|
Trojans and Spam |
|
Saturday, February 21 2004 @ 07:52 AM EST
|
Some interesting developments on the spam-malware front. First, c't has an interesting bit of news, which Jeroen Roovers has translated for us from the German. Virus writers are in the business of selling IP addresses of captured zombie computers. c't reports on some specific instances where some arrests have just been made. It may motivate those using Windows computers to make sure that they are not infected with trojans, including MyDoom, when you learn that the authors of malware harvest your IP address and then sell it to spammers, who then use your computer to send illegal spam or for other loathesome uses.
Here is the translation of the c't article:
*******************************************************
Uncovered: Trojans as Spam Robots
c't has gathered evidence that virus writers are selling the addresses of computers infected with trojans to spammers. The spammers use the infected systems to illegally distribute commercial e-mail messages -- without the knowledge of their owners. Furthermore, the network of trojans forms a powerful tool which the distributors of the viruses can use to, for example, launch distributed DoS attacks.
With the help of c't, a student of computer science has tracked down the authors of a computer virus. The editorial staff were able to establish contact with the virus distributors and buy IP addresses of infected machines. Because one of the virus distributors has been located in Great Britain, c't has passed on all information to Scotland Yard. By now, individuals in several countries have been arrested.
In this case, a trojan was installed on thousands of computers with the help of the virus "Randex". This small program contacted its "master" through the chat protocol IRC. From its master it received commands to for example look for CD keys of games, launch SYN Flood attacks from the infected machine or secretly load additional software. This way, the trojan was also able to install a SOCKS proxy server which can be used to relay spam through the infected PCs. The virus also infects local subnets using the Windows Directory Service.
In an interview with c't, an investigating officer of Scotland Yard commented: "We fear that this is just the beginning. In the case in question, the authors and distributors of the viruses already no longer do their work just for fun or ego. The scene is becoming more professional and has recognised how much money can easily be gained illicitly this way."
You can find an article about the investigation in today's broadcast of c't magazin.tv. In the coming edition of c't, you can find a detailed description of the events (available in shops from Monday, February 23).
*******************************************************
In other news, Earthlink is bringing suit against 16 people and businesses, a group of spammers called the Alabama Group, described by Earthlink as "the most professional and technologically sophisticated group of e-mail spammers that EarthLink says it has ever encountered." Mostly they used stolen credit cards, allegedly, to open fraudulent accounts, and each account sent spam: "'They co-located computer equipment at a tiny Alabama ISP,' Wellborn said. 'Then they set it up in such a way that the e-mailer could remotely contact that equipment and cause it to dial in to EarthLink' to send spam." In one case, a zombie computer was used to send spam, and it's the first case I've seen where an ISP is suing a spammer for remotely using someone else's computer to send spam. There could be more than just civil penalties, obviously. The new CAN-SPAM law has severe penalties, up to 5 years in jail, plus fines, and that's for comparatively minor offenses like using a phony address, plus possible loss of any personal or real property associated with the act of spamming. If a spammer harvested email addresses off the Internet, or used a computer program to randomly generate them, these are considered "Aggravated Violations" which can triple the fines. This isn't even starting on the analysis of what a spammer is facing for stealing credit cards, using someone else's computer without their knowledge, etc.Here is a Wired article on spammers grabbing computers for their own use. So, evidently this is the new thing when it comes to spam, and it is what MyDoom is being used for. Here is another article on the new phenomenon, which has come about because open relays have pretty much been closed down, and that left spammers looking for a new way to spew out the email you don't want: "Any Internet-connected computer could be running a proxy spam relay, but most of the malicious programs are written specifically for PCs that run Windows.
"In the past, some spammers had sought out and exploited Internet-connected computers with misconfigured networking software. The latest and growing threat is code purposely written to create spam relay proxies as it is spread by malicious viruses.
"'It's just going to get worse,' said Ken Schneider, chief technology officer at spam-filtering company Brightmail Inc. 'Traditionally, virus writers were driven more by reputation and trying to impress each other. Now there's an economic motive.'
"Just last week, a proxy program called Mitglieder began installing itself on computers infected by last month's Mydoom outbreak, said Mikko Hypponen, manager of antivirus research at F-Secure in Finland. He said such programs can also sneak in if computer owners fail to install patches to fix known Windows flaws.
"The shift in spamming methods even prompted the Federal Trade Commission to issue a consumer alert last month. The advisory encouraged consumers to use antivirus and firewall programs and to check 'sent mail" folders for suspicious messages.'
|
|
Authored by: PJ on Saturday, February 21 2004 @ 08:14 AM EST |
Because your comment has nothing to do with the story, for one thing,
and because you have been posting a number of very nasty comments,
and I'm tired of it.
This isn't a story about crackers and pirates. The law has to do with
spammers.
This is a moderated board. Off topic gets deleted. I will leave this up
long enough for you to read it and then your comment will be deleted
again, for the third time.[ Reply to This | # ]
|
- Good - but did C'T find a real author? - Authored by: Jan on Saturday, February 21 2004 @ 09:26 AM EST
- Good - Authored by: Anonymous on Saturday, February 21 2004 @ 09:51 AM EST
- In support of moderation - Authored by: PSaltyDS on Saturday, February 21 2004 @ 10:20 AM EST
- To PJ -off topic; I'm sorry - Authored by: Anonymous on Saturday, February 21 2004 @ 11:09 AM EST
- Good - Authored by: TerryL on Saturday, February 21 2004 @ 11:32 AM EST
- Good - Authored by: Anonymous on Saturday, February 21 2004 @ 12:06 PM EST
- Good - Authored by: J.F. on Saturday, February 21 2004 @ 12:38 PM EST
- Good - Authored by: Gerhard on Saturday, February 21 2004 @ 01:04 PM EST
- Good - Authored by: Anonymous on Saturday, February 21 2004 @ 07:58 PM EST
- Why? - Authored by: Anonymous on Sunday, February 22 2004 @ 12:13 AM EST
- Good - Authored by: Anonymous on Saturday, February 21 2004 @ 01:12 PM EST
- Good - Authored by: Anonymous on Saturday, February 21 2004 @ 01:35 PM EST
- Good - Authored by: haegarth on Saturday, February 21 2004 @ 01:48 PM EST
- Good - Authored by: Anonymous on Saturday, February 21 2004 @ 03:18 PM EST
- Threes days of the Condor - Authored by: Anonymous on Saturday, February 21 2004 @ 07:23 PM EST
- Moderation -> No Problem - Authored by: emmenjay on Sunday, February 22 2004 @ 02:44 AM EST
- Good - Authored by: Anonymous on Thursday, March 25 2004 @ 03:08 PM EST
|
Authored by: Anonymous on Saturday, February 21 2004 @ 08:18 AM EST |
What was nasty about that? Moderation is suppressing the voices of others, I
thought Linux was about being "open" especially if it doesn't include
profanity or other insults, which I did not.[ Reply to This | # ]
|
- Trojans and Spam - Authored by: PJ on Saturday, February 21 2004 @ 08:24 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:05 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:06 AM EST
- Freedom of speech - Authored by: jgb on Saturday, February 21 2004 @ 09:45 AM EST
- Freedom of speech - Authored by: Anonymous on Saturday, February 21 2004 @ 10:00 AM EST
- Freedom of speech - Authored by: Anonymous on Saturday, February 21 2004 @ 03:44 PM EST
- Trojans and Spam - Authored by: darthaggie on Saturday, February 21 2004 @ 12:41 PM EST
- Linux is heavily moderated - Authored by: Anonymous on Saturday, February 21 2004 @ 01:07 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 04:23 PM EST
- Trojans and Spam - Authored by: mdw on Saturday, February 21 2004 @ 04:37 PM EST
- Trojans and Spam - Authored by: J.F. on Saturday, February 21 2004 @ 07:31 PM EST
- "Open" does not mean anarchy - Authored by: Anonymous on Sunday, February 22 2004 @ 05:56 AM EST
- Moderation = guided discussions, not suppression! - Authored by: Tsu Dho Nimh on Monday, February 23 2004 @ 10:03 AM EST
|
Authored by: MacUser on Saturday, February 21 2004 @ 08:43 AM EST |
Valuable forums have been destroyed by unmoderated posting or trolling.
This is an attack on free speech, and it is hypocritical to invoke freedom of
speech to defend it. Moderation, as seen on this site, is an exercise of
editorial responsibility, not censorship IMHO. [ Reply to This | # ]
|
|
Authored by: freeio on Saturday, February 21 2004 @ 08:53 AM EST |
Sigh...
There is often expressed a yearning for the day when common computer users will
learn the lessons of software hygiene, but that is misplaced hope. It is much
as you see out on the highway. There are always those who figure that driving
rules and common courtesey do not apply to them. There are also always new
drivers who have yet to see why they ought to drive defensively. There are
always those who figure that they are smarter, better, and inherently less
accident prone than they really are. The computer using population is no
different.
We can hope for a statistical change, in that the average user will improve. We
can hope for a technoogical change that will render the threat obsolete. We can
individually act responsibly. However, as long as susceptible software is the
common choice, and as long as the naive use it, there will always be a large
number of potential systems to trojan.
Bear in mind that this extends not just to individual users but to businesses as
well, I worked in a small company for a while where the boss-of-all-bosses
insisted upon certain software and network features which virtually guaranteed
the possibility of repeated infections. He was wrong, he was the boss, he
signed the paychecks, and he got his way.
---
Tux et bona et fortuna est.[ Reply to This | # ]
|
|
Authored by: MathFox on Saturday, February 21 2004 @ 08:55 AM EST |
I have found this USA today story about how spammers increasingly use "zombie
computers" as proxies for sending spam. --- MathFox gets rabid from SCO's
actions.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 09:07 AM EST |
I'd read that this was a great site for news on the SCO case. But this is just
another Linux advocacy site, no?
Looks like just another bunch of Linux kooks from here.[ Reply to This | # ]
|
- Trojans and Spam - Authored by: blacklight on Saturday, February 21 2004 @ 09:36 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:50 AM EST
- Trojans and Spam - Authored by: Nurseman on Saturday, February 21 2004 @ 09:53 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 10:41 AM EST
- You might note all of the legal documents provided - Authored by: Anonymous on Saturday, February 21 2004 @ 11:03 AM EST
- Trojans and Spam - Authored by: digger53 on Saturday, February 21 2004 @ 11:06 AM EST
- Don't feed the trolls. -NT- - Authored by: Anonymous on Saturday, February 21 2004 @ 11:13 AM EST
- Trojans and Spam and Trolls - Authored by: rand on Saturday, February 21 2004 @ 01:02 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 02:33 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 03:50 PM EST
- And another content free TROLL (NT) - Authored by: Anonymous on Saturday, February 21 2004 @ 04:53 PM EST
- Trojans and Spam - Authored by: Jude on Saturday, February 21 2004 @ 06:28 PM EST
- sherlock! what was your first clue - Authored by: Anonymous on Sunday, February 22 2004 @ 09:26 AM EST
|
Authored by: Anonymous on Saturday, February 21 2004 @ 09:12 AM EST |
If ISPs would start blocking outgoing port 25 connections and force users to go
through one SMTP server owned by the ISP, we could almost eliminate the spam
sent by these compromised machines. They should set up filters that log large
amounts of traffic on outgoing port 25, send e-mail to an administrator, then
block all connectivity for that customer and wait for them to call into the
ISP's support. When the customer calls in with no Internet access, the ISP can
tell them they're probably infected with a trojan and are sending out spam.
I wonder if you could also monitor or block the inbound or outbound traffic
generated by the trojan itself.[ Reply to This | # ]
|
- Trojans and Spam - Authored by: BsAtHome on Saturday, February 21 2004 @ 09:21 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:23 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:35 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:38 AM EST
- Making outbound ports subscription only - Authored by: Anonymous on Saturday, February 21 2004 @ 09:44 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 10:00 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 12:14 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 12:45 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 12:21 PM EST
- Trojans and Spam - Authored by: Walter Dnes on Saturday, February 21 2004 @ 01:41 PM EST
- Block egress port 25 - Authored by: RT Alec on Saturday, February 21 2004 @ 06:21 PM EST
- Block egress port 25 - Authored by: rc on Saturday, February 21 2004 @ 07:09 PM EST
- Straw man - Authored by: Anonymous on Sunday, February 22 2004 @ 12:21 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 10:25 PM EST
- Please don't block port 25 - Authored by: Anonymous on Sunday, February 22 2004 @ 12:18 AM EST
|
Authored by: Anonymous on Saturday, February 21 2004 @ 09:29 AM EST |
This is definitely a proLinux, antiSCO site.
But there is good reason for such. Open source, indirectly, is tied to the
freedom of mankind. There is a force in the world, namely those that pursue
money, who wish to see your God given right to donate what you create, whether
its original or a clone, to a community that has 'signed' a social contract that
states if you use what I created or enhanced, you too will contibute your
changes if you distibute it to others.
Please reread what I just wrote until you can grok what I'm trying to say. The
said force doesn't care about you, or your rights, or what is right. They
mostly care about how it affects their pocket books.
If the plain truth isn't evident to you, please look at the history of the
world, the presense of today, and the path we are following. Mankind has only
two chances to free themselves from a point of being a slave to society and the
society masters, to the point of being born an individual and living as a person
and not as a resource.
The first chance is open source. We share and in return we all reap the
benefits of what we know, discovered, and improved as a collective. And
indirectly, it gives each individual a voice to say something important,
something that benefits man now and in the future.
The second chance is when man reaches for the stars and distance and time will
free those that escape from the sphere of influence that society and its society
masters hold over individuals. As you will note, that won't be for a long,
long, long time.
So stand now, and take the future by the hand and lead it down the path that
benefits man, not just a few men.
In the end, this is about SCO, a group of weiners that may have had a point in
the beginning, now demonstrates that a few men wish to parasite off the many.
[ Reply to This | # ]
|
|
Authored by: The Mad Hatter r on Saturday, February 21 2004 @ 09:34 AM EST |
I've just finished reading all of the articles on SPAM zombies. None of the
articles mention that it's only Windows computers that can be used that way. The
introduction to the article tries to hide this. In the body Windows is
mentioned, but there is NO mention that only Windows is vulnerable this way, or
that GNU/Linux, BSD, OSX, OS2, and other operating systems are difficult if not
impossible to infect.
There are two possible reasons for this:
1) The writer is unaware of other operating systems
2) The news organization does not want to annoy an advertiser.
I'm in the process of making contact with one of the writers, and I'm going to
try and get them to write a story about how non-Microsoft operating systems are
safe against this type of problem, and why.
I'll let everyone know of the results.
---
Wayne
telnet hatter.twgs.org
[ Reply to This | # ]
|
- Trojans and Spam - Authored by: PJ on Saturday, February 21 2004 @ 09:44 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 01:14 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 01:19 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 02:09 PM EST
- Trojans and Spam - Authored by: Anonymous on Sunday, February 22 2004 @ 12:30 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:49 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 09:58 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 10:01 AM EST
- Trojans and Spam - Authored by: cricketjeff on Saturday, February 21 2004 @ 10:13 AM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 11:27 AM EST
- http://www.eros-os.org - Authored by: Anonymous on Saturday, February 21 2004 @ 12:24 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 12:45 PM EST
- Trojans and Spam - Authored by: chrisbrown on Saturday, February 21 2004 @ 01:00 PM EST
- Trojans and Spam - Authored by: inode_buddha on Saturday, February 21 2004 @ 02:20 PM EST
- Guess I should have been more specific - Authored by: The Mad Hatter r on Saturday, February 21 2004 @ 02:50 PM EST
- Trojans and Spam - Authored by: Anonymous on Saturday, February 21 2004 @ 03:57 PM EST
- With a Little Knowledge You Can Blow Your Brains Out - Authored by: Anonymous on Sunday, February 22 2004 @ 12:15 AM EST
|
Authored by: MathFox on Saturday, February 21 2004 @ 10:18 AM EST |
When I mentioned the Heise story to a friend who is active as spam-fighter (and
prefers to remain anonymous for that reason), he spontaniously mailed me back
that he could have been the client program of the scam:
Somewhere
on my PC there must be a Windows program that works on the other side. You make
an email and enter a database with addresses and then it makes contact with a
secure http connection that produces IP addresses of open proxies. You pay for a
number of emails or proxies.
Very scary tool... I did run it for 15 seconds
and got 10 open proxies or so. The makers offered test accounts for
free.
Scary story!--- MathFox gets rabid from SCO's
actions.
[ Reply to This | # ]
|
|
Authored by: Stumbles on Saturday, February 21 2004 @ 10:42 AM EST |
You know, spammers don't write viruses, trojans and worms
because they are
bored. Obviously, at least to me money is if not the
only motivator it is at
least near the top of their reasons. [ Reply to This | # ]
|
|
Authored by: savage on Saturday, February 21 2004 @ 11:19 AM EST |
Last time I checked, this was PJ's site. As such I would expect her to do
whatever she wants here. If she wants to post ....ahhh say say something
outragous like pics of monkeys having sex, thats her perogitive to do so. If you
want to say something different, go start up your own web site DUH!!
I don't
allow people to come into my home and be rude, crude, or socially unacceptable.
If they wish to act that way , there is plenty of free speech out on the street.
I have seen several people present dissenting views to the to whatever topic is
under discusion and several followup posts under it battling out the pro's and
cons of it. But all of it is ON TOPIC!!
This site is so wonderful and
informative because of P.J.'s tireless efforts. On this site P.J. is god ...er
Godess, and even more wonderful is the fact that at least 95% of the people here
would back her in all her decisions. That second statement is pretty amazing
when you look at all the strange people that are interested in FOSS/open
source/etc and realize that most cannot reach an agreement about witch side of a
piece of toast to butter!
ok.... I'm off my soapbox or I'll end up writing a
book about this (it's one of my pet peevs :) ) --- Savage [ Reply to This | # ]
|
|
Authored by: pingdave on Saturday, February 21 2004 @ 11:22 AM EST |
For you fellow Linux users out there, I stumbled on what looks to be a very good
Web site on basic security techniques for Linux boxes:
http://www.linux-sec.net/
I've read
through most of it, and it helped me a lot. There is a free open port test too,
which is handy. You put in your IP address, and it scans for open ports. My
results came back correct: I have port 80 open (it redirects to a web server
behind my firewall), and port 22 open for ssh.
Everything else is turned
off.
This is not an ad for them by any means, but Linksys makes some very
easy to configure and use wireless access point / router / firewall combos that
use embedded Linux. I've been very happy with mine.
You just point a browser at
the internal ip address (instructions are included) to configure the firewall
and set up the wireless security protocols. Mine was under $100, and it has
been running flawlessly for over a year :). Another excellent use for Linux. I
highly recommend them for any home user (Linux, Windows, Mac, whatever) on a
broadband connection.
Being secure means being informed, whatever OS you
use.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 11:46 AM EST |
I don't know how long everyone has to endure everything
that's going on about viruses and weak security until
there's thought of a popular uprising against Microsoft.
How long has this been going on? And how many versions of
Windows have we been subjected to that, has been bug ridden,
virus prone and has been just a nightmare for IT professionals and programmers.
The business model of Microsoft has crushed any and all
competition that has even attempted to enter the market.
And everyone in the public and business world has just put
up with it.
I don't know if viruses and security would be an issue
if OS'es like OS/2 were around and popular, but who knows?
How many other choices we may have had over time that aren't
in the market place because of one cause, Microsoft's
monopoly.
And they have been declared a monopoly, another thing that
should just chaff everyone the wrong way, but is just
ignored even when they just start doing business as
usual.
The overall fact is, that their is just too little competition in the software
and OS market because of Microsft.
There is a provasive and giant problem with security,
because of Microsoft.
There has been very good software products and companies
that have gone down the drain because of Microsoft.
Microsoft is not an inovator they are a destoyer.
Sort of like the crack dealer that sells you really good
crack, you know it's a good product in some ways, but
it will kill you sooner or later.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 11:59 AM EST |
Suggestion: Trolls thrive on us giving them attention. I am of the opinion that
if you, PJ, simply delete his/her comments without any further discussion, the
troll will get bored and be on his/her way. [ Reply to This | # ]
|
- Trolls... - Authored by: maco on Saturday, February 21 2004 @ 12:29 PM EST
- Trolls... - Authored by: TrentC on Saturday, February 21 2004 @ 02:32 PM EST
|
Authored by: ErichTheWebGuy on Saturday, February 21 2004 @ 12:03 PM EST |
" It may motivate those using Windows computers to make sure that they are
not infected with trojans"
Err, shouldn't that read:
" It may motivate those using Windows computers to switch to a different
operating system"
OK, just kidding :)
---
Striving daily to be RFC-2550 compliant[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 01:37 PM EST |
New ZDNET
article article that seems to understand most of the
points.
Still seems to be confusing oldSCO and podSCO though.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 01:58 PM EST |
"check 'sent mail" folders for suspicious messages."
Hehe, the FTC guys definitely don't know that these viruses use their own SMTP
service, so they don't really rely on Outlook either. You won't notice anything
in the sent mail folder, but you might notice open sockets using netstat.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 02:11 PM EST |
I'm a little confused about the legal issues descirbed in this
article.
...gathered evidence that virus writers are selling
the addresses of computers infected with trojans to
spammers.
surely gathering address is not illegal? If
there is clear evidence that the person gathering the addresses of infected
machines wrote a virus, is that alone enough to be cause for legal action.
IANAL but as I see it, writing code is not illegal in itself. Distributing the
code on the net is.
As for selling this list, well in today's society almost
anything will be purchased. The mere act of selling this information does not,
to me, appear to be a crime. Blueprints of banks are openly available, but
because it may be used to commit a crime does not make the selling of these
articles illegal.
Clear evidence would need to be seen that the individuals,
or companies that purchased these lists actively compromised the computers
listed. Then, I have no problem with arrests, fines, imprisonment, whatever is
appropriate to the level of the criminal activity.
I see no crime in
gathering the addresses. I have on occasion, scanned computers that have
attempted to intrude in my domain, and have ended up with small lists of
infected computers (but that information is not for sale or distribution, it is
only research on intrusion methods not previously detected for the purpose of
internal security). AFAIK, the courts have decided that mere scanning for open
ports is not a crime.
But what if I did sell a list to someone - does that
in itself constitute criminal activity. If I sold someone a car, and they used
it to rob a bank, I am not liable. What makes this different?
I have no
love for virus writers and spammers, but that is insufficient cause to violate
their rights.
[ Reply to This | # ]
|
|
Authored by: Thomas Frayne on Saturday, February 21 2004 @ 02:35 PM EST |
I don't think it is, but I'd like to be sure. [ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 03:13 PM EST |
Hi
I am currently receiving a Paypal spoof mail several times a day.
Basically its a way of harvesting creditcard numbers by luring people too key in
information, in what they think is a Paypal form. I think various versions of
this has been circulating for the last 4-5 months.
The mail itself looks authentic, and all links but one, points to Paypal own
site.
The form can be found here: http://210.78.22.113/verify.html
I think its a clear sign, that its not just a bunch of boys playing, but rather
that IT-crimes has turned into organized crime.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, February 21 2004 @ 04:07 PM EST |
Quote from vnunet.com re $echo
But SCO has been quick to try and play down the newsletter's significance.
Blake Stowell, SCO's director of public relations, told vnunet.com: "An
article by itself in a newsletter does not in one fell swoop change the legal
terms of the licences that are held between a company and its licensees.
endquote
No, it does not change the legal terms but it does go a long way to explaining
them and clarifying them.
It helps us to understand the intent behind the license terms.
SCO has failed to explain why we should ignore such a clear, explicit statement
of intent on the part of AT&T.[ Reply to This | # ]
|
- OT: $echo - Authored by: Anonymous on Saturday, February 21 2004 @ 04:37 PM EST
|
Authored by: Anonymous on Saturday, February 21 2004 @ 04:50 PM EST |
The single biggest roadblock to a more secure Internet is user training.
Most users have no clue about information security and really could care less.
By and large people just turn the box on and use it.
Computer users do not realize that computers, like cars, require proper setup
and maintenance. Computers, again, like cars, are not commodities. There is a
life cycle cost to both.
Hence, until the absymal lack of user training is rectified there shall be more
-- not less -- trojan, worm, virus and spam attacks.
krp[ Reply to This | # ]
|
|
Authored by: DaveWalley on Saturday, February 21 2004 @ 05:16 PM EST |
There's a new thread on Slashdot here discussing a
recently published report covered in a Macworld article here.
The
actual report is available from mi2g for a
price of £29-38 (about 50 USD).
These results are being presented as "Linux
is the least secure OS, much worse than Windows".
There's plenty of scope
for discussion of how to sensibly interpret the figures quoted from the report.
For example, apparently "automated" attacks (like viruses, worms, malware, etc)
are excluded, and only manual cracking is included.
However, it does
reinforce the fact that keeping a computer secure requires hard work for any
Operating System - adopting Linux is not a "magic solution" unless you keep
working on it. [ Reply to This | # ]
|
|
Authored by: innot on Saturday, February 21 2004 @ 05:47 PM EST |
I read the c't article a few hours ago. Didn't think it make groklaw headlines,
or I would have posted earlier.
For those who haven't heard of c't, it is one
of the best computer magazines in the world. So those who can, get it on monday
when it hits the shops.
Here is a short summary on how they found the virus
writers:
- Computer Engineering student removes the Randex virus from
a friends computer and disassembles out of curiosity.
- Student finds
the, only lightly encrypted, name of the dynDNS IRC server, that gets contacted
by the virus.
- Reverse lookup of the IP address of that IRC server gives
a real domain name and a domain owner
- Some googleing shows that this
owner is also one of the developers of the IRC server software and one of his
development buddies is into C&C: Generals, whose CD-Keys the virus
tried to steal.
- Student finds the owner on IRC, and after some social
engineering the owner basically admits that he has created the
virus.
- At that point the student contact c't, who in turn contact
Scotland Yard and from there it goes to the FBI.
- As the international
inverstigations take some time, they contact the virus writers, this time acting
as interested customers and they manage to get a "24h try-out list" of all
computers owned by the virus for 150 USD (paid by Western Union).
- They
get a list of some 52.000 IP addresses of infected computers, of which about
10.000 were still valid.
- The virus writers wanted 28.000 USD per month
to "rent" all infected computers, for example to use them as Spam proxies. They
say that they already have some customers
- Virus writers get arrested in
mid february.
Some other interesting information from the article.
Apparently an owned computer is worth about 1 USD to a spammer, so with tens of
thousands or even millions of infected computers, there is lots of money
involved.
And the Anti-Virus Software Companies, disassembling the virus
themself, had enough information to find the source of the virus, but did
nothing. But why should they? Every virus writer means more potential
customers
Again, if you have a chance to read the full article, it makes for
an interesting read.
Greetings from Germany,
thomas
[ Reply to This | # ]
|
|
Authored by: freeio on Saturday, February 21 2004 @ 06:51 PM EST |
Something tells me that the problem will get no better even if MS does their
"trusted (by them) computing" thing. They have this miserable track
record of putting in special back and side doors for their own applications, and
those will somehow survive and provide all the entry points needed.
Let's face it, user convenience and security are not entirely compatible. In
fact they may never be compatible at all.
My hope is for some other type of technological trick as opposed to the
palladium trap. That cure is worse than the disease.
---
Tux et bona et fortuna est.[ Reply to This | # ]
|
|
Authored by: technoCon on Saturday, February 21 2004 @ 07:20 PM EST |
let's suppose there is a black market for IPs of zombied machines. Suppose
further that a white-hat pretend s/he's a spammer, buys the list, and uses that
list to build block lists and draft polite letters to those upstream thereof
that their lusers have been screwed over.
and what's to prevent some law enforcement bunch to pretend to be a spammer
buying these lists go get evidence against the malware author and IP list
distributor. surely this sounds like racketeering to me.
finally, what's to prevent some enterprising ambulance-chaser from buying a list
of IP addresses, and filing a class action law suit against the Dark Lord on
behalf of the class of lusers whose machines have been damaged by the negligence
which enabled the infection in the first place.
I like the 3rd alternative best.[ Reply to This | # ]
|
|
Authored by: Fredric on Saturday, February 21 2004 @ 08:01 PM EST |
First I want to state that I am not a security expert or expert on viruses and
that I have never used Outlook. This means that I could be wrong here and if
that is the case, please point it out. I don't mind looking stupid (well...
maybe a little) as long as I learn something.
If I understand this
correctly there is a vast difference between Trojans and Viruses.
-
The
latter, a virus, "infects" a computer by exploiting a security hole on the OS or
an application related to it.
-
The former, a Trojan, exploits the
gullibility (some may say stupidity) of the user by mailing him/her an
executable and trick him/her into executing it. ("click here to get free sex for
two years".... right!)
And MyDoom and most other recent "viruses"
where actually trojans (and this is where I could be dead wrong). This
means that the user must cooperate with the trojan to make it effective and
this, to me, makes the user at fault here, at least to some degree.
What
makes me so confused is that nobody seem to notice this fact. Sure, Microsoft
could do better, but so could the users. So why does not all articles about
viruses and trojans contain a warning that says: "do not click on
attachments!"?
And another question: If these infected computers can be made
do whatever they are told, can't some skilled programmer send them instructions
to remove the trojan? (But I guess I am not the first to suggest
this).
--- /Fredric Fredricson [ Reply to This | # ]
|
|
Authored by: kh on Saturday, February 21 2004 @ 08:23 PM EST |
Interesting article which I don't want to read because it's very
expensive!!
Perhaps someone who reads this can tell us something about
it?
http://www.mi2
g.net/cgi/
mi2g/frameset.php?pageid=http%3A//
www.mi2g.net/cgi/mi2g/press/190204
_2.php
London, UK - 6 February 2004, 13:45 GMT - The British
Broadcasting
Corporation's (BBC) online article "Linux cyber-battle turns
nasty" by Stephen
Evans suggests that "internet zealots who believe that code
should be free to
all (open source)" are more than likely to have created and
launched the
MyDoom malware because they hold a grudge against The SCO Group.
This
has evoked a large, angry response from the Linux user community as if a
religious shrine had been desecrated. However, there may well be some
truth
and worthy analysis in BBC's perspective. (emphasis mine)
[ Reply to This | # ]
|
|
Authored by: pythonista on Saturday, February 21 2004 @ 09:01 PM EST |
If it was common knowledge that your neighbor kept a gun in an unlocked garage,
and it was stolen and used in commission of a crime, wouldn't you hold him
partly to blame? That's the case with spam, worms and viruses. Certainly,
software errors and hackers are to blame, but the millions of users who do not
fix known problems are also at fault. That should be deemed an offense, and
actually getting hacked should be an even more serious one. Compare this to DUI
being a crime in order to deter the worse event of vehicular manslaughter.
I think that running a known vulnerability more than 30 days after a fix is
available should be cause for disconnection from the internet, and running an
infected computer be subject to a substantial fine. You can argue that it
doesn't solve the problem of infected overseas computers, but by creating
effective legislation, the U.S. could set an example for other countries to
follow.
[ Reply to This | # ]
|
|
Authored by: haro on Sunday, February 22 2004 @ 07:33 AM EST |
Heise online have an
english version available.
We inhabit a Hofstadter world - Groklaw is
mentioned. [ Reply to This | # ]
|
|
Authored by: Alastair on Sunday, February 22 2004 @ 07:04 PM EST |
There is a certain irony in c't talking about “virus writers”
in
the third person. During the era of the 16-bit micros, c't helpfully
published
the complete, annotated, source code for two viruses that ran on
the Atari ST,
thus advancing the cause of virus writers everywhere.
Of course, that
was way back in 1988… I'm sure they wouldn't be
so irresponsible these
days.
(For those with an interest in the history of computing, the
viruses in
question were the Milzbrand link virus and a virus only known as the
c't virus,
after its origins.) [ Reply to This | # ]
|
|
|
|
|