Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Offer Subscription, Support for Malware

Posted by Zonk on from the ingenuity-leads-to-swelled-pockets dept.

Stony Stevenson writes "Organised gangs are taking a page out of security vendors' books and setting up their own websites that offer support and subscriptions for malware and spyware. From the article: 'For subscriptions starting as low as $20 per month, enterprises can sell fully managed exploit engines that spyware distributors and spammers can use to infiltrate systems worldwide, said Gunter Ollmann, director of security strategies at IBM's ISS X-Force team. Many exploit providers simply wait for Microsoft's monthly patches, which they then reverse engineer to develop new exploit code against the disclosed vulnerabilities, Ollmann said. "Then all you've got to do is just subscribe to them on a monthly basis.'"

105 comments

  1. Title somewhat misleading by robinsonne · · Score: 5, Insightful

    When I first read the title, I thought it meant that hackers were now selling "protection" from malware in much the same way organized gangs have sold "protection" in the past. Perhaps a better title would be "Hackers organize, sell exploits as business"

    1. Re:Title somewhat misleading by morgan_greywolf · · Score: 3, Funny

      That's kind of what I thought. Like "d00d! 1m g0nna h4x0r ur g1bs0n 1f j00 d0nt s1gn up 4 my '5upp0rt 5u85cr1p710n!" Or maybe "I pwn3d j00! n0\/\/ p4y up j00r 5upp0r7 5u8scr1pt1on 1f u w4nt j00r g1bs0n b4ck!"

      --
      My blog
    2. Re:Title somewhat misleading by Anonymous Coward · · Score: 0

      Nothing to see her folks.

      This is just American style Capitalism. :-)

    3. Re:Title somewhat misleading by architimmy · · Score: 5, Funny

      Slashdot, what have you done to me. I just read that post without even slowing down to figure out what it said.

    4. Re:Title somewhat misleading by morgan_greywolf · · Score: 3, Funny

      Yeah? If you think that's bad, I typed it without even slowing down the figure out what I was writing!

      --
      My blog
    5. Re:Title somewhat misleading by ma1wrbu5tr · · Score: 1

      As an employee of a company that makes AV/anti-spyware software, I get to see trends most people are never aware of. In fact, malware companies ARE selling "protection" in the form of various pieces of software which end up on you Windows based PC via drive by, some My_Spays (intentional misspell) page, or in many cases, trying to download copyrighted music or cracked software via P2P. There is a whole page/site dedicated to listing these rogue programs. So, next time you get that security warning from Windows about registry errors and how you need to download this registry cleaner; or get a warning (again, it often uses very convincing fake windows messages) that you are infected, and need an antispyware tool. Check twice! Make sure you know what you are installing, and get out of the habit of clicking "Yes" or "OK" as a matter of course. That is,if you have to use Windows.

      --
      Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
    6. Re:Title somewhat misleading by UniCeta · · Score: 1

      Yeah, there are many botnets that are used for purposes of extortion. There was even an article in wired last year about the guy who set up that million dollar page that was just ads; A Blackhat group ordered him to pay 5 grand and when he didnt, his site got hit with a 23000 node dDOS attack.

      --
      Once bitten, twice shy.
    7. Re:Title somewhat misleading by lpq · · Score: 1

      So you are saying you don't know the difference between "for" and "against"?

      No wonder people have problems getting along with, and understanding others -- they can't even tell the difference between "for" and "against"....

      Sigh...

      -l

    8. Re:Title somewhat misleading by SleepyHappyDoc · · Score: 1

      Wow, you should be an editor here!

      --
      Stasis is death. Embrace change.
    9. Re:Title somewhat misleading by ma1wrbu5tr · · Score: 1

      It's very clear they have gotten ultra-organized on the dark side. Until Antivirus and Antispyware companies start agreeing to share some serious research, it's likely we will continue to lose this war. Otherwise it's going to take a serious re-examination of our ideas on what we think is OK. Some like to call themselves ethical hackers. To those people, I say "Talk to your friends", discourage hacking that hurts everyday people. I am not condoning thievery or illegal security circumvention, but at least limit it to those who really deserve it. Haliburton, faceless corporations, and the RIAA.

      --
      Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
    10. Re:Title somewhat misleading by Anonymous Coward · · Score: 0

      Nothing to see her folks.

      This is just American style Capitalism. :-) by Russian and Chinese hackers
    11. Re:Title somewhat misleading by Andy+Dodd · · Score: 1

      This is probably #1 on one of those "You know you've spent too much time on IRC when..." lists.

      And I didn't have to slow down either. :(

      |\/|y 133+ i5 +00 57r0|\|g... :(

      --
      retrorocket.o not found, launch anyway?
  2. Automatic updates by Anonymous Coward · · Score: 5, Funny

    Couldn't they make more money by offering a 'Patch Wednesday' kind of service which updated Microsoft products and protected against the next round of vulnerabilities? Seeing as no one else is able to do this there's a very obvious gap in the market here for someone who knows a bit about exploiting MS products!

    1. Re:Automatic updates by qwijibo · · Score: 2, Insightful

      They can make even more money offerring several consecutive levels of patches and exploits. There will always be someone willing to pay for the level of protection or exploit beyond what's commonly available for the low monthly maintenance fee.

    2. Re:Automatic updates by harry666t · · Score: 1

      Then you'd need another team of h4x0r2 to offer a "Patch Thursday" :]

    3. Re:Automatic updates by Anonymous Coward · · Score: 0

      Are patches are the best. Most other vendor's patches only go to Thursday. Our patches go all the way to Friday.

    4. Re:Automatic updates by maxwell+demon · · Score: 1

      Which of course would raise the question: What is the most expensive option: A security package which protects against all their exploits, or an exploit which works for all their security packages?

      --
      The Tao of math: The numbers you can count are not the real numbers.
    5. Re:Automatic updates by qwijibo · · Score: 1

      That depends on which set of clients have the most money. If the net income from the protection racket is higher, that's the top. If the exploits are more profitable, those are the top. The beauty of this business plan is that there's always room to up the ante if the most profitable client group changes.

  3. Follow the money by Harmonious+Botch · · Score: 4, Funny

    ...then kill them.

    1. Re:Follow the money by Jaysyn · · Score: 4, Funny

      To paraphrase Marv: "I love malware writers. No matter what you do to them, you don't feel bad."

      --
      There is a war going on for your mind.
    2. Re:Follow the money by mpapet · · Score: 2, Interesting

      This will be the strategy that any company with a couple of lawyers of the world will pursue.

      They've already legislated away some access to researching vulnerabilities with the DMCA.

      Announcing security hole disclosure risks litigation in the U.S.

      I'm most concerned about the American legislation that Microsoft will dream up to fight shops like this which will end up harming us all by limiting innovation.

      --
      http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
    3. Re:Follow the money by mcpkaaos · · Score: 1

      I'm most concerned about the American legislation that Microsoft will dream up to fight shops like this which will end up harming us all by limiting innovation.

      Microsoft is probably too busy dreaming up Vista sales to be bothered with this issue.

      --
      It goes from God, to Jerry, to me.
    4. Re:Follow the money by iminplaya · · Score: 1

      ...harming us all by limiting innovation.

      Three guesses as to what single thing gives them that kind of power. It's not the money, though that is a "lubricant", so to speak.

      --
      What?
  4. why not by mapkinase · · Score: 1

    If Colombian cartels run public support of whole villages, why not to go a similar way for sleazy hackers?

    --
    I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
    1. Re:why not by Anonymous Coward · · Score: 0

      Because cocaine is a godsend; malware is a headache.

  5. Re:Isn't this what antivirus software cmpanies do? by Anonymous Coward · · Score: 0

    Not only a troll, you're lazy. I have lazy trolls for breakfast. Better run.

  6. Sounds like a trap to me by Anonymous Coward · · Score: 5, Insightful

    Erm, if you're daft enough to sign up and give them your credit card details directly, doesn't that mean they no longer need bother writing the malware?

    1. Re:Sounds like a trap to me by Afecks · · Score: 1

      Funny, but as a former seller of rootkits and RATs it's usually done with e-gold, western union or other non-reversible methods of payment. I'm sure no self-respecting malware author would tolerate chargebacks, especially with the caliber of people you are dealing with on a day to day basis.

    2. Re:Sounds like a trap to me by networkBoy · · Score: 1

      Yeah...
      I prefer cash and bearer bonds.
      my merchandise is a little different though . . . YMMV but we've found that at times western union , while not reversible, is interceptable and/or traceable.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    3. Re:Sounds like a trap to me by The+Raven · · Score: 1

      What, you think anyone uses their OWN credit card for this? Why do you think they're using exploits... they just use a stolen CC to signup.

      I suspect the service doesn't do much repeat billing... :-)

      --
      "I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
    4. Re:Sounds like a trap to me by Anonymous Coward · · Score: 0

      self-respecting malware author

      Surely this is an oxymoron.

    5. Re:Sounds like a trap to me by Anonymous Coward · · Score: 0

      What on earth makes you think that somebody who is subscribing to malware would use their own credit card?

    6. Re:Sounds like a trap to me by Afecks · · Score: 1

      Ahh well I guess that depends on what you're selling. I never broke any laws so I wasn't concerned over that. My name's been on "the list" for years...

  7. Putting the "organized" in "organized crime" by Kelson · · Score: 5, Insightful

    When I saw the summary, I was half-certain it had to be a delayed April 1 submission. Then I looked at the article. And thought about it.

    It actually fits a pattern we've seen with viruses, trojans, spyware, other malware, cracking, even spam. They've gone from small shops, often one programmer trying to make a name for himself, to full-on organized crime using businesslike structures and tactics.

    1. Re:Putting the "organized" in "organized crime" by peragrin · · Score: 3, Funny

      Yet they still won't provide support for *nix in any way shape or form.

      I want malware, and viruses for my OSX box. it just isn't fair that the viruses and malware only works on windows. I have animated cursors too. Heck right my ssh port is open go ahead and try to crack it.

      --
      i thought once I was found, but it was only a dream.
    2. Re:Putting the "organized" in "organized crime" by Spudtrooper · · Score: 3, Funny

      I want full Wine support for the latest viruses and malware, dammit!

    3. Re:Putting the "organized" in "organized crime" by Anonymous Coward · · Score: 0

      It just goes to show... As popular as malware is, it's still a niche market that just isn't profitable on other OSes.

      dom

    4. Re:Putting the "organized" in "organized crime" by morgan_greywolf · · Score: 1

      . Heck right my ssh port is open go ahead and try to crack it.


      Yeah? Which version of OpenSSH? Got the latest security patches from Apple? What's your IP address?

      Oh, yeah, do you wanna buy some root exploits for your Mac?

      --
      My blog
    5. Re:Putting the "organized" in "organized crime" by morgan_greywolf · · Score: 2, Funny

      Here lemme try *tap* *tap* *tap* There? See? Wine seems to support denial-of-service exploits just fine...oh, wait, that looks like a bug ...

      --
      My blog
    6. Re:Putting the "organized" in "organized crime" by Anonymous Coward · · Score: 0

      You have to get the Premium support.

      I bought some malware and it turned out the uninstall button worked. I had to get hold of tech support and get it fixed. That support was worth every ruble. Now you can't even reload the OS.

    7. Re:Putting the "organized" in "organized crime" by bmo · · Score: 1, Flamebait

      "Yeah? Which version of OpenSSH? Got the latest security patches from Apple? What's your IP address?"

      First off, only the clued even know that ssh exists and how to turn it on. Joe and Josephine user don't know nor care what it is. It's not turned on by default. If one is offering SSH as a service, one should be clued into where to get updates, and recompiling one's own instead of waiting for Apple. Funny how Apple includes a full dev kit with OS/X and Microsoft doesn't for Windows. http://developer.apple.com/tools/

      The fact is that OS/X is far more robust than any version of Windows. The proof is in the pudding, puddin'.

      --
      BMO

    8. Re:Putting the "organized" in "organized crime" by TheHorse13 · · Score: 1

      Nope, very very real. Interestingly, they do a better job than the big name vendors out there. I see a case study here for the Symantecs of the world. I guess I should start looking for Crimes-R-Us booth at the next sec expo. I sure hope they've learned about booth babes...

    9. Re:Putting the "organized" in "organized crime" by Lijemo · · Score: 1

      Yet they still won't provide support for *nix in any way shape or form. I want malware, and viruses for my OSX box. it just isn't fair that the viruses and malware only works on windows. I have animated cursors too. Heck right my ssh port is open go ahead and try to crack it.

      This post is a virus that operates on the honor system. Please post your root password and credit card details as a response to this post, wipe your hard-drive, and then spam this message to everyone you know via e-mail and forum/blog postings. Thank you.
    10. Re:Putting the "organized" in "organized crime" by peragrin · · Score: 1

      IP 196.168.1.105
      username luser
      password luser

      credit card 5555 0000 1111 2222
      expired 03/07

      and I just typed rm -rf ~ will that work?

      This post is a virus that operates on the honor system. Please post your root password and credit card details as a response to this post, wipe your hard-drive, and then spam this message to everyone you know via e-mail and forum/blog postings. Thank you.

      I couldn't help myself :)

      --
      i thought once I was found, but it was only a dream.
  8. I'd like to see... by Lumpy · · Score: 0

    What these thigns do in a crossover office environment. can they still work on IE in crossover office or does it need the underlying holes in windows?

    also they do not mention, is firefox vulnerable to this stuff?

    --
    Do not look at laser with remaining good eye.
  9. Who didn't see this coming? by zappepcs · · Score: 4, Interesting

    How long before we see a defection and find out that N.Korea or some other evil empire's government is sponsoring this type of activity. All that malware out there isn't just annoying you with spam, a lot of it is trying industrial espionage.

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:Who didn't see this coming? by rs232 · · Score: 1

      'How long before we see a defection and find out that N.Korea or some other evil empire's government'

      What makes you think they don't have their own home grown hackers - like China for instance.

      --
      davecb5620@gmail.com
    2. Re:Who didn't see this coming? by krbvroc1 · · Score: 1

      And just like Iraq, we will find that it was the 'West' who sold them the technology to do this.

    3. Re:Who didn't see this coming? by DragonWriter · · Score: 1

      How long before we see a defection and find out that N.Korea or some other evil empire's government is sponsoring this type of activity.


      I dunno. Seems more likely that there'd be a scandal and we'd find out that AV vendors were sponsoring this type of activity. The worse the problem is, the more people will pay for protection, after all.
  10. $20?!?! by Anonymous Coward · · Score: 5, Funny

    $20? What a rip off. I get the latest malware and spyware for free every day courtesy of my coworkers.

    1. Re:$20?!?! by Anonymous Coward · · Score: 0

      But wouldn't it be worth $20 to not have to suffer the orking of those cows?

  11. Re:Isn't this what antivirus software cmpanies do? by Volante3192 · · Score: 1

    ...cause that worked out so well in Transporter 2...

  12. How long? by Anonymous Coward · · Score: 1, Insightful

    How long will these hackers be trusted by their colleagues? Eventually; the groups selling the subscription will be booted from the underground / aka no longer be trusted. Keep in mind: how do you know what they are selling is going to be accurate?

    Just my .02 cents worth.

    1. Re:How long? by SL+Baur · · Score: 1

      Keep in mind: how do you know what they are selling is going to be accurate? You don't, unless they open source it. For those of you who are new, malware has been open sourced before. Remember SATAN, the Unix network penetrator posted to Usenet 20 years ago?

      Killing the messenger isn't going to change the fact that major software companies are still releasing software with basic security flaws in it. Somebody, somewhere is going to take advantage of that.
    2. Re:How long? by Anonymous Coward · · Score: 2, Funny

      Eventually; the groups selling the subscription will be booted from the underground / aka no longer be trusted.


      Yes, and we all know how organized, monolithic, and connected "the underground" is.

      *rolls eyes*
  13. Mal not Marv? by Anonymous Coward · · Score: 0

    Unless the line is stolen from some other pop culture of course.

    1. Re:Mal not Marv? by Nephilium · · Score: 1

      Nope, it's Marv. Stolen from Sin City.

      "I love hit men... no matter what you do to them, you don't feel bad about it."

      Nephilium

  14. Next Step by Ajehals · · Score: 5, Funny

    The next step is obviously to protect their IP, so look for patents such as:

    "a method of injecting code into a web-browser to steal credit card details.... on the internet"
    "a method of using many remote controlled computer's, without the owners express consent* to send unwanted advertising material, to many, many people... on the internet"

    After that expect to see Exploit Genuine Advantage programs to ensure that the stolen data you are using is from genuinely advantageous exploits, and not from some half baked knock off malware or virus, duplicated by a disreputable individual.

    Obviously the last step will be the mergers, (after all the above should ensure a profitable market is created and grows). Symantec will merge with EvilCode PLC, to produce Evil-Symantec, McAfee will merge with McNasty, to produce McNastfee. These new entities will be able to leverage both the illegal exploit market and provide protection services simultaneously, probably all in one product... , Finally Microsoft will change its OS so that it no longer "works" with all these wondrous exploits and... hell will freeze over :)

    1. Re:Next Step by Bill,+Shooter+of+Bul · · Score: 4, Funny

      Evil-Symantec ? That deserves a -1 Redundant.

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    2. Re:Next Step by ma1wrbu5tr · · Score: 1

      I have seen malware change the DNS settings on Windows machines to an IP in Kharkiv (sp?) Ukraine, then hide an executable in Winlogon\Notify, all before it starts replicating restore points. They have gotten really good at making it not only hard to get rid of, but route the victims internet traffic through their own servers. Talk about making the spying easy.

      --
      Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
    3. Re:Next Step by Alt_230 · · Score: 1
      EXPLOIT GENUINE ADVANTAGE

      Does it matter if your malware is genuine? Yes, if you want the confidence of knowing that your malware is legitimate and fully supported.
      And only genuine exploit customers can receive product downloads, malware updates and special offers.

      Benefits of Genuine Exploit:
      Capabilities You Expect - Your system will deliver the features, options, and performance you need to maximize our productivity and enjoyment.
      Confidence and Peace of Mind - Your malware is authentic, properly licensed and supported.
      Ongoing Improvements - You will get access to updates, enhancements, and innovations that help us do more with your PC.

      How can I tell if my copy of malware is genuine?

      To help you verify that you are using genuine malware, we offer a quick and easy online process called validation. Validation takes only a few moments, and enables us to create a match between your PC's hardware profile and your Product Key (located on the Certificate of Authenticity), which we store and check against future activity and validation attempts. We do this to ensure that the stolen data you are using is from genuinely advantageous exploits, and you are not activating a counterfeit or non-genuine exploit.

      What are the advantages of exploit validation?

      In addition to having the confidence that you are using a copy of malware that is licensed and fully supported, genuine exploit customers can take advantage of:
      - Free downloads from the Exploit Download Center.
      - Free updates for Malware from Exploit Update.
      - Special offers, including free downloads, special promotions, and discounts.

      Will I be asked to provide personal information during validation?
      We want you to feel like we values your privacy, as we collect any information, such as your name or email address, that can be used to identify you, your computer or your bank.

  15. I am shocked! Shocked I say! by symbolset · · Score: 2, Insightful

    erm, ok, maybe not. Anybody whose job it is to track such things who thinks this is news, well, they're not doing their homework.

    The exploit ecosystem has evolved an organism that appears to be self-aware.

    If only there were an environment that was safe from such evil organisms, where they could not thrive...

    --
    Help stamp out iliturcy.
  16. Link to actual site, and better info by Animats · · Score: 5, Informative

    The site they're writing about, found by searching with Google for phrases in the article, isn't quite what the article says it is.

    It's really yet another slimy "affiliate" program. "We give our code to your and you need to setup it to your websites. We pay for installs and for trusted webmasters for traffic if they want that." They're not selling malware with support. They're buying traffic to install their malware via drive-by installs. That's not exactly new. CometCursor, BonzaiBuddy, and Zango come to mind.

    From the original article, someone else may be selling "fully managed exploit engines", but it's not these guys.

    1. Re:Link to actual site, and better info by LMacG · · Score: 2, Funny

      you need to setup it to your websites

      Nice to see the Zero Wing writers getting some new work.

      --
      Slightly disreputable, albeit gregarious
    2. Re:Link to actual site, and better info by Anonymous Coward · · Score: 0

      IIRC tech support and the like is against hacker ethic.
      Selling their exploits seems reasonable,but support them is like getting a girlfriend.

  17. Capatilism at it's finest by insanemime · · Score: 1, Flamebait

    I know I will likely be flamed for this, but I think its great that the hackers have offered this type of service. This will force microsoft to come up with real security instead of some pop up windows that try and give some simalance of being secure. I hate adware as much as the next guy but if this is allowed to continue, Microsoft might be forced to re-think the base of their OS. Of course this could all be the next small step in Apples bid for world domination! Apple-hired mercenaries working under the guise of business minded hackers...brilliant!

    1. Re:Capatilism at it's finest by Paradigm_Complex · · Score: 1

      I strongly disagree. Microsoft still owns the market irrelevant of their long history of lax security - this won't make any difference. I highly doubt any notable amount of people will hear about this and go "oh well I guess now its time for me to switch to something more secure." It took MS six years to "re-think" their security, and the result was, as you put it, "some pop up windows that try and give some simbalance [sic] of being secure." Something far more drastic than this is necessary to get MS to make an even greater change in security.

      --
      "A witty saying proves nothing." - Voltaire
    2. Re:Capatilism at it's finest by baboo_jackal · · Score: 0

      Capitalism only realy "works" when all the participants are reasonably protected from fraud. If this sort of thing constitutes fraud, then there ought to be laws against it (if there aren't already are).

      I think the 2nd order effect you've identified *is* good, but what lots of people will have to go through to finally get there isn't. In other words, it's definitely a bug, not a feature.

  18. Re:OSS support by drinkypoo · · Score: 1

    Could you please provide evidence that a common base Linux install (of a popular distribution like RHEL, Fedora, Ubuntu, etc) is less secure than a base install of anything else? Can you then provide evidence that once it is up-to-date it will continue to be less secure? Please compare to Windows XP, Windows Vista, current Solaris, and current AIX.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  19. One small error... by symbolset · · Score: 5, Funny

    ie create the virus then sell you the fix...

    ie isn't a virus development tool. It's just an installer.

    --
    Help stamp out iliturcy.
  20. Re:or not by SanityInAnarchy · · Score: 1

    People like you.

    Seriously, what does running as a restricted user do to prevent this? Restricted users can still install software anyplace they can write to.

    --
    Don't thank God, thank a doctor!
  21. Re:Isn't this what antivirus software cmpanies do? by winkydink · · Score: 1

    You bet. In fact, right now there's hordes of undocumented alien, exploit writers hammering away at new malware from their nondescript building in Dallas overlooking a grassy knoll.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  22. Re:OSS support by Atlantic+Wall · · Score: 1

    How about this link: http://www.omninerd.com/2007/03/26/articles/74

    --
    To Hell with the Queen of England!
  23. You missed one... by Gary+W.+Longsine · · Score: 1

    The final step in this process is clearly that Microsoft will buy one of the tiny little malware vendors, or maybe two of them, and work for a couple years to integrate the service directly into the next version of Windows, taking the revenue stream from McNastafee and Evil-Symantec.

    --
    If you mod me down, I shall become more powerful than you could possibly imagine.
  24. Re:OSS support by drinkypoo · · Score: 3, Interesting

    How about a study that hasn't been thoroughly debunked? The Linux vulns count includes applications that provide functionality that Windows doesn't provide, and the Windows vulnerabilities are on average open longer and more likely to be a remote root hole.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  25. Good! No, as a countermeasure... by iamacat · · Score: 1

    Someone should sell a monthly malware research subscription that identifies attack sources for an enterprise or ISP for a month and submits case files to the appropriate government to put the offenders in jail. In countries with no functional government, hire privateers instead.

    1. Re:Good! No, as a countermeasure... by steveness · · Score: 1

      How about iDefense? They aren't cheap, though.

  26. L0pht by east+coast · · Score: 1

    Isn't this similar to L0pht Heavy Industries' business model, just without the scum and villainy that's associated with malware?

    --
    Dedicated Cthulhu Cultist since 4523 BC.
  27. Re:I am shocked! Shocked I say! by alphamugwump · · Score: 1

    It's called meatspace. Of course, if the singularity actually happens, be prepared for v1@g4@ hawking bots in real life, too.

  28. WHAAAT??? by nytes · · Score: 1

    I downloaded some malware from the internet that was offered for free, and now they want to charge me for maintaining it?

    That's it for me. From now on I'm using only open-source malware.

    This is outrageous! It's extortion, that's what it is! It's downright criminal... Oh!

    --
    -- I have monkeys in my pants.
  29. Re:Link to actual site, and better info; Comet Cur by cyrtainne · · Score: 0

    Comet Cursor!!! Yay! The exploit that Microsoft ignored for years! Affected Win98, WinXP, and Vista! Remember Microsoft said this problem was 'isolated' ha ha.

  30. Re:OSS support by Xtravar · · Score: 1

    Firstly, Microsoft makes most of its money off support. Maybe they benefit from secure software, but definitely not "good" software. They want their software to be "just good enough" so that support is necessary and paid upgrades are necessary.

    Secondly, there are so many different versions, alternatives, and forks of open source software that it's harder to target a large audience. It's the monoculture that requires Microsoft to be more secure.

    --
    Buckle your ROFL belt, we're in for some LOLs.
  31. Microsoft support by Anonymous Coward · · Score: 0

    Windoze is so full of holes you could say Micro$loth invented that concept already...


    There, fixed it for you. ;D
    1. Re:Microsoft support by Anonymous Coward · · Score: 0

      Micro$loth...

      Of courth you know thith means war...

  32. Tin Foil Hat Alert by bigredradio · · Score: 1

    I know this seems very paranoid, but I thought it was interesting to see the advertising effort for malware protection on the same page as the article. It got me thinking about the size of the industry to prevent spyware as opposed to the size of the hacker community. The amount of money that has been made protecting from hackers is in the billions. Just an observation that opens up all kinds of conspiracy theories.

    --
    Flexible bare-metal recovery for Linux/UNIX
  33. Re:or not by maxwell+demon · · Score: 1

    Seriously, what does running as a restricted user do to prevent this? Restricted users can still install software anyplace they can write to. Unless they don't have execute permissions on the directories they have write permissions to. Well, maybe they can install that software, but they can't run it.
    --
    The Tao of math: The numbers you can count are not the real numbers.
  34. A new age by acracker · · Score: 1

    Wow, yeah I find this news quite amazing. When I think of a hacker a nerdy 20 something year old comes to mind typing away on a computer with a box of pizza and 2 liter of mountain dew at hand. This is something different though. By actually selling these illegal products to anyone who can afford them, these hackers are gaining respect as well as funding, which is crucial to the advancement of their nefarious deeds. It sounds like the attacks are all browser based, coming through yet to be patched versions of Internet Explorer. I think, in the short term at least, victims of these attacks will begin switching to alternate browser solutions (such as Opera or Firefox) to avoid the problems associated with IE. However, as more people switch, the attackers will simply direct their attacks at the alternate browsers, bringing everyone back to square one. From there perhaps the open source community supporting Firefox will direct their energies toward combating the hackers' exploits, or the victims may go so far as to switch operating systems to Mac or Linux instead of Windows. All of this, however, is based on Microsoft losing their patch fight against the hackers and the hackers continuing to sell their code and grow their business through ever greater levels of dominance. What would be interesting is if the hacker companies grow powerful enough so that standard anti virus software can no longer compete with them. At that point we may see malicious software from competing companies specifically designed to target and destroy their competitors' code. A digital war if you will. In any case the future will hold some interesting outcomes.

  35. People just don't seem to get it by cdrguru · · Score: 2, Insightful

    Wow, wouldn't it be wonderful if Microsoft finally got it and made Windows really secure?

    No, it wouldn't It wouldn't sell, nobody would use it and it would be a complete flop.

    Windows is designed to be usable by people without one little bit of computer knowledge. It therefore does things "for you" in the background that can be good and helpful. If they are subverted, they are bad and insecure. Take all of this away and leave just the command line and Windows would be much more secure, but it would be unusable by most people.

    If it is programmable and the programming can be added to or modified in the field, it needs controls on who can modify that programming. If the inexperienced user can, it isn't secure. Period. When users run programs to install games they purchased they are using the same resources as when the click on an email attachment to install some bit of malware. They have no way of knowing the difference and it would seem no amount of education is going to fix that problem.

    What most people need is a locked-down appliance that cannot be modified in the field without extraordinary effort. And certainly cannot be modified over the Internet. This could be user friendly and secure, but you wouldn't install software on it, ever.

    Windows is trying to be user friendly and general-purpose. This has no choice but to fail to be very secure. The user cannot tell the difference between a program that is from Microsoft that is something they want and a program from microSoft that isn't something they want at all. Or from MircoSoft. Or really, anyone else at all. Sure, you can try to give them a chance to tell the difference - and Vista does try - but it isn't going to work. People gave up reading messages from computers and just click OK beginning in 1979 with CP/M and they aren't about to change now.

    I contend that there is no material difference between the security present on a Macintosh or Linux and Windows in the hands of a user that doesn't understand how the system works. If they get an email that says to run some program, they are going to run it if they want what the email says they are going to get. If this requires using sudo to get root authority, they will do so if they have the ability to do it.

    So how do you have security in that environment? You don't. You can't ever be secure against the naive user in charge of their own computer.

  36. Re:or not by Goaway · · Score: 0, Flamebait

    Even better, don't give them write permission. Or read permission. Hell, don't give them a computer.

  37. Doesn't work by SanityInAnarchy · · Score: 1

    Removing execute permission from a directory does not do what you think it does. As far as I can tell, it effectively removes read permission. Maybe it does something different on Windows?

    I am sure you mean removing execute permissions from the file itself. In that case, you would have to mount their entire home directory (has to be a home partition now) 'noexec', which would probably break some things, and still wouldn't work -- scripts do not need execute permissions, and they still have things like login scripts (.bashrc, .xinitrc, etc). So, just create a file called '.spyware.sh', and add a line 'bash ~/.spyware.sh' (or 'perl ~/.spyware.pl') to your .bashrc.

    You could just remove interpreters, or hide them from your users -- thus making your system more and more unusable to them. I suppose you could hack all the interpreters to only work when a file has execute permissions, but as far as I know (haven't tried), noexec-mounted partitions simply don't let you execute things, they don't actually change the apparent permissions of those files. Meaning you now break any script that doesn't have a shebang (#!) at the beginning...

    Anyway, while technically possible, it's really a lot more effort than "not running as local admin". The real solution would be to have a secure web browser in the first place.

    --
    Don't thank God, thank a doctor!
  38. Sigh. People are scum. by FFFish · · Score: 1

    That's why we can't have nice things.

    Any y'all who were on Usenet back in the day know exactly what I mean.

    --

    --
    Don't like it? Respond with words, not karma.
  39. 20 DOLS !!! by BlueTrin · · Score: 1

    20$ ??? When I can get a delayed version for free by reading the descriptions of this website

    --
    Don't you know it is now both immoral and criminal to think beyond the next quarterly report?
  40. Re:OSS support by zippthorne · · Score: 1

    Linux has a monoculture too.

    How many spreadsheets are in the basic Ubuntu repository? (not universe, non-free, multiverse, or whatever)

    Ok, now how many are in the base repositories of the other major distros? I bet you'll find a few common faces...

    And how many people use spreadsheets that aren't in the repositories?

    What about compilers? What's that? not even intel's free compiler is in the repositories?

    The repository system is like a two party political system: It enhances the front-runners and penalizes the trailers. If we're not careful, we'll end up with an even worse problem than Microsoft.

    --
    Can you be Even More Awesome?!
  41. I am sure phishers too by Ilgaz · · Score: 1

    If you use phishtank.com to verify phishes others submitted, you see clear patterns such as page filename, the exploit used and so on. There must be some "phishing kits" in use. If you see c.html in 6 different hacked servers in complete different locations, there is nothing but a software kit there.

  42. Lynx by Slashdot+Parent · · Score: 1

    Somehow, I'm scared to even visit that site with lynx.

    Yeesh.

    --
    They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
  43. email address of a spammer by Anonymous Coward · · Score: 0

    lindon@dmtelecom.net
    Got that, spambots?