Botnet Business Model Comes to Life

consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."

Outsourcing Botnets.

""Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. "

Gosh, darn it! I'm in the wrong business.*

*Even E-Bay sellers can't do as well.

Re:Outsourcing Botnets.

[Lord+Prox]

That doesn't sound like that is all that much to brag about. Since I don't think he will be getting many paychecks from said spyware company DollarRevenuefor likely TOS violation and subsequent slashdotting. Am I missing something here?



Place a curse on DollarRevenue

Re:Outsourcing Botnets.

[megaditto]

Not only that, but penalties for 'hacking' are quite extraordinary.

One would do much less time for, say, shoplifting $500 worth of stuff, or starting up a pyramid scheme of some sort

Re:Outsourcing Botnets.

How do you know that DollarRevenue really cares...?
I emailed them a question and got this back:
DollarRevenue here,
I'm protecting myself from receiving junk mail.
Please click the link below to complete the verification process.
You have to do this only once.
You are receiving this message in response to your email to
DollarRevenue, a Spam Arrest customer.
Spam Arrest requests that senders verify themselves before their email is
delivered.

I think this might be the funniest thing I've seen all day.
-os

Re:Outsourcing Botnets.

[julesh]

Gosh, darn it! I'm in the wrong business.*

*Even E-Bay sellers can't do as well.

This says more about the poor returns from selling shit on e-bay than it does about how good selling botnets is. ~$120k (based on 280 days of work per annum, which is about right) sounds great, until you realise that you'd have to work damned hard for it, it isn't a reliable source of income, and doesn't come with any benefits. Add to that the fact that I sincerely doubt this guy could find 280 botnet customers in his lifetime, let alone in an year, and the business is clearly a dead end. I don't even get to factor in the 50% losses from money laundering before pointing out that he'd be much better off stealing peoples identities and getting loans in their names.

Re:Outsourcing Botnets.

[the_womble]

He made $430 in a day from Dollar Revenue alone. It is only part of his revenues.

The article says:

"He's earning more than $430 in a single day with DollarRevenue, and that's not the only piece of adware he's installing. He's installing others and also renting his botnet out to spammers"

Re:Outsourcing Botnets.

[Magi77]

"Please click the link below to complete the verification process. You have to do this only once."

LOL, and when you click on the link they sent, you end up installing their spyware on your system lol

Everybody wins! (sort of.)

[JonTurner]

And for those persons affected, how much will they spend on antivirus software or tech service to remove the problems? A bunch. Think of how many people simply choose to buy a new system when their old one suddenly "wears out" (e.g. slows down due to virus/spyware infestation). Everybody's happy but the poor sap who owns the infected computer.

The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.

Re:Everybody wins! (sort of.)

[fmobus]

This is a clear example of broken window fallacy

Re:Everybody wins! (sort of.)

[rapidweather]

Everyone here knows there are alternatives to running Windows on PC's.

I use my livecd linux (screenshots below), and lately I have been installing the system on machines allowing booting without a CD, or a boot: prompt, using MSDOS batch files.

I keep Windows 98 on the boxes, sometimes formatting and doing a clean install, but without any internet connection applications (won't be needed, will be going onto the internet using Linux).

Not really necessary to partition the drive for a swap partition, when knoppix boots, it allows creation of a swap folder on hda1.
I have it set for >= 128 MB RAM (minimum).

My blog is here, lately I have been rambling along about this topic.

Some machines can have Windows desktop icons for linux, or the msdos menu. The one I am on now can boot linux into KDE, IceWM, Fluxbox or TWM, all custom configured and set up with Guarddog firewall. The user gets a choice either from the MSDOS menu, or from Windows 98 desktop icons.

Today I have set up a Toshiba 4015CDS laptop to run the livecd linux "off the hard drive", and on that one, there is a simple menu batch file that's run by autoexec.bat, allowing a choice between Linux and Windows. Very nice, using vga=788 in the loadlin command line to get framebuffer 800x600 for the linux desktop.

I got off on this track because some users objected to having to enter a knoppix cheatcode at the boot prompt, and to having to use a CD in the drive to run the system. I don't blame them, they might have to enter something like this each time the system is booted:

boot: fb800x600 knoppix acpi=off myconfig=scan

Some are a lot worse than that.

Those cheatcodes are now contained in the linux.bat that runs loadlin.exe, and the rest of the command line. (command.com limited to 128 characters/spaces)

In some cases, linux boots up to a desktop faster than Windows.

Then they get Mozilla Firefox, Flock or Opera to surf with.

My 150+ KB "Getting Started Guide" is here, does not have anything in it yet about these hard drive "installations". I am thinking about packaging up everything needed, instructions, etc. in the CD. May even write an installer script, to make it automatic. None of this works on XP boxes, but is intended to salvage '98 boxes and have them run Linux. --Rapidweather

Re:Everybody wins! (sort of.)

[dfinster]

I agree, it's criminal. This guy gets a few cents to install the crap. I get called out to remove it.

A typical service call to remove crap:

• Travel charge - $15 to $35 depending on distance.
• Spyware removal - 1 to 2.5 hours depending on infection (and a lot depends on the speed of the machine) It's sad but true that low end machines take longer to clean, so I spend more time on site, so I cost more in the end.
• Training and prevention - another hour or so.

In the end - the bill is usually a couple hundred bucks. The good news is that I offer free remote tech support and train them well enough that I normally never have to come back. My customers usually just need some education - so it's slow but I'm working to eliminate the problem one client at a time.

Re:Everybody wins! (sort of.)

[jhackworth]

Don't forget the virtualization folks. They'll clean up given you can simply delete the image and start fresh with a new one. Of course, it'll probably put the antivirus and tech service folks out of business.

Re:Everybody wins! (sort of.)

[pipingguy]

A penny here, a penny there...who cares?

Re:Everybody wins! (sort of.)

[deblau]

And for those persons who may not have gotten the reference, see the parable of the broken window.

Re:Everybody wins! (sort of.)

[Al+Dimond]

First, you don't need virtualization to "start fresh". You need backups.

So let's say you can easily back up to a known-good HD image (companies have been doing this for ages, often with the help of programs like Norton Ghost, which runs on a floppy disk under DOS, no fancy virtualization required). Put the antivirus folks out of business? Not so fast here. Don't viruses still infect your docs and executables? Won't users continue to create new documents and install new programs before realizing what's wrong? Won't users want to recover those? Won't users still be inconvenienced by reinstalling programs? As long as it's inconvenient to "start fresh" people won't do it. They'll prefer the pounds of dull and ineffective prevention over the ounce of bitter cure.

Let's say that the current profitable crop of malware doesn't infect documents like a virus does (I really don't know much about this). If people then find it really easy to just copy their $HOME and lay that over a known-good backup, thus cleanly avoiding the malware, guess what the malware folk will do: they'll make programs that act like viruses, infecting files and programs!

Re:Everybody wins! (sort of.)

[sco08y]

Nice catch.

Re:Everybody wins! (sort of.)

[BlurredWeasel]

Not quite the broken window fallacy. The idea of the broken window fallacy is that not everybody wins. The original poster said not everybody wins, just that only one person loses, the owner of the botted computer. Everybody else ends up making a buck off of his misfortune and loss.

Follow the Money

[AK+Marc]

This seems to be rather simple to me. Make it illegal to have gains from hijacked computers. DollarRevenue is paying people to create exploits. Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up. The only problem is that this would have to be an international effort, and if the USA wore a t-shirt, it would be the one with "does not play well with others" written across it in large letters.

Re:Follow the Money

Just tell everyone that malware money helps terrorists. That should get things rolling.

Re:Follow the Money

This seems to be rather simple to me. Make it illegal to have gains from hijacked computers.

I was thinking of something a bit more proactive involving a deep hole, an ant colony, and plenty of honey.

Re:Follow the Money

[winkydink]

There's still phishing, spamming, click fraud and data mining; all of these are currently being done with botnets. Wait until the bad guys get serious and try things like breaking encryption... Nothing like have 100k cpus at your disposal... then we all sh!t our pants.

Re:Follow the Money

[stinkyelf]

While I don't know the specifics of what is installed (I suspect it's of little value to the user). Shutting down the affiliate program because of a rogue affiliate who was breaking their terms and conditions is rather harsh.

"Affiliate may not install DollarRevenue by any type of automatic installs, browser exploits, viruses, bots or by any other means not previously approved by DollarRevenue.".

Re:Follow the Money

[darkmeridian]

Yeah. At this rate, the US will get rid of spam by dropping computer-guided bombs at servers in China and Russia. It'll be kind of ironic, actually, the computer-on-computer violence.

Re:Follow the Money

[Beryllium+Sphere(tm)]

>Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up.

Taking away the financial incentive and leaving the field to the ego-driven would certainly reduce the problem and give us room to breathe.

Unfortunately, DDoS extortion is a revenue stream that could keep botnets profitable even after cutting off the air supply of advertising money.

Re:Follow the Money

[iminplaya]

Make it illegal to have gains from hijacked computers.

Yeah! And they should make it illegal to have gains from selling liquor...no wait. I mean cocaine. Especially bad cocaine. Yeah that's it.

Re:Follow the Money

[RealGrouchy]

DollarRevenue is paying people to create exploits. Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up.

What are you, an RIAA lawyer?

Just because Dollar Revenue has some illegal and/or malfeasant uses, doesn't meant that the company and its customers should be deprived of the legal applications that the service provides.

Just like how P2P software has many legitimate uses, even though it is used a LOT for copyright infringement. The differences are subtle, but the analogy is strong.

If anything, we /.ers should be (if begrudgingly) supporting Dollar Sense, to revert the precedents set in the field of P2P.

- RG>

Re:Follow the Money

[Danga]

Yeah! And they should make it illegal to have gains from selling liquor...no wait. I mean cocaine. Especially bad cocaine. Yeah that's it.

You are comparing selling something which requires the buyer to willingly do harm to themself versus taking over someone elses property without their permission and using that property for personal gain (while annoying a shitload of people at the same time). If someone wants to harm themself, then I say make it legal, however using someone elses property for personal gain without their explicit permission SHOULD be illegal in ALL forms.

Re:Follow the Money

[Danga]

in my opinion ALL advertising that uses a persons personal information (address, phone number, e-mail, etc) and is not explicitly opted into by the person whose personal info will be used should be made illegal. Advertising on TV, while annoying, I can accept. Getting phone calls I do not wish to receive and having to sort through 100s of spam e-mails (How many fucking P3N15 En1@rg3r spams do I need to receive and spend time deleting every day) everyday is both annoying and a HUGE waste of my time. If there is a way to outlaw it I think that would be great.

Re:Follow the Money

[Shemmie]

We need a +1 Kinky

Re:Follow the Money

You are neglecting something obvious; quite a few denizens of the spyware industry are, in fact, hardened fraudsters and criminals. Some of them have organised crime links.

Not only would it have to be an international effort (though as with spamming, the US actually has more than you think), that would not solve the problem. You are neglecting the fact that even if the spyware industry were to be declared illegal, quite a lot of its current incumbents would not only not really mind, they would expand into more obviously illegal territories like spamming, support botnets more openly...

For now, they are hiding behind that affiliate marketing bull, but that could change in a heartbeat if the legal loopholes they are working in did. And they are really quite happy to get away with it for now and not give a damn about tomorrow.

You could do a lot of really nasty things with a botnet. And people do. And people will find new things.

DDoS extortion, phishing, spamming, click fraud, weird corporate intelligence shit, stealing logins and passwords to all sorts of things (even online games; WoW gold, for example, sells for about $70/1000g last I looked, so kiss bye bye to your epics, they're getting sharded or vendored), live CAPTCHA cracking (use a BHO to replace every other CAPTCHA you see on major sites with a live one you want cracking; it won't work for the user, but the user will just swear blind they typed it right, shrug and try the next one, which didn't get replaced and will work - meanwhile the user has unknowingly done a tiny bit of work for your spammer clients), cryptoviral extortion ("Hi! I'm a virus. I just encrypted your personal files. You don't have a backup, do you? Believe me, I understand. No-one ever has a backup. Pay me $$$ for the key to unlock them or never see those precious baby photos again." - an emerging field; fortunately many VXers suck at strong crypto, but you can't expect everyone who comes along not to know what they're doing), "transient hosting" of things like child porn (that is, when they don't use "bulletproof hosting", which is to broadly say, ISPs run by mafia types in weird countries), online poker botting, and last but not least, renting out your botnet to others who want to do malicious things. And you better believe everybody needs a proxy.

And I'm not even really brainstorming here - these are all existing enterprises, because I don't want to give them any new ideas.

Spyware installation for dollars is one of the most intrusive to the user, and not a very good money-maker. It also tends to reduce - significantly - the long-term survival of the bots, because they fill up with crap.

And for some of the botnet purposes, the botmaster is actually benefitted by installing their rootkit and then patching the machines, cleaning them up some. People notice when their machines "run slow". That's when they call in a technician (or a "geek friend", and we all know that one, we've all been that geek friend) who finds out the AV's turned off and there are 50,000,000 bad entries in Spybot, and the only way to be sure is to nuke the site from orbit (wipe/reinstall).

So as a botmaster, your best bet is to actually keep a low profile, and make sure their machine actually keeps working pretty well. That increases the long-term survivability of your bots, and their uptime, and high quality bots can be used for more interesting things.

And don't look so smug sitting there on your Linux boxes. Your Linux boxes might be harder to crack. Or alternatively they could be poorly administered, wide open firewall, running a vulnerable installation of phpBB on Apache with a kernel with a root privilege escalation bug, or just plain dumbly passworded. (Because some people have a smug, but false, sense of security and assume that Linux is impenetrable. It's better overall, but complacency is not your friend.) And a Linux box is worth more than a Windows box, as they tend to have higher uptimes and have better internet connections on average. A botted

Re:Follow the Money

[TheLink]

If they are paying people who make _unauthorized_ access to other people's computers, then all it takes is for them to cooperate with the authorities and soon the baddies won't get money.

Do you really think a legit advertising company would want to be associated with malware and to even be seen as encouraging it?

Also it's not fair if the annoying kids vandalize computers for fun get whacked with a big stick but the people making money from doing the same illegal thing get clean away.

Same goes for Sony's rootkit - Sony should be charged in many countries for unauthorized access and modification of computer systems.

Re:Follow the Money

[iminplaya]

No, what I am saying is, don't expect any respect for the law while the profit margins are so high and so selectively enforced. The kind of law being promoted would only push the profits even higher, enticing more people to give it a try, especially from overseas. And the respect will reach new lows as long as corporations and government are allowed to zombify the machines and not get so much as a slap on the wrist. I don't know about you, but I don't take too kindly to such double standards. Like the heading of this thread says, Follow the money. You might scare away the script kiddies, but the pros will only get better.

Re:Follow the Money

[RealGrouchy]

Do you really think a legit advertising company would want to be associated with malware and to even be seen as encouraging it?

--

• Too many replies beneath your current threshold.

I'm sorry, but I don't want to be associated with someone whose signature is a deceptive slashdot logout link.

- RG>

suggestion for a safe Windows Expirience

[RobertLTux]

When doing your build follow the following procedure

1 install Autopatcher latest
2 install some sort of firewall (disable the Windows firewall)
3 install an antivirus program (freebie or paid does not matter)
4 take a machette to the startup programs list

5 install your broadband connection
6 connect the system to your router
comments

Re:suggestion for a safe Windows Expirience

[mentaldingo]

7 ??????
8 Profit!

Re:suggestion for a safe Windows Expirience

1. Buy Mac
2. ???
3. There's no step 3. There's no step 3! There isn't a step 3. There isn't a step 3!

Re:suggestion for a safe Windows Expirience

[evilneko]

While fine for geeks, I believe you give the average user too much credit. (If you intended your post as a suggestion only for geeks, why bother?)

I suggest a different strategy: make sure Windows firewall is turned on prior to connecting. Period. Do not muck things up with such well-intentioned but poorly-executed crap such as what is on the "personal firewall" market today. Install anti-virus package of choice. Enough.

Re:suggestion for a safe Windows Expirience

[dualmoo]

the most important thing is to try to install xp sp2 before the first network connection. or else, sasser and his friends will be there in no time (usually even before you have finished to download the sp2, let alone installed it)

Re:suggestion for a safe Windows Expirience

[WhatAmIDoingHere]

Developers!

Re:suggestion for a safe Windows Expirience

[Jedi+Alec]

Why not simply a hardware router/firewall for a lousy 20 bucks? Imo it isn't any more difficult to deal with than a software firewall or the Windows Firewall itself and it scales a lot better when the household has more than 1 pc.

Re:suggestion for a safe Windows Expirience

[Firstly, to the mods, regarding the parent: I don't see anything whatsoever offtopic about security discussion in an article about botnets. We want to make sure machines we install don't become members of botnets, and swap tips on how. Sounds on-topic to me.]

There's nothing fundamentally wrong with the XP SP2 firewall.

It works in doing what it can, it doesn't try to do anything that it can't, it doesn't cry bloody murder about the natural background noise of scans which it successfully blocked, and it doesn't try to be too smart and parse protocols.

I'm an independent security consultant. I've analysed most of the incumbents in the personal firewall industry for Windows, and reported fixable bugs to the clearinghouses who forwarded them to vendors. The XP SP2 Windows Firewall is good, compared to almost all the rest. Don't complain you can turn it off, or it doesn't filter outbound effectively, because that is a fundamental design flaw common to ALL of the "personal firewalls" based on the same host they protect. XP SP2's Windows Firewall is just more honest about that than most others. Some of the leading personal firewalls make you less secure (in theory, and in practice if the security holes I discovered and reported are independently rediscovered before they are fixed; one vendor has had over two years now, not a word - guess who it is?) because they try to be too clever.

(I'm not sure about the Vista one. 6to4 and network discovery makes me suspicious. I'm reserving judgement for after release, when I'm going to give it a full-on assault and see what it's got. I'm prepared to be pleasantly surprised, but I expect to be grumpy and irritated. And yes, I'd far rather sit behind iptables or pf. And please don't rely on your router; routers tend to suck in a variety of ways, and that's one of them sometimes; besides, defense in depth in in general a good idea as long as the usability tradeoffs are acceptable.)

I have a few other things as well: My amendments would be:

0. nLite the Windows install image, integrate service packs, customise (sensibly) to taste.
1. Autopatcher latest.
2. (XP SP2) Ensure the Windows firewall is enabled, properly configured and working. (Other) Pick a good firewall.*
3. Install NOD32 or Kaspersky if you intend to pay, or AVG Free or AVAST Free if you don't.
3a. Don't install Norton anything, ever, and the same goes for most Symantec stuff, and Mcafee.
3b. Install an antispyware. Sod it, install three: Spybot Search & Destroy, Ad-Aware SE Personal, and Windows Defender (née Microsoft Antispyware, née GIANT Antispyware), in that order.
4. Customise to taste.
5. Hook up the network connection.
6. Run a Windows Update, ensure Automatic Updates is on (if you trust MS not to push crap out, otherwise, keep on the ball and do it yourself, second Tuesday night of every month).
7. Don't use Internet Explorer to browse the web, or Outlook Express to view your mail. Install and use Opera, or Mozilla Firefox/Thunderbird, whichever is your preference.
8. Install drivers like the graphics card driver, from the manufacturers' website.
9. Take a System Restore point, and don't disable System Restore (some people complain about resource hogging; I think it's not that bad, and a price worth paying for a fairly decent safety net; you're free to disagree).

* Naming names would be an indiscretion, but I delicately suggest you might want to avoid the ones that rhyme with Aborton, Gaddafi, Black Lice, or 0wnalarm.

Re:suggestion for a safe Windows Expirience

[julesh]

the most important thing is to try to install xp sp2 before the first network connection. or else, sasser and his friends will be there in no time (usually even before you have finished to download the sp2, let alone installed it)

That's not a problem I've had. The pre-SP2 firewall mostly works. You just need to remember not to connect to the net until you're sure it's active (it isn't at boot times, and it isn't by default, so you have to remember to switch it on).

Re:suggestion for a safe Windows Expirience

[julesh]

Why not simply a hardware router/firewall for a lousy 20 bucks?

Because everything I've seen for that price is *not* a firewall, but an NAT router. NAT routers are not firewalls, and shouldn't be relied upon for security unless you know that they drop source-routed packets. If you're able to test this, fine. If the manufacturer describes the product as doing this, fine. If there's a config option for it, switch it on and fine. But if none of these is true (which is the case most of the time somebody sets up an NAT box and assumes it means their network is secure) then your network is open to anyone who wants to try to get into it. All they have to do is guess the address of one of your machines and they're in.

Re:suggestion for a safe Windows Expirience

[rs232]

"make sure Windows firewall is turned on prior to connecting. Period. Do not muck things up with such well-intentioned but poorly-executed crap such as what is on the "personal firewall" market today.

What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'

"Why not simply a hardware router/firewall for a lousy 20 bucks? - Jedi Alec

Because everything I've seen for that price is *not* a firewall, but an NAT router. NAT routers are not firewalls ..

In other words don't get a hardware firewall because it mightn't be configured correctly. That fails the logic test. The last adsl modem+router I tested was by default NATed and did not allow incoming connections apart from web and email. This web site claims to scan for open ports.

Re:suggestion for a safe Windows Expirience

[julesh]

What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'

True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.

In other words don't get a hardware firewall because it mightn't be configured correctly. That fails the logic test. The last adsl modem+router I tested was by default NATed and did not allow incoming connections apart from web and email. This web site claims to scan for open ports.

No. In other words, don't get a cheap NAT box and assume it's a firewall. Firewalls filter incoming packets. NAT boxes make it difficult to address machines on the internal network. That doesn't mean it's impossible. There is more to network security than ensuring no open ports show up when somebody portscans your router's address. Your firewall also has to drop suspicious packets that aren't addressed to it (e.g. packets that are forwarded through it for other destination addresses, possibly because of a source route specification). Cheap NAT devices often do not do this. I know the one I have doesn't. I assume some others are the same.

Re:suggestion for a safe Windows Expirience

[rs232]

True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.

The same applies to a virus scanner. The lastest virus disables it as well as the Windows 'firewall. How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.

Re:suggestion for a safe Windows Expirience

[julesh]

The same applies to a virus scanner. The lastest virus disables it as well as the Windows 'firewall.

If your virus scanner is working, it will catch the virus before it has a chance to execute. If it doesn't work, there's nothing that can prevent this, firwall or otherwise.

How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.

If I knew how it worked it wouldn't be common sense. But it's worth noting that over the last 12 years of Internet & BBS use, I've never once been infected (or had an infection prevented by anti-virus) by anything that relied on me clicking a link or executing an attachment. The only malware that has ever been on any of my systems was completely automated: a Linux worm that propogated through a BIND vulnerability. It failed to infect my system, but only because I was lucky: the shellcode assumed that /etc/inetd.conf ended with a newline, on my system it didn't.

How have I managed this? A combination of using more secure software where it's available, keeping up on updates and being careful what I choose to do with my system. It isn't hard, really. You just have to think about what you're doing.

430 bucks?

[thisnow1]

That's it for all the work? ROI ain't very favorable in this instance

Money from DDOS

Add that to the spam rental and DDoS extortion money and we have a booming business.

Hey, ./ editors! Increase your profit! Get money from sysadmins for NOT posting links to their sites!

Cut up any part of the snake!

[Kesch]

I don't know who to be angry at. My list includes in order of hatred from greatest to least:

1) The asshat hackers who spread the worm
2) The companies that pay asshat hackers to shovel their crapware
3) The stupid people who actually give money to crapware companies and keep them alive

Honorable mention:

4) People who can't stop their system from being zombified.

Re:Cut up any part of the snake!

[JonTurner]

#5 idiots who buy shit from spammers.

I know it's only tangentally related, but I couldn't resist the temptation to hop on board the hate train.

Re:Cut up any part of the snake!

[Kesch]

I lump them in with 3.

Re:Cut up any part of the snake!

[jaredcat]

4) People who can't stop their system from being zombified.

You hate my grandma?

Re:Cut up any part of the snake!

[Anne+Thwacks]

Not to mention the Sh*t US government who knows the name address and bank account details of the companies doing this, and does f*** all to stop them, while helping the **AA sue grannies and pre-teens. The "war on Terror" should start with the Bush administration!

Re:Cut up any part of the snake!

[eraserewind]

Money the War industry donated to politicians > Money the **AA donated to politicians > money hapless & helpless PC owners donated to politicians.

Of course the first two should be crimes, but anyway...

wtf?

Is the metamod system really down or is it just yet another part of slashdot i've been excluded from for not doing the slashdot goosestep?

Re:wtf?

It's down; I've been getting that message for the past day or two. But I am getting mod points (which is why I'm posting as AC.

Did he get it?

[Godji]

While those infections could theoretically amount to that much money, did anyone actually pay the guy?

Re:Did he get it?

[Kesch]

Here's an answer in the form of a rhetorical question, "Would he be doing this if there wasn't money to be made."

Also in TFA it links to another article where I guy listened in on an irc control channel and eventually followed instructions to a flood of spam running through the botnet which shows that these guys are at least making cash renting out bots to spammers.

Re:Did he get it?

[DoninIN]

Ever hear of Amway? Or seen all those work at home ads? I don't know if he actualy got paid or not, but just like the "send one dollar to each of the names on this list" scams the meme may very well be better at spreading itself in the anticipation of of making some money than it is at making money.

Re:Did he get it?

[noidentity]

While those infections could theoretically amount to that much money, did anyone actually pay the guy?

You're right, how can we forget the little guy? Someone needs to set up a donation link ASAP!

Re:Did he get it?

[jimicus]

Obviously, I can't say for sure, but at a wild guess, I'd say that if you're going to be buying such a service from some dodgy hacker type, it's probably a good idea to pay them.

Re:Did he get it?

Here's an answer in the form of a rhetorical question, "Would he be doing this if there wasn't money to be made."

Do people play the lottery?

Computer Crime

[sc0p3]

Reallllly news worthy material?? $430/day could be earnt through a legitimate high end wage(157k/year). Normally the saying "crime pays" refers to paying more then you could earn otherwise. If he'd go back to school could probably do better then that.

How much would a dope dealer earn in a year?

Re:Computer Crime

[MLease]

TFA did point out that that's only one piece of adware he's installing. Multiply that by 10 or more. Then figure in the money from the botnet he's renting out to spammers. I'd say he's probably doing a lot better than you think.

-Mike

Re:Computer Crime

[webheaded]

I'd say he probably spends considerably less time working the botnet and making that money than he would actually going to work. The advantage here is that not only is he making money, but he's making enough that he could just not go to work if he somehow kept at it long enough.

Re:Computer Crime

[spiffmastercow]

how many programmers do you know that make $157k/year?

this dude gets both my disdain for being a complete jackass and infecting thousands (hundreds of thousands? millions?) of computers, but at the same time a small amount of admiration for the level of ingenuity that would be involved.. i'm not saying it's something i'd do, but i can definately admit it would be tempting.

oh, and the standard for a "dope dealer" is usually about $5 per 1/8 oz. of marijuana... higher profit margins for hard drugs, and higher volume for larger dealers... but really, there's no serious money to be made unless you're the at the top of the drug dealing ladder.

Re:Computer Crime

Lowbit dealers only sell to friends to pay for their own habit. Smoke for free, yaknow?

Re:Computer Crime

Word to dat gangsa. ;)

Re:Computer Crime

Reallllly news worthy material?? $430/day could be earnt through a legitimate high end wage(157k/year). Normally the saying "crime pays" refers to paying more then you could earn otherwise.

Actually.. Well, at least the way I interpret the idea, is high-payoff low-risk crime. White-collar crime is probably the best racket from that point of view. And if you can't stomache eveb that little risk, even more money can be made in the borderline-legal-but-definitely-immoral area.

That's actually where the real story is at here. To quote TFA: "I've seen reliable estimates that the business of serving ads via adware is worth $1.6 billion a year.". That certainly puts $430 a day to shame, especially considering how that's the end that's taking the real risks.

$430 per day is definitely way too little to justify the crime and the risks involved. Even petty theft would probably be safer. Stealing $430 in a day is hardly a chore, should you be so inclined, and at least then your gain is roughly the size of the loss you inflicted. Whereas the damage done by infecting 7,700 machines is quite a bit larger. Personally I'd sleep better stealing car radios.

I'd probably be safer too, because the risks with this crap are just crazy. There's no way to hide what software this guy is installing. And thus who's paying for it. "Follow the money", that's all there is to it, really. And considering how often they seem to nail the virus writers who aren't leaving such an obvious clue to their motives, this should be a piece of cake.

How much would a dope dealer earn in a year?

That would depend on how much he sells, wouldn't it? But their return-on-investment is around a healthy 10x. But again, the profits are higher if you go up the chain, like setting up a meth lab. Of course, they do bust those guys by the dozen thanks to the wonder of legal pseudoephedrine. Thanks to that synthesis so easy any idiot can do it. And any idiot is of course more likely to blow up his lab and/or do something stupid and get caught. Plus you need the equivalent of 15 years worth of cold medicine at the maximum daily dosage to get a kg of meth. Kind of hard to buy that much and not raise suspicion.

Whereas bulk production would require altogether simpler (meaning less obvious) precursors. Conveniently, the DEA supplies a list of chemicals they keep an eye on so that you know what not to use. Also, the synthesis would be more complicated, which means you can't be completely ignorant. So doesn't that work out great? The bulk producers get the lower risks while the DEA gets to compensate by bulk arrests of small-timers! /sarcasm

Eliminate it without government intervention.

We don't need the government to solve this problem. We merely need people to be responsible with their computer systems. I know, it is a lot to ask, but it is by far the cheapest and most reliable method of preventing this sort of exploitation.

The first step people will need to do is dump Windows completely. Attempting to secure it just isn't enough. It is so inherently flawed with respect to security that it's best to get rid of it completely. Anti-virus software, for instance, needs to be continually updated, assuming it even works well in the first place. Firewalls are somewhat of a defense, but many people disable them because they prove to be annoying.

More people will need to use operating systems that offer a better security model. These systems include Mac OS X, Linux, *BSD, and Solaris. Those systems offer enough variety that they should be sufficient for the vast, vast majority of users.

The only way to eliminate this issue is to get rid of the root cause. And when it comes to botnets, the root cause is the insecurity of even the most modern and fully-patched Windows installations.

Re:Eliminate it without government intervention.

[CosmeticLobotamy]

We don't need the government to solve this problem.

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

The first step people will need to do is dump Windows completely.

There we go. Now we're being realistic.

Re:Eliminate it without government intervention.

[chmod+a+x+mojo]

Hmmm try the root cause is USERS not the OS.
Case in point i have one file server behind my home firewalls that i have not even bothered to put SP1 on. It has been running (other than hard disk upgrades) nonstop since july 2003. And no i am not worried about any of the virrii or worms, basicly because for it to be infected the rest of my networks is most likely gonna be in flames.

Re:Eliminate it without government intervention.

[Millenniumman]

I generally do not support government intervention into business, but these companies are paying people to attack other people's computers, vandalizing their property. They should be shut down immediately, and the management should be arrested and forced to pay restitution to every affected user. The hackers should be forced to do the same. Then they can keep our sewers working for us for a few years, and clean up graffiti.

The root cause is jerks who like to hack other people's computers, and other jerks who employ them to make money from advertising. Insufficient security on most computers is helpful, though.

Re:Eliminate it without government intervention.

[hullabalucination]

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

Amen, brother! 'Cause we've all seen what a swell job the gov has done with just a few billion of our tax dollars annually with this War on Drugs thing. Why, you can't even buy any street drugs in any American city today. Unless you take off your badge first. Or stand on the corner of 6th and Jefferson (doesn't make any difference which city; they all have a 6th and Jefferson) and ask around for 30 seconds. Other than that, drugs have just completely disappeared thanks to the fear and loathing visited on those Columbian cocaine barrons by the thing they fear the most: a Senate Subcommittee recommending new, "tougher" laws.

Similarly, it'll be easy as pie to lower the boom on all those Chinese/Romanian/Kenyan/Palestinian/et al malware authors and the Chinese/Eastern European spam operators doing business with them. Just as soon as we get extradition treaties signed with those nations. Oughta happen in the next century or so. Personally, I'm holding my breath and hummin' 'Onward, Christian Soldiers' while I wait for the sudden, earth-shattering shift in international law enforcement cooperation that is surely soon to come. 'Cause let me tell ya, there's nothing that gets Romanian law enforcement all worked up into a fit of righteous indignation faster than the knowledge that young Romanian hackers are raising themselves above the poverty line off the gullibility of millions of clueless American Windows users. At least, that's what their ambassador keeps telling our ambassador.

Could I interest you in a dime of meth while we're waiting?

* * * * *

Buying the right computer and getting it to work properly is no more complicated than building a nuclear reactor from wristwatch parts in a darkened room using only your teeth.
--Dave Barry

Re:Eliminate it without government intervention.

[urbanradar]

While I do agree with your basic point somewhat, I think you're misunderstanding the point the original poster is trying to make. The way I read it, he's not suggesting that the law should go after the "Chinese/Romanian/Kenyan/Palestinian/et al malware authors", but rather the businesses that ultimately try to profit from the malware and try to advertise through spamming.

Re:Eliminate it without government intervention.

While I found your comment thoroughly funny, I also do think that the original poster was being sarcastic:

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws.

Good fun all the same :)

Re:Eliminate it without government intervention.

[TheLink]

Well they are paying people to show ads. Which can be legal, so I don't think they should just shut them down just like that.

The problem is some (many?) of the people they are paying are hijacking computers.

So what should be done is the authorities should just ask them to cough up info on the people who are hijacking computers. The ads have to be traceable to the hijacker since that's how hijacker gets paid, and there should be logs and stats - otherwise how do they themselves get paid by their customers? So just get a number of hijacked computers and get the IDs.

If there really is enough will, they can start making/using laws and freeze the bank accounts involved and start going after the account holders. It's not like the hijackers get paid in untraceable cash (if they do, then just tell the companies they can't do that anymore).

If that industry doesn't regulate itself well enough then the people should ask the government to step in and regulate it - (e.g. the companies could be required to do things in certain ways that make it easier and faster for cops to investigate stuff).

Re:Eliminate it without government intervention.

[CosmeticLobotamy]

I hear ya, man. All it would accomplish would be to make criminals out of recreational computer vandalism exploiters. Like we need more kids in prison.

Most bots are not resource hogs

[winkydink]

They're designed to stay under the radar. The longer you control the machine, the more money you make. Virii, etc... are a different story.

Re:Most bots are not resource hogs

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

Re:Most bots are not resource hogs

[Sqwubbsy]

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

So is acting like a Latin grammar Nazi.
It's an ongoing debate, deal with it. 'viri' means 'men'.
Technically, it's its own plural, however I don't know that Catullus, Cicero or Cato could envision the hosts of the virus we have now.

Re:Most bots are not resource hogs

[Danga]

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

Or it's a sign of someone using a term that has pretty much become accepted now except by the language whores like you. When the OP said virii, I knew he was communicating virus in the plural form, so his communication worked. That is what language is for, communicating, as long as what you say is reasonably understandable by the people you are talking to then it is serving it's purpose. Grammar/English Nazi's such as yourself need to shut the hell up and complain about something that causes real problems such as young people growing up not understanding basic math such as trig/calculus.

Re:Most bots are not resource hogs

[winkydink]

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

As is picking on the grammar and ignoring the content.

Don't English majors have a forum of their own to go play in? Thought so.

Re:Most bots are not resource hogs

[PakProtector]

When the OP said virii, I knew he was communicating virus in the plural form,
(Emphasis added)

The point is that virii is not the plural of virus. Virus is the plural of virus in latin, and Viruses is the plural of virus in english. For Virii to even make sense as a Latin Plural of the Second Declension, the singular would have to be Virius. Not Virus. If Virus declined as a second declension noun, it would be viri -- confusable with the plural of the word that can be translated as 'hero or man' depending on context.

It's not that we're pedants -- I don't mind when someone corrects me when I'm wrong. What we're angry about is how ignorance has become acceptable. It used to be, when you were ignorant of something, you were corrected and you learned from it. How would you feel about this sort of behaviour if, instead of the virus/virri debate, it was TCP/IP/tubes debate?

Re:Most bots are not resource hogs

[winkydink]

Language evolves. Deal with it.

Re:Most bots are not resource hogs

> Or it's a sign of someone using a term that has pretty much become accepted now except by the language whores like you.

Or any AV company. Or pretty much anyone working for one. Or pretty much anyone who isn't some pretentious poseur.

It's "viruses". Your neologism lost. Deal with it.

Re:Most bots are not resource hogs

[Danga]

Languages evolve, yes, even because of ignorance. It used to annoy me too when people used "virii", but since I know what they are trying to say then their communication was succesful so why complain? This is not as big an issue like TCP/IP/tubes, this is just realizing some people say virii when they should say virus's, they came up with a synonym that makes no sense to anyone who knows latin but the number of people who know latin is minimal anyway to it's not a big deal. With TCP/IP vs tubes you lose the whole protocal being used if you say tubes, if someone says virii you still know exactly what they are talking about and no information is lost. While maybe not being syntatically correct why waste time complaining about it? There are bigger issues to complain about.

Re:Most bots are not resource hogs

[WilliamSChips]

Nope. You're thinking that virus is a fourth declension noun. Even if it were, it's not self-pluralization. virus, virus, m(the second is the genitive) would become virus, viruum, m.

Re:Most bots are not resource hogs

[Danga]

It is not my new word dipshit, all that I am saying is as long as I know what the person means then it is not an issue to me if they use virii or viruses. I used to hate "virii" too, but then I realized instead of complaining about it everytime someone used it I would just go the logical route and convert virii to viruses transparently in my brain. It takes minimal effort to do that and makes life easier overall.

Or pretty much anyone who isn't some pretentious poseur.

So if I said you should spell that as poser would that make me pretentious? In reality I don't care if you spell it that way, my way, or even any other way that I can understand since I would still be able to comprehend what you are trying to communicate. If you know what a person is trying to get across then bitching about the wordage they use is what is pretentious. Step down from your soapbox, you are not impressing anyone but yourself.

Re:Most bots are not resource hogs

[blincoln]

Language evolves. Deal with it.

I wouldn't really consider this an evolution of English, since it's some people making a mistake, instead of a new *rule* about pluralizing words that end in "us." Maybe if the people that write "virii" pluralized "bus" as "bii," "Prius" as "Priii," and "hummus" as "hummii," I'd be more inclined to support your point of view. Instead, it's one word, not even something as consistent as the *other* people who use the faux-German -en to pluralize nouns that end in "x."

Hey, maybe they can get together and agree to use "maus" instead of "mouse," but then fight over whether to make the plural "maii" or "mauxen."

Re:Most bots are not resource hogs

[QuoteMstr]

Language evolves, yes --- but look at what happened around the time of the last major language "evolution" --- the dark ages of Europe. Some of us want to delay that phase of our society's "evolution." If we do our best to stop ignorance in general, we can put our own dark ages off a little bit.

Re:Most bots are not resource hogs

[Jackmn]

'Viruses', not 'virii'.

Re:Most bots are not resource hogs

[winkydink]

English is full of exceptions. "I" before "E" except after "C", etc... (Look! A comma before the etc and no space between it and the ellipsis!) I work for an anti-virus company. We use virii, thank you very much.

If you want a language with rigid rules, I suggest Esperanto. I'm sure the other 6 people who speak it will welcome you with open arms.

Re:Most bots are not resource hogs

[EndlessNameless]

Did you ever stop to consider if you were being a dolt by ranting like that?

Speaking a clear, universal, and correct dialect is an important practice, as it allows us to communicate without problems to everyone else. Were you thrown off-track for a second the first time someone used the word "virii" around you? Has anyone you've known hesitated or been confused by it? The confusion--even if it is momentary--is completely unnecessary because WE ALREADY HAVE A PLURAL FORM OF THE WORD "VIRUS" that everyone knows. It's "viruses".

Learning and using the proper standards for communication in one's language of choice (or one's language of habit) is essential to clearly communicating to everyone else who is also properly educated. Indeed, higher concepts or complex ideological frameworks may require the level of specificity provided by jargon words, clear and concise grammar, and graphics.

Would you want to teach trigonometry if there were three different ways to interpret a Cartesian graph? What about teaching calculus if "differentiable" could mean six completely different things depending solely on the context in which it was used?

The real problem is that we need good education in *all* fields.

Re:Most bots are not resource hogs

[PakProtector]

The day I can't devote even some fraction of my attention to all the little things in life if is the day the world starts to goto hell. It's the little things that count. Picking up that bit a of trash the guy walking infront of you threw to the ground instead of tossing in the garbage can five feet infront of him, breaking up a fight between two guys who are too drunk to realise how badly they could hurt each other, or asking that girl crying, "Are you okay?" The day I stop caring about one little thing, I'll stop caring about all of them.

Re:Most bots are not resource hogs

[Jackmn]

I work for an anti-virus company. We use virii, thank you very much.

What company would that be? I'll be sure to avoid them, along with any other company that assists in butchering the English language.

Re:Most bots are not resource hogs

[Jackmn]

s/them/it/

Re:Most bots are not resource hogs

[cibyr]

people say virii when they should say virus's

No, people say "virii" when they should say "viruses". Other, even more annoying people use apostrophes where they have no business being. Other, still more annoying people bitch about these things on slashdot ;)

Re:Most bots are not resource hogs

[ggvaidya]

I like the way you said that :). Mind if I quote you?

Re:Most bots are not resource hogs

Both are valid. Unless you're talking about biological viruses.

I work in the industry. Before that, I wrote virii. I'm pretty sure I didn't write viruses, because virii was shorter to type - but hey, that's how technical terms evolve.

Re:Most bots are not resource hogs

[sumdumass]

I used to hate "virii" too, but then I realized instead of complaining about it everytime someone used it I would just go the logical route and convert virii to viruses transparently in my brain. It takes minimal effort to do that and makes life easier overall.

I'll admit I am the last person that should be getting pedantic on spelling or grammar. I think I already misspelled a dozen words in this post. But, and this is a bug but....

I have noticed that some things make it more confusing when you just let it slide. I remeber a client insisting her CPU was bad and it was my fault. She told me her explorer wouldn't open, her email was all lost and the burner wouldn't heat up. Well evedently someone explained to her the tower was the CPU, explorer was the thing that got her interweb and a CD burner actualy baked information on the cd (well it sort of does). She continued to school me on some other things and ended up telling me I didn't know as much as her about computers and she was regretting even calling me to help her switch ISPs. She demanded i come over right away and undo whatever i screwed up.

Ended up being her new cable modem was pluged into a different power strip that she used to control the lights. Guess what happened when the light were off and she tried to surf the interweb. But instead of looking at the cable modem to see if it was on, she tried to connect the old way with the modem. With the phone line unpluged it was giving a (680 i think) error about the diel tone (thats were i fried the CPU). and of course all her jokes and previous emails weren't accessable from the new acount. I would have just changed server and logon information but her former ISP used some extention to OE that didn't seem to allow any setting to be changed. It even had a different interface apearance, sort of like when dealing with older AOL versions. And to top it all, she was trying to use the cdrom to burn and some one told her it should feel warm because it has to preheat before it can burn information to the CD. After asking she admited she never burnt anything before but had to because she couldn't email some 90k file to some one.

Now asking how she knew her email and explorer didn't work if the cpu was fried probably wasn't a good way to start this support ticket off. I get so bent when some one is talking about one thing, using lingo from a "tech power words for dummies" book then to find out they are trying to say something as simple as the internet doesn't work and I don't think my burner is working too. One girl said she couldn't hover. I thought it was a joke, my mind went directly to the thing girls do when peeing in a public restroom to aviod touching the seat. Turns out she was actualy complaining that the context menu disapeared when the mouse was placed over a file but i had no idea. She didn't think my laughing was funny at all.

It doesn't take much to go from, "I knew what they ment" to misunderstanding the meaning of the statment. Sometimes these little pedantic asshats need to be that way. Other times it is just so they can walk around at half mast or pop a tent in thier pants. The first time I read the word virri, I didn't know what was ment. Now i can understand just like you do.

Re:Most bots are not resource hogs

[jimicus]

They're designed to stay under the radar

Well in that case they're not designed very well.

Re:Most bots are not resource hogs

[Monkier]

They're designed to stay under the radar.

I'd say they are designed to make money. The ones I've seen may not be resource hogs - but do make the machine VERY unstable. Shoddily written buy an author that just wants to make money out of ads, spam, ddos, etc..

Re:Most bots are not resource hogs

[PakProtector]

Certainly. Would you prefer to do it by my /. nickname, or my real name?

Re:Most bots are not resource hogs

[Jesapoo]

I find it amusing that everyone knew what was meant by "virii" but virtually no one knows what the fuck you're talking about ;)

Re:Most bots are not resource hogs

[Jesapoo]

You raise an interesting point actually - it seems to me that biologists never refer to multiple viruses as "virii", and it's a term used almost exclusively in IT (although I admit I only know a few bio-geeks so this is by no means an authoritative statement :D).

Is it therefore not a good and reasonable way to tell the difference between bio and tech viruses? It would, if anything, reduce confusion about which was being referred to...

Re:Most bots are not resource hogs

[blackest_k]

virii and boxen

the usage of both these terms seems to occur when talking about multiple occurances of a general type.
not multiple occurances of an individual type.
that is windows boxen is a collection of pc's running windows on a range of different hardware and virii are a collection of a range of different types of virus.

It certainly appears to be an attempt to distinguish between the physical box and the abstract idea of a box running a particular type of o/s. or just be cute ...
virii seems to correspond with the idea of a multitude of different viruses (and doesn't sound as ugly no spitting please).

It's worth considering that both box and virus are borrowed terms and its appropriate that new words evolve to better suit the needs of the people using them.
mp3 player, mobile, pda, dvd(player/ recorder) gui. All commonly used (maybe cell phone is prefered in the usa).

sometimes words just get thier original meanings lost, it's hard to be gay and hetrosexual these days.
  The point is it is already too late to put the virii back in the boxen. They are both out in the wild and spreading fast. Protest as much as you want, you already understand the terms virii and boxen in fact its likely non english speakers understand and use these terms too.
  unfortunately viriis and boxens could be the next step...
would it be better if we were sheeps and not men (of both genders).

Re:Most bots are not resource hogs

[DuranDuran]

I would mod you up if I had mod points!! Good on you, sir. :)

Re:Most bots are not resource hogs

[sco08y]

Language evolves. Deal with it.

I can deal with the evolution of language, but can you deal with your "evolved" job application going in the garbage?

Re:Most bots are not resource hogs

Trend

Re:Most bots are not resource hogs

[dave562]

Here's the deal smart ass. Long before Slashdot was around, and long before you were on the Internet proving how tolerant you aren't, the people writing malicious computer coded decided that the plural of virus was virii. Just like more recently, "the group" decided that the plural form of "box" in the context of a "server" or "workstation" being a "box" is "boxen" and not "boxes". It's like "pirated software" is "warez".

All you're doing by posting your little verbal spew about proper use of English on the Internet is that you're LAME, and out of the touch with the community that you're a part of. Come on man, you have a relatively low /. UID... I thought that meant you were clued in or something.

Re:Most bots are not resource hogs

[bytesex]

but since I know what they are trying to say then their communication was succesful so why complain?

That's a mentality that bothers me - cavemen can have quite successfull communication using grunts, groans and farts. We didn't go through all this bloody progress just to have it broken down by imprecision. Two techies would understand each other when they said 'virii', but an overhearing Latin dude would go nuts over it. This is why, in your argument, it's perfectly Ok for a politician to be talking to a housewife about 'tubes' as a fitting metaphore for internet; they're both not techies and they understand each other - so what's the big deal ? But it _is_ a big deal. Metaphores have to be apt, and language has to be precise. The reasons people have for using imprecise language may vary, but most of them aren't pretty (lying, deception, etc.). In this case, people saying 'virii' are trying to show that they understand some principles behind Latin noun conjugation. But they don't; they're just grandstanding and it makes them look stupid.

Re:Most bots are not resource hogs

[skubeedooo]

You consider the all-important aspect of language-usage to be communication, so I would have thought you would be glad for someone to point out to you that, to many people, using the word "virii" communicates a lack of education and a surplus of pomposity.

Re:Most bots are not resource hogs

[PakProtector]

Ignorance, sir, is something that there should never be any tolerance for.

Re:Most bots are not resource hogs

[Danga]

In this case, people saying 'virii' are trying to show that they understand some principles behind Latin noun conjugation. But they don't; they're just grandstanding and it makes them look stupid.

I agree it makes them look stupid. All that I am saying is now that it is well known that people who say "virii" are idiots since they should have typed "viruses" why comment on it EVERY DAMN TIME. It is a waste of time to keep pointing it out to them as they prefer their way. I used to hate seeing "virii" but now that I just don't care it saves me time since I just brush it off and transparently replace it with "viruses".

Re:Most bots are not resource hogs

[bulliver]

Metaphores have to be apt, and language has to be precise.

Since we're being precise, surely you mean "Metaphors" ;)

Re:Most bots are not resource hogs

[dave562]

Ignorance, sir, is something that there should never be any tolerance for.

Does that include ignorance of culture and "societal norms" within a given group?

Re:Most bots are not resource hogs

[PakProtector]

I'm well aware of Geek Culture and Societal Norms. However, it used to be a societal norm to consider the Earth as being flat. Any position founding on ignorance is wrong. Take a logic class.

Re:Most bots are not resource hogs

[dave562]

All I'm trying to point out is that you look like a complete, POMPOUS jackass for getting up on a soapbox and trying to rewrite the linguistic rules of the computer underground to fit your narrowly defined paradigm of right and wrong. Perhaps narrowly defined is a bit misspoken given that you're simply trying to adapt mainstream linguistic consistency to a subsect of the mainstream that wants little to do with it. However you want to try to logic your way out of looking pompous, be my guest. Perhaps you're just being helpful in your own condescending way? Or maybe I'm just being condescending in my own unhelpful way? Maybe your just wound so tight that your mental compiler goes TILT when presented with malformed English syntax, and it calls your fix() function without doing a check to verify whether or not anyone wants your fix() in the first place? Maybe... no, definitely I've spent enough time on this, and realize that you'd rather be "right" than to go with the flow.

Here's some logic for you. Accept things as they are for what they are.

Re:Most bots are not resource hogs

That's a shame. I like Trend, and I hate to seem them propogating this stupid mis-spelling.

Re:Most bots are not resource hogs

[mojine]

Metaphores? Could be a cool word - definitions, anyone?

Re:Most bots are not resource hogs

[ggvaidya]

Up to you :).

Fuck all this...

what I want to know is; how the hell do I get a piece of that?

Trivial to break thisinfections

[WindBourne]

Ignore the fact that bad security in Windows is the cause of this. If you want to kill off bozo's like dollarrevenue and make a good dollar, simply create concurrent fake windows, do the infection, collect; kill it; repeat. You will drain the company or they will have to lower the rates or insist on longer infection time. Basically, this will remove the incentives from doing their dirty work.

Follow the post.

"The only problem is that this would have to be an international effort, and if the USA wore a t-shirt, it would be the one with "does not play well with others" written across it in large letters."

Step one: Post "I wanna take a shot at the US"

Step two: Moderate up.

Step three: profit!

For those of you who can't see beyound your noses, he basically implied that all the other nations would be a 60's love-in, and the US would be da man.

Fixed.

[The+Living+Fractal]

"Researchers at the German Honeynet Project have discovered that a malicious script-kiddie earned about $430 in a single day installing spyware on computers in the latest Windows worm attack."

I seriously doubt this guy deserves the moniker "hacker". More like thieving annoyance to all of humanity.

TLF

Re:Fixed.

[bendodge]

Hackers are extremely good at what they do. Most people have no idea of how much study and practice crackers put into their profession. It is great fun to remotely break thousands of people's stuff, and get paid big $$ and play cops and robbers with the incompetent admins who didn't secure their systems in the first place. Believe me, it is. (But reading a few articles by crackers in jail will is sobering.)

It is despicable to make a botnet, but you can't say it doesn't take skill.

Re:Fixed.

[Lehk228]

IF that botnet was created by your own hands then yes, if you just downloaded the latest metasploit and installed BO2K you are not a hacker, you are a profesional script kiddie

Re:Fixed.

[bendodge]

true

And to combat it

[TLouden]

We have a new business modle based on LiveCD OSes which interface to web OSes (YouOS has been covered recently). This way, only the central servers for the web OS need to be highly secured and the rest is read-only and rebootable if anything goes wrong.

The only problem here is a need for an internet connection, which is clearly taken care of if infection are a worry.

Re:And to combat it

[couchslug]

A "frugal install" on hard disk or compact flash is an excellent alternative to live CDs. You retain the use of your CD drive and of any other drives/partitions, and may create a persistent home directory or not as you wish. See the Damn Small Linux forums for info and help on setting up frugal installs. If anything gets hosed, you can easily use the same CD your installed with to repair any problems.

Oh, Canada!

>In this case, Holz counted 998 installations in the United States, 20 installations in Canada,
>103 in the United Kingdom, 756 in China and about 5,800 in other countries.

20 PCs in the whole freaking country? I am proud to be Canadian for once.

Re:Oh, Canada!

[Kreigaffe]

Still, that 100% infection rate is nothing to be proud of.. ba-dum ching.

Re:Oh, Canada!

[ganjadude]

in this day and age, i wish i could say i was canadian and not american

Re:Sounds good to me

[nizo]

First good thing to have is a lawyer on retainer.

Which bring up an interesting concept.

[khasim]

They're designed to stay under the radar. The longer you control the machine, the more money you make.

When will we see bots that automatically patch their hosts, install anti-virus apps and lock down the browser?

After all, it's in the bot-master's best interest to maintain their bots.

They could even do some basic system improvements like hardware driver updates, defrag'ing the drives, cleaning out the browser cache and other temp files.

Re:Which bring up an interesting concept.

There was a variant of the Blaster virus that downloaded the patch to fix the exploit it used.
Of course, it was still bad because it added to the network traffic, but interesting.

"Business Model"?

[deanj]

This is NOT a business model. This is hacking people's systems, without their knowledge, and using it for someone else's purposes. It's stealing, computing resources and the people's time that it costs to get rid of the stuff. I'd be willing to bet a lot of the people effected by this end up having to pay to have it removed (by Geek Squad or some other overpriced outfit).

I'm sure if this happened to the /. editor's systems, or whomever posted this article, THEY wouldn't consider this a "business model".

Re:"Business Model"?

This is NOT a business model.
It's an ecosystem.

Your math is bad: $430/day = $67K/year

[xxxJonBoyxxx]

Your math is bad: $430/day = $67K/year

Try it this way. 240 working days a year x $430/day = $103,200
If you're an independent contractor, expect something like 35% tax.
That gets you down to about $67K/year.

Re:Your math is bad: $430/day = $67K/year

[jimicus]

If you're an independent contractor, expect something like 35% tax.

Riiiiighhht. I can just see the tax form now:

TAX FORM 2006/7

Answer all questions in full, or write "NOT APPLICABLE" if the question does not apply

How much money did you earn in the tax year 2006/2007? $103,200
What was the source of this income? Illegally hacking overseas computers, extorting money through making DDoS threats

Re:Your math is bad: $430/day = $67K/year

[xxxJonBoyxxx]

AFAIK, record companies still file tax returns...

Won't even dent real crypto

[Sycraft-fu]

You could throw every comptuer on the planet at a single 128-bit AES key and not break it until the sun goes dark, never mind 256-bit crypto. Remember: If you have something that can break a given 64-bit key for a given crypto system in 1 second it would take 584,942,417,355 years to break a 128-bit key in teh same system with the same hardware.

Re:Won't even dent real crypto

[winkydink]

Yes, AES is quite strong but is not the only encryption method used today; many weaker methods are still commonplace. I'm not saying one could use a botnet to break *any* encryption.

Re:Won't even dent real crypto

[Sycraft-fu]

Well it couldn't break any encryption protecting anything important. These days most things tend to either be protected with something trivial (like CSS or old systems with 40-bit crypto) which can be cracked on any desktop in a couple weeks at most or something essentially unbreakable (like AES or 3DES). Even 3DES, old though it is, is essentially uncrackable in a reasonable amount of time. The record for DES cracking is held by EFF's deep crack and that did it in 22 minutes. But let's assume you have a cluster many times more powerful, it can do 10 DES keys a second, and assume the algorithm is equally efficient on 3DES. Your time? 228,493,131 years. Sure it's an order of magnitude better than AES, but still doesn't get you anywhere.

That's the thing about crypto is that larger keys really make the problem harder. I mean look at distributed.net. They broke RC5-56 in 250 days, RC5-64 in about 5 years. Currently they've been working on RC5-72 for about 3.8 years and have searched a grand total of 0.35% of the keyspace. At the current rate they have a 50% chance of cracking it in about 500 years. Remember that the speeds you see represent what happens with a large network of computers that gets faster all the time as systems are upgraded, and also as more join.

So anything that doesn't have a cryptographic flaw and is talking about keys in the 110+ bits range means you just can't get any aggregate of computers together to break the key in any kind of reasonable time. I mean even a couple years is unreasonable in most cases. Never mind trying to keep a botnet up and running for that time, the data you get is likely to be worthless. We aren't talking nuclear secrets here, we are talking like bank SSL sessions. Cracking that 5 years down the road isn't likely to give you anything usable.

I just don't know of anything major online that's being protected with something that's good enough to thwart a fast desktop, but not good enough to thwart a network of 100,000 of them.

Re:Won't even dent real crypto

[jimicus]

We aren't talking nuclear secrets here, we are talking like bank SSL sessions.

If you've got software on someone elses computer, why bother cracking the bank SSL session? Just run a keylogger and pick up anything which looks like a username/password.

Or, if you want to be really smart (and I bet you anything you like if it hasn't been done yet, sooner or later it will be), replace the DLLs which handle SSL transactions in IE with versions hacked to log what goes on and report back,

Thank to those hackers!

[d1g1t4l]

I earn $60/infected computer (to remove spywares)

Re:Thank to those hackers!

[sumdumass]

Now all you need to do is get 400 some od dollars infecting them and reap the rewards.

How many $60 spyware removals can come from a $430 worth of infecting? I wonder if the ethics or legalities change with the direct relationship of intent. I mean infecting to become rich from adware companies verses adware companies becoming rich by selling advertisments to be displayed in infected computers verses infecting computers to get the business of removing the infections? That is if I hire a hacker/cracker to do the infecting for me. Maybe I could start a shop, create a website that infects computers and have my cleaning services be one of the ads.

Well i think after this wild turkey wears off, non of this will sound like a goof idea.

Does not sound too profitable

[F�an�ro]

This business does not sound too profitable to me.
He likely spend much longer in preparation of the worm, and once the exploit is fixed the worm recognised by scanners and the pool of vulnerable pcs exhausted his income will dwindle until the next big exploit.

So at most he can make a couple hundreds per month.
Addidtionally he cannot sue for his payments and is totaly dependant on the good will and honesty of companies that generally don't seem to have any. And he risks being caught and prosecuted.

Why would anyone do this? If he made tens of thausands I could understand, but for 430 bucks?

Old News

[Jack9]

All online advertisers know that spyware makes money. It also burns your distribution pipes, but that's not important when you're going bankrupt. You'll see struggling NETWORKS use more and more ads, then more and more intrusive ads before outright spyware installs. 430$ a day is ridiculously small potatoes. A small ad network has access to 12 million unique IPs a day and you make thousands legitimately on that. Spyware installs get you the hundreds of thousands up front, when you need it and want out.

Screwing adware companies -- VMs?

Given the power of computers these days, wouldn't it be possible for someone to run multiple instances of an OS on the same machine, install adware on each one and count those as separate installs? You'd make a killing, and screw those adware companies pretty severely.

Re:Follow the Funny

I was thinking of something a bit more proactive involving a deep hole, an ant colony, and plenty of honey.

Things may change but as I stroll past and see the parent modded "Interesting", It once again reminds me
that there is nothing funnier in this world today than the slashdot comment section.

$430 is not very good

For a ciminal $430/day is not very good.

Its a business model and it makes money

[nexeruza]

I see a lot of posts saying this is not a business model and that it is not lucritive. The two sort of depend on each other to both be true or neither are true. What is a business model? Its a planned system that operates in a fashion that hopefully makes money. For those that say its not lucritive... $430 dollars a day isn't much??? Thats almost as much as my two week paycheck. Obviously I'm not being paid for my rare skills at that rate but for somebody... perhaps a teenager or guy in his early 20's to fuck around in his basement (lab) and make a few thousand a month I think I'd call that successful. Perhaps his talent is better spent and better paid elsewhere, but he has no boss, I seriously doubt he works 40 hours a week, and I doubt he has much stress other than not getting caught. So lets do the math, quoted in the article something like his fast moving exploit made him $430 a day for a week before he moved on that equals out to atleast 2k if he took the weekend off and just killed the thing. A sporadic week's worth of work paid all the bills and then some for a typical blue collar guy's lifestyle. I have trouble saying this guy lost... atleast until he ends up in federal prison which so far is pretty unlikely. No I'm not pro botnet master, I hate cheats but lets admit the best of these guys are winning big and they are rarely the loser. Hopefully the need for better security and a better overall architecture will slowly wittle the ease of compromising systems over the years. But until then this is a rampant crime we'll see go on for quite some time. P.S. yeah I'ved heard the affiliate programs like to cheat the botnet masters and either stiff them or only pay a portion of the "work" that was done. This probably goes on all the time with the 2 cheats trying to fuck each other but in the end they both have some cash in their pocket and blow it off as "it comes with the territory". So oh no, he only made $150 dollars that day. If he has a strong work ethic you can only imagine how much he can make in a month.

and the check is in the mail

Right.... wink wink, nudge nudge. And the check is in the mail and I promise not to cum in your mouth. They know what is up and they just don't give a shit.

6th and Jefferson in the Ville

[muletool]

If I was gonna score a little dope I definitely wouldn't choose that location in Louisville, KY. That is home to the Metro Corrections facility. Not that hospitable of a place.

Re: Culture divide

[the_womble]

at least on Windows it's just a few clicks, no need to recompile the kernel

Can you please tell us on what OS you need to recompile the kernel on evey patch? I thought everything (including apps) auto-updated these days.

I don't know where you buy your weed but..

[nexeruza]

An 1/8th Oz. of Marijuana goes for atleast 20 dollars. And if you think there is no money to be made at the low level... you can make thousands a day on the corner selling crack, but it comes with the risk of the cops getting you, or some hard thugs robbing you. Its a high risk game where you risk death or prison for making a grand a day. Look at Snoop Dogg's story, he was pushing carts at a supermarket and found out he could make in ONE day the same money he made in 6 weeks pushing carts. He was tempted and took it, then he found himself serving 9 months in jail. The myth that drug dealers are all rich is what you see in MTV video's and DEA drug profiles. The majority are mostly broke supporting their own drug habit scraping by to make rent on their $300 shit trailer. Don't believe the hype, unless you're a drug dealer in a high risk crazy area you're not making a thousand dollars a day. And if you are you might be dead tomorrow or in prison for a very long time.

Re:I don't know where you buy your weed but..

[spiffmastercow]

haha sorry, i meant the profit is about $5 per 1/8 oz.. the price here is usually $40-45. but yeah, the point is the same.. drug dealers make no money, except at the top level. or crack dealers, like you said. that $157k/year for installing adware sounds more and more appealing though when i reflect on my day of programming crappy business apps while i work in a cube in a call center, with a dude behind me translating something over the phone, the people across from me having loud conversations about very stupid things, and a buzzer overhead that goes off every time the call center agents are behind on picking up the phones..

$430 in one day?

[Slurpee]

$430 in one day? So what?

That's not exactly a lot of money - and I doubt he's earning that *every* day.

I don't see what the big deal is.

Re:$430 in one day?

[torvince]

If 430$ per day is not a lot of money for you then send that over to me,
i'll take it everyday please. Oh, and my friend says he'll be OK with 200$/day.
Thanks for posting checks.

Re:$430 in one day?

[julesh]

Agreed. The skills required to set up a botnet are no easier to master than many other skills: the ones that can earn a consultant that kind of money before lunchtime, if he rolls into the office late in a day, for example. And about as reliable; I'd guess that this script kiddie's going to get no more than a few tens of jobs per year. There's not a whole lot of demand for botnets, and there's plenty of people will the skill"z" to create them. $8,000 per annum doesn't seem like a great salary to me. Even if I do only have to work occasionally to get it.

Re:$430 in one day?

It may not be in America, but it's a huge amount of money in places like Russia. That's a place where university teachers earn about $100 a month. For that kind of cash, you'll find many people willing to give it a try. Heck, I bet in most of those countires you can bribe the police with less than a day's earning if you run into trouble.

Survival of the fittest

[kotuday]

Its about who has the knowledge that survives.

voluntary nets

[drDugan]

The obvious next step is to create voluntary nets and distribute the profits.

I'd join one, why not? This is one reason why the online advertising model will eventually fail. You never really know if a computer or a real human being is on the other end of the connection.

I'd set up a box with Xen partitions and join multiple times.

Re:voluntary nets

Why not?

It's called fraud.

Re:voluntary nets

That's crap. I never agreed to act a certain way online and view ads like a nice little sheep.

I can write or run scripts on my machine to spider and visit any link I want online, including ad links. I guess my ISP might eventually catch on, but who cares? There will always be a market for connectivity that supports accessing information legally.

If my scripts gets outside information from other scripts, also not illegal either - it's not even immoral. People pass information around all day with RSS and ATOM - why not the orders from Burger King to visit all the McDonalds ads today?

You see - the computer I own and operate is mine, and I get to decide what I do with it. Just because my actions don't fit within the nice busines model of the big corporations who profit off my attention - I don't care.

Brute force solution to spam and spyware problems

Just follow the money, and eliminate everyone you meet along the way.

only $430?

[Khashishi]

When I write my ultimate badmalspyware, I'm going to blackmail the world for ONE MILLION DOLLARS. I'll be laughing at the schmo who only got $430.

Re:only $430?

[DJHewi1025]

Is this plan gonna be called the ALAN PARSONS PROJECT or PREP. H?

who said no one ever made money out of Vindows

[rs232]

nuff said ...

Bot Trouble

We have trouble keeping trojans and bots off of our site. We employ some javascript in the main page of our intranet site that checks for the most common malware; however, with so many versions of malware out there now, its nearly impossible to keep your Windows PC clean.

The javascript can be downloaded from Here.

Kids these days...

430 bux? This kid is cheap and underbidding the market. I'm surprised they only get that much. Any real job where you command that many computers get's you at least 430 bux everyday of the year.

MOD UP!

[julesh]

There's nothing fundamentally wrong with the XP SP2 firewall.

It works in doing what it can, it doesn't try to do anything that it can't, it doesn't cry bloody murder about the natural background noise of scans which it successfully blocked, and it doesn't try to be too smart and parse protocols.

Amen. I've been saying for years now that even attempting outbound filtering *based on the identity of the process sending the packets* is an excercise in pointlessness. Unless you want to have to approve every request that any application makes. But boy would that get tedious fast.

The XP SP2 firewall is as good as a software firewall needs to be. The BSD idea of having one you need to reboot to disable is interesting, but probably too fiddly in practice. Security needs to be easy, or it doesn't get used.

Re:MOD UP!

[TheRaven64]

The BSD idea of having one you need to reboot to disable is interesting, but probably too fiddly in practice. Security needs to be easy, or it doesn't get used.

You only have to reboot to disable your firewall if you are at securelevel 2, a level normally reserved for times when you are busy repairing your tin-foil hat.

Re:MOD UP!

[julesh]

In discussions like these, I find that this capability is often cited as a reason why BSD's software firewall is better than others. I disagree: it's a theoretical capability that's only useful in a minority of cases and doesn't improve security for the average user, for whom it's too damned inconvenient.

Re:MOD UP!

[TheRaven64]

It depends on the machine. If it's a dedicated firewall box on the edge of a network, facing the Internet, then it can make sense. The settings on these machines should only be altered in response to a corporate policy decision. There is no downtime involved if you have redundant firewalls (you do have redundant firewalls, right?) and the minor added inconvenience of having to reboot to make the change is much lower than the inconvenience to an attacker of being forced to reboot (which will generate log events which will be caught by the admin; at securelevel 2, even root can't alter files with the immutable flag set, so they can't even disable this if they find a root exploit) to change anything.

On a desktop machine, it would be silly. It's all about the right tool for the right job. Just because BSD gives you a toolbox doesn't mean you need to use everything in it to hammer in a nail.

Chafalopoulous

Lock them away! Lock them away for life!

They're not human... they're very very bad.

I am not an ancient roman and neither are you!

The POINT which you are refusing to acknowledge is that there is a MEANINGFUL DISTINCTION between COMPUTER VIRII and BIOLOGICAL VIRUSES.

And yes, you are being pedantic, and tedious about it, and Tom Christiansen's opinion is no more pertinent than yours.

As someone who works with textual data concerning BOTH KINDS of virus, I think the distinction is extremely useful, and helps out particularly with searching and datamining, and I would appreciate it if know-nothings like yourself would stop muddying the waters with blather about DEAD LANGUAGES.

Re:I am not an ancient roman and neither are you!

[PakProtector]

I know Latin (I used to know it alot better.) If the Language is dead, sir, then why don't you quit disturbing its rest by fucking with it?

Re: Culture divide

[VENONA]

What if Windows patches aren't made available in a timely fashion, or at all? Or broken patches are issued? To be fair, it's not *only* Windows. I've also had a couple of encounters with proprietary Unix vendors who denied or downplayed vulnerabilities. But it's *mostly* a Windows problem, and by a very wide margin.

I think you're correct about a cultural divide, but that's certainly not the entire story. And while 'keep your machine(s) updated' is the first line of defense, that's not the entire story, either.

There's already been a response about recompiling the kernel, so I won't go there.

Hail Caeser!

[ColdWetDog]

I dunno. When you started going on about the "Plural of the Second Declension" my eyes started to track funny, my head swam and this URL popped into my mind:

http://www.mwscomp.com/movies/brian/brian-08.htm

Re:Hail Caeser!

[PakProtector]

Ave Caesar!

Infecting thousands of Virtual Machines

[billstewart]

Unfortunately, at a maximum of $0.30 per machine, you're not going to make much money infecting yourself. Maybe with a few thousand virtual machines you can, and you've got the advantage that it's much faster and cheaper to clean a virtual machine than a real one :-) The problem there is that usually a virtual machine is going to cost you an IP address, so unless the DollarRevenue scumwaremeisters are going to accept lots of machines behind the same NAT, most people don't have the necessary resources except at universities.

If you can reverse engineer the way that the scumware reports that it's got another victim, you may not even need a virtual machine, if you don't mind making money defrauding scum. This is likely to be hard, though - the kinds of people who develop new techniques for installing scumware (as opposed the the script kiddies who use them) are just as likely to be willing to reverse-engineer scumware, so there are probably several sets of verification methods designed to make it hard for them.