Works mieli najprawdopodobniej na myśli botnet stworzony przy użyciu wcześniejszych wariantów rootkita Rustock - A oraz B (Trojan-Clicker.Win32.Costrat i SpamTool.Win32.Mailbot, według klasyfikacji firmy Kaspersky Lab).

Z informacji opublikowanych przez firmę Dr.Web wynika, że jej eksperci zdobyli próbkę prawdziwego rootkita Rustock.C pod koniec marca 2008 roku. Ponad miesiąc zajęło im analizowanie kodu rootkita, stworzenie i opublikowanie narzędzi umożliwiających wykrywanie i leczenie. Inne firmy antywirusowe zostały poinformowane o wynikach dopiero później.

Stworzony przez firmę Dr.Web opis rootkita pozostawiał zbyt wiele pytań bez odpowiedzi. Po pierwsze, nie było jasne, w jaki sposób i kiedy rozprzestrzenił się rootkit i dlaczego od października 2007 roku nikt nie zdołał go wykryć.

Rozpowszechnianą przez firmę Dr.Web próbką kodu rootkita był sterownik Windows o rozmiarze 244 448 bajtów.

Niestety brakowało tak zwanego droppera, tj. pliku służącego do instalowania rootkita w systemie. Gdyby został dostarczony, bardzo ułatwiłby pracę laboratorium antywirusowego, polegającą na analizowaniu rootkita i opracowywaniu procedur wykrywania i leczenia rootkita Rustock.C. Ponadto mógłby pomóc wyjaśnić, w jaki sposób został rozprzestrzeniony ten rootkit.

Nie pojawiły się żadne wiarygodne informacje dotyczące występowania rootkita "na wolności". Równie dobrze Rustock.C mógł być jedynie okazem w kolekcji jakiegoś "zbieracza" i nie był rozprzestrzeniany, co wyjaśniałoby, dlaczego znalezienie go zajęło tak dużo czasu.

Alexander Gostev
Starszy analityk wirusów, więcej na Kaspersky Lab

I expected the usual viruses, adware, and spyware that plagues windows pc's which are not armored with firewalls, virus scanners, constant os updaters, etc. This one had a few viruses and spybots, but it also had a rootkit. I have never encountered one of these, though I have read about them. I had to peel back layers of malware just to be able to boot into safe mode command line. After a while I decided to just reinstall windows, replacing everything.

Makes me appreciate our Apple MacBookPro and iMac even more!

Prima di tutto, una definizione dei diversi tipi di virus, o meglio di "malware".

• Virus: un virus è un programma malevolo che usa un altro programma come veicolo di diffusione e replicazione, esattamente come fanno i virus biologici che usano le cellule per riprodursi. Un virus ha quindi bisogno di un altro programma da infettare.

• Trojan: un trojan (cavallo di Troia) è un programma che fa credere all'utente di essere utile, mascherandosi da qualcos'altro. Ad esempio alcuni trojan appaiono inizialmente come dei codec per la riproduzione di contenuti multimediali.

• Worm: un worm (verme) è un programma malevolo che può riprodursi senza bisogno di farsi veicolare da un altro programma.

• Toolkit/Rootkit: un toolkit può essere malevolo o no. Con lo stesso termine infatti si indicano sia programmi utili (come le librerie GTK) sia programmi malevoli. In questo secondo caso ci si riferisce a librerie che vanno a sostituirsi o affiancarsi a quelle di sistema o di programmi per procurare danni, nascondendosi in modo da sfuggire all'attenzione dell'utente. Quando un toolkit coinvolge il kernel del sistema operativo (ad esempio come finto driver), si parla di rootkit. Di norma l'uso di questo malware è quello di installare una backdoor ("porta sul retro") attraverso cui l'attaccante può entrare nel sistema colpito e prelevarne i dati o addirittura prenderne il controllo.

• Wabbit: è un programma malevolo che non usa i servizi di rete o altri file o programmi per riprodursi. Un esempio è la fork bomb.

• Altri tipi di malware: altri tipi di malware si distinguono più per lo scopo che per le modalità di azione e diffusione, di solito riconducibili alle categoria precedenti. Tra questi ricordiamo gli spyware (codice spia), gli adware (pubblicità indesiderate che compaiono sul desktop) e i keylogger, programmi che registrano l'attività dell'utente soprattutto al fine di scoprire le password e i numeri di carta di credito digitati. Inoltre la diffusione di formati di file che possono contenere codice anche se non sono programmi veri e propri (ad esempio i formati documenti che possono contenere macro o le pagine web che possono contenere javascript) ha portato alla nascita di macrovirus.

Bene, ma come agisce un malware?

Non è sufficiente che il malware entri a contatto con il sistema (ad esempio attraverso uno scambio di file, una e-mail o la visualizzazione di una pagina web), ma è necessario che entri in esecuzione. Difatti gli antivirus mettono i file infetti in "quarantena", ossia in una cartella controllata dove non possono più agire.
Quando il malware entra in contatto con il sistema deve presentarsi uno dei seguenti casi affinché esso possa entrare in esecuzione:

• una azione volontaria dell'utente mette in esecuzione il malware: questo è il caso dei trojan e di molti worm;

• il malware entra in esecuzione anche in mancanza di una azione volontaria: in tal caso è stata sfruttata una vulnerabilità.

Una vulnerabilità è una falla di un programma che produce un comportamento non previsto dal programmatore o considerato (a torto) non pericoloso.

Ed ora, ecco perché un antivirus è quasi sempre inutile.

1. I permessi

I sistemi operativi di tipo Unix hanno una rigida e complessa gestione dei permessi. Ogni utente, e quindi ogni programmi eseguito da tale utente, può fare con un file solo ciò che è consentito in base ai permessi che egli possiede. Si consulti la guida del comando sudo per approfondire la logica dei permessi. Questo implica alcune conseguenze:

• i programmi utente sono separati da quelli di amministrazione;

• I programmi utente possono agire solo sulla home di quell'utente, non sui file di amministratore né su quelli di altri utenti;

• i programmi per essere eseguiti devono avere lo speciale attributo di eseguibili.

In base a ciò, un malware che agisce a livello utente non può creare danni al sistema, ma può al limite cancellare o infettare solo i file appartenenti a quel determinato utente.
Di norma nessun sistema di tipo Unix installa i programmi (neppure i programmi utente) nella directory home dell'utente. Ciò, unito alla suddetta gestione dei permessi, mette al riparo il sistema dall'infezione da parte dei tradizionali virus che non trovano eseguibili a cui "attaccarsi". I worm non possono agire perché per farlo devono avere i permessi di esecuzione. I rootkit non possono installarsi autonomamente in quanto caricare un modulo/driver nel kernel richiede i permessi di amministrazione.
Ciò a meno di vulnerabilità del sistema. Infatti una vulnerabilità grave può permettere al malware di superare tali restrizioni e acquisire i permessi di amministratore.

Ciò è già accaduto per i sistemi di tipo Unix. Il primo worm della storia è nato proprio per Unix sfruttando una vulnerabilità.

2. Essere open source

Un software open source, e quindi GNU/Linux, ha la caratteristica di avere il codice sorgente liberamente consultabile e modificabile. Questo apparentemente potrebbe rendere meno sicuro il sistema. In teoria, se tutti conoscono il codice sorgente, chiunque può scoprirne le vulnerabilità e quindi sfruttarle con fini fraudolenti.
Nella pratica, però, si realizza l'esatto opposto: proprio perché tutti possono scoprire facilmente le vulnerabilità, esse possono venire tempestivamente corrette. Molte vulnerabilità vengono infatti corrette ancora prima che possano essere sfruttate a danno del sistema.

Navigare sul Web con un browser open source è più sicuro che navigare con uno proprietario e usare una suite per l'ufficio open source è più sicuro che usarne una proprietaria.

3. Rafforziamo i permessi

Sono stati adottati vari meccanismi preventivi per rafforzare la sicurezza del sistema come:

• l'uso di chiavi di autenticazione per il software e i repository che assicurano la provenienza originale e sicura degli stessi;

• la necessità, quando si esegue un programma nella directory corrente, di anteporre il suo percorso ./ in modo tale che un programma che abbia lo stesso nome di un comando comunemente usato, non possa essere per sbaglio eseguito al posto di tale comando (questa semplice precauzione ha stroncato la diffusione di worm come ls);

• ulteriori rafforzamenti del meccanismo dei permessi come SELinux (sviluppato dalle forze armate statunitensi) e AppArmor (sviluppato da Novell e presente in Ubuntu): tali sistemi creano i cosiddetti "contesti": ad esempio una pagina html creata nella home dell'utente, anche se trasferita nella directory di Apache /var/www non funzionerà in quanto nata in un contesto differente; un programma presente nella directory utente non verrà eseguito se trasferito in una directory di sistema come /usr/bin/.

4. Unix e il malware

Per comprendere quanto i sistemi Unix siano sicuri è utile consultare alcune fonti:

• la pagina di uno dei programmi più noti, apprezzati e premiati nella lotta al malware chkrootkit. Questa elenca solo una decina di malware (sia rootkit che worm) in oltre 10 anni di sviluppo del programma. Alcuni di questi sono worm ormai desueti come il citato ls, altri sono rootkit solo per alcuni sistemi Unix che quindi non coinvolgono gli altri sistemi della stessa famiglia (ad esempio un malware per Solaris non può agire su GNU/Linux o *BSD), altri ancora si riferiscono a determinate versioni del kernel di tali sistemi (infatti una volta corretta la vulnerabilità il malware è diventato innocuo). Sfogliando il changelog del programma si nota che i malware aggiunti annualmente per i sistemi Unix supportati dal programma sono dell'ordine di qualche unità;

• la pagina sui virus per Linux nella documentazione internazionale di Ubuntu, nella quale si illustrano i pochi malware conosciuti per Linux, la maggior parte dei quali nei fatti risulta innocua (perché, per esempio, necessità dei permessi di amministratore).

Nella realtà il concetto di virus è praticamente sconosciuto nei sistemi di tipo Unix essendo i pochi finora scoperti non in grado di diffondersi efficacemente, perché necessiterebbero di entrare fraudolentemente in possesso dei permessi di amministratore.

Nella prossima puntata vedremo le eccezioni, ovvero quando è utile avere un antivirus.

Es war also wieder einmal allein ein Kopierschutz daran Schuld, dass ein legal erworbenes Spiel (wer es überlesen hat: Es war eine frei verfügbare Demoversion!) Probleme macht. Ein Link in der ansonsten nichtssagenden Fehlermeldung ("Dieses Programm kann nicht gestartet werden (5024)") klärt auf:

SecuROM™ has determined that a Process Explorer program is running in the background.

Das ganze gibt es noch in der Variante "some File Monitor program" und noch vielen vielen anderen. Interessant daran war, dass ich die entsprechenden Programme längst beendet hatte. (Wie ich später erfuhr, bleiben dabei wohl Treiber im Speicher zurück.) Erst nach einem kompletten Systemneustart lief das Spiel dann endlich.

Die Fehlermeldungsseiten sind durchnummeriert, und so kann man sich auch andere Fehlermeldungen anschauen. Besonders interessant ist zum Beispiel Nummer 7001, "an emulation tool has modified your PC settings". Wenn ich einen Emulator installiere, dann darf der Sachen verändern, im Gegensatz zu irgendeinem Kopierschutztreiber, den ich nicht haben will und dessen Installation ich nicht zugestimmt habe. Als "Lösung" wird vorgeschlagen, manuell in der Registry bestimmte Einträge zu löschen, "um das Problem mit dem Start des Spieles zu lösen", wobei betont wird, dass die modifizierten Einträge nicht durch SecuROM verursacht wurden, und man keine Verantwortung für Schäden übernimmt, die durch befolgen der Anleitung entstehen. Das "Problem mit dem Start des Spieles" ist natürlich auf den Kopierschutz zurückzuführen, und zwar ausschließlich, weil die geänderten Einstellungen das Spiel sicherlich nicht beeinträchtigen.

Anonsten darf man sich zwecks Fehlerbehebung gerne an den SecuROM Support wenden. Dazu lässt man das Programm eine Analyse erstellen, welche man dann an SecuROM schicken soll. Die Analysedatei soll keinerlei persönliche Daten enthalten. Nachprüfbar ist es leider nicht, da die Datei irgendwie kodiert ist, aber in der üppigen Größe von 256 KB (ein viertel Megabyte!) könnte man problemlos alle interessanten Infos unterbringen. Und was zu persönlichen Daten zählt, ist Einstellungssache. Unter Umständen verraten ja auch Prozessnamen schon einiges, und zumindest die E-Mail-Adresse hat SecuROM ja auch (durch die Anfrage).

Diese Probleme sind umso ärgerlicher, wenn einem bewusst wird, dass sie nur durch den zusätzlichen, unnötigen Kopierschutz entstehen. Ohne Kopierschutz würde das Spiel problemlos laufen. Das dürfte auch auf die sicherlich schon existierenden geknackten Versionen zutreffen, wieder einmal sind ehrliche Käufer die Verarschten.

Mein Rechner wird normalerweise nur alle ein bis zwei Wochen wirklich neu gestartet (wofür gibt es den "Ruhezustand" aka Suspend to Disk), und Tools wie Filemon und ProcExp nutze ich fast jeden Tag, zum Beispiel um von irgendwelchen Prozessen benutzte Dateien zu entsperren oder festzustellen, welches Programm gerade intensiv meine Festplatte zumüllt (und ihm dann ausschließlich die eine Datei wegzunehmen). Wie sich einige vielleicht schon denken können, kenne ich nun ein Spiel, welches ich mir sicherlich nicht kaufen werde, auch wenn es sonst ganz nett aussieht.

Ich bezweifle, dass auf der Packung des Spieles steht, dass das Spiel nur benutzt werden kann, wenn man Emulatoren deinstalliert, seinen Rechner genau nach Vorgaben des Herstellers einrichtet und auf sämtliche Debuggingtools verzichtet. Ich bezweifle also, dass Käufer so einer Einschränkung wirksam zustimmen. So wie ich das sehe, dürfte es sich um einen Sachmangel handeln, der eine Rückgabe des Spiels (auch nach Öffnen der Verpackung!) erlauben würde (aber ich bin kein Anwalt).

Da ich schon befürchtet habe, dass ein Kopierschutztreiber mitinstalliert werden könnte, las ich die EULAs besonders aufmerksam. Unabhängig davon, ob diese überhaupt nach deutschem Recht wirksam sind (bei Demoversionen könnte das im Gegensatz zu Verkaufsversionen der Fall sein), bezweifel ich stark die Zulässigkeit von Klauseln wie dieser:

Angesichts des dauerhaften Schadens, der Codemasters bei unzulänglicher Durchsetzung der Bedingungen dieser Vereinbarung entstünde, stimmen Sie der Berechtigung von Codemasters zu, auch ohne Kaution, sonstige Sicherheiten oder Nachweis erlittenen Schadens Wiedergutmachung in Bezug auf Verletzungen der Vereinbarung zu fordern, die über die Mittel hinausgehen können, die Codemasters unter der anwendbaren Rechtsprechung zustehen.

Wenn ich es richtig verstehe, räumt sich Codemasters das Recht ein, bei Verstößen gegen den "Vertrag" völlig beliebige "Schadensersatzansprüche" geltend zu machen, und zwar unabhängig davon, was denen überhaupt zusteht. Naja, in Großbritannien, wo der Gerichtsstand sein soll, ist ja so einiges möglich. Ob aber so eine Gerichtsstandsvereinbarung gegenüber Privatpersonen zulässig ist, wage ich anzuzweifeln. Zur Installation eines Kopierschutzes fand ich jedoch nichts, habe also nicht zugestimmt.

Ich habe keine Ahnung, ob und was für Treiber ohne meine Zustimmung auf meinem System installiert wurden und wie ich sie wieder wegbekomme. Laut dem nach Spielende gestarteten Process Explorer lief die eigentlich beendete Overlord.exe immer noch, und kurz danach hat sich mein halbes Windows aufgehängt, nachdem beim Zugriff auf meine mit ext2 formatierte und per Spezialtreiber eingebundene externe Platte wohl was schiefgegangen ist. Kann natürlich reiner Zufall sein (erlebt hatte ich sowas bisher nicht), könnte aber auch mit dem gerade frisch installierten Kopierschutz zusammenhängen. Und während ich den Ext2-Treiber manuell installiert habe und er sich auf meinem Rechner aufhalten darf, trifft das auf SecuROM-Treiber nicht zu. Wenn es also eine Inkompatibilität gibt, liegt die volle Schuld dafür bei SecuROM und SecuROM allein. Der Ext2-Treiber war vor SecuROM da.

Spyware, spybot or tracking software is covertly bundled with legitimate software users might want, such as free file sharing software. Spyware can conduct certain activities—collecting personal information, and changing Internet browser configuration settings—without obtaining appropriate user’s consent. Spyware is potentially more dangerous beast than Adware because it can record your keystrokes, history, passwords, and other confidential and private information. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. Spyware emerged in the late 1990s and had reached epidemic levels by 2004. In that year, a survey by America Online and National Cyber-Security Alliance^[7] found that 80 percent of the computers surveyed had some form of spyware on them, and there were an average of 93 pieces of spyware on each machine. The most notorious of all are Cool Web Search and Look2Me (Better Internet). A dangerous class^[8] of spyware, called Man-in-the-Middle Proxy, is emerging under the guise of accelerating a user’s Internet connection but redirects all web surfing activity, including secure connections, to a man-in-the-middle proxy. One example of a difficult to remove and rampant man-in-the-middle proxy is MarketScore.

Hijackers are applications that attempt to usurp control of the user's home page and reset it with one of the hijackers choosing. A layered service provider (LSP) sits between a computer’s Winsock layer and can modify all data that passes through the system. Microsoft by default installs numerous useful LSP programs. Spyware applications install malicious LSP’s to this layer called Winsock Hijackers. These applications monitor the network, accessing all data passing through the desktop, capable of redirecting web requests to affiliate websites. Any attempt to remove these Winsock hijackers can break the LSP chain and cause the Internet connection to stop working. Variants of CoolWebSearch are Winsock hijackers and require special programs to remove them.^[9] Browser hijackers can permanently impair a browser, inhibiting a safe Internet experience.

Dialer is a type of software, often installed using the ActiveX technology, promises access to free porn, free games or free cracks for commercial software, but commandeers the modem to use your dial-up device to call a quite expensive phone or toll number.

A rootkit is a collection of programs that enable administrator-level access. Rootkits typically contain spyware, keyloggers, and tools for creating backdoors. A redirector transfers network traffic to a location other than that which the user intended. Keyloggers record keystrokes and then upload the information to a foreign host.

Browser Helper Objects (BHOs)^[4] are small, automated programs [.OCX or .DLL] that monitor visited websites, switch advertising or home pages, download updates, or export data and sometimes use a backdoor as access point to bypasses security access measures. BHOs are also called web browser add-ons—extra toolbars, animated mouse pointers, stock tickers, and pop-up ad blockers—to make browsing a little more fun or effective. Add-ons are typically fine to use, but poorly-built add-ons sometime force Internet Explorer to shut down unexpectedly. CastleCops Network provides a weekly-updated CLSID / BHO List / Toolbar Master List.^[10] Adware and spyware as well as browser hijackers often use BHOs to display ads or follow one’s track across the internet.

Notes:

^[4] Websense, Inc. (2006)Protecting Organizations from Spyware, p.3

^[5] Harrison, Richard (2004), The Antivirus: Defense-in-Depth Guide, Microsoft Corporation, pp. 17-19.

^[6] CNET Networks, Inc (2004), Battling Spyware. Sunbelt Software, p. 1

^[7] America Online and the National Cyber Security Alliance (2005), AOL/NCSA Online Safety Study, December 2005

^[8] Sequeira, Dinesh (2005), Understanding and Preventing Spyware in the Enterprise, White Paper, Tipping Point. p. 6

^[9] Sequeira, Dinesh (2005), Understanding and Preventing Spyware in the Enterprise, White Paper, Tipping Point. p. 6

^[10] Klein, Tony and CastleCops (2007), Master BHO and Toolbar list

That’s right, the combined revenues of Microsoft, Google, Amazon, eBay, Yahoo!, Apple, Netflix and EarthLink. You’re not really surprised, are you?

Even if you are an infrequent user of the Internet, it is probable that you have been exposed to unwanted porn while surfing the web.

Now, I hold no moral, religious, or political views on the availability of pornography on the Internet; except of course that which is clearly illegal or morally reprehensible, such as child pornography.

My main concern with pornographic Websites is focused instead on the primary/secondary use that many of these sites are designed for – as a vehicle for the distribution of potentially harmful malware applications that can be surreptitiously dropped onto unwitting visitors computers.

WOT, (Web of Trust) has just released a study of 19 million sites covered by the website reputation database which was conducted from March to May 2008 and focused on dangerous sites – such sites amount to 1 in 20 Internet sites. The survey employed sophisticated algorithms to ensure the filtering of non-adult content, and to enhance the accuracy of the finale results.

For those that are unfamiliar with WOT; it is a free Internet Browser resource (my personal favorite), that has established an impressive 4.5/5.0 star user rating on CNET, tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping users avoid unsafe web sites.

According to the key findings of the study, Websites offering adult content are the single most significant security threat exposure for Internet users, both home users’ and corporate users’, with 31% of dangerous websites falling into the category of adult sites.

Experienced computer users are generally aware that pornographic web sites are notorious for spyware, viruses, browser exploits and phishing attacks on insufficiently protected computers.

The credibility of this view is emphasized by Esa Suurio, CEO of Against Intuition Inc., the company that supports Web of Trust, who concludes from the survey that "Visiting the red light district of the Internet makes the user vulnerable to spyware, viruses and leakage of confidential information which can cause significant damage."

Esa goes on to say "Given the size of the problem there has been surprisingly little debate on the topic. Perhaps the suffering parties, individuals and companies, hesitate to express their complaints in public." No doubt this last can be explained by the old Puritan view, still held by many, that condemns the viewing of pornographic material.

Recently I came across statistics that indicate 91% of corporate computer users’ routinely break their company’s Internet usage policies. WOT’s survey makes it clear that such lack of responsible usage, particularly where inappropriate sites are accessed, can “put their company at risk by introducing malware, viruses and spyware which can cause a security breach in the organization. The potential for damage is enormous, from inside and outside their firewalls, considering that confidential data can be stolen by keyloggers and tracking cookies, a common form of malware used by porn sites”.

As a result of this survey WOT’s has enhanced its database with double the coverage of pornographic sites than it had previously. Parents who are concerned for the safety of their children on the Internet will be glad to know that WOT has information on nearly 1 million sites that are rated poorly for child safety.

Supporting statistics:

4.2 million pornographic websites

420 million pages of adult content

11 new porn sites are created each hour

34% of Internet users received unwanted exposure to porn

The average age of first Internet exposure to pornography is 11

Malware and phishing attacks cost computer users $18 million per year

Download WOT

WOT Demo video

Market facts, related links and research about Internet safety

Las posibilidades que aporta un rootkit son infinitas, desde troyanizar el sistema de autentificacion para posibilitar el acceso a un usuario que no este presente en el archivo de contraseñas (invisible desde la vista del propio administrador), parchear un sistema de deteccion de intrusos (IDS), parchear la auditoria para que no se audite las acciones de un determinado usuario, etc.

El mejor método para detectar un rootkit es apagar el sistema que se considere infectado y revisar o salvar los datos arrancando desde un medio alternativo, como un CD-ROM de rescate o una memoria USB debido a que un rootkit activo puede ocultar su presencia.

Los programas antivirus mejor preparados suelen identificar a los rootkits que funcionan mediante llamadas al sistema y peticiones de bajo nivel, las cuales deben quedar intactas. Si hay alguna diferencia entre ellas, se puede afirmar la presencia de un rootkit. Los rootkits intentan protegerse a sí mismos monitorizando los procesos activos y suspendiendo su actividad hasta que el escaneo ha finalizado, de modo que el rootkit no pueda ser identificado por un detector.
Para detectar rootkits se utilizan herramientas que detecta: procesos, servicios, archivos, carga de drivers, drivers ocultos, librerías, la creación de procesos, conexiones TCP/IP y entradas en el registro.

Herramientas de desinfección:

GMER:
http://www.gmer.net/index.php

Herramienta RootkitRevealer :
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Sophos Anti-Rootkit:
http://esp.sophos.com/products/free-tools/sophos-anti-rootkit.html

Una dintre cele mai vechi metode este aceea de a formata diferit o pista a dischetei; de obicei de alegea o pista si pe acea pista se scriau mai multe sau mai putine sectoare decat standard (18). Un program care nu stia cate sectoare sa caute, nu putea sa copieze informatia.

Alta metoda este ca, la instalare, programul sa citeasca seria discului hard si/sau a placii de baza. Daca la pornire gaseste alte componente, presupune ca a fost copiat si nu mai functioneaza.

Mai sunt si cheile hardware. O cheie hardware este un dispozitiv care se ataseaza la portul paralel. El este contruit din unul sau mai multe circuite integrate nemarcate (ca sa nu fie recunoscute si sa permita reproducerea cheii). La pornirea programului, acesta trimite niste informatie spre portul paralel; cheia hardware preia informatia, o prelucreaza si trimite inapoi. Daca programul nu primeste raspunsul asteptat de la cheia hardware, nu mai functioneaza.

Pentru CD-uri audio, au fost inventate alte metode pe care nu le-am studiat deloc. Am auzit de scandalul Sony BMG, care a instalat un software de protectie la copiere pe computerele clientilor, dar care introducea vulnerabilitati in sistemul de operare (Windows).

Noile metode de protectie la copiere sunt mult mai complexe si e din ce in ce mai riscant sa le demontezi. Nu merita...

Pointedly, Ron Teixeira, executive director of the NCSA, said in a statement. “Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.” Teixeira went on to say that it is “alarming” that people don’t know how to keep their computers secure.

The information gathered in this survey is not new to experienced computer users’, or to those involved in Internet security. It seems to me that this is simply repackaged information that we have had access to, in some cases, for years. In fact, the statements in this survey can be applied to worldwide Internet users’ and are not restricted to just those in the U.S.

I think that one would have to have been on an extended vacation from both computers and cyber space, not to have an understanding that the Internet is now the playground of cyber criminals and has been for a considerable time.

So the question is, why is the average, or typical computer user, so lacking in knowledge when it comes to Internet security precautions; some might say even negligently so?

Problem solving this issue does not require one to be a profound thinker to arrive at a number of hard and undeniable conclusions.

A reader of this Blog, commenting on a previous article “The Unsecured Internet Super Highway – Are You Licensed to Drive?“, an article which deals with these surveyed issues, summed it up particularly well when he stated, “most people still see the computer as a kind of entertainment device… Computers are for playing, chatting, and watching short clips; listening to tunes…. people don’t take Internet security seriously because they don’t think of the computer as a serious device”.

He went on to write – “Some of this is related to our cultural laziness around safety and prevention. People are routinely reckless with automobiles, decline to clean out the (dryer) lint catch, and mishandle loaded guns. My frustration is with government, health and educational institutions that push people to use the internet as though it were as secure and straight forward as a hard-line telephone”. A factual and precise comment, I think.

And so we arrive at the root of this problem: No one wants to take responsibly for the abysmal state of Internet safety and security. Not governments; not software developers; and least of all Internet users’. We have arrived at a point where we need to stop just talking about it, stop being part of the fear campaign, and develop appropriate solutions.

At the very least a massive change in all Internet users’ attitudes needs to take place. Users’ have to come to the realization that we all have a shared responsibility to offer mutual protection to each other, by ensuring our individual machines are not part of the problem but instead, are part of the solution.

One particular software developer has focused on the concept of “people driven security”, an idea based on the concept of the shared responsibility we each have, to offer mutual Internet protection to each other. Web of Trust has developed an Internet Browser addon which takes security this one step further. The solicited opinions of users/members on a web site's safety are incorporated into the overall site safety rating. The advantages of members participation in exchanging their personal knowledge about a web site, in my view, cannot be overemphasized.

There are other solutions of course; some draconian, some less so, but unless we as computer users take responsibility for our own online safety, you can be sure that governments will eventually introduce measures that will be considered draconian.

We now live in the age of the “Interconnectedness of All Things” in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and perhaps even terrorists; and here we are, back to the concept of draconian government imposed Internet security measures.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and amongst other solutions, insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

The following tutorials are offered free of charge on CNET, one of the most widely respected sites on the Internet. If you are unfamiliar with basic computer security issues, I highly recommend that you visit this site.

Online Courses

• PC Protection 101

Combat Spam and Phishing

Combating Spyware and Adware

Quick Tips

• How not to get hacked

How to use Ad-Aware

Wi-Fi security on the road

Protect your home network with your old PC

Free security software

Spyware Doctor: Speed up your start-up

O Linux é praticamente imune a vírus, já ouvi falar que existe vírus para Linux, assim como já ouvi falar que existe um dragão em komodo e mulher barbada. Mas ouvi falar também de uma outra coisa que parece ser mais feia que a mulher barbada: rootkit.

O br-linux divulgou neste domingo ( 08/06/2008 ) um artigo sobre o assunto:

Procurando rootkits no seu sistema

Para quem quer ir direto à fonte:

http://hdoria.archlinux-br.org/blog/2008/06/05/procurando-rootkits-no-seu-sistema/

Today’s malware generally writes itself into multiple parts of the operating system and in many cases it can hide it’s files, registry entries, running process and services, making the infection virtually invisible.

Highly experienced computer users’ have come to realize that the Internet is alive with predators intent on installing damaging programs, (Spyware, adware, viruses and Trojans), on vulnerable computer systems. However, the sad reality is, the majority of computer users are undereducated when it comes to recognizing the dangers and threats that the Internet poses to their computers, and to their personal privacy.

The installation of such malware invariable leads to a critically disabled PC, or in the worst case scenario, allows hackers access to important personal and financial information.

There are plenty of good anti-malware products, but no one anti-malware tool is likely to identify and remove all of the millions of rogue malware that infest the cyber world. One of my Internet friends, a Professor of University level Computer Sciences, frequently reminds me “Too much security is still not enough”. Sadly, he is right.

So to ensure maximum safety, it’s important to have layered defenses in the ongoing fight against malware. As part of the mix of security solutions, online scanners offer an extra layer of protection that’s required in the current Internet environment.

Online Scanner Benefits:

Generally fast and easy to use

Threat signatures and heuristic detection algorithms are always up to date

Provides deep scanning of archive files, runtime packed executables and email messages

Can detect malware that some AV solutions cannot detect

Avoids conflicts with existing security software

Acts as a double-check on the accuracy of your onboard AV solutions

Disadvantages

Fewer scanning options than locally installed AV solutions

Not all scanners disinfect

The following are Online Scanners that have developed a good reputation for accuracy; be sure to read the Terms of Use or Privacy Statements carefully.

Panda NanoScan

McAfee FreeScan

Symantec Security Check

Panda Security

Trend Micro's HouseCall

ESET Online Scanner

Kaspersky

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

• When surfing the web: Stop. Think. Click
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on the computer.
• Install a personal firewall on the computer.
• Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
• Ensure the anti-virus software scans all e-mail attachments
• Install Web of Trust, or a similar browser add-on

Worms o gusanos: son virus que se cargan al iniciar el SO, y lo hacen mas lento y también se propagan y se duplican

Troyano: el troyano en si no es virus, es solo un archivo que se carga en modo oculto en el sistema, que abre un puerto del computador y le da la posibilidad al atacante o manipulador del troyano establecer una conexión remota sin autorización de PC víctima. Los troyanos son llamados así debido a la historia de del caballo de Troya.

Rootkit: (o encubridor) es un software que se carga junto con el SO, hace la misma función del troyano mas la de ocultar otros programas maliciosos sin que el sistema los detecte. El rootkit oculta inicios de sección, procesos, logs etc. Ejemplo: AFX Rootkit 2005.

Malware: son aplicaciones que a su finalidad es dañar información del sistema o el sistema como tal. Dentro de la aplicación malware se incrusta el spyware o software espía.

Keylogger: (registrador de teclas) es un software que se encarga de registrar las pulsaciones sobre el teclado y guarda todas las pulsaciones en un archivo de Log. Ejemplo: Revealer Keylogger, Keylogger Douglas 2.0

A rootkit is a malware program, or a combination of malware programs, designed to take low level control of a computer. In other words, system operations that are generally outside the control of the user. Frequently, they are Trojans or Keyloggers as well.

Techniques used to hide rootkits include concealing running processes from monitoring programs, and hiding files or system data from the operating system. In other words, the rootkit’ files and processes will be hidden in Explorer, Task Manager, and other detection tools.

It’s easy to see then, that if a malware threat uses rootkit technology to hide, it is going to be very difficult to find.

A number of major anti-malware companies though have developed free functional solutions to rootkits. Enter the Rootkit detector which will provide you with the tools to find and delete rootkits, and to help you uncover additional threats rootkits may be hiding.

Generally, rootkit detectors are capable of the following type of scans, although it is important to note that not all scan, or handle rootkits, in precisely the same way.

· hidden processes

· hidden threads

· hidden modules

· hidden services

· hidden files

· hidden Alternate Data Streams

· hidden registry keys

· drivers hooking SSDT

· drivers hooking IDT

· drivers hooking IRP calls

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I use each of the free rootkit detectors listed below on my machines.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and Hacker Defender.

Download here: www.download.com

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

Download here: www.majorgeeks.com

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Download here: www.gmer.net/files.php

I quote the comment posted on behalf of Grisoft: "The information about AVG8 Free not running on XP Pro is NOT correct. XP Pro _is_ supported. AVG Free edition does not install on servers but it can be installed on any Home or Pro version of Windows (including Vista Ultimate).
Also, a new major program update is being prepared that should solve most of the issues mentioned here (and in other forums). By the time this update is released (around mid June), you may also want to test the public beta version of this update (http://beta.avg.com)"

There are many problems appearing with AVG AntiVirus Free Edition V8.0.1 which are causing problems for many users, with updating, scanning and more.

Problems known are as follows:

AVG will NOT run on XP Pro. Grisoft have put a 'stop' code in the Free version so that it can only be used for non-commercial use and it has been considered that XP pro is for commercial use although many XP Pro users are home users.

Some users experience problems using this on FAT systems, the alternative is to switch to NTFS.

If you don’t have Service Pack 2 or the more recent SP3 or either is corrupted, AVG will not function properly.

You can download SP2 by clicking here or SP3 from Windows Update. If the problem is related to SP3 then uninstall the Service Pack and reinstall SP2 until such time as SP3 has overcome its glitches and gremlins.

Some users are experiencing problems conflicting with ZoneAlarm Firewall. Ensure that if you are using ZoneAlarm that it is properly configured. An alternative is to use a different firewall such as Online Armor Free Firewall which is highly rated and a very powerful firewall program to run on Windows 2000/XP/2003 Server or PC Tools Firewall Plus Free Edition which is a powerful free personal firewall for Windows and designed to work on Designed for Windows Vista™ 32-bit, XP, 2000 and Server 2003.

Running Windows Defender at the same time as AVG, shutdown Windows Defender.

Conflicts with Spybot Search & Destroy, remove Spybot prior to installing AVG v8 and reinstall after installation.

Older versions of AVG, including antivirus, antispyware and rootkit. The latest version will uninstall v7.5, but you must manually check to ensure that it is completely removed. Use the Control Panel Add/Remove Programs option to uninstall any other AVG products. Then open My Computer and double click the C drive, open Program files and open the AVG folder that no other versions of AVG are lurking there, if they are simply delete them.

You will also need to clean your Registry which will have traces of AVG’s older programs left in there. Use a program such as Eusing Registry Cleaner to remove invalid or corrupt entries from the Registry.

Do NOT run any form of P2P software while a scan is in process, nor have the Windows Update running. Simply close any P2P applications and in Task Manager kill the wuauclt.exe process.

If you have any other form of AntiVirus or AntiSpyware on your computer, AVG will conflict with it and it will be necessary to remove them.

When updating the Virus Definitions database you may experience problems if you have other programs running or browsers open.

When AVG V8 is installed ensure that you untick ‘Scan infectable files only’ by opening the AVG interface, selecting Tools, then expand Scans by clicking on the +, click Scan whole computer and UNTICK ‘Scan infectable files only’, also apply this to Shell extension scan and Scan specific files or folders.

Another issue is the length of the scan process. Initially I scanned my computer in less than 2 hours, but within a few days the time was increasing and now it is 3 hours on a 180GB hard drive with 15GB used, 1.5GB RAM and a Pentium D 3.00GHz processor.

Other options are of course to use an alternative AntiVirus which I will list here and post about a little later.

Avast Home Edition for Windows 95/98/Me/NT/2000/XP/Vista
More details on Avast here

ClamWin Antivirus 0.88 for Windows 95/98/Me/NT/2000/XP
Download ClamWin AntiVirus here.

a-squared Free for Windows 98, ME, 2000, XP, 2003 Server and Vista

PC Tools AntiVirus Free Edition 4.0 for Windows 2000/XP/Vista
Download PCTools AntiVirus here

Related Posts:
A-Squared Free
AVG AntiVirus Free Edition
AVG AntiVirus Installation and Setup
Avast AntiVirus Free Edition
ZoneAlarm Installation Guide
ZoneAlarm video tutorial
Online Armor Free Firewall

© Free PC Security 2008

Technorati Tags: AVG Anti-Virus Free Edition V8.0.1 Reliability, AVG AntiVirus Free Edition V8.0.1, Technology, Free PC Security, AVG Conflicts, HowTo

PCWorld has a story about test conducted AV-Test.org that was supposed to rate the most popular anti-virus products ability to detect rootkits.  For people that don't know, a rootkit is a program that takes complete control of a system, and tries to hide itself deep within the operating system.  They are notoriously difficult to detect once they are installed.  The most interesting result from this test wasn't necessarily the results about which product detected what, but the revelation that Vista's security framework, specifically User Access Control (UAC) was really effective at preventing rootkit infection.  The test took 30 rootkits written for Windows XP and tested various anti-malware and anti-rootkit suites.  Some of them scored fairly well, but none were perfect.  Of the 30 XP rootkits, only 6 would actually run on Vista, and in order to get them to run UAC had to be disabled.  This means that UAC has significantly raised the bar of entry for rootkits on Windows.  This shouldn't really come as a surprise to anyone familiarly with this area, but there seems to be a lot of loud mouths shouting that UAC is worthless and should be disabled.  I have an anecdote that tells a different story.

The last product that I worked on was essentially a rootkit.  It was a component of a broader intrusion detection system which needed real-time information about what was going on in the system.  We wrote a simple device driver that intercepted all events within the kernel and logged them out to a database.  This means that every file, registry key, key pressed, port opened, etc, was visible to this program and logged.  We originally wrote it to work on XP, and an application to install it as a service, which involved a couple of calls to the Service Controller to install it.  If the user was running with an Administrator account (which everyone in XP does) then the driver would be loaded completely invisibly.  That means that any program that you have ever installed could very easily be spying on everything you, or any other user on your machine does.  I say it could be "very easily" doing this, not because the code is particularly easy to write, but that the Internet is absolutely littered with rootkit code, especially the .cn domain.  A little while ago we decided to update our driver to work under Vista.  Since rootkits are essentially an extension of the operating system, they become very dependent on certain structures and features of an OS and tend to only work under that version.  So we had to change the code a little bit to get it to run, but for the most part, it was the same program.  The only real difference between the two version was that on Vista, even if the user is logged in as Administrator, the installation of the service would fail if it wasn't elevated with a UAC prompt.  Privileges in Windows works with tokens; each user and group has a token, there is a system level administrator token, etc.  When a program starts, it is given the token of the user, and is run with what ever permissions that the user has.  So, users of the Administrator group in XP would pass along Administrator, or system level, permissions to any applications.  The difference between XP and Vista, is that when a user is in the Administrators group their token in Vista is not a complete system access token.  For an application to receive system level access, it must be spawned by a system level user group (SYSTEM, LOCAL SERVICE, etc) or being elevated by an administrator with a UAC prompt.  This prompt assures that the user behind the keyboard is aware that they are giving this application complete access to the system.  Sure, it can get a little annoying from time to time, but I'd rather have a prompt alerting me every so often as opposed to a rootkit silently being installed.

Reading the internet I see that a lot of people don't understand exactly what a rootkit is, and are surprised when Task Manager etc. can't find it, or can't stop it.

Folks, when you have a rootkit, you cannot TRUST your system anymore! The only solution is to boot from a external read-only source (such as a live-cd or a read-only USB key) and track down where the rootkit has installed itself. The good news is, the rootkit has to be in your registry somewhere, and usually you can find out where it is by checking on the internet.

First let's describe some symptoms;

• Anti-Virus gets turned off and/or deleted and/or uninstalled
• Firewall meets the same fate
• You may get the blue screen of death if the rootkit crashes some vital Windows processe to insert itself into them.

Got that? Now you're infected. Here's how to check;

• Internet or network connection crashes or slows right down
  • That's because you are now the proud host of a rooted box, and it's using all your bandwidth to download malware and porn...
• Computer seems really busy but there's no obvious processes in task manager eating up all your CPU
  • That's because it's busy hiding all that malware and porn, or cracking your passwords files...
• Can't boot into Safe Mood
  • That's because if you could boot into Safe Mood, you could stop the rootkit from running and uninstall it...

Here's what NOT TO DO;

• Ignore the issue... because it WON'T go away.
• Start using internet banking... because you can kiss your money goodbye.

Here's what to do, if you have gotten HLDRRR;

• Delete Megadrv3 device (follow instructions from Alireza Peyman).
• Log out straight away.
• On another computer, research, research, research. These things change all the time
• Get someone else to download BART PE and create a Live CD
• Reboot your computer with the CD in the drive
• Delete everything in [windows]\system32\drivers\down.
• Browse your system and delete everything in every Temp directory, which includes Temporary Internet Files
• No, really, find every Temp/Temporary/Temporary Internet Files directory, and delete everything
• Delete [windows]\system32\hldrrr.exe
• Create a new empty read-only file called hldrrr.exe
• Delete [windows]\system32\hidr.exe
• Create a new empty read-only file called hidr.exe
• Delete [windows]\system32\srosa.sys
• Create a new empty read-only file called srosa.sys
• Delete [windows]\syystem32... etc. etc.
• Create a new... etc. etc.
• Delete anything else that the internet suggests, if you can find it (mdelk.exe, wintems.exe, but the names change frequently!)
• Load up your registry (follow the instructions)
• Find all references to hldrrr and delete them
• Find all references to hidr and delete them
• Find all references to srosa.sys and delete them
• Find all references to... (get the picture yet?)
• Unload your registry
• Remove the disk and reboot.
• Check if the Megadriv3 device is still uninstalled.
• Check if the empty,read-only files you created above are still visible and are still 0kb.

You may, or you may not, have gotten rid of this infection.

See my next post for what to do if you just want to give up, but want to save all your files!

hldrrr,
hidr,
srosa,
wintemps

DESCáRGALO

Matt and his mates have launched their first video clip. You can find it here.

Even Mark Russinovich is talking about it.