Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Malware Authors Combine Efforts

Posted by CmdrTaco on from the you-don't-like-your-data-anyway dept.

An anonymous reader writes "Spammers, Hackers and virus writers are all teaming up according to some russian security researchers. This means that they reckon that weaknesses will be exploited in a matter of hours of being announced, rather thant the weeks and months that we're seeing now. Scary stuff."

28 of 306 comments (clear)

  1. And just yesterday by Anonymous Coward · · Score: 5, Interesting

    They couldn't get along!

    1. Re:And just yesterday by networkBoy · · Score: 3, Interesting

      I think I can reconcile this:
      There will be a few groups who work in strategic alliances. The very scary part about this will be the "power" behind some of the malware campaigns. I think CoreWars, running on every windowz box that isn't hardened really is going to happen.
      This should prove to be interesting, especially when governments step in with the non-judiciary non-legislative branches because a real security leak is caused by one of these programs. Think a pissed off NSA (not a politicking one) of the "good 'ol days".
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  2. Public disclosure... by PincheGab · · Score: 4, Interesting

    So where does this place public disclosure advocates? Are people going to demand that makers of affected software have a 24/7 programming staff ready to plug leaks just so weakenesses can de disclosed immedately? In light of this even I would favor not publicly disclosing weaknesses immediately!

    1. Re:Public disclosure... by techsoldaten · · Score: 4, Insightful

      You know what? Business needs remain the same regardless of how fast hackers are writing exploits. Few companies, Microsoft included, could afford to have a 24x7 staff of patch writers for all of the applications they have deployed.

      This is the greatest argument for open source software I have ever seen. A proprietary model of development is going to get creamed as people take advantage of their limited resources and exploit the woo wang out of their apps. FOSS apps, on the other hand, potentially have hundreds of thousands of people ready to go worldwide at any given moment to correct problems as they happen.

      M

    2. Re:Public disclosure... by _Sprocket_ · · Score: 3, Insightful


      In light of this even I would favor not publicly disclosing weaknesses immediately!

      How does this change anything? This situation already exists and has existed for years. There has always been an element of pay-to-attack behavior as well as gathering resources via mass shotgunned attacks. And, in fact, spammers have been taping in to this environment for a while.
    3. Re:Public disclosure... by LnxAddct · · Score: 3, Insightful

      I think you underestimate how many companies are told they have vulnerable software rather than find it themselves. Http-equiv from malware.com finds tons of stuff and the Samba team used to submit a number of vulnerabilites they found in Microsoft's implementation. And all the time vulnerabilities are disclosed, sometimes the company is told before hand and if they don't act quickly enough then they are disclosed publicly, otherwise the company may find out at the same time you do. Regardless, if some thrid party does find a vulnerability and 2 or more people know about it, the world will know about it within a week. "Three can keep a secret if two are dead". So in short, yes companies need to be prepared 24/7 to fix their faulty software as fast as possible.
      Regards,
      Steve

    4. Re:Public disclosure... by dankney · · Score: 3, Insightful
      I would disagree completely -- this is an argument against open source. The exploits are expected to come out within hours of disclosure, not hours of discovery.



      Closed-source software has the ability to write the patch before disclosing the vulnerability.



      I believe in open source 100%, I just think that this argument falls against, not for OSS.

    5. Re:Public disclosure... by caino59 · · Score: 3, Insightful

      as long as it is the software company itself who finds the virus...

  3. How many times do I have to tell you? by Anonymous Coward · · Score: 5, Funny

    Get a firewall, block all inbound and outbound traffic, unplug your ethernet cable and shut off your computer. It's that easy to protect yourself.

    1. Re:How many times do I have to tell you? by forrestt · · Score: 5, Funny

      I think you can probably even skip the first couple steps.

  4. Uhm.. You know those russian security experts by Phixxr · · Score: 5, Insightful

    Is it just me, or does it seem that every story that lists the source as a "Russian Security Expert" is generally a load of crap?

    -Phixxr

    --
    ungggghhhh
    1. Re:Uhm.. You know those russian security experts by chris88 · · Score: 3, Informative

      Kaspersky is to blame, not Russians in general.

      They also predicted "Internet Terrorist Attack" in August.

  5. No big deal by MrRuslan · · Score: 3, Funny

    this wont have an effect on computer litirate people who know how to protect themselves ...and for those who dont know things wont change much ether....some people still have blaster on there box..they dont know or wanna know how to take care of there box

    1. Re:No big deal by kevin_conaway · · Score: 4, Funny

      I'm trying to come up with a clever joke to poke fun at your grammar and spelling but I think I'll let your post speak for itself.

  6. Organized Crime? by jellomizer · · Score: 4, Interesting

    Isn't this the same as orginized crime. So a bunch of internet thugs orginize to advertise more stuff, because they realized it will be more effective if they worked togeth. Will this rise the cost of protection money to use the internet?

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  7. I'll from the head! by identity0 · · Score: 5, Funny

    Hacker: I'll form the head!

    Scammer: I'll form the heart!

    Pornographer: I'll form the right hand!

    Spammer: I'll form the crotch!

    All: Together, we are - ASSHOLETRON!

    (catchy theme music here)

    1. Re:I'll from the head! by NardofDoom · · Score: 4, Funny
      It's like Captain Planet, only worse. And evil.

      "Captain Spam-it, he's our hero. Gonna make your compuer divide by zero!"

      --
      You have two hands and one brain, so always code twice as much as you think!
  8. No surprise- by IWantMoreSpamPlease · · Score: 5, Interesting

    Used to be (way back in 2003 or so) AdAware was all you needed (and Norton AV or a workalike)

    But now, man some of the things I've seen are really nasty!

    You wipe 'em out, they come back, they hide from searches, morph into other programs, I've even seen one (I shit you not, I've been in IT for 10+ years, never seen anything like this one!) that was active even when the infected drive was placed as a slave on another machine, it started right up and infected the new PC.

    This goes way beyond simple syware, these people are teaming up and it's just the beginning.

    --
    So rise up, all ye lost ones, as one, we'll claw the clouds.
    1. Re:No surprise- by gregfortune · · Score: 3, Funny

      I've even seen one that was active even when the infected drive was placed as a slave on another machine

      Dude, don't click on them *again*...

  9. serve yourself and save by to_kallon · · Score: 3, Interesting

    "They work in groups that exchange information with other groups on forums and Web sites."
    erhmm....
    ianase (i am not a security expert) but wouldn't that statement apply to, hmmmm....., oh i don't know.....THE INTERNET?? seriously, a broad, vague, statement like that suggests to me that this is mostly overreaction on the part of a group who could experience significant gains IF their statements were true.
    fud? imho, yes.

    --


    The only way to get rid of a temptation is to yield to it.
    -Oscar Wilde
  10. This war can't be won ... by smoyer · · Score: 3, Insightful
    The problem with detecting and deleting viruses, trojans, etc. is that you will never get ahead. At such time as a zero-day exploit is known to a hacker, they can create their malware of choice to exploit it. A skilled hacker may have an exploit ready in 6-12 hours.

    Once done, they have a certain population size (vulnerable hosts) that can be almost instantly assaulted.

    On the white-hat side, once the malware is noticed, it may take months to patch the initial security hole and even longer to patch the entire population of vulnerable hosts.

    This is why vulnerability announcements are so important, the software that survives in the future will be the one with the shortest vulnerability to patch cycle. The others will die off ... only the strong survive!

  11. focus change by derxob · · Score: 4, Insightful
    Back in the day virus writers main intent or goal was to piss off users and to create the next 'big' virus. Now a days, it's all about the money. Those same virus writers are now focusing their attention on the same aspects of before, infecting and disrupting a users system, but when money is involved, the stakes get higher, and things become a lot more dangerous.

    However, this article is pleading that we should *not* be publishing vulnerabilities, "because it gives hackers a tool", and I disagree with this. Publishing vulnerabilities is a way to alert the public of exploits that are present. What we need to do is make the publishing of vulnerabilities more popular than it is so that the general public is aware of problems and alerted on how to fix them.

    --
    Beat the computer, program your life.
  12. Microsoft should.... by Himring · · Score: 4, Funny

    Microsoft should use the business model that's brought them where they are today, create a "virus" department in Redmond and beat these guys at their own game.

    I can see it now: Active Virus (TM)

    1. Make OS.
    2. Build-in holes.
    3. Release patches.
    4. Create virus.
    5. Still profit!

    --
    "All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
  13. Et tu, Slashdot? by menkhaura · · Score: 5, Insightful

    Mistaking hacker for cracker is acceptable on the general media, where people aren't very aware of such subtleties. But on Slashdot? C'mon, I know Slashdot is crawling with Windows users, wannabes and such, but this is getting offhand!

    --
    Stupidity is an equal opportunity striker.
    Fellow slashdotter Bill Dog
  14. Re:Anonymity is part of the problem by lucabrasi999 · · Score: 4, Funny
    It's a shame, but it seems some people are malicious in proportion to their anonymity.

    ...And this was posted by an Anonymous Coward. Am I the only person to see the irony here?

  15. Re:Many shallow eyes... by ottawanker · · Score: 3, Funny

    .. don't tell me you've been paying for your viruses all this time!? I always make sure the viruses I get use the GPL.

  16. Move along, nothing to see here by worktheweb · · Score: 3, Informative

    These are the same guys who were predicting an "Internet Meltdown" a little while back -- I'd take their prognostications with a grain of salt ...

    http://it.slashdot.org/article.pl?sid=04/08/25/1 53 3213&tid=172&tid=95&tid=1

  17. Jabberwocky! by jaypifer · · Score: 5, Insightful
    "This is why vulnerabilities are so important," said Kaspersky. "We are against anyone who publishes vulnerabilities because it gives hackers a tool."
    And this is why most people are against security by obscurity. Kaspersky is confused. The tired phrase of "If guns are outlawed, only outlaws will have guns." applies even more pertinently to software vulnerabilities.

    By the time someone with enough motivation (read funding) to write an article on a vulnerability does so, the bad guys have already written exploits. Why? For the same reason...they get paid!

    The published articles allow the moderately tech savvy user to protect themself. Additionally, it forces the software makers' hand to close the vulnerability faster than if they had no pressure at all. Ultimately, this is our only way of shaming large companies into creating proper software and delaying the releases until they've created a more hardened product.

    Yes, hanging out the dirty laundry of vulnerabilities makes it easy for the junior hackers to create something out of nothing, but I'd rather we all know about the problems at the same time than a few sophisticated spam hackers knowing about the problems for an indefinite amount of time.

    --
    Never go to sea with two chronometers; take one or three.