Writing Viruses for Fun and Profit 172
JMPrice writes "There's a short
article over at zdnet that explores a future synergy between viruses and spam, i.e. international crackdown on spam and open relays makes spammers opt to use infected computers instead as relays, and speculates a relationship between the virus writers and spammers."
Really? (Score:5, Interesting)
Re:Really? (Score:2, Insightful)
not really
the developer who pays for 4 M spam masseges does not want that any other spamer uses "his" infrastructure
Re:Really? (Score:1)
The inplications go WAY beyond that (Score:5, Interesting)
Now, if they're using hacked computers, they're on the wrong side of the law. Period. We're not talking civil damages any longer. The discussion point is how long they'll be in "Federal pound-me-in-the-ass Prison".
This is the dumbest idea from a spammers viewpoint I've ever read. However, I'm not under the impression many of these guys are intelligent. The only reason they've been able to defeat filters and other mechanisms is either stupid admins or half-hearted implementations.
I personally hope they do it! I'd love to see a few spend some time in our lovely Federal Corrections Facilities.
Re:The inplications go WAY beyond that (Score:1, Flamebait)
Ok, like...what part of "this is speculation" did you not understand? Or did you not even read the article? Or did you read it, but find yourself unable to process the many syllables of the word "speculation?"
I admit, it's refreshing for a "journalist" to cop to speculating, but that's still a good indication that he needed a pyacheck and couldn't think of anything WORTHWHILE to write about...and of course, if it's useless and speculatory,
Re:The inplications go WAY beyond that (Score:2)
Ok, like...what part of "this is speculation" did you not understand? Or did you not even read the article? Or did you read it, but find yourself unable to process the many syllables of the word "speculation?"
OK, dear idiot, take a deep breath, try thinking. In other words, if I were a spammer reading this article (from a spammers viewpoint) I would think it's a dumb idea(This is the dumbest idea ... I've ever rea
Re:Really?: not just sending spam (Score:2, Informative)
The brutalrape spammer did more. His virus infected computers to install a tiny web server and a few pages. Victims had graphic rape images on their machines. The virus "phoned home" when the victim went online. The spammer took the victim's IP address and added it to his nameserver as (one of the) IP address(es) for his spamvertized hostname.
Those getting the spam would complain about the graphic images and spam site - on a victim's computer. The tiny web site would have a
Re:Really? (Score:5, Insightful)
Furthermore, spamming might be more or less legal in different jurisdictions, but you can usually get away with it. Willfully spreading viruses is not something you can get away with. Only very stupid spammers would ever try that technique (as explained in the previous paragraph, it wouldn't be particulary hard to trace the virus back to it's originator)
Re:Really? (Score:3, Informative)
Re:Really? (Score:2, Informative)
More like a hit and run technique it is much harder to defend and act against.
You also don't leave a trail of bread crums behind. It could also be argued that you (the spammer), when charged for spamming, are the victim of an orchestrated spamming.
not hard, but not effective either. (Score:5, Informative)
Buy our new penis enlargement pills!
Available at... errr... go figure
Re:not hard, but not effective either. (Score:2)
I always thought it'd be a good idea to people who are selling the products, not the advertisers. At least go after the legal liabilities for being in a business relationship with an unscrupulous spammer. That would force the sellers to choose their spammers wisely; for examlpe making sure they have a legitimate list of people who'd really like to be contacted with information about "enlarge
Market speak! (Score:4, Funny)
future synergy between viruses and spam
Sounds like something out of Dilbert... time load up the Bullfighter [dc.com].
Huh? (Score:5, Insightful)
Re:Huh? (Score:5, Insightful)
Re:Huh? (Score:1)
Gee, ya think? What gave it away, the moronic conclusions the author came to, or the phrase "this is just speculation" close to the beginning?
Re:Huh? (Score:3, Informative)
It's not spammers, it's bugbear. Or whatever the flavor of the week is.
Re:Huh? (Score:1)
On the plus side... (Score:5, Interesting)
Re:oh please (Score:1)
A real suicide bomber is dead, and doesn't care anymore about how you treat him.
Of Course Not (Score:3, Funny)
Obviously, you shouldn't treat a suicide bomber or a person who flies planes into buildings the same way you should treat a spammer. Being staked to a red ant hill under a desert sun would have no real effect on (the remaining itty bitty pieces of) the former.
What cash flow? (Score:5, Interesting)
Re:What cash flow? (Score:5, Informative)
Some spammers make serious cash, for instance this fellow [oregonlive.com], who claims to have earned $1k each week.
Composing another Outlook virus is trivial. Download an existing source (either from usenet [source.code] or some web page [bismark.it]), modify, and start spreading it.
Any 13yo kid with some programming experience can do this, and if it pays $500, it probably beats mowing lawns for several weeks!
Re:What cash flow? (Score:2, Funny)
But you do have a point. Besides, the difference between Outlook and a virus is that a)corporations make you use it b) you have to pay for it c)it's more widespread d)it does more damage.
Also, most 13yo kids I know hate spam enough not to send any. Not that they have any programming experience
Re:What cash flow? (Score:1, Informative)
Re:What cash flow? (Score:2)
He claims income of $20k to $40k per month. (I wonder what the IRS has to say on that. Wouldn't it be wonderful if he went down for tax evasion? Talk about a law with teeth.)
On a side note I got quoted in that article - to the effect of "Why does this vermin still have a pulse?"
His wife had the audacity to complain and wonder why anyone would want to kill him over a "piece o
Soblig (Score:3, Funny)
Random email: "Please see the attached zip file for details."
Should I expect to find "herbal remedies" in this zip file?
Like _I_ can be more sarcastic!
Re:Soblig (Score:2, Offtopic)
Duh. It'll be a bigger pen1s, of course. What else would you expect to find if you open a zip?
And for that matter, why did you think this virus is called "So Big?"
Classic problem of a mono culture (Score:5, Insightful)
it is good to have lots of operating systems and processors out there, anything else would be suicide. With proper diversity we could control both the virus and spam problems.
Re:Classic problem of a mono culture (Score:3, Interesting)
Re:Classic problem of a mono culture (Score:5, Interesting)
Re:Classic problem of a mono culture (Score:2, Insightful)
If I follow your logic, you could also make a case that having different taxation laws in every state, city and town would reduce tax evasion. More likely the same amount would go on, but it would be harder to detect and control and police. Who cares if some small guy from Assfuck, Idaho is cheating on his tax.
With diverse oper
Re:Classic problem of a mono culture (Score:3, Insightful)
I think the authors point was the problem is that there are a gajillion wintel desktops out there. It's great that a windows trojan is news, but I don't think we've seen one that is REALLY malware. Most of them only focus on self-replication
Re:Classic problem of a mono culture (Score:2)
Tax evasion is totally dissimilar. By *your* logic, a virus is only concerned in infecting the individual computer that someone writes it for. The benefit of diversity is that finding an appropriate target is a little more difficult. Furthermore, if a particular platform is particularly vulnerable, with proper diversity (and the standards to support it), it will
Diversity among hackers = less effectiveness (Score:2)
You're missing the point. By requiring the virus writers to be much more specific, you make the effectiveness of that virus much less. The appeal of writing a virus for Windows is watching the whole world fear that virus because ~80% of the world's computers run Windows. If you had smaller market shares, say
Good! (Score:3, Funny)
Re:Good! (Score:2, Funny)
write me a (favourable) story (Score:5, Insightful)
I see that the Senoir Associate Editor wrote this piece. That may explain the embarrasingly outdated technology quotes, like One reason for this success is that the latest variants include Zip files, but with reference to the foolproof quote, what I'm inclined to believe is that the makers of ZoneAlarm paid for this sort of tripe (advert on the article). Brown Envelope journalism at it's best !
Re:write me a (favourable) story (Score:2)
That may explain a lot of things. I use a computer on the internet, to read email and do other typical things--and I have never been infected with a virus. I don't even use Anti-Virus software to protect my system, at all. I open all attachments sent to me, even those from people I don't know. In short, I use a computer as they were designed to be used, before they were compromised by security failures.
What's my secret? And it's more than just luck.
Re:write me a (favourable) story (Score:2)
Common sense approach to systems is important.
In the case of the poster, he/she happens to be using a platform the virus can't use. Ie, a Mac.
I've got three systems at home: Mac X, WinXP, and Linux. Not one of my systems have been hit by virii. The trick? Not using MS email/web/document products.
The point is that the file needs to get onto your system and the way to do that is to either look at it yourself or your software does. If your software is sane and so are you, then you will avoid the problems of
Re:write me a (favourable) story (Score:2)
You are indeed right. I propose a schema to stop office workers from spreading viruses. Anyone caught spreading an email virus will have to spend a week training in using a mail reader in a God forsaken place. For Europe, I propose the following places which I have had the unfortunate to visit for far too long:
Hanover (D)
Lille (FR)
Leeds (GB)
The problem (Score:5, Insightful)
Re:The problem (Score:1)
Idiocy (Score:4, Funny)
Re:The problem (Score:5, Interesting)
If my company pays another company to advertise my product and or services and they use illegal advertising methods, then shouldn't my company be punished also?
Does it matter if my company knew about the advertising methods that would be used? I don't know anyone that would hire an advertising company without knowing what service was being provided.
Re:The problem (Score:1, Interesting)
If you generate toxic waste you own it forever. You can pay somebody to dispose of it, but you still own it even when it is 20 feet under dirt. If you pay somebody to bury it properly and they dump it in the Mississippi river you can be sued for cleanup costs.
The result? Companies now screen and audit their disposal firms. Companies don't just look for the cheapest price when they outsource these jobs. As a r
Re:The problem (Score:2)
Re:The problem (Score:2)
Ignorance of the law is no excuse for breaking it.
The solution (Score:3, Interesting)
The same type of solution would work with auto accidents. If you want to reduce the number of accidents, remove the seat belts, air bags and ABS brakes. Line the dash with 6" steel spikes and I can bet you'll find the number of
What happens: (Score:2)
2) Joe Shmuch tries to do something to increase sales of his shitty product, so he pays some lead-generating site which gets him into contact with a bulk-email provider.
3) Joe Shmucky pays the spammer to hawk his product, spammer complies, Joe Shmucky is still not getting enough hits.
4) Joe Shmucky has paid everyone
I've seen the future.. (Score:5, Informative)
The spam was being generated from multiple locations simultaneously, and from IP addresses that looked like standard ISP subscribers, mostly in the US and Western Europe. It looks suspiciously like the spam was being sent from Trojanised PCs.
Bearing in mind that the people most likely to want to force Doxdesk.com off the web were browser parasite writers, it seems to me that there is a definite link now between these parasites, certain viruses/trojans/worms and spammers. Just another bit of proof that these people have no respect for the law.
I'm not so sure... (Score:5, Insightful)
It's difficult to see how spammers could remain annonymous. At the moment, they're an annoyance, but if they enter the realm of law-breaking to this extent, it is likely that there will be a major crackdown. And this shall not be difficult, because of the very nature of spam -- to get you to buy a product. Therefore, there must be a link to the spammer.
It won't work.
Re:I'm not so sure... (Score:2)
When it comes to doing the spamming itself the spammer is just "innocently" using an open proxy, and while that may be rude it's not considered illegal. It would be very hard to link the spamming and the virus writing in any legal way without access to the machine which created the virus (and finding the source code
This is NOT new (Score:5, Informative)
Google for SPAM-L's FAQ [google.com]
Talk about spam! (Score:2)
Straight off their FAQ. I almost signed up for it, but that's more spam than I get now in 3 boxes combined!
Re:Talk about spam! (Score:2)
BTW, I'm the guy who maintains the SPAM-L FAQ, hi.
Sobig virus (Score:3, Interesting)
Since Microsoft has started a crusade against Spam (to free-up bandwidth for their own humongous patches and service packs no doubt, they never do anything without a reason), shouldn't they start by fixing the very platform that makes it possible for worms to send spam ?
future README.TXT (Score:5, Funny)
This will allow you to have a high speed, reliable, DRM'd Microsoft Email eXPerience! (tm)
Spammers & Virus Writers are the same anyway (Score:5, Interesting)
Some Spammers=Some Hackers
Today's court ruling [idg.net] in favor of the ISP Earthlink [earthlink.com] vs Spam Ring Leader Howard Carmack got me to thinking.
Are ALL Spammers doing it for a profit? I find that many to most SPAM emails I receive in my inbox have unresolved links. Meaning; you can't "take advantage of the DEALS you are getting". (not that you'd necessarily want to) What would be the purpose of sending out emails such as this in great quantity, and using the man hours, hardware, etc to do it?
I think it may have to do partially with "the hacker mentality" Not all hackers do things for the common mythical reasons we like to think they do. (Revenge on the corporate world, profit, fame) - they do it because they can and a lot do it because they are mentally obsessed with it.
This was the attitude of a former colleague of mine that was hacker. He came from a rich family, was very well known in the community, and had a 1000 easier ways to get what he was wanting accomplished. He was obsessed first of all with hacking, second doing it with a Macintosh, and 3rd just because he could.
I'm not alluding to hackers having a mental problem, nor really comparing hackers to spammers.
This ruling, just made me think of motivation. Maybe if we can tap the motivation for Spammers, then maybe we can come up with the solution.
Re:Spammers & Virus Writers are the same anywa (Score:5, Insightful)
Graffitti=Urban Art = hackers=spammers (Score:1, Flamebait)
Spammers DO HACK my mailbox= hackers
Graffitti IS urban art - something I'm sure you aren't as talented with a spray can as they are!!!
Who modded you? You apparently didn't read fr comprehension. I ststed that I wasn't really comparing the two; more contrasting the two. Back up your statement that a spammer is NOT a hacker. I gave a specific example.
New conspiracy theory (Score:1, Interesting)
If that is the case, the popular ./ meme holds good for both spammers and antivirus people:
1. Release viruses/worms.
2. Use compromised computers as relays.
3. Send lots of spam.
4. ???
5. Profit
6. Sell antivirus software.
7. ???
8. Even
Tracking (Score:2, Insightful)
Re:Tracking (Score:3, Informative)
Easy. It's called seeding. Mass mailers and those selling mailing lists use it all the time. The idea is simple; along with the target addresses, the company paying for the mail service plants known fake addresses along with the supposedly good ones. If the known address is used when it shouldn't be or is not used when it should be, you automatic
simple solution to this problem (Score:3, Interesting)
To hell with the spammers, target the companies in the content.
Re:simple solution to this problem (Score:5, Insightful)
Nice try.
Folks who work for ISPs will be angered... (Score:5, Insightful)
While ISPs are not to blame for this problem, ISPs are in the position to correct this problem. This is not about fixing blame, it is about fixing the problem. Keep that in mind.
Now, as I've said in previous posts about this sort of thing, it all boils down to preventing the spread of infection - mathematically, if the expected value of the number of hosts infected by any given host is greater than one, then the infection will be much like a supercritical mass of fissionable material. So the trick is to reduce the expected value to less than one.
Now, there are plenty of ways to do this, most of which involve the ISP taking some action.
In short, take responsiblity for FIXING the problem, and force your downstream customers to do the same.
I have been receiving a steady stream of virus laden emails from udw.ac.za (a university in South Africa). I have repeatedly contacted them as well as their up stream provider (saix.com). All SAIX does is send a nastygram to UDW. All UDW does is experiment in topological auto-proctology. Were SAIX to say "Alright - we've had five complaints this past week. You obviously are not doing anything to solve the problem, so until you do, we are blocking port 25 outbound from you" then UDW would be HIGHLY motivated to correct the problem.
But right now, most ISPs have the attitude of Mind Over Matter - "We don't mind, so it don't matter. Over and out." As such, the problem persists and grows. ISPs mail servers handle a steadily increasing stream of viruses and spam, for which they complain bitterly about having to buy new equipment (while raising their fees), but they don't actually try to SOLVE the problem.
If ISPs were to say, "The line must be drawn here. Here, and no further." - if they were to start blocking viruses and spam, disconnecting users that spread them, and requiring their downstream to do the same, then the expected value of the number of hosts any one host can infect would drop to a tiny fraction of 1, and the reaction would damp out. Viruses would not longer spread like wildfire, the news would no longer report upon them, and the virus writers would no longer get egobo from writing them.
However, as long as ISPs continue to do their best Sgt. Schultz of Stalag 13 ("I SEE NOTHING! NOTHING!") impersonation, as long as ISPs say "It's not our fault - we are not to blame, why should we do anything about it!" then the problem will only grow.
(/me sits back and waits for the inevitable flames from ISPs wishing to do exactly that...)
Re:Folks who work for ISPs will be angered... (Score:5, Insightful)
As it stands, an ISP is not that much different than the phone company. They connect one user to another and don't worry about what is being said. What you are proposing is that all service providers would spy on their users and take corrective action if they are caught saying the wrong things.
This would be no different than the phone company terminating your call if they hear you mention the words "pie", "face", "chimp" and "white house" all in the same conversation.
If an ISP were to take such an interest in what their users have to say, then it would leave them in a tricky legal position -- If they have a policy of shutting down users who traffic in Windows Malware 2002 (tm), then why do they turn a blind eye to such horrible things as kiddie porn, copyrighted music and Harry Potter fan-fiction? The lawsuits would spread like wildfire, and the imminent death of the internet would arrive at eleven.
Re:Folks who work for ISPs will be angered... (Score:2)
Disconnecting a downstream customer who does not respond to complaints has nothing to do with monitoring their content.
If you get several well-justified complaints from different, unconnected sources about someone within your juristiction, you give that person time to respond to the complaints. If he does not respond in a satisfactory manner, you cut him off.
Simple enough. No content monitoring involved.
Re:Folks who work for ISPs will be angered... (Score:5, Insightful)
Where I do agree is in responding to problems. However I've not had so many problems here. In the few occasions where I've had serious problems from people scanning, flooding, whatever, I've complained to the appropriate place (in one case I remember an italian ISP, in another a US one) and it's been fixed. Guess I've been lucky.
Virus free (Score:3, Insightful)
No, that is exactly why I phrased it as I did - "require the user to keep his machine virus free."
If a machine is sending virus laden emails, then it is not virus free. Otherwise, innocent until proven guilty.
As for the attachements - I am sorry, but your right to swing your arm ends where my nose begins, your right to play your stereo ends where it enters my house. Society can quite legitimately ask i
Re:Folks who work for ISPs will be angered... (Score:2, Interesting)
First, our mail system that we started using and are kinda stuck with doesn't do checks on outgoing mail for viruses (iMail). The costs are too high for the small business to add the functionality ourselves.
iMail now has outgoing spam checking, but when we have your name, address, phonenumber, and you have to call us for setup, etc. we have never had any abuse in terms of s
Re:Folks who work for ISPs will be angered... (Score:2)
However, you CAN catch the more self-propagating viruses, and reduce the number of viruses out there.
PEBKAC (Score:4, Informative)
Or for those not so keen on abverbiations, Problem Exist Between Keyboard And Chair.
Make sure you got the latest anti-virus program. Do not open attachments from prople you don't know. Be wary about opening attachement from people you do know. Avoid HTML-enchanted (ha!) mail like the plauge. If possible, run another e-mail client than Outlook and Outlook Express. Set up and maintain a firewall that can block traffic that goes out as well as in. Use common sence - you wouldn't enter a house of ill repute in real life in fear of a STD, so you shouldn't visit a website of ill repute in fear of getting a virus or worse.
Seriously... if more people used their heads to think with and was a little more suspious about things, this would not be a problem.
Re:PEBKAC (Score:4, Interesting)
- Examine sent items folder looking for items with attachments.
- Send another message to the same person as a follow up with an infected version of the attachement.
This would get through most of the operator suspicion filters. If the payload mutates enough to make it difficult to fingerprint it would miss virus checkers as well.Taking this into account the problem isn't the operator but an MUA/OS that allows code to be executed in such a manner. Signed documents, trusted sources, etc may help here.
Re:PEBKAC (Score:1, Interesting)
One of our employees had opened an infected attachment. Bugbear selected
Re:PEBKAC (Score:2)
surprised (Score:3, Funny)
This is a worrying idea (Score:5, Insightful)
2. Release it
3. Destroy unsuspecting internet
4. ???
5. Profit!
ObSlashdotJoke aside, I always wondered where step 4 came in. Clearly, from the number of viruses doing the rounds now, bragging rights alone is enough of a draw for many; equally clearly, from the vast weight of bugs in viruses, it primarly draws teenage l33t hax0rs with more testosterone than talent.
All the devestation of every trojan and virus in history has been without a clear step 4. The addition of a step 4 worries me a lot, and as has been said before [slashdot.org] even non-Windows people like me can't feel smug and safe forever.
Re:This is a worrying idea (Score:2)
2. Release it
3. Destroy unsuspecting internet
4. ???
5. Profit!
Actually step 4 could be "Sell copy of virus to PR-conscious anti-virus provider (Symantec, etc.) 48 hours before releasing said virus, allowing them time to create antidote and appear as world-saving super-heroes.
Guess this gives a new meaning to... (Score:3, Funny)
Re:Guess this gives a new meaning to... (Score:2)
DDoS (Score:5, Insightful)
In one of the first of these that I saw back in May, the spammer apparently hadn't yet learned the art of using the Bcc: header, and all the addresses it was being sent to were clearly harvested from one newsgroup that I regularly read (and post in). That's how I knew it was spammed, and not just an "address book dipper" virus. And for some time, people have been spamming binaries pictures newsgroups with .exe attachments.
I'm glad to do my part in creating a diverse computing environment by running OS X instead of the leading virus-ridden OS. Is there any truth to the rumor that Microsoft is going to rename Outlook Express as ActiveVirus[tm]? :-)
Re:DDoS (Score:2)
Bad for the business model (Score:3, Interesting)
Re:Bad for the business model (Score:3, Informative)
Often, there is an advertising company that charges $1500 or so to "advertise" your product for you. They then pay subcontractors to actually send it.
Also, often the company with the product gets told the advertising company's list is 100% opt-in. Then, they turn it over to subs with "send this to your list - any list" and include these email addresses...
Until you make "spam" illegal to send out, you will
Advertising (spamming) companies are responsible (Score:2, Interesting)
The advertising companies first of all can't use virii to send spam. Secondarily, and in direct response to your objection, they can't claim they thought their illegal practice is legal because of what they heard from the company they are advertising for. Ignorance is
Re:Bad for the business model (Score:2)
And if this money isn't trackable, the Internal/Inland Revenue people are going to be very interested in finding out why. Al Capone wasn't done in by the G-men (FBI), he was done in by the T-men (IRS).
Re:Bad for the business model (Score:2)
If that connection is made, then some companies are in trouble. One is Symantec. I got plenty of spam offering Symantec products in a notorious spam campaign that happened some time ago. Recently a new campaign [go.com] started where you get a too-good-to-be-true offer on Symantec products. Except the download isn't from Symantec, it comes from the spammer- meaning you could be running a trojan.
Reminds me of a na
It's true (Score:5, Informative)
Re:It's true (Score:2)
nearly every spam being sent these days violates some federal or state law. relay rape = criminal trespass, theft of service. sending from trojaned computers = breaking+entering, criminal trespass, theft of service, unjust enrichment. not to mention most spam just by content are fraud (penis enlargement, make money fast, etc) or criminal (advance fee fraud schemes).
if law enforcement wou
Then... (Score:3, Funny)
In Other News.... (Score:3, Funny)
My boss was surprised on anti-spam efforts (Score:2)
But what about... (Score:2)
Seriously, WHY do you suppose MS hasn't made their product more secure from viruses? Probably getting kickbacks from McAfee.
I've always thought there just had to be some connection. After all, consider the sheer numbers of new viruses, and the fact that 99.999% of 'hackers' (and by that I mean people bent on causing online trouble) are script-kiddies, that doesn't leave a lot of people out there talented enough to write the code. Also, it seems
The solution is to remove the weak link. (Score:2)
Okay, you have a firewall and a virus scanner. But all of this is for naught if you yourself push the button or your software pushes the button. In either case, your system gets hosed and you have hours of work ahead of you to fix things.
Most virii are currently Windows based. The gut feeling would be to avoid that platform and choose something more resistant like Linux or MacOSX.
If you can't step away from Windows, then step away from the applications on Windows which can make your life suck: Outlook/Out
Uhh... (Score:1, Funny)
Re:Uhh... (Score:1, Funny)
First "Why is this news?" post!!
Re:foist powst (Score:1, Funny)
2) Fun
3) PROFIT!
Re:well, (Score:2)
He can move to any other country in the world, really. They feel the same everywhere now. France was just the one with the balls to speak up.
I'm going to a conference there in two months. If you give me the money, I'll buy a bottle of Fr