May 07, 2008 | Comments: (0)
If there were any doubt the underworld of malware and the universe of legitimate software were converging, it was dispelled last week, after researchers at Symantec uncovered a malware EULA (written in Russian) that was more restrictive than the kind of thing Microsoft puts out. According to the Associated Press report, the botnet software had the following restrictions:
The customer can't resell the product, examine its underlying coding, use it to control other bot nets or submit it to antivirus companies and agrees to pay the seller a fee for product updates....The threat: Violate the terms, and we'll report you ourselves to the antivirus companies by giving them information about how to dismantle your bot network or prevent it from growing bigger.
In other words, steal our software and we're going to run and tell Mommy--err, McAfee. Kinda funny that the hackers are the among the few parties who still believe anti-virus software is effective. I don't know any security wonks who do.
It's yet another candidate for Andy Brandt's entertaining series on Stupid Hacker Tricks. Which puts me in mind of other stupid hacker tricks -- the ones committed by legitimate companies. Sony's CD Root Kit is a classic example of a large mainstream firm using black hat techniques against its own customers. Microsoft's secret WGA installation is another example of a Big Public Company pulling tricks out of the hacker's handbag. Even Apple's less-than-forthright attempt to sneak Safari onto Windows PCs borders comes pretty close, at least according to Mozilla CEO John Lilly.
I'm sure there are others, but they're slipping through my brain. What other companies have been pulling their own stupid hacker tricks?
In other news: Speaking of slippery brains, leave it to Cringe to get his facts wrong about Lord of the Rings. Several Cringesters wrote in to correct my clear lack of understanding of all things Ringian. Reader S. O., whose email sig indicates he works in a 'scent reduced workplace', reduces the issue to its essentials:
In the Lord of the Rings movie it is Saruman who is shown ordering the goblins to sharpen the weapons and dig up the Orcs. As such he is trying to rid the world of the men of Rohan. In the end, some elves arrive to help at Helm's Deep.
Meanwhile, reader D.H. serves up his own slice of geeky snark:
Robert, are you aware that Frodo returned to the Shire to become their CIO, where he promptly installed a “Tolkien” ring?
Ouch.
Who's been playing hacker? Nominate your candidates below or email me: cringe (at) infoworld (dot) com. Swinging swag awaits top tipsters.
Posted by Robert X. Cringely on May 7, 2008 03:00 AM
January 23, 2008 | Comments: (0)
It's a hackers' world; we just surf in it.
It's a truism that sites get hacked every day, and some may even deserve it. But we're no longer talking about individual hacks by disgruntled geeks. We're looking at massive, well-organized plans to take over vast portions of the Net. Case in point: The SQL Injection exploit that infected more 70,000 sites -- including some parts of CA's site -- according to researchers at Grisoft.
It gets worse. In a presentation to the security wonks at a SANS conference, CIA analyst Tom Donahue revealed that hackers accessed the power grid in several foreign nations via the Net and tried to extort money from the local governments in return for not turning off the lights. Think about that the next time you experience a rolling blackout.
But the real elephant in the server closet is the Storm worm, which celebrated its first birthday last week and continues to spread across the Net via holiday-themed e-mails. According to Sophos, poison pen Valentines e-mail accounted for 8 percent of all e-mail traffic last week.
We know that millions of machines have been infected with the Storm bot, and every so often they receive instructions, but mostly they've been strangely quiet.
A security wonk of my acquaintance (who asked to remain anonymous) has an interesting theory on what these millions of zombie machines might be used for: the evil equivalent to SETI. But instead of parsing interstellar radio signals for signs of intelligent life, these millions of zombies could be put to other distributed computing tasks, like cracking complex passwords. Heck, the bad guys could merely rent their grid out to anyone with a Dr. Evil-ish scheme for world domination. Call it Storm Cloud Computing.
Of course, there's not just one Storm network. There may be dozens. One was recently employed in phishing attacks on Barclay's and Halifax banks, another used to spew out pump-and-dump spam last fall.
My anonymous security wonk also tells me that most of the malware action has moved from Russia to China -- or at least, Chinese subnets. Apparently Russian locals have started to crack down, so the bad guys jumped borders to friendlier environs. It seems World War III may be fought online. Strap on your virtual kevlar, because it's about to get ugly.
Got theories on where the big Storm will hit? Post it below or share it with me on the QT. Top tipsters qualify to receive cool Cringe swag.
Posted by Robert X. Cringely on January 23, 2008 04:24 AM
