Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Services Let Virus Writers Check Their Work

Posted by ScuttleMonkey on from the better-faster-stronger dept.

An anonymous reader writes "Former Washington Post Security Fix blogger Brian Krebs has launched a new blog at krebsonsecurity.com, and his first story highlights a pair of underground antivirus scanning services that cater to virus writers. Scanning services like virustotal.com scan submitted files against dozens of antivirus products, and share the results with each of the vendors so that all benefit from learning about threats they don't yet detect. But there are number of budding online services that allow customers to pay per scan, and promise that the results will never get reported back to the antivirus companies. One service even tests how well web site 'exploit packs' are detected, while others promise additional layers of protection. 'The service claims that it will soon be rolling out advanced features, such as testing malware against anti-spyware and firewall programs, as well as a test to see whether the malware functions in a virtual machine.'"

13 of 61 comments (clear)

  1. Inevitable by Spad · · Score: 4, Informative

    As I've said before on this subject, there's a whole economy around spam, website exploits and malware, you've got people who will QA your malware for you to check for bugs and these services that will run them against common AV software and suggest ways to evade them. Then you can sell your malware to someone who will use the network of compromised sites they bought off someone else to build botnets which they then sell time on to other people who are using them to send spam emails and perform DDOS attacks on behalf of *other* people.

    1. Re:Inevitable by Nikker · · Score: 4, Insightful

      Black hats are notorious for being paranoid when it comes to "sharing". Why would any of them even bother when they could just as easily set up multiple VM's with different OS's and different anti virus solutions and test them out in close to real time? How can they trust that these sites won't rat them out? How can they trust a similar service isn't set up as a honey pot for this very reason? It might scare Jane and Jon Q Public but in reality it's not going to make much of a difference overall. Why should someone trust the guy on the other end of the Internet that they won't expose them and their little virus baby to the big bad corporate overlords?

      --
      A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
  2. Makes sense by WiiVault · · Score: 4, Insightful

    The big AV companies have created a market of people who are behind a wall, but one that only exists as based on the guardianship of the AV maker. We know they are untrustworthy, and their very presence and size encourages this type of activity. Having a fairly consolidated market with a few vendors having a major share allows "hackers" to target those programs thus making these services useful to a wannabe testing out his exploit.

  3. Just like gun runners... by greg_barton · · Score: 4, Insightful

    ...selling to both sides in a war.

  4. Honor among thieves by Shoten · · Score: 4, Interesting

    It would seem to me that, since most malware writers are essentially in competition with each other (as can be seen by past examples of malware that removes other, competing forms) that using a service like this would be against the best wishes of the attacker. I can only imagine that anyone who would provide a service like this would also be diversified enough to have their own stable of malware, and would gain value from having a copy of everything that gets submitted to them.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  5. VirusZoo by skyriser2 · · Score: 5, Interesting

    You can also check out our site VirusZoo, that lets you safely test different viruses and malware on a shared virtual machine.

    It's more for fun than a serious tool...

    http://www.viruszoo.com/

    1. Re:VirusZoo by dark_knight_ita · · Score: 4, Funny

      Mandatory xkcd reference: http://xkcd.com/350/

  6. Real interesting story here by IamTheRealMike · · Score: 3, Interesting

    Brian Krebs now has a blog. He has written some of the most consistently interesting, unique and accurate coverage of the internet [in]security world in the past few years. Subscribed.

  7. Re:Any Reason... by MrMr · · Score: 4, Insightful

    But these people may be US citizens. Your procedure only applies to foreigners.

  8. Re:Waste of bullets by sycodon · · Score: 3, Funny

    I could lock them in a room with my dogs. They would gas the SOBs

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  9. "Capitalism" is descriptive, not normative by QuoteMstr · · Score: 2, Insightful

    Markets happen whether they're intended or not. They're as natural as water flowing downhill, even in ostensibly destructive fields. Capitalism is not more a "choice" than gravity is: what matters is how you deal with it.

    Clearly, we don't have enough incentives to either 1) discourage these people from writing malware, or 2) encouraging them to do other things.

  10. HONEYPOT by Sleen · · Score: 2, Insightful

    There is an economy, but the players are all using layers upon layers of aliases. Inevitable is a fresh mask on carnivore and this is merely one of them. How could you possibly trust a service NOT to report a ZDE? Find one, submit and see if it shows up in other scanners or see if there are reports of anyone out there using it. The service could be a front for carnivore, a front for a virus broker, or a front for a majority vendor. The simple rule is this: if there is money to be made and this is the only principle protecting the submission, it is INEVITABLE that someone else will offer more. And if the price per submission is affordable, and the functions advertized then its certainly not underground but engaging in some simple advertizing.

    Most hackers have heard of honeypots...

  11. Windows 7 is devouring that hand by spywhere · · Score: 2, Interesting

    Vista and 7 are much less prone to malware infestation. Since Vista came out, I've seen less than a dozen compromised Vista computers... virtually all of my malware work is on XP.
    That market is disappearing.