Botnet Business Model Comes to Life 192
consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."
Everybody wins! (sort of.) (Score:5, Interesting)
The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.
Re:Everybody wins! (sort of.) (Score:4, Insightful)
Most bots are not resource hogs (Score:5, Insightful)
Which bring up an interesting concept. (Score:3, Interesting)
When will we see bots that automatically patch their hosts, install anti-virus apps and lock down the browser?
After all, it's in the bot-master's best interest to maintain their bots.
They could even do some basic system improvements like hardware driver updates, defrag'ing the drives, cleaning out the browser cache and other temp files.
Re: (Score:2)
Well in that case they're not designed very well.
Re:Most bots are not resource hogs (Score:4, Insightful)
Or it's a sign of someone using a term that has pretty much become accepted now except by the language whores like you. When the OP said virii, I knew he was communicating virus in the plural form, so his communication worked. That is what language is for, communicating, as long as what you say is reasonably understandable by the people you are talking to then it is serving it's purpose. Grammar/English Nazi's such as yourself need to shut the hell up and complain about something that causes real problems such as young people growing up not understanding basic math such as trig/calculus.
Re:Most bots are not resource hogs (Score:4, Informative)
The point is that virii is not the plural of virus. Virus is the plural of virus in latin, and Viruses is the plural of virus in english. For Virii to even make sense as a Latin Plural of the Second Declension, the singular would have to be Virius. Not Virus. If Virus declined as a second declension noun, it would be viri -- confusable with the plural of the word that can be translated as 'hero or man' depending on context.
It's not that we're pedants -- I don't mind when someone corrects me when I'm wrong. What we're angry about is how ignorance has become acceptable. It used to be, when you were ignorant of something, you were corrected and you learned from it. How would you feel about this sort of behaviour if, instead of the virus/virri debate, it was TCP/IP/tubes debate?
Re: (Score:2)
Re: (Score:2)
I wouldn't really consider this an evolution of English, since it's some people making a mistake, instead of a new *rule* about pluralizing words that end in "us." Maybe if the people that write "virii" pluralized "bus" as "bii," "Prius" as "Priii," and "hummus" as "hummii," I'd be more inclined to support your point of view. Instead, it's one word, not even something as consistent as the *other* people who use the faux-German -en to pluralize nouns that end in "x."
Hey, maybe
Re: (Score:2)
If you want a language with rigid rules, I suggest Esperanto. I'm sure the other 6 people who speak it will welcome you with open arms.
Re: (Score:2)
I can deal with the evolution of language, but can you deal with your "evolved" job application going in the garbage?
Re: (Score:2)
Re: (Score:2)
The day I can't devote even some fraction of my attention to all the little things in life if is the day the world starts to goto hell. It's the little things that count. Picking up that bit a of trash the guy walking infront of you threw to the ground instead of tossing in the garbage can five feet infront of him, breaking up a fight between two guys who are too drunk to realise how badly they could hurt each other, or asking that girl crying, "Are you okay?" The day I stop caring about one little thing
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That's a mentality that bothers me - cavemen can have quite successfull communication using grunts, groans and farts. We didn't go through all this bloody progress just to have it broken down by imprecision. Two techies would understand each other when they said 'virii', but an overhearing Latin dude would go nuts over it. This is why, in your argument, it's perfectly Ok for a politician to be talking to a
Re: (Score:2)
I agree it makes them look stupid. All that I am saying is now that it is well known that people who say "virii" are idiots since they should have typed "viruses" why comment on it EVERY DAMN TIME. It is a waste of time to keep pointing it out to them as they prefer their way. I used to hate seeing "virii" but n
Re: (Score:2)
the usage of both these terms seems to occur when talking about multiple occurances of a general type.
not multiple occurances of an individual type.
that is windows boxen is a collection of pc's running windows on a range of different hardware and virii are a collection of a range of different types of virus.
It certainly appears to be an attempt to distinguish between the physical box and the abstract idea of a box running a particular type of o/s. or just be cute
virii seems to correspond
Hail Caeser! (Score:2)
http://www.mwscomp.com/movies/brian/brian-08.htm [mwscomp.com]
Re: (Score:2)
Ave Caesar!
Re: (Score:2)
All you're doing by posting your little verbal spew about proper use of English on t
Re: (Score:2)
Ignorance, sir, is something that there should never be any tolerance for.
Re: (Score:2)
Does that include ignorance of culture and "societal norms" within a given group?
Re: (Score:2)
I know Latin (I used to know it alot better.) If the Language is dead, sir, then why don't you quit disturbing its rest by fucking with it?
Re: (Score:2)
Speaking a clear, universal, and correct dialect is an important practice, as it allows us to communicate without problems to everyone else. Were you thrown off-track for a second the first time someone used the word "virii" around you? Has anyone you've known hesitated or been confused by it? The confusion--even if it is momentary--is completely unnecessary because WE ALREADY HAVE A PLURAL FORM OF THE WORD "VIRUS" that everyone
Re: (Score:2)
Or pretty much anyone who isn't some pretentious poseur.
So if I said you should spell that as
Re: (Score:3, Insightful)
I'll admit I am the last person that should be getting pedantic on spelling or grammar. I think I already misspelled a dozen words in this post. But, and this is a bug but....
I have noticed that some things make it more confusing when you just let
Re: (Score:2)
As is picking on the grammar and ignoring the content.
Don't English majors have a forum of their own to go play in? Thought so.
Re: (Score:2)
I use my livecd linux (screenshots below), and lately I have been installing the system on machines allowing booting without a CD, or a boot: prompt, using MSDOS batch files.
I keep Windows 98 on the boxes, sometimes formatting and doing a clean install, but without any internet connection applications (won't be needed, will be going onto the internet using Linux).
Not really necessary to partition the drive for a swap partition, when k
Thank to those hackers! (Score:3, Interesting)
Re: (Score:2)
How many $60 spyware removals can come from a $430 worth of infecting? I wonder if the ethics or legalities change with the direct relationship of intent. I mean infecting to become rich from adware companies verses adware companies becoming rich by selling advertisments to be displayed in infected computers verses infecting computers to get the business of removing the infections? That is if I hire a hacker/cracker to do
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So let's say you can easily back up to a known-good HD image (companies have been doing this for ages, often with the help of programs like Norton Ghost, which runs on a floppy disk under DOS, no fancy virtualization required). Put the antivirus folks out of business? Not so fast here. Don't viruses still infect your docs and executables? Won't users continue to create new documents and install new programs before realizing what's
Follow the Money (Score:5, Insightful)
Re: (Score:2)
Won't even dent real crypto (Score:2)
Re: (Score:2)
Re:Won't even dent real crypto (Score:4, Interesting)
That's the thing about crypto is that larger keys really make the problem harder. I mean look at distributed.net. They broke RC5-56 in 250 days, RC5-64 in about 5 years. Currently they've been working on RC5-72 for about 3.8 years and have searched a grand total of 0.35% of the keyspace. At the current rate they have a 50% chance of cracking it in about 500 years. Remember that the speeds you see represent what happens with a large network of computers that gets faster all the time as systems are upgraded, and also as more join.
So anything that doesn't have a cryptographic flaw and is talking about keys in the 110+ bits range means you just can't get any aggregate of computers together to break the key in any kind of reasonable time. I mean even a couple years is unreasonable in most cases. Never mind trying to keep a botnet up and running for that time, the data you get is likely to be worthless. We aren't talking nuclear secrets here, we are talking like bank SSL sessions. Cracking that 5 years down the road isn't likely to give you anything usable.
I just don't know of anything major online that's being protected with something that's good enough to thwart a fast desktop, but not good enough to thwart a network of 100,000 of them.
Re: (Score:2)
If you've got software on someone elses computer, why bother cracking the bank SSL session? Just run a keylogger and pick up anything which looks like a username/password.
Or, if you want to be really smart (and I bet you anything you like if it hasn't been done yet, sooner or later it will be), replace the DLLs which handle SSL transactions in IE with versions hacked to log what goes on and report back,
Re: (Score:2)
Re: (Score:2)
Taking away the financial incentive and leaving the field to the ego-driven would certainly reduce the problem and give us room to breathe.
Unfortunately, DDoS extortion is a revenue stream that could keep botnets profitable even after cutting off the air supply of advertising money.
Re:Eliminate it without government intervention. (Score:5, Insightful)
Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.
The first step people will need to do is dump Windows completely.
There we go. Now we're being realistic.
Re:Eliminate it without government intervention. (Score:5, Insightful)
Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.
Amen, brother! 'Cause we've all seen what a swell job the gov has done with just a few billion of our tax dollars annually with this War on Drugs thing. Why, you can't even buy any street drugs in any American city today. Unless you take off your badge first. Or stand on the corner of 6th and Jefferson (doesn't make any difference which city; they all have a 6th and Jefferson) and ask around for 30 seconds. Other than that, drugs have just completely disappeared thanks to the fear and loathing visited on those Columbian cocaine barrons by the thing they fear the most: a Senate Subcommittee recommending new, "tougher" laws.
Similarly, it'll be easy as pie to lower the boom on all those Chinese/Romanian/Kenyan/Palestinian/et al malware authors and the Chinese/Eastern European spam operators doing business with them. Just as soon as we get extradition treaties signed with those nations. Oughta happen in the next century or so. Personally, I'm holding my breath and hummin' 'Onward, Christian Soldiers' while I wait for the sudden, earth-shattering shift in international law enforcement cooperation that is surely soon to come. 'Cause let me tell ya, there's nothing that gets Romanian law enforcement all worked up into a fit of righteous indignation faster than the knowledge that young Romanian hackers are raising themselves above the poverty line off the gullibility of millions of clueless American Windows users. At least, that's what their ambassador keeps telling our ambassador.
Could I interest you in a dime of meth while we're waiting?
* * * * *
Buying the right computer and getting it to work properly is no more complicated than building a nuclear reactor from wristwatch parts in a darkened room using only your teeth.
--Dave Barry
Re: (Score:2)
Re: (Score:2)
The root cause is jerks who like to hack other people's computers, and other jerks wh
Re: (Score:2)
The problem is some (many?) of the people they are paying are hijacking computers.
So what should be done is the authorities should just ask them to cough up info on the people who are hijacking computers. The ads have to be traceable to the hijacker since that's how hijacker gets paid, and there should be logs and stats - otherwise how do they themselves get paid by their customers? S
Re: (Score:3, Insightful)
You are comparing selling something which requires the buyer to willingly do harm to themself versus taking over someone elses property without their permission and using that property for personal gain (while annoying a shitload of people at the same time). If someone wants to harm themself, then I say make it legal, however using someone elses property for personal gai
Re: (Score:2)
Re: (Score:2)
Do you really think a legit advertising company would want to be associated with malware and to even be seen as encouraging it?
Also it's not fair if the annoying kids vandalize computers for fun get whacked with a big stick but the people making money from doing the same illegal thing get clean away.
Same goes for Sony's roo
Re:Follow the Money (Score:5, Funny)
Money from DDOS (Score:5, Funny)
Hey,
Cut up any part of the snake! (Score:5, Insightful)
1) The asshat hackers who spread the worm
2) The companies that pay asshat hackers to shovel their crapware
3) The stupid people who actually give money to crapware companies and keep them alive
Honorable mention:
4) People who can't stop their system from being zombified.
Re:Cut up any part of the snake! (Score:4, Funny)
You hate my grandma?
Re: (Score:3, Insightful)
Re: (Score:2)
Of course the first two should be crimes, but anyway...
Re: (Score:2)
Did he get it? (Score:5, Interesting)
Re: (Score:2)
Also in TFA it links to another article where I guy listened in on an irc control channel and eventually followed instructions to a flood of spam running through the botnet which shows that these guys are at least making cash renting out bots to spammers.
Re: (Score:2)
Re: (Score:2)
Trivial to break thisinfections (Score:2)
Fixed. (Score:5, Insightful)
I seriously doubt this guy deserves the moniker "hacker". More like thieving annoyance to all of humanity.
TLF
Re: (Score:2)
And to combat it (Score:2)
The only problem here is a need for an internet connection, which is clearly taken care of if infection are a worry.
Re: (Score:2)
Oh, Canada! (Score:2, Funny)
>103 in the United Kingdom, 756 in China and about 5,800 in other countries.
20 PCs in the whole freaking country? I am proud to be Canadian for once.
Re: (Score:3, Funny)
"Business Model"? (Score:2)
I'm sure if this happened to the
Does not sound too profitable (Score:2)
He likely spend much longer in preparation of the worm, and once the exploit is fixed the worm recognised by scanners and the pool of vulnerable pcs exhausted his income will dwindle until the next big exploit.
So at most he can make a couple hundreds per month.
Addidtionally he cannot sue for his payments and is totaly dependant on the good will and honesty of companies that generally don't seem to have any. And he risks being caught and prosecuted.
Why would
Old News (Score:2)
$430 in one day? (Score:2)
That's not exactly a lot of money - and I doubt he's earning that *every* day.
I don't see what the big deal is.
Re: (Score:2)
Survival of the fittest (Score:2, Insightful)
voluntary nets (Score:3)
I'd join one, why not? This is one reason why the online advertising model will eventually fail. You never really know if a computer or a real human being is on the other end of the connection.
I'd set up a box with Xen partitions and join multiple times.
Infecting thousands of Virtual Machines (Score:2)
only $430? (Score:2)
who said no one ever made money out of Vindows (Score:2)
Re: (Score:2)
Place a curse on DollarRevenue [i-curse.com]
Re: (Score:2)
One would do much less time for, say, shoplifting $500 worth of stuff, or starting up a pyramid scheme of some sort
Re: (Score:2)
*Even E-Bay sellers can't do as well.
This says more about the poor returns from selling shit on e-bay than it does about how good selling botnets is. ~$120k (based on 280 days of work per annum, which is about right) sounds great, until you realise that you'd have to work damned hard for it, it isn't a reliable source of income, and doesn't come with any benefits. Add to that the fact that I sincerely doubt this guy could find 280 botnet customers in his lifetime,
Re: (Score:2)
The article says:
"He's earning more than $430 in a single day with DollarRevenue, and that's not the only piece of adware he's installing. He's installing others and also renting his botnet out to spammers"
Re: (Score:2, Interesting)
-Mike
Your math is bad: $430/day = $67K/year (Score:4, Informative)
Try it this way. 240 working days a year x $430/day = $103,200
If you're an independent contractor, expect something like 35% tax.
That gets you down to about $67K/year.
Re: (Score:3, Funny)
Riiiiighhht. I can just see the tax form now:
TAX FORM 2006/7
Answer all questions in full, or write "NOT APPLICABLE" if the question does not apply
How much money did you earn in the tax year 2006/2007? $103,200
What was the source of this income? Illegally hacking overseas computers, extorting money through making DDoS threats
Re: (Score:2)
MOD UP! (Score:2)
It works in doing what it can, it doesn't try to do anything that it can't, it doesn't cry bloody murder about the natural background noise of scans which it successfully blocked, and it doesn't try to be too smart and parse protocols.
Amen. I've been saying for years now that even attempting outbound filtering *based on the identity of the process sending the packets* is an excercise in pointlessness. Unless you want to have to approve every req
Re: (Score:2)
You only have to reboot to disable your firewall if you are at securelevel 2, a level normally reserved for times when you are busy repairing your tin-foil hat.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That's not a problem I've had. The pre-SP2 firewall mostly works. You just need to remember not to connect to the net until you're sure it's active (it isn't at boot times, and it isn't by default, so you have to remember to switch it on).
Re: (Score:2)
Because everything I've seen for that price is *not* a firewall, but an NAT router. NAT routers are not firewalls, and shouldn't be relied upon for security unless you know that they drop source-routed packets. If you're able to test this, fine. If the manufacturer describes the product as doing this, fine. If there's a config option for it, switch it on and fine. But if none of these is true (which is the case most of the time somebody set
Re: (Score:2)
What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'
"Why not simply a hardware router/firewall f
Re: (Score:2)
True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.
In other words don't get a hardware firewall because it mightn't be configured correctly. That fails the logic test. The last adsl modem+router I tested was by
Re: (Score:2)
The same applies to a virus scanner. The lastest virus disables [spywareguide.com] it as well as the Windows 'firewall. How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.
Re: (Score:2)
If your virus scanner is working, it will catch the virus before it has a chance to execute. If it doesn't work, there's nothing that can prevent this, firwall or otherwise.
How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.
If I knew how it worked it wouldn't be common sense. But it's worth noting that over the last 12 years of Internet & BBS use,
Re: (Score:2)
Re: (Score:2)
Can you please tell us on what OS you need to recompile the kernel on evey patch? I thought everything (including apps) auto-updated these days.
Re: (Score:2)
I think you're correct about a cultural divide, but that's certainly not the entire story. And while 'keep your machine(s) updated' is the first line of defense, that's not the entire story, eith