Slashdot Mirror
When Malware Authors Combine Efforts
An anonymous reader writes "Spammers, Hackers and virus writers are all teaming up according to some russian security researchers. This means that they reckon that weaknesses will be exploited in a matter of hours of being announced, rather thant the weeks and months that we're seeing now.
Scary stuff."
They couldn't get along!
Further, if I'm wrong, doesn't this announcement generate (or risk generating) more momentum in the "malware conglomerate" that's being reported?
::jafomatic
So where does this place public disclosure advocates? Are people going to demand that makers of affected software have a 24/7 programming staff ready to plug leaks just so weakenesses can de disclosed immedately? In light of this even I would favor not publicly disclosing weaknesses immediately!
Get a firewall, block all inbound and outbound traffic, unplug your ethernet cable and shut off your computer. It's that easy to protect yourself.
Is it just me, or does it seem that every story that lists the source as a "Russian Security Expert" is generally a load of crap?
-Phixxr
ungggghhhh
to lock down your enterprise with a File surveillence and security tool like i:scan... know what's happening before the user does...
I know what's on your hard dr
...make deep bugs deeper. FOSS philosophy applied to viruses. Yikes.
adam b.
this wont have an effect on computer litirate people who know how to protect themselves ...and for those who dont know things wont change much ether....some people still have blaster on there box..they dont know or wanna know how to take care of there box
I don't think more people cooperating will really find new exploits, they will simply explore the ones they have already found. So, instead of an exploit coming out and than a derivative coming out a couple weeks later, we will see four or five derivates in quick succession of the original exploit.
Also, what "new" cooperation tools are malware writers using to communicate with each other? I'm fairly sure that IRC, Instant Messaging, VoIP, Bulletin Boards, and e-mail have all been standard communcation tools for these people. Maybe the groups now have more members.
-Teiresias
Isn't this the same as orginized crime. So a bunch of internet thugs orginize to advertise more stuff, because they realized it will be more effective if they worked togeth. Will this rise the cost of protection money to use the internet?
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Hacker: I'll form the head!
Scammer: I'll form the heart!
Pornographer: I'll form the right hand!
Spammer: I'll form the crotch!
All: Together, we are - ASSHOLETRON!
(catchy theme music here)
Used to be (way back in 2003 or so) AdAware was all you needed (and Norton AV or a workalike)
But now, man some of the things I've seen are really nasty!
You wipe 'em out, they come back, they hide from searches, morph into other programs, I've even seen one (I shit you not, I've been in IT for 10+ years, never seen anything like this one!) that was active even when the infected drive was placed as a slave on another machine, it started right up and infected the new PC.
This goes way beyond simple syware, these people are teaming up and it's just the beginning.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Well I've known about it since November 2003, dunno about you.
"They work in groups that exchange information with other groups on forums and Web sites."
erhmm....
ianase (i am not a security expert) but wouldn't that statement apply to, hmmmm....., oh i don't know.....THE INTERNET?? seriously, a broad, vague, statement like that suggests to me that this is mostly overreaction on the part of a group who could experience significant gains IF their statements were true.
fud? imho, yes.
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
Kinda makes you think twice about publicly announcing vulnerabilities in your software before you have time to fix them, does it not?
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
Privacy is important, but isn't the general anonymity of the net a contributer to these sorts of problems?
It's a shame, but it seems some people are malicious in proportion to their anonymity.
Once done, they have a certain population size (vulnerable hosts) that can be almost instantly assaulted.
On the white-hat side, once the malware is noticed, it may take months to patch the initial security hole and even longer to patch the entire population of vulnerable hosts.
This is why vulnerability announcements are so important, the software that survives in the future will be the one with the shortest vulnerability to patch cycle. The others will die off ... only the strong survive!
However, this article is pleading that we should *not* be publishing vulnerabilities, "because it gives hackers a tool", and I disagree with this. Publishing vulnerabilities is a way to alert the public of exploits that are present. What we need to do is make the publishing of vulnerabilities more popular than it is so that the general public is aware of problems and alerted on how to fix them.
Beat the computer, program your life.
Is this scary? I suppose, but is it realistic to believe that this is a truely new development. Vulnerabilities get exploited and there's nothing that can be done about that. Consumers need to be aware of them so that they can attemt to deal with them while a advisory solution or patch is in the works.
Moreover developers aren't always aware of a vunerability and they need to be. If people don't know about a potential exploit, both companies/developers and consumers alike, they will be affected more severly.
I am invisble, and you can't see me.
Another group of people is obviously conspiring to take over. I wonder if this is all related to the "Vast Right-Wing Conspiracy"? Or was that the "Conspiracy of the Liberal Elite"?
Microsoft should use the business model that's brought them where they are today, create a "virus" department in Redmond and beat these guys at their own game.
I can see it now: Active Virus (TM)
1. Make OS.
2. Build-in holes.
3. Release patches.
4. Create virus.
5. Still profit!
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
Mistaking hacker for cracker is acceptable on the general media, where people aren't very aware of such subtleties. But on Slashdot? C'mon, I know Slashdot is crawling with Windows users, wannabes and such, but this is getting offhand!
Stupidity is an equal opportunity striker.
Fellow slashdotter Bill Dog
Sorry but some times they need reminding.
- This and all my posts are public domain. I am a Physicist. I am not your Physicist. This is not Physically advice
These are the same guys who were predicting an "Internet Meltdown" a little while back -- I'd take their prognostications with a grain of salt ...
1 53 3213&tid=172&tid=95&tid=1
http://it.slashdot.org/article.pl?sid=04/08/25/
How can you trust such a non-trustable source anywany?
This will probably get modded troll, but please hear me out:
/.! Please check the definition of news:
Damn it
News
- Information about recent events or happenings, especially as reported by newspapers, periodicals, radio, or television.
- A presentation of such information, as in a newspaper or on a newscast.
- New information of any kind: The requirement was news to him.
This is not news! It's simply common sense that certain classes of people are going to conspire and associate with each other to some degree. Perhaps if the article was about a particular group of some importance, or interest it would be news, instead it's just another redundant research paper telling us what we already know. Outside of tech news, please imagine the headline "Safe crackers combine forces with bank robbers" appearing on the front page of any respectful publication, that's how stupid I think this is.
Hackers teaming up is nothing new.
.....please dont flame me I use linux I swear!
Most virus's are open source.
Quite possibley their the orignal open source community.
We all keep our PCs secure.. or should do. Then we make money off it, by fixing the PC's belong to who don't...
It's win-win for us. Lose-lose for the newbies.
I like muppets.
Spam! Hack! Virus! Go Russians! By your powers combined, I am captain pain in the ass!
echo $SIG
Oh no, someone call the Superfriends!
P-1 CUR ALLOC=8,058,044,651 CALL GREGORY
LongTail SSH Brute Force analysis tool is here!
Any one else remeber when hackers were just the type of people that hang out at slashdot? The kind of peopel that might hack into your system, but wouldn't break anything, and then leave a friendly note explaining how to secure it? Now it seems the only image the public associates with the hacker sterotype is jerks like this writing spyware/virus/ddos bot/spam relay/etc crap. =(
like somehow using economic warfare to make someone pay attention isn't a rational thing to suggest?
This circumstance does have some advantages; by tying themselves together financially they open the possibility for one to be traced from the other.
It also opens the participants to criminal conspiracy charges. Can you say RICO, motherf***er?
"We're off to see the Linux. The wonderful Linux OS!"
I don't suffer from insanity, I enjoy every minute of it!
"This is why vulnerabilities are so important," said Kaspersky. "We are against anyone who publishes vulnerabilities because it gives hackers a tool."
This pushes security discussion underground, but doesn't stop the bad guys, just leaves the administrators vulnerable and unaware. Very easy to spread this sort of propaganda however... hopefully it doesn't lead to laws being passed.
Cwm, fjord-bank glyphs vext quiz
If the attackers are getting that organized, they presumably can find their own vulnerabilities, instead of relying on published ones like the script kiddies.
I can't imagine how "slightly faster for casual browsing" justifies using Explorer. If anything, to maximize security, one should never use Explorer for casual browsing, and only use it to run Windows Update and perhaps other sites mandatory to doing one's job which use ActiveX controls. Otherwise use Firefox.
And for even better security, get a computer pre-installed with Safari.
By the time someone with enough motivation (read funding) to write an article on a vulnerability does so, the bad guys have already written exploits. Why? For the same reason...they get paid!
The published articles allow the moderately tech savvy user to protect themself. Additionally, it forces the software makers' hand to close the vulnerability faster than if they had no pressure at all. Ultimately, this is our only way of shaming large companies into creating proper software and delaying the releases until they've created a more hardened product.
Yes, hanging out the dirty laundry of vulnerabilities makes it easy for the junior hackers to create something out of nothing, but I'd rather we all know about the problems at the same time than a few sophisticated spam hackers knowing about the problems for an indefinite amount of time.
Never go to sea with two chronometers; take one or three.
Probably not all that different, really. And there's also the possibility he may have been doing IT in the porn industry for much of it.
//Information does not want to be free; it wants to breed.
until even Firefox will be useless, because see they are gaining market share in leaps and bounds, which makes them a target for malware and exploits now. It's only a matter of time until only lynx will be safe.
//Information does not want to be free; it wants to breed.
By joining up, the malware author does exactly the opposite of what he needs to do to stay anonymous. It is easier to catch someone who communicates with colleagues about the very thing which he needs to keep private. By conversing about virii/trojans/etc, it is far easier for law-enforcers to monitor and hunt down these cybermischiefs and bring them to justice, Bill Gates's feet, a /. horde, etc.
Maybe it's just me, but it sure seems that a lot of the "doom and gloom" virus warnings come out of Kapersky.
Wasn't it just 6 months ago or so that they were warning of a big attack day from the script kiddies out there (Was a... Friday, or a Saturday it was supposed to happen - Can't recall which off-hand). It never happened, but you wouldn't have believed that from their press release.
Don't get me wrong... Kapersky's not the only one who feels that there's greater cooperation between the various virus/spyware/trojan writers out there, but they seem to always be the one using "shock" type campaigns to announce such things.
Perhaps they're hoping that one of these "apocolypse now" stories will someday come true, and then they'll get a bunch of new customers because they'll be the ones who foresaw the problem and tried to warn the world.
Or perhaps they're the ones writing the virus's in order to drive up demand for their anti-virus products... Who really knows at this point, but I don't see the McAffee's or Nortons of the world putting out these types of press releases. It's always Kapersky. Odd...
I guess people would be much more secure if they switched to Linux and configured a good SELinux policy. One that prevented webbrowsers and e-mail clients from modifying binary files like shared libraries and applications.It could also prevent files that was downloaded by webbrowsers or e-mail clients to be executed by root. Make sure that only approved applications that really needs it are allowed to open sockets or connect to the internet. That would make life very difficult to most virus developers.
Today, Red Hat Fedora Core 3 turns on SELinux by default. Unfortunately the policy is mostly targeted at servers. Perhaps they (and other Linux distros) should target the desktop as well in their upcomming releases.
The problem is probably that most windows users will not go the Linux road. Instead they are likely to apply TCPA strategies that not only will lock out virus writers but also the owner of the computer.
God is REAL! Unless explicitly declared INTEGER
"C'mon, I know Slashdot is crawling with Windows users, wannabes and such, but this is getting offhand!"
Mistaking "offhand"(sic) for "out of hand" is acceptable on Slashdot, where people aren't very aware of such subtleties. But IN the general media?
(Off-hand means "casually dismissive", ie "I can't stand Fry's, their off-hand attitude is getting out of hand")
Instead of chasing down the lone cracker who created the GreatNewVirus, authorities can now pley members against each other in order to infiltrate a group. They can offer rewards for ratting out other members, or bribe them with reduced charges/punishment in exchange for squealing. This is a good thing.
Computers are useless. They can only give you answers.
-- Pablo Picasso
Exactly. Which is one of the reasons I refuse to get rid of my old DOS box. 6.22/3.11 for Workgroups. If some 32-bit virii went around, hit everything...I've got my 486 to get the patch:)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Honestly, if you still have a Windows box hooked to the net, whether it's behind ten firewalls and under 3 different antivirui, you deserve whatever kind of horrific disease you get.
Windows needs Palladium. Not tomorrow or the day afterwards. Today.
Right now.
I will never understand the "let's bury our heads in the sand" defense to security problems.
.. or naivety to believe that no one else has already found it.
It is either arrogance or naivety to want to surpress the vulnerability information from flowing...
Arrogance to think that only "good" people can find it
Don't worry... once Linux becomes half as mainstream as Windows, you'll get your fair share of viruses, malware, and the like. Hide behind Linux all you want, but pray to God that the masses don't start switching.
It is either arrogance or naivety to want to surpress the vulnerability information from flowing...
.. or naivety to believe that no one else has already found it.
Arrogance to think that only "good" people can find it
I will never understand the "Let's bury our heads in the sand" defense to security problems.
Comment removed based on user account deletion
... the binary pattern
0x01 0x01 0x20 0x05
has been found in many executable files on many different and diverse operating systems.
Users are strongly cautioned not to use their computers on January 1st, 2005!
[Editor's note: many more executables also match the less restrictive byte patterns
0x01..0x12 0x01..0x31 0x20 0x05
Using your computer on any day in 2005 may be dangerous!]
Because a cracker is a black-hat form of hacker, but one can be a hacker without being a cracker?
Cracker is a more accurate definition, and certainly this otherwise paints a bad name for hackers. But realistically, given the use of hackers to describe such users perhaps a better name for white-hat hackers would be appropriate...
It's nice to have a clunker around, though, it would be nicer if I could try getting online with it... Anyone know of any WFW 3.11-compatible DSL dialers (PPPoE)?
Moll.
What you hear in the ear, preach from the rooftop Matthew 10.27b
That's right keep them secret, keep them safe. So only the crackers and the uber-geeky know. And the little hairy foot developer can carry the exploit to mount doom before the evil minions of 50R0|\|666 get their hands on it.
How will we know what ports to block, what mutex to push via GPO, and what tools to use to prevent these attacks if we don't know about them beforehand?
1) spread fear, its good for business. ... We need to cooperate to prevent this.")
2) create some fucked up 'axis of evil' shit to help further #1. ("Virus writers are combining their efforts with hackers and spammers to launch Swiss Army knife-like malware attacks on users")
3) throw in some fuzzy math for effect. ("The company said that it was seeing 200 new viruses a day.")
4) take a random stab at preventing free speech. ( "They work in groups that exchange information with other groups on forums and Web sites
5) and finally, say something really stupid that goes against something tried and true thats trusted in the industry - in this case, the idea of Full Disclosure. ("We are against anyone who publishes vulnerabilities because it gives hackers a tool.")
and to think i actually used to respect their work. maybe they should just stick to coding and save the PSA's for when they have a smarter PR rep.
just my 2 cents.
smattawichu
But there is no way to actually verify that "Malware authors" are actually cooperating more now than in the past.
It clearly a "panic and run to us for help" article.
In these days of 0-day exploits, I just can't take the chance that someone will find a hole in ssh and create a Warhol-worm before I can install a patch. I sleep better now...
PHEM - party like it's 1997-2003!
Use an e-mail alias. If your e-mail address is, for example foobar@someserver.com, create an alias for that mail account called, say, foo.bar@someserver.com, and use that e-mail address on public forums, registrations and web pages. When the spam gets to be too much, just cancel the alias and create another one.
I'm amazed that noone has figured this out yet. The defense against these viruses is software heterogeniety. Who cares if there's an Outlook virus if they're using Thunderbird? Or Firefox if they're using Opera? What we need to do is get enough people using enough different types of software to make it no longer worth an attacker's while to write virii -- hell, most web designers can't even get a moderately complex CSS to work properly on more than two browsers, you think anyone's going to write a virus that works cross-platform?
Just junk food for thought...
If this is true, it's a prime opportunity for law enforcement to infiltrate the newly-forming groups. Furthermore, unlike The Lone Hacker, these groups are going to be much more vulnerable. If just one of them is identified, the entire network will get done. As an added bonus for investigators, a confederation of specialised individuals will either:
1. contain some individuals that by virtue of not specialising in protecting their identities are going to be easier to catch
or
2. use best-of-breed tools produced by those specialising in staying anonymous and cleaning up their tracks. This is a double-edged sword for while it will make it harder to get the first individual in the chain, once you have one, you have them all.
Never mind that once they get caught, they're double screwed because not only will they get charged with whatever crimes they perpetrated, they will also be charged with conspiracy charges of all sorts. Given the current political climate, I wouldn't be surprised if terrorism charges were somehow included as a bonus >:)
This is not a flamebait or a troll.
I always had the suspicion that
virus writers worked together with antivirus firms, gee,, there won't be any need of antivirus if there were no viruses. I'm tempted to say that people inside Kaspersky are of the black hat kind.
First, this article is mostly about security exploits and virus authoring, not spyware/adware.
In order to really liken this to organized crime, there would have to be some profit motive, so as to make the racket a worthwhile venture. For instance, if they were creating viruses and also selling anti-virus software, you could then demand protection money. It doesn't sound like these folks are offering protection to anyone, it's just a bunch of punks that collectively form SUPER-PUNK. If you were going to liken this to any crime form, it would be something more along the line of a hate group or terrorist organization. However it really pisses me off when people do that, so let's not.
I know this has been stated MANY times before in various ways, but if "closed source" truly is effective in preventing malware/hacks/virii simply because the source isn't available for anyone's inspection - then why do we see all the security flaws popping up with IIS? Meanwhile Apache has comparable market-share and usage world-wide on the net as a web server, and it is considered far more secure?
By the same token, Linux and BSD have been chosen as the platform many commercial firewall/router products are based on, despite being open-source. If open-source really had a "disadvantage", security-wise, by the mere fact that it's freely available code - then wouldn't you think companies like Netgear or Cisco/Linksys would steer clear of them in security-related network appliances?
Of course "exploits are expected to come out within hours of disclosure" - but that seems like a pretty general statement to me. Far more people with malicious intent are capable of slapping together some code based on a documented flaw than figuring out a previously undiscovered flaw and exploiting it. If you disclose a Linux or BSD security flaw, I'd say it's just as likely to be exploited quickly as a Windows flaw.
Back when I did serious work (1997 or so), IT guys (LOTS of them former hackers and PC-geeks) had an informal code of ethics, which came down from the 'Hacker Dictionary' guys long, long ago. To reiterate:
'Hackers', while perfectly willing to use any means to tear apart and re-verse engineer software, hardware of any kind, etc. were ethically constrained from causing damage through their knowledge. Harassment of the powers that be, yes. The presentation of unpleasant facts, yet.
BUT, exploitation of knowledge for personal gain, definitely NOT. This doesn't just mean writing viruses, cracking systems for profit, breaking copyrights protection, etc.
Personally, I also took it to mean that one should not cynically exploit the ignorance of the public (and your bosses!) to line your own pockets. I put this in the category of war-profiteering or worse. I believe people in the medical professions might be familiar with this situation all so.
I got OUT of IT because I felt it was my mission to make the systems I was resposible for useful and secure; moreover, I spent a large part of each day trying to educate my users so that my job would be easier. I COULD have milked the job and told my people some bullshit that fed their mushroom-ness. I could have done the same to my bosses. I'd probably still be there and pulling in 60-70K a year, too.
Professional ethics used to mean something in the wider geek community. I don't believe that paranoia and greed will destroy it from within, but...
- - 'Go ahead, make my tea.' - Doow Tsae T'nilc -
Close. Actually, the two things you should do are:
1) Download and install Firefox.
2) Delete Internet Explorer (if you can).
On my computer, Internet Explorer is slightly faster for casual browsing than FireFox because Explorer is more tightly integrated into the operating system.
On my computer, I'm running Linux. IE is NOT integrated into the operating system. You can't see it, but I'm doing the Superior Dance.
If IE is integrated into your OS, there is a third thing you should do.
3) Upgrade to Linux or Mac.
I can't understand why everyone isn't more enraged by the fact that 80% of spam now comes from zombie Windows PCs. Lack of security hurts us all. As a society, we're far too complacent about PC security. We should take the attitude that a person's right to run an unpatched Windows box attached to a high speed cable ISP does not supercede the right of a million internet users not to drown in illegal V1aGr@ and warez spam.
>> My ultraviolent Linux switch video.
Ethernet socket driver for a simple ethernet card.
Trupmet winsock or similar to bind to the 0x60 DOS socket.
$20 router connected to your DSL to do the PPPoE login, as well as a bit of firewalling to any computers internally.
I would never suggest using a PPPoE utility on the computer when routers are so cheap and useful. Most DSL modems even have the router logic built-in nowadays.
Depending on which public you mean, this will actually work out to "within a few days of disclosure to the cracker public" and "before disclosure to the public in general, including to the company that makes the stuff".
Come to think of it, there are already examples. And I'm with the guy who says it's time to start working on a class-action suit against Microsoft for helping us push ourselves into this position.
I know I am going to hear from the Chinese karma police on this one, but does anyone have a list of all the Chinese IP space?
Perhaps we could start a grass-roots effort to disallow access from countries whose goverments aren't being responsible when it comes to their citizens respecting the rights of others in the online community?
Anyone have a list they could post or link to?
Sophos wants us to update our anti-virus software 8760 times a year. Once an hour every day, every year per computer (!) just to keep up with all of the variants of viruses.
mi2g? Well, they started calling vmyths a hate site. They need no further comment.
Use Evolution instead of Outlook? Bewa
Have a router already; think something's wrong with it as it has been unable to connect to my provider lately.
Moll.
What you hear in the ear, preach from the rooftop Matthew 10.27b
Ewps my bad, not front page content, rather the link in your .sig. The article's still date-stamped 3 days late...
Cole's Law: Thinly sliced cabbage
Hopefully you're not refering to my 486...cuz we got it back in 1994. Stupid troll...
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.