Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Hackers Offer Subscription, Support for Malware

Posted by Zonk on Thu Apr 05, 2007 11:29 AM
from the ingenuity-leads-to-swelled-pockets dept.
Security The Internet
Stony Stevenson writes "Organised gangs are taking a page out of security vendors' books and setting up their own websites that offer support and subscriptions for malware and spyware. From the article: 'For subscriptions starting as low as $20 per month, enterprises can sell fully managed exploit engines that spyware distributors and spammers can use to infiltrate systems worldwide, said Gunter Ollmann, director of security strategies at IBM's ISS X-Force team. Many exploit providers simply wait for Microsoft's monthly patches, which they then reverse engineer to develop new exploit code against the disclosed vulnerabilities, Ollmann said. "Then all you've got to do is just subscribe to them on a monthly basis.'"
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Hackers Offer Subscription, Support for Malware 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Title somewhat misleading (Score:5, Insightful)

    by robinsonne (952701) on Thursday April 05 2007, @11:36AM (#18622517)
    When I first read the title, I thought it meant that hackers were now selling "protection" from malware in much the same way organized gangs have sold "protection" in the past. Perhaps a better title would be "Hackers organize, sell exploits as business"

  • Automatic updates (Score:5, Funny)

    by Anonymous Coward on Thursday April 05 2007, @11:37AM (#18622529)
    Couldn't they make more money by offering a 'Patch Wednesday' kind of service which updated Microsoft products and protected against the next round of vulnerabilities? Seeing as no one else is able to do this there's a very obvious gap in the market here for someone who knows a bit about exploiting MS products!

    • Re: (Score:3, Insightful)

      by qwijibo (101731)
      They can make even more money offerring several consecutive levels of patches and exploits. There will always be someone willing to pay for the level of protection or exploit beyond what's commonly available for the low monthly maintenance fee.
        • That depends on which set of clients have the most money. If the net income from the protection racket is higher, that's the top. If the exploits are more profitable, those are the top. The beauty of this business plan is that there's always room to up the ante if the most profitable client group changes.

  • Follow the money (Score:5, Funny)

    by Harmonious Botch (921977) * on Thursday April 05 2007, @11:37AM (#18622541) Homepage Journal
    ...then kill them.
    • To paraphrase Marv: "I love malware writers. No matter what you do to them, you don't feel bad."

    • Re: (Score:3, Interesting)

      by mpapet (761907)
      This will be the strategy that any company with a couple of lawyers of the world will pursue.

      They've already legislated away some access to researching vulnerabilities with the DMCA.

      Announcing security hole disclosure risks litigation in the U.S.

      I'm most concerned about the American legislation that Microsoft will dream up to fight shops like this which will end up harming us all by limiting innovation.
      • I'm most concerned about the American legislation that Microsoft will dream up to fight shops like this which will end up harming us all by limiting innovation.

        Microsoft is probably too busy dreaming up Vista sales to be bothered with this issue.
  • If Colombian cartels run public support of whole villages, why not to go a similar way for sleazy hackers?

  • Sounds like a trap to me (Score:5, Insightful)

    by Anonymous Coward on Thursday April 05 2007, @11:42AM (#18622581)
    Erm, if you're daft enough to sign up and give them your credit card details directly, doesn't that mean they no longer need bother writing the malware?
    • Funny, but as a former seller of rootkits and RATs it's usually done with e-gold, western union or other non-reversible methods of payment. I'm sure no self-respecting malware author would tolerate chargebacks, especially with the caliber of people you are dealing with on a day to day basis.
      • Yeah...
        I prefer cash and bearer bonds.
        my merchandise is a little different though . . . YMMV but we've found that at times western union , while not reversible, is interceptable and/or traceable.
    • What, you think anyone uses their OWN credit card for this? Why do you think they're using exploits... they just use a stolen CC to signup.

      I suspect the service doesn't do much repeat billing... :-)

  • Putting the "organized" in "organized crime" (Score:5, Insightful)

    by Kelson (129150) * on Thursday April 05 2007, @11:44AM (#18622617) Homepage Journal
    When I saw the summary, I was half-certain it had to be a delayed April 1 submission. Then I looked at the article. And thought about it.

    It actually fits a pattern we've seen with viruses, trojans, spyware, other malware, cracking, even spam. They've gone from small shops, often one programmer trying to make a name for himself, to full-on organized crime using businesslike structures and tactics.

    • Re:Putting the "organized" in "organized crime" (Score:4, Funny)

      by peragrin (659227) on Thursday April 05 2007, @11:54AM (#18622735)
      Yet they still won't provide support for *nix in any way shape or form.

      I want malware, and viruses for my OSX box. it just isn't fair that the viruses and malware only works on windows. I have animated cursors too. Heck right my ssh port is open go ahead and try to crack it.
      • I want full Wine support for the latest viruses and malware, dammit!
        • Here lemme try *tap* *tap* *tap* There? See? Wine seems to support denial-of-service exploits just fine...oh, wait, that looks like a bug ...

      • . Heck right my ssh port is open go ahead and try to crack it.

        Yeah? Which version of OpenSSH [cert.org]? Got the latest security patches from Apple? What's your IP address?

        Oh, yeah, do you wanna buy some root exploits for your Mac?

        • Re: (Score:2, Flamebait)

          by bmo (77928)
          "Yeah? Which version of OpenSSH? Got the latest security patches from Apple? What's your IP address?"

          First off, only the clued even know that ssh exists and how to turn it on. Joe and Josephine user don't know nor care what it is. It's not turned on by default. If one is offering SSH as a service, one should be clued into where to get updates, and recompiling one's own instead of waiting for Apple. Funny how Apple includes a full dev kit with OS/X and Microsoft doesn't for Windows. http://developer.appl [apple.com]

  • Who didn't see this coming? (Score:5, Interesting)

    by zappepcs (820751) on Thursday April 05 2007, @11:47AM (#18622661) Journal
    How long before we see a defection and find out that N.Korea or some other evil empire's government is sponsoring this type of activity. All that malware out there isn't just annoying you with spam, a lot of it is trying industrial espionage.
    • 'How long before we see a defection and find out that N.Korea or some other evil empire's government'

      What makes you think they don't have their own home grown hackers - like China [slashdot.org] for instance.
    • And just like Iraq, we will find that it was the 'West' who sold them the technology to do this.

    • How long before we see a defection and find out that N.Korea or some other evil empire's government is sponsoring this type of activity.


      I dunno. Seems more likely that there'd be a scandal and we'd find out that AV vendors were sponsoring this type of activity. The worse the problem is, the more people will pay for protection, after all.

  • $20?!?! (Score:5, Funny)

    by Anonymous Coward on Thursday April 05 2007, @11:54AM (#18622729)
    $20? What a rip off. I get the latest malware and spyware for free every day courtesy of my coworkers.

  • Next Step (Score:5, Funny)

    by Ajehals (947354) <andyhalsall AT ictsc DOT com> on Thursday April 05 2007, @12:02PM (#18622857) Homepage Journal
    The next step is obviously to protect their IP, so look for patents such as:

    "a method of injecting code into a web-browser to steal credit card details.... on the internet"
    "a method of using many remote controlled computer's, without the owners express consent* to send unwanted advertising material, to many, many people... on the internet"

    After that expect to see Exploit Genuine Advantage programs to ensure that the stolen data you are using is from genuinely advantageous exploits, and not from some half baked knock off malware or virus, duplicated by a disreputable individual.

    Obviously the last step will be the mergers, (after all the above should ensure a profitable market is created and grows). Symantec will merge with EvilCode PLC, to produce Evil-Symantec, McAfee will merge with McNasty, to produce McNastfee. These new entities will be able to leverage both the illegal exploit market and provide protection services simultaneously, probably all in one product... , Finally Microsoft will change its OS so that it no longer "works" with all these wondrous exploits and... hell will freeze over :)

  • I am shocked! Shocked I say! (Score:3, Insightful)

    by symbolset (646467) on Thursday April 05 2007, @12:07PM (#18622897) Journal

    erm, ok, maybe not. Anybody whose job it is to track such things who thinks this is news, well, they're not doing their homework.

    The exploit ecosystem has evolved an organism that appears to be self-aware.

    If only there were an environment that was safe from such evil organisms, where they could not thrive...

  • Link to actual site, and better info (Score:5, Informative)

    by Animats (122034) on Thursday April 05 2007, @12:10PM (#18622939) Homepage

    The site they're writing about [stat482.com], found by searching with Google for phrases in the article, isn't quite what the article says it is.

    It's really yet another slimy "affiliate" program. "We give our code to your and you need to setup it to your websites. We pay for installs and for trusted webmasters for traffic if they want that." They're not selling malware with support. They're buying traffic to install their malware via drive-by installs. That's not exactly new. CometCursor, BonzaiBuddy, and Zango come to mind.

    From the original article, someone else may be selling "fully managed exploit engines", but it's not these guys.

    • Re: (Score:3, Funny)

      by LMacG (118321)
      you need to setup it to your websites

      Nice to see the Zero Wing writers getting some new work.
  • Someone should sell a monthly malware research subscription that identifies attack sources for an enterprise or ISP for a month and submits case files to the appropriate government to put the offenders in jail. In countries with no functional government, hire privateers instead.
  • Isn't this similar to L0pht Heavy Industries' business model, just without the scum and villainy that's associated with malware?

  • People just don't seem to get it (Score:3, Insightful)

    by cdrguru (88047) on Thursday April 05 2007, @05:44PM (#18628311) Homepage
    Wow, wouldn't it be wonderful if Microsoft finally got it and made Windows really secure?

    No, it wouldn't It wouldn't sell, nobody would use it and it would be a complete flop.

    Windows is designed to be usable by people without one little bit of computer knowledge. It therefore does things "for you" in the background that can be good and helpful. If they are subverted, they are bad and insecure. Take all of this away and leave just the command line and Windows would be much more secure, but it would be unusable by most people.

    If it is programmable and the programming can be added to or modified in the field, it needs controls on who can modify that programming. If the inexperienced user can, it isn't secure. Period. When users run programs to install games they purchased they are using the same resources as when the click on an email attachment to install some bit of malware. They have no way of knowing the difference and it would seem no amount of education is going to fix that problem.

    What most people need is a locked-down appliance that cannot be modified in the field without extraordinary effort. And certainly cannot be modified over the Internet. This could be user friendly and secure, but you wouldn't install software on it, ever.

    Windows is trying to be user friendly and general-purpose. This has no choice but to fail to be very secure. The user cannot tell the difference between a program that is from Microsoft that is something they want and a program from microSoft that isn't something they want at all. Or from MircoSoft. Or really, anyone else at all. Sure, you can try to give them a chance to tell the difference - and Vista does try - but it isn't going to work. People gave up reading messages from computers and just click OK beginning in 1979 with CP/M and they aren't about to change now.

    I contend that there is no material difference between the security present on a Macintosh or Linux and Windows in the hands of a user that doesn't understand how the system works. If they get an email that says to run some program, they are going to run it if they want what the email says they are going to get. If this requires using sudo to get root authority, they will do so if they have the ability to do it.

    So how do you have security in that environment? You don't. You can't ever be secure against the naive user in charge of their own computer.
  • That's why we can't have nice things.

    Any y'all who were on Usenet back in the day know exactly what I mean.
  • If you use phishtank.com to verify phishes others submitted, you see clear patterns such as page filename, the exploit used and so on. There must be some "phishing kits" in use. If you see c.html in 6 different hacked servers in complete different locations, there is nothing but a software kit there.

    • One small error... (Score:5, Funny)

      by symbolset (646467) on Thursday April 05 2007, @12:21PM (#18623119) Journal

      ie create the virus then sell you the fix...

      ie isn't a virus development tool. It's just an installer.

    • You bet. In fact, right now there's hordes of undocumented alien, exploit writers hammering away at new malware from their nondescript building in Dallas overlooking a grassy knoll.
      • Could you please provide evidence that a common base Linux install (of a popular distribution like RHEL, Fedora, Ubuntu, etc) is less secure than a base install of anything else? Can you then provide evidence that once it is up-to-date it will continue to be less secure? Please compare to Windows XP, Windows Vista, current Solaris, and current AIX.
          • Firstly, Microsoft makes most of its money off support. Maybe they benefit from secure software, but definitely not "good" software. They want their software to be "just good enough" so that support is necessary and paid upgrades are necessary.

            Secondly, there are so many different versions, alternatives, and forks of open source software that it's harder to target a large audience. It's the monoculture that requires Microsoft to be more secure.
            • Linux has a monoculture too.

              How many spreadsheets are in the basic Ubuntu repository? (not universe, non-free, multiverse, or whatever)

              Ok, now how many are in the base repositories of the other major distros? I bet you'll find a few common faces...

              And how many people use spreadsheets that aren't in the repositories?

              What about compilers? What's that? not even intel's free compiler is in the repositories?

              The repository system is like a two party political system: It enhances the front-runners and penalize
    • People like you.

      Seriously, what does running as a restricted user do to prevent this? Restricted users can still install software anyplace they can write to.

      • Seriously, what does running as a restricted user do to prevent this? Restricted users can still install software anyplace they can write to.
        Unless they don't have execute permissions on the directories they have write permissions to. Well, maybe they can install that software, but they can't run it.
        • Removing execute permission from a directory does not do what you think it does. As far as I can tell, it effectively removes read permission. Maybe it does something different on Windows?

          I am sure you mean removing execute permissions from the file itself. In that case, you would have to mount their entire home directory (has to be a home partition now) 'noexec', which would probably break some things, and still wouldn't work -- scripts do not need execute permissions, and they still have things like login

    • Keep in mind: how do you know what they are selling is going to be accurate?
      You don't, unless they open source it. For those of you who are new, malware has been open sourced before. Remember SATAN, the Unix network penetrator posted to Usenet 20 years ago?

      Killing the messenger isn't going to change the fact that major software companies are still releasing software with basic security flaws in it. Somebody, somewhere is going to take advantage of that.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Eventually; the groups selling the subscription will be booted from the underground / aka no longer be trusted.


      Yes, and we all know how organized, monolithic, and connected "the underground" is.

      *rolls eyes*

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.