Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Internet Explorer The Internet Microsoft Security

New IE Malware Captures Passwords Ahead Of SSL 986

Posted by simoniker
from the tricky dept.
Ken Treis writes "SANS Internet Storm Center is reporting on a new strain of IE Malware. This one targets bank customers, which in itself is nothing new. But the catch is in the way it does it: it installs a Browser Help Object (BHO) that can capture login information before it is encrypted, and 'watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.'."
This discussion has been archived. No new comments can be posted.

New IE Malware Captures Passwords Ahead Of SSL

Comments Filter:
  • by Carnildo (712617) on Tuesday June 29, 2004 @02:53PM (#9563705) Homepage Journal
    Cue the "Gee I'm glad I use FireFox on Linux" posts.
    • by Anonymous Coward on Tuesday June 29, 2004 @02:55PM (#9563726)
      Gee I'm glad I use FireFox on Linux.
    • Re:Coming events (Score:5, Insightful)

      by Anonymous Coward on Tuesday June 29, 2004 @02:59PM (#9563780)
      Gee I'm glad I use FireFox on Linux!
      Except when I'm at work...

      I've got no choice at the office. So should I just stop doing online banking at work because the computers happen to use the most popular operating system and browser in the world?

      It does seem surprising that this hasn't been done before.
      • Re:Coming events (Score:5, Insightful)

        by IsaacW (543020) <isaac.waldron@NOspAM.gmail.com> on Tuesday June 29, 2004 @03:19PM (#9564037) Homepage
        So should I just stop doing online banking at work because the computers happen to use the most popular operating system and browser in the world?
        Nope, you should just be smart about your office desktop's security settings and perhaps even use the browser-help-object (BHO) listing tool noted in the linked article: http://www.definitivesolutions.com/bhodemon.htm [definitivesolutions.com]. I just checked my desktop, and it wasn't infected; so I'll still do banking online and continue to be wary of security issues.
        • Re:Coming events (Score:5, Insightful)

          by 955301 (209856) on Tuesday June 29, 2004 @03:59PM (#9564593) Journal
          You're a fool for using your office computer to do online banking. Haven't you ever heard of a keycatcher?

          Keep in mind, you cannot trust a computer which you cannot restrict physical access to. Period.

          No personal stuff on the office computer. Not because the company want it that way, but because you do, whether you know it or not.
          • Re:Coming events (Score:5, Interesting)

            by omglolbah (731566) on Tuesday June 29, 2004 @06:20PM (#9566006)
            Or, get a *real* ebanking system...

            I live in norway and most net-banks here use both your "birth-number" *and* a "securitycard" to generate a key.

            The key generated by the securitycard is never the same, and you need a 4 digit pin-code to even get it to generate a code. You type in the first 6 digits and hit "log in" and on the screen you get the last 2 digits, if these match with the ones on your "securitycard" you can be resonable sure that you are really talking with your bank.

            Sniffing the password etc wont help you one bit, since it will only be active for a few minutes. After that, you need a new number to log in.

            Steal the card? I would just call my bank and they would issue a new one, and put the other on the "watch list" someone try to log on with it: ups, their IP is logged and you have a trail for the police ;)

            Another great thing about this way of doing it is that you can access your netbank anywhere and within a few minutes, any information logged by a keycatcher is invalid.

      • Re:Coming events (Score:5, Informative)

        by msoftsucks (604691) on Tuesday June 29, 2004 @03:49PM (#9564426)
        No need. Your can run Firefox from removable media [texturizer.net]. Just get yourself a USB memory stick or USB micro drive, and follow the installation instructions.

        Do this for a few power users, and within a very short time, the IE-only requirement goes away pretty fast.

      • by freakmn (712872) on Tuesday June 29, 2004 @03:51PM (#9564468) Journal
        I'm glad I use AOL on Windows ME!

        If I actually did, I think I would puke...
    • Re:Coming events (Score:5, Insightful)

      by oGMo (379) on Tuesday June 29, 2004 @03:00PM (#9563794)
      Cue the "Gee I'm glad I use FireFox on Linux" posts.

      Gee, I'm glad I use Firefox on Linux. And why the hell shouldn't I be? In addition to actually supporting standards (CSS anyone?), my decision is constantly reaffirmed by exploints such as these. Do you have a problem with that? (Actually I use Mozilla, but close enough.)

    • by foidulus (743482) * on Tuesday June 29, 2004 @03:00PM (#9563799)
      Nah, I'll stick to lynx running on my gamecube, the only way to surf!
    • Re:Coming events (Score:4, Insightful)

      by pacc (163090) on Tuesday June 29, 2004 @03:18PM (#9564028) Homepage
      Yeah, but the only site still forcing me to use IE is my local bank...
      • Re:Coming events (Score:5, Insightful)

        by Ironica (124657) <pixel@@@boondock...org> on Tuesday June 29, 2004 @03:30PM (#9564184) Journal
        Yeah, but the only site still forcing me to use IE is my local bank...

        1) Complain, if you haven't already... some web commerce site (can't remember which, but it was a big one) had a bug where it didn't recognize Mozilla as a sufficiently high version of Netscape. I feedbacked it, they responded with a NON-CANNED thank you within 24 hours, and it was fixed by the time I used the site again three days later.

        2) Have you tried fooling the site by sending different authentication? Mozilla can just *tell* the site it's IE. Unless they're doing something very stupid like using ActiveX, that may work just fine. (If they are using ActiveX, switch banks. Seriously.)
        • Re:Coming events (Score:4, Interesting)

          by Lispy (136512) on Tuesday June 29, 2004 @05:27PM (#9565505) Homepage
          My bank changed it too. I called phone support and after a week or so I was suddenly able to surf to the page with mozilla. Half a year later they relaunched their page and got rid of the Java crap they have been using before. Actually, when I called lately and they told me about another update I asked again and they replied "Of course we will support Mozilla, we wouldn't be so stupid to annoy many of our customers!" It seems that their IT is at least aware that there are other browsers out there.

          FYI: It was this [dresdner-bank.de] german bank.
    • Re:Coming events (Score:5, Insightful)

      by dirvish (574948) <dirvish&foundnews,com> on Tuesday June 29, 2004 @03:44PM (#9564363) Homepage Journal
      What does Linux have to do with it? I use FireFox on Windows and I am still not vulnerable to this.
      • by zsau (266209) <slashdot@NoSpAm.thecartographers.net> on Tuesday June 29, 2004 @07:38PM (#9566548) Homepage Journal
        Have you not heard of the exploit in Firefox that causes the launch of Internet Explorer? If you, like me, run a Linuxbox, you won't have a problem with it because no matter how hard it tries, there's simply no IE to launch. Once IE is launched, the system is just as vulnerable as if IE was used in the first place!

        I read about the exploit here on Slashdot a few days ago, so obviously it's reliable. It doesn't use Javascript so disabling that won't help. IIRC, the code that causes it is something along the lines of:
        <b>This page is designed for Internet Explorer, and will not work on other browsers. Please use Internet Explorer.</b>
        There is no known fix for this exploit! (Other than removing Windows from your system.)
    • by sentientbeing (688713) on Tuesday June 29, 2004 @03:49PM (#9564429)

      Gee im glad im continously overdrawn and therefore have no money whatsover in my bank account...

      the last time i asked for money at the bank they knocked me back.

      "Fine!" I said, im taking my minus 1500 elsewhere...."
  • I'm suprised (Score:5, Insightful)

    by cbrocious (764766) on Tuesday June 29, 2004 @02:54PM (#9563713) Homepage
    that this hasn't happened earlier. Why would you fsck with SSL when you can bypass it completely?
  • And this... (Score:5, Funny)

    by DaHat (247651) on Tuesday June 29, 2004 @02:55PM (#9563729) Homepage
    Is why I transmit all of my passwords in plain text... not very secure, but a lot less obvious then all of these complicated 'security' or 'encryption' methods.
  • SF article (Score:5, Informative)

    by savagedome (742194) on Tuesday June 29, 2004 @02:56PM (#9563736)
    SF has an article regarding this.
    Gates Defends Microsoft Patch Efforts [securityfocus.com]
    • Re:SF article (Score:5, Insightful)

      by finkployd (12902) on Tuesday June 29, 2004 @04:24PM (#9564840) Homepage
      Still, speaking at a press conference here Monday, Gates told journalists that Microsoft's patching process compares well with competitors'. "You know, the time -- the average time -- to fix on an operating system other than Windows is typically ninety to a hundred days," said Gates.

      (1) what planet is he living on?

      (2) Isn't that an awfully narrow range? Nothing like being specific with the bull you spew.

      Is it just me or has Gates becoming more and more "out there" lately? Is he even following the computer industry anymore?

      Finkployd
  • spybot S&D (Score:3, Informative)

    by scrytch (9198) <chuck@myrealbox.com> on Tuesday June 29, 2004 @02:56PM (#9563741)
    I imagine spybot's BHO inoculation should block this. Anyone know? I use firefox on windows myself, but not for any other reason than that it's just a better browser. ff on linux is actually kind of painful to look at and sluggish to use still.
  • usually a good idea (Score:5, Informative)

    by dtfinch (661405) * on Tuesday June 29, 2004 @02:57PM (#9563755) Journal
    To uncheck the "enable third party browser extensions" box in your Internet Explorer properties, if you must use Internet Explorer. This fixes most of the Internet Explorer problems that people ever experience and blame on Microsoft.

    There is the slight problem that malware can silently reenable it when they run, but I doubt many do.
  • HA! (Score:5, Funny)

    by Anonymous Coward on Tuesday June 29, 2004 @02:58PM (#9563762)
    This is why I do all my online banking using Gopher.
  • I love IE (Score:4, Funny)

    by Admiral Llama (2826) on Tuesday June 29, 2004 @02:59PM (#9563770)
    This isn't Malware, this is advertising for Apple. THIS is why I buy Macintoshes.
  • by curtisk (191737) on Tuesday June 29, 2004 @03:00PM (#9563791) Homepage Journal
    Anytime I hear of BHO's its always malware/spyware/adware...so when is it used for good? Seriously....

    Stuff like the google search bar? Does that count?

  • New Genre (Score:4, Funny)

    by the_mad_poster (640772) <shattoc@adelphia.com> on Tuesday June 29, 2004 @03:00PM (#9563798) Homepage Journal

    You know you really have something going for you when a single application in your product line helps defines it own genre of exploits:

    ...the adware/spyware/IE exploit genre...

  • by tcopeland (32225) * <tom@tho m a s l e e c o p e land.com> on Tuesday June 29, 2004 @03:01PM (#9563800) Homepage
    ....who figured out how it worked (i.e., Browser Handler Object, HTTP POST of stolen account info to a site) is Tom Liston of Hackbusters [hackbusters.net]. He's been sorting through this kind of thing for a while...
  • by geeber (520231) on Tuesday June 29, 2004 @03:01PM (#9563806)
    From the article:

    It is actually a 27648 byte Win32 executable that has been compressed using the Open Source executable compressor UPX.

    Cue the FUD saying "look I told you Open Source was inherently less secure!"

  • by Billy the Mountain (225541) on Tuesday June 29, 2004 @03:01PM (#9563809) Journal
    I read this article in the Houston Chronicle this morning: Flaws may mean it's time to drop Microsoft browser [chron.com]. It's beginning to look like there's a ton of exploitable stuff in IE.

    BTM
  • by ryanwright (450832) on Tuesday June 29, 2004 @03:01PM (#9563810)
    Everyone here is likely to blame Microsoft. I'm turning my wrath against the intelligence organizations of various countries. For far too long this BS - malware, viruses, fraud sent via spam - has been mostly ignored. It seems nobody is going to jail for the Paypal scams because Paypal isn't a "real bank". Now they're targeting real banks.

    I, for one, am sick of it. Where is our FBI and what are they doing about this? If these were criminals setting up videocameras to record pin numbers at ATMs, you can bet there would be a huge effort to track them down. Well, this is worse than that.
  • by sulli (195030) * on Tuesday June 29, 2004 @03:03PM (#9563835) Journal
    (Score: -1, Redundant)
  • by vanza (125693) on Tuesday June 29, 2004 @03:04PM (#9563847)
    Not to discuss about IE, what about banks using different password entry schemes?

    In Brazil there seems to be a new regulation saying that users of ATM and online banking shouldn't type the password in a numeric pad anymore.

    Instead, you get 5 buttons on the touch screen (or a small Java applet, or Javascript thing in the case of the bank where I have an account there) with combinations of two numbers. It looks like "press this if the next number is 3 or 8".

    The thing is, the combination changes every time you enter your password. The first button that was "3 or 8" before will be something like "4 or 7" next time. And the combinations change too, not only the position of the buttons.

    So it becomes more difficult for spyware to monitor keypresses / mouse clicks, or things like this [utexas.edu] to work for the scammer. (Ironic or not, the ATM in the pictures at the UT website is from a Brazilian bank).

    I haven't seen anything like that in any US bank; it's always a number pad where you type your password, or a text field to type the password online.
  • Patched in 48 hours (Score:4, Interesting)

    by ikekrull (59661) on Tuesday June 29, 2004 @03:05PM (#9563855) Homepage
    Come on Bill, lets see you put your money (its not like you don't have enough of that) where your mouth is.

    Your 48 hours starts now.

  • by NeoGeo64 (672698) on Tuesday June 29, 2004 @03:05PM (#9563861) Journal
    When will us Linux users finally get to experience all of these exploits and viruses? It looks like Windows users have all the fun. :-)
  • by Zarhan (415465) on Tuesday June 29, 2004 @03:07PM (#9563882)
    ...I don't know about banks in the US, but at least my (Finnish) bank gives me a username, password and (most important of all) a list of one-time passwords. When I log in, the only things I can see before it requests a one-time password is the balance on account, EURIBOR interest rates and the few stocks I've chosen to observe (ie, a master summary page). If I try to access anything, such as transaction records (not to mention transfers), I have to type in the one-time password. They mail me a new sheet when I'm starting to run out of one-timers.

    If I don't want to use one-time passwords, I can choose to use smartcard reader and a PIN number (which remains constant). I'm not sure if that would be vulnerable. Anyway, this follows the "something you have, something you know"-security model, I know the username/password and have either the smartcard or the one-time list.

    Do the US banks only use username/password pair?
  • by swb (14022) on Tuesday June 29, 2004 @03:08PM (#9563898)
    Are they even paying attention? At first it was .exe worms in email, then it was network-layer exploits, and then it was spyware, and now in the past week it seems that IE is totally unsafe for any purpose whatsoever.

    What's amazing me is why Microsoft isn't *running* to provide patches, for at least XP and 2K, to mitigate this. They're offering non-solutions like disabling Active X and Javascript. Sure, fixing the problem may mean some serious breakage for some in-house software someplace, but does anyone care that Spyware+Malware+IE is rendering their operating systems junk?

    Are they even paying attention? Is XP SP2 a magic fix? Is it just too badly broken to even BE fixed?
    • by cmowire (254489) on Tuesday June 29, 2004 @03:27PM (#9564154) Homepage
      There's a bunch of stuff going on.

      First, Microsoft can't keep up with every possible exploit, so they don't even try. This is why they have yet to tackle viruses and trojans. Heck most of the virus companies aren't doing trojans, either.

      Second, most of the fine-grained ability to really solve these sorts of problems is beyond your average user. If they had a switch to turn off BHOs, people would turn them off and then wonder why the WhizBangSuperBHO application they just downloaded doesn't work and wouldn't think to make the connection. Plus, there's no real concept of a proper sandbox, nor is there much ability to do it properly, if the default install gives everybody root.

      Third, a page or internal site that uses ActiveX, BHOs, and other Microsoft-only technologies is a page or internal site that doesn't work under Opera or Mozilla. So by disabling such things, they risk turning back the clock towards standards that they've been enticing web designers with.

      Fourth, spyware folks *cough*gator*cough* have a tendancy to sue their foes. Which is probably without basis, but still could cause Microsoft to have weird injunctions if they got too active about it.

      The problem, and the advantage for the rest of the market, is that all of this hurts Microsoft, if they do anything, or if they don't.
  • So.. (Score:3, Insightful)

    by NanoGator (522640) on Tuesday June 29, 2004 @03:09PM (#9563906) Homepage Journal
    What fancy-ass security feature in Firefox would prevent somebody from writing a plugin like this? Anything besides 'not a big enough user base to attempt it'?
    • Re:So.. (Score:5, Insightful)

      by Durandal64 (658649) on Tuesday June 29, 2004 @03:28PM (#9564161)
      The one that asks the user if he wants to install it?
    • Re:So.. (Score:5, Informative)

      by Hank Reardon (534417) on Tuesday June 29, 2004 @03:56PM (#9564546) Homepage Journal

      There is no feature in Firefox that would prevent the writing of the application.

      There is, however, a feature that would prevent the installation of the application. From my experiences so far with Mozilla's various incarnations, you can't silently install plugins.

      I can puzzle out a way for this to run under Mozila, but it's a lot more complicated than under IE. IE uses the global (HKEY_LOCAL_MACHINE) and user (HKEY_CURRENT_USER) registry keys to keep track of plugins. As far as I've been able to find, Mozilla uses a separate registry per profile to keep plugins and customizations working; probably due to an offshoot of cross-platform compatibility.

      The tools for installing the IE exploits are already in place: just convince IE to run some code via a buffer overflow or somesuch, have the code run "regsvr32 myfunexploit" and the exploit is installed into HKLM as a browser helper object. With Mozilla, you'd have to do a bit more work: find a buffer overflow exploit to execute remote code, have your code figure out where the profile directory for the user is located, run through that directory looking for a Mozilla installation, parse out the Mozilla registry, install your exploit code and (probably) wait for the user to restart Mozilla before it's loaded.

      As the article noted, you need a third party application to easily list and modify BHO plugins. Under Firefox, at least, it's a single click to see what plugins you have running.

      This could, in theory, be done with Mozilla-and-friends, but most of the features in the browser, simple plugin viewing and a separate registry, make it, if not unlikely to happen, at least more easily noticed by the end user.

  • by that1guy (411225) on Tuesday June 29, 2004 @03:11PM (#9563939)
    Funny, CIAC Issued a warning about BHO's in early 2002 Link to warning [ciac.org]
  • by lightspawn (155347) on Tuesday June 29, 2004 @03:22PM (#9564094) Homepage
    After last week's CERT advisory, there should only be a handful of them left.
  • Find a new bank (Score:5, Insightful)

    by GrouchoMarx (153170) on Tuesday June 29, 2004 @03:24PM (#9564116) Homepage
    And if you're dumb enough to use a bank that works only with the big neon "Hack Me" sign that is IE, you get what you deserve. Find a bank that works with Mozilla or Konqueror and use those for banking instead.

    Oh yes, and be sure to tell your old bank WHY you're closing your account with them. "You're only supporting Internet Explorer as a browser, so I'm not supporting you as a bank."

    Not like they'll notice on personal accounts, but maybe if a business or three moves their accounts, they'll sit up and take notice.
  • secure (Score:5, Interesting)

    by SQLz (564901) on Tuesday June 29, 2004 @03:32PM (#9564198) Homepage Journal
    Thats funny considering I can't use my bank's Internet system it says it requires IE for security purposes.
  • According to the linked article, this BHO phones the mothership located at:

    http://www.refestltd.com/cgi-bin/yes.pl

    www.refestltd.com is 66.226.64.11; the ARIN pull is below.

    I'm on the phone right now with Matt of Abacus America to get the website taken down.

    I am saddened to think that I'm the first one that's bothered to go to the trouble...

    OrgName: Abacus America Inc.
    OrgID: ABAC
    Address: 5276 Eastgate Mall
    City: San Diego
    StateProv: CA
    PostalCode: 92121
    Country: US

    NetRange: 66.226.64.0 - 66.226.95.255
    CIDR: 66.226.64.0/19
    NetName: ABAC2002A
    NetHandle: NET-66-226-64-0-1
    Parent: NET-66-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.ABAC.COM
    NameServer: NS2.ABAC.COM
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2002-01-31
    Updated: 2003-03-27

    TechHandle: AD384-ORG-ARIN
    TechName: A Net DNS Administrator
    TechPhone: +1-858-410-6900
    TechEmail: dns@aplus.net

    OrgTechHandle: ANETS-ARIN
    OrgTechName: A Net Support
    OrgTechPhone: +1-858-410-6900
    OrgTechEmail: support@aplus.net

    # ARIN WHOIS database, last updated 2004-06-28 22:17
    # Enter ? for additional hints on searching ARIN's WHOIS database.

  • Why people use IE (Score:5, Insightful)

    by funkdid (780888) on Tuesday June 29, 2004 @03:48PM (#9564419)
    Odder still is that many ISPs won't support Mozilla /Firefox etc.

    For example, I used to work for Cablevision's Optimumonline service. I would sit in meetings and go on and on about how we should support, even lightly suggest our customers use Mozilla. One of the biggest avoidable call drivers in our Call Centers was people complaining of pop-ups. Another large driver was Spam. Mozilla is a great tool for handling both of those problems.

    The Higher Ups weren't interested in my ramblings. They would point out that we support IE, Netscape, Outlook Express and Outlook. They eventually came around and offered support of Safari but on a very limited basis (not that it needs anything more).

    The biggest problem that most ISPs face is uneducated consumers. Their machines get hijacked and in turn Spam the World, which causes other users to complain and blame the company. These machines also eat up Network resources, again causing other users to complain and blame the service. Don't forget the users that click on EVRERY pop-up that comes their way, thereby infesting their machine with spy-ware to the point that even opening IE is near impossible. Again, this is blamed on the service.

    Granted the Mozilla fam aren't really out of the "beta" fase, but I see less Firefox, and Mozilla fixes then there are for IE. Being that Netscape and Mozilla are half-siblings (in a sense) why not support it? It's not like the support staff needs to be re-trained.

    People don't care what browser they use, they want one that is intuitive, free, and functional to their needs. I think the Mozilla branch does that. With firefox 9.1 out today, why are people still using IE? Better yet, why aren't ISPs telling people NOT to use IE? It would save them a fortune and a company not looking to save a fortune..... should be investigated!

  • by rworne (538610) on Tuesday June 29, 2004 @04:08PM (#9564684) Homepage
    I am tired of trying to propose solutions to the problems brought about with the large numbers of ignorant users using MS software. I'm also tired of trying to fix problems that these users repeatedly cause. Government and law enforcement doesn't seem to care, so I'll propose this solution:

    In nature, when a population gets too large there's a die-off. Usually this die-off is caused by disease or starvation. The better adapted creatures survive and live on.

    We can use the fox and rabbit scenario [kluge.net] here.

    The malware writers are the foxes and the ignorant users are the rabbits. In our case the foxes don't eat the rabbits, but instead hijack the rabbits' computers for fraud, spam, pop-ups, etc. Foxes die by giving up and moving on to more lucrative off-line crimes.

    The rabbits don't eat anything but are increasing in numbers by simply hooking up machines to the Internet. Rabbits die by cancelling their AOL accounts and stop using the Internet.

    Right now there are a ton of rabbits (and more every day) and the fox population is exploding.

    If we just sit back and let natural selection take its course, the ignorant rabbits will become sufficiently frustrated with their Internet experience and give up. The foxes will concentrate even harder on the remaining rabbits (who will be better adapted to counter the foxes' attacks) or start writing malware for the rest of the rabbits or face a massive die-off as well.

    Those that are able to adapt do so by either keeping their machines properly patched or learn to use alternative browsers (or operating systems). These rabbits will then have a better Internet in the end because we will have a better class of users and software.

    There's plenty of educational material out there for ignorant users to read. Practically every day there's something in the newspaper about how to protect oneself from these attacks.

    The Zombies and SpamBots will make life a hell for the rest of us, but that's a short-term problem in this model. That should fix itself after the die-off itself.
  • Firefox Too? (Score:4, Interesting)

    by RichiP (18379) on Tuesday June 29, 2004 @04:11PM (#9564717) Homepage
    Isn't Firefox with its plugins system also susceptible to malware? How secure is the area in which plugins can play? It would be interesting if someone would take up the challenge of writing a similar piece of software as a plugin for Firefox and see if they can insinuate it in the Plugins repository.

    It's not that I wish such a thing on people, but I'd like to know how secure the repositories are and what kind of damage we're looking at if it isn't.
  • by Flower (31351) on Tuesday June 29, 2004 @04:17PM (#9564771) Homepage
    Log in, get, get, get owned. MS IE is a joke on your backbone. Log in, get, get, get owned. MS IE is a joke on your backbone. MS IE is a joke.

    I really must stop watching Comedy Central.

  • Stupid hacker.... (Score:5, Informative)

    by Pedrito (94783) on Tuesday June 29, 2004 @04:26PM (#9564856) Homepage
    Okay, this idiot must want to get caught. To you aspiring virus/trojan writers out there: DO NOT have your virus/trojan send information to a web site. Send it to a newsgroup. Geez. Encrypt it if you must, but don't send it somewhere where you can be tracked. Send it somewhere where you can get it anonymously. Man, moron hackers out there. It's like that idiot Slashdot reported on yesterday who got caught on the extortion deal when he told them who to make the check out to.

MSDOS is not dead, it just smells that way. -- Henry Spencer

Working...