This attack is itself hard to find (and thusly eliminate) for two reasons. The first being that it really does look like the legitimate Google Analytics code at work. The second being that the infection itself is polymorphic, meaning that it actually changes itself with each infection so that you can’t just look for a common snippet of code that clearly marks someone as being infected, as is done to identify most viruses. This makes it hard to spot and even harder to remove.
Varied numbers of infections have come in, claiming anywhere between 30,000 and 60,000 websites infected so far. But rest assured, security experts are on the case.
In related news, Electronic Arts is being hit hard for their choice to not DRM The Sims 3. There have been countless downloads of the game from illegal piracy sites before the game even hit the shelves in stores. It’s quite possible that The Sims 3 will be pirated even more than Spore.
And this looks bad for EA.
Until you think about it, that is.
Spore, a game that really hindered a lot of legitimate purchasers with an incredibly heavy-handed DRM, was pirated quite a bit. It took very little effort for hackers to strip out the DRM and make Spore available without it. A problem that, in fact, may have even turned a number of honest people who payed for Spore into pirates themselves, just to be free of the highly annoying DRM. But so even with a very nasty bit of DRM “protecting” Spore, it was still one of the most pirated bits of software, ever.
Now step up to EA’s newest hit game, The Sims 3. It hasn’t wasted all of that money investing in the next DRM, nor is it pissing off consumers with such heavy-handed DRM. So as long as it is pirated only as much as Spore, that then makes it rather a clear success story if you ask me. With the same amount of money lost to piracy either with or without DRM, then it comes down to which cost more to distribute. Obviously DRM costs money, making it a clearly bad investment when it doesn’t actually stop piracy like it’s supposed to.
And as Spore has shown, DRM doesn’t stop piracy. It only hurts legitimate purchasers.
So then if you’re damned if you do, and damned if you don’t, it seems to me saving the money by “don’t” is the financially responsible way to go. Not to mention far more pleasing to your customers.
There are plenty of times when good security is very important to have.
And there are a few times, like with most DRM, when any attempt at “security” is a waste of money and time, a nuicense at best, and a profit-loss at worst.