Slashdot Mirror
Mikko Hypponen's Malware Odyssey
CowboyRobot writes "Security expert Mikko Hypponen talks about his experience at F-Secure, including adventures such as flying to Lahore to interview the creators of 'Brain,' one of the early computer viruses that was spread manually on floppy disks. But while the early virus creators were just trying to have fun and learn, modern malware makers are motivated only by money. 'But there's a misconception that they all necessarily make a lot of money. There's a hierarchy of workers, with some just making a few hundred dollars to $1,000 doing the dirty work of the more experienced online criminals who make the real money.'"
"Security expert and notorious self-promoter Mikko Hypponen"
"modern malware makers are motivated mainly by money, just as most of the antivirus industry, including F-Secure".
Some malware these days is militarily and politically motivated too.
What political party do you join when you don't like Bible-thumpers *or* hippies?
Pauley Perette can save me any time she wants.
Operation Guillotine is in effect.
Surely there's one or two still left doing it for education, to prove a point, or just for the LULZ.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Spending $BIGBUCKS on Stuxnet may be cheaper than spending $BIGGERBUCKS getting rid of Iranian nuclear ambitions the old fashioned way and certainly cheaper than $EVENBIGGERBUCKS of cleaning up after they drop The Bomb on $ALLY.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
"Remember kids, blue collar crime does not pay; and, honestly, most of the lower rungs of white collar crime are only classified that way so that they can keep you on salary rather than pay overtime and don't pay all that well either."
Hacking requires at least 5 monitors to do correctly... That cannot be cheap.
It always runs on drones who are getting screwed over, even when the business is screwing over other drones.
It looks like a description of the way every communication network functions and has since the '70s.
You discover when you look at it that it doesn't escape normal economic rules, in that the lower tier people doing menial work don't make tons of money, they make low wages. Even at the higher end it really doesn't pay that well, comparatively. You look at the drug lords and say "Wow those guys have a lot of money," but realize it is very few of them. then compare them to their legit rivals, the top tier businessmen like Gates, Buffet, Bezos, and so on, and they really don't compare all that well.
Crime ultimately ends up being just another kind of business.
If stupid people would quit clicking on stupid things.
Yep, the entertainment industry, including the print media, do seem to be in love with that bogus image.
The image:competence ratio is pretty well understood for these kinds of things.
I never had any qualms about approaching the "conventional" and "normal" female IT staff for info or advice because I knew they were usually good for it.
But I didn't waste time on the Goths in black, with the tats, and the piercings, and the 'tude, because at least 90% of the time they didn't have a clue, although they'd try to hide it by quoting some just-memorized WP article about Nessus or Snort, even when it was totally irrelevent to the topic.
Still... The latter always had the coolest (legally changed) names, so I guess they were just way too 1337 for the likes of me, and when I thought they were utterly wrong they were actually right, but I was too much of a n00b to realize it.
"viruses that was spread manually" ... There have been a few manual viruses, notably Good Times, and The Honor System Virus, but I'm pretty sure Brain was automatic.
It's sad that we've gotten to the point where anything short of an outright worm is considered "manual".
Hypponen's security must-haves: A nifty tool, which is not ours but which I'd like to recommend, is Flag for Chrome or the Firefox equivalent, Flagfox. It's a handy extension, which shows a flag in the URL bar of the browser, indicating the country where the website is hosted. This comes handy in more cases than you'd think.
lol
Contrary to the popular belief, there indeed is no God.
Spammers profit even if NO ONE falls for spam. They only have to convince their "clients" that someone does.
Contrary to the popular belief, there indeed is no God.
Since nobody seems to notice, just wanted to mention that Lahore is in Pakistan. The two brothers allegedly did it to protect their program from being pirated. Whats noteworthy is that they even left their names and contact address, so the victim can contact them to clean up if he/she wants. The message that would appear said: "Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination..." The two brothers, are still running their own business "Brain Telecommunication Limited" in Pakistan.
Oh I am sure many people love to believe that. It makes the world a simple and easy place. Power, ego, and ideology play an important role that should not be underestimated.
Your post advocates a
( ) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
""Security expert and notorious self-promoter Mikko Hypponen" "modern malware makers are motivated mainly by money, just as most of the antivirus industry, including F-Secure"." - by brennz (715237) on Wednesday September 19, @08:12PM (#41394357)
Who isn't motivated by ANYTHING since he hasn't done shit himself to help out the problem in malware out there online or otherwise... right? Bet I am!
* I don't even KNOW you, but I dislike your attitude immensely, for what it is - trolling!
QUESTION:
---
What have YOU ever done that helped others vs. the malware-in-general threat out there, hmmm?
---
(Fact is - I'd almost be willing to BET you haven't done a damned thing yourself based on your thoughts you posted that I quoted above...)
APK
P.S.=> Know what I absolutely *HATE*? Trolls & complainers that don't do shit but "talk" (troll) against others that do... & please - DO ANSWER THE QUESTION ABOVE!
... apk
Sorry to be offtopic, but: I know that TFA is to blame here, but it's Hyppönen, not Hypponen. I wonder if even the Olympics got it right this year. It's not even about charsets anymore, so I guess nobody just ever puts in characters that aren't on their keyboards. Kind of unprofessional journalism, I'd say.