The 'Malware Economy' Evolves

superglaze writes "ZDNet UK has a feature on how the malware economy is turning into a recognizable traditional IT economy. Leasing botnets? Malware support? Welcome to the new age of computing. As the piece suggests, it's all gone Darwinian. 'One indication of the maturity of the black economy, according to Telafici, was the recent case of a hacker who wrote a packer [software used to bypass antivirus protection], "threw in the towel recently as it wasn't profitable enough -- there's too much competition. They opened the source code and walked away."'"

Only high profit crime

[Anonymous Monkey]

This is only logical. A criminal will work for the quick buck. BnE is great when lots of people are leaving their windows open and you are the only burglar, but once every one is on the BnE bandwagonit's time to switch to mugging or extortion.

No shortage of idiots

[hyades1]

I don't get it. One of the most popular uses for a botnet, according to the article, is for spam mailings. But how can spammers afford to pay any significant amount of money for the service? I understand that they're mailing out to millions of people and count on a high level of rejection, but how many people are stupid enough to open something that says, "5PL1t H3R 1n HALF WYTH YORE HUGE ORGAN"? Let's face it, half the population is female, and probably not interested (unless they're buying for their boyfriend, and wouldn't THAT be a kick-ass Christmas present); a majority of the male half of the population are probably reasonably satisfied with their equipment; and even a vast majority of those poor, pathetic guys who actually have "AY tiney Pinnus That You GIrflrend Lauff at" probably have an IQ in at least the high double digits (I mean, they figured out how to turn on a computer and collect their e-mail, at least). So they probably wouldn't open that message either.

And then there's the spam filters, which are getting pretty good these days.

So that leaves what percentage of the population stupid enough to open one of these things and infect their computers with something vile? And if they're that stupid, how likely is it that they have a bank account worth looting? Or that they haven't been hit before so often they just sign their paycheque over to the spammers automatically and save everybody a lot of trouble?

Help. Somebody please explain it all to me.

Re:Malware and ex-emailer

[Opportunist]

And this won't change as long as you're not responsible for your computer's actions.

We have a license for everything. You need a license to drive, to prove you're able to steer a car without causing a problem. We (at least here) need a license for a gun, so you prove you're not just some maniac who wants to kill his wife's sisters. But even for "non-lethal" things like some jobs you need to prove you're able to handle what's put into your hands sufficiently professionally that you don't cause harm to anyone else.

Now, I wouldn't really want a "driving license" for computers, but I'd very much enjoy seeing people taking some more responsibility for their computers and what they do to others on the internet. As we see now, this has become an economic problem. We waste a lot of bandwidth and work hours fighting spam, we have the sword of a DDoS looming over our heads due to botnets ready to strike, and it all boils down to people using rooted boxes and not even knowing it.

Before you start crying about your freedom to use the net, be aware that sooner or later our legislators WILL react. They have to, the pressure from the industry is already tangible. And in our current environment, the result is very likely not one where people get better educated and more responsibility, instead we'll probably see laws regulating what kinds of machines you may attach to the net (and the accompanying locking of "insecure" machines from participation), and we know the current definition of "secure". It will pretty much lead to machines so heavily DRMed that Vista looks like open source compared to it.

So either we start pushing towards more personal responsibility or we'll have something dumped on us that is the maybe least favorable alternative. Because the industry WILL start lobbying for protection from those rooted machines. And they don't care if you can use your computer for anything but playing prepared content. Actually, some would definitly like that.

The real money in spam? Selling to spammers

[uptownguy]

This has to do with SPAM and not botnets...

It's been said before, probably better than I can: The "mark" in the spam economy is NOT the person receiving the email. The "mark" is the person foolish enough to buy the Spam-in-a-box kit thinking they will be able to get a single person to buy their w0tches or v1agra. The money in spam is made not from the person foolish enough to buy the w0tches. The money is made in selling the service to spam millions of people.

Re:Malware and ex-emailer

[deviated_prevert]

I concur with what you are saying but what about the malicious propaganda side of things http://www.google.ca/search?hl=en&sa=X&oi=spell&resnum=1&ct=result&cd=1&q=linux+botnet&spell=1 [google.ca] It seems to me that there is also lots of miss information out there, mostly in the form of blogs from so-called security experts, trying desperately to defame open source software!

Utility Computing

[Crispin Cowan]

No kidding :-) I said in a public forum about 4 years ago that botnets are the first and only successful example of commercial utility computing [wikipedia.org], where a vendor tries to rent out time on large compute clusters.

This works much better for botnet vendors than for Amazon EC2 or HP Utility Data Center, because the really valuable resource the botnets are renting is a routable IP address that hasn't been shut down yet. Computers are nearly free, but IP addresses that work are not.

Re:Malware and ex-emailer

[houstonbofh]

I still don't understand why ISPs are not doing more about this. SPAM uses a large amount of the precious and limited bandwidth, but they filter p2p? I get 10 to 20 spam an hour. As I have more than one e-mail client (one on laptop, one at home, one at work...) each one gets passed off the SIP mail server 3 times for me. It also passes in to the ISP mail server once, so 20-30 messages times 4, times 24 hours times each user ads up to how much bandwidth? And this is why I can't seed my Ubuntu images?

Here's the actual paper.

[Animats]

Here's the actual paper from which came most of the material in the article: "The Commercial Malware Industry" [auckland.ac.nz], from the University of Auckland. More technical details.

New threats of interest:

• Some viruses now use error correcting codes so that attempts to patch them out will be repaired.
• Windows Genuine Advantage blackmail trojan. Pops up message requesting payment of money or will disable your computer. (p.39)
• Location-aware malware - used to find location for credit card number, so phony transactions can be generated from a physically nearby node. (p. 41)
• "The most popular brands of antivirus software have an 80% miss rate" - AusCERT (p. 46)
• Malware that detects and removes anti-virus and anti-rootkit tools is available. Once one of these is loaded, it runs before anti-virus software, even in Safe Mode. (p. 48)
• "eGold Siphoner" detects valid sessions connecting to eGold.com and transfers funds by hijacking the authenticated session. (p. 52)

Re:The real money in spam? Selling to spammers

[Anonymous Coward]

And since stolen computers and stolen bandwidth cost the supplier very little, IF the number of spammers drops, the spam-suppliers will just make more enticing offerings: "The last round of 50 million messages didn't work? I've got a special this month: 500 million for the same price." The net result on your inbox will be the same.

I think your second paragraph proved the grandparent's point.