×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zeus Attackers Turned the Tables On Researchers

CmdrTaco posted more than 3 years ago | from the escalating-your-race dept.

Security 119

ancientribe writes "The attackers behind a recent Zeus Trojan exploit that targeted quarterly federal taxpayers who file electronically also set up a trap for researchers investigating the attack as well as their competing cybercrime gangs. They fed them a phony administrative panel with fake statistics on the number of Zeus-infected machines, as well as phony 'botnet' software that actually gathers intelligence on the researcher or competitor who downloads it."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

119 comments

Why can't we have commercial software like this? (5, Insightful)

mlts (1038732) | more than 3 years ago | (#34123818)

I'm being a bit sardonic here, but why can't we have commercial software that we pay for this well thought out? Of all the categories of software (games, utilities, Office suites), malware has evolved from being CPU/disk/memory hogs to some of the leanest and most well coded executables that ever hit a CPU on the planet.

Re:Why can't we have commercial software like this (3, Informative)

miffo.swe (547642) | more than 3 years ago | (#34123912)

Because they have an incentive your normal software maufacturer doesnt have. It has to work as supposed to it has to ship.

Give current software companies a reason to code properly and the quality will take a big jump with almost no effort at all. Like, i dont know, any guaranties whatsoever the stuff works?

Re:Why can't we have commercial software like this (3, Insightful)

rastilin (752802) | more than 3 years ago | (#34124002)

That's a very good point. Pretty much every piece of software out these days has a EULA declaiming responsibility for anything that happens with the software, up to and including serious financial harm. If your toaster catches fire and destroys something, you would obviously expect the people who made it to be held liable; not so with software. If Communism proved anything it's that if you uncouple effort from reward, people won't go the extra mile (and spend money to get there).

Re:Why can't we have commercial software like this (2, Insightful)

Desler (1608317) | more than 3 years ago | (#34124032)

Pretty much every piece of software out these days has a EULA declaiming responsibility for anything that happens with the software, up to and including serious financial harm.

And just like with pretty much every piece of open source software as well?

Re:Why can't we have commercial software like this (2, Insightful)

icebraining (1313345) | more than 3 years ago | (#34124680)

Yes, but most of the OSS is gratis, so a warranty wouldn't make sense, because there's no sale.

If I were to pay for that OS software, I'd expect a warranty like in any other sale.

Re:Why can't we have commercial software like this (1)

rwven (663186) | more than 3 years ago | (#34124682)

The OP never stated that he was only talking about closed-source software....

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34125058)

Open source software is software, no? OP didn't say anything about the method of creation.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34126562)

The difference is that FOSS programmers tend to also USE their software. So the effort is not uncoupled from the reward. But, good thinking.

Re:Why can't we have commercial software like this (1, Flamebait)

Yvanhoe (564877) | more than 3 years ago | (#34125088)

You can usually pay more to have guarantees. Militaries and industries sometimes do that. Are you ready to pay more money (like 2x or 3x) for software ? Arguably Apple does (used to do) a good job in this area.

Re:Why can't we have commercial software like this (0, Troll)

sexconker (1179573) | more than 3 years ago | (#34125514)

You can usually pay more to have guarantees. Militaries and industries sometimes do that. Are you ready to pay more money (like 2x or 3x) for software ? Arguably Apple does (used to do) a good job in this area.

Arguably?
I think you mean "ignore and discredit all legitimate concerns"-ably.

Apple is like the Iraqi information minister and the KGB rolled into one when it comes to:

Silencing complaints on their own forums
Holding press conferences to lie about design defects
Advertising about their superior security while silently patching dozens of exploits months after they're made public
Releasing products that simply don't work (Time Machine, anyone?), only to patch them to almost working months later
Charging for updates and blaming SarbOx and accounting rules (The truth is they don't want to disclose to investors how much development and support costs are for particular products each year, because that will hint at when they're end-of-lifing products and rolling out new ones. Instead, they list those costs as fixed and not continuing, then say the updates are wholly separate endeavors.)

I'll shit on Apple's products all day long because they suck, but if some people like them, that's fine.

But there is no way anyone with a brain can honestly say Apple's products are technically superior, or that they handle their shit better than any other tech company.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34126380)

Devil's advocate: Apple has not done anything that other company's have not. Killing forums articles? I know a number of places that will do that. Press conferences for damage control? Yep. Charging for updates and pointing the finger at SOX? I have seen some strange things in the name of Sarbanes-Oxley compliance including SOX compliant ball gags. Security? Yep. Releasing stuff because the marketing department says so even though it doesn't even build? Yep.

In fact, this sounds like almost every hardware and software maker out there.

Re:Why can't we have commercial software like this (0)

the_hellspawn (908071) | more than 3 years ago | (#34128142)

"If Communism proved anything it's that if you uncouple effort from reward, people won't go the extra mile (and spend money to get there)." I do not agree with that.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34129976)

It has to work as supposed to it has to ship.

If this sentence had been malware then it might have been better thought-out.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34123914)

This only happens when the coders profit directly from their work. As long as they're paid a salary to crank out code for someone else, they'll only do what they have to.

Re:Why can't we have commercial software like this (3, Informative)

Nadaka (224565) | more than 3 years ago | (#34124056)

This isn't really the case. Often we face the situation where we can either not get management to allocate time to fix something, or permission to merge an existing fix into the main branch. A lot of bugs are known and developers want to fix them, but can't.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34124242)

Damnation, I thought we drove all you Microsoft devs out from here a long time ago!!!!!!

Re:Why can't we have commercial software like this (1)

miffo.swe (547642) | more than 3 years ago | (#34124246)

This is where i feel some sort of law should be put in place to put pressure on management. It has to be punished to willfully ship faulty software. Right now its just a PR problem some companies just throw stuff like SDL at (and then just ignore it internally).

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34124494)

As someone who has been in the position of putting software into production use (internally) that was known to be unproven (to put it mildly), I think you'd have to impose the death penalty in a particularly slow, public, and humiliating way for that to work. Though it might be a good idea to try.

Re:Why can't we have commercial software like this (1)

icebraining (1313345) | more than 3 years ago | (#34124722)

Like a two year minimum warranty? The EC is looking into that [cnet.com].

Re: Two year minimum warranty (0)

Anonymous Coward | more than 3 years ago | (#34126606)

I've moderated this +1 Interesting, but I wanted to note that that article is a year and a half old (2009-05-09) and therefore might have since been successfully repressed by the BSA and similar powerhouses.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34123980)

I'm being a bit sardonic here, but why can't we have commercial software that we pay for this well thought out? Of all the categories of software (games, utilities, Office suites), malware has evolved from being CPU/disk/memory hogs to some of the leanest and most well coded executables that ever hit a CPU on the planet.

Autocratic program management and immediate, process-lethal negative feedback.

And like any high impact criminal activity, vast egotism in clever design and ultimate control.

Re:Why can't we have commercial software like this (4, Insightful)

ObsessiveMathsFreak (773371) | more than 3 years ago | (#34123996)

You can't get it because you are unable or unwilling to pay top dollar for quality software that works. By contrast Botnet owners, Wall St firms, and the Chinese government are willing to pay top dollar for software which functions perfectly and reliably and indeed do so.

It should also be noted that when software companies attempt to cross such buyers by providing less than stellar product, they tend to end up regretting it. The average user by contrast keeps buying Windows, Office, Norton and DVD codec software no matter how much they get burned. The incentive to produce quality software for the general user simply doesn't exist.

Re:Why can't we have commercial software like this (3, Insightful)

miffo.swe (547642) | more than 3 years ago | (#34124084)

It has nothing to do with the cost of the software. Extremely expensive enterprise software are often just as crappy as any cheap crap out there, sadly sometimes even worse. The difference is that the expensive software has highly trained personnel supporting it, carefully not doing anything not throughly documented and tested.

Personally im convinced laws demanding responsibility from software firms would benefit them as well as it would put an end to the feature frenzy from the marketing departments. In the end the software would be cheaper to develop and manage, not more expensive.

Re:Why can't we have commercial software like this (1)

jwinster (1620555) | more than 3 years ago | (#34125422)

This.

Money helps develop good software of course, but it doesn't change the fact that bad software engineering practices lead to bad software. No matter how much money is thrown at it, it won't make your teams do things in a manner close to "the right way."*

* Definitions may vary

Re:Why can't we have commercial software like this (1)

powerlord (28156) | more than 3 years ago | (#34127008)

It has nothing to do with the cost of the software. Extremely expensive enterprise software are often just as crappy as any cheap crap out there, sadly sometimes even worse. The difference is that the expensive software has highly trained personnel supporting it, carefully not doing anything not throughly documented and tested.

After watching a "big name" wall street firm experience multiple outages in a new trading system, ultimately bringing it down for DAYS, as the users talked to the OVERSEAS developers I would agree that money paid isn't always an indication of quality.

(the only reason it probably didn't make headlines is that the old system was still in place for redundancy as they ramped up the new one, so from an external perspective nothing happened ... which is as it should be)

Re:Why can't we have commercial software like this (1)

Dunbal (464142) | more than 3 years ago | (#34124078)

but why can't we have commercial software that we pay for this well thought out?

What, you think your commercial software isn't covertly tracking you and gathering data on you?

I invite you to look at your TCP connections and all those instances of svchost.exe running on your system... and you never had to click "Allow" to let them communicate over the net.

Re:Why can't we have commercial software like this (2, Informative)

clone53421 (1310749) | more than 3 years ago | (#34124304)

I invite you to look at your TCP connections and all those instances of svchost.exe running on your system... and you never had to click "Allow" to let them communicate over the net.

And I invite you to use SysInternals’ Process Explorer [microsoft.com] and find out what those actually are [ompldr.org].

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34125212)

I think Vista introduced a change to taskmgr which supports right-clicking on a process to discover its hosted services. Or you can just run tasklist /svc.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34125064)

This is almost as stupid as claiming SELinux was spyware coded by the NSA to infect Linux. What is it with the relation between aging and lunacy in some people?

Re:Why can't we have commercial software like this (4, Insightful)

toygeek (473120) | more than 3 years ago | (#34124088)

Why don't commercial programs have such high quality and thought out design? Simply because there's not enough money in it. The writers of these programs (the Bad Guys(TM)) make far more money on their work than legit companies do. Plus they have real reasons for being so good: stay out of the gulag. How do you think products like Norton Antivirus got to be such pieces of crap? Make what sells instead of what works. The Bad Guys(TM) have the exact opposite motivation. Make what works, and the money starts coming in. They sell to vulnerable machines and other Bad Guys(TM) and if it doesn't work well, their paycheck doesn't get very big.

In other words, big companies don't need good programming and quality checks. They have marketing departments.

Re:Why can't we have commercial software like this (1)

hesaigo999ca (786966) | more than 3 years ago | (#34126410)

I never saw it that way, being a developer myself, I tend to want to not believe what you say, but the model is appallingly apparent. If we saw money based on if our software works instead of just by selling this greatly packaged piece of crap, you might make windows come down to its knees.

It would be nice to start having a new business model for softwares at the office where the usage is rated based on how many bugs there are, thereby affecting the monthly rate to use the software.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34126520)

Not only that, but nowadays, people have become so desensitized by poorly written software in the past, that despite paying for them, they actually expect the software they bought to crash every once in a while. They honestly believe that if a program breaks, they can just run it again, and it will work better the next time, despite the whole point of a program being to run exactly the same under the same conditions.

As a result of this, peopl-- I mean, consumers, expect all software to be buggy and unpredictable. There is no market demand for well-written code.

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34128016)

"They have marketing departments."
- and lawyers ;) Lots of 'em

AC

Re:Why can't we have commercial software like this (2, Interesting)

CODiNE (27417) | more than 3 years ago | (#34124144)

Because those aren't what marketing prioritizes. Generally a company needs to sell the software and get it out it's doors, how well it performs only affects some vague future release. Botnet guys live or die by the performance of their software, they can take the time to get it right and "when it's ready".

So the lesson is, if you want to make quality software that makes you beam with pride, stuff you could put in "Beautiful Code" you ought to be a virus writer. ;)

Re:Why can't we have commercial software like this (0)

Anonymous Coward | more than 3 years ago | (#34124194)

I'm being a bit sardonic here, but why can't we have commercial software that we pay for this well thought out?

Because they don't have the same marketing departments forcing out premature releases.

Re:Why can't we have commercial software like this (0)

bouldin (828821) | more than 3 years ago | (#34124308)

One quick observation: system-level programmers tend to be talented and have a high degree of skill, while application programmers, in many cases, do not have the same level of education or expertise.

I would guess most of the criticism below towards commercial software is directed towards application software.

An advanced malware author is almost certainly going to fit more into the systems-level programmer category. These are not people who just picked up a C# book three years ago. These are people who eat, sleep, and breathe computer science.

Size of teams and software are probably also a factor. Malware is probably going to be written by a handful of focused programmers, not a 300-person team using five kinds of bloated "platforms."

Re:Why can't we have commercial software like this (1)

bouldin (828821) | more than 3 years ago | (#34128086)

ha, I struck a nerve and some app programmer modded me down.

Re:Why can't we have commercial software like this (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#34124576)

I'm being a bit sardonic here, but why can't we have commercial software that we pay for this well thought out?

What are you talking about? We totally do!

That program that Jim in IT whipped up last night? It doesn't actually calculate the revenue for this quarter, it just displays a pre-made chart when you press the button, thats all. Basically the same thing here.

ill tell you (1)

chronoss2010 (1825454) | more than 3 years ago | (#34124760)

because were not the type of people, that sell our souls for cash....and when we want something to work , we make it happen and happen right. its why you will never succeed in the USA ACTA takeover monetization of the internet

Re:Why can't we have commercial software like this (1)

KiloByte (825081) | more than 3 years ago | (#34124784)

malware has evolved from being CPU/disk/memory hogs to some of the leanest and most well coded executables

Except for a time in early 2000s when there was a slew of trojans written in Visual Basic and such, malware used to be lean. Don't you remember those 200 byte long viruses from 1980s?

Re:Why can't we have commercial software like this (1)

mcgrew (92797) | more than 3 years ago | (#34128376)

200 bytes? That was a BIG virus in the 1980s! There were viruses twenty bytes long back then. But of course, all software was a whole lot leaner, by necessity.

Because this software is simple and single-purpose (1)

gosand (234100) | more than 3 years ago | (#34125548)

Most "commercial" software must do everything (or multiple things) and by nature are complex. But to your point, what would YOU be willing to pay for, and can you give examples? Everyone likes to pick on MS Office, but I use it at work, and it does a ton of stuff all pretty well. Integration with Outlook and other MS apps is not all that bad considering the scope. But, that's big and complex, and has a UI. You're making a comparison of apples and tomatos.

Forgetting Linux apps completely, I'll pick an app that does fit your criteria... Irfanview. Small, robust, fast, and well worth the price - free. I am sure with a little thought you can come up with some too.

Re:Why can't we have commercial software like this (1)

wolfgang_spangler (40539) | more than 3 years ago | (#34125990)

You have clearly not reverse engineered malware before.

There is good, well written, well thought out stuff out there. But it is not the norm.

Re:Why can't we have commercial software like this (1)

Securityemo (1407943) | more than 3 years ago | (#34126822)

For a simple reason: coding exploits is fiddly, extremely fiddly, and if all the code is constructed using tweezers and needle by an exploitation expert it becomes secure almost automatically?

Deviously creative, but... (2, Insightful)

Arancaytar (966377) | more than 3 years ago | (#34123842)

Come on, who wouldn't have thought of that?

Re:Deviously creative, but... (2, Insightful)

somersault (912633) | more than 3 years ago | (#34123928)

All the other groups who run botnets, apparently.

Re:Deviously creative, but... (0)

Anonymous Coward | more than 3 years ago | (#34124192)

Schools today help those that fit a certain pattern, and as time passes that pattern becomes more and more finite. It's also the reason why innovation is so slow today. IT geeks today are either self-taught or school bred. Meaning those self-taught crackers are not limited by the school they were formed like the researchers. IT is probably the only field in existence where self-taught is better than school.

Re:Deviously creative, but... (1)

halivar (535827) | more than 3 years ago | (#34124362)

The researchers weren't fooled for long. While crafty, this sort of thing can only work once: the researchers now know to look for this sort of thing, and are less likely to be fooled a second time. Also, the data collected may be of questionable value.

Re:Deviously creative, but... (2, Insightful)

Monkeedude1212 (1560403) | more than 3 years ago | (#34124442)

Point is though - the bot net operators now know who is gunning for them. This is a disadvantage for the researchers, it'll make it harder for them to track down the operators.

One of the first things they found out... (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34123844)

And one of the first things they found out was that CmdrTaco's wife fucks at least 10 niggers a night and they have full HD video streams of it. She's just not satisifed with his 10 micrometer long dick.

I almost admire them (3, Insightful)

tygerstripes (832644) | more than 3 years ago | (#34123856)

The devious, insidious bastards. It's exactly the sort of thing your average armchair-spamming-fantasist would concoct before decrying that the world is full of idiots and they would make a much better criminal, if only they had the time to learn how to code. I mean, it's creative and ridiculous on a par with bad-scifi plot twists.

A bit scary but, well, I'm impressed.

Re:I almost admire them (4, Funny)

AnonymousClown (1788472) | more than 3 years ago | (#34124098)

I mean, it's creative and ridiculous on a par with bad-scifi plot twists.

Bad sci-fi? I was thinking more of a Hollywood movie. The hero, a very smart well dressed man in some secret spy agency, let's say MI6, goes after the coders. Now, after using all of his super secret gadgets to infiltrate the the hackers headquarters, he's caught. BUT one of the hackers likes him and she becomes his ally, let's call her Boobies Mucho (She's Latina). Now Boobies frees this secret agent only for both of them to get caught, tied up, and hung over a tank of mutated guppies. These guppies have big teeth! And as an added bonus, have masers strapped on their heads - that's right microwave lasers! But they escape, and this secret agent finds and sets the destruct button on all of their computers - that's right, they're Dells and it's the power buttons!

The marines show up and they have a shoot out while all the Dell's are going up in explosions! The secret agent the sleeps with the ex-hacker and we 're done.

Re:I almost admire them (0)

Anonymous Coward | more than 3 years ago | (#34124382)

Needs more "I'm inwincinble!".

Re:I almost admire them (0)

Anonymous Coward | more than 3 years ago | (#34124562)

My girlfriend is Latina and she is in no way well endowed, you insensitive clod!

Re:I almost admire them (4, Funny)

Anonymous Coward | more than 3 years ago | (#34124688)

This being Slashdot, the obvious reason is that you underinflated her...

Re:I almost admire them (2, Interesting)

noidentity (188756) | more than 3 years ago | (#34124152)

I hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from you. Everyone else is an AI, including me.

Re:I almost admire them (4, Funny)

Speare (84249) | more than 3 years ago | (#34124244)

I hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from you. Everyone else is an AI, including me.

What makes you feel like you must hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from me. Everyone else is an AI, including you?

Re:I almost admire them (1)

The Archon V2.0 (782634) | more than 3 years ago | (#34125138)

I hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from you. Everyone else is an AI, including me.

What makes you feel like you must hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from me. Everyone else is an AI, including you?

Wow. This explains why people keep typing racist and sexist posts just to see what response they get.

Re:I almost admire them (4, Insightful)

daremonai (859175) | more than 3 years ago | (#34124942)

the whole Slashdot site is a fake, designed to get insightful comments from you.

Ha! I've outsmarted you, then. My comments are never insightful!

Re:I almost admire them (1)

AltairDusk (1757788) | more than 3 years ago | (#34128696)

But I just read that everyone except me is an AI so your comments don't need to be insightful. Of course when you read his post you would interpret that I am an AI, so assuming he was stating the truth the only logical conclusion is that we are all AI's and thus the entire site is pointless!

Re:I almost admire them (0)

Anonymous Coward | more than 3 years ago | (#34131122)

Foiled.

Re:I almost admire them (1)

MRe_nl (306212) | more than 3 years ago | (#34124212)

Maybe they've unfrozen Boris Grishenko...
http://www.youtube.com/watch?v=0c0K5SZNvWc [youtube.com]

Do you think he might have served as a role model for some Russians?

On a more serious note, this just tells us
a: avoid/do not pay taxes.
b: don't trust people claiming to be the government.
c: delete all emails unopened.

so what's new?

Attack launched from a random email (2, Interesting)

digitaldc (879047) | more than 3 years ago | (#34123880)

The lesson is for people (including researchers) to be more skeptical of who is sending you email and what it contains.
If they had realized the email was fake and deleted it, this attack would not have worked.

The bad news about internet crime (3, Insightful)

QuantumBeep (748940) | more than 3 years ago | (#34123952)

The bad news about botnet operators, malware authors, and other black hats: they aren't stupid.

Re:The bad news about internet crime (3, Insightful)

Tridus (79566) | more than 3 years ago | (#34124020)

It's natural selection in action. We catch and punish the stupid criminals more often, which allows the smart ones to thrive.

Re:The bad news about internet crime (3, Insightful)

v1 (525388) | more than 3 years ago | (#34124100)

The bad news about botnet operators, malware authors, and other black hats: they aren't stupid.

And the worse news: we ARE

and that's why they're in business.

Re:The bad news about internet crime (1)

delinear (991444) | more than 3 years ago | (#34124420)

Not so much stupid (although I don't doubt a lot of people are), it's more that these attacks are so unrelenting, a person only needs to drop their guard once, at the wrong time, to get stung. It's pretty hard for even those aware of such attack vectors (such as researchers in the area) to be perpetually vigilant.

Re:The bad news about internet crime (3, Insightful)

Kjella (173770) | more than 3 years ago | (#34125084)

No, we're not. But the rest of us is busy trying to get things done, not play a battle of wits with black hats. It's another one of the time thieves that prevent people from actually performing work and earning money, that you just want to deflect with the least amount of hassle and cost. More often than not that's not about a head-to-head comparison, it's just about being a harder, lower profit than the rest.

I've talked to people working for rather large companies and in the end they are simply amoral. If they can increase profits by a million through lowering security so they make two million in extra income and lose one million to black hats, they don't care about the morality of it. Catching criminals is really only relevant if you can set examples that lead to fewer attacks which has a dollar value.

If it was all about security we'd all be running OpenBSD and those who made Acrobat Reader would be put to the wall and shot. That is not how the world works, even for us regular users it's about usabilty and "good enough" security. Not that I like to have my computer hacked and my identity stolen, any more than I want a burglar to rob me. But I don't live in a bunker with vault doors either.

Re:The bad news about internet crime (1)

Domint (1111399) | more than 3 years ago | (#34126256)

. . . it's about usabilty and "good enough" security . . .

If I had any mod points, I'd give 'em to you for this comment alone. Security is not about actually being impervious to attack. It's about making yourself or your assets appear to be a less-than-appealing target to hopefully force any would-be "villain" to chase after lower-hanging fruit. If someone is seriously gunning for something you have they'll find a way to get it, regardless of the barriers presented.

Re:The bad news about internet crime (0)

Anonymous Coward | more than 3 years ago | (#34126088)

Yes and no. They named the directory 'fake admin'. That was really stupid. Had it just been named admin, it may have take longer for people to notice that it is a fake interface.

Re:The bad news about internet crime (1)

RightSaidFred99 (874576) | more than 3 years ago | (#34126394)

Nor are they geniuses. The professionals arrayed against them will always win. It's simple, really. If you were that good you wouldn't be a criminal.

Nowadays they can write big malware in high level languages, none of what they're doing is that hard especially considering most of them don't spread by obscure exploits in the OS but instead by "Durr, run this and watch the cool video of the cat dressed as a sheep!" type mails with dumb users actually running it.

Seriously, if you can just get 100k people to run a program you send them, developing malware is easy shit.

Common security tactic, reversed use... (3, Insightful)

thijsh (910751) | more than 3 years ago | (#34123964)

So, you could call this a researcher honeypot... and apparently these guys got caught with their hand in the honey. Is it really a surprise after this tactic has been used by security researchers for over a decade?

Re:Common security tactic, reversed use... (1)

rakuen (1230808) | more than 3 years ago | (#34124254)

Well, in a way, yes. You see, the timing is key in something like this. We haven't heard of other botnets doing this in the past. A solid reason for this is you lose the element of surprise. Once you recognize something can occur, you tend to plan for its occurance better. Because this reverse honeypot hasn't really been done before, the Zeus authors managed to gather a quantity of data from researchers that they can use to further improve their botnet, not to mention rival botnets. Had it been done before, the trap would have been much less successful, if it wasn't just at the top of the list of things to check for and circumvent.

Re:Common security tactic, reversed use... (1)

thijsh (910751) | more than 3 years ago | (#34124472)

It might have been done before and never been detected... But you are right, the security researchers would now know to check. But then again any good security researcher would only touch the malware with a 10 foot insulated pole to begin with.

Re:Common security tactic, reversed use... (1)

rakuen (1230808) | more than 3 years ago | (#34124686)

Well, I see them with an obvious problem in this case. You'd definitely want to gather information on this in a closed environment. Unfortunately, unless you can manage to create a botnet of your own, you're going to have to connect to the Internet eventually to try to harvest data, especially practical data. Bang. You're done.

Of course, I'm no security expert, but that's just the way I see it.

Re:Common security tactic, reversed use... (1)

thijsh (910751) | more than 3 years ago | (#34124910)

Isolated VMs can have an isolated uplink too... No need to expose any systems or data.

Re:Common security tactic, reversed use... (1)

rakuen (1230808) | more than 3 years ago | (#34125068)

But that would still expose the isolated VMs and whatever data might be on them, correct? I mean, if the program on the VM is collecting data, which seems to be the case, then even with an isolated uplink, that data is still available.

Re:Common security tactic, reversed use... (1)

gsslay (807818) | more than 3 years ago | (#34126432)

If you RTFA you'd see we have no idea how many they caught by this trick, but it wasn't "these guys". They didn't get caught. If they had got caught they'd probably not know it, and wouldn't be in a position to tell anyone about it. That's how honeypots work.

So really the more accurate title for this article would be "Zeus Attackers Tried To Turn the Tables On Researchers". Which isn't nearly as clever.

Let me get this straight... (4, Funny)

Mister Fright (1559681) | more than 3 years ago | (#34123998)

So, you can't trust software from malware vendors?

Re:Let me get this straight... (1)

a_n_d_e_r_s (136412) | more than 3 years ago | (#34124432)

Correct this shows you can't trust software from anyone who makes software for purely commercial interests with closed source.

Stick to free software.

Re:Let me get this straight... (1)

Cro Magnon (467622) | more than 3 years ago | (#34129098)

Actually, I tend to trust the malware vendors more than I do the anti-malware vendors *cough*Norton*uncough*

Microsoft wont whack you and your family if... (0, Troll)

Rivalz (1431453) | more than 3 years ago | (#34124182)

If your project fails to meet standards, deadline, or perform acceptable you might end up in a hole in the ground.
At microsoft I'd imagine you could stare at a picture of steve ballmer for 8hrs a day and get employee of the month.

Seriously? (1)

julian-lam (1797678) | more than 3 years ago | (#34125818)

Oh, come on! What kind of hacker, ESPECIALLY the ones who work on the Zeus botnet code, would let a string go unescaped? It's even a login string, and that's step 1 in learning to stop SQL injections. What's more depressing is that the security researchers actually thought they could get in via sql injection. Wow.

Re:Seriously? (1)

gsslay (807818) | more than 3 years ago | (#34126486)

What security researchers? RTFA. It just says that this is what the fake admin panel was designed to do. No one is saying that it fooled anyone.

Something I'd Love To See (1)

The Wild Norseman (1404891) | more than 3 years ago | (#34127210)

Scanning Corporation now, please wait...

Scanning...

Scanning...

There have been 6,553 profit(s) found in your Coporation today!  Congratuations!

Click now to give an automatic bonus to the software engineers who work for Corporation!

Note:  It is strongly recommended to perform this Scan on a regular basis and by clicking above, you have agreed to perform this Scan every week.

It didn't work (2, Insightful)

Bob-taro (996889) | more than 3 years ago | (#34127326)

From the article, it sounds like the honeypot was only discovered after the REAL botnet was pwned. I don't see any claim that it worked. The article says potential targets of the honeypot were researchers and competitors. I suspect the primary target was competitors. The researchers surely know they are likely being monitored and to treat anything they find with suspicion.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...