Writing Viruses for Fun and Profit 172
JMPrice writes "There's a short
article over at zdnet that explores a future synergy between viruses and spam, i.e. international crackdown on spam and open relays makes spammers opt to use infected computers instead as relays, and speculates a relationship between the virus writers and spammers."
Huh? (Score:5, Insightful)
Classic problem of a mono culture (Score:5, Insightful)
it is good to have lots of operating systems and processors out there, anything else would be suicide. With proper diversity we could control both the virus and spam problems.
write me a (favourable) story (Score:5, Insightful)
I see that the Senoir Associate Editor wrote this piece. That may explain the embarrasingly outdated technology quotes, like One reason for this success is that the latest variants include Zip files, but with reference to the foolproof quote, what I'm inclined to believe is that the makers of ZoneAlarm paid for this sort of tripe (advert on the article). Brown Envelope journalism at it's best !
The problem (Score:5, Insightful)
Re:Really? (Score:2, Insightful)
not really
the developer who pays for 4 M spam masseges does not want that any other spamer uses "his" infrastructure
Re:Classic problem of a mono culture (Score:2, Insightful)
If I follow your logic, you could also make a case that having different taxation laws in every state, city and town would reduce tax evasion. More likely the same amount would go on, but it would be harder to detect and control and police. Who cares if some small guy from Assfuck, Idaho is cheating on his tax.
With diverse operating systems, there will be precisely the same number of dickheads out there writing malware, but that each would be more focussed for an OS, and perhaps more difficult to detect.
A Windows trojan is news. There are a gajillion desktops out there to attack. Who is interested in reporting a virus for a niche operating system with a few thousand users? Certainly not the mainstream. What about Antivirus tools, etc. Who is going to write them?
As for this solving spam... As far as I was aware, the internet is already built using open, diverse (and exploitable) mail protocols.
I'm not so sure... (Score:5, Insightful)
It's difficult to see how spammers could remain annonymous. At the moment, they're an annoyance, but if they enter the realm of law-breaking to this extent, it is likely that there will be a major crackdown. And this shall not be difficult, because of the very nature of spam -- to get you to buy a product. Therefore, there must be a link to the spammer.
It won't work.
Re:Really? (Score:5, Insightful)
Furthermore, spamming might be more or less legal in different jurisdictions, but you can usually get away with it. Willfully spreading viruses is not something you can get away with. Only very stupid spammers would ever try that technique (as explained in the previous paragraph, it wouldn't be particulary hard to trace the virus back to it's originator)
Tracking (Score:2, Insightful)
Re:simple solution to this problem (Score:5, Insightful)
Nice try.
Folks who work for ISPs will be angered... (Score:5, Insightful)
While ISPs are not to blame for this problem, ISPs are in the position to correct this problem. This is not about fixing blame, it is about fixing the problem. Keep that in mind.
Now, as I've said in previous posts about this sort of thing, it all boils down to preventing the spread of infection - mathematically, if the expected value of the number of hosts infected by any given host is greater than one, then the infection will be much like a supercritical mass of fissionable material. So the trick is to reduce the expected value to less than one.
Now, there are plenty of ways to do this, most of which involve the ISP taking some action.
In short, take responsiblity for FIXING the problem, and force your downstream customers to do the same.
I have been receiving a steady stream of virus laden emails from udw.ac.za (a university in South Africa). I have repeatedly contacted them as well as their up stream provider (saix.com). All SAIX does is send a nastygram to UDW. All UDW does is experiment in topological auto-proctology. Were SAIX to say "Alright - we've had five complaints this past week. You obviously are not doing anything to solve the problem, so until you do, we are blocking port 25 outbound from you" then UDW would be HIGHLY motivated to correct the problem.
But right now, most ISPs have the attitude of Mind Over Matter - "We don't mind, so it don't matter. Over and out." As such, the problem persists and grows. ISPs mail servers handle a steadily increasing stream of viruses and spam, for which they complain bitterly about having to buy new equipment (while raising their fees), but they don't actually try to SOLVE the problem.
If ISPs were to say, "The line must be drawn here. Here, and no further." - if they were to start blocking viruses and spam, disconnecting users that spread them, and requiring their downstream to do the same, then the expected value of the number of hosts any one host can infect would drop to a tiny fraction of 1, and the reaction would damp out. Viruses would not longer spread like wildfire, the news would no longer report upon them, and the virus writers would no longer get egobo from writing them.
However, as long as ISPs continue to do their best Sgt. Schultz of Stalag 13 ("I SEE NOTHING! NOTHING!") impersonation, as long as ISPs say "It's not our fault - we are not to blame, why should we do anything about it!" then the problem will only grow.
(/me sits back and waits for the inevitable flames from ISPs wishing to do exactly that...)
Re:Huh? (Score:5, Insightful)
This is a worrying idea (Score:5, Insightful)
2. Release it
3. Destroy unsuspecting internet
4. ???
5. Profit!
ObSlashdotJoke aside, I always wondered where step 4 came in. Clearly, from the number of viruses doing the rounds now, bragging rights alone is enough of a draw for many; equally clearly, from the vast weight of bugs in viruses, it primarly draws teenage l33t hax0rs with more testosterone than talent.
All the devestation of every trojan and virus in history has been without a clear step 4. The addition of a step 4 worries me a lot, and as has been said before [slashdot.org] even non-Windows people like me can't feel smug and safe forever.
Re:Spammers & Virus Writers are the same anywa (Score:5, Insightful)
Re:Folks who work for ISPs will be angered... (Score:5, Insightful)
As it stands, an ISP is not that much different than the phone company. They connect one user to another and don't worry about what is being said. What you are proposing is that all service providers would spy on their users and take corrective action if they are caught saying the wrong things.
This would be no different than the phone company terminating your call if they hear you mention the words "pie", "face", "chimp" and "white house" all in the same conversation.
If an ISP were to take such an interest in what their users have to say, then it would leave them in a tricky legal position -- If they have a policy of shutting down users who traffic in Windows Malware 2002 (tm), then why do they turn a blind eye to such horrible things as kiddie porn, copyrighted music and Harry Potter fan-fiction? The lawsuits would spread like wildfire, and the imminent death of the internet would arrive at eleven.
Re:Folks who work for ISPs will be angered... (Score:5, Insightful)
Where I do agree is in responding to problems. However I've not had so many problems here. In the few occasions where I've had serious problems from people scanning, flooding, whatever, I've complained to the appropriate place (in one case I remember an italian ISP, in another a US one) and it's been fixed. Guess I've been lucky.
Re:Classic problem of a mono culture (Score:3, Insightful)
I think the authors point was the problem is that there are a gajillion wintel desktops out there. It's great that a windows trojan is news, but I don't think we've seen one that is REALLY malware. Most of them only focus on self-replication and not destruction of the host.
The problem with the one host enviornment is, if some virus writer decides he is having a bad day and comes up with an exploit that can render all of the windows boxes on the net inoperable then there is a huge problem since 80% of the internet traffic will be gone. (or maybe this would be a solution to some people
DDoS (Score:5, Insightful)
In one of the first of these that I saw back in May, the spammer apparently hadn't yet learned the art of using the Bcc: header, and all the addresses it was being sent to were clearly harvested from one newsgroup that I regularly read (and post in). That's how I knew it was spammed, and not just an "address book dipper" virus. And for some time, people have been spamming binaries pictures newsgroups with .exe attachments.
I'm glad to do my part in creating a diverse computing environment by running OS X instead of the leading virus-ridden OS. Is there any truth to the rumor that Microsoft is going to rename Outlook Express as ActiveVirus[tm]? :-)
Virus free (Score:3, Insightful)
No, that is exactly why I phrased it as I did - "require the user to keep his machine virus free."
If a machine is sending virus laden emails, then it is not virus free. Otherwise, innocent until proven guilty.
As for the attachements - I am sorry, but your right to swing your arm ends where my nose begins, your right to play your stereo ends where it enters my house. Society can quite legitimately ask its members to curtail dangerous behaviors. I can think of no circumstance in which sending an executable program as-is is needed or even wise. Not only will zipping the program reduce the size of the program (and thus the load on the mail server) it will add CRC protection to the program so that an error in transmission has a higher chance of being detected and corrected.
"my company already does such checks on internal mail, and it drives me mad, but it's their network so they can do as they please."
Guess what - Your ISP's networks is THEIR network, so by your own arguement THEY can do as THEY please.