Botnet Business Model Comes to Life

consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."

Everybody wins! (sort of.)

[JonTurner]

And for those persons affected, how much will they spend on antivirus software or tech service to remove the problems? A bunch. Think of how many people simply choose to buy a new system when their old one suddenly "wears out" (e.g. slows down due to virus/spyware infestation). Everybody's happy but the poor sap who owns the infected computer.

The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.

Re:Everybody wins! (sort of.)

[fmobus]

This is a clear example of broken window fallacy [wikipedia.org]

Most bots are not resource hogs

[winkydink]

They're designed to stay under the radar. The longer you control the machine, the more money you make. Virii, etc... are a different story.

Which bring up an interesting concept.

[khasim]

They're designed to stay under the radar. The longer you control the machine, the more money you make.

When will we see bots that automatically patch their hosts, install anti-virus apps and lock down the browser?

After all, it's in the bot-master's best interest to maintain their bots.

They could even do some basic system improvements like hardware driver updates, defrag'ing the drives, cleaning out the browser cache and other temp files.

Re:

[jimicus]

They're designed to stay under the radar

Well in that case they're not designed very well.

Re:Most bots are not resource hogs

[Danga]

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

Or it's a sign of someone using a term that has pretty much become accepted now except by the language whores like you. When the OP said virii, I knew he was communicating virus in the plural form, so his communication worked. That is what language is for, communicating, as long as what you say is reasonably understandable by the people you are talking to then it is serving it's purpose. Grammar/English Nazi's such as yourself need to shut the hell up and complain about something that causes real problems such as young people growing up not understanding basic math such as trig/calculus.

Re:Most bots are not resource hogs

[PakProtector]

When the OP said virii, I knew he was communicating virus in the plural form,
(Emphasis added)

The point is that virii is not the plural of virus. Virus is the plural of virus in latin, and Viruses is the plural of virus in english. For Virii to even make sense as a Latin Plural of the Second Declension, the singular would have to be Virius. Not Virus. If Virus declined as a second declension noun, it would be viri -- confusable with the plural of the word that can be translated as 'hero or man' depending on context.

It's not that we're pedants -- I don't mind when someone corrects me when I'm wrong. What we're angry about is how ignorance has become acceptable. It used to be, when you were ignorant of something, you were corrected and you learned from it. How would you feel about this sort of behaviour if, instead of the virus/virri debate, it was TCP/IP/tubes debate?

Re:

[winkydink]

Language evolves. Deal with it.

Re:

[blincoln]

Language evolves. Deal with it.

I wouldn't really consider this an evolution of English, since it's some people making a mistake, instead of a new *rule* about pluralizing words that end in "us." Maybe if the people that write "virii" pluralized "bus" as "bii," "Prius" as "Priii," and "hummus" as "hummii," I'd be more inclined to support your point of view. Instead, it's one word, not even something as consistent as the *other* people who use the faux-German -en to pluralize nouns that end in "x."

Hey, maybe

Re:

[winkydink]

English is full of exceptions. "I" before "E" except after "C", etc... (Look! A comma before the etc and no space between it and the ellipsis!) I work for an anti-virus company. We use virii, thank you very much.

If you want a language with rigid rules, I suggest Esperanto. I'm sure the other 6 people who speak it will welcome you with open arms.

Re:

[sco08y]

Language evolves. Deal with it.

I can deal with the evolution of language, but can you deal with your "evolved" job application going in the garbage?

Re:

[Danga]

Languages evolve, yes, even because of ignorance. It used to annoy me too when people used "virii", but since I know what they are trying to say then their communication was succesful so why complain? This is not as big an issue like TCP/IP/tubes, this is just realizing some people say virii when they should say virus's, they came up with a synonym that makes no sense to anyone who knows latin but the number of people who know latin is minimal anyway to it's not a big deal. With TCP/IP vs tubes you lose

Re:

[PakProtector]

The day I can't devote even some fraction of my attention to all the little things in life if is the day the world starts to goto hell. It's the little things that count. Picking up that bit a of trash the guy walking infront of you threw to the ground instead of tossing in the garbage can five feet infront of him, breaking up a fight between two guys who are too drunk to realise how badly they could hurt each other, or asking that girl crying, "Are you okay?" The day I stop caring about one little thing

Re:

[DuranDuran]

I would mod you up if I had mod points!! Good on you, sir. :)

Re:

[PakProtector]

Certainly. Would you prefer to do it by my /. nickname, or my real name?

Re:

[bytesex]

but since I know what they are trying to say then their communication was succesful so why complain?

That's a mentality that bothers me - cavemen can have quite successfull communication using grunts, groans and farts. We didn't go through all this bloody progress just to have it broken down by imprecision. Two techies would understand each other when they said 'virii', but an overhearing Latin dude would go nuts over it. This is why, in your argument, it's perfectly Ok for a politician to be talking to a

Re:

[Danga]

In this case, people saying 'virii' are trying to show that they understand some principles behind Latin noun conjugation. But they don't; they're just grandstanding and it makes them look stupid.

I agree it makes them look stupid. All that I am saying is now that it is well known that people who say "virii" are idiots since they should have typed "viruses" why comment on it EVERY DAMN TIME. It is a waste of time to keep pointing it out to them as they prefer their way. I used to hate seeing "virii" but n

Re:

[blackest_k]

virii and boxen

the usage of both these terms seems to occur when talking about multiple occurances of a general type.
not multiple occurances of an individual type.
that is windows boxen is a collection of pc's running windows on a range of different hardware and virii are a collection of a range of different types of virus.

It certainly appears to be an attempt to distinguish between the physical box and the abstract idea of a box running a particular type of o/s. or just be cute ...
virii seems to correspond

Hail Caeser!

[ColdWetDog]

I dunno. When you started going on about the "Plural of the Second Declension" my eyes started to track funny, my head swam and this URL popped into my mind:

http://www.mwscomp.com/movies/brian/brian-08.htm [mwscomp.com]

Re:

[PakProtector]

Ave Caesar!

Re:

[dave562]

Here's the deal smart ass. Long before Slashdot was around, and long before you were on the Internet proving how tolerant you aren't, the people writing malicious computer coded decided that the plural of virus was virii. Just like more recently, "the group" decided that the plural form of "box" in the context of a "server" or "workstation" being a "box" is "boxen" and not "boxes". It's like "pirated software" is "warez".

All you're doing by posting your little verbal spew about proper use of English on t

Re:

[PakProtector]

Ignorance, sir, is something that there should never be any tolerance for.

Re:

[dave562]

Ignorance, sir, is something that there should never be any tolerance for.

Does that include ignorance of culture and "societal norms" within a given group?

Re:

[PakProtector]

I know Latin (I used to know it alot better.) If the Language is dead, sir, then why don't you quit disturbing its rest by fucking with it?

Re:

[EndlessNameless]

Did you ever stop to consider if you were being a dolt by ranting like that?

Speaking a clear, universal, and correct dialect is an important practice, as it allows us to communicate without problems to everyone else. Were you thrown off-track for a second the first time someone used the word "virii" around you? Has anyone you've known hesitated or been confused by it? The confusion--even if it is momentary--is completely unnecessary because WE ALREADY HAVE A PLURAL FORM OF THE WORD "VIRUS" that everyone

Re:

[Danga]

It is not my new word dipshit, all that I am saying is as long as I know what the person means then it is not an issue to me if they use virii or viruses. I used to hate "virii" too, but then I realized instead of complaining about it everytime someone used it I would just go the logical route and convert virii to viruses transparently in my brain. It takes minimal effort to do that and makes life easier overall.

Or pretty much anyone who isn't some pretentious poseur.

So if I said you should spell that as

Re:

[sumdumass]

I used to hate "virii" too, but then I realized instead of complaining about it everytime someone used it I would just go the logical route and convert virii to viruses transparently in my brain. It takes minimal effort to do that and makes life easier overall.

I'll admit I am the last person that should be getting pedantic on spelling or grammar. I think I already misspelled a dozen words in this post. But, and this is a bug but....

I have noticed that some things make it more confusing when you just let

Re:

[winkydink]

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

As is picking on the grammar and ignoring the content.

Don't English majors have a forum of their own to go play in? Thought so.

Re:

[rapidweather]

Everyone here knows there are alternatives to running Windows on PC's.

I use my livecd linux (screenshots below), and lately I have been installing the system on machines allowing booting without a CD, or a boot: prompt, using MSDOS batch files.

I keep Windows 98 on the boxes, sometimes formatting and doing a clean install, but without any internet connection applications (won't be needed, will be going onto the internet using Linux).

Not really necessary to partition the drive for a swap partition, when k

Thank to those hackers!

[d1g1t4l]

I earn $60/infected computer (to remove spywares)

Re:

[sumdumass]

Now all you need to do is get 400 some od dollars infecting them and reap the rewards.

How many $60 spyware removals can come from a $430 worth of infecting? I wonder if the ethics or legalities change with the direct relationship of intent. I mean infecting to become rich from adware companies verses adware companies becoming rich by selling advertisments to be displayed in infected computers verses infecting computers to get the business of removing the infections? That is if I hire a hacker/cracker to do

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[pipingguy]

A penny here, a penny there...who cares?

Re:

[deblau]

And for those persons who may not have gotten the reference, see the parable of the broken window [wikipedia.org].

Re:

[Al Dimond]

First, you don't need virtualization to "start fresh". You need backups.

So let's say you can easily back up to a known-good HD image (companies have been doing this for ages, often with the help of programs like Norton Ghost, which runs on a floppy disk under DOS, no fancy virtualization required). Put the antivirus folks out of business? Not so fast here. Don't viruses still infect your docs and executables? Won't users continue to create new documents and install new programs before realizing what's

Follow the Money

[AK Marc]

This seems to be rather simple to me. Make it illegal to have gains from hijacked computers. DollarRevenue is paying people to create exploits. Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up. The only problem is that this would have to be an international effort, and if the USA wore a t-shirt, it would be the one with "does not play well with others" written across it in large letters.

Re:

[winkydink]

There's still phishing, spamming, click fraud and data mining; all of these are currently being done with botnets. Wait until the bad guys get serious and try things like breaking encryption... Nothing like have 100k cpus at your disposal... then we all sh!t our pants.

Won't even dent real crypto

[Sycraft-fu]

You could throw every comptuer on the planet at a single 128-bit AES key and not break it until the sun goes dark, never mind 256-bit crypto. Remember: If you have something that can break a given 64-bit key for a given crypto system in 1 second it would take 584,942,417,355 years to break a 128-bit key in teh same system with the same hardware.

Re:

[winkydink]

Yes, AES is quite strong but is not the only encryption method used today; many weaker methods are still commonplace. I'm not saying one could use a botnet to break *any* encryption.

Re:Won't even dent real crypto

[Sycraft-fu]

Well it couldn't break any encryption protecting anything important. These days most things tend to either be protected with something trivial (like CSS or old systems with 40-bit crypto) which can be cracked on any desktop in a couple weeks at most or something essentially unbreakable (like AES or 3DES). Even 3DES, old though it is, is essentially uncrackable in a reasonable amount of time. The record for DES cracking is held by EFF's deep crack and that did it in 22 minutes. But let's assume you have a cluster many times more powerful, it can do 10 DES keys a second, and assume the algorithm is equally efficient on 3DES. Your time? 228,493,131 years. Sure it's an order of magnitude better than AES, but still doesn't get you anywhere.

That's the thing about crypto is that larger keys really make the problem harder. I mean look at distributed.net. They broke RC5-56 in 250 days, RC5-64 in about 5 years. Currently they've been working on RC5-72 for about 3.8 years and have searched a grand total of 0.35% of the keyspace. At the current rate they have a 50% chance of cracking it in about 500 years. Remember that the speeds you see represent what happens with a large network of computers that gets faster all the time as systems are upgraded, and also as more join.

So anything that doesn't have a cryptographic flaw and is talking about keys in the 110+ bits range means you just can't get any aggregate of computers together to break the key in any kind of reasonable time. I mean even a couple years is unreasonable in most cases. Never mind trying to keep a botnet up and running for that time, the data you get is likely to be worthless. We aren't talking nuclear secrets here, we are talking like bank SSL sessions. Cracking that 5 years down the road isn't likely to give you anything usable.

I just don't know of anything major online that's being protected with something that's good enough to thwart a fast desktop, but not good enough to thwart a network of 100,000 of them.

Re:

[jimicus]

We aren't talking nuclear secrets here, we are talking like bank SSL sessions.

If you've got software on someone elses computer, why bother cracking the bank SSL session? Just run a keylogger and pick up anything which looks like a username/password.

Or, if you want to be really smart (and I bet you anything you like if it hasn't been done yet, sooner or later it will be), replace the DLLs which handle SSL transactions in IE with versions hacked to log what goes on and report back,

Re:

[darkmeridian]

Yeah. At this rate, the US will get rid of spam by dropping computer-guided bombs at servers in China and Russia. It'll be kind of ironic, actually, the computer-on-computer violence.

Re:

[Beryllium Sphere(tm)]

>Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up.

Taking away the financial incentive and leaving the field to the ego-driven would certainly reduce the problem and give us room to breathe.

Unfortunately, DDoS extortion is a revenue stream that could keep botnets profitable even after cutting off the air supply of advertising money.

Re:Eliminate it without government intervention.

[CosmeticLobotamy]

We don't need the government to solve this problem.

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

The first step people will need to do is dump Windows completely.

There we go. Now we're being realistic.

Re:Eliminate it without government intervention.

[hullabalucination]

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

Amen, brother! 'Cause we've all seen what a swell job the gov has done with just a few billion of our tax dollars annually with this War on Drugs thing. Why, you can't even buy any street drugs in any American city today. Unless you take off your badge first. Or stand on the corner of 6th and Jefferson (doesn't make any difference which city; they all have a 6th and Jefferson) and ask around for 30 seconds. Other than that, drugs have just completely disappeared thanks to the fear and loathing visited on those Columbian cocaine barrons by the thing they fear the most: a Senate Subcommittee recommending new, "tougher" laws.

Similarly, it'll be easy as pie to lower the boom on all those Chinese/Romanian/Kenyan/Palestinian/et al malware authors and the Chinese/Eastern European spam operators doing business with them. Just as soon as we get extradition treaties signed with those nations. Oughta happen in the next century or so. Personally, I'm holding my breath and hummin' 'Onward, Christian Soldiers' while I wait for the sudden, earth-shattering shift in international law enforcement cooperation that is surely soon to come. 'Cause let me tell ya, there's nothing that gets Romanian law enforcement all worked up into a fit of righteous indignation faster than the knowledge that young Romanian hackers are raising themselves above the poverty line off the gullibility of millions of clueless American Windows users. At least, that's what their ambassador keeps telling our ambassador.

Could I interest you in a dime of meth while we're waiting?

* * * * *

Buying the right computer and getting it to work properly is no more complicated than building a nuclear reactor from wristwatch parts in a darkened room using only your teeth.
--Dave Barry

Re:

[CosmeticLobotamy]

I hear ya, man. All it would accomplish would be to make criminals out of recreational computer vandalism exploiters. Like we need more kids in prison.

Re:

[Millenniumman]

I generally do not support government intervention into business, but these companies are paying people to attack other people's computers, vandalizing their property. They should be shut down immediately, and the management should be arrested and forced to pay restitution to every affected user. The hackers should be forced to do the same. Then they can keep our sewers working for us for a few years, and clean up graffiti.

The root cause is jerks who like to hack other people's computers, and other jerks wh

Re:

[TheLink]

Well they are paying people to show ads. Which can be legal, so I don't think they should just shut them down just like that.

The problem is some (many?) of the people they are paying are hijacking computers.

So what should be done is the authorities should just ask them to cough up info on the people who are hijacking computers. The ads have to be traceable to the hijacker since that's how hijacker gets paid, and there should be logs and stats - otherwise how do they themselves get paid by their customers? S

Re:

[Danga]

Yeah! And they should make it illegal to have gains from selling liquor...no wait. I mean cocaine. Especially bad cocaine. Yeah that's it.

You are comparing selling something which requires the buyer to willingly do harm to themself versus taking over someone elses property without their permission and using that property for personal gain (while annoying a shitload of people at the same time). If someone wants to harm themself, then I say make it legal, however using someone elses property for personal gai

Re:

[Danga]

in my opinion ALL advertising that uses a persons personal information (address, phone number, e-mail, etc) and is not explicitly opted into by the person whose personal info will be used should be made illegal. Advertising on TV, while annoying, I can accept. Getting phone calls I do not wish to receive and having to sort through 100s of spam e-mails (How many fucking P3N15 En1@rg3r spams do I need to receive and spend time deleting every day) everyday is both annoying and a HUGE waste of my time. If th

Re:

[TheLink]

If they are paying people who make _unauthorized_ access to other people's computers, then all it takes is for them to cooperate with the authorities and soon the baddies won't get money.

Do you really think a legit advertising company would want to be associated with malware and to even be seen as encouraging it?

Also it's not fair if the annoying kids vandalize computers for fun get whacked with a big stick but the people making money from doing the same illegal thing get clean away.

Same goes for Sony's roo

Re:Follow the Money

[Shemmie]

We need a +1 Kinky

Money from DDOS

[Anonymous Coward]

Add that to the spam rental and DDoS extortion money and we have a booming business.

Hey, ./ editors! Increase your profit! Get money from sysadmins for NOT posting links to their sites!

Cut up any part of the snake!

[Kesch]

I don't know who to be angry at. My list includes in order of hatred from greatest to least:

1) The asshat hackers who spread the worm
2) The companies that pay asshat hackers to shovel their crapware
3) The stupid people who actually give money to crapware companies and keep them alive

Honorable mention:

4) People who can't stop their system from being zombified.

Re:Cut up any part of the snake!

[jaredcat]

4) People who can't stop their system from being zombified.

You hate my grandma?

Re:

[Anne Thwacks]

Not to mention the Sh*t US government who knows the name address and bank account details of the companies doing this, and does f*** all to stop them, while helping the **AA sue grannies and pre-teens. The "war on Terror" should start with the Bush administration!

Re:

[eraserewind]

Money the War industry donated to politicians > Money the **AA donated to politicians > money hapless & helpless PC owners donated to politicians.

Of course the first two should be crimes, but anyway...

Re:

[Kesch]

I lump them in with 3.

Did he get it?

[Godji]

While those infections could theoretically amount to that much money, did anyone actually pay the guy?

Re:

[Kesch]

Here's an answer in the form of a rhetorical question, "Would he be doing this if there wasn't money to be made."

Also in TFA it links to another article where I guy listened in on an irc control channel and eventually followed instructions to a flood of spam running through the botnet which shows that these guys are at least making cash renting out bots to spammers.

Re:

[DoninIN]

Ever hear of Amway? Or seen all those work at home ads? I don't know if he actualy got paid or not, but just like the "send one dollar to each of the names on this list" scams the meme may very well be better at spreading itself in the anticipation of of making some money than it is at making money.

Re:

[jimicus]

Obviously, I can't say for sure, but at a wild guess, I'd say that if you're going to be buying such a service from some dodgy hacker type, it's probably a good idea to pay them.

Trivial to break thisinfections

[WindBourne]

Ignore the fact that bad security in Windows is the cause of this. If you want to kill off bozo's like dollarrevenue and make a good dollar, simply create concurrent fake windows, do the infection, collect; kill it; repeat. You will drain the company or they will have to lower the rates or insist on longer infection time. Basically, this will remove the incentives from doing their dirty work.

Fixed.

[The Living Fractal]

"Researchers at the German Honeynet Project have discovered that a malicious script-kiddie earned about $430 in a single day installing spyware on computers in the latest Windows worm attack."

I seriously doubt this guy deserves the moniker "hacker". More like thieving annoyance to all of humanity.

TLF

Re:

[Lehk228]

IF that botnet was created by your own hands then yes, if you just downloaded the latest metasploit and installed BO2K you are not a hacker, you are a profesional script kiddie

And to combat it

[TLouden]

We have a new business modle based on LiveCD OSes which interface to web OSes (YouOS has been covered recently). This way, only the central servers for the web OS need to be highly secured and the rest is read-only and rebootable if anything goes wrong.

The only problem here is a need for an internet connection, which is clearly taken care of if infection are a worry.

Re:

[couchslug]

A "frugal install" on hard disk or compact flash is an excellent alternative to live CDs. You retain the use of your CD drive and of any other drives/partitions, and may create a persistent home directory or not as you wish. See the Damn Small Linux forums for info and help on setting up frugal installs. If anything gets hosed, you can easily use the same CD your installed with to repair any problems.

Oh, Canada!

[Anonymous Coward]

>In this case, Holz counted 998 installations in the United States, 20 installations in Canada,
>103 in the United Kingdom, 756 in China and about 5,800 in other countries.

20 PCs in the whole freaking country? I am proud to be Canadian for once.

Re:

[Kreigaffe]

Still, that 100% infection rate is nothing to be proud of.. ba-dum ching.

"Business Model"?

[deanj]

This is NOT a business model. This is hacking people's systems, without their knowledge, and using it for someone else's purposes. It's stealing, computing resources and the people's time that it costs to get rid of the stuff. I'd be willing to bet a lot of the people effected by this end up having to pay to have it removed (by Geek Squad or some other overpriced outfit).

I'm sure if this happened to the /. editor's systems, or whomever posted this article, THEY wouldn't consider this a "business mode

Does not sound too profitable

[Fëanáro]

This business does not sound too profitable to me.
He likely spend much longer in preparation of the worm, and once the exploit is fixed the worm recognised by scanners and the pool of vulnerable pcs exhausted his income will dwindle until the next big exploit.

So at most he can make a couple hundreds per month.
Addidtionally he cannot sue for his payments and is totaly dependant on the good will and honesty of companies that generally don't seem to have any. And he risks being caught and prosecuted.

Why would

Old News

[Jack9]

All online advertisers know that spyware makes money. It also burns your distribution pipes, but that's not important when you're going bankrupt. You'll see struggling NETWORKS use more and more ads, then more and more intrusive ads before outright spyware installs. 430$ a day is ridiculously small potatoes. A small ad network has access to 12 million unique IPs a day and you make thousands legitimately on that. Spyware installs get you the hundreds of thousands up front, when you need it and want out.

$430 in one day?

[Slurpee]

$430 in one day? So what?

That's not exactly a lot of money - and I doubt he's earning that *every* day.

I don't see what the big deal is.

Re:

[julesh]

Agreed. The skills required to set up a botnet are no easier to master than many other skills: the ones that can earn a consultant that kind of money before lunchtime, if he rolls into the office late in a day, for example. And about as reliable; I'd guess that this script kiddie's going to get no more than a few tens of jobs per year. There's not a whole lot of demand for botnets, and there's plenty of people will the skill"z" to create them. $8,000 per annum doesn't seem like a great salary to me. Ev

Survival of the fittest

[kotuday]

Its about who has the knowledge that survives.

voluntary nets

[drDugan]

The obvious next step is to create voluntary nets and distribute the profits.

I'd join one, why not? This is one reason why the online advertising model will eventually fail. You never really know if a computer or a real human being is on the other end of the connection.

I'd set up a box with Xen partitions and join multiple times.

Infecting thousands of Virtual Machines

[billstewart]

Unfortunately, at a maximum of $0.30 per machine, you're not going to make much money infecting yourself. Maybe with a few thousand virtual machines you can, and you've got the advantage that it's much faster and cheaper to clean a virtual machine than a real one :-) The problem there is that usually a virtual machine is going to cost you an IP address, so unless the DollarRevenue scumwaremeisters are going to accept lots of machines behind the same NAT, most people don't have the necessary resources exce

only $430?

[Khashishi]

When I write my ultimate badmalspyware, I'm going to blackmail the world for ONE MILLION DOLLARS. I'll be laughing at the schmo who only got $430.

who said no one ever made money out of Vindows

[rs232]

nuff said ...

Re:

[Lord Prox]

That doesn't sound like that is all that much to brag about. Since I don't think he will be getting many paychecks from said spyware company DollarRevenue [dollarrevenue.com]for likely TOS violation and subsequent slashdotting. Am I missing something here?



Place a curse on DollarRevenue [i-curse.com]

Re:

[megaditto]

Not only that, but penalties for 'hacking' are quite extraordinary.

One would do much less time for, say, shoplifting $500 worth of stuff, or starting up a pyramid scheme of some sort

Re:

[julesh]

Gosh, darn it! I'm in the wrong business.*

*Even E-Bay sellers can't do as well.

This says more about the poor returns from selling shit on e-bay than it does about how good selling botnets is. ~$120k (based on 280 days of work per annum, which is about right) sounds great, until you realise that you'd have to work damned hard for it, it isn't a reliable source of income, and doesn't come with any benefits. Add to that the fact that I sincerely doubt this guy could find 280 botnet customers in his lifetime,

Re:

[the_womble]

He made $430 in a day from Dollar Revenue alone. It is only part of his revenues.

The article says:

"He's earning more than $430 in a single day with DollarRevenue, and that's not the only piece of adware he's installing. He's installing others and also renting his botnet out to spammers"

Re:

[MLease]

TFA did point out that that's only one piece of adware he's installing. Multiply that by 10 or more. Then figure in the money from the botnet he's renting out to spammers. I'd say he's probably doing a lot better than you think.

-Mike

Your math is bad: $430/day = $67K/year

[xxxJonBoyxxx]

Your math is bad: $430/day = $67K/year

Try it this way. 240 working days a year x $430/day = $103,200
If you're an independent contractor, expect something like 35% tax.
That gets you down to about $67K/year.

Re:

[jimicus]

If you're an independent contractor, expect something like 35% tax.

Riiiiighhht. I can just see the tax form now:

TAX FORM 2006/7

Answer all questions in full, or write "NOT APPLICABLE" if the question does not apply

How much money did you earn in the tax year 2006/2007? $103,200
What was the source of this income? Illegally hacking overseas computers, extorting money through making DDoS threats

Re:

[WhatAmIDoingHere]

Developers!

MOD UP!

[julesh]

There's nothing fundamentally wrong with the XP SP2 firewall.

It works in doing what it can, it doesn't try to do anything that it can't, it doesn't cry bloody murder about the natural background noise of scans which it successfully blocked, and it doesn't try to be too smart and parse protocols.

Amen. I've been saying for years now that even attempting outbound filtering *based on the identity of the process sending the packets* is an excercise in pointlessness. Unless you want to have to approve every req

Re:

[TheRaven64]

The BSD idea of having one you need to reboot to disable is interesting, but probably too fiddly in practice. Security needs to be easy, or it doesn't get used.

You only have to reboot to disable your firewall if you are at securelevel 2, a level normally reserved for times when you are busy repairing your tin-foil hat.

Re:

[julesh]

In discussions like these, I find that this capability is often cited as a reason why BSD's software firewall is better than others. I disagree: it's a theoretical capability that's only useful in a minority of cases and doesn't improve security for the average user, for whom it's too damned inconvenient.

Re:

[TheRaven64]

It depends on the machine. If it's a dedicated firewall box on the edge of a network, facing the Internet, then it can make sense. The settings on these machines should only be altered in response to a corporate policy decision. There is no downtime involved if you have redundant firewalls (you do have redundant firewalls, right?) and the minor added inconvenience of having to reboot to make the change is much lower than the inconvenience to an attacker of being forced to reboot (which will generate log

Re:

[julesh]

the most important thing is to try to install xp sp2 before the first network connection. or else, sasser and his friends will be there in no time (usually even before you have finished to download the sp2, let alone installed it)

That's not a problem I've had. The pre-SP2 firewall mostly works. You just need to remember not to connect to the net until you're sure it's active (it isn't at boot times, and it isn't by default, so you have to remember to switch it on).

Re:

[julesh]

Why not simply a hardware router/firewall for a lousy 20 bucks?

Because everything I've seen for that price is *not* a firewall, but an NAT router. NAT routers are not firewalls, and shouldn't be relied upon for security unless you know that they drop source-routed packets. If you're able to test this, fine. If the manufacturer describes the product as doing this, fine. If there's a config option for it, switch it on and fine. But if none of these is true (which is the case most of the time somebody set

Re:

[rs232]

"make sure Windows firewall is turned on prior to connecting. Period. Do not muck things up with such well-intentioned but poorly-executed crap such as what is on the "personal firewall" market today.

What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'

"Why not simply a hardware router/firewall f

Re:

[julesh]

What extra functionality does the Windows firewall provide that the others don't. A software firewall is no protection at all as once you've opened the attachment or clicked on a URL you get infected and the first thing the virus does is disable the 'firewall'

True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.

In other words don't get a hardware firewall because it mightn't be configured correctly. That fails the logic test. The last adsl modem+router I tested was by

Re:

[rs232]

True. Which is why you need to (a) execute common sense and (b) have a good virus scanner.

The same applies to a virus scanner. The lastest virus disables [spywareguide.com] it as well as the Windows 'firewall. How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.

Re:

[julesh]

The same applies to a virus scanner. The lastest virus disables it as well as the Windows 'firewall.

If your virus scanner is working, it will catch the virus before it has a chance to execute. If it doesn't work, there's nothing that can prevent this, firwall or otherwise.

How does the users common sense detect when a URL links to a malicious script or if an attachment is unsafe.

If I knew how it worked it wouldn't be common sense. But it's worth noting that over the last 12 years of Internet & BBS use,

Re:

[nizo]

First good thing to have is a lawyer on retainer.

Re:

[the_womble]

at least on Windows it's just a few clicks, no need to recompile the kernel

Can you please tell us on what OS you need to recompile the kernel on evey patch? I thought everything (including apps) auto-updated these days.

Re:

[VENONA]

What if Windows patches aren't made available in a timely fashion, or at all? Or broken patches are issued? To be fair, it's not *only* Windows. I've also had a couple of encounters with proprietary Unix vendors who denied or downplayed vulnerabilities. But it's *mostly* a Windows problem, and by a very wide margin.

I think you're correct about a cultural divide, but that's certainly not the entire story. And while 'keep your machine(s) updated' is the first line of defense, that's not the entire story, eith