New Russian Botnet Tries To Kill Rivals

alphadogg writes "An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords. Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the FBI estimating last October that they have caused $100 million in losses."

Why is this news?

Trojans, worms and viruses have been eliminating rivals for a long time. It's all part of the strategy to avoid being detected. The slower a system gets and the more unwanted traffic it generates, the more likely it will be analyzed in depth, and that's not good for the bot net.

Apparently we've decided to go the "natural" route in software security: Instead of making software which cannot be compromised, we do a "good enough" job with software quality and then fight infections with some kind of immune system. IMHO this is the root of the problem. Computers are not highly redundant systems like biological systems. We really ought to create software which is safe by design.

Re:Why is this news?

[Conchobair]

I think there is a guy that just goes around from article to article asking "Why is this news?" on each of them.

If it was a local report about a murder, he'd show up and say "Why is this news? People have been getting murdered for several years now." Or if if was a report on a politicians speech, he'd say, "Why is this news? Politicians have been telling us lies for years and years now."

Re:Why is this news?

[conspirator57]

but doing it the right way front loads cost on the company that builds the correct system and places them at a competitive disadvantage with respect to shoddy software firms, say for example Microsoft and Apple.

besides, there is secure by design software. It just lacks features which makes it less competitive. Alternatively you can put a feature-rich OS on top of it, but then you've compartmentalized the problem, not eliminated it. Plus it's damned expensive. http://www.ghs.com/products/rtos/integrity_virtualization.html

Myself, I like freeBSD as a compromise. It's not provably correct, but it's 2-3 known exploitable bugs in 10+ years are a good empirical indication of security. And it's free.

Re:Why is this news?

[Opportunist]

Not possible.

Why? Because the core problem with system security is no longer the technical side. Systems (yes, even Windows) are by now mostly secure. Of course, there's always the odd security hole and some even get used, but they don't represent the majority of entry points anymore, not by a longshot. Over 90% of the infections (source not available due to NDA) are due to what I endearingly call "user stupidity". See Dancing pigs problem of computer security for reference.

That is something you can not sensibly protect against, no matter how you create your product, unless you do not allow the owner of a computer to execute code he wants to run. And that's something I would not agree with under any circumstances, since it would mean that someone else gets to dictate what I can and what I cannot do with a machine I bought and own.

And I am fairly sure the majority of people here would easily identify the problem with that.

OTOH, if people may do what they want with their machine you can NOT protect them against an infection. You can of course inform them whenever something wants undue privileges, but eventually they will be the ones deciding what privileges they want to grant. And it's easy to trick people into granting more privileges than necessary. People are used to mere games requiring administrator privileges in Windows. If for nothing else, then to install their DRM device drivers. Imagine they got some "crack" for Windows that claims to turn their copy into a fully registered, legal copy. Will they grant access to manipulate core system files, even if they are able to understand the information provided? Of course they will, because after all that's what the program promises.

Now imagine Joe Randomuser with just enough clue to hit the right button on the machine to turn it on without blowing it up getting the information that Shlabberdup.exe wants access to the thingamajig privileges, allow or deny? Joe learned that usually it "does not work" if he says deny, so he says allow. Because he wants his pig to dance.

I wonder if this how Skynet gets going...

[wiredog]

Could be an interesting way to create a "real" AI.

XKCD was there first

[thegameiam]

How long will it be until this is a reality?

Re:XKCD was there first

[jgtg32a]

Is it bad, that when someone posts an XKCD link I only click on it only to confirm that it was the one I though it was?

Can we start using OpenBSD, Solaris, Linux?

If it's really costing just American people and companies that much money, maybe it's time to stop using Windows.

There are so many alternatives! Servers should be running OpenBSD, FreeBSD, NetBSD, Solaris, Linux, Mac OS X Server, or even AIX and HP-UX.

Mac OS X and Linux make pretty damn good desktop systems for most users.

And if you need to run Windows, perhaps do it only on a system that isn't networked.

Re:Can we start using OpenBSD, Solaris, Linux?

[characterZer0]

$100 million? Please.

Many times that has been wasted supporting broken version of IE.

Many times that has been wasted waiting for reboots after BSODs.

Many times that has been wasted on upgrades nobody needs other than because old version no longer get security updates.

If lost money was going to cause people to ditch Windows, they would have done it a long time ago.

As long as its not guns

[ratboy666]

I'll make some popcorn and we can all enjoy the show.

But seriously, only 100M in losses?

I don't have the figures at hand, but "McAfee forecasts $1.8 billion in revenue for 2009". I would put the cost of the extra security in; the US did that when prosecuting Gary McKinnon, so there appears to be precedent.

Reminder - This CAN be fixed

[ka9dgx]

Here it is... the reminder that Capability Based Security can fix this, if we raise awareness of its existence, and push to get it implemented. The idea is older than Unix, for chrissakes.

Re:It's evolution in action.

[VShael]

No, I don't think so.
It doesn't matter how the code changes from one generation to the next. Mutation (copying errors) or the mixture of two halves of parental DNA, or manipulation by an outside force, or some other mechanism.

What matters is that variation is introduced, and the most successful variations survive and the less successful variations do not.

It's an iterative process, much like software builds.