Watch Out Microsoft: Seattle A Nest Of Content Thieves!

Posted by Paul McDougall on May 7, 2009 01:44 PM

Much has been made lately about news organizations' efforts to crack down on so-called aggregators who exist to repackage content that was generated on someone else's dime. The Daily Beast? Guilty. Newser? Guilty. Huffington Post? Guilty. The city of Seattle? Yup, Microsoft's hometown is guilty, guilty guilty!

My spelunk through the public Web sites this morning turned up a bunch of material that somehow sounded familiar. As though I was hearing a distant, fading echo. Like I had read it all somewhere else before. And that's probably because I had! This content was recently published by the very same company that signs my checks every fortnight—United Business Media.

Except I hadn't landed on a UBM site. Nope, I was looking at the city of Seattle's online Information Security Newsletter.

Here's a May 1st post on Seattle.gov that warns municipal employees about an Acrobat vulnerabilty.

A new zero-day vulnerability in Adobe Reader has been disclosed, once again putting the popular PDF reader in possible peril from attackers.
The newly discovered vulnerability affects "all currently supported shipping versions" of the software, meaning Versions 9.1, 8.1.4, 7.1.1, and earlier of Adobe Reader and Acrobat, and on all operating system platforms for the applications, said Adobe's Product Security Incident Response Team (PSIRT) in its blog this afternoon.
The company is also "currently investigating" the exploit that also was posted with the vulnerability disclosure, blogged Adobe's David Leone.
"Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh, and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a time line as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue," blogged Leone.
This is the second major zero-day flaw to be exposed in Adobe Reader this year. In February, Adobe reported a buffer overflow bug in Reader and Acrobat. A researcher later demonstrated that a user merely storing -- and not even opening -- a PDF infected via the flaw could trigger an attack.

And here's an article written April 28 by Kelly Jackson Higgins over at InformationWeek.com sister site DarkReading.com.

A new zero-day vulnerability in Adobe Reader has been disclosed, once again putting the popular PDF reader in possible peril from attackers.
The newly discovered vulnerability affects "all currently supported shipping versions" of the software, meaning Versions 9.1, 8.1.4, 7.1.1, and earlier of Adobe Reader and Acrobat, and on all operating system platforms for the applications, said Adobe's Product Security Incident Response Team (PSIRT) in its blog this afternoon.
The company is also "currently investigating" the exploit that also was posted with the vulnerability disclosure, blogged Adobe's David Leone.
"Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh, and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a time line as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue," blogged Leone.
This is the second major zero-day flaw to be exposed in Adobe Reader this year. In February, Adobe reported a buffer overflow bug in Reader and Acrobat. A researcher later demonstrated that a user merely storing -- and not even opening -- a PDF infected via the flaw could trigger an attack.

Hmm, there seems to be some similarities.

Now, before anyone trucks out the old Fair Use red herring, let me assure you that Seattle's rendering of our article includes no attribution, no link, and no references to the author, DarkReading, or UBM. It's copied whole cloth and stamped as its own.

Imitation is the sincerest form of flattery, but we here at UBM shouldn't get swelled heads. Seattle appears to be ripping off content from virtually every tech publication out there.

Here's a May 6 "bulletin" on Seattle.gov about a PDF vulnerability.

Adobe said it plans to release an update by May 12 for the recently disclosed Reader and Acrobat vulnerability.
In doing so, Adobe will push out Windows updates for Reader and Acrobat versions 7, 8 and 9 and Macintosh and Unix updates for versions 8 and 9, David Lenoe, Adobe's security program manager, said Friday afternoon in a blog post.
The company also has confirmed a second vulnerability in its Reader for Unix software, which also is slated to be fixed in next week's update, Lenoe said. That bug does not affect Windows or Mac versions, but Adobe is investigating whether it can "reproduce an exploitable scenario."
Proof-of-concept code for both vulnerabilities has been published on the web; however, Adobe is not aware of any live attacks.
As users await the patches, Adobe has suggested they disable JavaScript in Reader and Acrobat, Lenoe said. In addition, the company has contacted leading anti-virus providers so they can build in protection to their products.
This is the second major zero-day PDF flaw to strike the popular viewer this year.

And here's a story published May 5th by Dan Kaplan of Haymarket Media's SC Magazine.

Adobe said it plans to release an update by May 12 for the recently disclosed Reader and Acrobat vulnerability.
In doing so, Adobe will push out Windows updates for Reader and Acrobat versions 7, 8 and 9 and Macintosh and Unix updates for versions 8 and 9, David Lenoe, Adobe's security program manager, said in a blog post.
The company also has confirmed a second vulnerability in its Reader for Unix software, which also is slated to be fixed in next week's update, Lenoe said. That bug does not affect Windows or Mac versions, but Adobe is investigating whether it can "reproduce an exploitable scenario."
Proof-of-concept code for both vulnerabilities has been published on the web; however, Adobe is not aware of any live attacks.
As users await the patches, Adobe has suggested they disable JavaScript in Reader and Acrobat, Lenoe said. In addition, the company has contacted leading anti-virus providers so they can build in protection to their products.
This is the second major zero-day PDF flaw to strike the popular viewer this year.

There's that echo again!

Now on to Exhibit C—a May 6 post on Seattle.gov about Windows 7, again without any reference or link to a third party source.

Pirated copies of Windows 7 Release Candidate (RC) on file-sharing sites contain malware, according to users who have downloaded the upgrade.
Windows 7 RC, which Microsoft Corp. will officialy launch on May 5, leaked two weeks ago, with copies first appearing on BitTorrent tracking sites on April 24.
Some of the pirated builds include a Trojan horse, numerous users said in message forums and in comments on BitTorrent sites such as Mininova.org.
"Just a warning for anyone downloading the new RC builds of windows 7. Quiet [sic] a lot of the downloads have a trojan inbedded [sic] in the setup EXE," said someone identified as Frank Fontaine on a Neowin.net discussion thread. "The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe."
Fontaine's antivirus software identified the "codec.exe" file as a generic Trojan.
"Suspicious codec.exe!" reported someone labeled as "UltimateGTR" on Mininova, commenting on one of the 32-bit builds.
Another Mininova commenter, "WuNgUn," identified the malware as the "Falder" Trojan, which downloads fake security software, dubbed "scareware," to PCs and installs a rootkit to hide from legitimate antivirus products.
Microsoft, which has cited potential infection as a reason to steer clear of unauthorized downloads, jumped on the news. "This unfortunately shows that there are those out there who see the significant interest in something such as Windows 7 as an opportunity to try to take advantage of others," said Alex Kochis, director of Microsoft's Genuine Windows anti-piracy technology group, in a post to a company blog on Friday.

Talk about coincidence! That sounds just like this May 5th story by PC World's Gregg Keizer.

Pirated copies of Windows 7 Release Candidate (RC) on file-sharing sites contain malware, according to users who have downloaded the upgrade.
Windows 7 RC, which Microsoft Corp. will officially launch this week, leaked two weeks ago, with copies first appearing on BitTorrent tracking sites on April 24.
Some of the pirated builds include a Trojan horse, numerous users said in message forums and in comments on BitTorrent sites such as Mininova.org.
"Just a warning for anyone downloading the new RC builds of windows 7. Quiet [sic] a lot of the downloads have a trojan inbedded [sic] in the setup EXE," said someone identified as Frank Fontaine on a Neowin.net discussion thread. "The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe."
Fontaine's antivirus software identified the "codec.exe" file as a generic Trojan.
"Suspicious codec.exe!" reported someone labeled as "UltimateGTR" on Mininova, commenting on one of the 32-bit builds.
Another Mininova commenter, "WuNgUn," identified the malware as the "Falder" Trojan, which downloads fake security software, dubbed "scareware," to PCs and installs a rootkit to hide from legitimate antivirus products.
Microsoft, which has cited potential infection as a reason to steer clear of unauthorized downloads, jumped on the news. "This unfortunately shows that there are those out there who see the significant interest in something such as Windows 7 as an opportunity to try to take advantage of others," said Alex Kochis, director of Microsoft's Genuine Windows anti-piracy technology group, in a post to a company blog on Friday.

The list of blatantly plagiarized stories on Seattle.gov goes on and on. Other victims include Conde Nast's Wired, InfoWorld, and many other publications.

Here's what's most troubling about all this. I'm used to having my stuff ripped off all the time by so-called bloggers and shady Web sites operating out of countries where the concept of copyright translates roughly to, "That means I can copy it, right?"

But I wouldn't expect this behavior from employees of a major municipality right here in the U.S.

Microsoft has been at the forefront of efforts to combat piracy and intellectual property theft, but most of its efforts have focused on China and other developing markets. Note to Ballmer and Co.: Time to start looking in your own backyard!