Following the Trail: Determining the Origins of Linux/Bckdr-RKC

It is already known that the two Linux/Bckdr-RKC variants I have received have both been hosted by 216.83.44.229.  Furthermore, the first variant had a phone-home address of 216.83.44.226.

Both of these IP addresses are registered to the netblock owned by WIRELESS-ALARM.COM (not to be confused with the actual website wireless-alarm.com, which is registered to a different contact completely, and unrelated here).

Let's use what we already know to try to find the organization responsible for this malware.



Here is a traceroute I performed several days ago:




Hop(ms)(ms)(ms)     IP Address Host name


  0   0   0      206.123.64.154  jbdr2.0.dal.colo4.com  
  0   0   0       64.124.196.225  xe-4-2-0.er2.dfw2.us.above.net  

  0   Timed out   0      63.218.23.29  ge5-4.br02.dal01.pccwbtn.net  
  214   214   214      63.218.252.86  ge9-39.br03.hkg04.pccwbtn.net  
  214    214   258      112.121.160.221   -  
  213    213   213      112.121.160.18   -  
  218    218   217      112.121.160.198   -  
  213    213   212      216.83.44.226   -  


And here is a traceroute as performed today:

TraceRoute to 216.83.44.226




Hop(ms)(ms)(ms)     IP AddressHost name


  12   0   0      206.123.64.154  jbdr2.0.dal.colo4.com  
  0   0   0      64.124.196.225  xe-4-2-0.er2.dfw2.us.above.net  
  0   0   0      63.218.23.29  ge5-4.br02.dal01.pccwbtn.net  
  212   212   212      63.218.252.86  ge9-39.br03.hkg04.pccwbtn.net  
  Timed out   Timed out   Timed out        -  
  Timed out   Timed out   Timed out        -  
  Timed out   Timed out   Timed out        -  
  Timed out   Timed out   Timed out        -  


Seems that either the responsible organization has been disconnected from the network by their provider, or they have purposely disconnected themselves to hinder analysis.

Starting with 216.83.44.226 and working backwards, let's see who this section of IP addresses is registered to.

216.83.44.0 - 216.83.44.255 is registered to WIRELESS-ALARM.COM

OrgName: WIRELESS-ALARM.COM
OrgId: WIREL-46
Address: 3026 Ensley 5 Points W Avenue
City: Birmingham
StateProv: AL
PostalCode: 35208
Country: US
RegDate: 2009-12-30
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/WIREL-46

OrgAbuseHandle: PQU12-ARIN
OrgAbuseName: Quagliano, Pedro
OrgAbusePhone: +1-877-605-5273
OrgAbuseEmail: pedroquagliano@cyanclouds.com

We already know that this is a fake registration, because all of my emails to pedroquagliano@cyanclouds.com were returned as non-deliverable due to DNS failures. That means cyanclouds.com is not an active domain.

Lets go up a level in IP address ownership.


216.83.32.0 - 216.83.63.255 is owned by Ether.Net LLC.

network:Class-Name:network
network:ID:216.83.32.0/20
network:Auth-Area:216.83.32.0/20
network:Network-Name:ETHRN-216-83-46-0
network:IP-Network:216.83.46.0/24
network:IP-Network-Block:216.83.46.0 - 216.83.46.255
network:Org-Name:InfoMove Hong Kong Limited.
network:Street-Address:Unit 2001, 20/F, New Tech Plaza, 8 Tai Yau Street
network:City:San Po Kong
network:State:HK
network:Country-Code:HK

Ether.NET appears to be a legitimate business operating in Hong Kong.

They have been around for many years. They have an AIM for support which I was able to trace back to 2003 posting on web hosting support forums. Doubtful that they're involved, so let's shift out focus elsewhere.


Going back to the IP range owned by WIRELESS-ALARM.COM, 216.83.44.0 - 216.83.44.255, lets look at what else is hosted there.

From http://bgp.he.net/net/216.83.44.0/24#_dns as of 12/31/2011 6:21 PST

IPPTRA
216.83.44.31 mail.bostonyarn.com
216.83.44.54 fold.bronxbreakfast.com
216.83.44.113 prn.iselinnotebook.com
216.83.44.115 joplinyear.com
216.83.44.116 mail.joplinyear.com
216.83.44.189 proe.northandoverschool.com
216.83.44.191 northbendlearning.com
216.83.44.202 wink.norwellobservation.com
216.83.44.204 mail.philadelphiafather.com e8lvbet.com, i3mic.com
216.83.44.221 copy.southplainfieldfeet.com
216.83.44.2
ns1.cyanclouds.com
216.83.44.3
ns2.cyanclouds.com
216.83.44.10
22073.com
216.83.44.18
int-pe.com, interush-pe.com
216.83.44.19
oll365.com
216.83.44.42
centrinofund.com, cf-pe.com
216.83.44.44
games456.us, gamt465.com, gmae456.info
216.83.44.45
com-com-com-com-com.com
216.83.44.46
111i.net, 23u9.com, 55-com.com, gamex6.com, llgame.net, org2.net
216.83.44.66
bmp79.com
216.83.44.67
app67.com, apt67.com, bbv78.com, bul79.com, ddc77.com, ght33.com, jjt55.com, jpg77.com, kky55.com, mmx88.com, rtr66.com, sta78.com, tgg33.com, uub33.com, vbo33.com, vvx45.com
216.83.44.68
aaz33.com, ccx89.com, ygk77.com
216.83.44.69
abo34.com, bmn99.com, ccx66.com, ese55.com, ffs234.com, jsa52.com, kbx33.com, kut99.com, kyy78.com, myb78.com, nnc99.com, rka77.com, ssx69.com, ttx77.com, tvn66.com, wsd22.com
216.83.44.70
kgb69.com
216.83.44.82
66hw.net, hk888.net
216.83.44.90
clubwptasia.com, haedongcheong.com, oce365.com, openrace24.com
216.83.44.99
ylg886.com
216.83.44.122
hg1138.com
216.83.44.123
fh636.com, hg3968.com, hk638.com, yh372.com
216.83.44.131
hg0608.com, hg1918.com, hg4568.com, hg9168.com, hg9338.com
216.83.44.132
hg7678.com
216.83.44.154
sc93.com
216.83.44.155
tv105.com
216.83.44.156
duooo.com
216.83.44.157
bbsveb.com
216.83.44.163
1999829.com, 3771mm.info, 911meinv.info, mytaojia.com, qgxinxi.info, taaobbao.com, wawachina.info, yayaqq.info
216.83.44.164
360meinv.info, 920meinv.com, 999taobao.com, kissbye.info, tabaserver.com
216.83.44.165
265gc.com
216.83.44.166
439995.com
216.83.44.186
03hz.com, 18018.com
216.83.44.194
ckk67.com, fta79.com, jkj88.com, ktm77.com, ktm99.com, mou79.com, nvb89.com, pub79.com, ssr999.com, ssx778.com, tot66.com, tut88.com, utp79.com, vub99.com, xxr44.com, yyc33.com
216.83.44.195
aki77.com, amu77.com, arp77.com, arv99.com, avc77.com, eed69.com, gje88.com, mmb77.com, mpo77.com, tup77.com, vcd79.com
216.83.44.197
vvz69.com
216.83.44.218
hg0035.com, hg1090.com
216.83.44.219
hg1095.com, hg8869.com
216.83.44.228
lcddos.com
216.83.44.229
todayg.com, xy100000.com
216.83.44.243
hg0091.com, hg0093.com, hg0094.com
216.83.44.245
hg0092.com
216.83.44.250
tt95588.com


Hmm, remember the registration for WIRELESS-ALARM.COM?
The email address pointed at cyancoulds.com... and the DNS servers for cyanclouds.com happen to be hosted in the same netblock. Could it be cyanclouds.com is also being controlled by the responsible organization?

So let's lookup the contact info for cyanclouds.com...

Domain Name: CYANCLOUDS.COM
Registrar: DIRECTNIC, LTD
Whois Server: whois.directnic.com
Referral URL: http://www.directnic.com
Name Server: NS1.CYANCLOUDS.COM
Name Server: NS2.CYANCLOUDS.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 31-jan-2011
Creation Date: 03-mar-2009
Expiration Date: 03-mar-2012

Registrant:
Good Names Network
342 Broadway
New York, NY 10013
US
212-555-1212


Domain Name: CYANCLOUDS.COM

Administrative Contact:
Operations, Network goodnames@yahoo.com
342 Broadway
New York, NY 10013
US
212-555-1212


Technical Contact:
Operations, Network goodnames@yahoo.com
342 Broadway
New York, NY 10013
US
212-555-1212


It looks like cyanclouds.com is registered by "proxy" through another company called the "Good Names Network". But wait...is this company real either?

212-555-1212 will simply give you directory assistance for the 212 area code. (New York)

342 Broadway is actually a UPS Store which offers mailbox services...so this could be anyone.

So, another dead end?  This malware which has definite Chinese origins also has a link to an anonymous business New York.

This is where I'd like to point out the marvels of Google.  Specifically Google Street View.

Without Google Street View, we would never have known that next to this UPS Store at 344 Broadway is a shop called "Broadway Cleaners".  A quick Google search shows that Broadway Cleaners is actually owned by someone at 95 Worth Street, which happens to be in Chinatown.

Please note that this is absolutely speculation, and that there is no proof whatsoever anyone at Broadway Cleaners has anything to do with this.  However, the fact that the malware has definite ties to China, and the fact that the proxy company used to register WIRELESS-ALARM.COM's IP block is right next door to a business originating in Chinatown, is a very interesting coincidence.

Unfortunately this is where the trail goes cold.

This search for the origin of this malware has possibly raised more questions than provided answers.  But one thing is for certain - the network framework for this malware has definitely been in place for some time.  WIRELESS-ALARM.COM's IP block as well as cyanclouds.com have been registered since 2009.  This is not the work of a "fly-by-night" script kiddy.  Careful planning has been taken to not only develop this malware, but also to establish the hosting this malware would be using - and hide its true origins.

Of the 1.8 New Year's Resolutions We Make Every Year, 23% Fail Within Two Weeks: A Humorous Scientific Outlook on the Fallacy of New Year's Resolutions.

Image 1: I don't know about this "smart ass" in particular, but I would assume you have had enough "smart asses" post their knowledgeable tips on their blogs to get along without another "12 useful tips for 2012" from me, right?
I guess at least those of you who have been following this "blog" (I hope that you would agree that the SuppVersity has become more than another "blog") have come to "know" me well enough not to expect me to provide you with the 1001 list of ten, or at it has become fashionable as of late, twelve super-duper congenial tips to achieve your goals in 2012. Change, and this is the one wisdom I want to give you to take along for the next year, change rarely is something that comes over night or is "triggered" by the adherence to any fixed plan. Change is the result of the accumulation of small steps, dx/dt, as we physicists would say, i.e. covering an infinitesimal distance (=dx) within an infinitesimal short timespan (=dt). If we now denote steps that take you further towards your goal as positive and steps by which you depart from your ultimate goal as negative than any year in which the integral over dx/dt would be positive, or in non-physicist terms, where the number of infinitesimal steps you have taken towards your goal was greater than the ones by which you have distanced yourself from what you want to achieve, a successful year! Consider that before you file 2011 as another "lost" year.

Enough smart ass new years advice for 2011!

But hey, didn't I say, I would not give you wise ass advice? I guess we should get back to science then... after all the "-versity" in the name of this site denotes that we are doing serious stuff here, doesn't it? So, take my hand and descend (for the last time in this year) with me into the archives of science. The first thing we hit on is an editorial from the most prestigious medical journal in the world, The Lancet, in which the contemporary editor of the journal has the following well-phrased advice for you (I did not say I would not provide you with wise ass advice from others ;-)
The opening of a new year leads all of us to take some stock of the past and to formulate a certain number of resolutions for the future, and the frame of mind which is thus indicated should be indulged in, but only with moderation. To spend too much time in thinking over what has gone by will interfere with the work that lies under our hand; to make resolutions that are too large and too numerous for our powers is to court disappointment. None the less every thoughtful man will use his past experience to guide him in the future both as to what he will do and as to how he will do it. (The Lancet. 05. January 1907)
Image 2: New Years Eve is for most of us the time, when we simply cannot ignore the necessity to make a change, any longer.
Somehow, this reminds me of some of the "best tips, tweaks, tricks" and, above all, "common pitfalls to avoid in 2012", I have been reading elsewhere around the web over the course of the last days. I mean we all know that the more good intentions we have, the more likely they are to never materialize into significant changes. Being aware of this circumstance, Judith Stoner Halpern who wrote the editorial to January issue of the not just as famous *rofl* International Journal of Trauma Nursing suggests that (Halpern. 2001) "perhaps the best New Year’s resolution that we can make would be to learn how to make a better resolution"

Interestingly, and this is probably the first thing that goes beyond "conventional new year's resolution wisdom", the first reason she invokes is the time of the year!
An easy answer is to blame January 1. For one half of the world, it falls in the middle of winter, and for the other half, the middle of summer. This is not the most opportune time to enact a dramatic change. The middle of a season often causes us to feel a lack of commitment; this may be part of the reason that ancient cultures chose spring or fall as the time to start anew. For some, January 1 may feel like an artificial time for change.
When you come to think about it, this is actually quite a reasonable argument. With the "winter blues" upon us January certainly is not the best time to "blossom". The neo-paleolithic folks many of us recently believe we are, we should better crawl up in our dugouts and set up our plan of attack in order to mimic the "ancient cultures" and start anew in spring.

Does understanding the psychology of change hold the key for success?

The question yet remains, how do we instigate a new-or restart? A possible answer may come from Freeman and Dolan's theoretical model of change that in turn is based on a previous model by DiClemente that has been extensively discussed in the scientific literature on psychotherapy. According to the model, the authors propose in their 2001 paper in Cognitive and Behavior Practice, there are 10 stages. Where the last one, maintenance marks the (temporary) achievement of preferably positive "change".

Figure 1: The psychology of change - an illustration based on the "revisited stages of change model by Freeman and Dolan (Freeman. 2001)
If you take a closer look at my graphical illustration, you will realize that you have (hopefully) already overcome the initial stages of
  • noncontemplation, where, in your everyday oblivion, you do not even consider making a change
     
  • anticontemplation, where you are trying to convince yourself that you are "just fine the way you are" or that it would be impossible to make a change, anyways
     
  • precontemplation, where you are thinking and often dreaming about what would happen if you were able to make a change
Interestingly, for most of us the realization that another year is almost over usually makes us go through these stages (many of you may skip the 2nd one, some may get stuck there), automatically. So even if you are not one of Freeman and Dolan's persons, chances are that you are now, as they put it "directly and actively considering change" and have "reached a point of readiness to engage in the change process." 

Sitting in your neo-paleolithic dugout - or, for those who have not been infected by the paleo-virus in the course of 2011, simply in your cozy home - it is now about time to lay out your plan of attack!
Action planning is the stage of change when the therapist and patient have collaboratively developed a treatment focus and treatment plan. The therapetnic process has begun and the patient is beginning to make plans on how change will occur. The key phrase with this group is, "I plan to change."
Now, I don't know whether you have a therapist, or not (note: this is nothing to be ashamed of - I would even count the people I know that are in psychotherpeutical care among the few relatively sane human beings which populate this planet ;-), are working with a trainer, nutrionist or just a good friend who will help you on your way. In the end, it will always be about your commitment to your plan to change and eventually your success. That you have to determine the latter based on the integral over the steps in the right and steps in the wrong direction is something I have mentioned before. Freeman and Dolans model, however, provides a theoretical framework to understand this sometimes annoying, often frightening and in many cases discouraging back-and-forth even better.
Figure 2: Reported success rates at different timepoints in the new year and at 2 year follow up (data based on Norcross. 1989).
What are typical New Year's Resolutions? I must admit that I was quite disappointed about the lack of scientific data on the real-world outcome of New Year's Resolutions. Similar to the previously discussed issue of holiday weight gain which turned out to be at least less pronounced than everyone would have it (cf. "Santa is Coming to Town"), there is almost no realiable, non-specific, i.e. not related to only one goal (mostly smoking cessation), scientific data that would proof that the majority of new years resolutions fail.

In one of the two peer-reviewed studies I could come up with (both based on the same dataset), Norcross et al. report that their 213 study participants "made an average of 1.8 New Year’s resolutions" (Norcross. 1989). Among those, smoking cessation (30%) and weight loss (38%) together accounted for two-thirds of the resolutions. Other non-idiosyncratic New Year's Resolutions revolved around relationship improvement (5%), reduction in alcohol consumption (2%), and an increase in monetary savings (2%). A cursory glance at figure 2 does yet suffice to see that the difference between the real and the commonly assumed "success"-rates is much less pronounced than in the previously cited case of holiday weight gain. With a 23% chance of failure after no more than 2 weeks and a drop out rate of  57% after three months, chances that the average 16-75 year old citizen of northeastern Pennsylvania is able to realize his resolutions for the new year really isn't very high. A reported (do we believe those guys?) success rate of 19% after 2 years is nevertheless more than what my personal observations would suggest.

Lapses are integral parts of change - accept them work, through them, or fail

Image 3: If your New Year's resultion incorporates letting go of junk food, thinking of Mark Haub, the "Twinkie Diet Professor", probably would not be one of the "behavioral skills" to incorporate in your mental toolbox.
Let's assume you are a carbohydrate-addict and decided to cut back on carbs in the next year. Do I see you tremble in apprehension? Well, this is actually an apprehension of the prelapse phase, a phase that is "characterized by active and often overwhelming cognitions related to the reversal of the changed behavior" the carb-junkie you are, even the thought of having to put down your twinkies and dingdongs (whatever the latter may be) is getting you all psyched up. If it was already January the 1st, this would be the moment, when you are eating your eggs and bacon for breakfast, look at the cereals your brother is shuffling down his throat and think to yourself: "How can I possible endure that for the rest of my life?" Then you remember the words of the mighty paleo guru Robb Wolf to "give it a shot for thirty days" and gag down the last piece of bacon.

Psychotherapists refer to simple tricks like this as "behavioral skills", i.e. (mostly cognitive) techniques by which you can "short-circuit the prelapse before it leads to the old behaviors."

Figure 3: Successful and unsuccessful strategies to stay on track; * indicate statistically significance for success (data based on Norcross. 1989).
Which "behavioral skills" are most helpful? In the aforementioned study, Norcross and Vangarelli also analyzed which methods the participants successfully (figure 3, green) and unsuccessfully (figure 3, red) applied to achieve their aims. As you can see planning ahead (contingency management), managing "dangerous" stimuli, exercise (obviously not the way to distract yourself from the temptations if your new years resolution was to exercise more) and, above all, taking one step after the other, were the most effective strategies in the toolboxes of the 213 study participants, of whom only 18% said that "nothing hindered their resolution". Among the remaining 82%, most invoked their own lack of willpower (34%) as the fundamental obstacle. 16 subjects found that the realization of their resolution was not compatible with their lifestyle and 8 maintained that they had not been serious enough about their resolution.
(Un-?)fortunately, you are human and thusly destined to let reason go and fall back to old, oftentimes bad habits. So, there will come a day, when you will be sitting next to your meanwhile "no longer so loved ones" (after all, they are allowing themselves to eat all those jummy junk right next to you at your table ;-) and stare at the twinkies and dingdongs they are indulging. Suddenly a thought crosses your head: "Wasn't there this funky professor who lost a ton of weight on the twinkie diet?" You reach out and, probably much to the secret delight of your "formerly loved ones" who have been jealous of how fast you have been losing weight in the course of the last weeks, grab one of the twinkies that have been waiting for so long for you to take appropriate care of them... I guess I don't have to tell you the rest of the story, do I?

What is important, though, is that whenever lapses like this happen is that you always remember that no matter how many twinkies you may have eaten, how many training sessions you may have skipped, and/or how many cigarettes you have smoked, it is still your choice:
  • You can either return to the anticontemplative phase by persuading yourself that you could shed off the extra points just as well on twinkies and dingdongs - and even if that would not work, why would you have to make a change, in the first place? After all, you feel "fine just the way you are"!
     
  • Or you can analyze what triggered your temporary loss of memory and inability to apply one of the various behavioural skills that have prevented you from "lapsing" before.
I guess, it is not difficult to tell that option #2 would be the way to go. You have to go back to the drawing board. Not to start all over again, but to develop new skills and cognitions and to practice old to make sure that your next dt/dx's will be positive again. In that the ability to accept your own fallibility and the insight that a bunch of twinkies won't ruin the admirable success of the previous weeks, may be one of the key elements that will eventually enable you to achieve your contemporary goals, maintain your success and reach for the stars.

Along these lines, I wish all of you, my dear silent and not so silent readers, your families and loved ones, a successful, happy and, above all, healthy year 2012.

Review for Roaring Lion Sugar Free


Roaring Lion energy drinks were kind of a turning point for me as a reviewer—for the first time, a company was willing to grant my request for samples, and graciously sent me a can of both Roaring Lion and Roaring Lion Sugar Free—along with a can of Red Bull and Red Bull Sugar Free so I could compare the two.

I wrote positive (relatively, when it comes to Roaring Lion Sugar Free) reviews and moved on.  Well, recently, I came across a 16 oz. can of Roaring Lion Sugar Free passing through La Grande, Oregon and decided to give it a whirl.  My experience was completely different this time around, which shouldn’t come as a surprise, I suppose—after all, the first time I drank Monster Energy—Lo-Carb and Rockstar Sugar Free, they tasted like canned sucralose with a hint of their respective flavors; but with each successive attempt the taste vanished exponentially until it was no more.
 
So this time, I really have something to report on—the gist of it is that Roaring Lion Sugar Free is the Red Bull clone—you won’t find a better one anywhere.  Read on.

CAFFEINE CONTENT

112 mg/12 oz. can
150 mg/16 oz. can

EASE IN ACQUISITION—1

Individual specimens of Roaring Lion Sugar Free are hard to come by—I’d just order a case on the Internet.  Yes, I feel safe recommending that course of action if you’re a sincere Red Bull substitute seeker.

APPEARANCE/PRESENTATION—8

I quite like the packaging of Roaring Lion Sugar Free, mostly because of the color scheme, which manages by its lustrous sky blue mingled with red, yellow and white accents to conjure within my mind thoughts sunny days in southern California, swimming in a nice pool on a warm day, and, of course, a drink that is light on calories without compromising the flavor of the beverage.  My only tiff with the original look might be the lion front and center—which, in contrast with the lion on the new can, looks like it’s in pain (I described it as appearing “as though it sat on a cactus” in my review of the original).  This is remedied on the newer cans, in which the lion actually looks as though it is roaring.

TASTE—10

I gave a 10 out of 10 to Monster Energy—Import for being the drink that Monster should have been, so I think Roaring Lion Sugar Free deserves the same for being the drink that Red Bull should have been.  As I indicated, the first time I drank this, I found the artificial sweeteners to be quite distracting—but the second time around, there were none to be detected.  Instead, I was tasting Red Bull—but awesome.  Whereas the flavor of Red Bull is quite muted, Roaring Lion Sugar Free is bold and full-bodied—but with an identical flavor profile that, were it not for the fullness of the flavor, could probably deceive even the most discriminating of Red Bull fanatics.  Also absent is the bitter medicinal aftertaste characteristic of Red Bull, which it is almost as famous for as it is for being the first energy drink.  It is crisp, it is clean, and it is dang good—if you’re into the traditional energy drink flavor, as I am, this is an absolute must.

12 OZ. CAN

KICK (INTENSITY) —7

The 12 oz. can doesn’t deliver a bad kick at all—it’ll provide an adequate alertness in most day-to-day, not-so-extreme situations; and if any find a single can lacking in desired potency, a second would probably do the trick.

KICK (DURATION) —7

The word “adequate” fits perfectly.  It lasted an appreciable three hours and was rather consistent in the level of awakedness it delivered, and finished without a crash.

THE DRINK OVERALL—8

With regards to the 12 oz. can, you can’t really go wrong, because of the flavor—but I’d still stick with the 16 oz. can; it’s got a broader scope of utility.  Read on.

16 OZ. CAN

KICK (INTENSITY)—8

The 16 oz. can has 38 more milligrams of caffeine than the 12 ouncer, and it’s enough to make an appreciable difference.  I would actually use the word “wired” to describe the sensation—I was actually reasonably jittery in addition to being substantially alert.

KICK (DURATION)—8

The pint lasted somewhere between a half hour and an hour more than the 12 oz. can—so somewhere between three and a half and four hours.  Not too shabby.

THE DRINK OVERALL—8.67

So in the end, what I have to say is this—most Red Bull clones come across as pathetic.  They are poor imitations of the original, and their attempt at getting a piece of the Red Bull target market are sucker punches at best.  Roaring Lion Sugar Free, however, has blown Red Bull completely out of the water—there is no longer any reason for Red Bull or Red Bull Sugar Free or Red Bull Total Zero to exist.  Roaring Lion Sugar Free is everything that these drinks should have been, and then some.  It’s bigger, better, stronger, and, to top it off, light years cheaper—I don’t think I paid more than $1.49 for the 16 oz. can.  Contrast that with a can of Red Bull of the same size, which runs about $3.69, depending on where you go.  If you like the traditional energy drink flavor, make Roaring Lion Sugar Free your drink.


KEYWORDS: Roaring Lion Sugar Free energy drink review, Red Bull substitute, Red Bull clone, traditional energy drink flavor

Chinese Origins in .ssyslog Decompiled - Linux/Bckdr-RKC and Hutizu

 I have partially decompiled the second piece of malware which was similar to the original Linux/Bckdr-RKC dropped on my honeypot.

Update: .ssyslog is now detected as "Hutizu".

I am publicly posting the first section of this file to highlight my findings so far...

Update: The full decompiled source of both pieces of malware is now available at SlingFile.

The first part of this decompiled code which really stood out was a clear marker that this malware is definately of Chinese origin.  This snippet of code is from the following function  
int autoupdate(char* url_address, char* local_to_file)
Code:

L0805FF50( &_v3660, "GET /%s HTTP/1.1
\nAccept: */*
\nAccept-Language: zh-cn
\nUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
\nHost: %s:%d
\nConnection: Close
\n
\n",  &_v2380);
The "Accept-Language" of zh-cn represents Traditional Chinese as the desired web browse language.

This means the malware in question was most likely programmed by a native speaker of Chinese.  Add to this the fact that the malware is hosted by a fake corporation in China, and that the previous version of this malware also phoned home to the same fake corporation, this all becomes very interesting.

Here are a few other function names from this latest version:
  • copy_myself(const char* name)
  • autostart(const char* inser_to_file)
  • int SendSevMonitor()
  • int SendServerPack()
  • GetNetPackets(long long unsigned int* lNetOut, long long unsigned int* lPacketOut)
  • int moniter(char* host)
  • int udpflood(_Unknown_base* ThreadData)
  • int synflood(_Unknown_base* ThreadData)
  • int synbigpacket(_Unknown_base* ThreadData)
  • int ackflood(_Unknown_base* ThreadData)
  • int ackbigpacket(_Unknown_base* ThreadData)
  • GetStructureDnsPacket(char* QueryDomain, char* QueryData, int* nQueryData)
  • int dnsflood(_Unknown_base* ThreadData)
  • int more_ip_dns_test(_Unknown_base* ThreadData)
  • int autoupdate(char* url_address, char* local_to_file)
  • int get_online_ip(char* domain, char* return_ip)
  • int parse_dns_response(char* return_ip)
  • parse_dns_name(unsigned char* chunk, unsigned char* ptr, char* out, int* len)
  • send_dns_request(const char* dns_name)
  • connect_to_server()
Make no mistake, this malware is clearly designed to perform reconnaissance on internal networks and disrupt communications when instructed to do so by the command and control server.

The malware has self-replication and automatic update capabilities.

I find this malware very disturbing.

What I find even more distrubing is the fact that since my submission of this malware to antivirus vendors, with the exception of Avira who believes this file is clean, none of the antivirus vendors have completed their analysis.

These two pieces of malware seem very professionally crafted with a clear purpose - to serve as a "cyber weapon".

A "Question of Faith": Do Multivitamins, Antioxidants and Mineralsupplements Improve Your Quality of Life?

Image 1: Do you believe that you could solve this profound imbalance by randomly adding more people to both sides of the seesaw? No? Well, why are you taking a high-dose multivitamin then?
As the name of this website already implies, I am an outspoken believer in the usefulness of "supplements" (as in "to supplement" = to add to something, where it makes sense). There is however a particular group of "supplements", which is a real thorn in my side... Yes, I am talking about those one-size-fits-it-all-multivitamin-multimineral-multi-whatever products with "high quality ingredients" the ratios of which are based on either the "recommended dietary allowances" of the omniscient USDA (actually a way better name would be "random dietary allowances") or the even more idiotic maxime that "if some is good, then more is probably even better". These days every major supplement company has at least one of these formulas in their line-up and obvoiusly they all will claim that only their product will provide you "with all the vital nutrients you need".

Wtf!? How do those guys know which nutrients I need? 

Even if those formulas were perfectly balanced - which they certainly are not, because we simply don't know what the "perfect balance" is, yet - the chances that anyone of you, my educated, well-nourished whole-food eating readers, has a full-blown, all across the board nutrient deficiency that would be fixed by any of those products are probably one in a million. What is much more likely, though is that you have a small or (oftentimes due to "healthy supplements") profound nutrient imbalance.

Let's say you are an aspiring male fitness athlete and have been taking your ZMA religiously for years. At the same time you have heard that copper is not only bad for you, but that "we all" would get way too much copper in our diet, anyways. So you have been avoiding copper like a plague and ingesting 30mg of zinc from your ZMA everyday... now chances are that you have already set off the natural (and optimal) ratio of copper to zinc in your body. Let's say the optimal ratio was 1:12 (copper to zinc, and again - we do not even know what the optimal ratio would be). With your high zinc and low copper intake you are now at 1:20, i.e. 60% off! Now the nice guy from your local GNC convinces you that it would be prudent to add the brand new "Male Super-Power Vitamin" to you supplement regimen if you wanted to live a long and healthy life. Chances are that the guy who designed that product will also have heard that zinc is good for men and that we all get way too much copper (and even if he knew better, he will be aware that his formula won't sell if it does not follow conventional stupidity... ah, I mean wisdom). So, the product will have 200mcg of copper and 30mg of highly bioavailable zinc - I mean it's a "high quality product"! What is going to happen now? What? Right! The well-formulated product will exasperate you existing imbalance... Your multi does not do that? How come you think so?

"Ever since I take my multi, I have not become sick and feel way better!"

Right, you feel better... and you are not alone! In fact many of the 8112 participants in a well-controlled randomized, double-blind, placebo-controlled, primary human intervention trial which was conducted by a group of scientists from Paris (Briancon. 2011), also felt that the capsule with 120 mg vitamin C, 30 mg vitamin E, 6 mg beta-carotene, 100 µg selenium and 20mg zinc, they had been taking for 76 months(!) improved their overall well-being.
Warning! I suggest you don't continue reading the following paragraphs if you do feel that your vitamin product works and do not want to take the risk that it will stop working as soon as you have finished reading this blogpost ;-)
What is pretty strange, though, is that this effect did not depend on whether the subjects actually received the anti-oxidant + mineral combination, or not. Rather, the main determinant of the the results of the health-related quality of life (HRQoL) questionnaire in this sample of healthy French adults was whether the subjects, who, as it is right and proper for a "placebo-controlled" trial, obviously did not know whether they were ingesting a capsule with the active ingredients or the placebo (it had been established in a previous study that the two capsules were indistinguishable; cf. Hercberg. 1998), believed that they were in the active arm of the study (cf. figure 1, believers vs. non-believers):
Figure 1: Perceived effect on global health (VAS) in subjects who had "no idea" whether they received the active or the placebo treatment and subjects who thought they received the active ("believers") or placebo ("non-believers") treatment (data adapted from Briancon. 2011)
What is also interesting, is that women were slightly more susceptible to placebo effect than men (not to the nocebo effect though), although this difference did not reach statistical significance.

Multivitamins are like religion: Believe in it and it works!

A pros pos statistical significance, as far as the "real" markers of health and disease are concerned, the "key message" (I use the words of the scientists ;-) of the SU.VI.MAX was that "long-term supplementation with antioxidant vitamins and minerals has no effect on quality of life" - in other words, although there were not measurable improvements, the study did not provide further evidence for the hypothesis that long term supplementation with anti-oxidant supplements, selenium and vitamin E in particular, had any negative effect on objectively measurable health markers (if you want to read more about the flawed analysis of and biased media reports on the data from the SELECT trial, read my previous blogpost on this issue).
Image 2: Add a body made of animal products to this guy and you have all the nutrients you need ;-)
It should be mentioned here that in a previous analysis of other data from the same cohort, the scientists had found a small, but statistically significant decrease in cancer and all-cause mortality among the male study participants of the active arm of the SU.VI.MAX trial (Hercberg. 2004). So, while the quality of life did not improve, the miserable life of some of the male subjects was at least extended by a few years ;-) All sarcastic jokes aside, even the scientists realize that in the presence of conflicting evidence, the "major implication for public health of the present findings is that a lifelong diet rich enough in vitamins and min-erals may be preferable to supplementation that is likely not to be efficacious and has the potential to be harmful." - sound advice!
Those of you for whom this is not the first visit, here at the SuppVersity, will be aware, that, as a trained scientist, I don't content myself with the conclusions my "colleagues" (from another branch of science) draw. Therefore, I dug a little deeper into the actual data that comes with the study and - alas! - I was able to find a statistically significant (p<0.014) increase in the reported "vitality" among the women who actually received the vitamin + mineral supplement (cf. figure 2):
Figure 2: Real (difference between treatment and placebo) and perceived (difference between "believers" and "non-believers") of antioxidant + mineral supplement (data calculated based on  Briancon. 2011)
What is strange though, is that of all statistically significant differences between women who believed they received the supplement and those who did not, just this one is the least distinct. Moreover, in all the other variables, where there was a statistically significant difference between believers and non-believers, the "real" data (meaning the comparison of subjects who actually received the treatment vs. the placebo group) could not confirm the positive self-assessment of the believers. Among the male subjects, there was even a trend toward reduced quality of life measures in the real data, where the "believers" thought that it was the "supplement" they were taking that soothed their bodily pain, improved their general health or overall physical performance (physical summary scale).

So what? Am I wasting my money?

These additional observations do yet not falsify any of the three main conclusions, Serge Briacon and his five colleagues from Nancy University, the Metz University, the University Paris Descartes, the University hospital of Nancy and the French Department of Public Health draw based on their interpretation of the data:
  1. [t]here is no proof that supplementation with these vitamins and minerals is beneficial in participants whose dietary intakes are already sufficient
     
  2. [t]he perception that supplementation improves general well-being is not supported by this trial.
     
  3. [a] reverse causal pathway may even be advocated (healthier participants may have been more likely to believe they were in the supplement group).
What this means for you is that if your multivitamin "works", chances are that you are doing something right as far as your general lifestyle, your diet and your exercise regimen are concerned. If despite taking your multi religiously, you still feel miserable, you better take a closer look at what your real problems are instead of switching from one band-aid-fits-it-all "solution" to the next one.

Addressing High Anxiety Personality Traits

As we draw closer to the end of one chapter in life, and we can already anticipate the turning of the page, to year 2012, many of you are already feeling the anxiety of another year. Or, if you aren’t feeling it yet, it will creep up on you soon enough. In this new series of short articles (my New Years resolution), I will point out some tools and techniques, religion offers to deal with this and other very real life issues.

There is a strong connection between anxiety disorders and certain common personality traits. G-d created everyone with what’s called in mysticism, an animal soul. Everyone’s got it. This source of life energy, propels the negative feelings and anxieties in our lives. They must absolutely be addressed if you want long-term freedom from anxiety symptoms.


Excessive need for control. Perfectionism. Extreme cautiousness . Excessive need for approval. Insecurity and over-dependency and a tendency to suppress negative feelings. These are some of the traits that are common in people with high anxiety.


Our sages tell us, “Half the cure, is knowing the sickness.” Without recognizing the anxiety producing parts of your personality and learning to approach life from a different perspective, you may end up suffering with anxiety symptoms forever, locked up in a constricted world of your own doing, when freedom is possible.


There are a number of psychological and emotional personalities that are in common in the above list of onsets to anxiety, I will deal with one, and that is, an unrealistic and disproportionate sense of ego.


The world we live in dictates through the many forms of media, that a smart, strong human being, must have the answers to everything. There is a how to, and a six or maybe even seven or eight step solution to every difficulty. Whenever we are faced with problems, it’s either entirely our fault or we are totally responsible for fixing the total mess.


When people see themselves as “self made” and the dependency is entirely on ones self, it’s no wonder a person will buckle under such enormous pressure. We are told, “He is rich, and therefore he must be smart.” Or worse than that, “he is smart; therefore, he will certainly make it big in life.”


King Solomon, the smartest of all men tells us, “It is not to the wise bread.” Bread and success does not come because a person is wise. “Because it is HE who gives you strength to succeed” says the Bible.


Let’s take the first trait I mentioned above, that will lead to anxiety, excessive need for control. This notion that it is all up to me, and the results are all my doing, runs contrary to what we are told in the Ethics of our Fathers. A most powerful instruction and lesson to remember in life, “It is not upon you to conclude (and bring about the complete final results of any effort), and you are not free to desist from doing something.”


We certainly must give it all we got when discharging our responsibilities. Our obligation to make an effort, means to give it all we got, and to never, stop trying. However, there is a big world out there that doesn’t always match with our own personal agendas. As much as we try, someone bigger and better than us, G-d, may have some other plans for the entire universe, and those plans includes the best situation for each individual.


It is impossible for any one person or groups of people to control anything. We try our best and with a little help from Above we succeed. It is unrealistic to take it all on your shoulders. Give it up and leave a little room in your life for G-d in His immeasurable power to help you succeed. Please write to me with any comments rsezagui@aol.com.