Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zeus Attackers Turned the Tables On Researchers

Posted by CmdrTaco on from the escalating-your-race dept.

ancientribe writes "The attackers behind a recent Zeus Trojan exploit that targeted quarterly federal taxpayers who file electronically also set up a trap for researchers investigating the attack as well as their competing cybercrime gangs. They fed them a phony administrative panel with fake statistics on the number of Zeus-infected machines, as well as phony 'botnet' software that actually gathers intelligence on the researcher or competitor who downloads it."

28 of 119 comments (clear)

  1. Why can't we have commercial software like this? by mlts · · Score: 5, Insightful

    I'm being a bit sardonic here, but why can't we have commercial software that we pay for this well thought out? Of all the categories of software (games, utilities, Office suites), malware has evolved from being CPU/disk/memory hogs to some of the leanest and most well coded executables that ever hit a CPU on the planet.

  2. Deviously creative, but... by Arancaytar · · Score: 2, Insightful

    Come on, who wouldn't have thought of that?

    1. Re:Deviously creative, but... by somersault · · Score: 2, Insightful

      All the other groups who run botnets, apparently.

      --
      which is totally what she said
    2. Re:Deviously creative, but... by Monkeedude1212 · · Score: 2, Insightful

      Point is though - the bot net operators now know who is gunning for them. This is a disadvantage for the researchers, it'll make it harder for them to track down the operators.

  3. I almost admire them by tygerstripes · · Score: 3, Insightful

    The devious, insidious bastards. It's exactly the sort of thing your average armchair-spamming-fantasist would concoct before decrying that the world is full of idiots and they would make a much better criminal, if only they had the time to learn how to code. I mean, it's creative and ridiculous on a par with bad-scifi plot twists.

    A bit scary but, well, I'm impressed.

    --
    Meta will eat itself
    1. Re:I almost admire them by AnonymousClown · · Score: 4, Funny

      I mean, it's creative and ridiculous on a par with bad-scifi plot twists.

      Bad sci-fi? I was thinking more of a Hollywood movie. The hero, a very smart well dressed man in some secret spy agency, let's say MI6, goes after the coders. Now, after using all of his super secret gadgets to infiltrate the the hackers headquarters, he's caught. BUT one of the hackers likes him and she becomes his ally, let's call her Boobies Mucho (She's Latina). Now Boobies frees this secret agent only for both of them to get caught, tied up, and hung over a tank of mutated guppies. These guppies have big teeth! And as an added bonus, have masers strapped on their heads - that's right microwave lasers! But they escape, and this secret agent finds and sets the destruct button on all of their computers - that's right, they're Dells and it's the power buttons!

      The marines show up and they have a shoot out while all the Dell's are going up in explosions! The secret agent the sleeps with the ex-hacker and we 're done.

      --
      RIP America

      July 4, 1776 - September 11, 2001

    2. Re:I almost admire them by noidentity · · Score: 2, Interesting

      I hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from you. Everyone else is an AI, including me.

    3. Re:I almost admire them by Speare · · Score: 4, Funny

      I hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from you. Everyone else is an AI, including me.

      What makes you feel like you must hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from me. Everyone else is an AI, including you?

      --
      [ .sig file not found ]
    4. Re:I almost admire them by Anonymous Coward · · Score: 4, Funny

      This being Slashdot, the obvious reason is that you underinflated her...

    5. Re:I almost admire them by daremonai · · Score: 4, Insightful

      the whole Slashdot site is a fake, designed to get insightful comments from you.

      Ha! I've outsmarted you, then. My comments are never insightful!

  4. Attack launched from a random email by digitaldc · · Score: 2, Interesting

    The lesson is for people (including researchers) to be more skeptical of who is sending you email and what it contains.
    If they had realized the email was fake and deleted it, this attack would not have worked.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  5. Re:Why can't we have commercial software like this by miffo.swe · · Score: 3, Informative

    Because they have an incentive your normal software maufacturer doesnt have. It has to work as supposed to it has to ship.

    Give current software companies a reason to code properly and the quality will take a big jump with almost no effort at all. Like, i dont know, any guaranties whatsoever the stuff works?

    --
    HTTP/1.1 400
  6. The bad news about internet crime by QuantumBeep · · Score: 3, Insightful

    The bad news about botnet operators, malware authors, and other black hats: they aren't stupid.

    1. Re:The bad news about internet crime by Tridus · · Score: 3, Insightful

      It's natural selection in action. We catch and punish the stupid criminals more often, which allows the smart ones to thrive.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    2. Re:The bad news about internet crime by v1 · · Score: 3, Insightful

      The bad news about botnet operators, malware authors, and other black hats: they aren't stupid.

      And the worse news: we ARE

      and that's why they're in business.

      --
      I work for the Department of Redundancy Department.
    3. Re:The bad news about internet crime by Kjella · · Score: 3, Insightful

      No, we're not. But the rest of us is busy trying to get things done, not play a battle of wits with black hats. It's another one of the time thieves that prevent people from actually performing work and earning money, that you just want to deflect with the least amount of hassle and cost. More often than not that's not about a head-to-head comparison, it's just about being a harder, lower profit than the rest.

      I've talked to people working for rather large companies and in the end they are simply amoral. If they can increase profits by a million through lowering security so they make two million in extra income and lose one million to black hats, they don't care about the morality of it. Catching criminals is really only relevant if you can set examples that lead to fewer attacks which has a dollar value.

      If it was all about security we'd all be running OpenBSD and those who made Acrobat Reader would be put to the wall and shot. That is not how the world works, even for us regular users it's about usabilty and "good enough" security. Not that I like to have my computer hacked and my identity stolen, any more than I want a burglar to rob me. But I don't live in a bunker with vault doors either.

      --
      Live today, because you never know what tomorrow brings
  7. Common security tactic, reversed use... by thijsh · · Score: 3, Insightful

    So, you could call this a researcher honeypot... and apparently these guys got caught with their hand in the honey. Is it really a surprise after this tactic has been used by security researchers for over a decade?

  8. Re:Why can't we have commercial software like this by ObsessiveMathsFreak · · Score: 4, Insightful

    You can't get it because you are unable or unwilling to pay top dollar for quality software that works. By contrast Botnet owners, Wall St firms, and the Chinese government are willing to pay top dollar for software which functions perfectly and reliably and indeed do so.

    It should also be noted that when software companies attempt to cross such buyers by providing less than stellar product, they tend to end up regretting it. The average user by contrast keeps buying Windows, Office, Norton and DVD codec software no matter how much they get burned. The incentive to produce quality software for the general user simply doesn't exist.

    --
    May the Maths Be with you!
  9. Let me get this straight... by Mister+Fright · · Score: 4, Funny

    So, you can't trust software from malware vendors?

  10. Re:Why can't we have commercial software like this by rastilin · · Score: 3, Insightful

    That's a very good point. Pretty much every piece of software out these days has a EULA declaiming responsibility for anything that happens with the software, up to and including serious financial harm. If your toaster catches fire and destroys something, you would obviously expect the people who made it to be held liable; not so with software. If Communism proved anything it's that if you uncouple effort from reward, people won't go the extra mile (and spend money to get there).

    --
    How do you kill that which has no life?
  11. Re:Why can't we have commercial software like this by Desler · · Score: 2, Insightful

    Pretty much every piece of software out these days has a EULA declaiming responsibility for anything that happens with the software, up to and including serious financial harm.

    And just like with pretty much every piece of open source software as well?

  12. Re:Why can't we have commercial software like this by Nadaka · · Score: 3, Informative

    This isn't really the case. Often we face the situation where we can either not get management to allocate time to fix something, or permission to merge an existing fix into the main branch. A lot of bugs are known and developers want to fix them, but can't.

  13. Re:Why can't we have commercial software like this by miffo.swe · · Score: 3, Insightful

    It has nothing to do with the cost of the software. Extremely expensive enterprise software are often just as crappy as any cheap crap out there, sadly sometimes even worse. The difference is that the expensive software has highly trained personnel supporting it, carefully not doing anything not throughly documented and tested.

    Personally im convinced laws demanding responsibility from software firms would benefit them as well as it would put an end to the feature frenzy from the marketing departments. In the end the software would be cheaper to develop and manage, not more expensive.

    --
    HTTP/1.1 400
  14. Re:Why can't we have commercial software like this by toygeek · · Score: 4, Insightful

    Why don't commercial programs have such high quality and thought out design? Simply because there's not enough money in it. The writers of these programs (the Bad Guys(TM)) make far more money on their work than legit companies do. Plus they have real reasons for being so good: stay out of the gulag. How do you think products like Norton Antivirus got to be such pieces of crap? Make what sells instead of what works. The Bad Guys(TM) have the exact opposite motivation. Make what works, and the money starts coming in. They sell to vulnerable machines and other Bad Guys(TM) and if it doesn't work well, their paycheck doesn't get very big.

    In other words, big companies don't need good programming and quality checks. They have marketing departments.

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
  15. Re:Why can't we have commercial software like this by CODiNE · · Score: 2, Interesting

    Because those aren't what marketing prioritizes. Generally a company needs to sell the software and get it out it's doors, how well it performs only affects some vague future release. Botnet guys live or die by the performance of their software, they can take the time to get it right and "when it's ready".

    So the lesson is, if you want to make quality software that makes you beam with pride, stuff you could put in "Beautiful Code" you ought to be a virus writer. ;)

    --
    Cwm, fjord-bank glyphs vext quiz
  16. Re:Why can't we have commercial software like this by clone53421 · · Score: 2, Informative

    I invite you to look at your TCP connections and all those instances of svchost.exe running on your system... and you never had to click "Allow" to let them communicate over the net.

    And I invite you to use SysInternals’ Process Explorer and find out what those actually are.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  17. Re:Why can't we have commercial software like this by icebraining · · Score: 2, Insightful

    Yes, but most of the OSS is gratis, so a warranty wouldn't make sense, because there's no sale.

    If I were to pay for that OS software, I'd expect a warranty like in any other sale.

    --
    Dilbert RSS feed
  18. It didn't work by Bob-taro · · Score: 2, Insightful

    From the article, it sounds like the honeypot was only discovered after the REAL botnet was pwned. I don't see any claim that it worked. The article says potential targets of the honeypot were researchers and competitors. I suspect the primary target was competitors. The researchers surely know they are likely being monitored and to treat anything they find with suspicion.

    --
    Prov 9:8 Do not rebuke mockers or they will hate you; rebuke the wise and they will love you.