Malware Authors Learn Market Segmentation From the Best 49
Earthquake Retrofit writes "The Register has a rather funny story about the Zeus botnet: 'The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what's found in Microsoft Windows. ... They've also pushed out multiple flavors of the package that vary in price depending on the capabilities it offers. Just as Windows users can choose between the lower-priced Windows 7 Starter or the more costly Windows 7 Business, bot masters have multiple options for Zeus.'"
Re:BSA (Score:3, Insightful)
I think they have a more actually effective method though........ malware activates if determined to be unlicensed and being used "illegaly", turns into a trojan working on behalf of the the maker.
all hands on deck! (Score:2, Insightful)
Just as Windows users can choose between the lower-priced Windows 7 Starter or....
Actually, I don't think you get that choice. (at least, not in most first-world countires) I was under the impression that windows 7 starter edition would only be available to "developing" countries. (and maybe on netbooks as well, though I fail to see how that would be even remotely necessary. My Eee 1000he runs 7 professional just fine.)
Also, I give it a week or less before some cracking group releases a pirated version. Then they'll start putting more and more oppressive DRM into their malware kits!
Malware wants to be free!
Re:Version 1.4 (Score:3, Insightful)
a lot of Zeus' victims lack any kind of working AV?
Have you seen a typical home Windows machine connected to the Internet?
You should get out more.
If the machine actually has AV, it's probably 6 months out of date at a minimum.
I could rant about Windows in general being the most insecure out of the box, but I'm no longer motivated to rant about legacy software anymore. Y'all get what ya get.
--
BMO
Re:Version 1.4 (Score:2, Insightful)
To emphasize your point, this is an era when malware creators write their code in Visual Basic because it's just too hard to learn C++. We oughtn't expect incredible feats of brilliance from them.
Maybe they are from the same company. (Score:2, Insightful)
Vulnerabilities make money for Microsoft: "This time, our OS is secure. Really. Buy a copy." People go out and buy a new computer because they don't know how to fix the one they have: Corrupted PC's Find New Home in the Dumpster [nytimes.com].
Re:Version 1.4 (Score:4, Insightful)
All the following sequences do an unconditional jump:
Note that any difference in length can be made up with either preceding (effective) NOPs (there are many possibilities there, too) or with following junk (it's an unconditional jump; anything directly following isn't executed anyway). Also note that the destination address can be varied if the destination starts with some (effective) NOPs, or if you have jump instructions to that address at other positions.
And all that is just what I could immediately think of. I'm sure someone who spends considerable time on designing such stuff would find many more ways to vary the code.
Hardware-based? (Score:3, Insightful)
hardware-based product activation scheme similar to what's found in Microsoft Windows
Windows Product Activation is not what is usually termed "hardware based". It may take a signature of your hardware to look for unacceptable changes to that hardware, but that's about it. A hardware-based scheme usually involves a dongle or other physical device that is required for the software to execute.
Comment removed (Score:3, Insightful)