Slashdot Mirror
Seeking Competitive Advantage, For Malware
jc_chgo writes "Brian Krebs over at the must-read KrebsOnSecurity.com writes about the rivalry between two competing authors of nasty credential-stealing malware. The newer (SpyEye) can remove the older (Zeus) on any system it infects. Meanwhile, Zeus is so successful prices have gone way up for the new version. These 'crimeware kits' are freely available for purchase, and have enabled millions of dollars in thefts. The buyers of the kits prey primarily on small businesses by using wire transfers out of bank accounts. This is a problem that is only going to get bigger over time."
There are positives to this. If one type of malware can handily defeat another type of malware I'm sure the A/V companies will be able to learn something from it (and up-charge their victims, er, customers accordingly).
There's also the new 'botwars' games that we'll be able to watch from the safety of our non-Windows computers.
SecureWorks has noted that the latest versions of Zeus include anti-piracy technology that uses a hardware-based licensing system that can only be run on one computer. “Once you run it, you get a code from the specific computer, and then the author gives you a key just for that computer,” SecureWorks wrote. “This is the first time we have seen this level of control for malware.”
I guess it was bound to happen ... you just can't trust anyone these days. I wonder if either of these 'kits' infects the computer that runs it? Would the authors ever infect their customers?
nice sig -- save for the fact that the "group" is composed of 90% men.
nice sig -- save for the fact that the "group" is composed of 90% men.
You mean two of his fingers are female?
"I say we take off, nuke the site from orbit. It's the only way to be sure."
...is still much better than the idea of government-owned, tax-paid malware.
Colorless green Cthulhu waits dreaming furiously.
Here's the problem:
Assuming the people who wrote and sell this software reside in the US or some country which will happily extradite them for us, it's possible that what they're doing isn't technically illegal. They're not actually USING the software, just selling it. This is somewhat equivalent to someone selling lockpicks. Granted, this software probably has no legitimate purpose, except perhaps to be used for security audits or something. However, even if it IS illegal, to get the Feds involved will require an almost certain guarantee of conviction. They want a jury to be debating the length of the sentence, not whether or not the suspects are actually guilty or not. If there is enough legal doubt as to whether or not a crime was even committed, the Feds will be leery of even getting involved.
So fine, lets pass a law making the creation and/or publication of software that has mostly malicious intent. That'll be good... right? The only problem is, Congress gets to write that law. This means three things. First off, the law will likely be written in a way that is so vague that it ends up not only applying to the software in question, but half of the legitimate software ever written. Before you know it, all advertising, security software, operating systems other than windows, and of course, the ping program, will now be considered illegal.. technically. This means that the law will end up not being enforced. Next, they will be sure to word it in such a way as to render it unconstitutional, so next thing you know, the Supreme Court will tie it up for 10 years, and finally kill it. And finally, you can't pass a law without attaching a large number of completely unrelated riders, which will end up causing parties opposed to the riders to vote against and/or filibuster the bill, which causes the other side to insist that the opposing party WANTS people to have their banking credentials stolen... and so on.
Anyways, to answer your question, Yes. You were simplifying it. It would be MUCH easier to just find a way to sneak a few images of child porn on one of their computers, and shut them down that way. THAT avenue at least seems to have no roadblocks.
-Restil
Play with my webcams and lights here
Look, I know the grandparent was just trying to help, but in real-life people don't do things because of silly slippery-slope arguments.
The reason that this is very hard for law-enforcement to stop is because it is not being done by lone guys in their parent's basements, but because it is business. As a start, read "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants", http://cseweb.ucsd.edu/~savage/papers/CCS07.pdf
You can buy lists of valid credit card numbers, botnets, root-kitted machines, almost anything. The people who sell this sort of stuff often don't even think of themselves as criminals, just businessmen. When selling rooted machines, they often are careful not to touch machines in their own country, so local law enforcement is unlikely to care, and to avoid things like child porn which the police will really come after them for.
Now, say you are a typical American law enforcement guy and you find out that someone might be involved in this sort of stuff. What do you do? Well, citizens have been complaining about paying taxes so your budget is going to be pretty much nothing. You are also going to be evaluated on how many "bad guys" you catch. And you know that almost as soon as you start investigating that the trail is going to lead to some overseas servers, which means that you are going to have to get the cooperation of law enforcement in other countries. And, you know that even if you get international cooperation then eventually the investigation is going to involve someplace where the local authorities don't care, and all your time will have been wasted. So, knowing this, are you going spend your time starting the investigation? Or are you going to catch a bunch of petty thieves instead and get a nice bonus for stopping crime?