Writing Viruses for Fun and Profit 172
JMPrice writes "There's a short
article over at zdnet that explores a future synergy between viruses and spam, i.e. international crackdown on spam and open relays makes spammers opt to use infected computers instead as relays, and speculates a relationship between the virus writers and spammers."
Really? (Score:5, Interesting)
On the plus side... (Score:5, Interesting)
What cash flow? (Score:5, Interesting)
Re:Classic problem of a mono culture (Score:3, Interesting)
Re:Classic problem of a mono culture (Score:5, Interesting)
Sobig virus (Score:3, Interesting)
Since Microsoft has started a crusade against Spam (to free-up bandwidth for their own humongous patches and service packs no doubt, they never do anything without a reason), shouldn't they start by fixing the very platform that makes it possible for worms to send spam ?
Spammers & Virus Writers are the same anyway (Score:5, Interesting)
Some Spammers=Some Hackers
Today's court ruling [idg.net] in favor of the ISP Earthlink [earthlink.com] vs Spam Ring Leader Howard Carmack got me to thinking.
Are ALL Spammers doing it for a profit? I find that many to most SPAM emails I receive in my inbox have unresolved links. Meaning; you can't "take advantage of the DEALS you are getting". (not that you'd necessarily want to) What would be the purpose of sending out emails such as this in great quantity, and using the man hours, hardware, etc to do it?
I think it may have to do partially with "the hacker mentality" Not all hackers do things for the common mythical reasons we like to think they do. (Revenge on the corporate world, profit, fame) - they do it because they can and a lot do it because they are mentally obsessed with it.
This was the attitude of a former colleague of mine that was hacker. He came from a rich family, was very well known in the community, and had a 1000 easier ways to get what he was wanting accomplished. He was obsessed first of all with hacking, second doing it with a Macintosh, and 3rd just because he could.
I'm not alluding to hackers having a mental problem, nor really comparing hackers to spammers.
This ruling, just made me think of motivation. Maybe if we can tap the motivation for Spammers, then maybe we can come up with the solution.
Re:The problem (Score:5, Interesting)
If my company pays another company to advertise my product and or services and they use illegal advertising methods, then shouldn't my company be punished also?
Does it matter if my company knew about the advertising methods that would be used? I don't know anyone that would hire an advertising company without knowing what service was being provided.
New conspiracy theory (Score:1, Interesting)
If that is the case, the popular ./ meme holds good for both spammers and antivirus people:
1. Release viruses/worms.
2. Use compromised computers as relays.
3. Send lots of spam.
4. ???
5. Profit
6. Sell antivirus software.
7. ???
8. Even more profit.
The solution (Score:3, Interesting)
The same type of solution would work with auto accidents. If you want to reduce the number of accidents, remove the seat belts, air bags and ABS brakes. Line the dash with 6" steel spikes and I can bet you'll find the number of accidents drops to next to nothing over night because we all become the world's safest drivers.
It's all about incentive.
simple solution to this problem (Score:3, Interesting)
To hell with the spammers, target the companies in the content.
Re:PEBKAC (Score:4, Interesting)
Taking this into account the problem isn't the operator but an MUA/OS that allows code to be executed in such a manner. Signed documents, trusted sources, etc may help here.
Bad for the business model (Score:3, Interesting)
The inplications go WAY beyond that (Score:5, Interesting)
Now, if they're using hacked computers, they're on the wrong side of the law. Period. We're not talking civil damages any longer. The discussion point is how long they'll be in "Federal pound-me-in-the-ass Prison".
This is the dumbest idea from a spammers viewpoint I've ever read. However, I'm not under the impression many of these guys are intelligent. The only reason they've been able to defeat filters and other mechanisms is either stupid admins or half-hearted implementations.
I personally hope they do it! I'd love to see a few spend some time in our lovely Federal Corrections Facilities.
Advertising (spamming) companies are responsible (Score:2, Interesting)
The advertising companies first of all can't use virii to send spam. Secondarily, and in direct response to your objection, they can't claim they thought their illegal practice is legal because of what they heard from the company they are advertising for. Ignorance is no excuse (to do something illegal).
Re:Folks who work for ISPs will be angered... (Score:2, Interesting)
First, our mail system that we started using and are kinda stuck with doesn't do checks on outgoing mail for viruses (iMail). The costs are too high for the small business to add the functionality ourselves.
iMail now has outgoing spam checking, but when we have your name, address, phonenumber, and you have to call us for setup, etc. we have never had any abuse in terms of spam being sent out by our customers. So we keep that turned off. We did implement an incoming email relay that can support incoming virus checking, but I quit before I had that turned on. Which is a shame because that's probably the most cost effective technique (turn it on in amavisd-new, which is already installed and running SpamAssassin).
As far as the rest of it goes there's no way we'd have the resources to support it. If we catch someone that has a virus, sometimes we'll get a copy of the virus at our support address for example, then we call them and let them know where and why they should get it fixed. They usually do. But dial-up customers aren't that profitable.
Re:PEBKAC (Score:1, Interesting)
One of our employees had opened an infected attachment. Bugbear selected an old message with an attachment on her machine, replaced the attachment and sent it out to everyone in the company (and of course some beyond). What did it pick? A message from the network administrator asking people to double check the attached spreadsheet to verify the information regarding their computers for our insurance company. If you had tried, you couldn't have designed a message more likely to dupe people into opening it.
Re:The problem (Score:1, Interesting)
If you generate toxic waste you own it forever. You can pay somebody to dispose of it, but you still own it even when it is 20 feet under dirt. If you pay somebody to bury it properly and they dump it in the Mississippi river you can be sued for cleanup costs.
The result? Companies now screen and audit their disposal firms. Companies don't just look for the cheapest price when they outsource these jobs. As a result we have fewer polluted lakes.
You can't allow companies to get blanket immunity by outsourcing work. Just look at how companies are transforming themselves these days. Pretty soon it will be common for fortune 500 companies to have 3 employees: The CEO, the CFO, and the secretary who pays the monthly bill to the company which handles paying all the other bills and collects the net profit check. All the work would be done by hundreds of outsourcing companies. If a regular "employee" breaks his leg on the job he can sue his "employer" - who is probably a sub-agency who legally only has 3 other employees and only $10,000 in the bank and no other assets. They just declare bankruptcy.