A search run by the iWorm malware against Reddit yielded lists of compromised servers making up the botnet's command and control network. Dr.WEB

The Russian antivirus vendor Dr. Web has reported the spread of a new botnet that exclusively targets Apple computers running Mac OS X. According to a survey of traffic conducted by researchers at Dr. Web, over 17,000 Macs worldwide are part of the Mac.BackDoor.iWorm botnet—and almost a quarter of them are in the US. One of the most curious aspects of the botnet is that it uses a search of Reddit posts to a Minecraft server list subreddit to retrieve IP addresses for its command and control (CnC) network. That subreddit now appears to have been expunged of CnC data, and the account that posted the data appears to be shut down.

The Dr. Web report doesn’t say how Mac.BackDoor.iWorm is being distributed to victims of the malware. But its “dropper” program installs the malware into the Library directory within the affected user’s account home folder, disguised as an Application Support directory for “JavaW." The dropper then generates an OS X .plist file to automatically launch the bot whenever the system is started.

The bot malware itself looks for somewhere in the user’s Library folder to store a configuration file, then connects to Reddit’s search page. It uses an MD5 hash algorithm to encode the current date, and uses the first 8 bytes of that value to search Reddit’s “minecraftserverlist” subreddit’—where most of the legitimate posts are over a year old.

Read 3 remaining paragraphs | Comments

alex

It was just about a month ago when the Justice Department kicked to the curb the attorneys representing the alleged Silk Road mastermind. The government said there wasn't a National Security Agency "bogeyman" needed to discover the illicit drug site's servers as the defense lawyers alleged.

Instead, the authorities said poor programming by defendant Ross Ulbricht allowed the FBI to easily discover the Icelandic servers because of a leak in the site's login CAPTCHA.

"Ulbricht conjures up a bogeyman – the National Security Agency (“NSA”) – which Ulbricht suspects, without any proof whatsoever, was responsible for locating the Silk Road server, in a manner that he simply assumes somehow violated the Fourth Amendment," Serrin Turner, the assistant US attorney in New York, had written in a September court filing.

Read 11 remaining paragraphs | Comments

tonystl

Apple will soon have to face a trial over accusations it used digital rights management, or DRM, to unlawfully maintain a lead in the iPod market, a federal judge has ruled. The plaintiffs' lawyers, representing a class of consumers who bought iPods between 2006 and 2009, are asking for $350 million.

Last week, US District Judge Yvonne Gonzales Rogers gave the green light (PDF) to sending a long-running antitrust lawsuit against Apple to trial. Plaintiffs in the case say that Apple used its FairPlay DRM system to "lock in" its customers and make it costly to switch to technology built by competitors, like Real Networks. They describe how Apple kept updating iTunes to make sure songs bought from Real's competing digital music store couldn't be used on iPods. As a result of this lock-in, Apple was able to overcharge its customers to the tune of tens of millions of dollars.

At an earlier hearing, Apple's lawyer claimed the plaintiffs don't have "any evidence at all" showing harm to customers from the FairPlay DRM. The Robins Geller lawyers representing the class said they had thousands of complaints from consumers who were upset because they couldn't play non-iTunes songs on their iPods.

Read 13 remaining paragraphs | Comments

The Gaylord Opryland hotel in Nashville, Tennessee used to block guests' personal hotspots. Michael Kappel

Marriott Hotel Services has come to a $600,000 agreement with the Federal Communications Commission to settle allegations that the hotel chain "interfered with and disabled Wi-Fi networks established by consumers in the conference facilities" at a Nashville hotel in March 2013.

According to the nine-page order issued on Friday, a guest at the Gaylord Opryland hotel in Nashville, Tennessee complained that the hotel was "jamming mobile hotspots so you can’t use them in the convention space."

The hotel admitted to the FCC that "one or more of its employees used containment features of a Wi-Fi monitoring system at the Gaylord Opryland to prevent consumers from connecting to the Internet via their own personal Wi-Fi networks."

Read 5 remaining paragraphs | Comments

Apple is reportedly set to announce new iPads and more at an event on October 16. Andrew Cunningham

When it rains, it pours—Apple was silent for most of 2014 before dropping iOS 8, new iPhones, and the Apple Watch announcement on us last month. Now, Re/code says the company plans to hold an iPad-centric event at its on-campus town hall event space in Cupertino on October 16. Re/code (formerly AllThingsD) has a stellar track record for predicting Apple event dates, so we're inclined to believe them even though the event is falling on a Thursday instead of a Tuesday (as Apple events usually do).

New iPads will reportedly be the focus of the event, and it's not hard to guess what they'll look like. Expect tablets that look a lot like last year's iPad Air and Retina iPad Mini, but with the new A8 chip, TouchID support, and 802.11ac Wi-Fi. There have been rumors about a new larger 12.9-inch iPad, but most of them say that if a bigger tablet comes, it will be next year.

Joining the new iPads onstage will be OS X Yosemite, a near-final "Golden Master" build of which was just distributed to developers earlier this week. Last year, Apple launched the final version of Mavericks on the same day as the event, and we expect the same for Yosemite.

Read 2 remaining paragraphs | Comments

Christie MicroTiles, a set of modular panels for large-format displays. Note the faint lines going through the images. Christie Digital Systems USA, Inc.

The Wall Street Journal reports that Google's secretive, hardware-focused laboratory, Google X, has a display division—and it's current working on making giant displays. The head of the division is Mary Lou Jepsen, cofounder of the One Laptop Per Child (OLPC) Project and founder and former CEO of Pixel Qi, a startup that makes displays that are readable in direct sunlight.

The report says that Google X is hard at work creating "large-scale video displays" that are "composed of smaller screens that plug together like Legos to create a seamless image." The modular design would allow for different screen shapes and sizes, just by moving the modules around.

This sounds like most large-format displays already in existence, such as the Christie MicroTiles pictured above. The Google X difference is that the group is trying to figure out how to make modules without any seams at all. If you look closely at the picture above, you can see the borders around each rectangular module.

Read 1 remaining paragraphs | Comments

Sonny Vleisides (right), is Butterfly Labs' cofounder and largest shareholder. A federal judge told him in January 2014 that there was a "strong smell" of fraud with respect to his company. Nasser Ghosieiri

A new order issued by a federal court in Kansas City on Thursday has effectively extended a temporary restraining order set down earlier this month, leaving Bitcoin mining rig builder Butterfly Labs (BFL) under the control of a court-appointed receiver. The order does allow for "limited operations" by the company, however.

For the last 15 months, Ars has followed BFL as it has gone from being a curious hardware startup in a nascent industry to becoming the target of a federal investigation brought by the Federal Trade Commission.

The FTC believes the three named members of the company’s board of directors—Jody Drake (aka Darla Drake), Nasser Ghoseiri, and Sonny Vleisides—spent millions of dollars of corporate revenue on non-corporate expenses like saunas and guns while leaving many customer orders either wholly unfulfilled or significantly delayed.

Read 10 remaining paragraphs | Comments

A bat (left) flutters near the nacelle of a wind turbine in one of the authors' videos.

Wind turbines mostly get bad press for killing birds, but they might actually have a bigger impact on bats, which appear to be killed in large numbers at wind farms. This might disproportionately affect bat populations because, as the authors of a new paper put it, "Bats are long-lived mammals with low reproductive potential and require high adult survivorship to maintain populations."

A team of researchers decided to find out why bats have so many lethal interactions with the turbines. To do so, they used infrared video cameras that imaged any warm-blooded animals close to the wind farm. They also used radar to follow groups of animals flying around the site, which included flocks of migratory birds. In addition, audio recorders were used to determine which species of bats were present, as well as whether they were hunting. Combined with over 1,300 hours of video footage, the data presented a fairly complete picture of the areas near the wind farm in question.

Eighty percent of the close encounters observed between animal and equipment involved bats. The mammals flew near the blades and the body of the wind turbines, sometimes within two meters. In some cases, they chased each other around the hardware or lingered for several minutes near it. The close approaches were more common under two conditions: the presence of bright moonlight and during periods of low winds. The bats also typically approached from the downwind direction when the wind was slow.

Read 4 remaining paragraphs | Comments

When it comes to user-generated content on the Internet, the rules and norms regarding sponsorship are usually vague at best. Two major game-focused platforms took steps to clear up that vagueness this week, introducing policies that require users to disclose when their content or recommendations could be influenced by company payments.

Gameplay streaming site Twitch introduced its new commitment to "transparency in sponsored content and promotion" in a detailed blog post last night, noting that the state of Web video has changed dramatically in the company's three years of existence (not to mention its $970 million Amazon buyout). These days, what Twitch calls "influencer campaigns" are an increasingly common way "for an advertiser to leverage the celebrity of a content creator on various video platforms to drive awareness and purchase intent for the advertiser’s brand or product."

This can be a win-win situation for the streamer and the advertiser, Twitch argues, but only if there is "complete transparency and unwavering authenticity with all content and promotions that have a sponsor relationship." Without that kind of disclosure, Twitch says, "gamers can tend to look skeptically on the ecosystem because they don’t know what is paid-for content and what is not. It also opens influencers to potential criticism."

Read 3 remaining paragraphs | Comments

Verizon CEO Lowell McAdam. Verizon

Verizon seemingly won a huge victory in January when a federal appeals court struck down network neutrality restrictions on blocking and discriminating against Internet content over fixed broadband connections.

But Verizon's lawsuit against the Federal Communications Commission could backfire, with the commission now considering even stronger rules on both fixed and wireless networks. That's why fellow Internet service providers are "secretly furious" with Verizon, tech policy reporter Brendan Sasso of National Journal wrote today:

Other Internet service providers won't publicly criticize Verizon. But privately, lobbyists grumble that they wouldn't be in this mess if Verizon had just accepted the old rules.

Four broadband-industry officials said there's widespread frustration with Verizon for making what they view as a bad strategic error. Some companies had even tried to talk Verizon out of filing its lawsuit, officials said.

"They were like a dog chasing a bus," one broadband source said. "What are you going to do when you catch the bus?"

The 2010 FCC rules that Verizon successfully overturned prevented fixed broadband providers from blocking Internet content and strongly discouraged paid prioritization agreements in which online services pay ISPs for priority access to consumers. The rules for cellular carriers were weaker, though; wireless carriers were allowed to block applications that didn't compete against their telephony services and did not have to follow the anti-discrimination rule.

Read 4 remaining paragraphs | Comments

Wikimedia Commons user Tabercil

Celebrities who had their nude photos stolen last month are now threatening Google with a $100 million lawsuit unless the search giant does a better job of removing copies of the photos found on its various services, including YouTube and Blogger.

The threat was laid out in a letter signed by Marty Singer, a well-known Hollywood attorney, and acquired yesterday by The Hollywood Reporter and other Tinseltown news sites. In the letter, Singer says that Google has allowed the "blatant violations" to continue despite the fact that it's been four weeks since he first sent a takedown notice to the company.

"We are writing concerning Google's despicable, reprehensible conduct in not only failing to act expeditiously and responsibly to remove the Images, but in knowingly accommodating, facilitating and perpetuating the unlawful conduct," writes Singer. "Google is making millions and profiting from the victimization of women. As a result of your blatantly unethical behavior, Google is exposed to significant liability and both compensatory and punitive damages that could well exceed One Hundred Million Dollars ($100,000,000)."

Read 6 remaining paragraphs | Comments

Something tells us this Xeno isn't interested in making out. (Or breath mints, for that matter. Yikes.)

CN.dart.call("xrailTop", {sz:"300x250", kws:["top"], collapse: true});

There was no way that the Xeno could have seen where I hid. I’d been looking for medical supplies in this space station’s sickbay, and after receiving directions from a fellow straggler, I found a computer terminal, bathed in sickly green light, with the information I needed. Unfortunately, booting the machine set off an alarm. Damn.

I already knew the alien bastard was coming before the motion tracker in my hands began to vibrate wildly, and sure enough, the Xeno soon descended from a hole in the roof. I ran behind a corner and poked my head out to watch its bendy limbs flex and its massive mouth water through a plume of fog. I knew my revolver would never fell this thing, so I waited for an opening and made a dash for a mechanical door. Once through, I slammed it shut with a manual override button, then I crawled into a locker down the hallway and hid.

Read 21 remaining paragraphs | Comments

Alex Bellus

BRAINERD, MN—With 15 minutes to go, I put on my helmet and retreated inside it, focusing on what to do next. My heart rate had been steadily climbing all morning in anticipation of racing in anger for the first time in 2014. One of my team mates, Scott, has been out on the soaking wet track for the last two hours, but he’ll soon be visiting the pit lane for a fuel stop and to hand the car over to the next driver; the next driver being me. Way back in 2011, I wrote a piece asking (and answering) the question of whether it was possible to learn how to race cars just by playing video games. It was my first real foray on a track after nearly 20 years of wanting to get into motorsport, and I’ve not looked back since. No games this time. Rather, as someone who simply races for a hobby, I’d been curious about quantifying the physical workload involved.

Your author, focusing before he gets in the car. Elle Gitlin

Even though I’ve accumulated a respectable amount of racing hours in the intervening years, I still spend the hours between waking up on race day and getting in the car questioning why I'm actually doing all this. "So what if one time I drove here and came back to the pits on three wheels? Didn't we fix that and come in fourth the following day?" I've felt much better about my pre-race stage fright after hearing Felix Baumgartner discuss his own problem during the Red Bull Stratos jump, and I gave myself a similar pep talk. “The car will be good. You’ve done this before, you know what you need to do. Build up to speed. Concentrate. Focus on your driving, ignore the lap times.” As Scott brings the car into the pit lane, I wait atop the pit wall, seat insert in hand (I’m short and need a booster seat). Only four people are allowed over the wall if the car's gas cap is open; the fueler, someone wielding a fire extinguisher, the driver, and one other person who can help, strapping in—or pulling out—the driver.

Getting situated in the car happened smoothly. I tightened the straps as a helping hand plugged in my radio jack and the dry-break connector that joins my cool shirt to its chilled reservoir. The cool shirt is a wonderful thing. Worn underneath that heavy nomex, it's a t-shirt crisscrossed with surgical tubing. Cold water is pumped from an insulated tank through the tubes and across your torso, at a rate determined by a knob on the dash. On hot summer days it comes into its own, removing 'it's hot' from the (very long) list of things drivers want to complain about over the radio.

Read 23 remaining paragraphs | Comments

Net Market Share

Chrome's usage share surged in September, with Google's browser hitting new highs on both mobile platforms and on the PC. At the same time, Windows 8.x's share declined, with a shift in usage back to Windows 7.

Net Market Share Net Market Share

The biggest loser in September was Firefox, dropping a remarkable 1.05 points. Internet Explorer was down slightly, falling 0.09 points, and Safari declined a little more steeply, losing 0.31 points. Chrome was a massive winner, however, up 1.58 points to reach a new high usage share.

Net Market Share Net Market Share

Chrome is up sharply in the mobile space, too. Google's preferred browser added 1.82 points in September and, like the desktop browser, is now at an all-time high. While previous Chrome growth has appeared to come at the expense of Android Browser, the WebKit-based browser that was formerly built in to Android, that wasn't the case in September, with the old browser picking up a minor 0.09 points. This is a little distressing. Almost all installations of Android Browser are susceptible to major privacy flaw, and while Google has issued a patch for the browser, this patch can only be installed through a firmware update. Chrome is immune to the same flaw, and so all Android users who can use it should use it.

Read 3 remaining paragraphs | Comments

Activists involved in Hong Kong's "Umbrella Revolution" have been targeted by remote access malware for Android and iOS that can eavesdrop on their communications—and do a whole lot more. Pasu Au Yeung

Malware-based espionage targeting political activists and other opposition is nothing new, especially when it comes to opponents of the Chinese government. But there have been few attempts at hacking activists more widespread and sophisticated than the current wave of spyware targeting the mobile devices of members of Hong Kong’s “Umbrella Revolution.”

Over the past few days, activists and protesters in Hong Kong have been targeted by mobile device malware that gives an attacker the ability to monitor their communications. What’s unusual about the malware, which has been spread through mobile message “phishing “ attacks, is that the attacks have targeted and successfully infected both Android and iOS devices.

The sophistication of the malware has led experts to believe that it was developed and deployed by the Chinese government. But Chinese-speaking hackers have a long history of using this sort of malware, referred to as remote access Trojans (RATs), as have other hackers around the world for a variety of criminal activities aside from espionage. It’s not clear whether this is an actual state-funded attack on Chinese citizens in Hong Kong or merely hackers taking advantage of a huge social engineering opportunity to spread their malware. But whoever is behind it is well-funded and sophisticated.

Read 17 remaining paragraphs | Comments

The same yeast used in your home brews is also deployed for industrial ethanol production. Flickr user Mike

When it comes to making ethanol from things like sugarcane and corn, we've turned to the method that has been used for ethanol production for millennia: give yeast some sugar, and take away their oxygen. Just as they do when making beer or wine, the yeast take the sugar and partially metabolize it, releasing ethanol as a waste product.

While the basics are easy to do, it's turned out to be hard to get yeast to operate well in the sorts of environments that lead to efficient production of biofuels. At some level, the ethanol the yeast produce becomes toxic (as it is for us). And brewer's yeast tends to grow best at moderate temperatures (30 degrees Celsius), while biofuel production works best at temperatures of around 40 degrees Celsius.

So far, the approach used for getting yeast to be a better biofuel producer has not exactly been carefully planned: we've just continued to grow them in the harsh environment of a biofuel reactor and wait for evolution to take its course. But two papers that appear in today's Science describe targeted changes that greatly enhance the ability of yeast to survive in a biofuel reactor.

Read 12 remaining paragraphs | Comments

CyanogenMod.org

A report from The Information (subscription required) claims that Google tried to buy Cyanogen, Inc, the maker of the custom Android ROM CyanogenMod. According to the report, Cyanogen's chief executive told shareholders that Sundar Pichai, the head of Chrome and Android at Google, met with the company and "expressed interest in acquiring the firm." The report says Cyanogen Inc. declined the offer, saying that it was still growing.

It's unclear what Google would want to do with Cyanogen. The company basically does the same software work any other OEM does: it takes AOSP, customizes it, and ports it to devices. It doesn't have a ton of features that replicate Google services, so without a Google Play license, it's just as poor as any other AOSP-derived Android distribution. Buying Cyanogen would give Google an in-house Android distribution and a team of engineers, both of which it already has in abundance. We suppose the plan could be to buy it and shut it down, but we're not sure what that would accomplish, either.

The primary feature of CyanogenMod is that it's close to stock Android and ported to tons of devices. There's no special sauce there that Google would need, and CyanogenMod is "barely generating any revenue," according to the report.

Read 1 remaining paragraphs | Comments

A screenshot from Pissedconsumer.com of a review that the vice president of Roca Labs claimed to have posted suggesting an endorsement that Alfonso Ribeiro's attorneys dispute.

On Wednesday, representatives of the actor Alfonso Ribeiro, who played Carlton Banks in Fresh Prince of Bel Air and who recently appeared on Dancing with the Stars, weighed in on an unlikely case involving a weight loss firm called Roca Labs and a website called pissedconsumer.com. Ribeiro says that Roca Labs has falsified his endorsement of its product.

Back in September, Roca Labs sued pissedconsumer.com, which is owned by a company called Opinion Corp., saying that the website was wrongly posting negative reviews from consumers who signed non-disparagement agreements with Roca. Roca asked a Florida federal court to award the company over $1 million and to compel pissedconusmer.com to "cease and desist their conduct against ROCA" and to "remove all negative content from their website and Twitter." Roca Labs went so far as to ask the court to make pissedconsumer.com provide the names and addresses "of all alleged ROCA customers who have helped in posting negative content on Defendants website."

The dispute is among the latest cases testing the limits of online speech, and the alleged falsification of Alfonso Ribeiro's endorsement adds a new wrinkle into the mix.

Read 10 remaining paragraphs | Comments

Greetings, Arsians! Our partners at LogicBuy are back with a ton of deals this week, and the top item is a Dell XPS 12 convertible touchscreen ultrabook.

For $749.99, you get a 1080p touchscreen, Core i5-3437U processor, 4GB of RAM, and a 256GB SSD. We actually did a full review of this bad boy earlier, so if you're on the fence, check it out. (Spoiler: it's nice.) That and a ton more deals are below.

Featured deal

Read 8 remaining paragraphs | Comments

Meier holds forth with fans at last weekend's Firaxicon fan gathering.

BALTIMORE—Ask most game designers what in their childhood inspired them to get into the business, and they'll give you a list of their favorite early video game experiences. For Firaxis co-founder and Civilization creator Sid Meier, those youthful inspirations don't include any video games, because video games didn't actually exist when he was a child.

"I remember covering the living room floor with toy soldiers and bricks and whatever it was," Meier told a crowd of nearly 200 at last weekend's first ever Firaxicon fan gathering outside Baltimore, which Ars attended. "As I got a little older, [I was] getting into Avalon Hill, strategy games... [Designing games] is really reliving my youth in a lot of ways, the fantasy of pirates or trains or airplanes, things like that... the fun of the way a kid approaches a topic, exploring it. I think there's a sense of uncovering and exploration in a game, the same thing I'd experience as a kid..."

Meier wasn't fated to continue that childlike fun into his adult career, though. He started out studying physics and math in college, installing cash registers as his first job. "But computers were so empowering," he recalled. "The idea that you could write a program that would calculate pi to 10,000 digits, or just do cool things with just a few instructions was very exciting to me... I think game designers like to do new things, explore new frontiers, and it was really a new frontier at that time."

Read 16 remaining paragraphs | Comments