<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_06_30_2237256</id>
	<title>New Click-Fraud Attack Is Stealthiest Yet</title>
	<author>kdawson</author>
	<datestamp>1246368900000</datestamp>
	<htmltext>An anonymous reader sends news from The Washington Post's Security Fix blog of <a href="http://voices.washingtonpost.com/securityfix/2009/06/ffsearcher\_a\_stealthy\_evolutio.html">a new Trojan horse program that takes click fraud to the next level</a>. The Trojan, dubbed <a href="http://secureworks.com/research/threats/ffsearcher/">FFsearcher</a> by SecureWorks, was among the pieces of malware installed by sites hacked with the <a href="http://securitylabs.websense.com/content/Alerts/3421.aspx">Nine-Ball mass compromise</a>, which attacked some 40,000 Web sites this month. The Trojan takes advantage of Google's "AdSense for Search" API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads. (SecureWorks' writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.) While most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher <i>"...converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API. Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com (and with Google.com in the victim browser's address bar, not the address of the attacker controlled site). Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads. What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay."</i> If FFSearcher were the only piece of malware on the machine, it would have a better chance of staying under the radar.</htmltext>
<tokenext>An anonymous reader sends news from The Washington Post 's Security Fix blog of a new Trojan horse program that takes click fraud to the next level .
The Trojan , dubbed FFsearcher by SecureWorks , was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise , which attacked some 40,000 Web sites this month .
The Trojan takes advantage of Google 's " AdSense for Search " API , which allows Web sites to embed Google search results alongside the usual Google AdSense ads .
( SecureWorks ' writeup indicates that Yahoo search is targeted too , but the researchers saw no evidence if the malware redirecting Yahoo searches .
) While most search hijackers give themselves away on the victim 's machine by redirecting the browser through some no-name search engine , FFsearcher " ...converts every search a victim makes through Google.com , so that each query is invisibly redirected through the attackers ' own Web sites , via Google 's Custom Search API .
Meanwhile , the Trojan manipulates the victim 's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search , but instead sees the search results as though they were returned directly from Google.com ( and with Google.com in the victim browser 's address bar , not the address of the attacker controlled site ) .
Adding to the stealth is the fact that search results themselves are n't altered by the attackers , who are merely going after the referral payments should victims click on any of the displayed ads .
What 's more , the attackers are n't diverting clicks or ad revenue away from advertisers or publishers , as in traditional click fraud : They are simply forcing Google to pay commissions that it would n't otherwise have to pay .
" If FFSearcher were the only piece of malware on the machine , it would have a better chance of staying under the radar .</tokentext>
<sentencetext>An anonymous reader sends news from The Washington Post's Security Fix blog of a new Trojan horse program that takes click fraud to the next level.
The Trojan, dubbed FFsearcher by SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise, which attacked some 40,000 Web sites this month.
The Trojan takes advantage of Google's "AdSense for Search" API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads.
(SecureWorks' writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.
) While most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher "...converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API.
Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com (and with Google.com in the victim browser's address bar, not the address of the attacker controlled site).
Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads.
What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay.
" If FFSearcher were the only piece of malware on the machine, it would have a better chance of staying under the radar.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538297</id>
	<title>Re:How the server gets infected?</title>
	<author>corbettw</author>
	<datestamp>1246379640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Nah, they'll just track which clicks are coming from that domain and then turn off the AdSense account(s) associated with it. That shouldn't be too hard to do.</htmltext>
<tokenext>Nah , they 'll just track which clicks are coming from that domain and then turn off the AdSense account ( s ) associated with it .
That should n't be too hard to do .</tokentext>
<sentencetext>Nah, they'll just track which clicks are coming from that domain and then turn off the AdSense account(s) associated with it.
That shouldn't be too hard to do.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537863</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540815</id>
	<title>Re:How the server gets infected?</title>
	<author>Krneki</author>
	<datestamp>1246454760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'm more interested in the server side of the story, how a fake Google ad finds a way on the server?</htmltext>
<tokenext>I 'm more interested in the server side of the story , how a fake Google ad finds a way on the server ?</tokentext>
<sentencetext>I'm more interested in the server side of the story, how a fake Google ad finds a way on the server?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538807</id>
	<title>this isn't click fraud!</title>
	<author>ILuvRamen</author>
	<datestamp>1246385940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>They're not inducing clicks so it's not by definition click fraud.  Who titled that?  They're relying on a normal amount of clicks and just taking a commission off them that Google themselves offer freely.  So basically they're just violating Google's terms of service for their search API.  Actually it might not even say anything specifically related to showing a search API as a full page but still collecting the commission or whatever they're doing.  Sounds like it's 99\% Google's fault if you ask me.</htmltext>
<tokenext>They 're not inducing clicks so it 's not by definition click fraud .
Who titled that ?
They 're relying on a normal amount of clicks and just taking a commission off them that Google themselves offer freely .
So basically they 're just violating Google 's terms of service for their search API .
Actually it might not even say anything specifically related to showing a search API as a full page but still collecting the commission or whatever they 're doing .
Sounds like it 's 99 \ % Google 's fault if you ask me .</tokentext>
<sentencetext>They're not inducing clicks so it's not by definition click fraud.
Who titled that?
They're relying on a normal amount of clicks and just taking a commission off them that Google themselves offer freely.
So basically they're just violating Google's terms of service for their search API.
Actually it might not even say anything specifically related to showing a search API as a full page but still collecting the commission or whatever they're doing.
Sounds like it's 99\% Google's fault if you ask me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538273</id>
	<title>Re:The flaw in their foolproof plan</title>
	<author>Anonymous</author>
	<datestamp>1246379400000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>I would not in a million years click on adds in most sites (those that get past addblock et al, that is), as they're usually about as helpful and legit looking as the used car salesman guy advertising the steak knife cheese juicer on late-night TV.</p><p>But...  google adds are small, typically unintrusive and sometimes (*shock* *horror*) relevant and even helpful.  So yeah, I will click on one or two every now and then.</p></htmltext>
<tokenext>I would not in a million years click on adds in most sites ( those that get past addblock et al , that is ) , as they 're usually about as helpful and legit looking as the used car salesman guy advertising the steak knife cheese juicer on late-night TV.But... google adds are small , typically unintrusive and sometimes ( * shock * * horror * ) relevant and even helpful .
So yeah , I will click on one or two every now and then .</tokentext>
<sentencetext>I would not in a million years click on adds in most sites (those that get past addblock et al, that is), as they're usually about as helpful and legit looking as the used car salesman guy advertising the steak knife cheese juicer on late-night TV.But...  google adds are small, typically unintrusive and sometimes (*shock* *horror*) relevant and even helpful.
So yeah, I will click on one or two every now and then.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28546429</id>
	<title>I'm impressed..</title>
	<author>Hobyx</author>
	<datestamp>1246475940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That's like the kind of sneakiness that would end up in Ocean's 11 or The Unusual Suspects. Whoever made this should do something productive with their time.</htmltext>
<tokenext>That 's like the kind of sneakiness that would end up in Ocean 's 11 or The Unusual Suspects .
Whoever made this should do something productive with their time .</tokentext>
<sentencetext>That's like the kind of sneakiness that would end up in Ocean's 11 or The Unusual Suspects.
Whoever made this should do something productive with their time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28556199</id>
	<title>Old Fashioned Detective Work</title>
	<author>manoftin</author>
	<datestamp>1246541280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Surely Google should just follow the money?</htmltext>
<tokenext>Surely Google should just follow the money ?</tokentext>
<sentencetext>Surely Google should just follow the money?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538137</id>
	<title>Re:The flaw in their foolproof plan</title>
	<author>michaelhood</author>
	<datestamp>1246378200000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>Yeah, good thing <a href="http://investor.google.com/fin\_data.html" title="google.com">no one clicks</a> [google.com] on Google's ads.</p><p>Google reported $21,128,514,000.00 in ad revenues for FY2008.</p></htmltext>
<tokenext>Yeah , good thing no one clicks [ google.com ] on Google 's ads.Google reported $ 21,128,514,000.00 in ad revenues for FY2008 .</tokentext>
<sentencetext>Yeah, good thing no one clicks [google.com] on Google's ads.Google reported $21,128,514,000.00 in ad revenues for FY2008.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28557499</id>
	<title>Stealthiest?</title>
	<author>AP31R0N</author>
	<datestamp>1246548420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why would they make one that was LESS stealthy?  Does the Air Force work on making bombs less accurate?  Does Porsche try to make their cars more sluggish?  Is intel working on a chip that gets hotter?</p><p>This is like those stupid info bites where they pretend a change in any statistic is meaningful.  "Unemployment is the highest it's been all month!"  So what?  You can always find some point in the past to say it's breaking some record.  "This is the purplest purple since, um, 20 years ago.  Wow!"  That it beats some arbitrarily selected mark is not inherently meaningful.  Especially in the case of arms races.  Intel made a faster chip?  No shit, Sherlock.  That's their JOB.</p></htmltext>
<tokenext>Why would they make one that was LESS stealthy ?
Does the Air Force work on making bombs less accurate ?
Does Porsche try to make their cars more sluggish ?
Is intel working on a chip that gets hotter ? This is like those stupid info bites where they pretend a change in any statistic is meaningful .
" Unemployment is the highest it 's been all month !
" So what ?
You can always find some point in the past to say it 's breaking some record .
" This is the purplest purple since , um , 20 years ago .
Wow ! " That it beats some arbitrarily selected mark is not inherently meaningful .
Especially in the case of arms races .
Intel made a faster chip ?
No shit , Sherlock .
That 's their JOB .</tokentext>
<sentencetext>Why would they make one that was LESS stealthy?
Does the Air Force work on making bombs less accurate?
Does Porsche try to make their cars more sluggish?
Is intel working on a chip that gets hotter?This is like those stupid info bites where they pretend a change in any statistic is meaningful.
"Unemployment is the highest it's been all month!
"  So what?
You can always find some point in the past to say it's breaking some record.
"This is the purplest purple since, um, 20 years ago.
Wow!"  That it beats some arbitrarily selected mark is not inherently meaningful.
Especially in the case of arms races.
Intel made a faster chip?
No shit, Sherlock.
That's their JOB.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623</id>
	<title>Re:How the server gets infected?</title>
	<author>Seth Kriticos</author>
	<datestamp>1246373700000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext>Reading the article helps - there is only one server: my-web-way.com , which is supposedly controlled by the attackers. The whois entry reveals, that it is registered in Moskow, Russia.. probably with a fake name.<br><br>Now to what gets infected: Windows machines. It plays with DLL's and the Registry (described in the article).<br><br>Interesting is: this peace of mallware does not directly (perceivably) damage the user of the infected machine, but it generates revenue through (semi fake) Google ad clicks. I wonder how they (Google) will react.. would guess that big corporations get quite pissed by this kind of stuff. Let's wait and see..</htmltext>
<tokenext>Reading the article helps - there is only one server : my-web-way.com , which is supposedly controlled by the attackers .
The whois entry reveals , that it is registered in Moskow , Russia.. probably with a fake name.Now to what gets infected : Windows machines .
It plays with DLL 's and the Registry ( described in the article ) .Interesting is : this peace of mallware does not directly ( perceivably ) damage the user of the infected machine , but it generates revenue through ( semi fake ) Google ad clicks .
I wonder how they ( Google ) will react.. would guess that big corporations get quite pissed by this kind of stuff .
Let 's wait and see. .</tokentext>
<sentencetext>Reading the article helps - there is only one server: my-web-way.com , which is supposedly controlled by the attackers.
The whois entry reveals, that it is registered in Moskow, Russia.. probably with a fake name.Now to what gets infected: Windows machines.
It plays with DLL's and the Registry (described in the article).Interesting is: this peace of mallware does not directly (perceivably) damage the user of the infected machine, but it generates revenue through (semi fake) Google ad clicks.
I wonder how they (Google) will react.. would guess that big corporations get quite pissed by this kind of stuff.
Let's wait and see..</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537613</id>
	<title>Serves Google right...</title>
	<author>Anonymous</author>
	<datestamp>1246373580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>They have a totally opaque, arbitrary policy regarding click fraud and tons of valid users (like myself) have been cut off from using Adsense in our sites without Google even having the courtesy to tell us why, or give a reasonable "retry" period.  As near as I can tell they cut me off because my site was finally starting to generate some click revenue and they just flat out didn't want to pay.  I'm not at all sorry to see something like this that might cause them to cut off enough people that people finally come to their senses and cry "foul."  Hopefully Google will pay up the yin yang and finally realize they need a valid way to end Adsense users' use, and a equally valid way to allow people who may have been cut off through no fault of their own to come back in.  They don't even take the time to reply to queries or questions after the initial "review."  Poof.  You're cut.  That's it.</p><p>I had nothing at all to do with this virus and it sounds like something that will soon be usurped to do far nastier things than make Google pay higher click payouts.  But I'm not at all sorry to see something make them perhaps realize that click fraud may be totally unintentional on the part of the Adsense user, and it's not fair (nor should it be legal!) to penalize that person for clicks outside their control.</p></htmltext>
<tokenext>They have a totally opaque , arbitrary policy regarding click fraud and tons of valid users ( like myself ) have been cut off from using Adsense in our sites without Google even having the courtesy to tell us why , or give a reasonable " retry " period .
As near as I can tell they cut me off because my site was finally starting to generate some click revenue and they just flat out did n't want to pay .
I 'm not at all sorry to see something like this that might cause them to cut off enough people that people finally come to their senses and cry " foul .
" Hopefully Google will pay up the yin yang and finally realize they need a valid way to end Adsense users ' use , and a equally valid way to allow people who may have been cut off through no fault of their own to come back in .
They do n't even take the time to reply to queries or questions after the initial " review .
" Poof .
You 're cut .
That 's it.I had nothing at all to do with this virus and it sounds like something that will soon be usurped to do far nastier things than make Google pay higher click payouts .
But I 'm not at all sorry to see something make them perhaps realize that click fraud may be totally unintentional on the part of the Adsense user , and it 's not fair ( nor should it be legal !
) to penalize that person for clicks outside their control .</tokentext>
<sentencetext>They have a totally opaque, arbitrary policy regarding click fraud and tons of valid users (like myself) have been cut off from using Adsense in our sites without Google even having the courtesy to tell us why, or give a reasonable "retry" period.
As near as I can tell they cut me off because my site was finally starting to generate some click revenue and they just flat out didn't want to pay.
I'm not at all sorry to see something like this that might cause them to cut off enough people that people finally come to their senses and cry "foul.
"  Hopefully Google will pay up the yin yang and finally realize they need a valid way to end Adsense users' use, and a equally valid way to allow people who may have been cut off through no fault of their own to come back in.
They don't even take the time to reply to queries or questions after the initial "review.
"  Poof.
You're cut.
That's it.I had nothing at all to do with this virus and it sounds like something that will soon be usurped to do far nastier things than make Google pay higher click payouts.
But I'm not at all sorry to see something make them perhaps realize that click fraud may be totally unintentional on the part of the Adsense user, and it's not fair (nor should it be legal!
) to penalize that person for clicks outside their control.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517</id>
	<title>Does this affect all browsers?</title>
	<author>BitterOak</author>
	<datestamp>1246372860000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>The article mentions that both IE and Firefox are vulnerable, but doesn't talk about other browsers.  It also doesn't say if it affects current versions, or unpatched browsers only.  Will security patches for IE and Firefox be coming soon?</htmltext>
<tokenext>The article mentions that both IE and Firefox are vulnerable , but does n't talk about other browsers .
It also does n't say if it affects current versions , or unpatched browsers only .
Will security patches for IE and Firefox be coming soon ?</tokentext>
<sentencetext>The article mentions that both IE and Firefox are vulnerable, but doesn't talk about other browsers.
It also doesn't say if it affects current versions, or unpatched browsers only.
Will security patches for IE and Firefox be coming soon?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538755</id>
	<title>I had code like that on 3 sites</title>
	<author>bobjr94</author>
	<datestamp>1246385460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>We have 3 web sites hosted by gate.com, all different domain names, different passwords, etc.. We have the same code/virus/whatever on all 3 sites, all used a hidden iframe linking to a site in Russia.</htmltext>
<tokenext>We have 3 web sites hosted by gate.com , all different domain names , different passwords , etc.. We have the same code/virus/whatever on all 3 sites , all used a hidden iframe linking to a site in Russia .</tokentext>
<sentencetext>We have 3 web sites hosted by gate.com, all different domain names, different passwords, etc.. We have the same code/virus/whatever on all 3 sites, all used a hidden iframe linking to a site in Russia.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537599</id>
	<title>why ever run that?</title>
	<author>Anonymous</author>
	<datestamp>1246373520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"...the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web...</p><p>Why would anyone run something like that?  I've always followed the principle, "nothing runs on my computer unless I know what it is, and then only with my explicit permission".  Following that simple rule keeps all manner of crapware off your system.  I follow it for both native executables, and javascripts/etc that random web pages want to run.  If I don't know what your script does, and have a good reason to trust it, then sorry but it isn't going to run.  My computer is *mine*, not yours, and you don't get to run things on it without my say so.  If your web site doesn't work without it, then I'll go elsewhere.</p></htmltext>
<tokenext>" ...the Trojan manipulates the victim 's PC and browser so that the victim never actually sees the attacker-controlled Web...Why would anyone run something like that ?
I 've always followed the principle , " nothing runs on my computer unless I know what it is , and then only with my explicit permission " .
Following that simple rule keeps all manner of crapware off your system .
I follow it for both native executables , and javascripts/etc that random web pages want to run .
If I do n't know what your script does , and have a good reason to trust it , then sorry but it is n't going to run .
My computer is * mine * , not yours , and you do n't get to run things on it without my say so .
If your web site does n't work without it , then I 'll go elsewhere .</tokentext>
<sentencetext>"...the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web...Why would anyone run something like that?
I've always followed the principle, "nothing runs on my computer unless I know what it is, and then only with my explicit permission".
Following that simple rule keeps all manner of crapware off your system.
I follow it for both native executables, and javascripts/etc that random web pages want to run.
If I don't know what your script does, and have a good reason to trust it, then sorry but it isn't going to run.
My computer is *mine*, not yours, and you don't get to run things on it without my say so.
If your web site doesn't work without it, then I'll go elsewhere.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539139</id>
	<title>If its evil, it can't be Google.....</title>
	<author>Bob\_Who</author>
	<datestamp>1246389780000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>....the impersonators prefer "Don't Be Elvis"</htmltext>
<tokenext>....the impersonators prefer " Do n't Be Elvis "</tokentext>
<sentencetext>....the impersonators prefer "Don't Be Elvis"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538347</id>
	<title>Detection Should be Trivial</title>
	<author>phantomcircuit</author>
	<datestamp>1246380240000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Alright and then google almost immediately bans that person for adsense.</p><p>Wow brilliant plan guys.</p></htmltext>
<tokenext>Alright and then google almost immediately bans that person for adsense.Wow brilliant plan guys .</tokentext>
<sentencetext>Alright and then google almost immediately bans that person for adsense.Wow brilliant plan guys.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538289</id>
	<title>Re:Does this affect all browsers?</title>
	<author>Zerth</author>
	<datestamp>1246379580000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p><a href="http://en.wikipedia.org/wiki/Lynx\_(web\_browser)" title="wikipedia.org">Lynx</a> [wikipedia.org] is presumably immune...</p></htmltext>
<tokenext>Lynx [ wikipedia.org ] is presumably immune.. .</tokentext>
<sentencetext>Lynx [wikipedia.org] is presumably immune...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540809</id>
	<title>Re:Does this affect all browsers? Chrome?</title>
	<author>xyzzypoofs</author>
	<datestamp>1246454760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I guess I should finally download Chrome - isn't that a Google product?</htmltext>
<tokenext>I guess I should finally download Chrome - is n't that a Google product ?</tokentext>
<sentencetext>I guess I should finally download Chrome - isn't that a Google product?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28541841</id>
	<title>No way they will receive any money</title>
	<author>Anonymous</author>
	<datestamp>1246461120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>With google taking more then a month to send a check and with their fraud detection and review process<br>there is no way these guys will see a penny. The more money they make the more the review is intense.</p><p>If you want to do something like that you'd better have a really nice front operation (like let's say enrolling<br>a lot of real webmasters in the scam to boost their real revenue) so that you can justify the insane amount<br>of clicks you will generate.</p></htmltext>
<tokenext>With google taking more then a month to send a check and with their fraud detection and review processthere is no way these guys will see a penny .
The more money they make the more the review is intense.If you want to do something like that you 'd better have a really nice front operation ( like let 's say enrollinga lot of real webmasters in the scam to boost their real revenue ) so that you can justify the insane amountof clicks you will generate .</tokentext>
<sentencetext>With google taking more then a month to send a check and with their fraud detection and review processthere is no way these guys will see a penny.
The more money they make the more the review is intense.If you want to do something like that you'd better have a really nice front operation (like let's say enrollinga lot of real webmasters in the scam to boost their real revenue) so that you can justify the insane amountof clicks you will generate.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538791</id>
	<title>Re:Does this affect all browsers?</title>
	<author>Anonymous</author>
	<datestamp>1246385820000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>The virus itself is a complicated one. As per the article, it was installed on the system during a mass exploit dubbed <a href="http://securitylabs.websense.com/content/Alerts/3421.aspx" title="websense.com" rel="nofollow">Nine-Ball</a> [websense.com], which was loaded onto 40,000 legitimate websites. Visiting those sites caused the <b>Nine-Ball</b> script to execute, which redirected an <i>iframe</i> to a page containing malicious code which mounts a series of attacks. Those mentioned by the site are:</p><ul> <li>Exploit <a href="http://www.microsoft.com/technet/security/Bulletin/ms06-014.mspx" title="microsoft.com" rel="nofollow">MS06-014</a> [microsoft.com], which targets the MDAC ActiveX control</li><li>Exploit <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5820" title="mitre.org" rel="nofollow">CVE-2006-5820</a> [mitre.org], which targets the AOL SuperBuddy ActiveX control</li><li>[Some] targeting Acrobat Reader"</li><li>[Some targeting] QuickTime</li></ul><p>So basically, an application (browser) visits this malicious page. If that application runs the ActiveX controls mentioned (and presumably Acrobat Reader and/or QuickTime), it was vulnerable to the initial <b>Nine-Ball</b> exploit. IE qualifies for all 4 of those; Firefox can use ActiveX (I believe, with a plugin), but not out of the box... however, it does have plugins for Acrobat Reader and QuickTime.</p><p>If any of those vulnerabilities were present with the applicaton visited the <i>iframe</i>, it runs malicious code that installs a crapton of viruses on the host computer, among them the <b>FFSearcher</b> virus.</p><p>Once <b>FFSearcher</b> is on your computer, it causes itself to get run all of the time, probably as <i>Administrator</i>. It then proceeds to:</p><ol> <li>Executes a Windows root-kit to hide its presence</li><li>Injects code into browser application processes; for IE, it will inject an IE-specific payload, and for Firefox, it will inject a Firefox-specific payload. Each payload causes the infected browser to do all the malicious redirecting that is described in lower-level detail in the article.</li></ol><p>So a nice, clean, and secure IE / Firefox get started up, but Windows, itself infected, loads the virus into them! No vulnerabilities are exploited, here. Since <b>FFSearcher</b> runs as <i>Administrator</i>, everything it does is straightforward and allowed by the system; it can do basically anything. What it chooses to do is target IE and Firefox. Since it's running as <i>Administrator</i>, it doesn't have to exploit any vulnerabilities in either; it just barges in and rewrites parts of them to do its bidding. <i>Administrator</i> can do things like that.</p><p>In conclusion, there isn't any vulnerability in IE or Firefox that's involved in <b>FFSearcher</b>, and the only reason <b>FFSearcher</b> doesn't pwn other browsers is because the author didn't bother to write a payload for them, too. <b>FFSearcher</b>, itself, was installed due to <i>some</i> browser vulnerability that happened <i>sometime</i>, and now, permanently present on the system, takes advantage of its <i>Administrator</i> privileges to do some pretty wicked stuff.</p></htmltext>
<tokenext>The virus itself is a complicated one .
As per the article , it was installed on the system during a mass exploit dubbed Nine-Ball [ websense.com ] , which was loaded onto 40,000 legitimate websites .
Visiting those sites caused the Nine-Ball script to execute , which redirected an iframe to a page containing malicious code which mounts a series of attacks .
Those mentioned by the site are : Exploit MS06-014 [ microsoft.com ] , which targets the MDAC ActiveX controlExploit CVE-2006-5820 [ mitre.org ] , which targets the AOL SuperBuddy ActiveX control [ Some ] targeting Acrobat Reader " [ Some targeting ] QuickTimeSo basically , an application ( browser ) visits this malicious page .
If that application runs the ActiveX controls mentioned ( and presumably Acrobat Reader and/or QuickTime ) , it was vulnerable to the initial Nine-Ball exploit .
IE qualifies for all 4 of those ; Firefox can use ActiveX ( I believe , with a plugin ) , but not out of the box... however , it does have plugins for Acrobat Reader and QuickTime.If any of those vulnerabilities were present with the applicaton visited the iframe , it runs malicious code that installs a crapton of viruses on the host computer , among them the FFSearcher virus.Once FFSearcher is on your computer , it causes itself to get run all of the time , probably as Administrator .
It then proceeds to : Executes a Windows root-kit to hide its presenceInjects code into browser application processes ; for IE , it will inject an IE-specific payload , and for Firefox , it will inject a Firefox-specific payload .
Each payload causes the infected browser to do all the malicious redirecting that is described in lower-level detail in the article.So a nice , clean , and secure IE / Firefox get started up , but Windows , itself infected , loads the virus into them !
No vulnerabilities are exploited , here .
Since FFSearcher runs as Administrator , everything it does is straightforward and allowed by the system ; it can do basically anything .
What it chooses to do is target IE and Firefox .
Since it 's running as Administrator , it does n't have to exploit any vulnerabilities in either ; it just barges in and rewrites parts of them to do its bidding .
Administrator can do things like that.In conclusion , there is n't any vulnerability in IE or Firefox that 's involved in FFSearcher , and the only reason FFSearcher does n't pwn other browsers is because the author did n't bother to write a payload for them , too .
FFSearcher , itself , was installed due to some browser vulnerability that happened sometime , and now , permanently present on the system , takes advantage of its Administrator privileges to do some pretty wicked stuff .</tokentext>
<sentencetext>The virus itself is a complicated one.
As per the article, it was installed on the system during a mass exploit dubbed Nine-Ball [websense.com], which was loaded onto 40,000 legitimate websites.
Visiting those sites caused the Nine-Ball script to execute, which redirected an iframe to a page containing malicious code which mounts a series of attacks.
Those mentioned by the site are: Exploit MS06-014 [microsoft.com], which targets the MDAC ActiveX controlExploit CVE-2006-5820 [mitre.org], which targets the AOL SuperBuddy ActiveX control[Some] targeting Acrobat Reader"[Some targeting] QuickTimeSo basically, an application (browser) visits this malicious page.
If that application runs the ActiveX controls mentioned (and presumably Acrobat Reader and/or QuickTime), it was vulnerable to the initial Nine-Ball exploit.
IE qualifies for all 4 of those; Firefox can use ActiveX (I believe, with a plugin), but not out of the box... however, it does have plugins for Acrobat Reader and QuickTime.If any of those vulnerabilities were present with the applicaton visited the iframe, it runs malicious code that installs a crapton of viruses on the host computer, among them the FFSearcher virus.Once FFSearcher is on your computer, it causes itself to get run all of the time, probably as Administrator.
It then proceeds to: Executes a Windows root-kit to hide its presenceInjects code into browser application processes; for IE, it will inject an IE-specific payload, and for Firefox, it will inject a Firefox-specific payload.
Each payload causes the infected browser to do all the malicious redirecting that is described in lower-level detail in the article.So a nice, clean, and secure IE / Firefox get started up, but Windows, itself infected, loads the virus into them!
No vulnerabilities are exploited, here.
Since FFSearcher runs as Administrator, everything it does is straightforward and allowed by the system; it can do basically anything.
What it chooses to do is target IE and Firefox.
Since it's running as Administrator, it doesn't have to exploit any vulnerabilities in either; it just barges in and rewrites parts of them to do its bidding.
Administrator can do things like that.In conclusion, there isn't any vulnerability in IE or Firefox that's involved in FFSearcher, and the only reason FFSearcher doesn't pwn other browsers is because the author didn't bother to write a payload for them, too.
FFSearcher, itself, was installed due to some browser vulnerability that happened sometime, and now, permanently present on the system, takes advantage of its Administrator privileges to do some pretty wicked stuff.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539093</id>
	<title>I have a stupid question</title>
	<author>DigiShaman</author>
	<datestamp>1246389240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It seems all of these nefarious activities on the Internet seem to come from Russia and other Eastern European countries. What is up with that? It it some sort of nerd gangster culture in that part of the world? Seriously, can someone please explain it to me.</p></htmltext>
<tokenext>It seems all of these nefarious activities on the Internet seem to come from Russia and other Eastern European countries .
What is up with that ?
It it some sort of nerd gangster culture in that part of the world ?
Seriously , can someone please explain it to me .</tokentext>
<sentencetext>It seems all of these nefarious activities on the Internet seem to come from Russia and other Eastern European countries.
What is up with that?
It it some sort of nerd gangster culture in that part of the world?
Seriously, can someone please explain it to me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537851</id>
	<title>fp TROOLKORe</title>
	<author>Anonymous</author>
	<datestamp>1246375440000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext>ANOTHER TROUBLED of the above towels on tHe fllor it.  Do not share need to join the brain. It is the about a project if you move a table myself. This isn't</htmltext>
<tokenext>ANOTHER TROUBLED of the above towels on tHe fllor it .
Do not share need to join the brain .
It is the about a project if you move a table myself .
This is n't</tokentext>
<sentencetext>ANOTHER TROUBLED of the above towels on tHe fllor it.
Do not share need to join the brain.
It is the about a project if you move a table myself.
This isn't</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537863</id>
	<title>Re:How the server gets infected?</title>
	<author>gnick</author>
	<datestamp>1246375620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>I wonder how they (Google) will react.. would guess that big corporations get quite pissed by this kind of stuff. Let's wait and see..</p></div><p>They've got the talent, the resources, and the legal team.  This seems like an excellent time for Google to "be evil" and take the law into their own hands.</p><p>We could only hope.</p></div>
	</htmltext>
<tokenext>I wonder how they ( Google ) will react.. would guess that big corporations get quite pissed by this kind of stuff .
Let 's wait and see..They 've got the talent , the resources , and the legal team .
This seems like an excellent time for Google to " be evil " and take the law into their own hands.We could only hope .</tokentext>
<sentencetext>I wonder how they (Google) will react.. would guess that big corporations get quite pissed by this kind of stuff.
Let's wait and see..They've got the talent, the resources, and the legal team.
This seems like an excellent time for Google to "be evil" and take the law into their own hands.We could only hope.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28548243</id>
	<title>Re:Nine-ball?</title>
	<author>Kushieda Minorin</author>
	<datestamp>1246481760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>One thing is for sure: even at Google you can't take it easy.</htmltext>
<tokenext>One thing is for sure : even at Google you ca n't take it easy .</tokentext>
<sentencetext>One thing is for sure: even at Google you can't take it easy.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537991</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683</id>
	<title>The flaw in their foolproof plan</title>
	<author>Dachannien</author>
	<datestamp>1246374120000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>So, let me get this straight:</p><p>The trojaneers' moneymaking is predicated upon people actually clicking on ads.</p><p>Uh... good luck with that!</p></htmltext>
<tokenext>So , let me get this straight : The trojaneers ' moneymaking is predicated upon people actually clicking on ads.Uh... good luck with that !</tokentext>
<sentencetext>So, let me get this straight:The trojaneers' moneymaking is predicated upon people actually clicking on ads.Uh... good luck with that!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540005</id>
	<title>dll with the name SOCKET2.DLL</title>
	<author>viralMeme</author>
	<datestamp>1246444380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"This dropper drops a dll with the name SOCKET2.DLL to Windows' system folder"</p><p>Having thus read, I need go no farther. How does the exploit actually get on to the web servers i nthe first place?</p></htmltext>
<tokenext>" This dropper drops a dll with the name SOCKET2.DLL to Windows ' system folder " Having thus read , I need go no farther .
How does the exploit actually get on to the web servers i nthe first place ?</tokentext>
<sentencetext>"This dropper drops a dll with the name SOCKET2.DLL to Windows' system folder"Having thus read, I need go no farther.
How does the exploit actually get on to the web servers i nthe first place?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538235</id>
	<title>Re:How the server gets infected?</title>
	<author>rattaroaz</author>
	<datestamp>1246379160000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Reading the article helps - there is only one server: my-web-way.com , which is supposedly controlled by the attackers. The whois entry reveals, that it is registered in Moskow, Russia..<nobr> <wbr></nobr>.</p></div><p>In America, server gets infected, but in Soviet Russia, infections get served!</p></div>
	</htmltext>
<tokenext>Reading the article helps - there is only one server : my-web-way.com , which is supposedly controlled by the attackers .
The whois entry reveals , that it is registered in Moskow , Russia.. .In America , server gets infected , but in Soviet Russia , infections get served !</tokentext>
<sentencetext>Reading the article helps - there is only one server: my-web-way.com , which is supposedly controlled by the attackers.
The whois entry reveals, that it is registered in Moskow, Russia.. .In America, server gets infected, but in Soviet Russia, infections get served!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537575</id>
	<title>Starcraft II jettisons LAN support</title>
	<author>Reasoned Mind</author>
	<datestamp>1246373280000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p><a href="http://www.gamespot.com/news/6212765.html" title="gamespot.com" rel="nofollow">http://www.gamespot.com/news/6212765.html</a> [gamespot.com]</p></htmltext>
<tokenext>http : //www.gamespot.com/news/6212765.html [ gamespot.com ]</tokentext>
<sentencetext>http://www.gamespot.com/news/6212765.html [gamespot.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538307</id>
	<title>Why should the user care?</title>
	<author>Anonymous</author>
	<datestamp>1246379820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If it doesn't affect the user, why should they care?</p><p>They could even pay the user to install the trojan. It would be win-win, only Google would lose.</p></htmltext>
<tokenext>If it does n't affect the user , why should they care ? They could even pay the user to install the trojan .
It would be win-win , only Google would lose .</tokentext>
<sentencetext>If it doesn't affect the user, why should they care?They could even pay the user to install the trojan.
It would be win-win, only Google would lose.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540617</id>
	<title>Re:How the server gets infected?</title>
	<author>notrandom</author>
	<datestamp>1246452540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>tell you how.
this is what happened to my machines (webserver and users).
users got infected by some trojan.
code was downloaded.
executed with admin privileges.
my webmastr was infected.
ftp passwords were sniffed.
all index*.(php)|(html) files were added the injections code.
some others as well as phpbb logins etc etc.
from there more users were browser-infected.
some of those had ftps or such on other sites.
rinse.
repeat.

i cleaned the servers fast as i was in standby at infection time luckily.
since then i only work online from ubuntu.
webmasters and staff as well.
we need those adsense money, i can't risk some stupid windows fuckup rob me.

nice lesson learned btw it was about time for some drastic action.</htmltext>
<tokenext>tell you how .
this is what happened to my machines ( webserver and users ) .
users got infected by some trojan .
code was downloaded .
executed with admin privileges .
my webmastr was infected .
ftp passwords were sniffed .
all index * .
( php ) | ( html ) files were added the injections code .
some others as well as phpbb logins etc etc .
from there more users were browser-infected .
some of those had ftps or such on other sites .
rinse . repeat .
i cleaned the servers fast as i was in standby at infection time luckily .
since then i only work online from ubuntu .
webmasters and staff as well .
we need those adsense money , i ca n't risk some stupid windows fuckup rob me .
nice lesson learned btw it was about time for some drastic action .</tokentext>
<sentencetext>tell you how.
this is what happened to my machines (webserver and users).
users got infected by some trojan.
code was downloaded.
executed with admin privileges.
my webmastr was infected.
ftp passwords were sniffed.
all index*.
(php)|(html) files were added the injections code.
some others as well as phpbb logins etc etc.
from there more users were browser-infected.
some of those had ftps or such on other sites.
rinse.
repeat.
i cleaned the servers fast as i was in standby at infection time luckily.
since then i only work online from ubuntu.
webmasters and staff as well.
we need those adsense money, i can't risk some stupid windows fuckup rob me.
nice lesson learned btw it was about time for some drastic action.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537507</id>
	<title>But Why?</title>
	<author>bezking</author>
	<datestamp>1246372800000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext>Why would they waste their time? Surely there are easier ways to steal from adsense that don't involve putting people at risk...</htmltext>
<tokenext>Why would they waste their time ?
Surely there are easier ways to steal from adsense that do n't involve putting people at risk.. .</tokentext>
<sentencetext>Why would they waste their time?
Surely there are easier ways to steal from adsense that don't involve putting people at risk...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538481</id>
	<title>Re:Serves Google right...</title>
	<author>Runaway1956</author>
	<datestamp>1246381800000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>"and it's not fair (nor should it be legal!) to penalize that person for clicks outside their control"</p><p>If you own a dog, you're responsible for it.  If you own a car, you're responsible for it.  If you own a computer, you're not responsible?</p><p>Cry us a river - - -</p></htmltext>
<tokenext>" and it 's not fair ( nor should it be legal !
) to penalize that person for clicks outside their control " If you own a dog , you 're responsible for it .
If you own a car , you 're responsible for it .
If you own a computer , you 're not responsible ? Cry us a river - - -</tokentext>
<sentencetext>"and it's not fair (nor should it be legal!
) to penalize that person for clicks outside their control"If you own a dog, you're responsible for it.
If you own a car, you're responsible for it.
If you own a computer, you're not responsible?Cry us a river - - -</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537613</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537707</id>
	<title>Shut Down the Adsense Account?</title>
	<author>basementman</author>
	<datestamp>1246374240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>What's keeping Google from shutting down the account that are getting the illegitimate clicks? I doubt they could produce a hundreds of different account just because it would make receiving payment extremely difficult.</htmltext>
<tokenext>What 's keeping Google from shutting down the account that are getting the illegitimate clicks ?
I doubt they could produce a hundreds of different account just because it would make receiving payment extremely difficult .</tokentext>
<sentencetext>What's keeping Google from shutting down the account that are getting the illegitimate clicks?
I doubt they could produce a hundreds of different account just because it would make receiving payment extremely difficult.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539815</id>
	<title>What does the original author really know?</title>
	<author>Anonymous</author>
	<datestamp>1246442100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>From TFA. Specifically the responses at the bottom: "<i>Brian, wouldn't an add-on like Giorgio Maone's NoScript stop the processes necessary for this kind of fraud to succeed on Firefox ?</i>". Which gets this as an answer: "<i>@mhenriday - I suppose it's possible, <strong>but I doubt it</strong>.</i>"</p><p>Next he refers to the <a href="http://securitylabs.websense.com/content/Alerts/3421.aspx" title="websense.com" rel="nofollow">Security labs article</a> [websense.com] for more information. Notice the "payload" section and the marked sections. See how this is all javascript code? Now check the <a href="http://noscript.net/" title="noscript.net" rel="nofollow">NoScript website</a> [noscript.net], see how its primary use is a "Javascript/Java/Flash" blocker?</p><p>So why would the author have any doubts if this NoScript plugin can actually stop the execution of this javascript code block? Does he somehow think this block of code is very different from other javascript snippets or could it be that he doesn't like (or understand) this free, easy and most of all <strong>safe</strong> kind of protection ?</p><p>Maybe I'm too cynical here but I wonder.. Double agenda perhaps?</p></htmltext>
<tokenext>From TFA .
Specifically the responses at the bottom : " Brian , would n't an add-on like Giorgio Maone 's NoScript stop the processes necessary for this kind of fraud to succeed on Firefox ? " .
Which gets this as an answer : " @ mhenriday - I suppose it 's possible , but I doubt it .
" Next he refers to the Security labs article [ websense.com ] for more information .
Notice the " payload " section and the marked sections .
See how this is all javascript code ?
Now check the NoScript website [ noscript.net ] , see how its primary use is a " Javascript/Java/Flash " blocker ? So why would the author have any doubts if this NoScript plugin can actually stop the execution of this javascript code block ?
Does he somehow think this block of code is very different from other javascript snippets or could it be that he does n't like ( or understand ) this free , easy and most of all safe kind of protection ? Maybe I 'm too cynical here but I wonder.. Double agenda perhaps ?</tokentext>
<sentencetext>From TFA.
Specifically the responses at the bottom: "Brian, wouldn't an add-on like Giorgio Maone's NoScript stop the processes necessary for this kind of fraud to succeed on Firefox ?".
Which gets this as an answer: "@mhenriday - I suppose it's possible, but I doubt it.
"Next he refers to the Security labs article [websense.com] for more information.
Notice the "payload" section and the marked sections.
See how this is all javascript code?
Now check the NoScript website [noscript.net], see how its primary use is a "Javascript/Java/Flash" blocker?So why would the author have any doubts if this NoScript plugin can actually stop the execution of this javascript code block?
Does he somehow think this block of code is very different from other javascript snippets or could it be that he doesn't like (or understand) this free, easy and most of all safe kind of protection ?Maybe I'm too cynical here but I wonder.. Double agenda perhaps?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540297</id>
	<title>Re:Serves Google right...</title>
	<author>selven</author>
	<datestamp>1246448580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If someone injects a drug into your dog that makes him bite everyone in sight then the person who injected the drug is responsible.</htmltext>
<tokenext>If someone injects a drug into your dog that makes him bite everyone in sight then the person who injected the drug is responsible .</tokentext>
<sentencetext>If someone injects a drug into your dog that makes him bite everyone in sight then the person who injected the drug is responsible.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538481</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537955</id>
	<title>Re:The flaw in their foolproof plan</title>
	<author>Anonymous</author>
	<datestamp>1246376460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Do you have some other explanation for Google's income?</htmltext>
<tokenext>Do you have some other explanation for Google 's income ?</tokentext>
<sentencetext>Do you have some other explanation for Google's income?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28541639</id>
	<title>Unaltered altered noclick click fraud</title>
	<author>ioshhdflwuegfh</author>
	<datestamp>1246460040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>With all this modern technology and stuff, things get complicated.  Add a bit of English to it and it goes like this:<p><div class="quote"><p>[...]
the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results <i>as though</i> they were returned directly from Google.com [italics added].</p></div><p>This as-though content that victim does not see is just like the content that the victim sees, the only difference being that there is no difference between the two:</p><p><div class="quote"><p>Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads.</p></div><p>What's more, in this click fraud even clicks aren't changed:</p><p><div class="quote"><p> What's more, the attackers aren't diverting clicks[...]</p></div><p>Welcome to the world of your invisible, untouchable overlords!</p></div>
	</htmltext>
<tokenext>With all this modern technology and stuff , things get complicated .
Add a bit of English to it and it goes like this : [ ... ] the Trojan manipulates the victim 's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search , but instead sees the search results as though they were returned directly from Google.com [ italics added ] .This as-though content that victim does not see is just like the content that the victim sees , the only difference being that there is no difference between the two : Adding to the stealth is the fact that search results themselves are n't altered by the attackers , who are merely going after the referral payments should victims click on any of the displayed ads.What 's more , in this click fraud even clicks are n't changed : What 's more , the attackers are n't diverting clicks [ ... ] Welcome to the world of your invisible , untouchable overlords !</tokentext>
<sentencetext>With all this modern technology and stuff, things get complicated.
Add a bit of English to it and it goes like this:[...]
the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com [italics added].This as-though content that victim does not see is just like the content that the victim sees, the only difference being that there is no difference between the two:Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads.What's more, in this click fraud even clicks aren't changed: What's more, the attackers aren't diverting clicks[...]Welcome to the world of your invisible, untouchable overlords!
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538549</id>
	<title>Re:The flaw in their foolproof plan</title>
	<author>mail2345</author>
	<datestamp>1246382640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Called people who do not understand the concept of ads on their computer.
Like the people who fall for typosquatters.
Not as dumb as the people who believe that the fellow from nigeria can make him rich, and enlargen his penis.</htmltext>
<tokenext>Called people who do not understand the concept of ads on their computer .
Like the people who fall for typosquatters .
Not as dumb as the people who believe that the fellow from nigeria can make him rich , and enlargen his penis .</tokentext>
<sentencetext>Called people who do not understand the concept of ads on their computer.
Like the people who fall for typosquatters.
Not as dumb as the people who believe that the fellow from nigeria can make him rich, and enlargen his penis.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538979</id>
	<title>Re:Nine-ball?</title>
	<author>KDingo</author>
	<datestamp>1246388100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Apparently she's not as dumb as we've perceived her to be.</p></htmltext>
<tokenext>Apparently she 's not as dumb as we 've perceived her to be .</tokentext>
<sentencetext>Apparently she's not as dumb as we've perceived her to be.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537991</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538775</id>
	<title>Re:Does this affect all browsers?</title>
	<author>Anonymous</author>
	<datestamp>1246385640000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>Firefox and IE are the targets of the trojan once it already has control over your computer.  That doesn't mean they are "vulnerable" or are in need of patches.</p><p>Only the last link in the Slashdot article discusses how these attackers gained control over your computer:</p><blockquote><div><p>After redirection, the exploit payload site returns highly obfuscated malicious code. The malicious code attempts to exploit <a href="http://www.microsoft.com/technet/security/Bulletin/ms06-014.mspx" title="microsoft.com">MS06-014</a> [microsoft.com] (targeting MDAC) and <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5820" title="mitre.org">CVE-2006-5820</a> [mitre.org] (targeting AOL SuperBuddy), as well as employing exploits targeting Acrobat Reader and QuickTime. The MS06-014 exploit code will download a Trojan dropper with <a href="http://www.virustotal.com/analisis/62254bf6a13a438bc53c0f3745c622c5c1604aa37e4f866036a1e94c35cc68f7-1245137075" title="virustotal.com">low AV detection rate</a> [virustotal.com]. This dropper drops a dll with the name <i>SOCKET2.DLL</i> to Windows' <i>system</i> folder. This file is used to steal user information. The malicious PDF file, served by the exploit site, also has <a href="http://www.virustotal.com/analisis/f9565077d685764b9e219358d4a64e2165fd8ac157fa46c955a5e35112aad894-1245160253" title="virustotal.com">very low AV detection rate</a> [virustotal.com].</p></div></blockquote><p>So, basically an IE hole that was fixed in 2006, plus a handful of plugin vulnerabilities.  They didn't even bother looking for an old Firefox vulnerability to exploit, perhaps because too many Firefox users are up-to-date.</p></div>
	</htmltext>
<tokenext>Firefox and IE are the targets of the trojan once it already has control over your computer .
That does n't mean they are " vulnerable " or are in need of patches.Only the last link in the Slashdot article discusses how these attackers gained control over your computer : After redirection , the exploit payload site returns highly obfuscated malicious code .
The malicious code attempts to exploit MS06-014 [ microsoft.com ] ( targeting MDAC ) and CVE-2006-5820 [ mitre.org ] ( targeting AOL SuperBuddy ) , as well as employing exploits targeting Acrobat Reader and QuickTime .
The MS06-014 exploit code will download a Trojan dropper with low AV detection rate [ virustotal.com ] .
This dropper drops a dll with the name SOCKET2.DLL to Windows ' system folder .
This file is used to steal user information .
The malicious PDF file , served by the exploit site , also has very low AV detection rate [ virustotal.com ] .So , basically an IE hole that was fixed in 2006 , plus a handful of plugin vulnerabilities .
They did n't even bother looking for an old Firefox vulnerability to exploit , perhaps because too many Firefox users are up-to-date .</tokentext>
<sentencetext>Firefox and IE are the targets of the trojan once it already has control over your computer.
That doesn't mean they are "vulnerable" or are in need of patches.Only the last link in the Slashdot article discusses how these attackers gained control over your computer:After redirection, the exploit payload site returns highly obfuscated malicious code.
The malicious code attempts to exploit MS06-014 [microsoft.com] (targeting MDAC) and CVE-2006-5820 [mitre.org] (targeting AOL SuperBuddy), as well as employing exploits targeting Acrobat Reader and QuickTime.
The MS06-014 exploit code will download a Trojan dropper with low AV detection rate [virustotal.com].
This dropper drops a dll with the name SOCKET2.DLL to Windows' system folder.
This file is used to steal user information.
The malicious PDF file, served by the exploit site, also has very low AV detection rate [virustotal.com].So, basically an IE hole that was fixed in 2006, plus a handful of plugin vulnerabilities.
They didn't even bother looking for an old Firefox vulnerability to exploit, perhaps because too many Firefox users are up-to-date.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538945</id>
	<title>Re:How the server gets infected?</title>
	<author>weicco</author>
	<datestamp>1246387620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Reading the article helps - there is only one server: my-web-way.com , which is supposedly controlled by the attackers.</p></div></blockquote><p>echo 0.0.0.0 my-web-way.com &gt;&gt; C:\WINDOWS\system32\drivers\etc\hosts</p><p>There. I ended up their revenue stream<nobr> <wbr></nobr>:)</p></div>
	</htmltext>
<tokenext>Reading the article helps - there is only one server : my-web-way.com , which is supposedly controlled by the attackers.echo 0.0.0.0 my-web-way.com &gt; &gt; C : \ WINDOWS \ system32 \ drivers \ etc \ hostsThere .
I ended up their revenue stream : )</tokentext>
<sentencetext>Reading the article helps - there is only one server: my-web-way.com , which is supposedly controlled by the attackers.echo 0.0.0.0 my-web-way.com &gt;&gt; C:\WINDOWS\system32\drivers\etc\hostsThere.
I ended up their revenue stream :)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537705</id>
	<title>Next step, bank accounts</title>
	<author>mlts</author>
	<datestamp>1246374240000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>This reminds me of the concern about bank fraud that IBM made the ZTIC device to help mitigate.</p><p>First, the attack is click fraud, but its not that large a jump to target bank transactions.  The malware can target a Web browser where a person thinks they transferred some cash to their savings from their checking, when in reality, their entire balance was just moved to an attacker's offshore account.  The malware would be doing a man in the middle dance making the victim think that everything is fine, when in reality their account is empty.</p><p>This type of attack would get around a lot of security measures used by banks today.  The only real defense would be to have a separate device that shows transactions on it and one confirms or denies on that device as opposed to a potentially compromised computer.</p></htmltext>
<tokenext>This reminds me of the concern about bank fraud that IBM made the ZTIC device to help mitigate.First , the attack is click fraud , but its not that large a jump to target bank transactions .
The malware can target a Web browser where a person thinks they transferred some cash to their savings from their checking , when in reality , their entire balance was just moved to an attacker 's offshore account .
The malware would be doing a man in the middle dance making the victim think that everything is fine , when in reality their account is empty.This type of attack would get around a lot of security measures used by banks today .
The only real defense would be to have a separate device that shows transactions on it and one confirms or denies on that device as opposed to a potentially compromised computer .</tokentext>
<sentencetext>This reminds me of the concern about bank fraud that IBM made the ZTIC device to help mitigate.First, the attack is click fraud, but its not that large a jump to target bank transactions.
The malware can target a Web browser where a person thinks they transferred some cash to their savings from their checking, when in reality, their entire balance was just moved to an attacker's offshore account.
The malware would be doing a man in the middle dance making the victim think that everything is fine, when in reality their account is empty.This type of attack would get around a lot of security measures used by banks today.
The only real defense would be to have a separate device that shows transactions on it and one confirms or denies on that device as opposed to a potentially compromised computer.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28541903</id>
	<title>Cat - mouse</title>
	<author>fulldecent</author>
	<datestamp>1246461420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>One solution to the AdSense cat-and-mouse game is conversion-based ad fees.</p><p>This is how the "complete 10 offers and get a free iPod" sites work. Clicking on the link doesn't work, you need to sign up for the offer and/or spend money.</p><p>If you are using AdWords fully, Google knows your conversions and knows what value those conversions provide to you. Your payment for ads could be changed so that you don't pay for CPM, you don't pay for clicks, you pay for conversions, which are money in your bank.</p><p>There is a possibility for you to game Google -- don't report all your conversions, effectively getting some of them for free. However, Google is already in the business of optimize ad serving to increase their revenue. This would be changed to optimize ad serving to increase BOTH of your revenues.</p><p>-----------</p><p>In an effort to produce a full post I will also address some implementation issues.</p><p>Another way to game Google here could allow free ads by creating many accounts or many campaigns. One solution is to have a hybrid payment method (You pay X cents per click plus Y\% of your conversion value). Another solution is to only offer this new payment method to long-standing customers or those who have already paid $X in fees for AdWords.</p><p>A transparent and easy solution would be difficult, but this would remove many of the excuses people currently have for NOT using AdWords, especially on the expanded content network.</p></htmltext>
<tokenext>One solution to the AdSense cat-and-mouse game is conversion-based ad fees.This is how the " complete 10 offers and get a free iPod " sites work .
Clicking on the link does n't work , you need to sign up for the offer and/or spend money.If you are using AdWords fully , Google knows your conversions and knows what value those conversions provide to you .
Your payment for ads could be changed so that you do n't pay for CPM , you do n't pay for clicks , you pay for conversions , which are money in your bank.There is a possibility for you to game Google -- do n't report all your conversions , effectively getting some of them for free .
However , Google is already in the business of optimize ad serving to increase their revenue .
This would be changed to optimize ad serving to increase BOTH of your revenues.-----------In an effort to produce a full post I will also address some implementation issues.Another way to game Google here could allow free ads by creating many accounts or many campaigns .
One solution is to have a hybrid payment method ( You pay X cents per click plus Y \ % of your conversion value ) .
Another solution is to only offer this new payment method to long-standing customers or those who have already paid $ X in fees for AdWords.A transparent and easy solution would be difficult , but this would remove many of the excuses people currently have for NOT using AdWords , especially on the expanded content network .</tokentext>
<sentencetext>One solution to the AdSense cat-and-mouse game is conversion-based ad fees.This is how the "complete 10 offers and get a free iPod" sites work.
Clicking on the link doesn't work, you need to sign up for the offer and/or spend money.If you are using AdWords fully, Google knows your conversions and knows what value those conversions provide to you.
Your payment for ads could be changed so that you don't pay for CPM, you don't pay for clicks, you pay for conversions, which are money in your bank.There is a possibility for you to game Google -- don't report all your conversions, effectively getting some of them for free.
However, Google is already in the business of optimize ad serving to increase their revenue.
This would be changed to optimize ad serving to increase BOTH of your revenues.-----------In an effort to produce a full post I will also address some implementation issues.Another way to game Google here could allow free ads by creating many accounts or many campaigns.
One solution is to have a hybrid payment method (You pay X cents per click plus Y\% of your conversion value).
Another solution is to only offer this new payment method to long-standing customers or those who have already paid $X in fees for AdWords.A transparent and easy solution would be difficult, but this would remove many of the excuses people currently have for NOT using AdWords, especially on the expanded content network.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540173</id>
	<title>New Apple accessory</title>
	<author>FishTankX</author>
	<datestamp>1246446780000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext>iFan: To keep blistering performance from blistering your hands. Also keeps you cool in the hot Iraqi summer, when our phones are out on the battlefield.</htmltext>
<tokenext>iFan : To keep blistering performance from blistering your hands .
Also keeps you cool in the hot Iraqi summer , when our phones are out on the battlefield .</tokentext>
<sentencetext>iFan: To keep blistering performance from blistering your hands.
Also keeps you cool in the hot Iraqi summer, when our phones are out on the battlefield.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523</id>
	<title>How the server gets infected?</title>
	<author>Anonymous</author>
	<datestamp>1246372920000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I can't find how the server gets infected. Is it Windows, Linux, Apache, IIS,<nobr> <wbr></nobr>... ?<br><br>What part is to blame?</htmltext>
<tokenext>I ca n't find how the server gets infected .
Is it Windows , Linux , Apache , IIS , ... ? What part is to blame ?</tokentext>
<sentencetext>I can't find how the server gets infected.
Is it Windows, Linux, Apache, IIS, ... ?What part is to blame?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537991</id>
	<title>Nine-ball?</title>
	<author>Anonymous</author>
	<datestamp>1246377000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Does this mean Cirno is the strongest?</htmltext>
<tokenext>Does this mean Cirno is the strongest ?</tokentext>
<sentencetext>Does this mean Cirno is the strongest?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538035</id>
	<title>Interesting Point</title>
	<author>Demonantis</author>
	<datestamp>1246377360000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext>Who would be liable for the bug? Since its dlls that are affected Microsoft would have to fix it. The thing is why should they? Their customers are not affected terribly. It is not technically fraud because it is not really misrepresenting what it presents. Google still benefits because of the adsense charges. It would be interesting to see who wants to fix this.</htmltext>
<tokenext>Who would be liable for the bug ?
Since its dlls that are affected Microsoft would have to fix it .
The thing is why should they ?
Their customers are not affected terribly .
It is not technically fraud because it is not really misrepresenting what it presents .
Google still benefits because of the adsense charges .
It would be interesting to see who wants to fix this .</tokentext>
<sentencetext>Who would be liable for the bug?
Since its dlls that are affected Microsoft would have to fix it.
The thing is why should they?
Their customers are not affected terribly.
It is not technically fraud because it is not really misrepresenting what it presents.
Google still benefits because of the adsense charges.
It would be interesting to see who wants to fix this.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539429</id>
	<title>Re:Next step, bank accounts</title>
	<author>Anonymous</author>
	<datestamp>1246480080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Let us say that your bank account were drained by said trojan.  You look it up on an uninfected machine and see that all your money was just transferred to say, Zaire.  You call your bank, bitch, moan, and you have your money back.  Said account in Zaire is banned from all transfers by that bank.</p><p>That's standard practice for fraud transfers.</p><p>Now, lets say instead, that your bank account was only short a dollar.</p><p>One single dollar.</p><p>Would you notice?</p><p>Alright, if you noticed, do you think the people you work with would notice?  All of them?  What about one in ten, out of say, a thousand people?</p><p>By the time you figure this out, the attackers in Zaire have already made hundreds of thousands of dollars.  Good luck getting the Bank of Zaire, or the police force in Zaire to get your money back.  Most likely it has been converted into a big house and a few cars.</p></htmltext>
<tokenext>Let us say that your bank account were drained by said trojan .
You look it up on an uninfected machine and see that all your money was just transferred to say , Zaire .
You call your bank , bitch , moan , and you have your money back .
Said account in Zaire is banned from all transfers by that bank.That 's standard practice for fraud transfers.Now , lets say instead , that your bank account was only short a dollar.One single dollar.Would you notice ? Alright , if you noticed , do you think the people you work with would notice ?
All of them ?
What about one in ten , out of say , a thousand people ? By the time you figure this out , the attackers in Zaire have already made hundreds of thousands of dollars .
Good luck getting the Bank of Zaire , or the police force in Zaire to get your money back .
Most likely it has been converted into a big house and a few cars .</tokentext>
<sentencetext>Let us say that your bank account were drained by said trojan.
You look it up on an uninfected machine and see that all your money was just transferred to say, Zaire.
You call your bank, bitch, moan, and you have your money back.
Said account in Zaire is banned from all transfers by that bank.That's standard practice for fraud transfers.Now, lets say instead, that your bank account was only short a dollar.One single dollar.Would you notice?Alright, if you noticed, do you think the people you work with would notice?
All of them?
What about one in ten, out of say, a thousand people?By the time you figure this out, the attackers in Zaire have already made hundreds of thousands of dollars.
Good luck getting the Bank of Zaire, or the police force in Zaire to get your money back.
Most likely it has been converted into a big house and a few cars.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537705</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28545887</id>
	<title>Re:Next step, bank accounts</title>
	<author>sabt-pestnu</author>
	<datestamp>1246474440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Bank statements do have transaction records on them.  While many people (myself included) do not examine them regularly or carefully, there are still many who would.</p></htmltext>
<tokenext>Bank statements do have transaction records on them .
While many people ( myself included ) do not examine them regularly or carefully , there are still many who would .</tokentext>
<sentencetext>Bank statements do have transaction records on them.
While many people (myself included) do not examine them regularly or carefully, there are still many who would.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539429</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538979
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537991
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540809
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538273
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538235
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540815
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538945
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538549
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28545887
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539429
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537705
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537955
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538289
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538297
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537863
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538137
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538775
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540617
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28548243
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537991
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540297
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538481
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537613
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_30_2237256_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538791
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537707
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537507
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538755
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537523
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537623
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538235
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540815
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538945
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537863
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538297
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540617
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537517
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540809
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538791
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538775
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538289
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538035
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537683
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538549
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537955
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538137
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538273
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537705
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539429
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28545887
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537613
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538481
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28540297
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28537991
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28538979
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28548243
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_30_2237256.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_30_2237256.28539093
</commentlist>
</conversation>
