Great Elevator Pitches: 3 Other Opinions

Elevator Pitch Series Table of Contents:

• Introduction
• 3 Key Lessons
• What to Include
• Delivery Matters
• Screwing Up My Elevator Pitch
• SVASE Presentation Slides
• 3 Additional Opinions

David Cowan of Bessemer Venture Partners has written a light introduction to elevator pitches here and its great to get a prominent VC's perspective. However, Sean Wise has written an article here with a bit more detail on how to write a great pitch. Chris Marino wrote a brief post here that is also worth a read although his perspective is on pitching to customers rather than investors. They are all intersting reads that I think will help anyone trying to write a great elevator pitch.

Great Elevator Pitches: SVASE Presentation

This is a list of slides that I wrote for a presentation which I moderated at SVASE's Silicon Valley North Startup University in February. The presentation slides below are based on earlier postings I wrot on elevator pitches that can be found here:

• Introduction
• 3 Key Lessons
• What to Include
• Delivery Matters
• Screwing Up My Elevator Pitch
• SVASE Presentation Slides
• 3 Additional Opinions

If you are writing an elevator pitch I'd definitely reccomend reading the all of the posts, but I hope these slides will provide a helpful quick and easy introduction to the subject.

List of 21 Angel Investor Groups

Peter Ireland has posted a list of Angel Groups recently published in Business 2.0 here. The Biz 2.0 list is definitely not comprehensive and I've added a few more California based groups that I'm aware of.

Business 2.0 List:

1. Angel Capital Association
2. Angels' Forum
3. Band of Angels
4. Common Angels
5. Keiretsu Forum
6. Launch Venture Pad
7. New World Angels
8. New York Angels
9. Pairie Angels
10. Robin Hood Ventures

Other Networks to consider:

1. Angel Capital Network
2. Financing Partners
3. Life Science Angels
4. North Bay Angels
5. Sacramento Angels
6. Sand Hill Angels
7. Sierra Angels
8. Silicom Ventures
9. Tenex Medical Investors
10. US Angel Investors
11. Tech Coast Angels

UPDATE: Raising Capital: Why VCs Need Grand Slams

In regards to my posting on why VC's need grand slams, I'd like to point out two more interesting articles that help elucidate the process of VCs raising money.

Matt Marshall of Silicon Beat posted an article yesterday on RedPoint Ventures raising a new $400M fund. The article is an interesting look at why a firm with estimated fund IRRs of negative 18.5% and negative 7.9% has been able to raise more capital. The article also provides data on what carry fees look like and suggests that a 30% carry is reserved for the top 10 or so firms. Also there is another interesting data point in the comments that suggest 2.5% as a management fee to be a reasonable assumption.

A second informative article was written on Feb 20th by Bill Burnham. The article suggests hedge funds will encroach upon venture investing sooner rather than later. In making his argument Mr. Burnham provides more data about carry and management fees:

"The baseline fee structure in the industry is a 2% management fee and a 20% share of any profits (known as the carry). The best firms get a 3% fee and a 30% carry. A few rare birds do even better than that. While some firms split the profits equally between the partners, most skew the GP split to favor the more senior (though not necessarily the most successful) partners."

The article also makes two other points that I found very interesting. Given the relative size of hedge funds as compared to venture funds (many billions vs. hundreds of millions), hedge funds can divert relatively small percentages of their capital under management and instantly become major players. Mr. Burnham also suggests hedge funds may not even after profits from their venture investments but rather information that they can use to place smarter bets in the public markets where they invest the majority of their capital.

Personally, I think that hedge funds will have a hard time getting into early-stage investing but they definitely could become a force in later-stage investing because it seems logical that mezzanine financing valuation techniques would be similar to the manner inwhich publicly traded stocks are priced.

Lastly, I want to point out a mistake that I made and will correct in my original posting. I wrote that based on John Nesheim's example in High Tech Startup, that the successful investments would have to return approximately 100x the money invested to cover the net losses on the unsuccessful investments. I found a mistake in my calculations and based Nesheim's example the successful investments would only have to create returns of 92X. I think my point of these numbers being way off still holds because they take into account venture firms that fail and I don't believe that successful venture firms have portfolios littered with 90% non-performing investments. Furthermore, Charlie O'Donnell who is an analyst with Union Square Ventures made an interesting comment suggesting that VC home run investments can be achieved at 4-8x returns.

Get Tivo's Soure Code

According to Tom Formeski Tivo constomers can get access to Tivo's source code because they are using GPL software. Cool, I hope this leads to lots new Tivo hacks.

http://www.siliconvalleywatcher.com/mt/archives/2006/02/this_and_that_v.php

"I had an interesting chat with a patent attorney from Philips, the huge
Dutch-based consumer electronics company. Philips has been using open-source
products within its products for many years. It uses Linux and other components
in its TVs and other consumer electronics gear which is often resold under oem
deals.

"We tell our partners that they have to offer the source code to their
customers, " he said. Because that is the stipulation in the open source
licensing agreement. So, if you purchase a product that contains Linux (e.g.
Tivo) you have to be offered the source code. But over a five year period, not
one customer has bothered to read the small print and make such a request."

Raising Capital: Why VCs Need Grand Slams

The difference between a fundable and a lifestyle business is essentially how big and how fast a company can grow, but why do venture firms need such outlandish returns? Venture firms invest other people’s money and they need to return an appropriate premium for the risk they take. I’ve found looking at the structure of how a venture firm is run to be helpful in elucidating why VCs can’t invest in even the most successful lifestyle businesses.

Generally speaking venture firms are made of two types of partners. Limited partners provide capital for the venture fund. Limited partners are generally wealth individuals, pension funds, universities, fund of funds, etc. Limited partners do not play a day-to-day role in the management of the fund. However, occasionally general partners will invest some of their own money in the fund along side the limited partners. General partners manage the capital in the venture fund by investing it into startups. It is the responsibility of the general partners to return as much capital to the limited partners as possible. If the general partners under perform it is unlikely that they will be able to raise a second fund from their limited partners.

The general partners need to create higher rates of return than other competing asset classes such as hedge funds and private equity funds. I would be surprised if a VC could raise a second fund with annual returns below 20%, although, this does depend heavily on the investment climate of the industry and time period in which the fund is invested.

Time is also a critical element for venture firms. General partners are usually supposed to return capital to their limited partners with in 10 years. This means that investments that may take longer than this to get liquid aren’t fundable. Furthermore, time has a huge impact on the IRR calculation. For example, a 10X return in 7 years is 39% return, but over 10 years, a 10X return falls to 26%. Yet, realistically general partners do not deploy all of their capital in year one, so most of the investments will need to have maximum time horizons of 5-7 years.

In order to succeed venture firms need to invest in businesses that create more than just 20% annual return. The venture firm will also have management fees that they have to cover, a carry (success fee) that they need to retain top general partners and the reality that not all of the investments they make will be successful.

As a first time entrepreneur, I admit that I’m really not in a position to know exactly what venture firm management fees look like, but I’ve heard figures from 2 - 6%., which pushes the annual return minimum of staying in business upward.

Next there is the carry that is used as a success fee to provide incentive for the general partners and align their interests with the limited partners. After the original capital is returned to the limited partners, the carry represents the percentage of the additional profits which the general partners share. For example a $100 million fund that has a 25% carry and returns $1 billion dollars would net the general partners $225 million.

(returned - original) x carry
($1,000,000,000 – $100,000,000) x 25% = $225,000,000

20-30% carry fees are standard in venture investing but the exact figure is dependent on how much prospective limited partner demand there is for the firms general partners. For instance, KPCB, Sequoia, Benchmark, Menlo, Mayfield and Accel probably command higher carry fees than newer firms. Thus, not producing returns high enough to create meaningful carry fees hurts the venture firm’s ability to retain top general partners, which in turns increases the difficulty of raising new funds from the limited partners.

Lastly, and most importantly, not all funds investments will succeed, so the good investments need to create returns high enough to cover the bad ones. John Nesheim (read his blog here) sites the following data on the returns of venture portfolios from Saratoga Venture Finance on page 181 of his book High Tech Startup:

60% = Bankruptcies with 5 year return multiple of 0X
12% = Breakeven with 5 year return multiple of 1X
10% = Fire Sales with 5 year return multiple of 1.3X
8% = Zombies with 5 year return multiple of 1.6X

This data suggests that 90% of VC investment make little or no money. If we assume that capital is invested evenly across in $100 million dollar fund, the $90 million invested in these non-performing investments leads to a net loss of $12 million dollars. Under these circumstances, the successful 10% of the portfolio needs to actually generate over a 100X return to pay back then entire fund at a 10X multiple.

I’ll jump right out and say that these numbers from Saratoga Venture Finance numbers look funny to me and I’ve never heard of a VCs looking for 100X investments that they imply. However, the general point holds that if a venture firm wants to return 10X to their limited partners, they need to look for investments with potential for higher than 10X returns to account for the losers in their portfolios. I suspect the reason why the Saratoga Venture Finance data looks funny is primarily because represents the entire venture investing industry and not any particular firm. In the process of doing my own research on prospective Cryptine Networks investors with data from Venture Source, I’ll estimate the average firm that I investigated had approximately 25% rate of bankruptcy.

I believe the divergence between my own estimations and the data collected by Saratoga Venture Finance, is that I was only looking at successful venture firms, where as they have also researched firms that failed. However, firms manage themselves to achieve success not failure, so for the purposes of this discussion, I believe my estimates may be more useful than Saratoga’s. A 25% bankruptcy rate would imply that the rest of the portfolio would need to create an average return of 13.34X in order to produce a 10X overall return for the fund. Yet, some of these investments will also create zombies or only breakeven, which pushes the required return of the successful investments even higher.

Thus, venture firms really can’t consider investments of where they don’t see potential returns of greater than 10X because the economics of their own business models don’t work out. One last point worth reiterating is that VCs care about lump sum cash returns, not dividends or paper returns. Venture firms need to return capital to their limited partners, not stock, thus a wildly successful business with tremendous cash flow that cannot achieve liquidity through either acquisition or IPO doesn’t fit the venture model either.

For further reading, I would suggest Tim Oren’s (Pacifica Fund) post titled No Exit: When Venture Capital Isn't Right and Jason’s (CXO Ventures) post titled VC Primer: The Carry. I found both of these blog postings to be very helpful in writing this article.

Raising Capital: Fundable Businesses

The notion of raising venture capital is appealing to most entrepreneurs because it means millions of dollars and very smart people are validating and backing their businesses. However, very few businesses are actually fundable with venture capital. This is because most business really can't achieve the types of return necessary to make the venture capital firm's own business model work.

In the startup world businesses get divided into two categories: fundable and lifestyle. Fundable businesses have 3 key qualities:

1) Can create value of at least 10X (and preferably 15-20X) the venture money invested
2) Can lead to a liquidity event
3) Can do both 1 & 2 in 5-7 years

A lifestyle business is essentially anything that doesn't have all 3 of these characteristics. Common lifestyle businesses are restaurants, franchises, or any type of professional services/consulting businesses. Professional services businesses simply can't grow quickly enough because they are dependent on hiring new consultants to work on more projects and generate new revenue. Restaurants and franchises have growth problems because the logistics of creating and staffing new outlets doesn't scale quickly enough. Furthermore, exits in these businesses are less clear and generally don't command high valuations.

There are also many types of lifestyle businesses in technology. This is primarily because the market being served isn't large enough or the business is really based on a feature rather than a stand alone product, which in some respects is essentially the same thing. The reason why investors place so much emphasis on the size of the market is to determine how big the exit could be. Software to automate shrimp farming could be a category killer, but if that market is only worth $25 million it will be impossible to achieve a meaningful exit for the venture firm.

Features also aren't fundable. There are a lot great extensions to Firefox and Outlook, but while these "products" aren't necessarily created by Microsoft or the Mozilla Foundation, they are features rather than stand alone products. The growth of a feature business is totally dependent on the product they compliment. Furthermore, it's rare that features have deep enough IP to be protectable or valuable. For example, if a company produces a great new feature for Outlook that everyone has to have, how long would it take Microsoft to build on its own? M&A is fundamentally a question of build, borrow or buy. If the feature can be easily reproduced than the startups leverage to convince Microsoft to borrow (license) or buy (acquire) is greatly reduced and the valuation lowered.

Knowing what a meaningful exit for the firm is key to understanding whether or not the business will ultimately be considered fundable and should be a part of the due-diligence done by the entrepreneur prior to meeting with the VC. A $20-30 million exit won't be enough to move the needle of most venture funds, however, it may be meaningful to smaller funds. As a general rule the size of the addressable market for venture fundable businesses is $500 million and most VCs prefer billion dollar markets.

The good news is that lifestyle businesses can be very lucrative to entrepreneurs. In some cases, a $20-30 million lifestyle exit can better for the entrepreneur who creates a successful venture backed startup. For instance, owning 75% of a business sold for $20 million would net the entreprenuer $15 million. It would take an exit of at least $150 million from a venture backed business where the entrepreneur is unlikely to own more than 10% to create the same $15 million net. Also, there are many lucrative oportunities that produce great cash flow that simply don't have predictable enough liquidity events to entice venture firms.

Technology Ventures Corporation

Technology Ventures Corporation (TVC) is an startup's best friend. TVC provides startup consulting services, a recruiting service and monthly seminars focused on helping startups improve their businesses and raise capital. All of TVC's services are provided at no cost (and no equity either) to the entrepreneur. I have been a client of TVC for about 6 months now and I have nothing but positive things to say about the organization and Scott Gilbert who is the consultant that I have been working with.

TVC is funded by the federal government and Lockheed Martin. TVC has grown to 3 main offices in New Mexico (Albuquerque), California (Livermore), and Nevada (Las Vegas). During the 9 years between TVC's founding in 1993 and 2002, it figured prominently in raising over $300 million in startup capital, the formation of 55 new high tech companies and over 5600 new jobs. TVC's mission is to help commercialize technologies coming out of federally funded institutions such as national labs and universities. However, TVC's services are open to all because from time to time they find themselves with enough excess capacity to help startups like Cryptine Networks, which creates an incredible opportunity for entrepreneurs to gain access to top startup consultants at no cost.

TVC holds monthly seminars that are open to the public around topics germane to startups such as financial management or marketing & market research. In Northern California the seminars are repeated on consecutive days, first in Mountain View and then in Livermore. The seminars provide an excellent introduction to their subject matter and usually packed with hands on practical advise. Furthermore, TVC is often able to recruit blue chip ventures firms including Adam Marchick of Menlo Ventures, Bill Joos of Garage Technology Ventures and Emily Melton of Draper Fisher Jurvetson to present as subject matter experts.

While the seminars are excellent, TVC's real value is as a startup consultant. TVC's preference is to represent technologies coming out of federally funded institutions, they do help other high tech startups when they have extra capacity. However, TVC does require entrepreneurs to pitch to them as if they were an investor. Much like law firms deciding whether or not to defer fees for a startup, TVC's bar is not set as high as a venture firm but it does provide a good litmus test; If TVC won't represent you, you definitely aren't ready to speak with investors.

Once TVC decides to work with a client, they provide 4 main services to the startup. First they help think through business strategy and value proposition. Next they help prepare the tools necessary to raise capital including, the elevator pitch, executive summary and power point presentation. Third, TVC helps create a list of target investors based on sector, stage and current portfolio. Then they use tools like Venture Source and their consultants personal knowledge to further filter firms to ensure that they don't have competitive investments and that they still have capital in their funds left to invest. Lastly, after polishing the value proposition, creating the necessary tools and filtering a target list of investors, TVC introduces the startup to as many of the targeted investors as it can.

Many startup consultants or investment agents have fees including retainers of $10K per month, warrants on 10% of common stock and success fees of 7%. TVC provides as much, if not more, value than any consultant/agent that I have come across. However, they don't charge any fees or take any equity. IMHO it would be pretty foolish for any entrepreneur not to consider attending TVC's seminars and working with their consultants.

Top Lawyers Perspective on Early Stage Financing

Fred Greguras and Blake Stafford of Fenwick & West have written an interesting 4 page article on high tech startups raising early stage capital in the SF Bay Area. The article was written in 2004 but I just stumbled on to it today. I think that it is a good introduction to the subject and an interesting insight into the perspective of 2 of the top corporate attorneys working with startups in Silicon Valley. You can read the article here.

Amazon Associate?

On the advice of John Koontz, I've applied for the Amazon Associate program to alleviate my free-rider guilt by choosing not to use AdSense in my blog. I am now advertising "The Art of the Start" because it is the best introduction to entrepreneurship that I have read. You can read the first chapter here.

First time entrepreneurs won't find any better educational opportunity than spending 6 hours reading the Art of the Start. It is a clear and easy quick read that is packed with great practical advice. Frankly, first-time entrepreneurs speaking to investors without at least having read the two chapters on pitching and raising capital would be just plain stupid. Guy Kawasaki is a great self-promoter and I'm happy to help him evangelize because the book really is a great resource for first-time entrepreneurs and I have personally benefited from reading it.

In addition to wanting to heap praise on authors that have helped me and highlight resources that I think other entrepreneurs can benefit from, second motivating factor putting up ads was to minimize my free-riding on Blogger. As I registered with Amazon, it dawned on me that any compensation generated by the ad will go directly to me. (89 cents for the first 20 copies and then it jumps to 93 cents!) Hmm, this isn't what I really intended. I'm still opposed to AdSense for now, but I would like to find a way to make some type of contribution. Or maybe I'll just get over it because I don't like Google anyway.

I Don't Like Google

My dislike of Google is totally irrational but it is to some extent driven by the arrogance emanating from Mountain View. The people working for that organization who got stock are so full of themselves and I just don't see the brilliance behind the company. Before anyone more technical than I explains how Google has the entire Internet stored in ram or that they were the first search engine to filter out the porn sites spamming their meta data let me remind you that the average web surfer doesn't know what meta data is. I trust that Google's algorithm is great but it doesn't provide noticeably different results than Yahoo, MSN or Ask to the average user, who like me, doesn't know what meta data is. Google's revenue is driven by the average web surfer using their portal and if there isn't any noticeable difference between them and their competition than their value must be in their brand. Google turned out to be a catchy name and their minimal/clean front page were points of differentiation that must have helped their page views grow but was this really marketing genius?

If consumers don't care about the technical details and the brand is more lucky than good, is there anything that early stage entrepreneurs can learn from Google's success post venture funding? I believe that, much like Hotmail, Google's success is more a case of being in the right place at the right time than an example of entrepreneurial brilliance.

Common Seed & Series A Milestones

Elevator Pitch Series Table of Contents:

• Introduction
• 3 Key Lessons
• What to Include
• Delivery Matters
• Screwing Up My Elevator Pitch
• SVASE Presentation Slides
• 3 Additional Opinions

I wrote this matrix for as part of a presentation for an SVASE event on writing great elevator pitches that is taking place this Friday (2/10/06) in Belmont. I wanted to share this slide because most of the entrepreneurs I meet aren't realistic about what stage of investment they really are. With the exception of rock star CEOs, the bar is set much higher than most entrepreneurs realize for Series A investments. Talking one's self down from Series A to Seed valuations isn't easy, but its better to be intellectually honest about milestones achieved than to entrench one's self with unreachable expectations. I hope this make is clear exactly what friends and family, seed and series a stage startups look like. I'd love to know if anyone has experiences that suggest different/other milestones.

Screwing Up My Elevator Pitch

Elevator Pitch Series Table of Contents:

• Introduction
• 3 Key Lessons
• What to Include
• Delivery Matters
• Screwing Up My Elevator Pitch
• SVASE Presentation Slides
• 3 Additional Opinions

After having recently written four posts on writing great elevator pitches (Intro, 3 Key Lessons, Content & Delivery) I've become pretty confident in my own ability to pitch. Last week I attended an SDForum event because there was an investor on the panel that I wanted to set an appointment with. After the event I waited in line with other entrepreneurs who wanted to speak with the investor. By the time I got my turn we were standing in the parking lot but I felt it was worth waiting for because I really wanted to speak with the guy. However, when I opened my mouth I stumbled my way through a description of our product that just wasn't articulate to anyone living outside of the Cryptine Networks cocoon. It was a terrible pitch. In fact, it was so bad that he told me directly that he wasn't interested, which is pretty rare from a VC.

This experience exemplifies of several points that I'd like to share in closing my series on elevator pitches.

The first point is to never stop practicing. I believe that I know what it takes to deliver a good elevator pitch but executing requires continuous practice and refinement. My elevator pitch sucked because I got so used to thinking I was good at it that I stopped practicing and I blew a good opportunity because I wasn't prepared.

The second point is that setting appointments is a numbers game because you'll never win 'em all. No matter how good your pitch is there will be people who it doesn't resonate with. So after you've filtered the investors you want to speak with by sector, stage and competitive portfolio companies, pitch early and pitch often.

The last point is that VCs have 'pitch fatigue,' and being the last guy in line probably lowers your chances of receiving a positive or even semi-interested response. VCs get pitched to over and over again. In fact, Tim Oren writes that some VCs specifically avoid the spotlight because the "general press notice just gets a VC a batch of dumb proposals and dumb questions." Lots of pitches + low quality = pitch fatigue. In retrospect, being the last guy to pitch in the parking lot clearly exacerbated the investor's sense of pitch fatigue. The bottom line is that it was worth my time to wait for the investor but we were in the parking lot becasue he wanted to leave and my eagerness to pitch clouded my reading of the situation. Pitch fatigue shrank my margin of error to zero and no sooner I sucked, he stopped listening.

Entrepreneurship Mantra: I'll Find Out

This morning I attended an event on CEO / board relations at Pillsbury Winthrop. The event had its highs and lows, but one comment from Teros CEO Bob Walters really stood out. He mentioned that when he was in the naval academy the phrase "I don't know" was banned from the dorms. If a cadet was ever asked a question to which they did not know the answer, the only appropriate response was "I'll find out." Teros was recently acquired by Citrix and in retrospect, its no wonder that Bob was so successful; if he didn't know the answer to something he went and found it out, which is the essence of entrepreneurship.

Working at a startup inherently puts people out of their comfort zones because every role is cross-functional. Engineers sit in on sales calls and marketing guys read Joel On Software. Not having an answer is common place because startups fundamentally challenge people to succeed in roles they aren't necessarily used to. Furthermore, startups are addressing problems where solutions either don't exist or aren't satisfactory. Before you have time to worry about not knowing all of the answers, you've run out of capital, missed a milestone or failed to deliver to a customer. Go find out.

Blogging for Dollars?

This is just a quick blog to post some thoughts on the pros and cons of blog advertising.

I just did a quick survey of the VC blogs I read because I was curious to learn how many of them post ads on their blogs. Several of the most prominent VCs blogging including Brad Feld, Will Price, Guy Kawasaki, Venture Voice, Bill Burnham, Fred Wilson, Paul Kedrosky and Jeff Nolan all advertise. This surprised me and my overall estimate is that roughly 50% of the VCs blogging that I am familiar with display adds.

Bill Burnham reported his blog's quarterly revenues at $168.64 for Q405 off of 71,772 page views and expenses of $44.85. Paul Kedrosky writes that AdSense generates about a buck a day for him. Guy Kawasaki has written (some place I can't find right now) that his blog was generating about $10 per day.

In my opinion the ads are a distraction, albeit only a small one, from the content and navigation of the blogs. Given that we are talking about small dollars going to relatively wealthy people, does the cost/benefit really pencil out? My initial reaction was no, VCs shouldn't advertise on their blogs. However, I do think its legitimate for anyone to want to cover their costs of blogging, whether its for a hosted service and/or blog software. I personally use Blogger which is a free service, so my costs are only the personal time I invest and so far I'm enjoying this pulpit. My next thought was that I am personally free riding on the system. If everyone used Blogger without ads, as I do, then Google would discontinue offering the service. Also, I've read that many of the VC bloggers donate the proceeds of their blogs to charities, which is certainly a reasonable thing to do. [UPDATE (2/18/06): Fred Wilson is now using FM Publishing to advertise on his blog because he hopes the ads will be more relevant to his content. Also Fred confirms here that he does donate all of the advertising proceeds from his blog to charity.]

Hmm, I'm not sure exactly where I stand on this issue.

However, I would say that Jeff Clavier seems to have found decent medium. Jeff has adds for the books that he is reading and/or recommends on his blog. As these books are usually helpful recommendations, I find this much less of a distraction. In fact, I'm very interested to know what business books the VC I read... are reading. For example, Jeff is currently reading Naked Conversations which is about blogs and their marketing impact. (I am also reading this book and after several chapters, I'm not impressed UPDATE: Finished the book and thought is really sucked... can't understand why anyone liked it.) That said, I don't care what they are listening to and I find the music recommendations to be a distraction.

I'm not quite sure how I can place book recommendation ads on my blog, but if/when I figure this out, I probably will put them up so I can heap praise on the authors that have helped me and reduce my free riding on Blogger. At this point I believe that AdSense is too much of a distraction to put on my blog, however, if my startup doesn't get funded check back for the new Paris Hilton optimized version of the Entrepreneurship Blog!

Blackworm to destroy word, excel, power point, pdf, and other files on Friday (2/3/06)

A nasty worm is currently spreading right now and is set to start deleting files on Friday (2/3). I don't normally like to provide advice on specific security threats, however, I believe that consequences of infection in this case are severe enough that it warrants the warning.

Here is what I believe to be the relevant information regarding the worm:

A relatively new worm, called "Blackworm," "MyWife," "CM-24," "Blackmal," "Nyxem" and/or "Tearec," is set to start destroying common file types (DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, ZIP) of infected system on February 3rd. These file types include common MS Office applications including Word, Excel, Power Point and Adobe's PDF files. The date of destruction is based on clock of the individual computer, so systems with incorrect date settings will be affected on 2/3/06 according to their internal date settings. The worm actually will keep destroying these file types on the 3rd day of each month until it is removed and the first systems to be infected have already documented that they lost data on January 3rd, 2006. Once the computer is infected, the worm propagates itself through mass emailing any addresses found on the system and copying itself onto any writeable network shares.

There currently are no patches available but the most common anti-virus software can detect and remove or neutralize the worm if it is up to date. Anti-virus software updated after January 23rd, 2006 should be okay, however, I strongly recommend verifying that your anti-virus software is up to date with the appropriate signature from the listed I've provided below. Furthermore, I recommend that that all windows based systems, with critical data stored in any of the affected file formats, should be scanned before February 3rd at 12:00am. If you are not currently using an anti-virus software, I would consider purchasing a commercial solution now or using ClamWin (ClamAV for Windows), which is an excellent open source tool that can be downloaded here:

http://www.clamwin.com/content/view/18/46/

AVG and TrendMicro also offer limited versions of their anti-virus software free.

I've also included links to the Microsoft security advisory, manual removal steps and Snort signatures below.

Microsoft Security Advisory

http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fMywife.E%40mm

If your computer is infected, Microsoft has provided these manual removal instructions:

Manual Recovery Steps Provided by Microsoft

First, reboot your computer. This will force the worm into a known configuration where it can be stopped.

Using task manager, look for any of the following process names and kill them if present:
Update.exe
Winzip.exe
scanregw.exe
WINZIP_TMP.exe
"Winzip Quick Pick.exe"

Delete the following files if present on your system:
C:\WINZIP_TMP.exe
%windir%\WINZIP_TMP.exe
%windir%\system32\Winzip.exe
%windir%\system32\Update.exe
%windir%\system32\scanregw.exe
"C:\Documents and Settings\All Users\Start Menu\Programs\Winzip Quick Pick.exe"

Note that the files under %windir%\system32 will be marked read-only and hidden. To delete these from the command prompt, use (for example):
del /f /a:h %windir%\system32\Winzip.exe

Using regedit, delete the following registry value:
'ScanRegistry' under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run (Contents will look like: scanregw.exe /scan)

Reboot your computer, and using Task Manager, verify that none of the processes mentioned above are running.

Anti-Virus Signatures

Authentium W32/Kapser.A@mm
AntiVir Worm/KillAV.GR
Avast! Win32:VB-CD [Wrm]
AVG Worm/Generic.FX
BitDefender Win32.Worm.P2P.ABM
ClamAV Worm.VB-8
Command W32/Kapser.A@mm (exact)
Dr Web Win32.HLLM.Generic.391
eSafe Win32.VB.bi
eTrust-INO Win32/Blackmal.F!Worm
eTrust-VET Win32/Blackmal.F
Ewido Worm.VB.bi
F-Prot W32/Kapser.A@mm (exact)
F-Secure Email-Worm.Win32.Nyxem.e
Fortinet W32/Grew.A!wm
Ikarus Email-Worm.Win32.VB.BI
Kaspersky Email-Worm.Win32.Nyxem.e
McAfee W32/MyWife.d@MM
Nod32 Win32/VB.NEI worm
Norman W32/Small.KI (W32/Small.KI@mm)
Panda W32/Tearec.A.worm (W32/MyWife.E.Worm)
QuickHeal I-Worm.Nyxem.e
Sophos W32/Nyxem-D
Symantec W32.Blackmal.E@mm
Trend Micro WORM_GREW.A (Worm_BLUEWORM.E)
VBA32 Email-Worm.Win32.VB.b
VirusBuster Worm.P2P.VB.CIL

Snort Signaures

Joe Stewart of LURHQ provided the following snort signatures based on his analysis of the worm: (for up to date rules, see bleedingsnort.org.

This sig alerts if someone visits any counter at webstats.web.rcn.net without a Referrer: header in their URL. Could be an infected user, could be one of us checking out the counter stats:
#by Joe Stewart at LURHQ, tweaks by Matt Jonkman

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE VIRUS webstats.web.rcn.net count.cgi request
without referrer (possible BlackWorm/Nyxem infection)";
content:"GET /cgi-bin/Count.cgi?"; depth:23; content:"df="; within:20;
content:"Host|3a 20|webstats.web.rcn.net"; content:!"Referer|3a|";
classtype:misc-activity; sid:2002788; rev:2;)

This sig alerts on the specific pattern BlackWorm uses to test connectivity to www.microsoft.com. It's unique in that the request doesn't have a User-agent: header. So this will catch BlackWorm and possibly other automated requests to microsoft (which could happen if someone codes a sloppy app that uses the exact same pattern - but they should probably be flogged anyway)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE VIRUS Agentless HTTP request to www.microsoft.com
(possible BlackWorm/Nyxem infection)"; dsize:92;
content:"GET / HTTP/1.1|0d0a|Host|3a20|www.microsoft.com|0d0a|
Connection|3a20|Keep-Alive|0d0a|Cache-Control|3a20|no-cache|0d0a0d0a|";
classtype:misc-activity; sid:2002789; rev:1;)

These signatures detect the payload of Nyxem_D aka CME-24. Same sig is swapped for outbound vs. inbound detection. Robert Danford

#Submitted 2006-01-17 by Mark Tombaugh

alert tcp $EXTERNAL_NET any -> $HOME_NET 25
(msg:"BLEEDING-EDGE VIRUS W32.Nyxem-D SMTP inbound";
flow:established,to_server; content:"YmVnaW4gNjY0I";
content:"ICAgICAgICAgICAgICAgICAgICAgICA"; distance:31;
within:31; classtype:trojan-activity;

reference url:
www.sophos.com/virusinfo/analyses/w32nyxemd.html;
sid: 2002779; rev:1;)

alert tcp $HOME_NET any -> $EXTERNAL_NET 25
(msg:"BLEEDING-EDGE VIRUS W32.Nyxem-D SMTP outbound";
flow:established,to_server; content:"YmVnaW4gNjY0I";
content:"ICAgICAgICAgICAgICAgICAgICAgICA"; distance:31;
within:31; classtype:trojan-activity;

reference url:
www.sophos.com/virusinfo/analyses/w32nyxemd.html;
sid: 2002778; rev:1;)

What Are We Really Selling?

I just finished reading Geoffrey Moore's article on Google's strategy. Moore points out that in today's world anything that gets eyeballs is media and therefore it can be monetized through selling ads.

"Obviously this is true of digitized content in virtually any form. The interesting thought is that it is also true of products and services. Word processors, spreadsheets, presentation software, live updates, back-ups, auctions, VOIP, videos; if there is a human being in the room paying any attention at all, these are all forms of media."

He also states that companies like Microsoft and SBC are in for trouble in the short run because google's advertising model allows them to give away the core products that they are trying to sell.

"Perhaps the most important implication of this strategy is that, in any competition with a product provider, say Microsoft, to pick a non-random example, or with a service provider, say SBC to pick another, Google can give away the very elements which their competitors are looking to monetize. In the past companies like Microsoft and SBC have been able to respond to the open systems challenges of competitive paradigms like Linux and the Internet by giving away the base product or service and selling customers on the upgrades. But Google can afford to give away the upgrades as well, at least for the time being. How do you compete with that?"

This is all pretty standard stuff as far as I'm concerned. However, Moore does hint at a some type of rebalancing in the future that might not spell doom for traditional vendors selling ad-free products. I've been thinking about this idea myself. I love the advertising model of offering a great product or service (or product as a service) that attracts users and creates opportunities for very targeted advertising through some combination of the data collected during registration, the individual users usage and usage patterns across groups of users. But what industry can't be cannibalized through this type of shift? Is it possible to get to a point where there aren't enough commercial products available to advertise, or that their sales are hurt so badly by free alternatives that they can't advertise? I don't know where the point of equilibrium is and I suspect that we aren't close now, but I do believe that the flood gates are opening as the recent successes of advertising based web startups more entice more entrepreneurs look for ways to offer free services.

Are ad-supported products a threat to open source in the long run? How can IBM justify 400 developer working on open source projects when they no longer have any core products to sell?

Which industries will be hit hardest? Could non-tech industries like construction or fruit farmers switch to an ad-supported model by selling billboard space on a construction site or some type of non-toxic ink sprayed advertisement on to an apple? Could traditional people oriented services industries like law or consulting go ad-supported? My first thought was no, but with recent crop of people selling their foreheads as ad space, I suppose anything is possible.

Is this just a consumer phenomena, as Moore suggests, or would business customers trust ad-supported services to their mission critical applications? I'll come down hard on this one and disagree with Moore. I think that enterprise users will be late-adopters but that SMBs may jump on ad-supported software over the next couple of years. The SMB software market is in for a shake-up as lots of startups are targeting them and I think that SMB's limited resources make free (especially hosted/software as a service) very attractive.

If you happen to stumble across this blog (and odds are you won't... check out my sitemeter) I'd love to read your comments on where this point of equilibrium is between free and commercial services. Also, does anyone of anyone else discussing this issue? I'd love to read more of anyone eles's thoughts.