China warns about return of destructive Panda virus

A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee. The first Panda worm gained fame in China for switching the icons of infected files with an image of a panda holding three incense sticks. The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect, said Vu Nguyen, a McAfee Labs researcher. "It has gotten more complex with the addition of a rootkit," said Nguyen. "It definitely makes it more challenging for users to clean up and even to know that their systems have been compromised." A rootkit burrows into a system to try to hide the existence of malware. The same image would also flash across a victim's screen, but the worm's final goal was to install password-stealing Trojan horses.

Its author was ordered to write a removal tool for the worm and later sentenced to four years in prison. The worm infected millions of PCs, according to Chinese state media. China's national virus response center warned about the updated worm earlier this week, but it dubbed the virus Worm_Piloyd. The center said it had found a worm spreading online that infected executables and html files. B and did not link it to Panda. The worm blocked a victim's PC from restoring infected files, turned off active antivirus software and directed the machine to Web sites to download Trojan horses and other malware, the center said.

The new worm is unlikely to hit as many PCs as the first one. The center urged Internet users to step up defense on their PCs against unknown viruses. Chinese companies and Internet users are much more aware of malware than they were a few years ago, partly because of the wake-up call brought by the first Panda worm, said Nguyen. Chinese police are rushing to keep pace and cybercrime arrests have become more common in the country. As in other countries, cybercrime looks increasingly professional in China and labor is often divided along the production chain from virus design to the sale of stolen information.

Police in central Hubei province recently took six suspects into custody for building and selling viruses and attacking victims with a botnet, Chinese state broadcaster CCTV said this week. Separately, a Shanghai court this week sentenced a man to six months in prison after his Internet company spent the equivalent of $17,500 to launch a denial-of-service attack on a rival's servers, according to local media. The group made over 2 million yuan (US$290,000) in about six months from their activities, the report said. The man's company, iSpeak, paid for the use of a botnet to attack rival Duowan.com, reports said. China officially had 338 million Internet users at the end of June, more than the population of the U.S.

A botnet is a network of malware-infected PCs that an attacker can order to repeatedly contact a target server all at once, overwhelming the machine with requests for information and essentially shutting it down.

Online libel case stirs up free speech debate

An Illinois politician's attempt to unmask the identity of an e-mail poster who allegedly made disparaging remarks about her teenage son in an online forum is stirring a debate about free speech rights on the Internet. The paper had run a story describing a bitterly contested local election that Stone was running in. The case involves Lisa Stone, Trustee of the Village of Buffalo Grove, Il. According to a story in the Chicago Tribune , someone anonymously posted "deeply disturbing" comments about Stone's 15-year old son earlier this year in a local newspaper. In response to that story an individual using the name Hipcheck15 posted comments that were critical of Stone.

Those comments, in turn, evoked allegedly defamatory statements directed against Stone's son by Hipcheck15, the Tribune story said. The comments apparently prompted Stone's son to go online and post comments in defense of his mother. The paper did not say what exactly Hipcheck15 wrote, but it quoted Stone as describing the comments as being "vile" and "shocking." Stone did not immediately respond to an e-mailed request from Computerworld seeking comment for this story. In response to an order from the court, the paper turned in the IP address for Hipcheck15. Stone then obtained a similar order from the circuit court judge that asked Hipcheck15's Internet service provider, or ISP, to reveal the true identity of the person to whom the IP address was assigned to. As part of an effort to file a defamation lawsuit against Hipcheck15, Stone approached the Cook County Circuit Court and asked it to order the newspaper to turn in the true identity of the poster, the Tribune said. According to the Tribune, the ISP late turned in the identity of Hipcheck15 to the court last month.

Stone apparently has insisted that all she is trying to do is protect her son and other children from being similarly attacked online. A hearing is now scheduled for November 7 to decide whether the judge should provide Stone with Hipcheck15's true identity. She is hoping the case will serve as a deterrent against similar attacks. Individuals who libel or defame others online, anonymously or otherwise, are just as exposed to lawsuits as they are in the physical world and cannot expect First Amendment rights to automatically protect them. "Saying you're a lousy professor is one thing. Eugene Volokh, professor of law at the University of California at Los Angeles' School of Law, said the case serves as another reminder that online anonymity does not automatically provide immunity against libel charges.

But saying you molest 13-year olds is completely different," he said. Judges in other cases have shown a willingness to do just that if, in their opinion, the complaints had merit. Though one might use a pseudonym to conceal their true identity a court can force an ISP to unmask them in such cases, Volokh said. In a similar case earlier this year, a Texas circuit court judge ordered an online news aggregation site to turn over identifying information on 178 people who had anonymously posted allegedly defamatory comments about two individuals involved in a sexual assault case. William Pieratt Demond, a partner at Connor & Demond PLLC, a law firm in Austin that is representing the couple, today said that the online site has since turned over information that has so far led to three people being identified as tied to the comments.

The two individuals, who were acquitted of all charges, had claimed they had been subjected to intense and inarguably defamatory comments in the online forum. Libel lawsuits have been filed against all three, Demond told Computerworld today. Judges have to make the decision whether an online comment reflects just a personal opinion which is protected, or if it crosses the line and becomes defamatory. "Courts have said that because revealing a speaker's identity could end up deterring people from speaking up, we are going to require some showing whether there is a cause," he said. In the Stone case, it is hard to know how much merit her complaint has, Volokh said. Ed Yohnka, spokesman for the American Civil Liberties Union of Illinois, said the case was troubling. "We think anonymous speech on the Internet is really critical and needs to be protected," Yohnka said. Yohnka warned against a growing tendency by corporations and individuals to use defamation claims as a way to get the courts to force ISPs to unmask anonymous online commentators. "Saying something is defamatory shouldn't be the trigger" for deciding when someone should be unmasked he said.

It has traditionally been one way in which people have chosen to express themselves on political and social issues, he said. Corporations and public figures in particular need to show they have a prima facie case before they are allowed to seek the identity of an anonymous poster, Yohnka said.

Storage software market sees signs of life, but no major recovery

The storage software market showed signs of rebounding in the second quarter, but is still falling short of the pace set last year. Within the storage software market, revenue for replication products grew 5% compared with the first quarter of this year, and data protection and recovery revenue was 3% higher than in the first quarter. Worldwide, storage software vendors raked in $2.8 billion in revenue in the quarter, down nearly 10% vs. the second quarter of 2008, according to an IDC report issued last week.\ However, some positive signs emerged. Revenue for device management and archiving software has also grown slightly since the beginning of 2009. "The storage software market is slowly starting to recover with positive growth over the first quarter of 2009," IDC analyst Michael Margossian said in a press release.

Globally, revenue for external disk storage systems was $4.1 billion in the second quarter, an 18% decline year-over-year. However, IDC cautioned that growth between the first and second quarters is typical, so the year-over-year comparisons are more significant. 9 data storage companies to watch   While last week's report covers storage software, IDC this month also reported that storage hardware sales continue to struggle. The network disk storage market declined 15% year-over-year. EMC led the storage software market with 22.4% of revenue in the second quarter, ahead of Symantec (18.5%), IBM (11.5%) and NetApp (8.5%). EMC also leads the external disk storage systems market with 21.5% of worldwide revenue. This was the third straight year enterprise storage systems revenue declined in the second quarter.

Microsoft pushes switchover deal for CRM Online

Microsoft is trying to steal away Salesforce.com and Oracle CRM on Demand customers with a new offer that will provide them with six months' access to its own CRM Online application at no charge if they sign a 12-month contract. That compares to $65 per month per user for Salesforce.com Professional. Microsoft charges US$44 per month per user for CRM Online Professional edition. Oracle CRM on Demand pricing starts at $70 per month per user.

Microsoft will consider expanding access to customers of other CRM products once it sees how well the program is received, Wilson said. Meanwhile, Microsoft's application is comparable from a feature standpoint and "already about 35 percent cheaper" than the competition, said Brad Wilson, general manager of Dynamics CRM. The six-month offer is valid through the end of this year. Six months is about how long it takes a customer to know for sure whether an application is right for their business, said Ray Wang, partner with the analyst firm Altimeter Group. For one thing, a customer and Oracle or Salesforce.com may have a year-to-year deal, which might still be in effect when the six-month trial period expires, Wang said. But potential hurdles lie in the way of a smooth transition over to CRM Online, he added. While contract terms may allow the customer to cancel, they may not get a refund on the year's remaining fees, according to Wang. "Hopefully you'd be [signed up] month-to-month.

Microsoft on Monday also announced price cuts for its Business Productivity Online Suite. It's good to check and see where you are in that process." Overall, however, "users win" in price wars like this, Wang said. Other SaaS (software as a service) vendors, such as NetSuite, have made a steady stream of financial enticements in recent months too, as sales slowed during the global recession. It is also planning to roll out the software worldwide in the second half of 2010, he said. Salesforce.com has also quietly lowered monthly per-user fees for its two lowest-end editions, Contact Manager and Group Edition, to $5 and $25 respectively, down from $9 and $35. Meanwhile, Microsoft is announcing the CRM switch-over deal in conjunction with an update to CRM Online, Wilson said.

The service is now available in North America. No credit card information is required to sign up, although users need to provide an e-mail address. In the new release, Microsoft made signing up for CRM Online "super-simple," he said. They can then start a free trial with either Microsoft's Outlook client or a browser-based interface, Wilson said. A series of help tools provide information on setup and maintenance. Thirty-day trials include sample data so users can begin experimenting with the system.

Microsoft has also developed an improved data import wizard. In addition, mobile access is available at no additional charge for any phone with a HTML 4.0-compliant Web browser. "We specifically tried to engineer [the application] to make it really easy for people who don't have CRM systems," Wilson said.