Mikko Hypponen's Malware Odyssey

CowboyRobot writes "Security expert Mikko Hypponen talks about his experience at F-Secure, including adventures such as flying to Lahore to interview the creators of 'Brain,' one of the early computer viruses that was spread manually on floppy disks. But while the early virus creators were just trying to have fun and learn, modern malware makers are motivated only by money. 'But there's a misconception that they all necessarily make a lot of money. There's a hierarchy of workers, with some just making a few hundred dollars to $1,000 doing the dirty work of the more experienced online criminals who make the real money.'"

error correction

[brennz]

"Security expert and notorious self-promoter Mikko Hypponen"

"modern malware makers are motivated mainly by money, just as most of the antivirus industry, including F-Secure".

Re:error correction

[Ash+Vince]

"Security expert and notorious self-promoter Mikko Hypponen"

"modern malware makers are motivated mainly by money, just as most of the antivirus industry, including F-Secure".

Everyone is motivated by money to a certain extent

The simple reality is that without money you cannot live. You need money to pay for food, housing and everything else you need in this world. You can try and not let money be your primary motivation in all things (for instance I could earn far more if I did a job I did not enjoy as much as being a software developer) but ultimately money always comes into these things as we live in a capitalist society based on money.

My chosen career would probably involve sitting around at home contributing to open source projects all day if I did not need to worry about getting paid. I could just create nice beautiful code that was a pleasure to work on 100% of the time instead of having to sometimes just throw a bunch of crap together as the client needed it yesterday and doing a proper job would take me a week or so.

Re:error correction

My chosen career would probably involve sitting around at home...

Are you me?

Re:error correction

[justforgetme]

Ted talk on Crack economics

Re:error correction

[Sardaukar86]

Thanks dude, that was a really interesting talk! :)

Only the goth chicks can save us.

The 1337 h4x0rz in big black "fuck me" boots and bizarro makeup jobs.

Or has Hollywood been lying to me again?

Re:Only the goth chicks can save us.

[Tastecicles]

Pauley Perette can save me any time she wants.

Re:Only the goth chicks can save us.

Yep, the entertainment industry, including the print media, do seem to be in love with that bogus image.

The image:competence ratio is pretty well understood for these kinds of things.

I never had any qualms about approaching the "conventional" and "normal" female IT staff for info or advice because I knew they were usually good for it.

But I didn't waste time on the Goths in black, with the tats, and the piercings, and the 'tude, because at least 90% of the time they didn't have a clue, although they'd try to hide it by quoting some just-memorized WP article about Nessus or Snort, even when it was totally irrelevent to the topic.

Still... The latter always had the coolest (legally changed) names, so I guess they were just way too 1337 for the likes of me, and when I thought they were utterly wrong they were actually right, but I was too much of a n00b to realize it.

Re:Only the goth chicks can save us.

Pauley Perette can save me any time she wants.

When she's in makeup sure, but she's kinda old-lady-ish out of makeup nowadays....

Stuxnet certainly wasn't about money

[crazyjj]

Some malware these days is militarily and politically motivated too.

Surely they aren't ALL in it just for money

[davidwr]

Surely there's one or two still left doing it for education, to prove a point, or just for the LULZ.

don't be so sure

[davidwr]

Spending $BIGBUCKS on Stuxnet may be cheaper than spending $BIGGERBUCKS getting rid of Iranian nuclear ambitions the old fashioned way and certainly cheaper than $EVENBIGGERBUCKS of cleaning up after they drop The Bomb on $ALLY.

Re:don't be so sure

Yes, but what if Iran decides to get rid of US nuclear ambitions in the same cheap way?

Re:don't be so sure

Good. Now we can have a war in which nobody has to die.

Officer Friendly Says:

[fuzzyfuzzyfungus]

"Remember kids, blue collar crime does not pay; and, honestly, most of the lower rungs of white collar crime are only classified that way so that they can keep you on salary rather than pay overtime and don't pay all that well either."

Re:Officer Friendly Says:

"Remember kids, blue collar crime does not pay; and, honestly, most of the lower rungs of white collar crime are only classified that way so that they can keep you on salary rather than pay overtime and don't pay all that well either."

Two thugs walk into a restaurant. One says, "We're crime, and crime doesn't pay."

Well... that sucks for them.

[nighthawk243]

Hacking requires at least 5 monitors to do correctly... That cannot be cheap.

Re:Well... that sucks for them.

[lister+king+of+smeg]

just remember if you can't guess their password just type "backdoor" and you can gain access to any and all systems at least that is what Hollywood taught me.

Re:Well... that sucks for them.

[crafty.munchkin]

i thought that only worked if you were getting a blowjob at the same time?

It's all free money.

zero money spent. non zero money comming in.

All profit.

Just like spam.. Oh sure only 1-3% of people fall for spam.. But when you send out a billion emails for free. 2% is alot of cash even at pennies each.

I'm still sure if we stopped giving them jobs after minor punishment....
And instead started setting malware authors on fire. And spammers. On pay per view.

It would stop eventually. Or at least be real entertaining. And profitable.

Re:It's all free money.

[Alex+Belits]

Spammers profit even if NO ONE falls for spam. They only have to convince their "clients" that someone does.

Re:It's all free money.

[ultrasawblade]

Your post advocates a

( ) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

In other words just like any other industry

[__aaltlg1547]

It always runs on drones who are getting screwed over, even when the business is screwing over other drones.

Re:In other words just like any other industry

It always runs on drones who are getting screwed over, even when the business is screwing over other drones.

Their hobby is screwing people. If they could not get paid for it, then they would do it for free.

At first look

[__aaltlg1547]

It looks like a description of the way every communication network functions and has since the '70s.

Crime really doesn't pay that well

[Sycraft-fu]

You discover when you look at it that it doesn't escape normal economic rules, in that the lower tier people doing menial work don't make tons of money, they make low wages. Even at the higher end it really doesn't pay that well, comparatively. You look at the drug lords and say "Wow those guys have a lot of money," but realize it is very few of them. then compare them to their legit rivals, the top tier businessmen like Gates, Buffet, Bezos, and so on, and they really don't compare all that well.

Crime ultimately ends up being just another kind of business.

Re:Crime really doesn't pay that well

[ax_42]

When analysing the economics of the mafia, there has not yet been consensus reached on whether to analyse them as a business (producer-customer model) or as a government (entity wielding force, with tax-raising privileges).

Malware would cease to be profitable

[kiriath]

If stupid people would quit clicking on stupid things.

Re:Malware would cease to be profitable

[Macgrrl]

We both know this is about as likely to happen as a dog ceasing to lick their balls. They do it because they can and it seems like a good idea at the time.

Re:Malware would cease to be profitable

[kiriath]

Tis sadly yet verily true.

Re:Malware would cease to be profitable

[MrSenile]

So you're saying we should castrate Mafia lords and it'd solve our problem?

The problem is that the Mafia lords lick their balls right? Sorry, having trouble following the metaphor.

error correction 2

[subreality]

"viruses that was spread manually" ... There have been a few manual viruses, notably Good Times, and The Honor System Virus, but I'm pretty sure Brain was automatic.

It's sad that we've gotten to the point where anything short of an outright worm is considered "manual".

Fuck yeah, security theater!

[Alex+Belits]

Hypponen's security must-haves: A nifty tool, which is not ours but which I'd like to recommend, is Flag for Chrome or the Firefox equivalent, Flagfox. It's a handy extension, which shows a flag in the URL bar of the browser, indicating the country where the website is hosted. This comes handy in more cases than you'd think.

lol

Re:Fuck yeah, security theater!

It's kind of silly, but it could tip off the less knowledgeable that something is wrong when they click a phishing link and see that their bank is suddenly hosted in Russia.

Re:Fuck yeah, security theater!

[Alex+Belits]

And what if the link is in US, is it any safer?
And what is they are ordering a Thinkpad, and they "discover" that they are talking to a Chinese server?

It's pointless. There is no added security assurance in lack of scary foreign people operating the server.

Nonsense....

Some malware these days is militarily and politically motivated too.

Surely you understand that the primary military and political motivator is money... everything else is smoke and mirrors.

Re:Nonsense....

[rmstar]

Surely you understand that the primary military and political motivator is money... everything else is smoke and mirrors.

Oh I am sure many people love to believe that. It makes the world a simple and easy place. Power, ego, and ideology play an important role that should not be underestimated.

Re:Nonsense....

Money can get you ego and power. Then the fact you have money and power proves your ideology was right and feeds your ego.

Lahore is in Pakistan

[Jawwad]

Since nobody seems to notice, just wanted to mention that Lahore is in Pakistan. The two brothers allegedly did it to protect their program from being pirated. Whats noteworthy is that they even left their names and contact address, so the victim can contact them to clean up if he/she wants. The message that would appear said: "Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination..." The two brothers, are still running their own business "Brain Telecommunication Limited" in Pakistan.

Fairy tale

> adventures such as flying to Lahore to interview the creators of Brain, first computer virus ever

May have been a cover story. Lahore, Pakistan is a place quite near another nation, a rogue country, whose nuclear weapons effort was so much damaged by super advanced mil-malware. If one wants to look at that code on-site, it is easy to cross from Lahore into the rogue on smugglers' donkeys, without any border passport records. On the other hand it is silly to assume such passes are not monitored by UAVs and NRO satellites. Pakistani skies are brim full of CIA drones.

brennz notorious "ne'er-do-well" troll: A question

""Security expert and notorious self-promoter Mikko Hypponen" "modern malware makers are motivated mainly by money, just as most of the antivirus industry, including F-Secure"." - by brennz (715237) on Wednesday September 19, @08:12PM (#41394357)

Who isn't motivated by ANYTHING since he hasn't done shit himself to help out the problem in malware out there online or otherwise... right? Bet I am!

* I don't even KNOW you, but I dislike your attitude immensely, for what it is - trolling!

QUESTION:

---

What have YOU ever done that helped others vs. the malware-in-general threat out there, hmmm?

---

(Fact is - I'd almost be willing to BET you haven't done a damned thing yourself based on your thoughts you posted that I quoted above...)

APK

P.S.=> Know what I absolutely *HATE*? Trolls & complainers that don't do shit but "talk" (troll) against others that do... & please - DO ANSWER THE QUESTION ABOVE!

... apk

Addendum: As to what Mr. Hyponnen said?

I was onto THAT, years ago (and before that too): It's PROS out there "hacking/cracking" into you, not just "kids having fun" etc./et al:

"Well, nowadays, they're not just after "wrecking your rig" etc. et al, they're after YOU... mainly your cash, or credit, etc. et al (it's now a "money game" man, the serious kind, really)."

FROM -> http://www.pcreview.co.uk/forums/secure-windows-2000-xp-server-2003-and-even-vista-make-fun-do-t3511888p5.html

* Fact is, I was "at this game" (computer security) LONG BEFORE there really WAS a "formal industry" in it... & did my 1st collegiate academia presentation on it, as far back as 1984

(Some proof's below in my p.s. on a few levels in fact!)

APK

P.S.=> SO, as I said above: Things I personally have done around the arena of computer security on a PC?

The guide I quoted from above is featured ALL OVER THE PLACE online & it actually works (here's some testimonials from a user that applied it TO THE LETTER for himself, friends, family, & even paid customers):

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and sh

Re:Addendum: As to what Mr. Hyponnen said?

Speaking of self-promotion...

No, just PROOF (of truth)

"Speaking of self-promotion..." - by Anonymous Coward on Thursday September 20, @11:25AM (#41399901)

See subject-line above: That's all (which my 2nd post here is merely PROOF of MY PERSONAL PARTICIPATION in this area, computer security - since unlike yourself, I can BACK UP MY STATEMENTS about actually *trying* to help out in the arena of computer security, that's all)...

* So, again: Answer the question I asked in my 1st post:

QUESTION:

---

What have YOU ever done that helped others vs. the malware-in-general threat out there, hmmm?

---

Answer that...

APK

P.S.=> You not answering my question BRENNZ (and yes, I know you're replying as AC now)? Says it all... proving my assumptions about YOU, correct in fact!

Thanks for making ME, correct... as usual, lol, especially about TROLLS!

... apk

Re:No, just PROOF (of truth)

You're AC as well.

Oh, this is fun! I'm not Brennz at all! But thanks for aligning me with someone who was smart enough to get you annoyed.

Your posting manner is off-putting enough that we the people of Slashdot find you offensive and would rather "roll our own" than contribute to your ego.

I'd really love to see your list of comment links that you scan every hour, it must be great to have nothing better to do than flame on the Internet!

Umlauts

[rapu]

Sorry to be offtopic, but: I know that TFA is to blame here, but it's Hyppönen, not Hypponen. I wonder if even the Olympics got it right this year. It's not even about charsets anymore, so I guess nobody just ever puts in characters that aren't on their keyboards. Kind of unprofessional journalism, I'd say.

Wasn't annoyed: It was fun!

"Oh, this is fun! I'm not Brennz at all!" - by Anonymous Coward on Monday September 24, @05:01PM (#41442703)

Yea, "right" ( "You're AC as well." - by Anonymous Coward on Monday September 24, @05:01PM (#41442703)

LMAO - "Oh, SURE" brennz: We KNOW you have the option to reply as ac too...

---

"But thanks for aligning me with someone who was smart enough to get you annoyed." - by Anonymous Coward on Monday September 24, @05:01PM (#41442703)

See subject-line above, & of course, the question in my 'p.s.' below as well (& DO *TRY* to answer it, instead of avoiding it, won't you?)

---

"Your posting manner is off-putting enough that we the people of Slashdot find you offensive" - by Anonymous Coward on Monday September 24, @05:01PM (#41442703)

Funny, but, here are MANY instances of your /. peers showing they feel otherwise (via this partial list of my upward moderated posts vs. your b.s.):

---

Roughly 220++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):

+5 'modded up' posts by "yours truly" (6):

HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450
FIREFOX IN DANGER: 2011 -> http://news.slashdot.org/comments.pl?sid=2559120&cid=38268580
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147
COMPUTER ASSOCIATES BUSTED FOR ACCOUNTING FRAUD:2010 -> http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

----

+4 'modded up' posts by "yours truly" (5):

APK SECURITY GUIDE:2005 -> http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198
INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://science.slashdot.org/comments.pl?sid=158310&cid=13263898
What I admire about Theo DeRaadt of BSD fame: 2012 -> http://linux.slashdot.org/comments.pl?sid=3007641&cid=40785151

----

+3 'modded up' posts by "yours truly" (6):

APK MICROSOFT INTERVIEW:2005 -> http://developers.slashdot.org/comments.pl?sid=155172&cid=13007974
APK MS SYMBOLIC DIRECTORY LINKS:2005 -> http://it.slashdot.org/comments.pl?sid=166850&cid=13914137
APK FOOLS IE7 INSTALL IN BETA HOW TO:2006 -> http://slashdot.org/comments.pl?sid=175857&cid=14615222
PROOFS ON OPE

Re:Wasn't annoyed: It was fun!

Wasting your time is more fun than answering your questions. There is no reason to answer. -- I gain nothing from shutting you down, which you do for me anyway. Please continue to misidentify me, it's fun! Who else could I be?

Tacos and grits!

Re:Wasn't annoyed: It was fun!

You avoid his question since it makes you out to be nothing more than a big talker but with no contributions to the general good in terms of computer security.

He also posted 100's of examples that shut you down here:

http://it.slashdot.org/comments.pl?sid=3129943&cid=41449237

Since you said this:

"Your posting manner is off-putting enough that we the people of Slashdot find you offensive" by Anonymous Coward on Monday September 24, @05:01PM (#41442703)

He shut you down with hundreds of examples to the contrary in those posts of his that were up modded.

Now, quit acting like a stalking psycho to top off your other fails shown above.

Re:Wasn't annoyed: It was fun!

You waste time trolling. You shut you down by running from a question.