Live Blog: Countdown to Conficker
I found this live blog regarding the Conficker for those of you interested in tracking it’s progress through the evening. Apparently there are some outside reports of various locations in Asia seeing some light effects from the variant but nothing too heavy. Hopefully we all wake up in the morning and laugh about it…
You can track the live blog here: http://ow.ly/1Ou2
This post will be updated continually to track activity on the Conficker worm, the latest variant of which had been expected to hit the Internet on April 1. Click here or read below for background on Conficker.
7:25 p.m. PDT: Trend Micro’s Paul Ferguson reports that things seem quiet. "So far, there’s been no significant activity," he said, adding that a Trend Micro researcher in the Philippines reported seeing the same amount of traffic on Wednesday as he had been seeing the past few days in Asia-Pacific.
4:00 p.m. PDT: The Conficker worm is stirring on some infected computers in Asia where it’s April 1, but so far the activity is very tame, security researchers say.
"We’ve seen activity in honeypot machines in Asia…They’re generating the 50,000 list of (potential) domains to contact," said Paul Ferguson, an advanced threats researcher for Trend Micro.
The latest variant of the worm, Conficker.C, was set to activate on April 1, which for some of the infected machines will happen at local time and for others it will be GMT, depending on whether the machines are turned on and connected to the Internet, he said.
The process seems to be starting slowly, with infected machines starting to generate the list of domains and then picking one domain and trying to contact it and waiting before continuing on through 500 of those 50,000 domains, according to Ferguson.
The owners of the infected computers likely won’t notice anything, unless they can’t access the Web sites of security vendors and then they will know they are infected, he said. Trend Micro has figured out a way to unblock the computer from the sites that the worm has blocked using a Microsoft networking service, he said. More details are on the Trend Micro site.
"Nothing at this point; we’re running updates every half hour or so," Dave Marcus, director of security research for McAfee Avert Labs, said when asked to report what he was seeing. "They’re supposed to connect to one of a variety of Web sites and download a piece of code. What that code is supposed to do is up in the air."
IBM ISS’s X-Force group also reported that things were quiet, at least for the moment, in Asia where most of the infections are. Nearly 45 percent are in Asia, followed by Europe at about 30 percent, 13.6 percent in South America and 5.8 percent in North America, according to the Frequency X blog.
IBM ISS also said it had found a way for ISPs to detect infected computers on a network by monitoring the peer-to-peer communications the worm makes between infected PCs.
Experts say the worm could be used to steal passwords or other sensitive data from infected computers, or turn them into a botnet that sends out spam.
The worm exploits a vulnerability in Windows that Microsoft patched in October and spreads through weakly protected network shares and via removable storage devices, like USB drives.
Conficker.C also shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It reaches out to other infected computers via peer-to-peer networking, in addition to being programmed to reach out to 500 domains to receive updated copies or other malware instead of just 250 domains as earlier versions did.
Click here for an FAQ about the worm.
Live blog: Countdown to Conficker | Security – CNET News
Conficker: Just in Case
Honestly I am getting ready to go to bed and sleep easy tonight, but before I do, I figured I would throw another log on the fire for those that want to stay up tonight and panic about the Conficker worm, here’s a survival guide by Christopher Null from Yahoo Tech in regards to the Conficker worm variant.
I can think of at least 3 or 4 times in history that we have been baited to wait on a payload deployed by worms like this Conficker and they never panned out really, or at least on the global scale that analysts are calling for this one too. Personally I think that there might be a little something to this one, but I don’t foresee the global impact that everyone is expecting, but just to be on the safe side, everyone should probably stockpile canned goods and board games just in case. Good Night!
Tomorrow — April 1 — is D-Day for Conficker, as whatever nasty payload it’s packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type — passwords, credit card numbers, etc. — and send that information back to its masters?
No one knows, but we’ll probably find out soon.
Or not. As Slate notes, Conficker is scheduled to go "live" on April 1, but whoever’s controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there’s less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C — the latest bad boy — will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there’s no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking.
Conficker’s a nasty little worm that takes serious efforts to bypass your security defenses, but you aren’t without some tools in your arsenal to protect yourself.
Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught.
But if Conficker’s already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss — try booting into Safe Mode, which Conficker prevents, to check — you should run a specialized tool to get rid of Conficker.
Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec’s Conficker (aka Downadup) tool, Trend Micro’s Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don’t have Conficker.)
As a final safety note, all users — whether they’re worried about an infection or know for sure they’re clean — are also wise to make a full data backup today.
What won’t work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Temporarily disconnecting your computer from the web won’t help if the malware is already on your machine — it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the above instructions to detect and remove the worm.
Oh yeah, and let’s don’t forget what tomorrow is…
And, don’t get me wrong, if I was terribly concerned I probably would not be getting ready for bed…
Last-minute Conficker survival guide : Christopher Null : Yahoo! Tech
My Approach to Monetization
I have a simple, possibly hard headed, approach to monetization. Granted I haven’t ran a campaign personally in several years, and I know that the game has changed a lot in that time, but I don’t think that I am too far off base w/ my thought process here… (and I would love to get some feedback from any of my readers who are enjoying some success). Here are some principles that I have been putting into play with my monetization campaign on this website:
- Only work with advertisers that are contextually relevant to your websites content. For instance, if this website is geared toward web developers that work with PHP and wordpress, then my ads should be relevant to my audience.
- Only work with advertisers that you would do business with yourself. For instance, I got burned once by 1-800-Flowers, and for that reason their ads will never show up on my website. I feel like this is important because the products that you are pushing on your website are somewhat of a reflection of yourself. I have carefully built my blogs subscribers over time and I certainly don’t want to alienate them because they have a bad experience from one of the vendors on my website.
- Carefully utilize your sites real estate. I know that I am probably out of alignment with ShoeMoney’s teachings, if you notice his website, he has his ads up to the top of the page where they are in plain view of his audience. I prefer to gradually ease my audience into the idea that I am recommending products on my blog other than my own. It is for this reason that I have set my ads to run lower in my sidebar, and that they are only visible once a user scrolls down the page.
- When building my ads I ask myself, would I click on this link? Personally I do not click on ads that much, I just don’t do it. I don’t have a reason either, it’s just not in my habit to do it. A few things that turn me off about a lot of ads are the blinking animations. I feel like if your brand is strong enough, you don’t have to do that with your advertising. If you notice, none of the ads on this website are animated, they are simply logo images for companies that are already well established and reputable brands.
- Have a good balance of adsense and affiliate links on your site. Personally I don’t have adsense running on this website right now but I will soon. Of course, they will be smaller locations on the site. The thing about adsense and pay per click type ads is that the visitor only has to click on them to make you money, but with the affiliate links, your revenue is often tied to the actual purchase of goods or services.
- Don’t go overboard, one of the biggest things I see when people first start monetizing their websites is that they literally go overboard with the ads, and the content is somewhere hidden between three or four large blinking gif images.
Granted, I have only been running affiliate ads on this website for a short period of time but I have already seen some transactions take place as a result of using this philosophy. Could I make more revenue from this website through monetization by abandoning these principals, absolutely! I know that I could, but I don’t plan on ever pursuing it…
I would love to hear some feedback from online marketers that are involved in their own monetization campaigns and get their opinions.
More Thoughts on Monetization
You might notice that I am now running some advertisements on my blog in the sidebar. For those of you who know me, you will know that this is a stretch for me, up until this year I never attempted to monetize any of my personal projects, and honestly I haven’t built an affiliate link in 8 or 9 years when I owned theproteinstore.com.
My reasoning for not getting into these affiliate programs probably has to do with the fact that I am a bit OCD when it comes to brightly colored, distracting, blinking ads that run right in the corner of your eye. These ads still make it hard for me to focus on the actual content of the website.
Contextual relevance has also been a big thing for me, if I was going to run ads on theproteinstore.com, they had to be related to health and fitness, and I wouldn’t run anything else. Even while I was running the ads I would use them very sparingly, often times designing my own ad in photoshop to make it look a little less obtrusive and to blend in with the page content. This often times would prove to be way more trouble than it was worth, even on a good month my biggest commission checks were under a hundred dollars.
I have been watching a lot of ShoeMoney’s podcasts and following his blog very closely and he does a great job with monetization, in fact he is making a nice living from it, so is Norm Chow and a few other ones out there, but the truth of the matter is that most of the ones that are handing out advice for monetization aren’t doing that well, it doesn’t take a genius to realize that a lot of these guys are skewing their traffic metrics just to sell advertising and “get rich quick” programs.
While absorbing some of ShoeMoney’s teachings this past week I decided to start investigating a few partnership opportunities that were out there along with my business partner Greg Smart. I think we have about 3 or 4 partnerships going right now with various services that provide us with our choice of contextually relevant advertisers.
For those of you that aren’t familiar with how these programs work, you basically signup and then select from a large list of advertisers that you would like to work with. I selected mostly ones that I thought would be relevant to our Nascar fan base on NascarView but then decided to look into some advertisers that might do well on this website. Since I primarily blog about wordpress and web development I figured those would be some good areas of interest.
I am a huge fan of Brian Gardner, he is a great guy that designs some of the best, if not the best, premium templates for wordpress that are on the market. I use his themes as a starter for a vast majority of my projects inside of wordpress because they are standards friendly, easy to configure and build on top of. Brian, like a lot of the wordpress theme providers on the web today, already had an affiliate program setup so I just opted into that and was approved right away. I setup my first ad in about 8 years on my website! If you notice the studiopress link in the sidebar, that’s it…
Well, I have been using another product that basically generates standards compliant themes for wordpress, joomla, and drupal called Artisteer. I have been real impressed with Artisteer so I decided to post that link on my blog as well and do a little story about the product, etc.
Here’s where it get’s interesting. That night I totalled $49.95 in sales for the Artisteer theme generator. I couldn’t believe it, that was like 3 days worth of adsense revenue and it had only been on my website for a few hours. Okay, so at this point I am hooked, I start signing up for programs with all kinds of companies that I knew were reputable, and that I would honestly do business with myself. I was approved for most of these requests, a few didn’t approve.
If you will notice my links located in the sidebar for Sirius, The North Face, Overstock.com, Omaha Steaks, iTunes, Nautica, and Petsmart, those are my affiliate links. Basically how this works is that anytime a visitor to my website hits one of these links and goes onto that companies website and makes a purchase I get a percentage of that purchase back at the end of each month.
For instance, with the Artisteer link, the overall sale was $49.95, my take on that sale is $5.00. I know it’s not going to bring on an early retirement or anything but here’s the gist of it, I didn’t have to do anything for that $5.00, it came in on it’s own…
This frustrates me a little bit knowing that all along I have had this pretty incredible blog traffic going on and that there is no way to know how much affiliate revenue I could have been generating all along with these type of programs.
And the only excuse I have is because I am a little bit OCD and don’t like blinking ads everywhere. If you notice, none of my ads are blinking but people are still clicking on them and purchasing products from my advertisers. It’s an amazing thing to me that I have been in this industry as long as I have and am just now starting to pick up on this again after 8 or so years…
If you visit NascarView.com, you will notice that we are running sponsorships, paid ads, and direct ads on the website now, and have income streaming in from a couple of different locations now. Of course we don’t have anywhere near the amount that I think we will one day have, especially when our direct ad sales start playing a factor.
All of this to say, I am kicking myself in the butt right now. And oh yeah, be sure to support my advertisers.
As a sidenote, if you own a website or have considered starting one, and would like to discuss the possibilities of monetizing your project, please feel free to contact my business partners and I, we would love the opportunity to work with you and share our experiences with you…
Need a Meeting Location in Little Rock…
Tonight we are having our Central Arkansas Refresh Group meeting at the Starbucks at 9401 N. Rodney Parham Road and if this weeks attendance is going to be anything like last months meeting, I have an idea that is sort of what the meeting is going to look like. (we probably won’t all have on spiderman suits, but there’s a good possibility that someone in our group will show up with one on…)
With the growth of our group, which you can find out more about here, we are looking expecting some awesome learning and networking opportunities, but the growing size of our group is going to leave us a little bit over firecode for our Starbucks location in the very near future. If you have a venue in the Central Arkansas / Little Rock area that is able to accommodate approximately 30-40 people and would like to support what we are doing, please feel free to let us know…
—————————————
Featured on TheCabin.net
Mike Allen from the Conway Log Cabin Democrat Newspaper came by yesterday and interviewed me in regards to our new NascarView project. Below you will find the article from this mornings newspaper and online edition.
There’s a new Web site designed for NASCAR fans that was launched this year, and the results have been a big hit across the nation.
Cotton Rohrscheib, who’s now working out of his home office in Conway, along with other team members, Stephen and Greg Smart, purchased the Web site NascarView.com four years ago. After presenting NascarView.com to Web viewers this year, the site has exploded in the amount of support from viewers and advertisers.
"This is a Web site geared for the fans," Rohrscheib said. "We offer a family friendly Web experience and monitor profanity or mature content from being posted. We keep it rated G, so we want the whole family to be able to use the site."
The Web site covers four areas of the sport. It has feature stories, which includes some of the biggest names in NASCAR. Team ownership and the driver’s news are also covered in depth by the Web site. NascarView.com also recaps and previews the past and future races.
"It just seemed like it was a need for a family-friendly NASCAR Web site that people of all ages can get on and take part in," Rohrscheib said. "This way people can have sort of sense of some community and social networking. Out of the 10 years that I’ve been building Web sites, this site is probably in the top two or three in terms of growth. It’s gotten that big."
NascarView.com is the only Web site that uses a Facebook connect at this time, which means Facebook users can automatically login to NascarView.com using their Facebook accounts. The Web site also just hit the 1,000 mark for followers on Twitter.com. It was recently the ninth highest Twitter feed on Twitter.com, according to wefollow.com.
"With MarkMartin.com, we already had a list of people who knew who we were," Rohrscheib said. "We’ve basically built relationship with guys over the years working in the sport. … Different guys have kind of helped us get the word out."
The Web site also features two popular podcasts: The Final Lap Radio and the Phatguys Fantasy Podcast. Rohrscheib has been a frequent guest on both. He is also good friends with NASCAR driver and Batesville native Mark Martin. According to Rohrscheib, the Web site’s biggest feature is Live Racing Chat, which takes place during the cup series races on Sundays. Bloggers from around the nation discuss the events that happen during the course of the race. The Live Racing Chat is also moderated by Cooter, who inputs in-car audio from the drivers during the race. So, fans can read what their favorite NASCAR driver is saying during the race.
"It’s an information-heavy (Web site)," Rohrscheib said. "We get our revenue from advertising on the site, so we’re looking for anyone who wants to advertise or sponsor."
Rohrscheib is also the co-founder of Pleth Networks, LLC. This year it was awarded the Best of Show for the Interactive Category by the American Advertising Federation for www.thechurchalive.org. They beat out 60,000 entrants in the Addy competition. Pleth, with 500 clients worldwide, has offices in Conway, Batesville and Jonesboro.
TheCabin.net ·· Web site helps NASCAR fans connect 03/31/09
Reminder: Refresh Meeting Tomorrow!
Just wanted to remind everyone about the Central Arkansas Refresh Group meeting tomorrow night. I have posted a tentative agenda for our next meetup online here. We have secured lots of giveaways for the meeting so be sure to bring your business cards.
Since it was kind of short notice we didn’t put out a call for speakers, but will be accepting them for the next meeting if any of you are interested? Speakers tomorrow night will be myself and Nick Brewer (please see the agenda for more information. I hope that everyone can attend, here’s a map to the location for those interested:
———————-
Artisteer: Wordpress Theme Generator
I have been playing around with a software program called Artisteer for a month or so now and it’s starting to grow on me. With Artisteer you can develop your very own Wordpress Theme using the WYSIWYG wizard / editor and export it out in just a fraction of the time it would take to customize a community theme or hand-code your own.
Artisteer also allows you to export your theme for use in other popular content managements solutions like Joomla and Drupal, or you can select HTML w/ stylesheet and the software takes care of the rest. There is also a feature to export directly out to HTML w/ an attached stylesheet, this can come in handy if you are trying to matchup a layout. Here’s the best part of the software though, the WYSIWYG editor, or Wizard, is extremely easy to get around in, and it pretty much lets you control every aspect of the design process.
If you are looking for a tool that will save you some time while working with Wordpress, I strongly recommend taking a look at Artisteer.
User Roles in Wordpress
Probably one of the nicest things about WordPress in my opinion is the way that users are managed inside the software. For instance, if you have a group of bloggers that submit content to your website, you can set them up as contributors and allow them to post to your blog and update their own blog entries. Tools like Windows Live Writer can also be used by contributors to submit their content.
With subscribers, all content has to be approved by an Administrator before it actually appears live on your website. By utilizing contributors for your writers or bloggers, you can eliminate the need to repost or embed any media components that are submitted by normal methods such as email or copying from blog to blog.
As an administrator you are also able to approve or schedule when certain posts go live. This is also a very handy tool if you are pushing out a high volume of content to your readers.
Below you will find some information about user roles inside of Wordpress that I grabbed from the Wordpress Codex…
The WordPress Roles feature is designed to give the blog owner the ability to control and assign what users can and cannot do in the blog. A blog owner must manage and allow access to such functions as writing and editing Posts, creating Pages, defining Links, creating Categories, moderating Comments, managing Plugins, managing Themes, and managing other users. The tool that gives the blog owner that control is the ability to assign a Role to a user.
WordPress Version 2.0
WordPress Version 2.0 introduces the concept of Roles. The WordPress distribution comes delivered ’standard’ with five pre-defined Roles:
Administrator, Editor, Author, Contributor, and Subscriber. Each Role is allowed to perform a set of tasks called Capabilities. There are thirty Capabilities including publish_posts, moderate_comments, and edit_users. The Capabilities are pre-assigned to each Role.
The Administrator Role is allowed to perform all possible Capabilities. Each of the other Roles has a decreasing number of allowed Capabilities. For instance, the Subscriber Role is allowed just the read and level_0. One particular Role should not be considered to be ’senior to’ another Role. Rather, consider that Roles define the user’s responsibilities within the blog.
Plugin developers will likely revise the ’standard’ Roles and Capabilities because WordPress Developers left open the future possibility of assigning a user to one or more Roles, or assigning Capabilities directly to a User. Since Plugins might change Roles and Capabilities, just the ’standard’ Roles and Capabilities are addressed in this article.
Super Powers for Blog Owner
The person with the most important Role is that of blog owner. Typically, the blog owner is the person responsibile for maintaining and
backing up the WordPress MySQL database as well as managing the WordPress repository of files (programs, scripts, plugins, themes, images, uploads). Ultimately, the smooth operation of a blog depends on the blog owner fulfilling this ‘ultimate role’. Note: The blog owner, in many cases, also acts the Role of Administrator but may choose to assign other users the Administrator Role.
Summary of Roles
- Administrator – Somebody who has access to all the administration features
- Editor – Somebody who can publish posts, manage posts as well as manage other people’s posts, etc.
- Author – Somebody who can publish and manage their own posts
- Contributor – Somebody who can write and manage their posts but not publish posts
- Subscriber – Somebody who can read comments/comment/receive news letters, etc.
Roles
The identity a particular user assumes in a blog is called their Role. A Role essentially describes the set of tasks, called
Capabilities, a person is allowed to perform. For instance, the role of Administrator encompasses every possible task that can be performed within a WordPress blog. On the other hand, the Author role allows the execution of just a small subset of tasks.
WordPress 2.0 simplifies the User Level approach of WordPress 1.5 by rolling up adjacent levels with similar permissions into logical, named roles. For example, Level 0 is now assigned to the Subscriber role, while Levels 5-7 together make up the Editor role.
Roles and Capabilities « WordPress Codex
Facebook Surpasses 200 Million Users
This is a hard number to put your head around, but 200 million people will be a part of the Facebook social network by this time next week. There are so many things that I feel like have contributed to Facebook’s rapid growth, but probably the biggest factor is the quality of their product. Facebook offers an incredible user experience and is a very controlled environment that respects privacy, unlike MySpace in so many ways…
I would however like to see a side by side comparison between Twitter and Facebook in terms of new user % since the first of the year. The media has given Twitter such a boost in the first quarter of this year that it has to be creeping up in terms of new users to Facebook.
Tomorrow Facebook should theoretically be crossing the 200 million users level tomorrow based on our estimates but according to Wei Zhu of Facebook, the number could be as high as 280 million. While speaking at a Facebook Tech Talk, Wei Zhu slips and says that the site has 250 million users if not 280 million users (I’ve included the video below). At that point a communications person (I’d assume) jumps in to correct him on the number to 200 million.
Regardless of if it’s greater, they have confirmed that they at least surpassed 200 million and if growth keeps at this pace, the company should easily surpass 300 million before the end of the third quarter (if not earlier based on what Wei Zhu said). It was a wide range of numbers that Wei Zhu provided but most likely he was just confused about the numbers.So is Mike Arrington’s suggestion that Facebook is understating their numbers by a huge sum accurate or was his take on it just linkbait? My guess it was linkbait since that’s how they roll and this time, they’ve baited the fish. Nothing like some old fashion speculating on a Friday night!
The site continues to experience tremendous growth and we will continue following that growth all the way up. The real question is how far the company will go before it begins to peak. Right now the site is adding around 1 million new domestic users a week which also helps to increase revenues substantially since U.S. ad revenue accounts for the majority of Facebook’s income.
If the site doesn’t slow down in the growth internationally, Facebook is going to become one extremely expensive behemoth to run (as if it wasn’t already). Then again, when you have the majority of online users connected via your site, revenue can’t be that big of a problem, can it?
Facebook Surpasses 200 Million Users
