Srizbi botnet and GNC (company): Difference between pages

General Nutrition Centers, Inc.
Company type	Private
Industry	Retail
Founded	1935
Founder	David Shakarian
Headquarters	Pittsburgh, Pennsylvania
Key people	Joseph Fortunato, CEO; Beth Kaplan, President
Products	Nutritional supplements
Revenue	$1.42 Billion (2004)
Website	www.gnc.com

Content deleted Content added

VisualWikitext

Inline

Revision as of 21:23, 10 October 2008

Template:Wikify is deprecated. Please use a more specific cleanup template as listed in the documentation.

General Nutrition Centers or GNC is a Pittsburgh, Pennsylvania-based American commercial enterprise focusing on the retail sale of health and nutrition related products, over the counter drugs, and foods/food supplements world-wide through GNC branded stores.

History

In 1935, David Shakarian opened a small health food store, Lackzoom, in downtown Pittsburgh. He only made USD $35 on his first day, but was able to open a second store within six months. A year later, Shakarian suffered what appeared to be a fatal blow when the Ohio River flooded on St. Patrick's Day. Both of his stores were wiped out. However, he quickly rebuilt both stores, and opened five more by 1941.

During the health food craze of the 1960s, Shakarian expanded his chain outside Pittsburgh for the first time, and in the process changed its name to General Nutrition Center. He continued to run the chain until his death in 1984.

Retail stores

GNC retail stores (or "GNCs") will typically stock a wide range of weight loss/bodybuilding supplements and nutritional supplements, in both their own numerous in house brands as well as third party name brands, in addition to health and fitness books, magazines and related tools. The company also stocks vitamins, natural remedies, and health and beauty products. GNC has over 6,000 stores in the US (including 1,100 store-within-a-store locations within Rite Aid) as well as locations in 49 other countries.^[1]

GNC LiveWell in Australia currently has 41 Stores located in Brisbane (Queensland), Sydney (New South Wales) and Melbourne (Victoria). Most of these stores have taken a major rebrand in January 2007, following the opening of es have also come under dismay from HealthyLife and GoVita, which have similar based stores in the same shopping center.

The Major Rebrand has taken a new approach to merchandising with front glass display cabinets featuring LCD Plasma Televisions displaying specials and products, and inviting customers into the store for free samples offridges for cold beverages towards the back, and a centrally located point of sale desk.

Business model

GNC retail stores are both a combination of corporate-owned and franchised stores; 1300 of the 5000 domestic US stores are franchises, commonly located within urban shopping malls and shopping zones. In 1999, drugstore.com became the Exclusive Retailer on the Web of GNC Brand Products. GNC also decided to implement a policy of hiring abusive Regional managers who do nothing but talk about basketball, and say ooh all the time.General Nutrition Centers (GNC) opened a "store-within-a-store" on drugstore.com.^[1]

References

^ "drugstore.com and GNC Expand Wellness Choices forOnline Shoppers with 'Electronic Store-Within-a-store'.", Business Wire, 1999-10-05 {{citation}}: Check date values in: |date= (help)CS1 maint: date and year (link)

External links

GNC official website

[1] "drugstore.com and GNC Expand Wellness Choices forOnline Shoppers with 'Electronic Store-Within-a-store'.", Business Wire, 1999-10-05 {{citation}}: Check date values in: |date= (help)CS1 maint: date and year (link)

[1]

@@ Line 1: / Line 1: @@
+{{Wikify|date=September 2008}}
-The '''Srizbi botnet''', also known by its aliases of '''Cbeplay''' and '''Exchanger''', is the world's largest or second-largest [[botnet]] depending on expert reports, and is responsible for sending out more than half of all the [[E-mail spam|spam]] being sent by all the major botnets combined.<ref name="Darkreading">{{cite news | last = Jackson Higgins| first = Kelly | title = Srizbi Botnet Sending Over 60 Billion Spams a Day | publisher = Dark Reading | date = [[May 8]] [[2008]] | url = http://www.darkreading.com/document.asp?doc_id=153271 | accessdate = 2008-07-20}}</ref><ref name=pcworld>{{cite news | last = Pauli| first = Darren | title = Srizbi Botnet Sets New Records for Spam | publisher = PC World | date = [[May 8]] [[2008]] | url = http://www.pcworld.com/businesscenter/article/145631/srizbi_botnet_sets_new_records_for_spam.html | accessdate = 2008-07-20}}</ref> The botnets consist of computers infected by the Srizbi [[Trojan horse (computing)|trojan]], which sends spam on command.
+{{Unreferenced|date=September 2008}}
+{{Cleanup|date=September 2008}}
-== Size ==
+{{Infobox Company |
-The size of the Srizbi [[botnet]] is estimated to be around 315,000 compromised machines, with estimation differences being smaller than 5% among various sources.<ref name=pcworld/><ref>{{cite news | last = Popa| first = Bogdan| title = Meet Srizbi, the Largest Botnet Ever | publisher = Softpedia | date = [[April 10]] [[2008]] | url = http://news.softpedia.com/news/Meet-Srizbi-The-Largest-Botnet-Ever-82992.shtml | accessdate = 2008-07-20}}</ref> The botnet is reported to be capable of sending around 60 billion spam messages a day, which is more than half of the total of the approximately 100 billion spam messages sent every day. As a comparison, the highly publicized [[storm botnet]] only manages to reach around 20% of the total amount of spam sent during its peak periods.<ref name="csoonline">{{cite news | last = E. Dunn| first = John| title = Srizbi Grows Into World's Largest Botnet | publisher = CSO Online | date = [[May 13]] [[2008]] | url = http://www.csoonline.com/article/356219/Srizbi_Grows_Into_World_s_Largest_Botnet | accessdate = 2008-07-20}}</ref><ref name=pcworld/>
+  company_name   = General Nutrition Centers, Inc. |
+  company_logo   = <!-- Deleted image removed: [[Image:GNClogo.gif|200px|GNC]]  -->|
+  company_type   = [[Private company|Private]]|
+  foundation     = 1935|
+  founder        = David Shakarian|
+  location = [[Image:Flag of Pittsburgh, Pennsylvania.png|25px]] [[Pittsburgh, Pennsylvania]] |
+  key_people     = Joseph Fortunato, CEO;
+                   Beth Kaplan, President |
+  industry       = [[Retail]]|
+  products       = [[Nutritional supplements]]|
+  revenue        = {{profit}}$1.42 Billion (2004)|
+  slogan         = Live Well |
+  homepage       = [http://www.gnc.com/ www.gnc.com]
+}}
+'''General Nutrition Centers''' or '''GNC''' is a [[Pittsburgh, Pennsylvania]]-based [[United States|American]] [[commerce|commercial]] [[Business|enterprise]] focusing on the retail sale of health and nutrition related products, [[over the counter drugs]], and [[food]]s/food supplements world-wide through ''GNC'' branded stores.
-The Srizbi botnet is showing a slight decline after a recent aggressive growth in the amount of spam messages sent out. As of [[13 July]] [[2008]], the botnet is believed to be responsible for roughly 40% of all the spam on the net, a sharp decline from the almost 60% market share in May 2008.<Ref name="SpamStats">{{cite news | first = Marshall| title = Spam statistics from TRACE | publisher = Marshall | date = [[July 13]] [[2008]] | url = http://www.marshal.com/TRACE/spam_statistics.asp | accessdate = 2008-07-20}}</ref>
-== Origins ==
+==History==
+In 1935, David Shakarian opened a small [[health food]] store, Lackzoom, in downtown Pittsburgh.  He only made [[United States dollar|USD]] $35 on his first day, but was able to open a second store within six months.  [[1936|A year later]], Shakarian suffered what appeared to be a fatal blow when the [[Ohio River]] flooded on [[St. Patrick's Day]].  Both of his stores were wiped out.  However, he quickly rebuilt both stores, and opened five more by 1941.
-The earliest reports on Srizbi trojan outbreaks were around June 2007, with small differences in detection dates across [[antivirus software]] vendors.<ref name="outbreaksymantec">{{cite news | title = Trojan.Srizbi | publisher = Symantec| date = [[July 23]] [[2007]] | url = http://www.symantec.com/security_response/writeup.jsp?docid=2007-062007-0946-99&tabid=1 | accessdate = 2008-07-20}}</ref><ref name="outbreaksophos">{{cite news | title = Troj/RKAgen-A Trojan (Rootkit.Win32.Agent.ea, Trojan.Srizbi) - Sophos security analysis | publisher = Sophos| date = [[August]] [[2007]] | url = http://www.sophos.com/security/analyses/viruses-and-spyware/trojrkagena.html | accessdate = 2008-07-20}}</ref> However, reports indicate that the first released version had already been assembled on [[31 March]] [[2007]].<ref name="secuworks">{{cite news | last = Stewart| first = Joe| title = Inside the "Ron Paul" Spam Botnet | publisher = SecureWorks | date = [[December 4]] [[2007]] | url = http://www.secureworks.com/research/threats/ronpaul/?threat=ronpaul | accessdate = 2008-07-20}}</ref> Ever since its creation, Srizbi has been growing at an extremely rapid pace, making the botnet the second largest (behind the [[Kraken botnet]]) by number of bots, and the largest generator of spam messages, less than one year into its existence.  There is currently no sign of decline in the number of bots involved in the botnet.
+During the health food craze of the 1960s, Shakarian expanded his chain outside Pittsburgh for the first time, and in the process changed its name to General Nutrition Center.  He continued to run the chain until his death in 1984.
-== Spread and botnet composition ==
-The Srizbi botnet consists of computers which have been infected by the Srizbi [[Trojan horse (computing)|trojan horse]]. This trojan horse is deployed onto its victim computer through the [[MPack (software)|Mpack]] [[malware]] kit.<ref name="malwarepack">{{cite news | last = Keizer  | first = Gregg | title = Mpack installs ultra-invisible Trojan | publisher = ComputerWorld | date = [[July 5]] [[2007]] | url = http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026323 | accessdate = 2008-07-20}}</ref> Past editions have used the "n404 web exploit kit" malware kit to spread, but this kit's usage has been deprecated in favor of [[MPack (software)|Mpack]].<ref name="secuworks"/>
+==Retail stores==
-The distribution of these malware kits is partially achieved by utilizing the botnet itself. The botnet has been known to send out spam containing links to fake videos about celebrities, which include a link pointing to the malware kit. Similar attempts have been taken with other subjects such as illegal software sales and personal messages.<ref name="messages">{{cite news | last = Blog | first = TRACE| title = Srizbi uses multi-pronged attack to spread malware | publisher = Marshal Limited| date = [[March 7]] [[2008]] | url = http://www.marshal.com/trace/traceitem.asp?article=595&thesection=trace | accessdate = 2008-07-20}}</ref><ref>{{cite news | last = McKenzie| first = Grey| title = Srizbi Botnet Is Largely Responsible for Recent Sharp Increase In Spam | publisher = National Cyber Security| date = [[June 25]] [[2008]] | url = http://www.nationalcybersecurity.com/blogs/778/-Srizbi-Botnet-Is-Largely-Responsible-for-Recent-Sharp-Increase-In-Spam.html | accessdate = 2008-07-20}}</ref><ref name="traceblog">{{cite news | title = Srizbi spam uses celebrities as lures | publisher = TRACE Blog| date = [[February 20]] [[2008]] | url = http://www.marshal.com/trace/traceitem.asp?article=568&thesection=trace | accessdate = 2008-07-20}}</ref> Apart from this self-propagation, the MPack kit is also known for much more aggressive spreading tactics, most notably the compromise of about 10,000 websites in June 2007.<ref name="10khostcompromise"> {{cite news | last = Keizer  | first = Gregg | title = Hackers compromise 10k sites, launch 'phenomenal' attack | publisher = ComputerWorld | date = [[June 10]] [[2007]] | url = http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025198 | accessdate = 2008-07-20}}</ref> These domains, which included a surprising number of pornographic websites,<ref>{{cite news | last = Keizer  | first = Gregg | title = Porn sites serve up Mpack attacks | publisher = ComputerWorld | date = [[June 22]] [[2007]] | url = http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025578 | accessdate = 2008-07-20}}</ref> ended up forwarding the unsuspecting visitor to websites containing the MPack program.
+GNC retail stores (or "GNCs") will typically stock a wide range of [[weight loss]]/[[bodybuilding supplement]]s and [[nutritional supplements]], in both their own numerous in house brands as well as third party name brands, in addition to health and fitness books, magazines and related tools. The company also stocks vitamins, natural remedies, and health and beauty products. GNC has over 6,000 stores in the US (including 1,100 store-within-a-store locations within [[Rite Aid]]) as well as locations in 49 other countries.<sup>[http://gnc.mediaroom.com/index.php?s=company_overview]</sup>
+GNC LiveWell in Australia currently has 41 Stores located in Brisbane (Queensland), Sydney (New South Wales) and Melbourne (Victoria). Most of these stores have taken a major rebrand in January 2007, following the opening of es have also come under dismay from HealthyLife and GoVita, which have similar based stores in the same shopping center.
-Once a computer becomes infected by the trojan horse, the computer becomes known as a [[bot]], which will then be at the command of the owner of the botnet, commonly referred to as the botnet herder.<ref name="herder">{{cite news | title = Spying on bot nets becoming harder | publisher = SecurityFocus| date = [[October 12]] [[2006]] | url = http://www.securityfocus.com/brief/328 | accessdate = 2008-07-20}}</ref> The operation of the Srizbi botnet is based upon a number of servers which control the utilization of the individual bots in the botnet. These servers are redundant copies of each other, which protects the botnet from being crippled in case a system failure or legal action takes a server down. These servers are generally placed in countries such as [[Russia]], where law enforcement against digital crime is limited.
+The Major Rebrand has taken a new approach to merchandising with front glass display cabinets featuring LCD Plasma Televisions displaying specials and products, and inviting customers into the store for free samples offridges for cold beverages towards the back, and a centrally located point of sale desk.
-=== Reactor Mailer ===
-The [[server-side]] of the Srizbi botnet is handled by a program called "Reactor Mailer", which is a [[Python (programming language)|Python]]-based [[web component]] responsible for coordinating the spam sent out by the individual bots in the botnet. Reactor Mailer has existed since 2004, and is currently in its third release, which is also used to control the Srizbi botnet. The software allows for [[secure login]] and allows multiple accounts, which strongly suggests that access to the botnet and its spam capacity is sold to external parties ([[Software as a service]]). This is further reinforced by evidence showing that the Srizbi botnet runs multiple batches of spam at a time; blocks of [[IP address]]es can be observed sending different types of spam at any one time. Once a user has been granted access, he or she can utilize the software to create the message they want to send, test it for its [[spam assassin]] score and after that send it to all the users in a list of e-mail addresses.<ref name="secuworks"/>
+==Business model==
-Suspicion has arisen that the writer of the Reactor Mailer program might be the same person responsible for the Srizbi trojan, as code analysis shows a code fingerprint that matches between the two programs. <ref name="secuworks"/> If this claim is indeed true, then this coder might well be responsible for the trojan behind another botnet, named Rustock. According to [[Symantec]], the code used in the Srizbi trojan is very similar to the code found in the Rostock trojan, and could well be an improved version of the latter.<ref name="kernelspam">{{cite news | last = Hayashi | first = Kaoru| title ="Spam from the Kernel: Full-Kernel Malware Installed by MPack" | publisher = Symantec | date = [[June 29]] [[2007]] | url = https://forums.symantec.com/syment/blog/article?message.uid=305311 | accessdate = 2008-07-20}}</ref>
+GNC retail stores are both a combination of corporate-owned and [[franchising|franchised]] stores;  1300 of the 5000 domestic US stores are franchises, commonly located within urban [[shopping malls]] and shopping zones.
+In 1999,  [[drugstore.com]] became the Exclusive Retailer on the Web of GNC Brand Products. GNC also decided to implement a policy of hiring abusive Regional managers who do nothing but talk about basketball, and say ooh all the time.General Nutrition Centers (GNC) opened a "store-within-a-store" on [[drugstore.com]].<ref> {{Citation
+  | title = drugstore.com and GNC Expand Wellness Choices forOnline Shoppers with 'Electronic Store-Within-a-store'.
+  | periodical = Business Wire
+  | date = [[1999-10-05]]
+  | year = 1999
+  | url = http://www.allbusiness.com/retail/retailers-health-personal-care-stores/6711372-1.html}}</ref>
+==References==
-=== Srizbi trojan ===
+{{reflist}}
-The Srizbi trojan is the [[client side]] program responsible for sending the spam from infected machines. The [[trojan]] has been credited with being extremely efficient at this task, which explains why Srizbi is capable of sending such high volumes of spam without having a huge numerological advantage in the number of infected computers.
+==See also==
-Apart from having an efficient spam engine, the trojan is also very capable in hiding itself from both the user and the system itself, including any products designed to remove the trojan from the system. The trojan itself is fully executed in [[kernel mode|kernel modus]] and has been noted to employ [[rootkit]]-like technologies to prevent any form of detection. By patching the [[NTFS]] [[file system]] [[driver|drivers]], the [[trojan]] will make its files invisible for both the [[operating system]] and any human user utilizing the system. The trojan is also capable of hiding [[network traffic]] it generates by directly attaching [[NDIS]] and [[TCP/IP]] drivers to its own process, a feature currently unique for this [[trojan]]. This procedure has been proved to allow the trojan to bypass both [[firewall]] and [[sniffer]] protection on the system.<ref name="kernelspam"/>
+* [[Experimental and Applied Sciences|EAS]]
+* [[Met-Rx]]
+==External links==
-Once the bot is in place and operational, it will contact one of the [[hardcoded]] [[server|servers]] from a list it carries with it. This server will then supply the bot with a [[zip]] file containing a number of files required by the bot to start its spamming business. The following files have been identified to be downloaded:
+*[http://www.gnc.com GNC official website]
+{{Pittsburgh Corporations}}
-# <code>000_data2</code> - mail server domains
-# <code>001_ncommall</code> - list of names)
-# <code>002_senderna</code> - list of possible sender names
-# <code>003_sendersu</code> - list of possible sender surnames
-# <code>config</code> - Main spam configuration file
-# <code>message</code> - HTML message to spam
-# <code>mlist</code> - Recipients mail addresses
-# <code>mxdata</code> - MX record data
+[[Category:Retail companies of the United States]]
-When these files have been received, the bot will first initialize a software routine which allows it to remove files critical for revealing [[spam]] and [[rootkit]] applications.
+[[Category:Companies established in 1935]]
-<ref name="kernelspam"/> After this procedure is done, the trojan will then start sending out the spam message it has received from the control server.
+[[tr:GNC]]
-== Incidents ==
-The Srizbi botnet has been the basis for several incidents which have received media coverage in the regular media. Several of the most notable ones will be described below here. This is by no means a complete list of incidents, but just a list of the major ones.
-=== The "Ron Paul"  incident ===
-In October 2007, several [[anti-spam]] firms noticed an unusual [[spam]] campaign emerging. Unlike the usual messages about counterfeit watches, stocks or penis enlargement, the mail contained promotional information about [[United States]] [[presidential candidate]] [[Ron Paul]]. The [[Ron Paul]] camp dismissed the [[spam]] as being not related to the official presidential campaign. A spokesman told the press "If it is true, it could be done by a well-intentioned yet misguided supporter or someone with bad intentions trying to embarrass the campaign. Either way, this is independent work, and we have no connection."<ref name="ronpaul">{{cite news | last = Cheng | first = Jacqui| title = Researchers: Ron Paul campaign e-mails originating from spambots | publisher = ARS Technica| date = [[October 31]] [[2007]] | url = http://arstechnica.com/news.ars/post/20071031-ron-paul-camp-gets-over-enthusiastic-with-spam.html | accessdate = 2008-07-20}}</ref>
-Later, the spam was confirmed as coming from the Srizbi network.<ref name="ronpaultrace">{{cite news | last = Paul| first = Ryan| title = Researchers track Ron Paul spam back to Reactor botnet | publisher = ARS Technica| date = [[December 6]] [[2007]] | url = http://arstechnica.com/news.ars/post/20071206-researchers-track-ron-paul-spam-back-to-reactor-botnet.html | accessdate = 2008-07-20}}</ref> Through the capture of one of the control servers involved,<ref name="secuworks"/> investigators learned that the spam message had been sent to up to 160 million [[e-mail]] addresses by as few as 3,000 bot computers. The spammer himself has only been identified by his internet [[User (computing)|handle]] "nenastnyj"; his or her real identity has not been determined.
-=== Malicious spam tripling volumes in a week ===
-In the week from [[20 June]] [[2008]] Srizbi managed to triple the amount of malicious spam send from an average 3% to 9.9%, largely due to its own effort.<ref>{{cite news | last = Salek| first = Negar| title = One of the biggest threats to Internet users today: Srizbi | publisher = SC Magazine| date = [[June 25]] [[2008]] | url = http://www.securecomputing.net.au/News/115170,one-of-the-biggest-threats-to-internet-users-today-srizbi.aspx | accessdate = 2008-07-20}}</ref> This particular spam wave was an aggressive attempt to increase the size of the Srizbi botnet by sending e-mails to users which warned them that they had been videotaped naked.<ref>{{cite news | title = The Naked Truth About the Srizbi Botnet | publisher = Protect Web Form Blog| date = [[May 19]] [[2008]] | url = http://blog.protectwebform.com/p/45 | accessdate = 2008-07-20}}</ref> Sending this message, which is a kind of spam referred to as "Stupid Theme", was an attempt to get people to click the malicious link included in the mail, before realizing that this message was most likely [[spam]]. While old, this [[social engineering]] technique has still been proved effective for the means of spammers.
-The size of this operation shows that the power and monetary income from a botnet is closely based upon its spam capacity: more infected computers translate directly into greater revenue for the botnet owner. It also shows the power botnets have to increase their own size, mainly by using a part of their own strength in numbers.<ref name=tripspam>{{cite news | last = Walsh| first = Sue| title = Spam Volume Triples In A Week | publisher = All Spammed Up| date = [[June 27]] [[2008]] | url = http://www.allspammedup.com/2008/06/spam-volume-triples-in-a-week/ | accessdate = 2008-07-20}}</ref>
-== See also ==
-*[[Botnet]]
-*[[Storm botnet]]
-*[[MPack (software)|MPack malware kit]]
-*[[E-mail spam]]
-*[[Internet crime]]
-*[[Internet security]]
-*[[Operation: Bot Roast]]
-== References ==
-{{reflist|2}}
-{{Botnets}}
-[[Category:Computer network security]]
-[[Category:Multi-agent systems]]
-[[Category:Distributed computing projects]]
-[[Category:Spamming]]
-[[Category:Botnets]]
-[[de:Srizbi Botnet]]
-[[es:Srizbi botnet]]
-[[fr:Srizbi botnet]]
-[[pl:Srizbi botnet]]

v t e Pittsburgh corporations within the Pittsburgh metro area
Fortune 500 headquarters	Alcoa Dick's Sporting Goods Howmet Aerospace Kraft Heinz PNC Financial Services PPG Industries US Steel WESCO International
Forbes largest private companies headquarters	84 Lumber Giant Eagle
Other corporation headquarters	Allegheny Technologies American Bridge American Eagle Outfitters Ampco Pittsburgh Arconic ANSYS Armstrong Communications Augustine's Pizza Black Box Bruster's Ice Cream Calgon Carbon CNX Resources Compunetix Consol Energy Dollar Bank Duquesne Light Eat'n Park EQT Energy Federated Investors Fiesta Tableware GNC Guru.com Highmark Industrial Scientific Corporation Iron City Brewing Company Kennametal Koppers MARC USA Millcraft Industries Mine Safety Appliances Niche.com Oxford Development PTC Alliance Renda Broadcasting rue21 Sarris Candies University of Pittsburgh Medical Center Vocelli Pizza Wabtec
Companies with split headquarters	ModCloth Nova Chemicals
Subsidiary company headquarters	Allegheny Energy FedEx Ground GSK Lanxess Respironics Vivisimo Westinghouse Electric Company
Outside companies with strong Pittsburgh relations	BNY Mellon Dreyfus Corporation Eaton Corporation Spreadshirt Macy's Thermo Fisher Scientific
Historic	Fisher's Big Wheel BodyMedia Clark Bar Dravo EDMC Fisher Scientific Integra Bank Mesta Machinery GC Murphy Gulf Oil J&L Steel Ketchum Rockwell Sunbeam Telerama Westinghouse
List of corporations in Pittsburgh