Thursday, 30 June 2011

TDL4 – Top Bot - Securelist

TDL4 – Top Bot

TDSS variants

The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today. TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center. TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.

Its creator calls this program TDL. Since it first appeared in 2008, malware writers have been perfecting their creation little by little. By 2010, the latest version was TDL-3, which was discussed in depth in an article published in August 2010.

The creators of TDSS did not sell their program until the end of 2010. In December, when analyzing a TDSS sample, we discovered something odd: a TDL-3 encrypted disk contained modules of another malicious program, SHIZ.


TDL-3 encrypted disk with SHIZ modules

At that time, a new affiliate program specializing in search engine redirects had just emerged on the Internet; it belonged to the creators of SHIZ, but used TDL-3.

The changes that had been made to the TDL-3 configuration and the emergence of a new affiliate marketing program point to the sale of TDL-3 source code to cybercriminals who had previously been engaged in the development of SHIZ malware.

Why did the creators of TDL decide to sell source code of the third version of their program? The fact is that by this time, TDL-4 had already come out. The cybercriminals most likely considered the changes in version 4 to be significant enough that they wouldn’t have to worry about competition from those who bought TDL-3.

In late 2010, Vyacheslav Rusakov wrote a piece on the latest version of the TDSS rootkit focusing on how it works within the operating system. This article will take a closer look at how TDL-4 communicates with the network and uploads data to the botnet, which numbered over 4.5 million infected computers at the time of writing.

Yet another affiliate program

The way in which the new version of TDL works hasn’t changed so much as how it is spread - via affiliates. As before, affiliate programs offer a TDL distribution client that checks the version of the operating system on a victim machine and then downloads TDL-4 to the computer.


Affiliates spreading TDL

Affiliates receive between $20 to $200 for every 1,000 installations of TDL, depending on the location of the victim computer. Affiliates can use any installation method they choose. Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.

The changes in TDL-4 affected practically all components of the malware and its activity on the web to some extent or other. The malware writers extended the program functionality, changed the algorithm used to encrypt the communication protocol between bots and the botnet command and control servers, and attempted to ensure they had access to infected computers even in cases where the botnet control centers are shut down. The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies.

The ‘indestructible’ botnet

Encrypted network connections

One of the key changes in TDL-4 compared to previous versions is an updated algorithm encrypting the protocol used for communication between infected computers and botnet command and control servers. The cybercriminals replaced RC4 with their own encryption algorithm using XOR swaps and operations. The domain names to which connections are made and the bsh parameter from the cfg.ini file are used as encryption keys.

Readers may recall that one of the distinguishing features of malware from the TDSS family is a configuration file containing descriptions of the key parameters used by various modules to maintain activity logs and communications with command and control servers.

 
Example of configuration file content

Compared to version 3, there are only negligible changes to the format of the configuration file. The main addition is the bsh parameter, an identifier which identifies the copy of the malware, and which is provided by the command and control sever the first time the bot connects. This identifier acts as one of the encryption keys for subsequent connections to the command and control server.

 
Part of the code modified to work with the TDL-4 protocol.

Upon protocol initialization, a swap table is created for the bot’s outgoing HTTP requests. This table is activated with two keys: the domain name of the botnet command and control server, and the bsh parameter. The source request is encrypted and then converted to base64. Random strings in base64 are prepended and appended to the received message. Once ready, the request is sent to the server using HTTPS.

The new protocol encryption algorithm for communications between the botnet control center and infected machines ensures that the botnet will run smoothly, while protecting infected computers from network traffic analysis, and blocking attempts of other cybercriminals to take control of the botnet.

An antivirus of its own

Just like Sinowal, TDL-4 is a bootkit, which means that it infects the MBR in order to launch itself, thus ensuring that malicious code will run prior to operating system start. This is a classic method used by downloaders which ensures a longer malware lifecycle and makes it less visible to most security programs.

TDL nimbly hides both itself and the malicious programs that it downloads from antivirus products. To prevent other malicious programs not associated with TDL from attracting the attention of users of the infected machine, TDL-4 can now delete them. Not all of them, of course, just the most common.

 
TDSS module code which searches the system registry for other malicious programs

TDSS contains code to remove approximately 20 malicious programs, including Gbot, ZeuS, Clishmic, Optima, etc. TDSS scans the registry, searches for specific file names, blacklists the addresses of the command and control centers of other botnets and prevents victim machines from contacting them.

This ‘antivirus’ actually helps TDSS; on the one hand, it fights cybercrime competition, while on the other hand it protects TDSS and associated malware against undesirable interactions that could be caused by other malware on the infected machine.

Which malicious programs does TDL-4 itself download? Since the beginning of this year, the botnet has installed nearly 30 additional malicious programs, including fake antivirus programs, adware, and the Pushdo spambot.


TDSS downloads

Notably, TDL-4 doesn't delete itself following installation of other malware, and can at any time use the r.dll module to delete malware it has downloaded.

Botnet access to the Kad network

One of the most outstanding new features of TDL-4 is the kad.dll module, which allows the TDSS botnet to access the Kad network. So what do the cybercriminals want with a publicly accessible file exchange network?

We have known about botnets controlled via P2P for some time now, although until now, these were closed protocol connections created by the cybercriminals themselves. In contrast, TDSS uses a public P2P network in order to transmit commands to all infected computers in the botnet. The initial steps of how TDSS makes use of Kad are given below:

  1. The cybercriminals make a file called ktzerules accessible on the Kad network. The file is encrypted and contains a list of commands for TDSS.
  2. Computers infected with TDSS receive the command to download and install the kad.dll module.
  3. Once installed, kad.dll downloads the file nodes.dat, which contains the publicly accessible list of IP addresses of Kad network servers and clients.
  4. The kad.dll module then sends a request to the Kad network to search for the ktzerules file.
  5. Once the ktzerules files has been downloaded and encrypted, kad.dll runs the commands which ktzerules contains.

 
Encrypted kad.dill updates found on the Kad network

Below is a list of commands from an encrypted ktzerules file.

  • SearchCfg – search Kad for a new ktzerules file
  • LoadExe – download and run the executable file
  • ConfigWrite – write to cfg.ini
  • Search – search Kad for a file
  • Publish – publish a file on Kad
  • Knock – upload a new nodes.dat file to the C&C which contains a list of Kad server and clients IP addresses, including those infected with TDSS.

The most interesting command is Knock. This command allows the cybercriminals to create their own Kad P2P, the clients of which are exclusively TDSS-infected computers.


How publicly accessible and closed KAD networks overlap

Essentially, the TDSS botnet kad.dll module is more or less the same as cmd.dll in terms of control function. By running nodes.dat files containing a list of IP addresses of Kad clients in addition to ktzerlrules, which contains a command to download a new nodes.dat file from cybercriminal servers, the owners of the botnet can both include their infected computers in the publicly accessible Kad network and remove them from the network. The publicly accessible Kad network contains no more than 10 TDSS infected computers. This makes replacing the ktzerules file as inefficient as possible, which prevents other cybercriminals from taking control over the botnet. The total number of TDSS infected computers on the closed network number tens of thousands.

 
Kad.dll code responsible for sending commands from the TDL-4 cybercriminals

Furthermore, access to Kad makes it possible for the cybercriminals to download any files to botnet machines and make them accessible to the P2P users. This includes adult content files and stolen data bases.

The key threat that such a botnet poses is that even when its command and control centers are shut down, the botnet owners will not lose control over infected machines. However, the system does face two major obstacles:

  1. By using the publicly accessible Kad network, the cybercriminals still run the risk of fake botnet commands.
  2. When developing the kad.dll module for maintaining communication with the Kad network, code with a GPL license was used — this means that the authors are in violation of a licensing agreement.

Extended functionality

In addition to its known adware function, TDL-4 has added some new modules to its arsenal. This article has already touched on the ‘antivirus’ function and the P2P module. The owners of TDSS have also added several other modules to their malware, and now offer services such as anonymous network access via infected machines and 64-bit support.

The proxy server module

A file called Socks.dll has been added to TDSS’s svchost.exe; it is used to establish a proxy server on an infected computer. This module facilitates the anonymous viewing of Internet resources via infected machines.

Having control over such a large number of computers with this function, the cybercriminals have started offering anonymous Internet access as a service, at a cost of roughly $100 per month. For the sake of convenience, the cybercriminals have also developed a Firefox add-on that makes it easy to toggle between proxy servers within the browser.

 
Firefox add-on for anonymous Internet use via the TDSS botnet

64-bit support

The appearance of a 64-bit malicious driver in TDSS was another innovation in malware in 2010. In order to support operations with 64-bit systems in user mode, TDL-4 contains a module called cmd64.dll, a version of cmd.dll for 64-bit systems. However, due to the limitations of working with 64-bit programs, cmd64.dll code only provides communication with the botnet command and control servers.

 
List of botnet command and control center commands

Working with search engines

The cmd.dll module (see for details) remains almost completely unchanged. This module facilitates communication with the botnet command and control servers and substitutes search results, i.e. fraudulently manipulates advertising systems and search engines. The newest innovation in the list of commands for TDSS is the SetName command, which assigns a number to each infected computer. For search engines and banner networks, TDSS uses the same fake click and traffic technologies as similar malicious programs. However, TDSS has the longest list of search engines for which it substitutes search results.


List of search engines supported by TDSS

Botnet command and control servers

When running, TDSS uses several sources to obtain lists of command and control server addresses. The default list is taken from cmd.dll; if these addresses are inaccessible, then TDSS gets a list from cfg.ini. If for some reason no command and control server listed is accessible, then a list is created from an encrypted file called bckfg.tmp, which the bot receives from the command and control server on first connection. Since the beginning of the year, around 60 command and control centers have been identified across the globe.


Control server
address
Server address at the
beginning of February
Server address at the
beginning of March
Percentage of
mentions in C&C lists
01n02n4cx00.cc noip noip 0,05%
01n02n4cx00.com 91.212.226.5 noip 0,43%
01n20n4cx00.com 91.212.226.5 91.193.194.9 0,21%
0imh17agcla.com 77.79.13.28 91.207.192.22 0,80%
10n02n4cx00.com 194.28.113.20 194.28.113.20 0,22%
1il1il1il.com 91.212.158.72 91.212.158.72 6,89%
1l1i16b0.com 91.193.194.11 91.193.194.11 0,43%
34jh7alm94.asia 205.209.148.232 noip 0,03%
4gat16ag100.com noip noip 2,07%
4tag16ag100.com 178.17.164.129 91.216.122.250 6,69%
68b6b6b6.com noip noip 0,03%
69b69b6b96b.com 91.212.158.75 noip 6,89%
7gaur15eb71.com 195.234.124.66 195.234.124.66 6,85%
7uagr15eb71.com noip noip 2,07%
86b6b6b6.com 193.27.232.75 193.27.232.75 0,14%
86b6b96b.com noip noip 0,24%
9669b6b96b.com 193.27.232.75 193.27.232.75 0,22%
cap01tchaa.com noip noip 2,19%
cap0itchaa.com noip noip 0,58%
countri1l.com 91.212.226.6 91.212.158.72 6,89%
dg6a51ja813.com 91.216.122.250 93.114.40.221 6,85%
gd6a15ja813.com 91.212.226.5 91.212.226.5 2,07%
i0m71gmak01.com noip noip 0,80%
ikaturi11.com 91.212.158.75 noip 6,89%
jna0-0akq8x.com 77.79.13.28 77.79.13.28 0,80%
ka18i7gah10.com 93.114.40.221 93.114.40.221 6,85%
kai817hag10.com noip noip 2,07%
kangojim1.com noip noip 0,14%
kangojjm1.com noip noip 0,24%
kur1k0nona.com 68.168.212.21 68.168.212.21 2,19%
l04undreyk.com noip noip 0,58%
li1i16b0.com noip noip 0,05%
lj1i16b0.com noip noip 0,05%
lkaturi71.com noip noip 0,14%
lkaturl11.com 193.27.232.72 193.27.232.72 0,22%
lkaturl71.com 91.212.226.6 91.212.158.72 7,13%
lo4undreyk.com 68.168.212.18 93.114.40.221 2,19%
n16fa53.com 91.193.194.9 noip 0,05%
neywrika.in noip noip 0,14%
nichtadden.in noip noip 0,02%
nl6fa53.com noip noip 0,03%
nyewrika.in noip noip 0,03%
rukkeianno.com noip noip 0,08%
rukkeianno.in noip noip 0,08%
rukkieanno.in noip noip 0,03%
sh01cilewk.com 91.212.158.75 noip 2,19%
sho1cilewk.com noip noip 0,58%
u101mnay2k.com noip noip 2,19%
u101mnuy2k.com noip noip 0,58%
xx87lhfda88.com 91.193.194.8 noip 0,21%
zna61udha01.com 195.234.124.66 195.234.124.66 6,85%
zna81udha01.com noip noip 2,07%
zz87ihfda88.com noip noip 0,43%
zz87jhfda88.com 205.209.148.232 205.209.148.233 0,05%
zz87lhfda88.com noip noip 0,22%

A careful examination of this list reveals that the IP addresses of command and control centers are constantly changing, while some command and control centers are phased out altogether. These changes are due to the use of proxy servers, which hide the true location of the command and control centers.

Command and control server statistics

Despite the steps taken by cybercriminals to protect the command and control centers, knowing the protocol TDL-4 uses to communicate with servers makes it possible to create specially crafted requests and obtain statistics on the number of infected computers. Kaspersky Lab’s analysis of the data identified three different MySQL databases located in Moldova, Lithuania, and the USA, all of which supported used proxy servers to support the botnet.

According to these databases, in just the first three months of 2011 alone, TDL-4 infected 4,524,488 computers around the world.

 
Distribution of TDL-4 infected computers by country

Nearly one-third of all infected computers are in the United States. Going on the prices quoted by affiliate programs, this number of infected computers in the US is worth $250,000, a sum which presumably made its way to the creators of TDSS. Remarkably, there are no Russian users in the statistics. This may be explained by the fact that affiliate marketing programs do not offer payment for infecting computers located in Russia.

To be continued…

This heading of this last section has become traditional in our articles on TDSS. In this case, we have reason to believe that TDSS will continue to evolve. The fact that TDL-4 code shows active development — a rootkit for 64-bit systems, the malware running prior to operating system start launches, the use of exploits from Stuxnet’s arsenal, P2P technology, its own ‘antivirus’ and a lot more — place TDSS firmly in the ranks of the most technologically sophisticated, and most complex to analyze, malware. The botnet, with more than 4.5 million infected computers, is used by cybercriminals to manipulate adware and search engines, provide anonymous Internet access, and acts as a launch pad for other malware.

TDSS and the botnet that unites all the computers it infects will continue to cause problems for users and IT security professionals alike. The decentralized, server-less botnet is practically indestructible, as the Kido epidemic showed.

BBC News - Security researchers discover 'indestructible' botnet

Security researchers discover 'indestructible' botnet

Combination safe, Eyewire Cracking the TDL-4 botnet is going to be hard, say security experts.

Related Stories

More than four million PCs have been enrolled in a botnet security experts say is almost "indestructible".

The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down.

Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.

Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.

The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.

The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.

"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.

Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec.

A botnet is a network of home computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims' PCs or use the machines to send out spam or carry out other attacks.

The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files.

Start Quote

It's definitely one of the most sophisticated botnets out there”

End Quote Joe Stewart

The virus installs itself in a Windows system file known as the master boot record. This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.

The majority of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.

However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down.

The makers of TDL-4 have cooked up their own encryption system to protect communication between those controlling the botnet. This makes it hard to do any significant analysis of traffic between hijacked PCs and the botnet's controllers.

In addition, TDL-4 sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines.

"For all intents and purposes, [TDL-4] is very tough to remove," said Joe Stewart, director of malware research at Dell SecureWorks to Computerworld. "It's definitely one of the most sophisticated botnets out there."

However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.

BBC News - UK population sees biggest increase in half a century

UK population sees biggest increase in half a century

Shoppers on the street The difference between numbers of births and deaths is the main driver of UK population growth

Related Stories

The UK population increased more last year than at any time in almost half a century, according to figures from the Office for National Statistics.

By mid-2010 the estimated resident population was 62,262,000, an increase of 470,000 (0.8%) on the previous year.

The growth rate is the highest since 1962, during the "baby boom" years.

'Natural change' - the difference between the numbers of births and deaths - accounted for 52% of the population growth.

The number of births in the UK is now at its highest since 1991, with 797,000 during the year to mid-2010.

The Office for National Statistics (ONS) says two factors are significant - rising fertility among UK-born women and more inward migration of women of childbearing age.

'Natural change' has been the main driver of growth for the last three years (2007-10), having narrowly overtaken net migration, which was the dominant factor for the previous nine years.

Net migration - the difference between long term migration into and out of the UK - shows a positive figure of 230,000 for 2009-10.

Overall, the ONS says the UK population has increased by 3.1 million people between 2001 and 2010.

The House of Commons library, in response to a question by James Clappison MP, recently estimated that the figure could exceed 70 million by 2026, three years earlier than previous official estimates.

More on This Story

Related Stories

BBC News - Ed Miliband's failure to support strikes 'a disgrace'

Ed Miliband's failure to support strikes 'a disgrace'

Mary Bousted, head of the Association of Teachers and Lecturers Mary Bousted accused Ed Miliband of being "ill-informed" about planned pension changes

The head of one of the unions striking over pensions has said Ed Miliband "should be ashamed of himself" for urging workers to call off the action.

Mary Bousted, leader of the Association of Teachers and Lecturers, told a rally in London his stance was "a disgrace".

The Labour leader said the strikes were "wrong" because negotiations with the government were still ongoing.

He said his MPs should turn up for work as normal on Thursday despite the picket lines outside Parliament.

Hundreds of thousands of public sector workers have staged a 24-hour walkout in protest at planned changes to their pensions.

They include members of three teaching unions and the Public and Commercial Services (PCS) union, which represents civil servants but has no formal links to the Labour Party.

The action has been condemned by ministers who insist that meaningful negotiations are still continuing.

The unions involved in these talks - Unite, the GMB and Unison - were also those that last year backed Mr Miliband's bid for the Labour Party leadership.

Angry response

Mr Miliband told the Local Government Association (LGA) annual conference in Birmingham that he understood "the anger of workers who feel they are being singled out by a reckless and provocative government".

But he said: "I also believe this action is wrong.

"Negotiations are ongoing, so it is a mistake to go on strike because of the effect on the people who rely upon those services.

Start Quote

What has he done to oppose this devastating attack on our pensions?”

End Quote Mary Bousted Association of Teachers and Lecturers

"And it is a mistake because it will not help to win the argument."

The Labour leader's stance sparked an angry response from Ms Bousted when she addressed an audience of striking workers in Westminster Central Hall.

"I am pleased we are not affiliated to Labour," she said, to loud applause.

"The response of Ed Miliband has been a disgrace - he should be ashamed of himself.

"If our strike is a mistake, what has he done to oppose this devastating attack on our pensions? If the opposition will not defend our pensions, we will."

She later told the BBC that the Labour leader had "not taken any interest" in the fact that the government had never carried out a promise valuation of the teachers' pension scheme.

"We haven't been able to negotiate, we haven't had the basic information we need from the government.

"[So] to come at this stage, two days before the strike, and say, 'You should negotiate, there's another way round'... is, frankly, unhelpful and ill-informed."

'A mistake'

Christine Blower, the leader of the National Union of Teachers, told the BBC's Question Time she would have liked more from the Labour leader.

"It would have been nice if Ed Miliband had felt he could have supported what we're doing," she said.

The NUT is not affiliated to the Labour Party and Ms Blower refused to be drawn on whether she would have chosen Mr Miliband to lead it.

Ed Miliband: "These strikes are wrong at a time when negotiations are going on"

Shadow business secretary John Denham was booed by the Question Time audience when he too refused to support the walkouts.

"I actually think the strike was a mistake because children lost a day in school today that they shouldn't have lost and many parents had to take a day off," he said.

"I don't think it was justified when there are talks taking place."

Labour MP John McDonnell said earlier that public sector workers "expected more" from the Labour leader and urged Mr Miliband to listen to their concerns over pensions.

"They want to have an opportunity to explain to him why they feel so strongly about what is happening to their pensions," he said.

Mr Miliband also condemned the government's handling of the pensions issue, accusing ministers of declaring their final position while talks were still taking place.

"This disruption could have been avoided if ministers had been willing to engage with the concerns of those affected by changes to public sector pensions," he told the LGA.

"The government's handling of the issue has been high-handed and arrogant."

Laptop Parts, Laptop DC power jacks

2011 International Design Excellence Awards | IDEA 2011 | Co.Design

Giuseppe Randazzo Creates Primal Patterns From Thousands Of Virtual Rocks | Co.Design

Giuseppe Randazzo Creates Primal Patterns From Thousands Of Virtual Rocks

Randazzo can see the art in the math, like Neo looking at the code.

The first time you see Giuseppe Randazzo's "Stone Fields" designs, you may think he's ripping off Andy Goldsworthy: in each image, thousands of stones and rocks are artfully arranged into circular patterns that evoke timeless nature and human creativity at once. But there's a catch: none of the stones are real, and an algorithm did all the arranging. It's all based on fractal math and some seriously photorealistic rendering.

Randazzo can see the art in the math, like Neo looking at the code.

But Randazzo doesn't just change some numbers, hit a button and see what happens. "I have a pretty clear idea of the final image, due to the generative process that is based on different kinds of scalar fields that are defined a-priori by me," he tells Co.Design via email. In other words, he can see the art in the equations, like Neo looking at the code of the Matrix. But like any good art, it's not completely deterministic -- Randazzo says he's often surprised at some of the details that come out of the process.

Some vital statistics: the average "Stone Fields" design contains between 4,000 and 10,000 virtual stones, each of which is made of about 512 polygons -- or between 2 and 5 million polygons per image. While that might sound like it'd choke a supercomputer, Randazzo says that "a robust PC" can handle it just fine, placing the stones in about 15 minutes, and rendering them in all their eerie photorealistic glory in a matter of hours. Can you imagine hand-placing 10,000 rocks in that amount of time? A small army of Andy Goldsworthys couldn't work that fast. Check out a selection of Randazzo's favorite designs here -- and maybe think about learning Processing or Cinder while you're at it.

[See more "Stone Fields" at Giuseppe Randazzo's site]

<div class="disqus-noscript">View the discussion thread.</div>

Cleaning Up with Small-Scale Sanitation - http://blogs.worldbank.org

Cleaning Up with Small-Scale Sanitation

One of the most repulsive moments in cinematic history is the outhouse scene in the Oscar-winning films SlumdogMillionaire. The hero, Jamal, is trapped in an outhouse when his favorite celebrity lands nearby in a helicopter. The only way to see his hero is to jump into the excrement. Happily, he gets to see the star and get an autographed photo: nothing parts a crowd like a filth-covered child.



Perhaps the director included the scene for shock value. But it also highlights a health issue that is reality for 2.6 billion people: a lack of safe sanitation. Of this group, 1.4 billion defecate in the open. The implications reach far beyond offended noses and human dignity. Over 5,000 children die every day from diseases related to human waste, particularly diarrhea, which kills more children than malaria, AIDS and tuberculosis combined.

So what’s being done to address this? Traditionally, the development community has tackled sanitation issues through infrastructure projects, working directly with governments. But this often isn’t enough. Often, the problems exist in slums, some of which are technically illegal settlements. Building infrastructure is such places become a political issue.

But a new trend is emerging. Managing human waste provides opportunities for businesses, all the way down to the micro level. Even the outhouse in Slumdog Millionaire is a fee-based service (Jamal and his brother charge for it). But there are also opportunities in the manufacture of latrines, waste collection, and pit cleaning. This doesn’t just reduce the waste problem, it also provide income opportunities, and treats the poor as paying customers for a much-needed (and appreciated) service.

One example is the service of emptying latrine pits. When these pits fill up, people often have to defecate in the open. But with the right equipment, such as theNibbler or theGulper, latrine pits can quickly be emptied. The small businesses that provide the service then take the waste to a sewage treatment plant, or at least dispose of it in a safe place.

The Bank’s WaterandSanitationProgram (WSP) has taken this idea further by testingsanitationmarketingapproaches tocreatedemand and support thesupplyofaffordableproducts that are valuable to poor households as a way to rapidly reach this lower tier of the market.

Perhaps not every sanitation entrepreneur will end up as a millionaire, like Jamal in the film. But hopefully, more and more people will earn an income providing small-scale sanitation services, and reducing health risks at the same time.

Reading related to this trend:

Promoting Sanitation Markets at the Bottom of the Pyramid in Peru: A Win-Win Scenario for Government, the Private Sector & Communities (2010)



Don’t overlook the Baby Boomers! | Straight Talk | Ted Rubin

Don’t overlook the Baby Boomers!

29. Jun, 2011 0 Comments

If you think that the place to reach Baby Boomers (born between 1946 – 1964) is anywhere that does not include technology, think again!  Boomers in the U.S. are technology-savvy enough to comprise 1/3 of all TV viewers, online users, social media users and Twitter users.

If that’s not enough to make you think twice about where you’re putting your social media marketing dollars, consider that there are 78 million Boomers in the U.S., many who have “shown a willingness to try new brands and products.” In fact, they spend 38.5% of CPG dollars! (source: Nielsen).  You can’t afford to overlook them!

Online is becoming the perfect place to reach Boomers.  They are being neglected in brick-and-mortar retail stores which mostly cater to younger consumers — with low lighting, loud music, and young employees.  This can easily be solved online, but few marketers are stepping up.  We have a huge opportunity to meet Boomer needs online… this is the perfect time to start!

We do need to make sure, however, not to just “go after the money.”  As with any social media marketing campaign, we need to take the time to build trust with our potential consumers.  Boomers likely won’t buy a product just for the cool factor, and aren’t drawn into each new hyped product, so it is especially important to focus on building a relationship with them and activating Advocates who will not only recommend the product, but actively encourage their friends and family to try it.

With the Boomer audience in particular, our guiding principle needs to be “Make NO Assumptions!”  Even if you are a Boomer, genuine relationship-based marketing requires that you make no assumptions.

Make NO assumptions about:

  • Their needs, and/or how they want their needs to be addressed
  • Their technical skills/experience
  • Their preferences (re: products, services, online tools, marketing contact…)
  • Their habits, relationships, work, etc., etc.

ASK first, LISTEN next, ASK again (for clarification), then ACT and INTEGRATE your learning.  That is the sequence that builds genuine relationships, and what will build Boomers’ trust and turn them into Advocates.

We have an untapped Boomer market waiting to be served online.  How will you help fill that gap?

Originally posted at ZuberRants

Share
Twitter

Digg

Delicious

Stumbleupon

Technorati

Facebook

Email

Walking Around In Circles: As Google+ Opens Up Will People Start Using It Correctly?

Walking Around In Circles: As Google+ Opens Up Will People Start Using It Correctly?

  • 106 Comments
  • MG Siegler

    14 hours ago

    Last night, I wrote up my initial thoughts on Google+ after using it for a day. Overall, I find it pretty compelling so far. While there is a bit of a learning curve, after about 15 minutes, I found myself at home using the service. And little things (namely notifications) kept bringing me back. But let’s be realistic, it has only been a day. The new car smell has yet to wear off. And I have also noticed a few other things that may spell trouble down the road.

    Right now, almost every single post I see on Google+ is shared with the Public. Perhaps this is to be expected since the initial roll-out yesterday was very small. People don’t have a lot of friend in their Circles yet, so they’re posting everything to the public in the hopes of seeing some interaction, I imagine. I have been doing this too.

    But tonight, Google started dishing out invites for early users to spread around as they see fit. As far as I can tell, the service is seeing a massive influx of new users right now — a lot more than yesterday. And while Google’s servers appear to be handling the new load just fine, I do wonder what this will mean for the underlying principles of the site. Namely, will people start using Circles in the correct way?

    By “correct”, I don’t mean to suggest that there is a set way to use Google+. But it’s no secret that Circles are a huge part of what the service is supposed to be about. Google has spent a lot of time and energy working on what they believe to be the correct system for grouping people together for the purpose of sharing content online. But again, right now, most people seem to be sharing to “Public” and not actually using their Circles.

    That type of usage doesn’t seem tenable as Google+ gains users. Imagine the service having over a million users (which would be quite low for Google) — while you’ll still be in control of what posts you see, the comment sections will likely be too much. And people re-sharing other content will lead to too much noise.

    More importantly, that would make Google+ just another slightly different version of Twitter, Facebook, etc. Then it becomes a question of “why share here instead of there?” — and that’s not something I’m sure Google can win coming to the game so late.

    I think Google knows all of this. I don’t believe they’re setting out this time with the intention of trying to win that game. They did that with Buzz, and they lost. The emphasis with Google+ is on using Circles as a sort of natural filter. The hope is that you’ll share within Google+ the same way you do in the real world. You’ll send certain things to your close friends, other things to your co-workers, other things to your college buddies, etc.

    But as everyone has learned over the years, getting users to create and use groups is hard. Just ask Mark Zuckerberg. No one wants to do it.

    With Google+, Google has created the most visually appealing and simple way to create groups yet (better than even Facebook’s revamped Groups). But I’m still not entirely sold that people will do it. Or at least not to the extent that Google hopes.

    Google has smartly made it so that you have to add people to Circles in order to “follow” them. This is a slight barrier to entry in terms of digging in and using the service, but it does bolster the Circle idea. But instead of creating a bunch of Circles, I foresee people simply shoving everyone into the default “Friends” or “Following” Circles and going about their business.

    Who knows, maybe I’m just a Silicon Valley guy who has lost touch with reality. It’s entirely possible. But maybe, just maybe, the opposite is true. Maybe “regular” people have been allergic to using groups in the past because they simply don’t want to use groups. Maybe it’s one of those things that’s a good idea on paper or in a brain-storming session, but doesn’t translate onto the web.

    Maybe — gasp — the web isn’t meant to mimic the real world.

    Again, I’m not saying that’s for sure the case. I’m just very curious to see how Google+ usage plays out with a ton of people now using it. Will the current public sharing we’re seeing yield to the use of Circles? Or is the idea of public sharing becoming mainstream enough that it’s the new norm?

    That idea will certainly piss some people off. The old “I don’t want my boss or my mom seeing my drunken pictures” thing is the oft-cited rationale for why we need groups. But Twitter and now Facebook have slowly been changing that mentality in the public psyche. Increasingly, everything we do online is becoming public. You can say you hate it all you want, but it’s becoming more accepted each day. And this will only continue.

    When I look at my Google+ Circles right now, I think: what would I share with only these select people that I wouldn’t share with everyone? It’s hard to come up with an answer. People jump on me: “you don’t have kids!” That’s true, but I have a lot of friends with kids. The vast majority of them seem fine sharing those pictures with the public.

    Further, I’m just not sure that sharing pictures of your kids is a big enough use case to constitute an entire, massive social fabric. For certain smaller services, sure. For Google? No.

    This is the company that wants to organize all of the world’s data. In order to do that, don’t they need all of that data to be public? Doesn’t it seem like they should be pushing the fully public Twitter mentality more than private group sharing? It sure does. But again, they already lost that race. And the attempts to buy Twitter have been rebuffed. So instead they’re going for the market where there is an opening right now.

    And maybe that will work. Again, I like Google+ a lot so far. But I like it because it’s a well-made network with some interesting tools. I’m not sold on Circles yet. Maybe other features like Huddle (group mobile chat) will change that. Maybe they won’t. Google has said that this initial roll-out of Google+ is only a sliver of what’s to come. So we’ll have to wait and see.

    But whether they like it or not, the public vs. Circle trial is beginning right now. If everyone keeps sharing with the public, Google+ will be a public network. And that’s fine. I’m just not sure it’s what Google wants, because I’m not sure it’s something anyone needs another version of. Instead, the best hope for Google+ may be for Circles to take off and get people hooked on specialized sharing with smaller networks, and then for public sharing to come up later and take its place. You know, the Facebook doctrine.

    Skype For Android Now Supports Video Calls, Works Over WiFi And 3G

    Skype For Android Now Supports Video Calls, Works Over WiFi And 3G

  • 12 Comments
  • Robin Wauters

    6 hours ago

    Thanks to an update of Skype’s Android application, you can now make one-to-one video calls over both WiFi and 3G connections. You can download the Skype app from the Android Market or point your browser to Skype.com/m from your phone.

    Note that your smartphone needs to be running Android Version 2.3 (or above) and have a front-facing camera. Supported handsets include the HTC Desire S, Sony Ericsson Xperia neo, Sony Ericsson Xperia pro and the Google Nexus S.

    This is just the first phase, Skype says, so expect support for more devices soon.

    Once installed, you can have video calls from your Android phone with your Skype contacts on iPhone, Mac, Windows PCs and even a number of TVs.

    The Skype for Android app has also been given a new lick of paint.

    There’s now a new main menu where you can navigate more easily through your contacts, access your Skype profile to change personal details, use the dial pad to make calls and see the balance of your Skype Credit.

    A new mood message box at the top of the Skype app menu also enables you to share whatever you’d like to share with your contacts.

    Finally, you can now send SMS messages from the Android app.

    Neil Stevens, Skype’s vice president and general manager for product and marketing, says approximately 30 million concurrent users log into Skype at any given time and make up to half a million simultaneous video calls (at peak times as of June 2011).

    A Robot Hand That Draws Artfully Demented Portraits [Video] | Co.Design

    ART IS A REVOLT AGAINST FATE -ANDRE MALRAUX : Haiti

    Haiti

    If you haven’t heard already, 16 of us Degrassi kids are going to Haiti this summer with Free The Children. FTC is truly an unbelievable organization, and I am so happy to be involved. Three years ago I went to Ecuador with them, and my life was changed. I was hesitant about going at first; it was my first year on degrassi as a regular, the farthest I had ever travelled from my family at that point was California. But I decided I would risk it. And I’m convinced it’s the best decision I ever made.

    We worked tirelessly on a kitchen building for the whole community. We sanded, plastered, and created a mural that we painted in the main room.

    I had so much fun on this trip, and I met so many beautiful kids, who get to eat in a clean, safe kitchen thanks to FTC.

    Two summers later, I went to India. This trip, of course, was as amazing and life changing as the last. We worked on several classrooms, and played with the kids who went to school in the already completed sections. 

    They were incredibly inspiring kids, and I will never forget them, or their smiles. FTC was there, to help bring them the education that will give them the power to do whatever they choose in their lives. 

    This year we are going to Haiti. It’s going to be a more monumental trip all around because not only is Haiti strongly in need of help, but FTC has never done a group trip there. 16 Degrassi cast member are going, including myself and I cannot even begin to explain how excited and honoured we are to be going.

    For fundraising for this trip, we’re trying something a little different. We are trying to raise money through an online website called Crowdrise. It’s an amazing site created by Edward Norton and several others that makes it simple to donate and raise money for causes around the world. It would be truly amazing if you wonderful Degrassi enthusiasts would help in donating to our cause. Every dollar makes a difference. That sounds so cheesy but it’s true. If every twitter follower I had donated a single dollar, we would make almost double our goal of $23,000. Each cast member has their own page, so you can donate to whoever you choose; the money will eventually end up in the same place. The link to my page is first, followed by the link to all the members.

    http://www.crowdrise.com/DegrassiCast-Haiti/fundraiser/AislinnPaul 

    http://www.crowdrise.com/fundraise-and-volunteer/the-team/degrassicast-haiti/1#top

    Thank you for reading this. I totally understand if you’re not in a position to donate. Even so, like this, reblog this, tweet this, anything this, or just send positive thoughts and love to Haiti. Spread the word!! It will all make a difference. Thank you <3

    IBM announces computer memory breakthrough - Computerworld

    IBM announces computer memory breakthrough

    Phase-change memory offers 100 times the write performance of NAND flash

    By Lucas Mearian
    June 30, 2011 06:00 AM ET

    Computerworld - IBM Thursday announced a breakthrough in computer memory technology, which may lead to the development of solid-state chips that can store as much data as NAND flash technology but with 100 times the performance and vastly greater lifespan.

    Currently, NAND flash memory products, such as SSDs, have write rates as high as 2Gbit/sec.

    IBM said it has produced phase-change memory (PCM) chips that can store two bits of data per cell without data corruption problems, something that has plagued PCM development from the start.

    PCM chip
    IBM's phase-change memory chip uses circuitry that is 90 nanometers in width

    Like NAND flash memory, which is used in solid state drives (SSDs) and is embedded in computers like Apple's MacBook Air, PCM is nonvolatile -- meaning it retains data after its power supply is shut down.

    Unlike NAND flash, PCM memory does not require that existing data be marked for deletion prior to new data being written to it -- a process known to as an erase-write cycle. Erase-write cycles slow NAND flash performance and, over time, wear it out, giving it a lifespan that ranges from 5,000 to 10,000 write cycles in consumer products and up to 100,000 cycles in enterprise-class products.

    PCM can sustain up to 5 million write cycles, according to IBM.

    "If you can write to flash 3,000 times, that will outlive most cell phones and MP3 players, but that's certainly not good enough for the enterprise that does that in an hour," said Christopher Sciacca, manager of communications for IBM Research in Zurich.

    As organizations and consumers increasingly embrace cloud-computing models and services, ever more powerful and efficient, yet affordable storage technologies are needed, according to Haris Pozidis, manager of memory and probe technologies at IBM Research.

    Pozidis said that for the past five months, teams of IBM scientists have been testing a multi-level cell (MLC) chip that's capable of storing two and eventually three bits of data, indicating that it can achieve a level of reliability that is suitable for practical applications.

    Besides applications for enterprises and in the cloud, PCM may also serve as an extension for DRAM.

    While DRAM will continue to be used as the closest memory device to the CPU for the most active data, Pozidis said, PCM, with its greater capacity, can be used less frequently accessed data. "The PCM, which is much larger, acts as a repositor. If the data becomes hot again it will move back to the DRAM," he said.

    In another scenario, Pozidis said, the CPU can talk directly to the PCM, but it thinks its talking to the DRAM using a controller. "Again, the hot data speaks to DRAM and not so hot data speaks to the PCM," he said.

    What does Dual SIM cell phone mean

    What does Dual SIM cell phone mean?

    Answer:
      Improve

    If you've followed the developments in the China cellphone wholesale market lately it seems that one SIM card is not enough, and there's a proliferation of mobile phones with at least two SIM cards.

    Major wireless cell phone manufacturers like Samsung, Nokia and Motorola have been slow to catch up with Samsung only just releasing a model at the time this article was written.

    So what's going on? Are the makers of these China cellphone wholesale brands that busy that they need two SIM cards? Did it only happen to so that they could avoid getting phone calls from their partner and how can it benefit us as consumers.

    We attempted to get to the bottom of this dual mobile mystery.

    What is dual SIM?
    Dual SIM essentially refers to a phone that can hold and utilize two SIM cards in the same GSM cellular phone. It doesn't matter if they're dual SIM TV phones or any other dual SIM phones as long as they take two SIM cards and read them then they are dual SIM mobile phones.

    How does dual SIM work?
    The answer to this question all depends on the phone. Some types of unlocked phone have two CPUs (central processing units, the part of the phone that does the 'thinking') which allow them to potentially answer two phones at the same time. Essentially it means that you can receive signals for both numbers.

    Not all dual SIM card phones have two CPUs and this can have two results for consumers. If the phone has call secretary software, or your carrier has an online call secretary service then if you're on the phone and another call comes in then it'll be shipped to voicemail. If no such software or option exists on your GSM dual mobile then the other caller will just be told that your line is busy.

    So can I take two phone calls at the same time on a dual SIM phone?
    Again the answer to that question depends on how many CPUs your phone has, if there is more than one then there should be no problem. But if your China cellphone wholesale phone only has the one CPU then you're only going to be able to take or make one phone call at a time.

    Why dual SIM?
    The concept of dual SIM cell phones suits many people for many reasons, regardless of whether you're interested in a phone from a major brand or a dual SIM phone from China. But the most-commonly given reasons are for coverage, economy and convenience.

    When trying to get the best deal/best coverage out of your unlocked phone then sometimes the service of one carrier isn't enough and you need to set up two phones to make sure you're reachable at all times and you reduce the phone bill on your mobile phone. A cell phone that will handle two SIM cards should let you cut down costs while keeping two carriers on the same phone.

    The other reason for two SIM cards is the ability to keep all of your personal and business contacts separate while keeping them in the same place.

    Do both numbers in Dual SIM share the same memory?
    Yes, Both numbers share the same telephone list and SMS library so there's no threat of wasting hours scrolling through two different libraries to find one message.

    Why do most dual SIM phones come from China?
    Nobody knows quite why dual SIM phone from China are so prevalent but with the volume of electronics being manufactured in China and the frequency that OEM manufacturers are used means that China cellphone wholesale makers are more likely to create new solutions and new features than phone makers from other parts of the world. Of course it could also be that they don't want their partners to see who else they're calling but we'll never know.

    How does a dual SIM phone switch from one SIM card to another?
    When you're using a wireless cell phone with two SIM cards when making calls is usually done by either pressing a button or making a menu selection.

    When your dual mobile is receiving calls then it's simply a case of first come first serve and the caller who gets in contact with you first talks to you first, regardless of which SIM their details are on.

    So there you go, some of the answers to dual SIM card phones that you probably wanted to know but were afraid to ask. One thing remains true, when it comes to unlocked cell phones or China cellphone wholesale manufacturers we are going to be seeing a whole lot more phones on the market with slots for two SIM cards. And that is definitely a good think in my books.