Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Author Motives Changing

Posted by Zonk on from the step-five-profit dept.

Tragamor writes "BBC News is reporting that, with the suspected authors behind the zotob virus recently arrested, they are giving insights into the motivation of modern hackers. With the availability of virus sourcecode, authors are spreading to countries which had previously no history of virus origins." From the article: "What the pair were probably taken aback by was the response that the worm generated. Few virus writers now want to hit the front pages, said Mr Hypponen, most prefer to have their creations sneak under the radar, rack up a few thousand unwitting victims who are then milked for money or saleable data. It appears that Mr Essebar was intending to make money several different ways from the people caught out by the Mytob and Zotob viruses he is alleged to have created. "

9 of 126 comments (clear)

  1. Oh, the good old days. by Silverlancer · · Score: 3, Insightful

    Back in the 90s, virus writing was a hobby, if a black-hat one. The most famous viruses--Melissa, ILOVEYOU, were all done for fun, not for profit. But as the internet went mainstream in the late 90s, the motivation changed--viruses are now merely a tool for a goal: criminal profit.

    1. Re:Oh, the good old days. by Dioscorea · · Score: 4, Informative
      Back in the 90s, virus writing was a hobby, if a black-hat one. The most famous viruses--Melissa, ILOVEYOU, were all done for fun, not for profit.

      Ehh, please don't use lame windoze rubbish like Melissa and ILoveYou as examples of some bygone golden age. Mention something with a bit of substance, like the Morris worm, Zalewski's WormNet, Creeper or even Shockwave Rider.

  2. Finally! by RAMMS+EIN · · Score: 5, Funny

    ``With the availability of virus sourcecode, authors are spreading to countries which had previously no history of virus origins.''

    Finally! The year of open-source on the desktop has come!

    --
    Please correct me if I got my facts wrong.
  3. What's more.. by ackthpt · · Score: 5, Interesting
    What's more is they didn't even want you to know that sneaking under the radar without being caught was their goal. Seems they failed on that account miserably. So what's the lesson here? Have a virus/worm with a limited life span? After the first n machines have been infected cease spreading?

    Sure as there's imagination there'll be more tactics to come.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:What's more.. by cataclyst · · Score: 3, Interesting

      So what's the lesson here? Have a virus/worm with a limited life span? After the first n machines have been infected cease spreading?

      Interesting... I'm wondering if anyone could do this w/o the virus having to communicate with some sort of server. If there was a pointer that got changed when the virus hit a new target, it would have to go in a linear form (eg: not a hydra-type... one person infects only one other person) if it wanted to keep track (accurately!) of how many ppl got infected.

      Curious idea, but I dunno if it would work w/o requiring a server with the potential to get shut down and end the virus' lifetime.

      --
      E = m * c^(Hammer)
    2. Re:What's more.. by Amouth · · Score: 4, Interesting

      Set a ttl and have it relay messages back through its parent host..

      I infect A to infect B+C to infect D+E+F+G and so on.. the messages are passed backwards Have A send random messages to a nother host.. pic up your messages somewere in the stream

      they can't detect it by watching an irc server for inbound connections.. sure they can see who is infected but only one computer each way.. and if you have fun with it by fliping the address around (10.20.30.40 infects 40.30.20.11 infects 11.20.30.41 ....) just keep them guessing..

      use normal transport sockets.. make it look like valid traffic .. i sware the writers are getting lazy.. make something creative.. i have seen spyware that is harder to remove than most viruses these days..

      just some ideas for the people willing to write them.. :)

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
  4. Four-words summary by Spy+der+Mann · · Score: 5, Insightful

    Before: Fame.
    Now: Fortune.

    'Nuff said.

  5. Or maybe they don't want you to look at porn! by antdude · · Score: 4, Interesting

    See The Register's story.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  6. Repeat after me... by Anonymous Coward · · Score: 4, Insightful
    If you MUST rely on virus detection software, you have already lost.

    I've had people argue furiously that this is not true. Yet, it does not make sense tactically; if your enemy knows your weakness, it is not benificial to them to let you know about it -- else they loose the ability to exploit the weakness.

    As such, do not attempt to secure what you do not control. Secure the hell out of what you do control. Treat everything else as potentially hostile.

    Do the right thing and spend time to make things as simple as possible on the design level. Eventually, this will pay you back in reduced 'emergencies', though initially it is a real PITA. There's no other way to get a handle on these things -- it's just too complex already.