…we need your help in filling in the gaps. If you come across a site that is hosting malware, we now have an easy way for you to let us know about it. If you come across a site that is hosting malware, please fill out this short form. Help us keep the internet safe, and report sites that distribute malware. – Google’s Security Blog
If you come across a site that’s hosting some evil evil bad bad stuff: you should report it. Doing so will be good for the health of the internet as a whole and might save you from having to pass by your Uncle Bud’s house to remove some garbage from his PC so he can get back on “The eBay”. The only problem is that people (you, me, Michael Jackson to some degree) quickly become complacent with reporting such stuff if it’s not super quick and easy to do. So… I tossed together a button for Google’s toolbar that makes reporting malware hosting urls easier than your little sister.
How you would normally go about reporting urls:
1. Copy the malware hosting url. That requires a click, drag, click, click.
2. Access your bookmarks and visit the page where you report these things. That requires a click, seek, click.
3. Paste the url into their form. That requires two clicks.
4. Enter the captcha. That requires being human ;-)
5. Click the submit button.
How you will report urls with the nifty little button:
1. While on the malware hosting url, you click the custom Google toolbar button.
2. Enter the captcha.
3. Click the submit button.
That breaks down an eight click, one seek, one drag, and captcha entering process into two clicks and the captcha. And, I used a skull icon for the button so it has a decent presence on your toolbar. The mere presence of that should get you into the habit of reporting stuff as you come across it. For all the security nuts out there, I added the feed from StopBadware.org’s blog. The skull’s eyes will turn red to alert you to any new posts they toss up.
If you already have Google’s toolbar it’s a ‘one click to install’ kinda thing. If not, you can click the same install link to get their toolbar and the button will already be there when the install is done.
To install the “Report Malware Hosting URL” button, Click Here.
That’s right kiddos, “Pump and Dump” is used to describe more than the ageless mating practice enjoyed by alpha males. It’s also used to describe a form of Microcap stock fraud. In both scenarios: people are sold a dream, fucked, and then left standing there with sad looks on their faces.
On Sunday afternoon I was helping my cousin and her husband move when her friend walked up talking about a bunch of crazy text messages she had gotten on her cell phone. Being the ex douche bag that I am, I was singled out to explain what was going on. The messages were written to appear as if they had been sent to the wrong person with a juicy (insider?) tip on a penny stock that was about to skyrocket in price. This is the Pump side of a Pump and Dump. Someone looking to manipulate (*cough* *cough* defraud) the market can artificially inflate a stock by as much as tenfold with relative ease. They simply have to get a ton of people to buy the hell out of it within a short period of time.
How the hardcore guys did this back in the day:
1. Buy a metric assload (literal translation: whole bunch) of any random penny stock.
2. Rent some temporary office space with a bunch of phone lines and set up a telemarketing operation.
3. All the cohorts would sit around calling residential numbers during business hours in hopes of getting answering machines. If someone answered: “Whoops, wrong number”. If they got a machine, they’d lay down one of several scripted voice mails that carried the same message: stock XYZ is going to explode on [whatever date].
“Hey Jim, Bobby again. It’s a Go on XYZ the 19th of this month. I just dropped 50k into that puppy. Our friend at the FDA said that their cholesterol pill is going to get the green light for sure. We’re in the know ahead of the company, even. This is going to be huge.”
4. After leaving thousands upon thousands of these fake insider tips on people’s answering machines the stock would jump up in price because of all the people buying it based on the bogus tips. Before the magical day when the stock is supposed to skyrocket, the evil evil bad bad people sell (dump) all of theirs for big profits before the stock levels out to its actual worth.
5. The people who bought the stock based on bogus insider tips are left with sad looks on their faces and are reluctant to report anything to law enforcement. No one likes admitting to being suckered. And, it was “illegal insider info” they were acting on – not something you want to tell police about.
Think I’m bullshitting about this not being rocket science? About seven years back a freaking 15 year old kid got fined over 250k by the Securities and Exchange Commission for such stuff. Even after that spanking from the SEC, Jonathan Lebed was sitting on 500k in profits from two years of shady stock manipulating.
Gather around kids, this is gonna be a fun one. I might even get sued, finally. Yay!!1
Recently, on some random news station, I heard about Walmart’s new “Money Card” which is nothing more than a prepaid Visa card. Just like any other such card, it has a website where you can check your balance, add funds to your account, etc. Alternatively, you can have your account information stolen, be exposed to hardcore XXX porn, or line the pockets of a bottom-feeding douche bag while trying to reach the site. Why? Because Walmart, just like most companies, is nothing short of retarded when it comes to internet security and protecting their brand in the online world.
But, but, but… Their site says that it’s secure. It even has a nifty little seal on it from Thawte verifying that it’s protected by RC4 128-bit encryption.
Yeah, so what? I said that all those evil evil bad bad things could happen to a person while trying to reach the site. I never said that they’d actually make it there. Your good ol’ Uncle Buck or Aunt Charlene who’s not too savvy on that there interweb, but falls perfectly into the demographic of folks who would have a Wally World prepaid money card, is likely to mistype the web address. That’s why any security-minded company who wants to protect their customers and brand’s image would / should at the very least register all of the most common typo domains when setting up shop on a new domain – especially if it’s a financial kinda deal. In Walmart’s infinite wisdom, they did no such thing.
After hearing about this new Walmart card and the accompanying website, I checked to see if they had registered and were forwarding over traffic from one of the most common typos: the full web address prefixed with a “www”. Typing out “www” and then forgetting or simply missing the dot afterwards is commonplace among eTards and fast typers. Sure enough, wwwwalmartmoneycard.com was wide open. So, I registered it. Just for good measure, I went ahead and registered almartmoneycard.com today too. Missing the first letter of a domain is also pretty common. Luckily for Wally World, I snagged those domains with the sole intent of using them as an example for this blog entry. This could have played out much differently…