Slashdot Mirror

← Back to Stories (view on slashdot.org)

Writing Viruses for Fun and Profit

Posted by Hemos on from the insidisous-dependence dept.

JMPrice writes "There's a short article over at zdnet that explores a future synergy between viruses and spam, i.e. international crackdown on spam and open relays makes spammers opt to use infected computers instead as relays, and speculates a relationship between the virus writers and spammers."

18 of 172 comments (clear)

  1. Really? by Bluelive · · Score: 5, Interesting

    Has it really become harder for spammers to remain anonymous ? Anyways, if it was really for spamming purposes the virus would just start open relaying.

    1. Re:Really? by joto · · Score: 5, Insightful
      Since most spammers advertise and sell a product, spammer can't be anonymous. At some point you will be able to send money in one direction, and goods in another. This is not particulary hard to track.

      Furthermore, spamming might be more or less legal in different jurisdictions, but you can usually get away with it. Willfully spreading viruses is not something you can get away with. Only very stupid spammers would ever try that technique (as explained in the previous paragraph, it wouldn't be particulary hard to trace the virus back to it's originator)

  2. On the plus side... by kinnell · · Score: 5, Interesting

    Any spammer using this technique will be entering the realms of cyber-terrorism, and will be liable for a big prison sentence and dedicated criminal investigations. Given that spam is advertising, it probably wouldn't be very hard to track the perpetrators down once the appropriate warrants are issued. I predict that either this report is overblown, or a few spammers will end up getting the buggering they deserve in prison.

    --
    If I seem short sighted, it is because I stand on the shoulders of midgets
  3. What cash flow? by Anonymous Coward · · Score: 5, Interesting

    Seriously, how many spammers make enough money to be able to pay virus writers any decent sum for their work?

    1. Re:What cash flow? by skurk · · Score: 5, Informative

      Quite a few, I'd guess.

      Some spammers make serious cash, for instance this fellow, who claims to have earned $1k each week.

      Composing another Outlook virus is trivial. Download an existing source (either from usenet or some web page), modify, and start spreading it.

      Any 13yo kid with some programming experience can do this, and if it pays $500, it probably beats mowing lawns for several weeks!

      --
      www.6502asm.com - Code 6502 assembly or.. DIE!!
  4. Classic problem of a mono culture by GreatDrok · · Score: 5, Insightful

    Any biologist will tell you that in an environment where there is only one type of organism, any infection that they are susceptable to that comes along will have catastrophic effects. To avoid this you need diversity. In computing the problem with having windows/intel as the vast majority is that any attack that targets that is going to cause a lot of trouble. Standards that have been implemented on many platforms and architectures are what is needed but that goes against Microsoft's desire for control of everything. However, that desire is doomed to fail because if they fail to take control they fail and if they win complete control they fail because of the lack of diversity.

    it is good to have lots of operating systems and processors out there, anything else would be suicide. With proper diversity we could control both the virus and spam problems.

    --
    "I have the attention span of a strobe lit goldfish, please get to the point quickly!"
    1. Re:Classic problem of a mono culture by GreatDrok · · Score: 5, Interesting

      No, a standard can be implemented by people using different code bases. If the standard is faulty then it needs to be fixed and each implementation also needs to be fixed to deal with the problem. However, the vast majority of problems with standards come from there being a single code base. For example, SSH. There is code based on the original SSH implementation and code based on OpenSSH. Frequently there is a problem with one or the other but not both. Less frequently there is a problem with the standard itself.

      --
      "I have the attention span of a strobe lit goldfish, please get to the point quickly!"
  5. write me a (favourable) story by pytheron · · Score: 5, Insightful
    There's no foolproof way to restrict the Sobig variations from getting onto your PC

    I see that the Senoir Associate Editor wrote this piece. That may explain the embarrasingly outdated technology quotes, like One reason for this success is that the latest variants include Zip files, but with reference to the foolproof quote, what I'm inclined to believe is that the makers of ZoneAlarm paid for this sort of tripe (advert on the article). Brown Envelope journalism at it's best !

    --
    "I am not bound to please thee with my answers" [William Shakespeare]
  6. The problem by Mensa+Babe · · Score: 5, Insightful

    The problem is that we are trying to catch spammers, instead of people who sell the very advertised products and services. Just follow the money, people. That way it won't matter how well spammers hide their identity. It all works because someone gets the money, which is absolutely trivial to track. If few CEOs went to jail because their companies' products were in spam, I'm sure other CEOs would at the very least stop to think about it. It is really that simple.

    --
    Karma: Positive (probably because of superiour intellect)
  7. I've seen the future.. by Dynamoo · · Score: 5, Informative
    ..and it stinks. Last week there was a massive "joe job" attack on Doxdesk.com, a site detailing browser parasites, porn diallers and other nasty plugins. The aim of the joe job was to generate fake spam supposedly advertising the site so it would get shut down.

    The spam was being generated from multiple locations simultaneously, and from IP addresses that looked like standard ISP subscribers, mostly in the US and Western Europe. It looks suspiciously like the spam was being sent from Trojanised PCs.

    Bearing in mind that the people most likely to want to force Doxdesk.com off the web were browser parasite writers, it seems to me that there is a definite link now between these parasites, certain viruses/trojans/worms and spammers. Just another bit of proof that these people have no respect for the law.

    --
    Never email donotemail@WeAreSpammers.com
  8. This is NOT new by Anonymous Coward · · Score: 5, Informative

    This has been the consensus at SPAM-L for quite some time. You might want to subscribe.

    Google for SPAM-L's FAQ

  9. Re:simple solution to this problem by iapetus · · Score: 5, Insightful

    And the simple gaping flaw in this ingenious solution is that I can now drive you out of business by spamming with your contact details.

    Nice try.

    --
    ++ Say to Elrond "Hello.".
    Elrond says "No.". Elrond gives you some lunch.
  10. not hard, but not effective either. by splerdu · · Score: 5, Informative

    While being anonymous for anonymity's sake isn't very hard to do, it is hard for a spammer to remain anonymous and be effective at the same time. These people are selling products, at the very least they can be traced to the guy who paid them to send the spam.

    Buy our new penis enlargement pills!
    Available at... errr... go figure

  11. Folks who work for ISPs will be angered... by wowbagger · · Score: 5, Insightful
    Folks who work for ISPs will be angered by this post, but before you hit reply, take a deep breath, step outside yourself for a bit, and think about what I am about to type.

    While ISPs are not to blame for this problem, ISPs are in the position to correct this problem. This is not about fixing blame, it is about fixing the problem. Keep that in mind.

    Now, as I've said in previous posts about this sort of thing, it all boils down to preventing the spread of infection - mathematically, if the expected value of the number of hosts infected by any given host is greater than one, then the infection will be much like a supercritical mass of fissionable material. So the trick is to reduce the expected value to less than one.

    Now, there are plenty of ways to do this, most of which involve the ISP taking some action.
    • Require users to keep their machines virus free, and disconnect them QUICKLY when they fail to do so.
    • Scan outbound email, and drop all mails that have attachments with extensions that do not match the Mimetype (e.g. an attachment with an extension of type .scr but a Mimetype of audio/midi). (Yes, this would not matter had Microsoft correctly implemented Mimetype checking in IE, but they didn't - the OS looks at the file extender, not the Mimetype.)
    • In the same vein, block all outbound mails that contain directly executable attachements. Friends don't send friends programs, and if they must do so, they zip them first.
    • Limit the average user's ability to bypass such filtering - do not allow users to directly send to SMTP, SMB, and NFS ports unless the user have explicitly asked for such access and taken responsiblity for doing so.
    • Upon getting complaints about violations, QUICKLY move to resolve the problem - as in, within 24 hours. If the customer will not or cannot solve the problem within that time, shut them down until they can.


    In short, take responsiblity for FIXING the problem, and force your downstream customers to do the same.

    I have been receiving a steady stream of virus laden emails from udw.ac.za (a university in South Africa). I have repeatedly contacted them as well as their up stream provider (saix.com). All SAIX does is send a nastygram to UDW. All UDW does is experiment in topological auto-proctology. Were SAIX to say "Alright - we've had five complaints this past week. You obviously are not doing anything to solve the problem, so until you do, we are blocking port 25 outbound from you" then UDW would be HIGHLY motivated to correct the problem.

    But right now, most ISPs have the attitude of Mind Over Matter - "We don't mind, so it don't matter. Over and out." As such, the problem persists and grows. ISPs mail servers handle a steadily increasing stream of viruses and spam, for which they complain bitterly about having to buy new equipment (while raising their fees), but they don't actually try to SOLVE the problem.

    If ISPs were to say, "The line must be drawn here. Here, and no further." - if they were to start blocking viruses and spam, disconnecting users that spread them, and requiring their downstream to do the same, then the expected value of the number of hosts any one host can infect would drop to a tiny fraction of 1, and the reaction would damp out. Viruses would not longer spread like wildfire, the news would no longer report upon them, and the virus writers would no longer get egobo from writing them.

    However, as long as ISPs continue to do their best Sgt. Schultz of Stalag 13 ("I SEE NOTHING! NOTHING!") impersonation, as long as ISPs say "It's not our fault - we are not to blame, why should we do anything about it!" then the problem will only grow.

    (/me sits back and waits for the inevitable flames from ISPs wishing to do exactly that...)
    --
    www.eFax.com are spammers
    1. Re:Folks who work for ISPs will be angered... by Minwee · · Score: 5, Insightful
      It's a nice idea, but the biggest problem that I can see is that it would make ISPs responsible, in a very real, legal and scary sense, for the content of the packets that they carry.

      As it stands, an ISP is not that much different than the phone company. They connect one user to another and don't worry about what is being said. What you are proposing is that all service providers would spy on their users and take corrective action if they are caught saying the wrong things.

      This would be no different than the phone company terminating your call if they hear you mention the words "pie", "face", "chimp" and "white house" all in the same conversation.

      If an ISP were to take such an interest in what their users have to say, then it would leave them in a tricky legal position -- If they have a policy of shutting down users who traffic in Windows Malware 2002 (tm), then why do they turn a blind eye to such horrible things as kiddie porn, copyrighted music and Harry Potter fan-fiction? The lawsuits would spread like wildfire, and the imminent death of the internet would arrive at eleven.

  12. Re:Huh? by Endareth · · Score: 5, Insightful

    Given that I've suffered this myself, with a virus-free existence of some years, I suspect that my email address has been used on several occasions by spammers as a from address due to my use of Spamcop to attempt to report these spammers. This article really doesn't seem too well researched I'm afraid.

    --
    Disclaimer: The above comment was made while under the influence of too much coding and not enough sleep.
  13. The inplications go WAY beyond that by rutledjw · · Score: 5, Interesting
    SPAMMERS right now are crowing that "we're not doing anything illegal". Aside from using another companies computers/bandwidth/resources without permission and selling products of dubious value - they're right. But all of that is subjective WRT legality.

    Now, if they're using hacked computers, they're on the wrong side of the law. Period. We're not talking civil damages any longer. The discussion point is how long they'll be in "Federal pound-me-in-the-ass Prison".

    This is the dumbest idea from a spammers viewpoint I've ever read. However, I'm not under the impression many of these guys are intelligent. The only reason they've been able to defeat filters and other mechanisms is either stupid admins or half-hearted implementations.

    I personally hope they do it! I'd love to see a few spend some time in our lovely Federal Corrections Facilities.

    --

    Computer Science is Applied Philosophy
  14. It's true by paranode · · Score: 5, Informative

    I run honeypots and work in security and I can tell you firsthand that this is definitely an accurate conclusion to draw. People exploit Windows boxes all the time and the only things I ever see them do with them are opening up spam relays or hooking it up as a bot to a warez IRC channel. There's absolutely no skill involved, it's just script kiddies with automated tools taking advantage of lazy Windozers who forget to set SQL passwords or ever patch their system with the latest updates. It's pathetic, and it really makes me think that spam can never be stopped no matter how much legislation gets passed.