Simon Willison’s Weblog

Bizex

I’m going to try not to turn this in to a blog about Windows security exploits but this one is genuinely interesting in that it actively tries to steal financial information and important passwords. Bizex spreads itself by spamming messages over ICQ advising the recipient to visit a specific URL. When they visit it, Internet Explorer exploits are used to download and execute the main payload which then infects their ICQ program and uses it to message their contacts. The worm also scans their hard drive for information relating to a number of well known financial services which it then uploads to a server via FTP, and it apparently snoops on their browser for any passwords travelling over HTTPS connections as well.

Clearout

• Tristan Louis’ RSS to Necho convertor puts paid to the idea that the success of one format will be detrimental to the usefulness of the other.
• O’Reilly’s RegExp Power series (part one and part two) demonstrate some powerful tricks for use with Perl compatible regular expressions.
• Norman Walsh explains Content Negotiation and some of the pitfalls with modern browser implementations.
• So that’s what happened to Digitiser. See also a Digitiser Tribute and a Mr Biffo interview from 2001 for background information. I cuss you bad.
• George Orwell: Politics and the English Language
• Clay Shirky: A Group Is Its Own Worst Enemy. The title is misguiding; this is an essay about how online groups behave and how to look after them.
• A Java HttpClient Class.
• Some good stuff on Boxes and Arrows: Ten Quotable Moments: Challenges and Responses for UI Designers and Views and Forms: Principles of Task Flow for Web Applications (Part 1).
• Inside our notions of “document” and Inside our documents II—the Runoff model.
• 5 days worth of XSLT observations from Simon St. Laurent: One, Two, Three, Four, Five.
• Windows programming with open source tools: Minimalist GNU For Windows and Win32 Programming with GNU C and C++.