Slashdot Mirror
Botnet Business Model Comes to Life
consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."
And for those persons affected, how much will they spend on antivirus software or tech service to remove the problems? A bunch. Think of how many people simply choose to buy a new system when their old one suddenly "wears out" (e.g. slows down due to virus/spyware infestation). Everybody's happy but the poor sap who owns the infected computer.
The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.
This seems to be rather simple to me. Make it illegal to have gains from hijacked computers. DollarRevenue is paying people to create exploits. Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up. The only problem is that this would have to be an international effort, and if the USA wore a t-shirt, it would be the one with "does not play well with others" written across it in large letters.
Learn to love Alaska
That's it for all the work? ROI ain't very favorable in this instance
That doesn't sound like that is all that much to brag about. Since I don't think he will be getting many paychecks from said spyware company DollarRevenuefor likely TOS violation and subsequent slashdotting. Am I missing something here?
Place a curse on DollarRevenue
Hey,
I don't know who to be angry at. My list includes in order of hatred from greatest to least:
1) The asshat hackers who spread the worm
2) The companies that pay asshat hackers to shovel their crapware
3) The stupid people who actually give money to crapware companies and keep them alive
Honorable mention:
4) People who can't stop their system from being zombified.
If this signature is witty enough, maybe somebody will like me.
While those infections could theoretically amount to that much money, did anyone actually pay the guy?
While fine for geeks, I believe you give the average user too much credit. (If you intended your post as a suggestion only for geeks, why bother?)
I suggest a different strategy: make sure Windows firewall is turned on prior to connecting. Period. Do not muck things up with such well-intentioned but poorly-executed crap such as what is on the "personal firewall" market today. Install anti-virus package of choice. Enough.
Slashdot - where to disagree, is to be a troll
Not only that, but penalties for 'hacking' are quite extraordinary.
One would do much less time for, say, shoplifting $500 worth of stuff, or starting up a pyramid scheme of some sort
Obama likes poor people so much, he wants to make more of them.
They're designed to stay under the radar. The longer you control the machine, the more money you make. Virii, etc... are a different story.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
TFA did point out that that's only one piece of adware he's installing. Multiply that by 10 or more. Then figure in the money from the botnet he's renting out to spammers. I'd say he's probably doing a lot better than you think.
-Mike
I'm sorry; I don't know what I was thinking!
We don't need the government to solve this problem.
Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.
The first step people will need to do is dump Windows completely.
There we go. Now we're being realistic.
I'd say he probably spends considerably less time working the botnet and making that money than he would actually going to work. The advantage here is that not only is he making money, but he's making enough that he could just not go to work if he somehow kept at it long enough.
"Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - BenF
how many programmers do you know that make $157k/year?
this dude gets both my disdain for being a complete jackass and infecting thousands (hundreds of thousands? millions?) of computers, but at the same time a small amount of admiration for the level of ingenuity that would be involved.. i'm not saying it's something i'd do, but i can definately admit it would be tempting.
oh, and the standard for a "dope dealer" is usually about $5 per 1/8 oz. of marijuana... higher profit margins for hard drugs, and higher volume for larger dealers... but really, there's no serious money to be made unless you're the at the top of the drug dealing ladder.
Ignore the fact that bad security in Windows is the cause of this. If you want to kill off bozo's like dollarrevenue and make a good dollar, simply create concurrent fake windows, do the infection, collect; kill it; repeat. You will drain the company or they will have to lower the rates or insist on longer infection time. Basically, this will remove the incentives from doing their dirty work.
I prefer the "u" in honour as it seems to be missing these days.
"Researchers at the German Honeynet Project have discovered that a malicious script-kiddie earned about $430 in a single day installing spyware on computers in the latest Windows worm attack."
I seriously doubt this guy deserves the moniker "hacker". More like thieving annoyance to all of humanity.
TLF
I do not respond to cowards. Especially anonymous ones.
Developers!
Not a Twitter sockpuppet... but I wish I was.
We have a new business modle based on LiveCD OSes which interface to web OSes (YouOS has been covered recently). This way, only the central servers for the web OS need to be highly secured and the rest is read-only and rebootable if anything goes wrong.
The only problem here is a need for an internet connection, which is clearly taken care of if infection are a worry.
-Tim Louden
>In this case, Holz counted 998 installations in the United States, 20 installations in Canada,
>103 in the United Kingdom, 756 in China and about 5,800 in other countries.
20 PCs in the whole freaking country? I am proud to be Canadian for once.
First good thing to have is a lawyer on retainer.
I Am My Own Worst Enemy
When will we see bots that automatically patch their hosts, install anti-virus apps and lock down the browser?
After all, it's in the bot-master's best interest to maintain their bots.
They could even do some basic system improvements like hardware driver updates, defrag'ing the drives, cleaning out the browser cache and other temp files.
This is NOT a business model. This is hacking people's systems, without their knowledge, and using it for someone else's purposes. It's stealing, computing resources and the people's time that it costs to get rid of the stuff. I'd be willing to bet a lot of the people effected by this end up having to pay to have it removed (by Geek Squad or some other overpriced outfit).
/. editor's systems, or whomever posted this article, THEY wouldn't consider this a "business model".
I'm sure if this happened to the
Your math is bad: $430/day = $67K/year
Try it this way. 240 working days a year x $430/day = $103,200
If you're an independent contractor, expect something like 35% tax.
That gets you down to about $67K/year.
You could throw every comptuer on the planet at a single 128-bit AES key and not break it until the sun goes dark, never mind 256-bit crypto. Remember: If you have something that can break a given 64-bit key for a given crypto system in 1 second it would take 584,942,417,355 years to break a 128-bit key in teh same system with the same hardware.
I earn $60/infected computer (to remove spywares)
I generally do not support government intervention into business, but these companies are paying people to attack other people's computers, vandalizing their property. They should be shut down immediately, and the management should be arrested and forced to pay restitution to every affected user. The hackers should be forced to do the same. Then they can keep our sewers working for us for a few years, and clean up graffiti.
The root cause is jerks who like to hack other people's computers, and other jerks who employ them to make money from advertising. Insufficient security on most computers is helpful, though.
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
This business does not sound too profitable to me.
He likely spend much longer in preparation of the worm, and once the exploit is fixed the worm recognised by scanners and the pool of vulnerable pcs exhausted his income will dwindle until the next big exploit.
So at most he can make a couple hundreds per month.
Addidtionally he cannot sue for his payments and is totaly dependant on the good will and honesty of companies that generally don't seem to have any. And he risks being caught and prosecuted.
Why would anyone do this? If he made tens of thausands I could understand, but for 430 bucks?
All online advertisers know that spyware makes money. It also burns your distribution pipes, but that's not important when you're going bankrupt. You'll see struggling NETWORKS use more and more ads, then more and more intrusive ads before outright spyware installs. 430$ a day is ridiculously small potatoes. A small ad network has access to 12 million unique IPs a day and you make thousands legitimately on that. Spyware installs get you the hundreds of thousands up front, when you need it and want out.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.
Amen, brother! 'Cause we've all seen what a swell job the gov has done with just a few billion of our tax dollars annually with this War on Drugs thing. Why, you can't even buy any street drugs in any American city today. Unless you take off your badge first. Or stand on the corner of 6th and Jefferson (doesn't make any difference which city; they all have a 6th and Jefferson) and ask around for 30 seconds. Other than that, drugs have just completely disappeared thanks to the fear and loathing visited on those Columbian cocaine barrons by the thing they fear the most: a Senate Subcommittee recommending new, "tougher" laws.
Similarly, it'll be easy as pie to lower the boom on all those Chinese/Romanian/Kenyan/Palestinian/et al malware authors and the Chinese/Eastern European spam operators doing business with them. Just as soon as we get extradition treaties signed with those nations. Oughta happen in the next century or so. Personally, I'm holding my breath and hummin' 'Onward, Christian Soldiers' while I wait for the sudden, earth-shattering shift in international law enforcement cooperation that is surely soon to come. 'Cause let me tell ya, there's nothing that gets Romanian law enforcement all worked up into a fit of righteous indignation faster than the knowledge that young Romanian hackers are raising themselves above the poverty line off the gullibility of millions of clueless American Windows users. At least, that's what their ambassador keeps telling our ambassador.
Could I interest you in a dime of meth while we're waiting?
* * * * *
Buying the right computer and getting it to work properly is no more complicated than building a nuclear reactor from wristwatch parts in a darkened room using only your teeth.
--Dave Barry
I see a lot of posts saying this is not a business model and that it is not lucritive. The two sort of depend on each other to both be true or neither are true. What is a business model? Its a planned system that operates in a fashion that hopefully makes money. For those that say its not lucritive... $430 dollars a day isn't much??? Thats almost as much as my two week paycheck. Obviously I'm not being paid for my rare skills at that rate but for somebody... perhaps a teenager or guy in his early 20's to fuck around in his basement (lab) and make a few thousand a month I think I'd call that successful. Perhaps his talent is better spent and better paid elsewhere, but he has no boss, I seriously doubt he works 40 hours a week, and I doubt he has much stress other than not getting caught. So lets do the math, quoted in the article something like his fast moving exploit made him $430 a day for a week before he moved on that equals out to atleast 2k if he took the weekend off and just killed the thing. A sporadic week's worth of work paid all the bills and then some for a typical blue collar guy's lifestyle. I have trouble saying this guy lost... atleast until he ends up in federal prison which so far is pretty unlikely. No I'm not pro botnet master, I hate cheats but lets admit the best of these guys are winning big and they are rarely the loser. Hopefully the need for better security and a better overall architecture will slowly wittle the ease of compromising systems over the years. But until then this is a rampant crime we'll see go on for quite some time. P.S. yeah I'ved heard the affiliate programs like to cheat the botnet masters and either stiff them or only pay a portion of the "work" that was done. This probably goes on all the time with the 2 cheats trying to fuck each other but in the end they both have some cash in their pocket and blow it off as "it comes with the territory". So oh no, he only made $150 dollars that day. If he has a strong work ethic you can only imagine how much he can make in a month.
If I was gonna score a little dope I definitely wouldn't choose that location in Louisville, KY. That is home to the Metro Corrections facility. Not that hospitable of a place.
Can I bum you a
Can you please tell us on what OS you need to recompile the kernel on evey patch? I thought everything (including apps) auto-updated these days.
Why not simply a hardware router/firewall for a lousy 20 bucks? Imo it isn't any more difficult to deal with than a software firewall or the Windows Firewall itself and it scales a lot better when the household has more than 1 pc.
People replying to my sig annoy me. That's why I change it all the time.
An 1/8th Oz. of Marijuana goes for atleast 20 dollars. And if you think there is no money to be made at the low level... you can make thousands a day on the corner selling crack, but it comes with the risk of the cops getting you, or some hard thugs robbing you. Its a high risk game where you risk death or prison for making a grand a day. Look at Snoop Dogg's story, he was pushing carts at a supermarket and found out he could make in ONE day the same money he made in 6 weeks pushing carts. He was tempted and took it, then he found himself serving 9 months in jail. The myth that drug dealers are all rich is what you see in MTV video's and DEA drug profiles. The majority are mostly broke supporting their own drug habit scraping by to make rent on their $300 shit trailer. Don't believe the hype, unless you're a drug dealer in a high risk crazy area you're not making a thousand dollars a day. And if you are you might be dead tomorrow or in prison for a very long time.
$430 in one day? So what?
That's not exactly a lot of money - and I doubt he's earning that *every* day.
I don't see what the big deal is.
Its about who has the knowledge that survives.
The obvious next step is to create voluntary nets and distribute the profits.
I'd join one, why not? This is one reason why the online advertising model will eventually fail. You never really know if a computer or a real human being is on the other end of the connection.
I'd set up a box with Xen partitions and join multiple times.
Just follow the money, and eliminate everyone you meet along the way.
When I write my ultimate badmalspyware, I'm going to blackmail the world for ONE MILLION DOLLARS. I'll be laughing at the schmo who only got $430.
nuff said ...
davecb5620@gmail.com
Gosh, darn it! I'm in the wrong business.*
*Even E-Bay sellers can't do as well.
This says more about the poor returns from selling shit on e-bay than it does about how good selling botnets is. ~$120k (based on 280 days of work per annum, which is about right) sounds great, until you realise that you'd have to work damned hard for it, it isn't a reliable source of income, and doesn't come with any benefits. Add to that the fact that I sincerely doubt this guy could find 280 botnet customers in his lifetime, let alone in an year, and the business is clearly a dead end. I don't even get to factor in the 50% losses from money laundering before pointing out that he'd be much better off stealing peoples identities and getting loans in their names.
There's nothing fundamentally wrong with the XP SP2 firewall.
It works in doing what it can, it doesn't try to do anything that it can't, it doesn't cry bloody murder about the natural background noise of scans which it successfully blocked, and it doesn't try to be too smart and parse protocols.
Amen. I've been saying for years now that even attempting outbound filtering *based on the identity of the process sending the packets* is an excercise in pointlessness. Unless you want to have to approve every request that any application makes. But boy would that get tedious fast.
The XP SP2 firewall is as good as a software firewall needs to be. The BSD idea of having one you need to reboot to disable is interesting, but probably too fiddly in practice. Security needs to be easy, or it doesn't get used.
He made $430 in a day from Dollar Revenue alone. It is only part of his revenues.
The article says:
"He's earning more than $430 in a single day with DollarRevenue, and that's not the only piece of adware he's installing. He's installing others and also renting his botnet out to spammers"
the most important thing is to try to install xp sp2 before the first network connection. or else, sasser and his friends will be there in no time (usually even before you have finished to download the sp2, let alone installed it)
That's not a problem I've had. The pre-SP2 firewall mostly works. You just need to remember not to connect to the net until you're sure it's active (it isn't at boot times, and it isn't by default, so you have to remember to switch it on).
Why not simply a hardware router/firewall for a lousy 20 bucks?
Because everything I've seen for that price is *not* a firewall, but an NAT router. NAT routers are not firewalls, and shouldn't be relied upon for security unless you know that they drop source-routed packets. If you're able to test this, fine. If the manufacturer describes the product as doing this, fine. If there's a config option for it, switch it on and fine. But if none of these is true (which is the case most of the time somebody sets up an NAT box and assumes it means their network is secure) then your network is open to anyone who wants to try to get into it. All they have to do is guess the address of one of your machines and they're in.
While I do agree with your basic point somewhat, I think you're misunderstanding the point the original poster is trying to make. The way I read it, he's not suggesting that the law should go after the "Chinese/Romanian/Kenyan/Palestinian/et al malware authors", but rather the businesses that ultimately try to profit from the malware and try to advertise through spamming.
Basilisk Digital
"Please click the link below to complete the verification process. You have to do this only once."
LOL, and when you click on the link they sent, you end up installing their spyware on your system lol
What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'
"Why not simply a hardware router/firewall for a lousy 20 bucks? - Jedi Alec
In other words don't get a hardware firewall because it mightn't be configured correctly. That fails the logic test. The last adsl modem+router I tested was by default NATed and did not allow incoming connections apart from web and email. This web site claims to scan for open ports.
davecb5620@gmail.com
What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'
True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.
In other words don't get a hardware firewall because it mightn't be configured correctly. That fails the logic test. The last adsl modem+router I tested was by default NATed and did not allow incoming connections apart from web and email. This web site claims to scan for open ports.
No. In other words, don't get a cheap NAT box and assume it's a firewall. Firewalls filter incoming packets. NAT boxes make it difficult to address machines on the internal network. That doesn't mean it's impossible. There is more to network security than ensuring no open ports show up when somebody portscans your router's address. Your firewall also has to drop suspicious packets that aren't addressed to it (e.g. packets that are forwarded through it for other destination addresses, possibly because of a source route specification). Cheap NAT devices often do not do this. I know the one I have doesn't. I assume some others are the same.
True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.
The same applies to a virus scanner. The lastest virus disables it as well as the Windows 'firewall. How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.
davecb5620@gmail.com
What if Windows patches aren't made available in a timely fashion, or at all? Or broken patches are issued? To be fair, it's not *only* Windows. I've also had a couple of encounters with proprietary Unix vendors who denied or downplayed vulnerabilities. But it's *mostly* a Windows problem, and by a very wide margin.
I think you're correct about a cultural divide, but that's certainly not the entire story. And while 'keep your machine(s) updated' is the first line of defense, that's not the entire story, either.
There's already been a response about recompiling the kernel, so I won't go there.
What you do with a computer does not constitute the whole of computing.
http://www.mwscomp.com/movies/brian/brian-08.htm
Faster! Faster! Faster would be better!
Well they are paying people to show ads. Which can be legal, so I don't think they should just shut them down just like that.
The problem is some (many?) of the people they are paying are hijacking computers.
So what should be done is the authorities should just ask them to cough up info on the people who are hijacking computers. The ads have to be traceable to the hijacker since that's how hijacker gets paid, and there should be logs and stats - otherwise how do they themselves get paid by their customers? So just get a number of hijacked computers and get the IDs.
If there really is enough will, they can start making/using laws and freeze the bank accounts involved and start going after the account holders. It's not like the hijackers get paid in untraceable cash (if they do, then just tell the companies they can't do that anymore).
If that industry doesn't regulate itself well enough then the people should ask the government to step in and regulate it - (e.g. the companies could be required to do things in certain ways that make it easier and faster for cops to investigate stuff).
I hear ya, man. All it would accomplish would be to make criminals out of recreational computer vandalism exploiters. Like we need more kids in prison.
If you can reverse engineer the way that the scumware reports that it's got another victim, you may not even need a virtual machine, if you don't mind making money defrauding scum. This is likely to be hard, though - the kinds of people who develop new techniques for installing scumware (as opposed the the script kiddies who use them) are just as likely to be willing to reverse-engineer scumware, so there are probably several sets of verification methods designed to make it hard for them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The same applies to a virus scanner. The lastest virus disables it as well as the Windows 'firewall.
/etc/inetd.conf ended with a newline, on my system it didn't.
If your virus scanner is working, it will catch the virus before it has a chance to execute. If it doesn't work, there's nothing that can prevent this, firwall or otherwise.
How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.
If I knew how it worked it wouldn't be common sense. But it's worth noting that over the last 12 years of Internet & BBS use, I've never once been infected (or had an infection prevented by anti-virus) by anything that relied on me clicking a link or executing an attachment. The only malware that has ever been on any of my systems was completely automated: a Linux worm that propogated through a BIND vulnerability. It failed to infect my system, but only because I was lucky: the shellcode assumed that
How have I managed this? A combination of using more secure software where it's available, keeping up on updates and being careful what I choose to do with my system. It isn't hard, really. You just have to think about what you're doing.
I know Latin (I used to know it alot better.) If the Language is dead, sir, then why don't you quit disturbing its rest by fucking with it?
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"