Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Author Motives Changing

Posted by Zonk on from the step-five-profit dept.

Tragamor writes "BBC News is reporting that, with the suspected authors behind the zotob virus recently arrested, they are giving insights into the motivation of modern hackers. With the availability of virus sourcecode, authors are spreading to countries which had previously no history of virus origins." From the article: "What the pair were probably taken aback by was the response that the worm generated. Few virus writers now want to hit the front pages, said Mr Hypponen, most prefer to have their creations sneak under the radar, rack up a few thousand unwitting victims who are then milked for money or saleable data. It appears that Mr Essebar was intending to make money several different ways from the people caught out by the Mytob and Zotob viruses he is alleged to have created. "

9 of 126 comments (clear)

  1. Re:Oh, the good old days. by Dioscorea · · Score: 4, Informative
    Back in the 90s, virus writing was a hobby, if a black-hat one. The most famous viruses--Melissa, ILOVEYOU, were all done for fun, not for profit.

    Ehh, please don't use lame windoze rubbish like Melissa and ILoveYou as examples of some bygone golden age. Mention something with a bit of substance, like the Morris worm, Zalewski's WormNet, Creeper or even Shockwave Rider.

  2. Re:Why do not psycho virus writers exist? by Anonymous Coward · · Score: 2, Informative

    First of all, there hasn't been a VIRUS for years. All these modern "viruses" are actually worms.

    Secondly, if the worm destroys the harddrive then it also destroys itself and can no longer replicate. That means that it doesn't spread very well and doesn't last in the wild. The whole idea of a worm is to remain undetected for as long as possible, spreading itself all the while. The more owned hosts, the greater the profits and the bragging rights.

    Thirdly, there probably are "psychos" out there writing viruses. But, there are more Danish teens and Russian mafia writing viruses than the supposed psychos. The teens have too much time on their hands and in Soviet Russia, profit and a low likelyhood of prosecution is a massive motivation.

  3. Good Old Day.... With Virii like The Ripper..... by Shadow_139 · · Score: 2, Informative

    Ripper was on of the first Virii I have seen in the weirld, and that was back of 8086's :)

    It killed the MBR & BIOS and fucking up data been writen to the disc at random....

    Unlike all these pussy WinBlowz & Macro Virus that are going around...

  4. Makes perfect sense by kuzb · · Score: 2, Informative

    It's spreading to other countries that have never had a history of it before because there are now ways to make money with it. Most viruses these days are not put in to the wild without some kind of profit motive. Now, take in to consideration the fact that a few of these places where viruses are coming from are low-income countries, even a small amount of money made with it can equate to 'time well spent' to them.

    Think about it - say your income in a country is measured in tens or hundreds of dollars per month rather than thousands, which is more common in 1st world countries. Even something that makes you $50 - $100 USD per month is a big deal. How do you think they react when they learn they can make thousands with it? For some people, that's pretty much like winning the lottery. In order to stop the problem we need to either a) fix all vulnerabilities in all current (and future) operating systems (unlikely) or b) somehow find a way to make it not profitable for people to do it in the first place (also not likely). Otherwise, people are going to keep abusing it to make money.

    --
    BeauHD. Worst editor since kdawson.
  5. Re:Good Old Day.... With Virii like The Ripper.... by MarkTina · · Score: 2, Informative

    Nah, it didn't touch the BIOS just inserted itself into the MBR so it would boot up when the machine did.

  6. But also trivial to detect by brunes69 · · Score: 2, Informative

    NBAD systems in enterprises are rapidly making hydra-like virus spreading a thing of the past, because the sudden surge in traffic coming from an infected host is so easily identifiable and quarentined automatically.

    What you need to worry about are viruses that spread very very slowly, are very well hidden, and only activate after some preset condition.

  7. FFS, 'virii' is not proper plural OR singular! by Anonymous Coward · · Score: 1, Informative

    You people will be the death of me.

  8. Re:Repeat after me... by Spoing · · Score: 2, Informative
    While adaptive filters work fairly well, they aren't fool proof. (I still get spam through my mail filters, even if I automatically tag mail to dead and invalid accounts as spam and then use those new filters to tag mail to valid accounts.)

    I can't emphasise this enough: if you need to use a tool to secure something, what you're securing isn't secure to begin with or it is in an unsecurable environment. Change the environment or secure it.

    The bad guys expect you to have filtering methods that may catch what they try and slip through. You have to expect them to know that you have these defenses and to make you confident that they are working when they slip in something another way.

    That, and adaptive filters tend to flag useful tools as viruses even though they are there legitimately and have other uses (small VNC clients, SSH clients, ... for example).

    [Yes, I'm the one who posted the comment as an AC ... I was at work.]

    --
    A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
  9. Re:Repeat after me... by Noodlenose · · Score: 2, Informative

    well, another option would be to run OpenBSD. Even running it as a desktop OS it will give you enough apps for excellent productivity, and you always have the warm, fuzzy feeling in your belly that you're supporting peace-loving Canadians AND have a secure machine.