Virus writing and Organized Crime

User Rating: / 1
PoorBest 

I do a 10 minute talk about this, I've done it 4 times now - and every time people have great questions and seem to be really amazed to hear what is happening out there.  I thought I would put it in an article format for a permanent presence on the internet.

You probably remember when 'getting a virus' on your computer meant that your files would be deleted,

or some prank would be played on your computer so you knew someone had their way with you.  Back in '90-'01~ this was the way it worked.  There hadn't been a market place or economy created for the malware including spyware/trojans/worms.  Now there is.  Now, getting a virus means usually one of about 3 things happen, or all 3 for that matter: The virus could try to get you buy upgraded fake antivirus software, the virus could send your passwords somewhere for people to try your bank accounts/paypal accounts/email accounts to use for other purposes, the virus could add your computer to a botnet for mass command and control networks. 

We see more and more reports in the security industry about the vulnerability marketplace (http://www.vcstar.com/news/2010/feb/06/google-attack-highlights-zero-day-black-market/) and it really confirms that there are going to be people spending their time working on monetizing malware.  For example, this article states that the vulnerability that was used against Google in China recently could have sold for around $40,000.  For some kid sitting in his basement looking for security problems (or some adult for that matter) this is a pretty good wage if you do that a couple times a year.

There is a huge underground marketplace where these security holes are not just disclosed, but if you have a good one, they are sold.  The highest bidder can then take his new potential exploit, get a programmer to bundle some good code in to an exploit package / payload - and start figuring out ways to deliver.  An example; you may have seen a PDF file emailed to you that claimed to be from UPS with your package tracking number - this is usually an infected PDF that has a payload inserted that will attack your potentially vulnerable version of Adobe Acrobat Reader.  If successful it will run the code they designed, and start serving a larger purpose intended to start making someone a lot of money.  Once they have thousands or hundreds of thousands computers under control, many things become possible. (The historical list of botnets from Wikipedia shows the size and potential for spam http://en.wikipedia.org/wiki/Botnet#Historical_list_of_botnets)

Other types of attacks that be extortion, for example, someone controlling one of these botnets - or renting some time on it (this is real: http://blog.damballa.com/?p=330) - may email the owner of an online casino (which is usually an illegal business to operate, and cannot ask for protection from police or military) and they'll ask to be wired $50,000 to some bank account.  If they don't get the money the botnet operator may send traffic to the website from every computer in the botnet called a Distributed Denial of Service attack which would take the casino website offline and make them start losing money fast.  Once the botnet operator gets paid, they let up, and it's business as usual.

The one I didn't mention in detail is spam, everyone has recieved spam offering to sell you cheap pills from somewhere, these companies can setup affiliate deals to try to get more business to the website - lets say they offer everyone that refers a purchaase 3% of the purchase price - so a botnet operator or rentee can go send 1 billion emails and get a few thousand purchases in just a few days to a couple weeks.  Now they are pulling money from this business that may or may not have fully known that they are the cause of so much spam.

On top of all this, there is no hardware or software based protection that can full protect your computer.  You can install the best free antivirus and one of the safer web browsers and stop about 95% of the viruses.  Then practice safe browsing and safe clicking habits and stop the other 4.5%-5% of the viruses, there will always be a margin of error that you won't be able to protect yourself from unless you REALLY know what you are looking at with all types of web pages and all types of files.  You can implement really cool network security to block segments of the planet where you are more likely to see attacks come from, you can implement a really cool spam filter that will catch another few percent of the attacks before they get to you. 

We practice all of these methods for most of our clients without them knowing all of this.  Install firefox with noscript, Avast antivirus, teach them not to click on links from Facebook and other social networks while on work computers, and we run a really nice spam filter for most of them at no extra cost.

Thanks - and have fun!

---------------------- References --------------------

http://drpcfix.com/troys-blog/10-troysblog/71-spam-filter-business-class-results

http://drpcfix.com/troys-blog/10-troysblog/55-best-free-antivirus-battle-continues

http://drpcfix.com/troys-blog/10-troysblog/80-safe-surfing-for-kids-start-training-them-now

http://drpcfix.com/troys-blog/10-troysblog/88-antivirus-products-rated-none-worthwhile

http://drpcfix.com/troys-blog/10-troysblog/96-how-to-not-get-a-virus

http://www.vcstar.com/news/2010/feb/06/google-attack-highlights-zero-day-black-market/

http://en.wikipedia.org/wiki/Botnet

http://en.wikipedia.org/wiki/Storm_botnet

http://globalguerrillas.typepad.com/globalguerrillas/2008/03/journal-online.html

lots more upon request - search for botnets, vulnerability, zero day, etc