Amazon offering top-selling MP3 tracks for $0.69

Amazon has dropped the price of its top-selling MP3 tracks to $0.69, according to The Los Angeles Times. That's a 20-cent drop from its previous $0.89 price. The move by the internet retail giant is seen as an attempt to knock Apple from its perch as the top distributor of music in the world. Currently, Apple's iTunes store has a 70 percent market share, while Amazon is a distant second at 10 percent.

The LA Times article also highlights some facts about the effect of price changes to music in the iTunes store since last year. In 2010 Apple raised the prices for most new songs in the iTunes store to $1.29, up from $0.99. However, that price increase slowed music sales growth considerably.

In 2009 when the average music track cost $0.99, digital music sales grew 8 percent in one year. After the raise to $1.29 per track, digital music sales only grew a meager 1 percent in 2010. Of course, Apple's not to blame for the price rise; it's the music studios who insisted on a higher per-track average price.

It's unclear who is eating the cost of Amazon's price reduction, but an NPD Group analyst questioned whether a $0.69 price for hot songs will actually increase Amazon's market share, or if the price will just create a platform for "opportunistic cherry pickers."

Amazon offering top-selling MP3 tracks for $0.69 originally appeared on TUAW on Sat, 30 Apr 2011 08:00:00 EST. Please see our terms for use of feeds.

Source | Permalink | Email this | Comments

SSCC 58 – Coreflood, DSLReports, Sony, Stars and Ars Technica

Sophos Security Chet Chat logoPaul Ducklin joined me from Sydney this week as we both returned home from a long and rewarding trip to InfoSec Europe.

While the news has been dominated by the recent attack on Sony Computer Entertainment, we started off talking about the actions the US government took against the Coreflood botnet. The news was largely positive, but it does allow broadened powers for the police that include actions some feel could further harm the victims.

When the topic of DSLReports, Sony and other data leakage incidents came up, our conclusions were ultimately in alignment. While these incidents are important and may draw our attention to the problem, these losses are only a small part of what Paul likes to call the "death of a million cuts."

On the topic of the supposed "Stars" virus, which Iran claims is a second stage Stuxnet virus, the conclusion was the same. Even if this "Stars" virus is real, and is a concern for Iran, in the meantime the rest of us are being hit with a barrage of cyber-crap that is having real impact on our lives.

No story is complete without some comment on Facebook and Chet Chat 58 is no exception. Aside from the usual list of attacks and scams, it appears that their DMCA takedown process and other pieces of their self-defense mechanisms are easily manipulated. Ars Technica's Facebook page was arbitrarily deleted this week based on a DMCA claim that no one has yet been able to explain.

If you prefer a news summary for the week in text format, visit the Sophos Security News and Trends for the latest selected hot topics or subscribe to our weekly newsletter, Sophos eNews.

(28 April 2011, duration 18:37 minutes, size 12.6MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 58.

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

Justin Bieber scam on FacebookIt's starting to seem like Facebook can't win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase "OMG! I Can't believe JUSTIN Bieber did THIS to a girl".

It leads to a page asking you to verify a simple math problem to "prevent bots from slowing down the site". In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

Comment-jack security check

It doesn't matter what you type, because it's a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says "Add a Comment" in the screenshot.

This bypasses Facebook's recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click "Like".

Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath.

Facebook Bieber scam wall post

More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn't yours.

While protecting yourself may not be as simple as not clicking anything that says "OMG!" that isn't a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours -- in other words, since this Facebook scam has been making the rounds.

To stay up to date on the latest threats, follow us on Facebook. For advice on how to configure your profile to protect your privacy check out our recommendations for Facebook settings.

New vBookshelf launched

I just launched my new vBookshelf section of vSphere-land which can be found under the vInfo drop-down menu. I’ve gathered together over 30 books related to VMware and virtualization and have links and information on them. I think I’ve put together a pretty complete selection of good books that are available but if I’ve missed any please let me know. I’d also like to highlight 4 good books that have been recently released.

Click here to access the vBookshelf section of



Title: Visible Ops Private Cloud: From Virtualization to Private Cloud in 4 Practical Steps

Authors: Andi Mann, Kurt Milne, Jeanne Morain

Publish Date: April 8, 2011


Title: VMware vSphere Design

Authors: Scott Lowe, Maish Saidel-Keesing, Forbes Guthrie

Publish Date: March 8, 2011


Title: VMware vSphere PowerCLI Reference: Automating vSphere Administration

Authors: Luc Dekens, Alan Renouf, Glenn Sizemore, Arnim van Lieshout, Jonathan Medd

Publish Date: April 12, 2011


Title: VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers (2nd Edition)

Authors: Edward Haletky

Publish Date: February 18, 2011

Linux on a Fingernail

This issue of Linux Journal is all about how to get Linux in your pocket. In this article, I go one better and tell you how to get Linux on your fingernail. Now, before you get too excited, I won't be discussing some new nano-computer being used by James Bond, unfortunately. Instead, I discuss how to put Linux on a micro-SD card (or any other USB drive, for that matter). more>>

Compromised ads leading to TDSS rootkit infections

As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and succeed in compromising a high profile, popular site. Another way to increase the number of users exposed to the attack is to compromise advertising content, thereby exposing all users of any 3rd party sites that happen to load the ads.

Late yesterday evening, we started to see evidence of such an attack - Sophos products were blocking certain ad content as Mal/Iframe-U.

Knowing that detection and what it looked for, I was pretty sure that the ad server of Campus Party was compromised.

Sure enough, I could see that in addition to the desired ads (for the July Campus Party event in Valencia), the content also contained malicious JavaScript (highlighted in yellow):

Not the first time I have seen an OpenX ad-server getting compromised, and I suspect it won't be the last.

Deobfuscating the JavaScript reveals the payload. As our Mal/Iframe-U detection name suggests, it is an iframe to load further malicious content from a remote server.

This initiates the attack, triggering a chain of events summarised below:

  • ad content (pro-actively blocked as Mal/Iframe-U) silently loads content from the attack site.
  • user's browser and browser plug-ins are inspected to determine most appropriate exploit content to load. For this a legitimate library is used.
  • exploit content (e.g. Mal/HcpExpl-A, Troj/Lifsect-A, Mal/ExpJS-M) is loaded in order to infect the user with malware. At the time of writing, the exploit site is currently serving up a rootkit which Sophos products detect as Mal/TDSSPack-AX.

As is typically the case for today's web attacks, all of the script components used are heavily obfuscated in an attempt to thwart detection efforts and hinder analysis.

We have already informed those at Campus Party about this issue in order that they can get the malvertising attack cleaned up as soon as possible. In fact as I type, I can see that the ad server is already offline, presumably whilst they resolve the issue. Kudos to them for actioning this quickly!

As to the root cause of the compromise, I do not know exactly how the server was compromised. However, given history, my money would be on an out of date or unpatched version of OpenX.