How many man hours are wasted pen testing or setting up security just so that client after client can fail to remain compliant as time goes by?
How many billions of dollars are wasted every year by large corporations failing to secure their data?
Why not just start writing viruses that go out, patch vulnerabilities, throw a middle finger and erase / kill process?
Target the weakest link and do something about it. In fact I feel if a company is "caught" doing this it shouldn't even be considered illegal. This should be considered the future of anti-malware.
Today I was helping a computer illiterate classmate set up some engineering software, and to make idle chat I tried to explain to her Moore's law. And I had to add the caveat that some people felt Moore's law was breaking down.
And I said, what we need today is to focus not on how recklessly we can double computing power but how responsibly we can mitigate threat. And if you follow any of the bevy of pen testers with twitter accounts you'll read long, long lists of newly discovered vulnerabilities every day, many of them quite sweat-inspiring.
There should be a new "law" that describes the increase of threats across some variable like time, or complexity, or something like that.
Anyways the future of anti-malware is likely to be "vigilante ware" whether we like it or not. Some body will get it up their ass to write things like this that don't come with catches like back doors or other worries, and will just start distributing them as 0-day attacks.
With thousands of new pen testers and potential malware authors trained every year, I don't see how the millionth monkey effect can be avoided.
I see people here posting analogies about breaking into your house and doing your dishes. That's fine but this malware is an easy target because of the back doors.
What if you came home and that ugly dirt patch surrounded with paving stones along the front of your house (what the hell is that thing) had been planted with an appropriate selection of flowers to match your "paint"? How are you even going to pursue charges? Who would you be capable of getting interested in finding out whodunit? Probably nobody.
Eventually vigilante ware will be everywhere and I doubt anybody's going to get all that upset about it.
And no, this is not a manifesto.