decoration decoration
Stories

GROKLAW
When you want to know more... 		decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.

You won't find me on Facebook

Donate

Donate Paypal

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments

Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Trojans and Spam
Saturday, February 21 2004 @ 07:52 AM EST

Some interesting developments on the spam-malware front. First, c't has an interesting bit of news, which Jeroen Roovers has translated for us from the German. Virus writers are in the business of selling IP addresses of captured zombie computers. c't reports on some specific instances where some arrests have just been made.

It may motivate those using Windows computers to make sure that they are not infected with trojans, including MyDoom, when you learn that the authors of malware harvest your IP address and then sell it to spammers, who then use your computer to send illegal spam or for other loathesome uses.

Here is the translation of the c't article:

*******************************************************

Uncovered: Trojans as Spam Robots

c't has gathered evidence that virus writers are selling the addresses of computers infected with trojans to spammers. The spammers use the infected systems to illegally distribute commercial e-mail messages -- without the knowledge of their owners. Furthermore, the network of trojans forms a powerful tool which the distributors of the viruses can use to, for example, launch distributed DoS attacks.

With the help of c't, a student of computer science has tracked down the authors of a computer virus. The editorial staff were able to establish contact with the virus distributors and buy IP addresses of infected machines. Because one of the virus distributors has been located in Great Britain, c't has passed on all information to Scotland Yard. By now, individuals in several countries have been arrested.

In this case, a trojan was installed on thousands of computers with the help of the virus "Randex". This small program contacted its "master" through the chat protocol IRC. From its master it received commands to for example look for CD keys of games, launch SYN Flood attacks from the infected machine or secretly load additional software. This way, the trojan was also able to install a SOCKS proxy server which can be used to relay spam through the infected PCs. The virus also infects local subnets using the Windows Directory Service.

In an interview with c't, an investigating officer of Scotland Yard commented: "We fear that this is just the beginning. In the case in question, the authors and distributors of the viruses already no longer do their work just for fun or ego. The scene is becoming more professional and has recognised how much money can easily be gained illicitly this way."

You can find an article about the investigation in today's broadcast of c't magazin.tv. In the coming edition of c't, you can find a detailed description of the events (available in shops from Monday, February 23).

*******************************************************

In other news, Earthlink is bringing suit against 16 people and businesses, a group of spammers called the Alabama Group, described by Earthlink as "the most professional and technologically sophisticated group of e-mail spammers that EarthLink says it has ever encountered." Mostly they used stolen credit cards, allegedly, to open fraudulent accounts, and each account sent spam:

"'They co-located computer equipment at a tiny Alabama ISP,' Wellborn said. 'Then they set it up in such a way that the e-mailer could remotely contact that equipment and cause it to dial in to EarthLink' to send spam."

In one case, a zombie computer was used to send spam, and it's the first case I've seen where an ISP is suing a spammer for remotely using someone else's computer to send spam. There could be more than just civil penalties, obviously. The new CAN-SPAM law has severe penalties, up to 5 years in jail, plus fines, and that's for comparatively minor offenses like using a phony address, plus possible loss of any personal or real property associated with the act of spamming. If a spammer harvested email addresses off the Internet, or used a computer program to randomly generate them, these are considered "Aggravated Violations" which can triple the fines. This isn't even starting on the analysis of what a spammer is facing for stealing credit cards, using someone else's computer without their knowledge, etc.Here is a Wired article on spammers grabbing computers for their own use. So, evidently this is the new thing when it comes to spam, and it is what MyDoom is being used for.

Here is another article on the new phenomenon, which has come about because open relays have pretty much been closed down, and that left spammers looking for a new way to spew out the email you don't want:

"Any Internet-connected computer could be running a proxy spam relay, but most of the malicious programs are written specifically for PCs that run Windows.

"In the past, some spammers had sought out and exploited Internet-connected computers with misconfigured networking software. The latest and growing threat is code purposely written to create spam relay proxies as it is spread by malicious viruses.

"'It's just going to get worse,' said Ken Schneider, chief technology officer at spam-filtering company Brightmail Inc. 'Traditionally, virus writers were driven more by reputation and trying to impress each other. Now there's an economic motive.'

"Just last week, a proxy program called Mitglieder began installing itself on computers infected by last month's Mydoom outbreak, said Mikko Hypponen, manager of antivirus research at F-Secure in Finland. He said such programs can also sneak in if computer owners fail to install patches to fix known Windows flaws.

"The shift in spamming methods even prompted the Federal Trade Commission to issue a consumer alert last month. The advisory encouraged consumers to use antivirus and firewall programs and to check 'sent mail" folders for suspicious messages.'

  


Trojans and Spam | 329 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Good
Authored by: PJ on Saturday, February 21 2004 @ 08:14 AM EST
Because your comment has nothing to do with the story, for one thing,
and because you have been posting a number of very nasty comments,
and I'm tired of it.

This isn't a story about crackers and pirates. The law has to do with
spammers.

This is a moderated board. Off topic gets deleted. I will leave this up
long enough for you to read it and then your comment will be deleted
again, for the third time.

[ Reply to This | # ]

Trojans and Spam
Authored by: Anonymous on Saturday, February 21 2004 @ 08:18 AM EST
What was nasty about that? Moderation is suppressing the voices of others, I
thought Linux was about being "open" especially if it doesn't include
profanity or other insults, which I did not.

[ Reply to This | # ]

Trojans and Spam
Authored by: MacUser on Saturday, February 21 2004 @ 08:43 AM EST
Valuable forums have been destroyed by unmoderated posting or trolling.
This is an attack on free speech, and it is hypocritical to invoke freedom of
speech to defend it. Moderation, as seen on this site, is an exercise of
editorial responsibility, not censorship IMHO.

[ Reply to This | # ]

Nothing will motivate many users
Authored by: freeio on Saturday, February 21 2004 @ 08:53 AM EST
Sigh...

There is often expressed a yearning for the day when common computer users will
learn the lessons of software hygiene, but that is misplaced hope. It is much
as you see out on the highway. There are always those who figure that driving
rules and common courtesey do not apply to them. There are also always new
drivers who have yet to see why they ought to drive defensively. There are
always those who figure that they are smarter, better, and inherently less
accident prone than they really are. The computer using population is no
different.

We can hope for a statistical change, in that the average user will improve. We
can hope for a technoogical change that will render the threat obsolete. We can
individually act responsibly. However, as long as susceptible software is the
common choice, and as long as the naive use it, there will always be a large
number of potential systems to trojan.

Bear in mind that this extends not just to individual users but to businesses as
well, I worked in a small company for a while where the boss-of-all-bosses
insisted upon certain software and network features which virtually guaranteed
the possibility of repeated infections. He was wrong, he was the boss, he
signed the paychecks, and he got his way.

---
Tux et bona et fortuna est.

[ Reply to This | # ]

More spam news
Authored by: MathFox on Saturday, February 21 2004 @ 08:55 AM EST
I have found this USA today story about how spammers increasingly use "zombie computers" as proxies for sending spam.

---
MathFox gets rabid from SCO's actions.

[ Reply to This | # ]

Trojans and Spam
Authored by: Anonymous on Saturday, February 21 2004 @ 09:07 AM EST
I'd read that this was a great site for news on the SCO case. But this is just
another Linux advocacy site, no?

Looks like just another bunch of Linux kooks from here.

[ Reply to This | # ]

Trojans and Spam
Authored by: Anonymous on Saturday, February 21 2004 @ 09:12 AM EST
If ISPs would start blocking outgoing port 25 connections and force users to go
through one SMTP server owned by the ISP, we could almost eliminate the spam
sent by these compromised machines. They should set up filters that log large
amounts of traffic on outgoing port 25, send e-mail to an administrator, then
block all connectivity for that customer and wait for them to call into the
ISP's support. When the customer calls in with no Internet access, the ISP can
tell them they're probably infected with a trojan and are sending out spam.

I wonder if you could also monitor or block the inbound or outbound traffic
generated by the trojan itself.

[ Reply to This | # ]

Trojans and Spam
Authored by: Anonymous on Saturday, February 21 2004 @ 09:29 AM EST
This is definitely a proLinux, antiSCO site.

But there is good reason for such. Open source, indirectly, is tied to the
freedom of mankind. There is a force in the world, namely those that pursue
money, who wish to see your God given right to donate what you create, whether
its original or a clone, to a community that has 'signed' a social contract that
states if you use what I created or enhanced, you too will contibute your
changes if you distibute it to others.

Please reread what I just wrote until you can grok what I'm trying to say. The
said force doesn't care about you, or your rights, or what is right. They
mostly care about how it affects their pocket books.

If the plain truth isn't evident to you, please look at the history of the
world, the presense of today, and the path we are following. Mankind has only
two chances to free themselves from a point of being a slave to society and the
society masters, to the point of being born an individual and living as a person
and not as a resource.

The first chance is open source. We share and in return we all reap the
benefits of what we know, discovered, and improved as a collective. And
indirectly, it gives each individual a voice to say something important,
something that benefits man now and in the future.

The second chance is when man reaches for the stars and distance and time will
free those that escape from the sphere of influence that society and its society
masters hold over individuals. As you will note, that won't be for a long,
long, long time.

So stand now, and take the future by the hand and lead it down the path that
benefits man, not just a few men.

In the end, this is about SCO, a group of weiners that may have had a point in
the beginning, now demonstrates that a few men wish to parasite off the many.

[ Reply to This | # ]

Trojans and Spam
Authored by: The Mad Hatter r on Saturday, February 21 2004 @ 09:34 AM EST
I've just finished reading all of the articles on SPAM zombies. None of the
articles mention that it's only Windows computers that can be used that way. The
introduction to the article tries to hide this. In the body Windows is
mentioned, but there is NO mention that only Windows is vulnerable this way, or
that GNU/Linux, BSD, OSX, OS2, and other operating systems are difficult if not
impossible to infect.

There are two possible reasons for this:

1) The writer is unaware of other operating systems

2) The news organization does not want to annoy an advertiser.

I'm in the process of making contact with one of the writers, and I'm going to
try and get them to write a story about how non-Microsoft operating systems are
safe against this type of problem, and why.

I'll let everyone know of the results.



---
Wayne

telnet hatter.twgs.org

[ Reply to This | # ]

Trojans and Spam - the client
Authored by: MathFox on Saturday, February 21 2004 @ 10:18 AM EST
When I mentioned the Heise story to a friend who is active as spam-fighter (and prefers to remain anonymous for that reason), he spontaniously mailed me back that he could have been the client program of the scam:
Somewhere on my PC there must be a Windows program that works on the other side. You make an email and enter a database with addresses and then it makes contact with a secure http connection that produces IP addresses of open proxies. You pay for a number of emails or proxies.

Very scary tool... I did run it for 15 seconds and got 10 open proxies or so. The makers offered test accounts for free.

Scary story!

---
MathFox gets rabid from SCO's actions.

[ Reply to This | # ]

Spammers...... Money
Authored by: Stumbles on Saturday, February 21 2004 @ 10:42 AM EST
You know, spammers don't write viruses, trojans and worms
because they are
bored. Obviously, at least to me money is if not the
only motivator it is at
least near the top of their reasons.

[ Reply to This | # ]

UMMMM ... last time I checked....
Authored by: savage on Saturday, February 21 2004 @ 11:19 AM EST
Last time I checked, this was PJ's site. As such I would expect her to do whatever she wants here. If she wants to post ....ahhh say say something outragous like pics of monkeys having sex, thats her perogitive to do so. If you want to say something different, go start up your own web site DUH!! I don't allow people to come into my home and be rude, crude, or socially unacceptable. If they wish to act that way , there is plenty of free speech out on the street. I have seen several people present dissenting views to the to whatever topic is under discusion and several followup posts under it battling out the pro's and cons of it. But all of it is ON TOPIC!! This site is so wonderful and informative because of P.J.'s tireless efforts. On this site P.J. is god ...er Godess, and even more wonderful is the fact that at least 95% of the people here would back her in all her decisions. That second statement is pretty amazing when you look at all the strange people that are interested in FOSS/open source/etc and realize that most cannot reach an agreement about witch side of a piece of toast to butter! ok.... I'm off my soapbox or I'll end up writing a book about this (it's one of my pet peevs :) )

---
Savage

[ Reply to This | # ]

Trojans and Spam
Authored by: pingdave on Saturday, February 21 2004 @ 11:22 AM EST
For you fellow Linux users out there, I stumbled on what looks to be a very good Web site on basic security techniques for Linux boxes: http://www.linux-sec.net/

I've read through most of it, and it helped me a lot. There is a free open port test too, which is handy. You put in your IP address, and it scans for open ports. My results came back correct: I have port 80 open (it redirects to a web server behind my firewall), and port 22 open for ssh. Everything else is turned off.

This is not an ad for them by any means, but Linksys makes some very easy to configure and use wireless access point / router / firewall combos that use embedded Linux. I've been very happy with mine. You just point a browser at the internal ip address (instructions are included) to configure the firewall and set up the wireless security protocols. Mine was under $100, and it has been running flawlessly for over a year :). Another excellent use for Linux. I highly recommend them for any home user (Linux, Windows, Mac, whatever) on a broadband connection.

Being secure means being informed, whatever OS you use.

[ Reply to This | # ]

Microsoft and everyones pain
Authored by: Anonymous on Saturday, February 21 2004 @ 11:46 AM EST
I don't know how long everyone has to endure everything
that's going on about viruses and weak security until
there's thought of a popular uprising against Microsoft.

How long has this been going on? And how many versions of
Windows have we been subjected to that, has been bug ridden,
virus prone and has been just a nightmare for IT professionals and programmers.

The business model of Microsoft has crushed any and all
competition that has even attempted to enter the market.

And everyone in the public and business world has just put
up with it.

I don't know if viruses and security would be an issue
if OS'es like OS/2 were around and popular, but who knows?

How many other choices we may have had over time that aren't
in the market place because of one cause, Microsoft's
monopoly.

And they have been declared a monopoly, another thing that
should just chaff everyone the wrong way, but is just
ignored even when they just start doing business as
usual.

The overall fact is, that their is just too little competition in the software
and OS market because of Microsft.

There is a provasive and giant problem with security,
because of Microsoft.

There has been very good software products and companies
that have gone down the drain because of Microsoft.

Microsoft is not an inovator they are a destoyer.

Sort of like the crack dealer that sells you really good
crack, you know it's a good product in some ways, but
it will kill you sooner or later.

[ Reply to This | # ]

Trolls...
Authored by: Anonymous on Saturday, February 21 2004 @ 11:59 AM EST
Suggestion: Trolls thrive on us giving them attention. I am of the opinion that
if you, PJ, simply delete his/her comments without any further discussion, the
troll will get bored and be on his/her way.

[ Reply to This | # ]

  • Trolls... - Authored by: maco on Saturday, February 21 2004 @ 12:29 PM EST
    • Trolls... - Authored by: TrentC on Saturday, February 21 2004 @ 02:32 PM EST
Trojans and Spam
Authored by: ErichTheWebGuy on Saturday, February 21 2004 @ 12:03 PM EST
" It may motivate those using Windows computers to make sure that they are
not infected with trojans"

Err, shouldn't that read:

" It may motivate those using Windows computers to switch to a different
operating system"

OK, just kidding :)

---
Striving daily to be RFC-2550 compliant

[ Reply to This | # ]

OT new articles.
Authored by: Anonymous on Saturday, February 21 2004 @ 01:37 PM EST
New ZDNET article article that seems to understand most of the points.

Still seems to be confusing oldSCO and podSCO though.

[ Reply to This | # ]

Trojans and Spam
Authored by: Anonymous on Saturday, February 21 2004 @ 01:58 PM EST
"check 'sent mail" folders for suspicious messages."

Hehe, the FTC guys definitely don't know that these viruses use their own SMTP
service, so they don't really rely on Outlook either. You won't notice anything
in the sent mail folder, but you might notice open sockets using netstat.

[ Reply to This | # ]

Trojans and Spam
Authored by: Anonymous on Saturday, February 21 2004 @ 02:11 PM EST
I'm a little confused about the legal issues descirbed in this article.
...gathered evidence that virus writers are selling the addresses of computers infected with trojans to spammers.

surely gathering address is not illegal? If there is clear evidence that the person gathering the addresses of infected machines wrote a virus, is that alone enough to be cause for legal action. IANAL but as I see it, writing code is not illegal in itself. Distributing the code on the net is.

As for selling this list, well in today's society almost anything will be purchased. The mere act of selling this information does not, to me, appear to be a crime. Blueprints of banks are openly available, but because it may be used to commit a crime does not make the selling of these articles illegal.

Clear evidence would need to be seen that the individuals, or companies that purchased these lists actively compromised the computers listed. Then, I have no problem with arrests, fines, imprisonment, whatever is appropriate to the level of the criminal activity.

I see no crime in gathering the addresses. I have on occasion, scanned computers that have attempted to intrude in my domain, and have ended up with small lists of infected computers (but that information is not for sale or distribution, it is only research on intrusion methods not previously detected for the purpose of internal security). AFAIK, the courts have decided that mere scanning for open ports is not a crime.

But what if I did sell a list to someone - does that in itself constitute criminal activity. If I sold someone a car, and they used it to rob a bank, I am not liable. What makes this different?

I have no love for virus writers and spammers, but that is insufficient cause to violate their rights.

[ Reply to This | # ]

Way to check if my machine is a zombie?
Authored by: Thomas Frayne on Saturday, February 21 2004 @ 02:35 PM EST
I don't think it is, but I'd like to be sure.

[ Reply to This | # ]

Paypal spoof
Authored by: Anonymous on Saturday, February 21 2004 @ 03:13 PM EST
Hi

I am currently receiving a Paypal spoof mail several times a day.

Basically its a way of harvesting creditcard numbers by luring people too key in
information, in what they think is a Paypal form. I think various versions of
this has been circulating for the last 4-5 months.

The mail itself looks authentic, and all links but one, points to Paypal own
site.

The form can be found here: http://210.78.22.113/verify.html

I think its a clear sign, that its not just a bunch of boys playing, but rather
that IT-crimes has turned into organized crime.

[ Reply to This | # ]

OT: $echo
Authored by: Anonymous on Saturday, February 21 2004 @ 04:07 PM EST
Quote from vnunet.com re $echo

But SCO has been quick to try and play down the newsletter's significance.

Blake Stowell, SCO's director of public relations, told vnunet.com: "An
article by itself in a newsletter does not in one fell swoop change the legal
terms of the licences that are held between a company and its licensees.

endquote

No, it does not change the legal terms but it does go a long way to explaining
them and clarifying them.

It helps us to understand the intent behind the license terms.

SCO has failed to explain why we should ignore such a clear, explicit statement
of intent on the part of AT&T.

[ Reply to This | # ]

  • OT: $echo - Authored by: Anonymous on Saturday, February 21 2004 @ 04:37 PM EST
Trojans and Spam
Authored by: Anonymous on Saturday, February 21 2004 @ 04:50 PM EST
The single biggest roadblock to a more secure Internet is user training.

Most users have no clue about information security and really could care less.
By and large people just turn the box on and use it.

Computer users do not realize that computers, like cars, require proper setup
and maintenance. Computers, again, like cars, are not commodities. There is a
life cycle cost to both.

Hence, until the absymal lack of user training is rectified there shall be more
-- not less -- trojan, worm, virus and spam attacks.

krp

[ Reply to This | # ]

An "interesting" report
Authored by: DaveWalley on Saturday, February 21 2004 @ 05:16 PM EST
There's a new thread on Slashdot here discussing a recently published report covered in a Macworld article here.

The actual report is available from mi2g for a price of £29-38 (about 50 USD).

These results are being presented as "Linux is the least secure OS, much worse than Windows".

There's plenty of scope for discussion of how to sensibly interpret the figures quoted from the report. For example, apparently "automated" attacks (like viruses, worms, malware, etc) are excluded, and only manual cracking is included.

However, it does reinforce the fact that keeping a computer secure requires hard work for any Operating System - adopting Linux is not a "magic solution" unless you keep working on it.

[ Reply to This | # ]

Trojans and Spam
Authored by: innot on Saturday, February 21 2004 @ 05:47 PM EST
I read the c't article a few hours ago. Didn't think it make groklaw headlines, or I would have posted earlier.

For those who haven't heard of c't, it is one of the best computer magazines in the world. So those who can, get it on monday when it hits the shops.

Here is a short summary on how they found the virus writers:

  • Computer Engineering student removes the Randex virus from a friends computer and disassembles out of curiosity.
  • Student finds the, only lightly encrypted, name of the dynDNS IRC server, that gets contacted by the virus.
  • Reverse lookup of the IP address of that IRC server gives a real domain name and a domain owner
  • Some googleing shows that this owner is also one of the developers of the IRC server software and one of his development buddies is into C&C: Generals, whose CD-Keys the virus tried to steal.
  • Student finds the owner on IRC, and after some social engineering the owner basically admits that he has created the virus.
  • At that point the student contact c't, who in turn contact Scotland Yard and from there it goes to the FBI.
  • As the international inverstigations take some time, they contact the virus writers, this time acting as interested customers and they manage to get a "24h try-out list" of all computers owned by the virus for 150 USD (paid by Western Union).
  • They get a list of some 52.000 IP addresses of infected computers, of which about 10.000 were still valid.
  • The virus writers wanted 28.000 USD per month to "rent" all infected computers, for example to use them as Spam proxies. They say that they already have some customers
  • Virus writers get arrested in mid february.

Some other interesting information from the article. Apparently an owned computer is worth about 1 USD to a spammer, so with tens of thousands or even millions of infected computers, there is lots of money involved.
And the Anti-Virus Software Companies, disassembling the virus themself, had enough information to find the source of the virus, but did nothing. But why should they? Every virus writer means more potential customers

Again, if you have a chance to read the full article, it makes for an interesting read.

Greetings from Germany,
thomas

[ Reply to This | # ]

Even MS will not be immune
Authored by: freeio on Saturday, February 21 2004 @ 06:51 PM EST
Something tells me that the problem will get no better even if MS does their
"trusted (by them) computing" thing. They have this miserable track
record of putting in special back and side doors for their own applications, and
those will somehow survive and provide all the entry points needed.

Let's face it, user convenience and security are not entirely compatible. In
fact they may never be compatible at all.

My hope is for some other type of technological trick as opposed to the
palladium trap. That cure is worse than the disease.

---
Tux et bona et fortuna est.

[ Reply to This | # ]

White hat buys IP addresses
Authored by: technoCon on Saturday, February 21 2004 @ 07:20 PM EST
let's suppose there is a black market for IPs of zombied machines. Suppose
further that a white-hat pretend s/he's a spammer, buys the list, and uses that
list to build block lists and draft polite letters to those upstream thereof
that their lusers have been screwed over.

and what's to prevent some law enforcement bunch to pretend to be a spammer
buying these lists go get evidence against the malware author and IP list
distributor. surely this sounds like racketeering to me.

finally, what's to prevent some enterprising ambulance-chaser from buying a list
of IP addresses, and filing a class action law suit against the Dark Lord on
behalf of the class of lusers whose machines have been damaged by the negligence
which enabled the infection in the first place.

I like the 3rd alternative best.

[ Reply to This | # ]

But who should we blame for Trojans?
Authored by: Fredric on Saturday, February 21 2004 @ 08:01 PM EST
First I want to state that I am not a security expert or expert on viruses and that I have never used Outlook. This means that I could be wrong here and if that is the case, please point it out. I don't mind looking stupid (well... maybe a little) as long as I learn something.
If I understand this correctly there is a vast difference between Trojans and Viruses.
  • The latter, a virus, "infects" a computer by exploiting a security hole on the OS or an application related to it.
  • The former, a Trojan, exploits the gullibility (some may say stupidity) of the user by mailing him/her an executable and trick him/her into executing it. ("click here to get free sex for two years".... right!)

And MyDoom and most other recent "viruses" where actually trojans (and this is where I could be dead wrong). This means that the user must cooperate with the trojan to make it effective and this, to me, makes the user at fault here, at least to some degree.

What makes me so confused is that nobody seem to notice this fact. Sure, Microsoft could do better, but so could the users. So why does not all articles about viruses and trojans contain a warning that says: "do not click on attachments!"?

And another question: If these infected computers can be made do whatever they are told, can't some skilled programmer send them instructions to remove the trojan? (But I guess I am not the first to suggest this).

---
/Fredric Fredricson

[ Reply to This | # ]

Trojans and Spam and the BBC
Authored by: kh on Saturday, February 21 2004 @ 08:23 PM EST
Interesting article which I don't want to read because it's very expensive!!
Perhaps someone who reads this can tell us something about it?
http://www.mi2 g.net/cgi/ mi2g/frameset.php?pageid=http%3A// www.mi2g.net/cgi/mi2g/press/190204 _2.php

London, UK - 6 February 2004, 13:45 GMT - The British Broadcasting Corporation's (BBC) online article "Linux cyber-battle turns nasty" by Stephen Evans suggests that "internet zealots who believe that code should be free to all (open source)" are more than likely to have created and launched the MyDoom malware because they hold a grudge against The SCO Group. This has evoked a large, angry response from the Linux user community as if a religious shrine had been desecrated. However, there may well be some truth and worthy analysis in BBC's perspective. (emphasis mine)

[ Reply to This | # ]

Trojans and Spam: a legislative possibility
Authored by: pythonista on Saturday, February 21 2004 @ 09:01 PM EST
If it was common knowledge that your neighbor kept a gun in an unlocked garage,
and it was stolen and used in commission of a crime, wouldn't you hold him
partly to blame? That's the case with spam, worms and viruses. Certainly,
software errors and hackers are to blame, but the millions of users who do not
fix known problems are also at fault. That should be deemed an offense, and
actually getting hacked should be an even more serious one. Compare this to DUI
being a crime in order to deter the worse event of vehicular manslaughter.

I think that running a known vulnerability more than 30 days after a fix is
available should be cause for disconnection from the internet, and running an
infected computer be subject to a substantial fine. You can argue that it
doesn't solve the problem of infected overseas computers, but by creating
effective legislation, the U.S. could set an example for other countries to
follow.

[ Reply to This | # ]

English version available at Heise
Authored by: haro on Sunday, February 22 2004 @ 07:33 AM EST
Heise online have an english version available.

We inhabit a Hofstadter world - Groklaw is mentioned.

[ Reply to This | # ]

Trojans and Spam
Authored by: Alastair on Sunday, February 22 2004 @ 07:04 PM EST

There is a certain irony in c't talking about “virus writers” in the third person. During the era of the 16-bit micros, c't helpfully published the complete, annotated, source code for two viruses that ran on the Atari ST, thus advancing the cause of virus writers everywhere.

Of course, that was way back in 1988… I'm sure they wouldn't be so irresponsible these days.

(For those with an interest in the history of computing, the viruses in question were the Milzbrand link virus and a virus only known as the c't virus, after its origins.)

[ Reply to This | # ]
Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details ) 		Site layout based on Woodlands theme by Bryan Bell.
Groklaw logo by John Crowley.
News Picks logo by Ted Thompson.
Powered By GeekLog
Created this page in 0.06 seconds