Malware Attribution: Should We Identify the Crooks Who Deploy It?

Brian Krebs asks: What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it's important to consider attribution insofar as it is knowable, but it's remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools.

Like Sourceforge?

[nt]

Re:Like Sourceforge?

[NotDrWho]

Now, now, there is no need to insult crooks by associating them with Sourceforge.

Re:Like Sourceforge?

i wonder if apk can fix this with a hosts file. he really is quite obsessed with them, to teh point of not using other tools even when they can complement a good hosts file. like a religious zealot. oh and i love the way he declares victory every time he gets trolled, he takes the bait EVERY SINGLE TIME and pats himself on the back for it. an amazing feat of self-delusion.

Re:Like Sourceforge?

[Em+Adespoton]

i wonder if apk can fix this with a hosts file. he really is quite obsessed with them, to teh point of not using other tools even when they can complement a good hosts file. like a religious zealot. oh and i love the way he declares victory every time he gets trolled, he takes the bait EVERY SINGLE TIME and pats himself on the back for it. an amazing feat of self-delusion.

apk can fix this with a hosts file really easily:
0 slashdot.org

Re:Like Sourceforge?

he takes the bait EVERY SINGLE TIME and pats himself on the back for it

Are you apk? I ask because you seem to have his same preference for using caps instead of <b> and </b> to emphasize things. Also, you didn't capitalize your sentences... just like apk.

So either you're apk and you're trolling us, or you're not apk and you're trolling him. Nice job!

Re:Like Sourceforge?

Sourceforge...Sheeeesh. Who do they think they are, Sony??

Re:Like Sourceforge?

[CastrTroy]

This has been going on for quite a while. I don't know why this is news to everybody or why all of a sudden we are making a big deal out of it. Here's an article from 2013 about how GIMP was abandoning Sourceforge because of their shoddy, adware ridden, installers.

Re:Like Sourceforge?

Crap - you said his name three times!!

Re:Like Sourceforge?

[drinkypoo]

I don't know why it's news all of a sudden, we made a big deal out of it because a highly-voted submission on the subject was ignored, then another one, then another one... the first one was before the weekend...

Re:Like Sourceforge?

[CastrTroy]

If the first one was accepted, it would have been filled with complaints about "how is this news?", along with a bunch of ranting and raving about how the editors don't know how to do their job. I don't see what we gained from having this story posted on slashdot. Most people who come here probably already know that Sourceforge is a hive of scum and villainy, and has been on most of our ignore lists for quite some time.

Re:Like Sourceforge?

I like how he comes up with all kinds of crazy lies that clearly are believed by nobody.

I mean, apparently he is a security GOD who was a college athlete and is now wealthy and retired. We all have him misunderstood, he only sounds like someone with severe mental and emotional problems.

No don't it will only create notoriety

It will make people famous, and not in a good way. It will actually enable a form of "terrorism" in that people will seek to become known and do more and more shocking and personalized computer crime. This will lead down a very very bad path.

Re:No don't it will only create notoriety

[fustakrakich]

We could "ID" them in the obituaries...

Re:No don't it will only create notoriety

[jellomizer]

For many of these folks, they don't see themselves as being the bad guy. But Innovative entrepreneurs, or activist for some cause.
They don't seem to realize, how much harm they are actually causing.

This notoriety, could be similar to the notoriety a sex offender has. Not of a lone rogue, fighting the good fight while bucking the system. But as that creepy guy who has access all your personal data, and will use it to profit off of it, and causing people like your grandmother to suffer, during their golden years.

Re:No don't it will only create notoriety

[Noah+Haders]

typically, the first step in convicting someone of a crime is to identify who did the crime. Second step, arrest that person. So it makes sense to try to identify the person who made the malware.

non sequiter, it was kinda funny that the silk road guy went by the name 'dread pirate roberts', but nobody came along to pick up the name and keep it going. Ruins the point?

Re:No don't it will only create notoriety

[Chris+Mattern]

non sequiter, it was kinda funny that the silk road guy went by the name 'dread pirate roberts', but nobody came along to pick up the name and keep it going. Ruins the point?

None of the "Dread Pirate Roberts"es were in fact caught. They all retired on their riches, passing the title down to a successor in the process. So the situations aren't the same.

Re:No don't it will only create notoriety

The problem is that notoriety is a good thing to the creeps. When I was in college a few years ago, the prof actually took an anonymous, blind survey that if one had the ability to double-cross a senior out of their retirement, but it would net the person a BMW... the majority of the class put on their ballot that they wouldn't hesitate to do so, if given the chance.

Twenty years ago, if you walked up to someone and called them a liar, a fight would ensue. These days, it is a term of endearment, and being the liar's sucker is where the insult lasts. Watch "Shark Tank", "The Apprentice", or many other shows like that. The person who wins is the one who is the one that can throw everyone else under the bus. Those shows teach that one doesn't need any other skills to survive in an urban area except cunning and the ability to BS.

Some git who manages to do a bunch of harm (scamming retirees) is only going to be looked at in a good light in a Robin Hood scenario. Or it will be looked like a P. T. Barnum... and even though he was noted for using people, he was quite well respected for being able to put one over on others.

Sad, but true. If someone is a thief, they are respected as a "liberator". Even petty shoplifters are given cred these days because they solved a "puzzle" by getting past store security and scoring their prize.

Re:No don't it will only create notoriety

We could "ID" them in the obituaries...

Where is a "like" button when I need one.

Re:No don't it will only create notoriety

[cwsumner]

... Some git who manages to do a bunch of harm (scamming retirees) is only going to be looked at in a good light in a Robin Hood scenario. Or it will be looked like a P. T. Barnum... and even though he was noted for using people, he was quite well respected for being able to put one over on others. ...

That has been true for thousands of years ... in some circles.

I prefer not to travel in those circles. They are a disaster waiting to happen, stand clear or be collateral damage!

Why WOULDN'T you?

[argStyopa]

Seriously, if someone is running around breaking windows (pun intended) in your neighborhood, they're outed in the local crime report.
If they did it to 1.5 million homes, I'd bloody well expect that yes, they should be identified.

I personally wouldn't object to having them branded, either.
Or, if you're more Adam Smithy, just suspend their ability to file civil lawsuits allowing people to do whatever they want to them that doesn't actually rise to criminal activity.

Re:Why WOULDN'T you?

[drinkypoo]

The problem is that you don't want to give them notoriety. Some of them are in it just for that. Stupid, sure, but still true.

Re:Why WOULDN'T you?

[SpaceCommander]

Risk/Benefit is not on the site of actor attribution. Easy to get wrong, hard to get right. And we do things like wage DoS attacks against adversary nations of shaky evidence. Or at least good evidence that they haven't made public. That's why.

Re:Why WOULDN'T you?

Criminals who profit from malware would shun publicity. The problem is more like identifying them 100%

Re:Why WOULDN'T you?

[geekmux]

Seriously, if someone is running around breaking windows (pun intended) in your neighborhood, they're outed in the local crime report. If they did it to 1.5 million homes, I'd bloody well expect that yes, they should be identified.

I personally wouldn't object to having them branded, either. Or, if you're more Adam Smithy, just suspend their ability to file civil lawsuits allowing people to do whatever they want to them that doesn't actually rise to criminal activity.

I'm curious, what say you when you are the one spending thousands to try and wipe out Google's search history after you're wrongly accused of said hacking crime and you successfully defend yourself and your reputation in court, but it still lingers for all future employers to search and find, all because you "bloody well expect" such a "criminal" to be branded immediately.

Seems few people really think of the consequences of shit like this, especially if framing professionals for cybercrimes may turn out to be just as popular as committing the crime itself.

Re:Why WOULDN'T you?

[chispito]

Seriously, if someone is running around breaking windows (pun intended) in your neighborhood, they're outed in the local crime report.

Actually, blotters don't publish the identities of the suspects because they're suspects. In the same way, I'm sure these companies are sharing more information with law enforcement than with the general public.

I prefer it this way to having a bunch of scripting vigilantes on Reddit doxing the wrong the guy.

Re:Why WOULDN'T you?

[jriding]

Like Lenovo?? There is no question who pushed it onto YOUR new device. They approved it, they knew what it was, they forced it on you with no way or little way to remove it.
Yes call them out in a big way.

Re:Why WOULDN'T you?

[g01d4]

I'd think they'd prefer notoriety under an alias, e.g. "The drinkypoo Bandit" rather than a real name unless they could obtain attribution knowing there wasn't enough evidence to convict.

Re:Why WOULDN'T you?

[geekmux]

Like Lenovo?? There is no question who pushed it onto YOUR new device. They approved it, they knew what it was, they forced it on you with no way or little way to remove it. Yes call them out in a big way.

You might not have noticed before when I stated a wrongful accusation.

Lenovo was far from being 100% innocent in their actions, as you state.

Someone who is truly wrongfully accused will spend years and tens of thousands of dollars or more repairing their reputation, which most individuals can't even afford to defend the accusation, much less the clean-up efforts.

Re:Why WOULDN'T you?

[Ravaldy]

They would get a good 30 seconds of fame. That's about it. To have your name echo through time you need to have done something impactful to the whole world like Snowden did. There are many other examples but you get the point.

Re:Why WOULDN'T you?

Like the pedophiles that are in for the notoriety and attention of being on the sex offender list?

It breeds an "if I see you on the street...." situation which remedies itself.

During OJ's short run of freedom before the karma police came to get him, do you think a day went by when he wasn't given dirty looks while in public?

Every malware distributor (including Binki*) should get booked with those lovely mugshots and be associated with their malware, so that later when they ultimately give up their schemes and scams - hiring managers like myself can tell them to go f*ck themselves. ;)

Re:Why WOULDN'T you?

And on that note, how many of you will still download junk from sourceforge (even though they pinky promise...)

How many of you would hire anyone associated with Sourceforge management for a management position in your (non malware pushing) company?

That's why you expose the malware authors and distributors, so that they may enjoy the lasting effects and repercussions of douchebaggery.

Re:Why WOULDN'T you?

It's trickier than this. Rest assured that malware authors are getting ID'd all the time, and the proper authorities are notified. There's also community clustering of malware going on "the same person who wrote X wrote Y" -- which combined with the first, helps the authorities out.

The problem is that there are many people in many places writing (and subverting) malware for many reasons. So you've got the Russian and Romanian malware authors who the state turns a blind eye to (for one reason or another), the state actors from Israel, N. Korea, China, the US and the UK, whose wares are sometimes dangled in front of malware gangs, you've got script kiddies all around the world doing things for the lulz using available code bases, etc.

Plus, you've got multiple layers of wrappers used (almost) exclusively by the malware gangs, but anyone can go and purchase one of these packs and use it to protect ANY software. Inside that, you might have malware from a number of sources. Malware pedigree is as tangled a thing as bundleware pedigree -- compounded by the fact that since it's illegal in the first place, copyright doesn't come into play at all -- you often get one group ripping off code/code fragments from another.

So depending on the kind of publicity, it might be exactly what the criminals want. Nation States don't want the publicity, but if a Romanian who writes driver-level malware under the name of Sk33z is outed (that is, malware X is known to be written by "Sk33z"), that means that he can go on bootkitmalware4sale.com and command a higher price from everyone wanting to drop his work into their exploit kit, or even hire him to write some custom code.

This is why most anti-malware solutions have moved away from identifying the malware by stuff they find within the code, and attempt to avoid attribution. It doesn't mean that nobody "in the know" knows who wrote it, just that nobody's going to enable the malware black market by admitting to knowing.

Re:Why WOULDN'T you?

[requerdanos]

Of *course* they publish the names of suspects. Heck, where I live you can go to the county website and see names and photos of people arrested on suspicion of a crime, who have not been convicted, most of whom will never be convicted. You can try it out here.

Re:Why WOULDN'T you?

[StikyPad]

The ones who are in it for notoriety will claim credit anyway. It's the ones who want to remain in the shadows who are generally the most dangerous. This includes state actors.

The only downside I see to identifying the authors and/or users is that it potentially tips them off as to the identifying characteristics of their software so that they can better cover their tracks in the future. It can be easier to stay ahead of an adversary if they don't know that you're ahead. This is not "security through obscurity," it's just a tactical advantage.

Re:Why WOULDN'T you?

[chispito]

After posting I realized I used the wrong term. It was a bad analogy. The point is that attribution is really, really difficult and The Boy Who Cried Wolf and all that.

Re:Why WOULDN'T you?

[bouldin]

Malware attribution is so difficult that I only know of one company that makes a serious attempt at it: crowdstrike.

Re:Why WOULDN'T you?

[drinkypoo]

I'd think they'd prefer notoriety under an alias, e.g. "The drinkypoo Bandit" rather than a real name unless they could obtain attribution knowing there wasn't enough evidence to convict.

That's why some antivirus companies deliberately change the names when reporting, from whatever the author wants it to be called (when they can tell.) They don't want to provide them notoriety under their chosen alias.

Re:Why WOULDN'T you?

[jrumney]

If you can identify them by their real name in a way that will lead to them being caught and punished, then go for it. If you are identifying them by an online pseudonym that they use on darknet message boards, you are only giving them notoriety that may help them gain future customers.

Re:Why WOULDN'T you?

[Darinbob]

I suspect they don't know the actual name of the person, but they only know the handle that the person uses in some forums. Like graffiti, sure we know that BadAzz wrote his name up on the overpass but we don't know how to find and fine him.

Re:Why WOULDN'T you?

I don't know. The US and Israel are already pretty notorious.

Kido

[__aabppq7737]

Did Conficker's authors DDOS trafficconverter.biz? What was the big picture of owning several teraFLOPS of power of hacked home PCs? Probably more than selling SpyProtect 2009.

the mobile site distributes malware in asia

[gl4ss]

or at least it sometimes jumps you into an android apk installation page.

also the ads on the mobile make the mobile slashdot site pretty much unusable. they're so bad. they not only take the whole screens worth every few articles but also run some javascript that makes the browser crawl and jerk. in addition some of the ads are friggin videos.

Re:the mobile site distributes malware in asia

[jrumney]

Is it only in Asia that this happens? I ticked the "Disable Advertising" box because of the intrusiveness of the advertising, especially on the mobile site, but it seems that box unticks itself in Asia too.

Re:the mobile site distributes malware in asia

[gl4ss]

I just thought that the disable advertising doesn't work on the mobile site(i got adblock on desktop).

I'd like to think that the slashdot folks would have noticed the malware ads if they appeared in europe.

No

No, I don't think we should identify Dice Holdings Inc. as crooks who deploy malware through Sourceforge downloads.

Not remarkable at all.

[Ungrounded+Lightning]

Anti-malware companies try to appear as experts.

Malware authors try to be anonymous, leaving minimal personal signature in the malware. Malware authors also share code and reverse-engineer each other's code and use the result, so even style may be misleading. So even experts would have difficulty attributing it to any particular person,

That means any attempt to identify the author - as a real person, an alias, or a label under which to group multiple products of the same author, will be very error prone. With law-enforcement and other security types attempting to defend against and/or apprehend the authors, and the authors trying to hamper the anti-malware people and companies some of these errors would come to light. This would reduce the reputation of the anti-malware workers and companies, without regard to their success at malware defence.

So it is no surprise to me that andi-malware people and companies don't publish the results of any attempts they may make to identify the authors in the course of their work. Why should they take a risk like that for no perceivable gain? The risk/benefit ratio says don't even speculate.

I'd just like to know...

[JumpinJohnny]

How much malware is produced by government/military organizations vs. criminals vs. corporations. There is probably plenty of overlap.

ID below.

Dice.com

Personally

I would like to see them outed and then strapped to a chair and beaten with large hammers. Fuckers.

Re: Personally

OK, what did timmy post this time?

No different than anything else

[ScentCone]

It's no longer fashionable to associate human character, judgement, and action with unpleasant results. Malice? There is no malice. There is only the problematic tool or technology, against which we should rage. It's not murder, it's a "gun death." It's not a reckless jackass badly flying a GoPro in a crowded place, it's a "drone incident." It's not a bad driver, it's another "SUV death." It's not a criminal trying to steal your savings or reputation, it's "malware."

Talking out loud about how actual humans are responsible for the stupid or evil shit they do is no longer acceptable. That would mean assessing their intelligence, or making a considered moral judgement, based on some sort of, you know, identifiable value system. We can't have that! We'd need to post Trigger Warnings near any discussion that might result in the horrifying prospect of recognizing that not everyone is as smart as everyone else, or calling an evil actor evil, because, you know, judging. Much better to talk only about the scary tools, never about the people. Hey, Russian credit card scammers and bot farmers are really the victims, here - the malware made them use it. Probably of some sort of western patriarchal influence and whatnot.

Re:No different than anything else

There is a level of craziness to this post but unfortunately its the natural conclusion of post structuralism.

The world is unknowable, science is fraud, value systems are arbitrary, morals are arbitrary. Ideologies are systems of oppression. Except you know, for our ideology which oppresses cis scum.

Re:No different than anything else

[ScentCone]

There is a level of craziness to this post

Of course there is. I'm describing a pervasive, increasingly toxic type of craziness that impacts nearly every bit of public discourse that pops up when anything bad is being discussed. If such discussions were generally rational, there'd be nothing to have to talk about. But rational discussions involving causality and agency are now considered rude, like gluten.

Re:No different than anything else

Recalcitrant dotard. My god, the thought that the new generation might have new moral values: what is the world coming to? And that's assuming that the trend identified actually exists, which I judge instead as confirmation bias brought on by an evil habit of mind, a malicious misanthropy. I would dissect your rant if I thought it merited a response, but instead I will merely take comfort that your surfeit of bile is its own punishment.

Re: No different than anything else

Are you equal in intelligence, as the next person? Did you ever get a "b", or score a 99 on a test. Many others have. Why condemned them. Their forte may be different then yours. Some may be better in an urban, or a wilderness environment. Why complain, you are not robots.

Re: No different than anything else

[ScentCone]

Are you equal in intelligence, as the next person?

No. I'm smarter than a lot of people, and many many people are smarter than me.

Did you ever get a "b", or score a 99 on a test

Oh, I've done MUCH worse than that.

Why condemned them

Why are you asking me? Have I condemned anybody? I'm condemning those who try to pretend that nothing bad is ever anybody's fault. That (relative to the article we're talking about, here) fact that focusing on the tools people use (or mis-use) and ignoring the fact that it's people using those tools is intellectual laziness and often cowardice in the face of political correctness.

Some may be better in an urban, or a wilderness environment. Why complain, you are not robots.

So you agree - people are different, and not all are equal. But ignoring that, we're talking about when people use tools (like malware) to steal other people's assets and reputations.

Re:No different than anything else

[ScentCone]

My god, the thought that the new generation might have new moral values: what is the world coming to?

Really? You think a "new generation" is so simple-minded that they can't use reason to put together a value system that arrives at the same destination as so many others? You think it's a good thing to change out values like ... stealing people's stuff is morally bad? Like, using your l33t haxx0r skills to ruin someone's reputation for the lulz is bad? You're confusing the tools and technologies that a new generation finds at their disposal with being somehow related to the philosophical underpinnings of their value system.

I'm delighted that, despite the fastest growing population in the world appearing to embrace medieval theocratic nonsense as the basis of their value system, that at least a fair portion of the world has gone more down the route of using reason to examine and reinforce their moral code. Yes, a "new generation" may indeed show less of the superstition-based trappings surrounding the fringes of judeo-christian culture, but basic stuff like "don't use your new [whatever technology] to steal people's shit" doesn't mean that a moral code based on that reasonable observation that doing so is objectively bad means that changing [whatever technology] means the moral code is changing. Just, sometimes, the venue in which it's applied.

That's why pretending that it's malware that's the issue, and not abusive thieves and vandals (people), is an act of moral cowardice. Because it's the same old stuff, different playing field. People who focus on the gun, the car, the piece of viral code, whatever - they're too chickenshit to address what's actually at play: other people whose world views are broken enough to make malicious use of the tools. People scared of making value judgments about other people always, always reach for the tool as the villain. That says more about that person than it does about the actual villain.

I would dissect your rant if I thought it merited a response

Hey look! You're doing it right now. That's actually pretty funny.

Re:No different than anything else

Minors have a right to privacy, correct? Maybe that should extend to adults. But as for felonies, probably not. However, I think it should also depend on if a conviction is made.

So, unless someone opts to out themselves for non-felony charges as an adult, privacy should be respected by the criminal justice system.

As for drones... we should consider making it illegal to fly drowns over any crowds by non-pilots. And by drones I mean those devices which weigh over a certain amount.

Key word: Apparently

"... about the crooks apparently ..."

Would you like your name to be posted as a malware crook because a real malware crook faked some info about you?

That is not the real problem

[s.petry]

Most malware is hosted and served out by businesses most people consider "legit". This is second only to Governments who infect millions of devices often inadvertently.

In both of those cases, there is no use in reporting. Oh yeah, some schlep will probably be made to be a fall guy but the shit storm will still be there churning out shit.

Report when the correct people can be, and are, held accountable for their actions. Until then, all men are created equally and have the same rights under due process. If one class of people puts themselves above the law, the laws are invalid. Unfortunately this is a cyclical problem in history. Expect vigilantism to increase until things are put back into balance.

SourceForge

Anything from SourceForge should be suspect and considered malware.

Um, of course

Why let them get away with how much they cost others?

Identify them so the next steps can be taken.

Get rid of these criminals and put them in jails.

SourceForge and DICE

There, just saved you a load of time.

Fuck Slashdot and fuck SourceForge.

"crooks"..."insofar"...?

Did someone's retired attorney grampa write this summary?

Yes

Yes - posthumously

Difficult

Correct attribution is difficult, if not impossible. Oh, it's these people here in China? How do you know? Do you have resources in China to verify that? What if it's a false-flag using China as a scape-goat? What if they are just Chinese citizens but working for a Russian mafia? What if they are just a relay point being used by a more sophisticated adversary to hide themselves?

The digital information used for attribution is so easily manipulated that it's nearly impossible to be 100% sure you have the right person... without a police style sting where you record the attacker in action.

Oh? DNS registration info? pffft, full of fake info or an easily setup front business. Router logs... are you sure that's correct? Are you sure your router isn't owned? Even if it's not, what does that prove other than an IP address? Forum posts, social media... all laughable 'evidence'.

Most Malware/Attacker attribution is a joke, just a bunch of loose connections and assumptions.

Re:Difficult

[bouldin]

The digital information used for attribution is so easily manipulated that it's nearly impossible to be 100% sure you have the right person... without a police style sting where you record the attacker in action.

For malware, attribution can be inferred by looking at code similarities among the malware.

Re:Difficult

> For malware, attribution can be inferred by looking at code similarities among the malware.

Useless. It might help you categorize groups of malware into a family as 'possibly written by the same person or group or nation' but it won't tell you who they are or where to find them. Also, the lower end of the malware spectrum has a lot of shared code, thus making things seem related even though the only connection is that two separate groups downloaded the same code snippet. And advanced malware will not have any shared code, or all the important things will be encrypted anyway. Regardless... still won't help you identify who wrote it. But sure helps people speculate and jump to conclusions.

Re:Essentially I do already... apk

> it's no "big stretch" effort to see who owns those domains that are used for malicious purposes of ALL kinds either FOR identification purposes.

Newsflash. All that domain registration info is fake and useless for identification.

Oh cute

The "expert" in looking stern and saying "HAXX0RZ DID IT" on his blog deigns to come and spread the gospel of his blog in person here.

I really cannot decide if this is more pathetic or more sad than the incessant hipster site spam in faux-physics sauce (new science-y-er taste!) found elsewhere on this site. I do think he's poster child of what's wrong with computer security today: Nothing but s'kiddies toying with stolen merit badges long after all meaning has fled out like magic smoke, bickering and arguing about hat colour and who is more ETHICAL than the other, but no substance. It's no surprise that in the last few decades nothing of lasting value has been produced by that entire industry.

Of Course

[Kozar_The_Malignant]

Of course they should be identified. How else can we hunt them down and castrate them?

Sir Francis Drake, State-Sponsored Pirate

Think bigger. Think state or dark-money sponsored. The 1800's term "privateers" also comes to mind. Who paid them? Now-days we have.contractors, shell games, and shadowy non-profits.

Before the net was available, one covert group funded operations by selling drugs to minorities in Los Angeles... Now we have U.S. ties to a cartel in Mexico and POLITICAL killings there? With student-teachers speaking out against corrupted officials and the change of their constitution to allow privatizing oil, bigger interests are involved.

As for sex, recall that a propaganda contractor (an interviewer from a fake news network), who exposed as working for Bush, also ran adult websites. (credit Jon Stewart and team for that tidbit) Hmmmm. What agency did daddy Bush once head?

Think "crooks" big enough to use contractors that would take over news/discussion sites and a repository. Remember the altered compilers to make every produced app into a trojan? Who would want access to EVERYTHING?

But as long as it doesn't kill people, burn down houses, or trash favorite beaches, what's a little malware?

1st of all: I said "IF possible"... apk

See subject: Partial quotes of me don't cut it (neither are downmods & your truly anonymous coward bs either). That's "up there" with putting words in my mouth I never said so LEARN TO READ/get "hooked on phonics" remedial reading lessons please - you evidence you NEED them in that poor tactic of yours... lol!

* Yours is not an absolute either & how it always is... + they're easy to shutdown in the end via the same methods I extoll anyhow so, there ya go.

APK

P.S.=>

"Newsflash. All that domain registration info is fake and useless for identification" - by Anonymous Coward on Monday June 01, 2015 @02:39PM (#49816623)

Again - See subject: Apparently YOU sound as if you're "THE VOICE OF EXPERIENCE" there. Guess it "takes on to KNOW one" & their machinations... apk

Essentially I do already... apk

See subject: Via APK Hosts File Engine 9.0++ SR-2 32/64-bit: http://start64.com/index.php?o...

* Simply by BLOCKING SOURCES OF THOSE THAT SERVE Malicious Content (malware, maliciously scripted pages OR adbanners, etc.) or THEIR "Command & Control" Servers (for botnets etc. - et al)...

(It's no "big stretch" effort to see who owns those domains that are used for malicious purposes of ALL kinds either FOR identification purposes... so, again per the SUBJECT of "Malware Attribution: Should We Identify the Crooks Who Deploy It?", basically I do, giving you the 'leads' to IDENTIFY them & as the article states, IF possible (emphasizing THAT for the totally unidentifiable COWARD douche who misquoted me & downmodded me here http://it.slashdot.org/comment... on that note earlier in that very link, *trying* effetely & vainly to "put words in my mouth" I never said via partial quotes only of myself...))

Giving credit where it's due too of course:

I couldn't DO that minus the excellent sources from the security community itself that my program imports data from, especially MalwareBytes' hpHosts' Mr. Steven Burn (The guy is TOP NOTCH) & Mr. Henry Hertz Hobbitt of SecureMecca (who is also TOP NOTCH to the extreme in his know-how regarding hunting botnets etc.) the most - they're great guys!

APK

P.S.=> For the most in added security, speed, reliability & even anonymity (to a lesser extent on the latter only though)?

APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

There are several layers of parties involved

Farallon Research...

they should be id'd and prosecuted

can't make WMDs in your spare time and leave them around either.

it would backfire

[bloodhawk]

attribution would backfire and just create competition for who could become the most notorious.

Sourceforge!

I wanted to download a software package for a popular open-source project. For some reason, the only official download option was Sourceforge(!), and the package took the form of a self-extracting archive *executable* file (!!) instead of a simple ZIP file. Given the many examples of spyware bundling for open-source software hosted on Sourceforge, like the GIMP installer for Windows, I wanted to somehow check that the executable I downloaded didn't have a spyware payload. So, I decided to run HijackThis before and after running the executable I downloaded. Oh, wait, I don't have a copy of HijackThis on my computer at the moment. That's okay, I'll just go and download it from...

Ugh!!! You guessed it: Sourceforge!

Well, played, Sourceforge! :-/

Re:Essentially I do already... apk

Welcome, apk, the local retard who fools around with goats!

He likes it kinky... he loves to get fisted!

Captcha: partaker:

I know this one!

[fuzzy2k]

Should We Identify the Crooks Who Deploy It? Yes. Thanks for asking.

Re:Essentially I do already... apk

Off topic trolling's all ya got vs apk? You like to fail http://it.slashdot.org/comment...

DarinBob = "Run, Forrest: RUN!!!"

See subject "Forrest" & this -> http://tech.slashdot.org/comme...

You're FAR from a security expert pal... apk

Bouldin's Golden Top 10++ 'greatest hits' fails

"Nobody uses hosts files for security" - by bouldin (828821) on Thursday May 21, 2015 @05:53PM (#49746865)

FROM -> http://it.slashdot.org/comment...

SpyBot S&D does!

---

NOD32/ESET's says hosts = good security http://slashdot.org/comments.p... as I "overturned" an expert on a false positive on my Hosts program who gave in!

(MalwareBytes' employee VETTED it & hosts + RECOMMENDS it-> http://hosts-file.net/?s=Downl...

---

Mr. Oliver Day @ Symantec/Norton does: http://www.securityfocus.com/c...

Bouldin denied it:

"I don't see Oliver Day of SecurityFocus on there" - by bouldin (828821) on Thursday May 21, 2015 @08:43PM (#49747763)

FROM-> http://it.slashdot.org/comment...

---

Bouldin wrote a ware that secures you + SPEEDS YOU UP (vs antivirus - not as effective vs. online modern threats, mine is stopping infestation BEFORE it gets you & IF in you stops communique BACK to C&C!) security pros second me on? No.

---

Bouldin AGREES hosts give users security, speed, reliability, & anonymity:

"Hosts files are NOT effective at blocking command&control of botnets. I actually agree with most of the rest of the list, but hosts files are not the silver bullet you make them out to be." - by bouldin (828821) on Thursday May 21, 2015 @05:53PM (#49746865)

FROM -> http://it.slashdot.org/comment...

I never said hosts "cure all" + challenged him to show where I have - he couldn't.

Then Bouldin RAN vs. https://zeustracker.abuse.ch/m... since served up by host names hosts block.

(He *tried* DGA botnets later & they're ephemerals - LOW infection odds & below KILLS 'em + e.g.: 0.0.0.0 DGABotnetCandC#.com )

---

Bouldin tried Python scripts w/ DNS to rogue DNS server (firewalls stop this)!

Can't sneak it in: I CUTOFF AVENUES TO IT in my security guides:

E.G.-> http://forums.tweaktown.com/wi...

http://forums.pcpitstop.com/in...

(Based on CIS Tool an esteemed security tool I've put fixes in)

APK

P.S.=> See subject... apk

Bouldin != a security expert... apk

Bouldin's Golden Top 10++ 'greatest hits' fails

"Nobody uses hosts files for security" - by bouldin (828821) on Thursday May 21, 2015 @05:53PM (#49746865)

FROM -> http://it.slashdot.org/comment...

SpyBot S&D does!

---

NOD32/ESET's says hosts = good security http://slashdot.org/comments.p... as I "overturned" an expert on a false positive on my Hosts program who gave in!

(MalwareBytes' employee VETTED it & hosts + RECOMMENDS it-> http://hosts-file.net/?s=Downl...

---

Mr. Oliver Day @ Symantec/Norton does: http://www.securityfocus.com/c...

Bouldin denied it:

"I don't see Oliver Day of SecurityFocus on there" - by bouldin (828821) on Thursday May 21, 2015 @08:43PM (#49747763)

FROM-> http://it.slashdot.org/comment...

---

Bouldin wrote a ware that secures you + SPEEDS YOU UP (vs antivirus - not as effective vs. online modern threats, mine is stopping infestation BEFORE it gets you & IF in you stops communique BACK to C&C!) security pros second me on? No.

---

Bouldin AGREES hosts give users security, speed, reliability, & anonymity:

"Hosts files are NOT effective at blocking command&control of botnets. I actually agree with most of the rest of the list, but hosts files are not the silver bullet you make them out to be." - by bouldin (828821) on Thursday May 21, 2015 @05:53PM (#49746865)

FROM -> http://it.slashdot.org/comment...

I never said hosts "cure all" + challenged him to show where I have - he couldn't.

Then Bouldin RAN vs. https://zeustracker.abuse.ch/m... since served up by host names hosts block.

(He *tried* DGA botnets later & they're ephemerals - LOW infection odds & below KILLS 'em + e.g.: 0.0.0.0 DGABotnetCandC#.com )

---

Bouldin tried Python scripts w/ DNS to rogue DNS server (firewalls stop this)!

Can't sneak it in: I CUTOFF AVENUES TO IT in my security guides:

E.G.-> http://forums.tweaktown.com/wi...

http://forums.pcpitstop.com/in...

(Based on CIS Tool an esteemed security tool I've put fixes in)

APK

P.S.=> See subject... apk