Researchers Hijack Storm Worm To Track Profits

HMM... by Anonymous Coward · 2008-11-08 03:17 · Score: 0

Looks like spammers are the smart ones.

Re:HMM... by HexaByte · 2008-11-08 03:36 · Score: 5, Funny

They must be really smart. After all, how are they able to figure out how it is that I'm in need of a bigger schlong, can't get it up w/o viagra and need a new Rolex at bargain prices and I'm looking for a Russian wife. I mean, what kind of research have they been doing to target me perfectly?

--
HexaByte - he's a square and a half!
Re:HMM... by aaron+alderman · 2008-11-08 03:46 · Score: 5, Funny

You post on Slashdot?
Re:HMM... by auric_dude · 2008-11-08 03:54 · Score: 1

Just about to reply when NoScript said http://s.fsdn.com/sd/iframe/text/javascript http://ad.doubleclick.net/adj/ostg.slashdot/news_p9_leader;pg=index;logged_in=1;tile= http://s.fsdn.com/sd/iframe/news.html? Oh Shit too late.......
Re:HMM... by BrokenHalo · 2008-11-08 04:05 · Score: 1

I mean, what kind of research have they been doing to target me perfectly?

I don't know, but if the stats are as the submission suggests, it would seem that the only recourse must be a series of extremely messy object lessons.

I might suggest burning "THOU SHALT NOT SPAM" into their backs with an oxy torch. If anyone can suggest an improvement on this, feel free...
Re:HMM... by Kandenshi · 2008-11-08 04:13 · Score: 2, Funny

Suggest an improvement?
Make them write lines.
No, before you roll your eyes so hard you sprain something, hear me out.
Try to get an estimate for how prolific this particular spammer is, and then make them legibly write out every e-mail they have ever sent by hand, using crappy 5 cent pens that splutter and run dry frequently.
They get released when they're done.
Re:HMM... by zappepcs · 2008-11-08 04:37 · Score: 4, Interesting

Actually, I'd rather they be made to pick up a piece of litter for every spam email they sent, or some other such public service that equates piece for piece to the amount of spam they have sent.
Repaint a house for someone = 100 spam messages
Clean up a city block of litter = 100 spam messages
Well you get the point. Force them to wear bright yellow spandex jumpsuits with the spam logo on it until they have fully atoned.
Whatever the punishment, it should be public, and only mildly degrading.
Something that lets us all remember what they did, and what it costs in reparations.

--
Support NYCountryLawyer RIAA vs People
Re:HMM... by emlyncorrin · 2008-11-08 05:57 · Score: 2, Funny

Speak for yourself.

oh wait...
Re:HMM... by symes · 2008-11-08 07:22 · Score: 1

Think yourself lucky - I get targetted by ads for diet pills and hair restorer.
Re:HMM... by Whiteox · 2008-11-08 11:43 · Score: 2, Funny

Damn it! You're right.
Out of all the spam I've gotten in recent years, I've only got 1 from a Russian bride-to-be:
Hello! My name is Nataliya, me of 26 years, I the intellectual, nice, sexual girl which at present searches for serious attitudes - I shall tell more search for the man for marriage!
I only, that have read through your questionnaire and it has very much interested me, I wish to continue to learn you.
So we can have dialogue!
Please reply only my personal e-mail: iriska640@yahoo.com
I look forward to your prompt answer :)
Nataliya.
As I'm already married ('nuff said), I can't take advantage of this incredible offer, so you can have her.
BTW She's blond, petite, late 20's.
Good Luck

--
Don't be apathetic. Procrastinate!

Holy Shit by Anonymous Coward · 2008-11-08 03:19 · Score: 0

I thought everybody must be buying Viagra.

Double standards? by Anonymous Coward · 2008-11-08 03:23 · Score: 5, Interesting

How come they don't track down the IP addresses of infected computers and inform the users their computer is compromised? It seems these researchers also are getting a kick out of the botnet at the cost of the victims.

Re:Double standards? by darkside_al · 2008-11-08 03:30 · Score: 5, Insightful

Because it's useless, most probably, that user in one hour will enter another p0rn site and get infected again. The big problem in securing home computers is user behavior, doesn't matter that you put a lot of warnings, he will hit install in a sec if is searching for pr0n.
Re:Double standards? by Erikderzweite · 2008-11-08 03:39 · Score: 5, Funny

Or they could change the worm to format hard disks on infected machines -- once done, a PC cannot send spam till reinstall. And this time, the user will be a bit more careful about PC security.
Problemo solved!
Re:Double standards? by Anonymous Coward · 2008-11-08 03:41 · Score: 1, Insightful

Ergo, it is ethical to use the botnet for research. Oh, wait...
Re:Double standards? by Bokononist · 2008-11-08 03:48 · Score: 3, Insightful

The best they could really do with the addresses would be to track down the ISPs of the users. The ISPs would then be faced with spending time (== money) to link an IP and time-window to an actual user, and then inform that user.
Their reward for this effort would be to have one of their technical support people spend an hour on the phone explaining to a clueless and scared someone that they needed to reinstall their XP & applications. This, they ultimately would not do.
Re:Double standards? by Seth+Kriticos · 2008-11-08 04:10 · Score: 4, Interesting

That is a bit harsh, but the basic idea is not that wrong. Users don't care about security because it is a bigger inconviniance than the not doing it. The botnets are quiet and Joe Sixpack can't relate insecure OS / config with spam (don't cares).

Maybe someone should introduce some inconviniance for spam infected bandwitch usage (i.e. charge money for the potnet traffic)? If people have to pay for compromized systems, then maybe they will get up their ass*s. Just a thought.

And yes, I know, the idea must be elaborated and gives a whole set of new issues.. Just ment as starting point for a discussion.
Re:Double standards? by Seth+Kriticos · 2008-11-08 04:18 · Score: 2, Insightful

Informing users? How? Most of them don't get how to use a door bell, not to mention complex computer concepts.

How about some countermesures? I mean, if they can infiltrate the botnet, then is it not possible to track it's traffic? I mean, if the ISP's would do that, then they could block it (the control packages) and the spam clients may loose the spam to send out and idle around?

Well, they probaby also must replicate and send a "Shut up" command to the clients.

Messing with the users is mostly bad (no option), because they are a) mostly technically illiterate (dumb) + don't care and b) there is a whole lot of liability issues (see Sony rootkit).
Re:Double standards? by mapkinase · 2008-11-08 04:20 · Score: 1

I anticipate legal problems for researchers. By some kind of exotic formulation of the Murphy's law, the first ones among those who break a law are the most innocent ones.

--
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Re:Double standards? by qkan · 2008-11-08 04:22 · Score: 2

As some smart, responsible and otherwise nice people learned the hard way, one of the possible outcomes of reporting a security issue to the affected entity is being sued for illegal activity, reported to the feds etc. by the said entity. After reading some of these horror stories (and seeing no change in the trend over the last decades), I can say for myself that the only situation where I would report a security issue is to my employer since this is, well, my duty as a loyal employee. Or to a "known sane" party, of course, but we're speaking about contacting total strangers in this particular case.
Re:Double standards? by wvmarle · 2008-11-08 04:48 · Score: 3, Interesting

It sure is a point that back in the day, the end user was really inconvenienced by viruses. Internet didn't exist yet for end-users, and software was transfered by floppy or over BBSes. Spamming hadn't been invented.
The first virus I encountered was relatively benign: displaying fake cursors on your screen, something like that. Irritating enough to realise you're infected and figure out what's wrong and doing something about it.
At the time many viruses were also designed to wipe/corrupt data - something that keeps you on the edge. That risk is much more direct, and much more costly that a slightly slower computer that tries to send out a lot of e-mail.
Nowadays I do have to admit being less concerned about these viruses, except where it comes to keyloggers and so. That want to steal your banking data. However considering the profilation of fishing (recently I get dozens of mails for "update your Google AdWords payment information") even that seems to be a low risk issue.
Besides I'm not using Windows... OS/X and Linux only... and I know not to click on links in spam, and browsing with non-IE browsers blocks 99.9% of the drive-by downloads but not all: I have got some requests for where to save a .exe file to; automatic download function. At least not hidden.
Re:Double standards? by Seth+Kriticos · 2008-11-08 04:56 · Score: 1

I don't realy get, how you relate to my previous post. I'm on Linux too and have no problems with this issue (except the spam sent to me).

I was actually talking about the smuck next door, that does have no clue about it and also don't want to have it, neighter seeks help from someone how does.
Re:Double standards? by plover · 2008-11-08 05:14 · Score: 1

How come they don't track down the IP addresses of infected computers and inform the users their computer is compromised? It seems these researchers also are getting a kick out of the botnet at the cost of the victims.
I think that would have been a responsible end to the study, but there was no mention in their paper of a "cleanup" phase. They did, however, take great care to follow an ethical code and "strictly reduce harm". To them, that meant: do not send victims actual malware, do not send victims to actual spammer sites, and do not collect credit card information. The spammers' victims were never "worse off" for having participated in the campaign.
Of course, contacting these people saying "you were identified in a spam campaign" would likely lead to thousands of lawsuits. The victims might have claimed "why didn't you stop me?" It's a messed up legal situation already.

--
John
Re:Double standards? by X0563511 · 2008-11-08 06:01 · Score: 4, Insightful

Imagine this scenario:
You have Bob. Bob has a thing about catching STDs. No matter how many times he gets cleaned up, he turns around and does something stupid and gets a new one, and in turn passes them on.
Is it unethical to study his infections? The subject won't stop getting the infections, nor will he stop spreading them. However, we can use what we learn from studying the subject further on down the line.
Not quite so black and white is it? I side with the researchers. The botnet will be there either way, and if we actively destroy it a new one will be made in it's place (and possibly improved, preventing study). Might as well learn what we can from it before making a move.

--
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Re:Double standards? by Anonymous Coward · 2008-11-08 06:11 · Score: 0

How can I tell if my machine is infected?
Re:Double standards? by mixmatch · 2008-11-08 07:00 · Score: 2, Interesting

Maybe we should popularize free, safe sites like youporn, porntube, and xtube and this can all go away?
Re:Double standards? by Anonymous Coward · 2008-11-08 07:20 · Score: 0

Are you using Windows?
Re:Double standards? by slashqwerty · 2008-11-08 07:42 · Score: 1

This is what the study had to say on ethics:

4.5 Measurement ethics

We have been careful to design experiments that we believe are
both consistent with current U.S. legal doctrine and are fundamen-
tally ethical as well. While it is beyond the scope of this paper to
fully describe the complex legal landscape in which active security
measurements operate, we believe the ethical basis for our work
is far easier to explain: we strictly reduce harm. First, our instru-
mented proxy bots do not create any new harm. That is, absent
our involvement, the same set of users would receive the same set
of spam e-mails sent by the same worker bots. Storm is a large
self-organizing system and when a proxy fails its worker bots au-
tomatically switch to other idle proxies (indeed, when our proxies
fail we see workers quickly switch away). Second, our proxies are
passive actors and do not themselves engage in any behavior that
is intrinsically objectionable; they do not send spam e-mail, they
do not compromise hosts, nor do they even contact worker bots
asynchronously. Indeed, their only function is to provide a conduit
between worker bots making requests and master servers providing
responses. Finally, where we do modify C&C messages in transit,
these actions themselves strictly reduce harm. Users who click on
spam altered by these changes will be directed to one of our innocu-
ous doppelganger Web sites. Unlike the sites normally advertised
by Storm, our sites do not infect users with malware and do not col-
lect user credit card information. Thus, no user should receive more
spam due to our involvement, but some users will receive spam that
is less dangerous that it would otherwise be.
Re:Double standards? by denmarkw00t · 2008-11-08 07:47 · Score: 1

I don't know that I agree with your spam-tax, primarily because you are going to see a lot of upset customers - A LOT - who will feel as if their ISP has shafted them with shady "you didn't know it but we're charging you for having an infected computer" practices. BUT, it wouldn't hurt ISPs to require user systems to pass a set of tests before getting online. Of course, that also raises questions and concerns - my reply would be "I paid for it now let me online!" ISPs hate it when you get irate - they hate it even more when you threaten to cancel service (could save you $60~$100 a year!)
Re:Double standards? by Anonymous Coward · 2008-11-08 09:55 · Score: 0

So therefore it's perfectly fine to go into Bob's house to study his STDs while he's asleep just because he left his doors unlocked?
Re:Double standards? by zblack_eagle · 2008-11-08 11:09 · Score: 1

Educate them. You don't need to teach them advanced computer concepts, just teach them safe browsing habits and a healthy paranoia of the vectors used for social engineering attacks. Users may still get worms and such from not having up-to-date systems, but user misaction is a bigger cause of problems than user inaction.
There's enough people needing said education that you could run basic one hour classes for them. And the regularly spurted 'cost to the economy' figures for the fruits of stupid behaviour could easily justify making it free for them if they want to continue to have an internet connection
Re:Double standards? by Anonymous Coward · 2008-11-08 11:45 · Score: 0

best answer for a problem ever!
but it IS a possible solution
Re:Double standards? by MisterBlueSky · 2008-11-08 12:56 · Score: 1

Is it unethical to study his infections?

No. But not telling him about his infections is unethical.
Re:Double standards? by cbiltcliffe · 2008-11-08 16:31 · Score: 1

Researcher: Your computer is infected.
User: My computer's working fine.
Researcher: But you have a virus. You're sending spam.
User: I've never sent spam!!
Researcher: Not you....your computer.
User: My computer's working fine.
Researcher: Fsck it.
Now repeat this half a million times.

--
"City hall" in German is "Rathaus" Kinda explains a few things......
Re:Double standards? by cbiltcliffe · 2008-11-08 16:37 · Score: 1

User: A free basic computer class? I don't have the time. Besides, I know how to download my pr0n, and my computer's running fine.
ISP: But you're sending spam.
User: No I'm not. I don't even use email.
etc.etc.

--
"City hall" in German is "Rathaus" Kinda explains a few things......
Re:Double standards? by uvajed_ekil · 2008-11-08 17:12 · Score: 1

You have Bob. Bob has a thing about catching STDs. No matter how many times he gets cleaned up, he turns around and does something stupid and gets a new one, and in turn passes them on. Is it unethical to study his infections? The subject won't stop getting the infections, nor will he stop spreading them. However, we can use what we learn from studying the subject further on down the line.
Yes, if you propose to examine or diagnose Bob against his will, it would be medically unethical. He has a right to privacy, even if he is a douchebag. Even if he doesn't know you are studying him (say you set up surveillance on him or drug him and kidnap him) it is unethical to study him directly without his knowledge or permission. Studying trends or the people he infects, or how diseases spread in general, is a different story, and none of his business. I'm not sure this is a fair analogy anyway though, especially since one's privacy has already been compromised if a computer is infected by a botnet, and the professional standards are not the same. Apples to oranges, and I don't really have a problem with infiltrating botnets, though I have a hard time articulating why. I guess opening one's computer up to the internet isn't the same to me as contracting a disease or getting medical care.

--
This is a hacked account, for which the owner can not be held responsible.
Re:Double standards? by uvajed_ekil · 2008-11-08 17:26 · Score: 1

That is a bit harsh, but the basic idea is not that wrong. Users don't care about security because it is a bigger inconviniance than the not doing it. The botnets are quiet and Joe Sixpack can't relate insecure OS / config with spam (don't cares).

What about Joe the Plumber? Some regular Joes understand a bit about how these maverick programs run in the background to do nefarious things. Do these people come to me all the time for help, because they think something may be amiss but aren't sure exactly what is wrong or how to fix it? You betcha. I think average folks are poorly informed on topics like this, but the success of the anti-virus/anti-spam/anti-malware/bloated firewall/anti-pop-up software industry is indicative of some level of awareness.

Or maybe I'm wrong and people spend tons of money on expensive software they really don't need for the same reasons they respond to spam - ignorance and a feeling of a need to act on everything.

--
This is a hacked account, for which the owner can not be held responsible.
Re:Double standards? by Discrete_infinity · 2008-11-09 04:22 · Score: 1

"Your ideas are intriguing and I wish to subscribe to your newsletter. "
Had to do it. 8)

--
Windows Haiku Chaos reigns within. Reflect, repent, and reboot. Order shall return.
Re:Double standards? by steelfood · 2008-11-09 11:34 · Score: 1

Ideally then, if you hijack a botnet so that on a certain day of the month (or of the year, like the Michelangelo virus), it corrupts certain system files and displays a message on bootup like "Your computer is infected with a botnet. Please reinstall Windows and apply all relevent security patches," you'd inconvenience a lot of people very quickly and force them to clean out/patch their systems.
It's not as drastic as reformatting so it will retain data, and it won't secretly hit anybody's wallet so no users are going to go to the ISP to complain, but it will take offline all of the bots in the botnet on a certain day.

--
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Re:Double standards? by wvmarle · 2008-11-09 14:08 · Score: 1

Good idea except for the corruption of file systems: 99% of the people won't notice the difference between that and an actual format/erase. The data is gone for them. Would be good business for data recovery companies.
Randomly changing the background colour of the Windows desktop will do the job just as well.
Re:Double standards? by Anonymous Coward · 2008-11-09 23:20 · Score: 0

Sarah? Is that you?
Re:Double standards? by doob · 2008-11-10 01:02 · Score: 1

The BBC story on this says the site "...always returned an error message when potential buyers clicked a button to submit their credit card details". Surely it would have been more useful to display a message along the lines of "You idiot, you've just been duped by some spam. If this had been real we would have just stolen your credit card details. Please learn from this".

--
In the spoon, there is no Soviet Russia!

Spam protection by Andr+T. · 2008-11-08 03:41 · Score: 4, Interesting

I don't have any data to back this up, but it seems to me that people are migrating from small provider companies to big internet provider companies - and their e-mail is going together. And it also seems to me that all those big companies have good e-mail filters (or they're getting one that will be good in a small period of time). If that's true, spam will face a dead end pretty soon.

Even if you stay with a small provider company with your personal e-mail, there are many good solutions to avoid spam. I used Popfile for a long time and it worked pretty well.

Either way, if people will go to their spam box and click that viagra ad, it will be their problem. It doesn't affect me anymore.

--

Any life is made up of a single moment, the moment in which a man finds out, once and for all, who he is.

Re:Spam protection by lysergic.acid · 2008-11-08 05:25 · Score: 2, Insightful

that's a good point. i'm guessing part of the reason why Gmail has such a good spam filter is because they implement collective filtering by allowing users to easily mark spam messages, and also because with such a large user-base they can implement statistical filtering techniques much more effectively.
what i don't get is why ISPs big and small don't just cooperate with each other and trade/pool information needed to fight spam. it would improve everyone's quality of service, so why not work together to achieve common ends. combating spam is one situation where different businesses don't need to compete with one another because they have shared interests.
even if you're just a small ISP with only a few thousand users, if you work with 10-20 different similar sized ISPs to collectively implement a shared spam-filter, you would achieve much better results than what each ISP could obtain on their own. not only are there more e-mails to perform statistical analysis and Bayesian filtering on, but there are also more users to identify/catch the spam messages that slip past the filters. that way the job of catching stray spam e-mails is distributed across a much wider user-base. instead of each user having to mark 10 spam messages a day, perhaps they only have to mark 10 messages a month.
Re:Spam protection by Anonymous Coward · 2008-11-08 06:58 · Score: 0

that's a good point. i'm guessing part of the reason why Gmail has such a good spam filter is because they implement collective filtering by allowing users to easily mark spam messages, and also because with such a large user-base they can implement statistical filtering techniques much more effectively.
And they fail at it. Because for the last few weeks I have been receiving email on my gmail-account SENT FROM THAT SAME GMAIL-ACCOUNT!
Posting AC because of modpoints.
Jerry S.
Please clean up keyboard, the shift-key is not working properly.
Re:Spam protection by Vlad_the_Inhaler · 2008-11-08 20:30 · Score: 1

My email provider has good spam filters, so why do I have them turned off?
I am on a mailing list. I had the mailing list domain on my whitelist and had the setting activated to 'block spam and send me a summary every 24 hours'.
They sent me a summary every 24 hours listing a couple mails they were apparently not sure about and silently ate the rest - including all list traffic. Thank you guys. Now I am back to 25 spams a day.
That was gmx.net in Germany.

--
Mielipiteet omiani - Opinions personal, facts suspect.
Re:Spam protection by houghi · 2008-11-08 20:37 · Score: 1

The summery talks about 1 single response makes spam profittable. As long as that is happening, you pay for spam. Many people think that if they have a good filter that they have solved the spam problem. That is not true.
Spam is solved if we don't need a filter anymore. A filter takes away the symptoms, not the desease itself. Better filters will change the 12 million to a higher number. So instead of 12 million, they send out 24 million spams.
The best bet to actualy solve it will be to abandon SMTP completely and replace it with something different. No, I have no idea what, otherwise it would already be available. The problem with ditching SMTP is that finding a replacement is hard and costs money and at this moment nobody that is importand really suffers. Also it needs to be done worldwide and everybody has to agree.
And I do mean something completely different. This will require new servers, new clients and new standards. This is not just a technical problem, it is also a poitical, social AND economical problem to solve.
The providers need to up their traffic and pay people to filter spam? Charge the customer. It is cost of doing business. No loss for them. The only person who suffers is the end users and who really cares about him? From the different groups, only the end user has problems. So convincing all the others to change will be extremely hard.
Untill that is solved, spam will excist.

--
Don't fight for your country, if your country does not fight for you.
Re:Spam protection by badkarmadayaccount · 2008-11-10 07:40 · Score: 1

Ahhh, you're a victim of bounceback spam. I belive there was a /. article on it.

--
I know tobacco is bad for you, so I smoke weed with crack.

Much better solution by Colin+Smith · 2008-11-08 03:57 · Score: 1

Zap the partition table.

--
Deleted

Seems bogus by Anonymous Coward · 2008-11-08 04:11 · Score: 0

So I send 12 million e-mails, I receive one response, and somehow I get not just millions of dollars, but millions of dollars a year? What kind of response could do that? A billionnaire replies saying he wants all of the viagra I'm selling, and he doesn't mind keeping me as a high-margin middleman for years?

Re:Seems bogus by GospelHead821 · 2008-11-08 04:23 · Score: 1

The way I read it, they only need one response for every 12 million emails that they send. They send many more than that and they might get more than the one response per 12 million necessary to make a profit. It's more a testimony to the low cost of sending those 12 million emails.

--
Virtue finds and chooses the mean.
Aristotle, Ethica Nichomachea
Re:Seems bogus by Jeremy+Erwin · 2008-11-08 04:24 · Score: 1

No. If you send 12 million emails, you can expect to get one order for $100 pills. To sell a million dollars worth of product, you would have to send 120 billion emails.
Re:Seems bogus by Flibberdy · 2008-11-08 04:42 · Score: 1

Given that they sent 350Million emails that linked to the researcher's websites in a month, and that they estimate they redirected 1.5% of the botnet's total spam. 1 in 12Million over however many billions of emails they send a month == profit

Storm Worm by phazux · 2008-11-08 04:18 · Score: 4, Funny

Oh, Spam... right.

When I first read the title, I was thinking more along the lines of:

Bless the Maker and His water.
Bless the coming and going of Him,
may His passage cleanse the world,
may He keep the world for His people.

-- Frank Herbert

--
-- Working to secure tomorrows technology. Honestly Officer!

Re:Storm Worm by Hoi+Polloi · 2008-11-08 06:40 · Score: 1

May the maker produce a spiced canned meat
Bless the coming of him and curse his going for it is unpleasant

--
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning

Time for some draconian penalty? by Seth+Kriticos · 2008-11-08 04:22 · Score: 1

How about just raising the penalty for guilty spammers. You know, forcing them to read spam for 8 hours / 7 days a week for several years. Maybe that would help?

Re:Time for some draconian penalty? by Anonymous Coward · 2008-11-08 04:47 · Score: 0

One minute in prison for each spam mail sent. Or even, one second; still works out to a lot.
Re:Time for some draconian penalty? by Lead+Butthead · 2008-11-08 04:53 · Score: 1

How about just raising the penalty for guilty spammers. You know, forcing them to read spam for 8 hours / 7 days a week for several years. Maybe that would help?
That however does nothing to rehabilitate the spammer nor does it prevent relapse (See Spamford Wallace). I propose that we go directly to the death penalty and kill two birds with one stone.

--
ELOI, ELOI, LAMA SABACHTHANI!?

the vigilante approach by v1 · 2008-11-08 04:24 · Score: 4, Interesting

I realize this will either be wildly popular with you or you'll hate it, but what I'd like to see someone do is infiltrate the botnet somehow (either by vulnerability or crack their key or whatever) and send a command to the herd to zero the boot sector and shut down their host. (the zombies, not the herder's machines)

Nothing enough to cause data loss, but enough to force the naive owners to take their machines to someone to get them fixed/cleaned up. I'm tired of being a victim of computer neglect en masse.

Not saying there's just one botnet out there, so I'd be greatly entertained to see them fall one by one. Should make a nice spectacle. Wouldn't it be entertaining to get up tomorrow and read front page stories all over the place the likes of which we got with Code Red, that a sizeable chunk of zombies just dropped off the grid and there were long lines at the PC repair shops this morning? Stories of entire businesses being brought to a halt because 95% of the machines in their office were owned? Sorry, but "serves them right", and thank you have a nice day while I go check my mail and see 80% fewer medications for sale.

--
I work for the Department of Redundancy Department.

Re:the vigilante approach by mdmkolbe · 2008-11-08 04:34 · Score: 3, Interesting

No need to zero the boot sector, just pop-up a window that says "you have been infected by the Storm worm" every two minutes. The machine is still functional so it is easier to fix, but recovery is easier and less likely to result in data loss.
(This all is based on the assumption that doing so would be ethical which I don't think it is, but thought experiments don't hurt.)
Re:the vigilante approach by kvezach · 2008-11-08 04:50 · Score: 3, Interesting

How about turning the machines on them? As far as I understood from the scientific paper, the proxy hosts are contacted by the botmasters (through servers run on bulletproof hosting). Thus it would seem pretty easy to just substitute the send spam command (when the workers ask) with a "DDoS this target" command, where the target is the botmaster server you got the original spam command from. The stronger the botnet, the harder it falls, and while bulletproof hosting servers may scoff at threats of police action, they sure won't like being DDoSed up the wazoo.
Re:the vigilante approach by Anpheus · 2008-11-08 05:22 · Score: 3, Insightful

And so next time when malware like that damn Antivirus 2009 trojan is installed, they'll be more likely to follow the instructions: "Your computer is infected, click here to scan your computer."
Re:the vigilante approach by russotto · 2008-11-08 06:09 · Score: 2, Interesting

I realize this will either be wildly popular with you or you'll hate it, but what I'd like to see someone do is infiltrate the botnet somehow (either by vulnerability or crack their key or whatever) and send a command to the herd to zero the boot sector and shut down their host. (the zombies, not the herder's machines)
All that will do is get law enforcement after the vigilantes. Law enforcement is much more concerned with effective competition than they are with ordinary lawbreakers, so they won't stop botnet-building spammers but they will come down hard on vigilantes.
So, don't do that. Instead of shutting down the machines, take them over. And take precautions against anyone taking them back. Set up Bittorrent seeds for pirated films on them, if you like, and watch the MPAA go after the zombie owners. If you just look like another criminal, you probably won't get much attention from law enforcement.
(disclaimer: the above is a hypothetical scenario. Actually trying to pull it off may result in arrest, hospital time, or death depending on who gets to you first).
Re:the vigilante approach by mdmkolbe · 2008-11-08 11:01 · Score: 1

Ok, so maybe we say "All your base are belong to us" and display I nice big red skull and cross bones along with the sound of a menacing laugh in the background. Like you say we don't want a "click here to fix", but all we need is to increase the visibility of the virus to the user. Once discovered viruses get removed (one way or another), the biggest problem is getting them noticed.
Re:the vigilante approach by v1 · 2008-11-08 12:24 · Score: 2, Informative

The problem is most of them are "fast flux" - the C&C servers move around daily. There's no stationary target to hit. Even if you go after a host channel somewhere etc, they just move to a different IP and change domain name records.

--
I work for the Department of Redundancy Department.
Re:the vigilante approach by Anonymous Coward · 2008-11-08 15:18 · Score: 0

No need to zero the boot sector, just pop-up a window that says "you have been infected by the Storm worm" every two minutes.

A legit message must be locale neutral and quick. It seems enough lusers actually try to follow them:
"You have been infected by the Storm worm. Please take this computer to your local repair shop"
Even legit nerds would understand that nobody is trying to make a quick buck with a hyperlink scam to fake antivirus software... instead of paying cash to be scammed facelessly, you'd be paying to be informed at a brick and mortar store.
Re:the vigilante approach by Repossessed · 2008-11-08 15:36 · Score: 1

Either is likely to result in data loss. Most people do not have the resources or the knowledge to handle a virus not caught by their scanner. And of the handful of technical support providers who support the software at all, I don't know any who will help with viruses beyond wiping and starting over.

--
Liberte, Egalite, Fraternite (TM)
Re:the vigilante approach by LoztInSpace · 2008-11-08 21:40 · Score: 1

How about sending all their recently used URLs to everyone in the address book cc themselves? That should raise the profile a bit and send most people scurrying off to the nearest AV software.
Re:the vigilante approach by kvezach · 2008-11-09 03:37 · Score: 1

The botnet is fast flux, but the master servers are relatively stationary; at least that's the impression I got from the paper. But it doesn't matter if they use fast flux. Just do a DNS lookup regularly and spoof DDoS commands targeting the new IP. If the botnet supports DDoS referenced by name, you don't even have to do anything. One would expect the DDoS part to have this functionality; otherwise, the affected servers of a "regular" DDoS could just move out of the way as with Code Red and the White House.
Re:the vigilante approach by davidphogan74 · 2008-11-09 07:14 · Score: 1

Why not just replace explorer.exe with a simple app that tells them they have to get their PC fixed due to their own ignorance of basic security? I'm pretty sure all the major botnets run on Windows systems exclusively.

Because of stealing by Britz · 2008-11-08 04:28 · Score: 1

Only because the botnet operators steal resources in such a large manner they can turn a "profit". Whatever that may be. How do you calculate a script kiddies costs anyways?

The much more interesting information was the US$ 2700 for about 350 Million Spam messages received and (an estimated) four times as much sent.

Rounded up that is a dollar earned for every 10 Million messages received and 40 Million messages sent (and caught as spam early on). Not counting that: "Still, the researchers acknowledge their figures don't take into account perhaps the most profitable aspect of the pharma spam business: The repeat customer who comes back time and again to purchase refills."

I would like to see that figure (10 Million for 1 Dollar) put against the resources lost/spent fighting Spam. How much damage do they do in order to make money. Do they steal 1 Dollar for every Cent they make? 10 Dollars? 100 Dollars? How much does it hurt the economy?

And maybe it is finally time to do something serious about Spam.

And the answer is . . . by Anonymous Coward · 2008-11-08 04:29 · Score: 1, Interesting

A single response in 12 million emails ? So someone orders $50 of 'GetHard' or whatever.

Then introduce micropayments on all emails. $50/12,000,000 or about 0.5 millicents an email. No normal operation would suffer, and spammers can't make a profit. Job done.

I've previously been ridiculed for by Vadim+Makarov · 2008-11-08 04:35 · Score: 1

proposing refundable microcharge for sending email (which is NOT fully refunded ONLY when the recipient subsequently marks incoming email as spam). Obviously my idea might be flawed, but those who have critiqued it never formulated why. At the present conversion rates, a refundable cent per email will do wonders. Possibly it will kill spam, or at least change its quality and quantity very considerably.

--
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.

Re:I've previously been ridiculed for by TheLink · 2008-11-08 05:12 · Score: 2, Informative

How do you pay?

So far it's hard to pay random people on the internet. For instance if I want to pay you USD1, it'll cost me more than USD1 in time and money to do so.
--
- Too many replies beneath your current threshold
Re:I've previously been ridiculed for by Anonymous Coward · 2008-11-08 05:40 · Score: 1, Informative

Joe Dumbass signs up for Bass Fisher Extreme News letter.
Bass Fisher Extreme sending him his weekly email.
Joe Dumbass forgets he signed up for this and hits the 'Report SPAM' link instead of the 'unsubscribe' link.
Bass Fisher Extreme loses money.
Re:I've previously been ridiculed for by Anonymous Coward · 2008-11-08 06:24 · Score: 1, Insightful

Your post advocates a
( ) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Re:I've previously been ridiculed for by Yvan256 · 2008-11-08 06:59 · Score: 1

Bass Fisher Extreme should monitor the bounced/spam-tagged emails on their list to stop sending them to these people.
Total cost: 1 cent per Joe Dumbass user. And if micropayments exist to do that, then they also exist to require micropayments from subscribers. At 1 email per week, it cost someone 52 cents per year to receive the newsletter, which is half the 99 cents threshold for impulse purchases.
Re:I've previously been ridiculed for by mixmatch · 2008-11-08 07:15 · Score: 1

Bass Fisher Extreme sees the list of charged emails and removes them from their system.
Re:I've previously been ridiculed for by Anonymous Coward · 2008-11-08 09:26 · Score: 0

So, you have proposed a technical and administrative approach who requires collaboration from everyone at once (including spammers, since you'll need to know how to charge them), a migration to a new protocol that doesn't improve the older one, even when IPv6, a serious improvement over IPv4, has not been adopted widely, and a new supranational authority that will have to distribute in a fair way the profits earned from spam. WTF!?

Ethics of the study by slashdotmsiriv · 2008-11-08 04:49 · Score: 3, Insightful

the researchers seem to take the legality of their actions under serious consideration. From TFA:

"Measurement Ethics:
We have been careful to design experiments that we believe are both consistent with current U.S. legal doctrine and are fundamentally ethical as well. While it is beyond the scope of this paper to fully describe the complex legal landscape in which active security measurements operate, we believe the ethical basis for our work is far easier to explain: we strictly reduce harm. First, our instrumented proxy bots do not create any new harm. That is, absent our involvement, the same set of users would receive the same set of spam e-mails sent by the same worker bots. Storm is a large self-organizing system and when a proxy fails its worker bots automatically switch to other idle proxies (indeed, when our proxies fail we see workers quickly switch away). Second, our proxies are passive actors and do not themselves engage in any behavior that is intrinsically objectionable; they do not send spam e-mail, they do not compromise hosts, nor do they even contact worker bots asynchronously. Indeed, their only function is to provide a conduit between worker bots making requests and master servers providing responses. Finally, where we do modify C&C messages in transit, these actions themselves strictly reduce harm. Users who click on spam altered by these changes will be directed to one of our innocuous doppelganger Web sites. Unlike the sites normally advertised
by Storm, our sites do not infect users with malware and do not collect user credit card information. Thus, no user should receive more
spam due to our involvement, but some users will receive spam that is less dangerous that it would otherwise be."

However, their premise of "reducing harm" is questionable. How can we be sure that a person who decided to purchase these drugs (against all warnings) really believes that not buying them is the best thing for him? What if this person really wants to purchase a drug that he thinks will enlarge him? Who gives the researchers the right to decide what other people should spend their money on? Under several legal interpretations, forcing a person not to buy something perceived as harmful is not legal: denying to sell cigarettes to a person of legal age may be illegal, under discrimination laws.

The bottom line is that the researchers have a good point regarding the ethics of their study, however this issue is not 100% resolved.

Re:Ethics of the study by jonbwhite · 2008-11-08 07:28 · Score: 2, Informative

However, their premise of "reducing harm" is questionable. How can we be sure that a person who decided to purchase these drugs (against all warnings) really believes that not buying them is the best thing for him? What if this person really wants to purchase a drug that he thinks will enlarge him? Who gives the researchers the right to decide what other people should spend their money on? Under several legal interpretations, forcing a person not to buy something perceived as harmful is not legal: denying to sell cigarettes to a person of legal age may be illegal, under discrimination laws.
The site that the spam normally points to actually sends placebos or mislabled painkillers instead of the actual drugs, so I don't think this is really an ethical issue. However, even if the site did send the real drugs, it is *not* difficult to find an alternative website willing to sell the same items. Not to mention the fact that the sending of the spam was illegal in the first place.
Re:Ethics of the study by Mr.+Underbridge · 2008-11-09 02:17 · Score: 1

What if this person really wants to purchase a drug that he thinks will enlarge him? Who gives the researchers the right to decide what other people should spend their money on? Under several legal interpretations, forcing a person not to buy something perceived as harmful is not legal: denying to sell cigarettes to a person of legal age may be illegal, under discrimination laws.
In this case, the sale would be illegal since we're talking about "drugs" that aren't FDA approved being sold without a prescription. So I think the analogy of stopping sales of cigarettes to minors would be more apt; it's guaranteed that a crime is being interrupted.

how to get suggestive phrases into a journal. by jmhoule314 · 2008-11-08 05:01 · Score: 2, Funny

I can now die happy having seen the phrase, "Excellent Hardness is Easy!" in an academic paper.

Re:how to get suggestive phrases into a journal. by HonestButCurious · 2008-11-08 21:51 · Score: 1

"Excellent Hardness is Easy" sounds like an ideal title for a TCC submission if I've ever seen one. They're at home with stuff like:
"Semi-honest to Malicious Oblivious Transfer - The Black-Box Way"
"On the Complexity of Parallel Hardness Amplification for One-Way Functions"
"The Ultimate Male Package", well that one's actually from my spam folder.
http://www.cs.nyu.edu/~tcc08/

The spammers aren't using their own machines. by khasim · 2008-11-08 05:13 · Score: 1

So your plan would result in Joe Sixpack getting a bill for email that he claims he didn't send.

And he would be correct. He would not have sent it. His machine would have. While it was a zombie.

Re:The spammers aren't using their own machines. by maxume · 2008-11-08 06:04 · Score: 1

This is only sort of a problem; it would at least get their attention.

--
Nerd rage is the funniest rage.
Re:The spammers aren't using their own machines. by cbiltcliffe · 2008-11-08 17:02 · Score: 1

No, they'd just get pissed at their ISP for billing them for something they didn't do, and rightfully so.
And when the ISP didn't budge, they'd go to a new one, if they're anywhere other than monopoly-fascist USA, with no broadband competition.
No matter how many times this happened, it would always be the ISPs fault, according to the customer.

--
"City hall" in German is "Rathaus" Kinda explains a few things......
Re:The spammers aren't using their own machines. by Anonymous Coward · 2008-11-08 22:14 · Score: 0

So your plan would result in Joe Sixpack getting a bill for email that he claims he didn't send.
And he would be correct. He would not have sent it. His machine would have. While it was a zombie.
He would not be correct. Negligence is not a good defence.
You are still responsible for your own equipment.
Some real world examples (IANAL)
If you leave your front door open and criminals use your cellar to store drugs, you're in serious trouble.
If you leave your gun in your front lawn and someone else starts shooting people with it, I doubt the judge will happily an argument like "but I didn't pull the trigger Your Honor, I didn't give him permission to use my gun to shoot those people".
Where I come from, you are required to abide by a principle called "good housefather". Did you take appropriate measures to prevent abuse of your
We should finally move to an understanding that using a computer is actually causing damage and people should be made responsible for their neglect.
I'm not saying they should be jailed, but causing the pc to no longer function could be a good start.
In analogy, it would be removing the drugs and putting a lock on the open door. If that means the owner will need to hire a locksmith ($$) to get access to his own premise, then so be it.
People should be forced to finally take responsibility for their behavior and I am totally in favor of making the owner "feel" his actions in his wallet.

Which leaves two possible solutions. by khasim · 2008-11-08 05:19 · Score: 3, Insightful

#1. The ISP blocks all outgoing port 25 connections. We've been over this one before. It means more expenses for the ISP so they're not going to do it unless they are forced to do it through law.

#2. The vigilante approach of writing a "virus" that identifies and infects infected computers ... and then removes the existing infection, downloads updates, installs a silent anti-virus app and checks back in at regular intervals for updates. The problem with that is that the people who do it become "criminals" under US law.

Re:Which leaves two possible solutions. by Intron · 2008-11-08 06:07 · Score: 3, Insightful

I wondered about #1, also. My ISP blocks *inbound* port 25 but not outbound. They don't want to let me run a server on a dynamic home IP address because they want to charge me for a business use. They also block inbound port 80.
It turns out the reason they don't block outbound 25 is because that would force the spammers to email out through the ISP mail servers which would get them blacklisted. They are fine with letting the home users send spam and get blacklisted. It doesn't cost them anything.

--
Intron: the portion of DNA which expresses nothing useful.
Re:Which leaves two possible solutions. by aztektum · 2008-11-08 07:42 · Score: 3, Insightful

Wouldn't they get blacklisted if a users IP is attached to a block assigned to that ISP?

--
:: aztek ::
No sig for you!!
Re:Which leaves two possible solutions. by mortonda · 2008-11-08 08:18 · Score: 1

My ISP, Cable One, does in fact block outbound port 25. Makes it hard to test remote mail servers. :(
But they do allow inbound port 25, so I can run my own mail server and just set their SMTP server as a smarthost in my own postfix config.
Re:Which leaves two possible solutions. by Anonymous Coward · 2008-11-08 15:03 · Score: 0

That's just your ISP. My cable modem ISP blocks inbound and outbound on port 25.
It's pretty annoying actually because it makes it hard for me to test my mail servers but I understand the need to pinch spammers as much as possible.
Re:Which leaves two possible solutions. by techno-vampire · 2008-11-08 15:57 · Score: 1

Earthlink Network started blocking outbound Port 25 about ten years ago, and AFAIK still does. If you're an Earthlink customer, either you use their SMTP servers or you don't use Port 25. I don't know how much good it does anymore, but at the time, it helped keep down the amount of spam coming out of them because having to use their servers makes it much easier to trace back and prove. Now, of course, they probably just use 587 to reach some foreign server that's set up to relay for them.

--
Good, inexpensive web hosting
Re:Which leaves two possible solutions. by Anonymous Coward · 2008-11-08 19:59 · Score: 0

Your argument is a little too simple. The main reason NOT to block outbound port 25 would be because a lot of software (too much) uses direct SMTP for legitimate purposes (bug reports, activation etc), or because some users (like myself) want to use other mail servers (and *some* software only supports port 25, or at least requires reconfiguration). If one percent of your customers complains about that, you have a problem. On the other hand the main purpose of blocking inbound port 25 is to protect the net stupid idiots who *believe* that they are smart enough to set up a mail server from creating open relays. I guess of the *standard end user* DSL lines less than 0.01 percent have an real interest in running mail server (beyond just trying it). If you want to set up a server, get an appropriate contract (not for end-users).
Re:Which leaves two possible solutions. by RockDoctor · 2008-11-09 08:41 · Score: 1

The problem with that is that the people who do it become "criminals" under US law.
And this is a problem because? Oh - this particular bit of research is based in the US.
OK, so do your research under some more favourable legal system. Problem solved. After all, it's not as if the US is the only place in the world with acceptably high living standards for carrying out asll sorts of research, and if you feel the US's laws are inappropriate in this respect, then moving yourself (and any funding you carry, and any tax income derived from you) out of the US is one of the few things that you can do which would actually gain the attention of the "powers that be".
Heretical though it may sound, you might actually prefer life in the outside world.

--
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"

The scope of the problem by Anonymous Coward · 2008-11-08 05:26 · Score: 0

The scope isn't limited to only windows machines with worms (maybe strictly for this study it is, but not the overall spam problem). The problem goes to insecure servers running a myriad of OSs. It could be anything from BSD to Fedora to Gentoo to Windows Server 2003. There are vulnerable web servers out there and I constantly get spam from too many different domains.

I've also been (sadly) responsible for contributing. My server was hacked a year ago or so and sent out spam emails at an incredible rate for about 6 hours before I or my provider realized. I responded quickly but I've seen too many hosts that have a setup page for some CMS or blog system as their default page. This screams "STEAL ME!" especially if there's a known vulnerability in the CMS they're installing. This page will also remain up for months for God knows what reason. We don't have responsible enough Server Administrators, ISPs, or end users.

RE: Botnets. by Chris+Tucker · 2008-11-08 05:40 · Score: 1

"Botnets. Spammers Botnets.
What kind of boxes are on botnets?

Compaq, HP, Dell & Sony, true!
Gateway, Packard Bell, maybe even Asus, too!

Are boxes, found on botnets, all running Windows, FOO!"

Why is it that TFAs almost never mention the OS of all the computers that make up these botnets?

Perhaps it's just one of those things that EVERYBODY knows, and as such, doesn't really need to be mentioned.

--
Guaranteed! This comment 100% Anthrax free!

Remove the tcpip stack by Colin+Smith · 2008-11-08 06:22 · Score: 3, Insightful

Consider it a form of quarantine.

--
Deleted

Re: Botnets. by bobbonomo · 2008-11-08 07:12 · Score: 1

You are probably right about the *indows machine in the botnet. The brand is irrelevant.

What is never mentioned is how many servers are infected (websites) with malware (or participate in it) because of errors in the apps running on them. I would say most of these are running *nix. I don't see IIS that much.

I think we are converting a botnet (spam) problem into a religious OS thingy.

Hygrade frankfurts are fresher because more people eat them or do more people eat them because they are fresher?

There are more *doze PCs out there so more of them will be infected.

Anyone have stats on percentages (with a link)?

Re: Botnets. by justinlee37 · 2008-11-08 10:05 · Score: 0, Flamebait

If Linux had the greatest market share, it would have the most viruses. Windows is just a big target. Think about it -- if you wrote a virus, would you rather design it to attack 90% of the OSes in the wild, or 2%?

The smugness of the "windows has viruses because it sucks" position is a really poorly thought-out one.

This is not true. by symbolset · 2008-11-08 10:27 · Score: 1

Just keep saying it though. Maybe eventually people will believe you.

--
Help stamp out iliturcy.

Re:This is not true. by justinlee37 · 2008-11-09 12:31 · Score: 1

I got modded flamebait and contradicted twice, but nobody has offered any evidence whatsoever.
I'm not a computer scientist or programmer. I study economics. I'm making my inference based on logical conjecture.
I'd love it if a real programmer chimed in and explained why Windows is "so easy to 0wn" as it is compared to Linux. And I want to hear solid architectural reasons; "Windows lusers are more likely to run an infected .exe on their machine because they think it's a picture" is not a sufficient reason, since it follows that if all of those Windows lusers started using Linux instead, they'd still run infected files like giddy schoolchildren.
So what gives? Is there a reason that Windows is "easier to crack" other than the economy of scale involved in writing a virus for the most ubiquitous operating system out there? Or are all of the "this is not true" people just trying to minimize their own cognitive dissonance by ignoring reason?
Some help would be appreciated. Also, to whoever modded me flamebait; there isn't a "-1 disagree" option for a reason. You would have been better off replying with an insightful comment.
Re:This is not true. by Anonymous Coward · 2008-11-09 16:57 · Score: 0

I got modded flamebait and contradicted twice, but nobody has offered any evidence whatsoever.
I'm not a computer scientist or programmer. I study economics. I'm making my inference based on logical conjecture.
I'd love it if a real programmer chimed in and explained why Windows is "so easy to 0wn" as it is compared to Linux. And I want to hear solid architectural reasons; "Windows lusers are more likely to run an infected .exe on their machine because they think it's a picture" is not a sufficient reason, since it follows that if all of those Windows lusers started using Linux instead, they'd still run infected files like giddy schoolchildren.
So what gives? Is there a reason that Windows is "easier to crack" other than the economy of scale involved in writing a virus for the most ubiquitous operating system out there? Or are all of the "this is not true" people just trying to minimize their own cognitive dissonance by ignoring reason?
Some help would be appreciated. Also, to whoever modded me flamebait; there isn't a "-1 disagree" option for a reason. You would have been better off replying with an insightful comment.
As a programmer I'd have to agree with you, realistically it has nothing to do with the operating system itself but more so the person driving it.
While Linux may be inherently more "secure" by design that's not to say some idiot with root access cant still fuck the machine.
In my eyes Linux is more secure because its an operating system made by technical people for technical people, people who are substantially less likely to get infected and allow their machine to run as a zombie.
A windows machine can be just as secure as any other operating system, it just depends on the person who configured it and is using it on a regular basis.

Re:get some priorities! by Anonymous Coward · 2008-11-08 10:43 · Score: 0

Actually, it's quite on-topic. Barach H Obama may very well have worms.

Solution by Anonymous Coward · 2008-11-08 11:00 · Score: 0

1: Get some Chinese "v1agr4" laced with toxic chemicals
2: Spam
3: Profit!!!
4: Idiots who buy pills though spam die
5: With no dumb ass customers left, and the rest too scared to buy pills online, SPAM is unprofitable.

Problem fixed for trade off in short term increase in Spam :-)

6: Use profits to immigrate to a country that has a nice climate and wont expedite you home to face charges of mass murder.

Re:Solution by Anonymous Coward · 2008-11-08 13:25 · Score: 0

Except that;
1) There may be collateral from killing off Joe Dumbass - S/he may be an idiot, but perhaps they were the breadwinner in their family, or great philanthropists (hey, we already know they aren't tight with their money), or had other useful qualities
2) v1agr4 spam scams are only one of many - it would be naive to think that people would investigate or be informed of social engineering vectors after this specific poison-pill plan - likely they would continue falling prey to other scams (phishing, botnetting, identity theft, etc)
3) There's a new idiot born at least every minute.
4) People would soon forget about the incident, and continue to answer spam (remember, spammers would still be operating, since there's no ongoing costs so no reason to stop).

100% solution follows: by C18H27NO3+ · 2008-11-08 11:19 · Score: 1

Unsolicited spam email Subject lines _MUST_ contain the phrase, "this is an unsolicited email". I think that would pretty much cover it. (The word Spam isn't used so there isn't any gray area with that processed meat product). I know that there have been attempts at this before and it has been shot down but I don't understand why. Obviously the purpose of this would be to have these in email filters to block the crap all of the time so why doesn't it pass? Someone in the gubment think it unfair to all of the people sending ILLEGAL emails?

Re:100% solution follows: by Waccoon · 2008-11-08 17:13 · Score: 1

I recall an article about the "Spam King" where he clearly rejected the idea of putting such markers on his e-mails. Legal or not, he said he wouldn't.
There's no such thing as enforcement when faced with billions of messages every single day. You're on your own to protect yourself, bub.

You might be infected if ... by Smallpond · 2008-11-08 11:42 · Score: 1

Files in Windows System folder:
wincom32.sys
peers.ini
wincom32.ini

Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32

Re: Botnets. by Chris+Tucker · 2008-11-08 12:13 · Score: 1

People write viruses & trojans & worms to infect Windows because Windows is so easy to 0wn.

--
Guaranteed! This comment 100% Anthrax free!

tough love or robinhood style by Jesus+IS+the+Devil · 2008-11-09 00:40 · Score: 1

I see two potential solutions...

One is a worm that's released in the wild whose sole purpose is to find and clean infected/vulnerable computers, and then throw huge warning signs at them. If the same machine is re-infected X times within a year, the worm just shuts the computer off. A Robin-Hood worm of sorts. Illegal just like Batman, but hell, if it does the internet some good, why not. If they don't do it, the vulnerable hosts don't just disappear. Instead, they just sit there waiting for real hackers to exploit them. Or, if they're already compromised, they can only do harm anyway.

The other solution is tough love. Get caught with a compromised machine, your internet connection is shut off automatically, until you can prove that you've fixed the vulnerability. But of course, the ISPs won't wanna do this voluntarily. After all, this would affect their profits...

--

eTrade SUCKS

Re: Botnets. by Anonymous Coward · 2008-11-09 06:57 · Score: 0

People write viruses & trojans & worms to infect Windows because Windows is so easy to 0wn

It's true Windows is very easy to own. I just have to walk into the store and for a nominal fee I own Windows. If I buy a new PC I also usually end up owning Windows too.

this never gets old by RMH101 · 2008-11-09 22:44 · Score: 1

anyone know which insightful greybeard wrote the original?

Re:this never gets old by skis · 2008-11-10 07:52 · Score: 1

I don't know, but this is the first time I've ever seen the "Asshats" box NOT checked.

making my inference based on logical conjecture by symbolset · 2008-11-10 02:09 · Score: 1

Your mistake. It's right here.

Don't worry. It's a common error. Get the facts and you'll understand.

--
Help stamp out iliturcy.

Re:making my inference based on logical conjecture by justinlee37 · 2008-11-10 12:16 · Score: 1

Oh, the facts! Of course, why didn't I consider those before. Now it makes complete sense. *rolls eyes* You're not very helpful.

You're not very helpful. by symbolset · 2008-11-10 17:09 · Score: 1

Sorry about that. One of the problems with slashdot is that it can be tricky touching upon common memes, and you've stumbled on one. The problem with your assertion is that it's been made for fifteen years, thoroughly examined, and disproved in every case.

GNU/Linux is not Windows. It won't ever be. Because Linux is available in over 1,000 distributions and hundreds of versions, and always will be, the generic reference to "Linux" includes far more scope than "Vista" or "W7" ever could. Linux is available in versions for your PS3, for Sun hardware, and IBM mainframes. By itself that makes it a harder target because one exploit can't target all of linux. It's used in almost all supercomputers and a great many network routers. The embedded applications like EMC SANs and security cameras and TV recorders and dash mounted Nav devices and many other things far exceeds Microsoft's desktop operating system installed base. Microsoft could not dream of being able to hire as large or well qualified a team of programmers motivated to secure the software out of their own self interest (i.e. improvements come from people who want to use it, not people who are only paid to write it).

I can do no better than commend to you ESR's great work, The Cathedral & The Bazaar.

Basically here's how it works: in order for Windows to have a "brand" it can market, it has to have a coherent set of services and applications which are identified with it. This fixed set becomes a target, and since it is software written by humans, vulnerabilities will be found which are consistent across that platform. Since it must enforce compatibility across generations, the code is generally recycled across revisions. Linux has no such limitations.

Now by responding to your obvious question I have to slur Linux a little bit in order to not look so much like a fanboi. Of course any individual installation of Linux can be rooted, at least if someone is using it to surf the Internet. That's not the point. No one exploit is going to be broad enough even to get most of them, and you can't say that about any version of Windows.

--
Help stamp out iliturcy.

Re:You're not very helpful. by justinlee37 · 2008-11-10 17:48 · Score: 1

No one exploit is going to be broad enough even to get most of them, and you can't say that about any version of Windows.
Isn't that basically a summation of my original point? There's just no incentive to the hacker to write a specialized virus, unless they have a very specific target or motivation, so Winblows gets all of the hijack-your-bank-account keylogging trojans?

If you want to get originality points by symbolset · 2008-11-10 19:17 · Score: 1

This is your original post:

If Linux had the greatest market share, it would have the most viruses. Windows is just a big target. Think about it -- if you wrote a virus, would you rather design it to attack 90% of the OSes in the wild, or 2%?

The smugness of the "windows has viruses because it sucks" position is a really poorly thought-out one.

Semantic analysis of the grandparent and your post yields no significant similarities. They differ in form, content, structure and purpose. They are opposites. It's not even remotely possible that you were trying to say this.

Try again?

--
Help stamp out iliturcy.

Re:If you want to get originality points by justinlee37 · 2008-11-11 06:08 · Score: 1

You said:
in order for Windows to have a "brand" it can market, it has to have a coherent set of services and applications which are identified with it. This fixed set becomes a target
I said:
if you wrote a virus, would you rather design it to attack 90% of the OSes in the wild, or 2%?
Re:If you want to get originality points by symbolset · 2008-11-11 06:28 · Score: 1

Obviously the flamebait part wasn't that part, it was the rest of the post:

If Linux had the greatest market share, it would have the most viruses.
Which is widely held not to be true, and for which the refutation is above.
But please - believe whatever you want. You just won't go spreading that particular lie around here without being both contradicted and modded down. I do hope this settles in your mind the question you asked about "why?"

--
Help stamp out iliturcy.
Re:If you want to get originality points by justinlee37 · 2008-11-11 10:52 · Score: 1

I suppose I was assuming that if it had the largest market share, that would have only been feasible through it becoming a desktop utility "brand" like Windows has. As in, Linux itself, the kernel, won't become the most widely distributed OS, but some specific user-friendly distro of it, like Ubuntu, would become that OS, and therefore, as a single system (like Windows) it would be subject to that vulnerability.
Although I do get what you're driving at now. I'll rephrase; whenever 90% of the population uses an identical OS (even if that OS if based on Linux, or anything else "not Winblows"), that OS will develop the largest share of malicious code. To reiterate, Windows doesn't suck, it's highly functional; it's just the biggest target out there for hackers.

This sounds reasonable. by symbolset · 2008-11-11 13:05 · Score: 1

No argument here.

--
Help stamp out iliturcy.

We should sue them by Anonymous Coward · 2008-11-20 04:17 · Score: 0

Doing experiments is not an excuse.
Their fucking canadian pharmacy spam stormed our servers, costing us lots of time, and apply extremely strict rules on smtp servers, also denying legitimate mails.

Slashdot Mirror

Researchers Hijack Storm Worm To Track Profits

128 comments