Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Botnet Businesses Crime It's funny. Laugh. Microsoft The Almighty Buck

Malware Authors Learn Market Segmentation From the Best 49

Posted by timothy from the that's-best-with-an-a-in-the-middle dept.
Earthquake Retrofit writes "The Register has a rather funny story about the Zeus botnet: 'The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what's found in Microsoft Windows. ... They've also pushed out multiple flavors of the package that vary in price depending on the capabilities it offers. Just as Windows users can choose between the lower-priced Windows 7 Starter or the more costly Windows 7 Business, bot masters have multiple options for Zeus.'"
This discussion has been archived. No new comments can be posted.

Malware Authors Learn Market Segmentation From the Best More

Malware Authors Learn Market Segmentation From the Best

Comments Filter:

  • Re:BSA (Score:3, Insightful)

    by mysidia ( 191772 ) on Saturday March 13, 2010 @05:27AM (#31462686)

    I think they have a more actually effective method though........ malware activates if determined to be unlicensed and being used "illegaly", turns into a trojan working on behalf of the the maker.

  • all hands on deck! (Score:2, Insightful)

    by Anonymous Coward on Saturday March 13, 2010 @05:31AM (#31462704)

    Just as Windows users can choose between the lower-priced Windows 7 Starter or....

    Actually, I don't think you get that choice. (at least, not in most first-world countires) I was under the impression that windows 7 starter edition would only be available to "developing" countries. (and maybe on netbooks as well, though I fail to see how that would be even remotely necessary. My Eee 1000he runs 7 professional just fine.)

    Also, I give it a week or less before some cracking group releases a pirated version. Then they'll start putting more and more oppressive DRM into their malware kits!

    Malware wants to be free!

  • Re:Version 1.4 (Score:3, Insightful)

    by bmo ( 77928 ) on Saturday March 13, 2010 @06:05AM (#31462788)

    a lot of Zeus' victims lack any kind of working AV?

    Have you seen a typical home Windows machine connected to the Internet?

    You should get out more.

    If the machine actually has AV, it's probably 6 months out of date at a minimum.

    I could rant about Windows in general being the most insecure out of the box, but I'm no longer motivated to rant about legacy software anymore. Y'all get what ya get.

    --
    BMO

  • Re:Version 1.4 (Score:2, Insightful)

    by Anonymous Coward on Saturday March 13, 2010 @07:55AM (#31463114)

    To emphasize your point, this is an era when malware creators write their code in Visual Basic because it's just too hard to learn C++. We oughtn't expect incredible feats of brilliance from them.

  • Maybe they are from the same company. (Score:2, Insightful)

    by Anonymous Coward on Saturday March 13, 2010 @08:35AM (#31463234)
    Did you ever think that maybe the Zeus botnet is produced by Microsoft's marketing department?

    Vulnerabilities make money for Microsoft: "This time, our OS is secure. Really. Buy a copy." People go out and buy a new computer because they don't know how to fix the one they have: Corrupted PC's Find New Home in the Dumpster [nytimes.com].

  • Re:Version 1.4 (Score:4, Insightful)

    by maxwell demon ( 590494 ) on Saturday March 13, 2010 @09:22AM (#31463452) Journal

    Finally, I think you may be a bit confused. In x86 (and x64) assembly at least, there's no such thing as a partial op-code. Each instruction is one or more bytes and the CPU doesn't just skip over invalid data as some did (like some 6502 variants). So you can't change any bit in an op-code or you'll change what that op-code is and thus what it does. For example 74 is JZ, jump to the address (specified afterward) if the zero flag is set. 75 is JNZ, jump to the address if the zero flag is NOT set. Change one bit, changes the whole meaning of the instruction. You can't fiddle with parts and have a different op-code that does the same thing.

    All the following sequences do an unconditional jump:

    ; sequence 0
    JMP dest
     
    ; sequence 1
    JZ dest
    JNZ dest
     
    ; sequence 2
    JNZ dest
    JZ dest
     
    ; sequence 3
    JC dest
    JNC dest
     
    ; sequence 4
    JNC dest
    JC dest
     
    ; sequence 5
    JB dest
    JE dest
    JA dest
     
    ; sequence 6
    PUSH dest
    RET

    Note that any difference in length can be made up with either preceding (effective) NOPs (there are many possibilities there, too) or with following junk (it's an unconditional jump; anything directly following isn't executed anyway). Also note that the destination address can be varied if the destination starts with some (effective) NOPs, or if you have jump instructions to that address at other positions.

    And all that is just what I could immediately think of. I'm sure someone who spends considerable time on designing such stuff would find many more ways to vary the code.

  • Hardware-based? (Score:3, Insightful)

    by ScrewMaster ( 602015 ) on Saturday March 13, 2010 @11:38AM (#31464152)

    hardware-based product activation scheme similar to what's found in Microsoft Windows

    Windows Product Activation is not what is usually termed "hardware based". It may take a signature of your hardware to look for unacceptable changes to that hardware, but that's about it. A hardware-based scheme usually involves a dongle or other physical device that is required for the software to execute.

  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Saturday March 13, 2010 @02:36PM (#31465364)
    Comment removed based on user account deletion

Slashdot Top Deals

"Ninety percent of baseball is half mental." -- Yogi Berra

Close