tomhudson's Journal: The Alexander Peter Kowalski threads ... with pics

For those who are wondering wtf is up with the "apk troll" stuff - just follow the magic linkies. The guy is a real nutcase.

http://www.jeremyreimer.com/phpbb2/viewtopic.php?t=4128 The "I have a lawyer and I'm going to sue the Internets" thread - very funny. Thee are updates on subsequent pages mixed in with the comments. Warning - it's 22 pages.
http://arstechnica.com/civis/viewtopic.php?f=23&t=891505&p=16510422#p16510422 - a collection of apk (Alexander Peter Kowalski) spam.
http://arstechnica.com/civis/viewtopic.php?f=17&t=1046804http://www.thorschrock.com/2008/05/19/how-to-respond-when-people-threaten-to-sue-you-on-the-web/
http://arstechnica.com/civis/viewtopic.php?f=17&t=1046804
http://arstechnica.com/civis/viewtopic.php?f=23&t=453001
http://www.jeremyreimer.com/APKware/index.html screenshots

After getting kicked off a few other places (ntcompatible, etc) needs to find another place to push APK "toolkit" so he got himself an account on sourceforge with nothing in it - no projects, no code, and started
http://slashdot.org/comments.pl?sid=161862&cid=13531817 http://slashdot.org/comments.pl?sid=158310&cid=13263898&threshold=-1&commentsort=3&mode=nestedsecond sighting on slashdot

If you follow the non-slashdot threads, you 'll learn that:

1. APK is 44 years old and really does live still with one or both of his parents (or another relative);
2. APK can't write software for shit;
3. APK stopped hosting it with download.com because he could use the $80 fee for buying better hardware instead (no wonder he posts on a 400hz computer),
4. His "programs" generally consist of nothing more than easy-to-code front-ends to edit ini files (his "graphic accelerators", for example) in Delphi, or "code that will remove duplicate entries from a hosts file" (never heard of cat /etc/hosts | sort | uniq > hosts.uniq)? Oops, my bad - Windows only - so grab a copy of cygwin instead :-)
5. his fav. languages as of 2 weeks ago are Delphi and RealBasic

   I am more of a fan of tools like REAL BASIC and DELPHI because they produce "True executable files", not just runtime interpreted & slower bytecode.

It didn't take him long (2 days) before he was pushing his out-of-date "look at my guide for making Windows secure" crap.

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK."[/b] - Kings Joker, user of my guide @ THE PLANET

One-trick pony. The claim that a hosts file will block all malware was thoroughly debunked by the release of malware that dynamically generates new host names based on some algorithm, then tries to connect to them - the botmaster only registers those hosts names a day or two before. Until the host name is generated, there's nothing to block, and the hostname generation doesn't have to be predictable (eg: time-based) - the "seed" can be planted anywhere in the system, or even as the result of applying an algorithm to the results of a search engine query on a phrase such as "big black dogs".

Simple example:

• do a search on yahoo for "big black dogs";
• take the 2nd letter of the url for each of the top 10 results on the 10th page.
• if you're the botmaster, register that domain.
  if you're the bot, go to that domain for commands

which might result in "issaraioeh.com"

Obviously this is a very naive way of generating urls - there are much more effective ways of using publicly-available info to generate c&c urls that can't be anticipated a couple of days in advance, but that will change every 24 hours, but even this simple example shows that the statement that "hosts files can block malware" is so 20th century. For example, the 3rd-to-last letter of the first 12 words in the first article of the day on slashdot. Keep the last few days, and this way, the bot can even tell when each control domain is taken down, and act accordingly (for example, using another channel to warn other bots that the "last known good" is no longer good, and to go into a default "wait mode" or use a secondary generation algorithm to go to another c&c site devoted to using the botswarm to attack, rather than serve malware - great if the days' domain has been redirected so that it now serves up a "this site is malware" page).

But what can you expect - "i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month" is not the sort of quote I would use as a reference. 400hz computer? Even a 400mhz Pentium II is really out of date ... April 1998 - more than 12 years ago.

Feel free to add anything I've missed.

Disappointed

[gmhowell]

I'm disappointed that this post has been up for this long, and he hasn't come in to spew his shit all over it.

Re:

[tomhudson]

That's because he's "busy" elsewhere.

He's also figured out that if we don't reply to him, or post w/o adding the karma bonus, his Anonymous comments just aren't visible to most users.

Oh well, today is another Stupid Landlord Trix entry :-)