Christopher Boyd
Encyclopedia
Chris Boyd re-diverts here. For the association footballer, see Kris Boyd
.
Christopher Boyd, better known as his online pseudonym
Paperghost, is a computer security
researcher awarded a Microsoft Most Valuable Professional
award for computer security.
Boyd is former Director of Malware
Research for security company FaceTime, and currently works for Sunbelt Software
.
and spyware.
In November 2004, a modular hacking technique was employed to compromise Windows end-users by hacking Apache servers. When hacked, the servers would redirect a user on any of the server's websites, leading them to a set of ever-changing infection pages. These pages employed recoded viruses, trojans, malware and
spyware. This technique is used heavily today by the groups behind the spyware CoolWebSearch
(CWS).
The idea that alternative browsers such as Opera
and Firefox could somehow enhance end-user security was cut down in March 2005 with the discovery of a Java applet that, if agreed to, would install a large (and varied) adware bundle onto the end-user's PC. It was found that having the "rogue" site in the user's blocklists and security tools would do nothing, the install bypassing these tactics completely if the end-user clicked "Yes". An updated Firefox .XPI installer (which infected Internet Explorer) was also deployed in some of these installs.
systems that were previously clean was now on the rise. Boyd discovered that BitTorrent forums and file-sharing sites were used as a major source of distribution for Aurora (a program produced by Direct Revenue) and a number of other major adware programs, wrapped up in bundles produced by Metrix Marketing Group (MMG), a company who lost control of their own network. Potentially copyright infringing files, illegal pornography and incorrect / absent disclosure was exposed on such a scale as to cause the companies involved (Direct Revenue, 180solutions and others) to publicly declare their discontinuation of these methods.
This story caused such an uproar that numerous media pundits weighed in, and (in some cases) made a delicate situation worse. An article by John C. Dvorak
of PC Magazine
alleged Boyd was part of some "Grand Microsoft Conspiracy" to bad-mouth BitTorrent to the benefit of their planned P2P tool, Avalanche. Furious P2P users (who were not familiar with the backstory of the investigation) even went as far to say Boyd was in league with the RIAA, out to create further problems for file-sharers by bringing these bundles to light. However - Dvorak's piece caused something approaching outrage on the other side of the fence, leading a fellow Ziff Davis Media publication to go head to head with Dvorak. Dave Methvin of PC Pitstop followed up the investigation with his findings. He alleges that some of the films distributed contained potentially illegal underage pornography, and not long after, MMG went offline and the Adware companies all pulled out of this particular distribution.
. The toolbar allowed the user to store credit card details, and also opened up a fake Google
search page. Boyd also tracked the toolbar back to 2003, through three different versions, each one exploiting vulnerabilities in the Windows operating system.
being distributed via instant messaging
, hidden inside a large payload of adware
and spyware
. Over a period of months, the group behind the attacks distributed numerous inventive payloads (such as a forced install of BitTorrent to spread movie files) and were eventually traced back to the Middle-East.
" on their Weblog, with bad feeling in evidence on both sides to this day. He is regularly referenced on other leading antispyware sites such as Sunbelt Blog, Suzi Turner's ZDNet blog and Ben Edelman's home page.
In December 2009, Boyd posted a message on Twitter indicating he was no longer working for FaceTime and was seeking employment.
From February 2010 Christopher Boyd is working for Sunbelt Software.
Kris Boyd
Kris Boyd is a Scottish professional footballer who currently plays as a striker for Turkish side Eskişehirspor.Boyd grew up in the Ayrshire village of Tarbolton and started his senior career with Kilmarnock. He transferred to Rangers in January 2006, and was Rangers' top goalscorer in each of his...
.
Christopher Boyd, better known as his online pseudonym
Pseudonym
A pseudonym is a name that a person assumes for a particular purpose and that differs from his or her original orthonym...
Paperghost, is a computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
researcher awarded a Microsoft Most Valuable Professional
Microsoft Most Valuable Professional
The Microsoft Most Valuable Professional is the highest award given by Microsoft to those it considers "the best and brightest from technology communities around the world" who "actively share their ... technical expertise with the community and with Microsoft"...
award for computer security.
Boyd is former Director of Malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
Research for security company FaceTime, and currently works for Sunbelt Software
Sunbelt Software
Sunbelt Software was a computer security software company based in Clearwater, Florida. On July 13, 2010, its CEO, Alex Eckelberry, announced in a that GFI Software acquired it in full.Among its products are*Sunbelt Personal Firewall*Counterspy...
.
Computer security
In July 2004, Boyd launched Vitalsecurity.org and he has been instrumental in uncovering and bringing to the public attention issues of privacyPrivacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
and spyware.
In November 2004, a modular hacking technique was employed to compromise Windows end-users by hacking Apache servers. When hacked, the servers would redirect a user on any of the server's websites, leading them to a set of ever-changing infection pages. These pages employed recoded viruses, trojans, malware and
spyware. This technique is used heavily today by the groups behind the spyware CoolWebSearch
CoolWebSearch
CoolWebSearch is a well-known spyware program that installs itself on Microsoft Windows based computers. It first appeared in May 2003.- Effects :...
(CWS).
The idea that alternative browsers such as Opera
Opera (web browser)
Opera is a web browser and Internet suite developed by Opera Software with over 200 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail messages, managing contacts, chatting on IRC, downloading files via BitTorrent,...
and Firefox could somehow enhance end-user security was cut down in March 2005 with the discovery of a Java applet that, if agreed to, would install a large (and varied) adware bundle onto the end-user's PC. It was found that having the "rogue" site in the user's blocklists and security tools would do nothing, the install bypassing these tactics completely if the end-user clicked "Yes". An updated Firefox .XPI installer (which infected Internet Explorer) was also deployed in some of these installs.
BitTorrent controversy
In June 2005, it was discovered that more and more Adware makers were turning to alternative sources for their installs, as more end-users become aware of the more common install tactics. A reliance on crude social engineering and P2PPeer-to-peer file sharing
P2P or Peer-to-peer file sharing allows users to download files such as music, movies, and games using a P2P software client that searches for other connected computers. The "peers" are computer systems connected to each other through internet. Thus, the only requirements for a computer to join...
systems that were previously clean was now on the rise. Boyd discovered that BitTorrent forums and file-sharing sites were used as a major source of distribution for Aurora (a program produced by Direct Revenue) and a number of other major adware programs, wrapped up in bundles produced by Metrix Marketing Group (MMG), a company who lost control of their own network. Potentially copyright infringing files, illegal pornography and incorrect / absent disclosure was exposed on such a scale as to cause the companies involved (Direct Revenue, 180solutions and others) to publicly declare their discontinuation of these methods.
This story caused such an uproar that numerous media pundits weighed in, and (in some cases) made a delicate situation worse. An article by John C. Dvorak
John C. Dvorak
John C. Dvorak is an American columnist and broadcaster in the areas of technology and computing. His writing extends back to the 1980s, when he was a mainstay of a variety of magazines. Dvorak is also the Vice-President of Mevio and well known for his work for Tech TV...
of PC Magazine
PC Magazine
PC Magazine is a computer magazine published by Ziff Davis Publishing Holdings Inc. A print edition was published from 1982 to January 2009...
alleged Boyd was part of some "Grand Microsoft Conspiracy" to bad-mouth BitTorrent to the benefit of their planned P2P tool, Avalanche. Furious P2P users (who were not familiar with the backstory of the investigation) even went as far to say Boyd was in league with the RIAA, out to create further problems for file-sharers by bringing these bundles to light. However - Dvorak's piece caused something approaching outrage on the other side of the fence, leading a fellow Ziff Davis Media publication to go head to head with Dvorak. Dave Methvin of PC Pitstop followed up the investigation with his findings. He alleges that some of the films distributed contained potentially illegal underage pornography, and not long after, MMG went offline and the Adware companies all pulled out of this particular distribution.
Fake Google toolbar
In October 2005, Boyd discovered a "fake" Google Toolbar which was being distributed via Instant MessagingInstant messaging
Instant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...
. The toolbar allowed the user to store credit card details, and also opened up a fake Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
search page. Boyd also tracked the toolbar back to 2003, through three different versions, each one exploiting vulnerabilities in the Windows operating system.
Instant messaging rootkit
In October / November 2005, Boyd discovered what is considered to be the first known instance of a rootkitRootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
being distributed via instant messaging
Instant messaging
Instant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...
, hidden inside a large payload of adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
and spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
. Over a period of months, the group behind the attacks distributed numerous inventive payloads (such as a forced install of BitTorrent to spread movie files) and were eventually traced back to the Middle-East.
Adware critic
Boyd is a notoriously fierce critic of adware companies, famously causing 180solutions to label him a "fanaticFanaticism
Fanaticism is a belief or behavior involving uncritical zeal, particularly for an extreme religious or political cause or in some cases sports, or with an obsessive enthusiasm for a pastime or hobby...
" on their Weblog, with bad feeling in evidence on both sides to this day. He is regularly referenced on other leading antispyware sites such as Sunbelt Blog, Suzi Turner's ZDNet blog and Ben Edelman's home page.
Security discoveries
In 2006, Boyd has continued to make significant discoveries in the field of security, including- The discovery of a 150,000 strong BotnetBotnetA botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
ring that used a custom-built PerlPerlPerl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...
script to steal payment data from third party shopping cart applications - An expose of a web-browser that redirected end-users to potentially illegal pornography
- An Instant Messaging Worm that installs its own web browser.
- The discovery that Adware makers Zango were promoting their content on Myspace.
- A modular, multi-chained string of infections dubbed the "Pipeline Worm".
- An Instant Messaging infection that uses Botnet-style tactics to enable click fraudClick fraudClick fraud is a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target...
. - The discovery of a worm using QuicktimeQuickTimeQuickTime is an extensible proprietary multimedia framework developed by Apple Inc., capable of handling various formats of digital video, picture, sound, panoramic images, and interactivity. The classic version of QuickTime is available for Windows XP and later, as well as Mac OS X Leopard and...
files to spread across MySpaceMySpaceMyspace is a social networking service owned by Specific Media LLC and pop star Justin Timberlake. Myspace launched in August 2003 and is headquartered in Beverly Hills, California. In August 2011, Myspace had 33.1 million unique U.S. visitors....
with the intent of pushing ZangoZango (company)Zango, formerly ePIPO, 180solutions and Hotbar, was a software company that provided users access to its partners' videos, games, tools and utilities in exchange for viewing targeted advertising placed on their computers. Zango software is listed as adware by Symantec...
Adware.
In December 2009, Boyd posted a message on Twitter indicating he was no longer working for FaceTime and was seeking employment.
From February 2010 Christopher Boyd is working for Sunbelt Software.