Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Botnet Privacy Security The Almighty Buck IT

Seeking Competitive Advantage, For Malware 39

jc_chgo writes "Brian Krebs over at the must-read KrebsOnSecurity.com writes about the rivalry between two competing authors of nasty credential-stealing malware. The newer (SpyEye) can remove the older (Zeus) on any system it infects. Meanwhile, Zeus is so successful prices have gone way up for the new version. These 'crimeware kits' are freely available for purchase, and have enabled millions of dollars in thefts. The buyers of the kits prey primarily on small businesses by using wire transfers out of bank accounts. This is a problem that is only going to get bigger over time."
This discussion has been archived. No new comments can be posted.

Seeking Competitive Advantage, For Malware

Comments Filter:
  • by WrongSizeGlass ( 838941 ) on Friday April 02, 2010 @07:24PM (#31711108)
    There are positives to this. If one type of malware can handily defeat another type of malware I'm sure the A/V companies will be able to learn something from it (and up-charge their victims, er, customers accordingly).

    There's also the new 'botwars' games that we'll be able to watch from the safety of our non-Windows computers.
    • Re: (Score:3, Insightful)

      by Z34107 ( 925136 )

      You'll be able to watch from the safety of your Windows computers, too. Most of these take advantage of exploits that were patched ages ago - SpyEye is simply cannibalizing Zeus' market.

      There's a finite number of negligently unpatched computers out there - and Zeus exists because small businesses do banking on them.

    • I am on my Windows machine you insensitive clod.

      Various criminals:Yeah, we too!

      Windows, where do you want banking credentials to be sent to today?

      • Re: (Score:3, Funny)

        by jon3k ( 691256 )
        nice sig -- save for the fact that the "group" is composed of 90% men.
        • Re: (Score:3, Funny)

          by Bodhammer ( 559311 )

          nice sig -- save for the fact that the "group" is composed of 90% men.

          You mean two of his fingers are female?

    • by jon3k ( 691256 )
      Except for the fact that 10 million zeus infected windows machines will be spewing spam and scanning all your publicly accessible hosts. Not to mention infecting your friends, family and coworkers and possibly even stealing thousands of dollars from your place of employment.
      • If my friends, family and coworkers ignored the first 15 emails I sent them telling them to run Windows Update and do a weekly virus scan...that's their fault.
        • Re: (Score:1, Insightful)

          by Anonymous Coward

          Your email was nestled among 20 other emails asking them to install a "software update" because "their computer was vulnerable" Either they installed everything, or they sent your email to the spam folder.

        • by jon3k ( 691256 )
          You're missing the point. Fault is irrelevant. We're beyond fault or assigning blame. We have millions of infected computers on the Internet today.
          • Completely agree as I have to deal with this at work on a daily basis, sometimes it's just more pleasant to trivialize it.
          • ...then it's time to ban Windows machines from the internet.

            It IS time to appotion blame - the blame lies squarely with the stupid marketing-based decisions made by the clueless in Redmond, and their fundamental lack of understanding of the basic concept of a security model.

            Simple solution: Put those Redmond morons out of business once and for all by disconnecting every Windows machine and then suing them for each machine disconnection from the web - say $50000 per machine, just for the inconvenience.
    • by mrmeval ( 662166 )

      No transaction can occur in at our bank without our signature. That means someone has to get off their dead ass and go to the bank and authorize it with proper credentials. It sucks. Someone has a job just to do this. All of the crap is generated on a computer but until that person toddles over there and signs off on it. Nothing happens.

      • Re: (Score:2, Informative)

        by Mattpw ( 1777544 )

        No transaction can occur in at our bank without our signature. That means someone has to get off their dead ass and go to the bank and authorize it with proper credentials. It sucks. Someone has a job just to do this. All of the crap is generated on a computer but until that person toddles over there and signs off on it. Nothing happens.

        The problem with alot of these more manual authentication systems is that while it sounds good from a security point of view it is quite possibly easier to circumvent the authentication procedure than the complexity with which the trojans are going through. Alot of people think manual phone based authentication like the SMS authentication option is a good idea however the real authentication strength is only as strong as convincing the targets telephone company to forward all their calls to their "new" num

        • by mrmeval ( 662166 )

          Gun to the head of the relatives can work. It's a small enough commercial bank that they know our people and we know theirs. We do use technology but not for that last bit.

  • by WrongSizeGlass ( 838941 ) on Friday April 02, 2010 @07:31PM (#31711162)

    SecureWorks has noted that the latest versions of Zeus include anti-piracy technology that uses a hardware-based licensing system that can only be run on one computer. “Once you run it, you get a code from the specific computer, and then the author gives you a key just for that computer,” SecureWorks wrote. “This is the first time we have seen this level of control for malware.”

    I guess it was bound to happen ... you just can't trust anyone these days. I wonder if either of these 'kits' infects the computer that runs it? Would the authors ever infect their customers?

    • Re: (Score:2, Funny)

      by scolbe ( 236243 )

      I wonder if either of these 'kits' infects the computer that runs it? Would the authors ever infect their customers?

      oh, don't worry about that... that's just their handy, no fuss zero-click payment system.

    • Due to the more "Traditional Family Values" that can be found in those circles that kind of thing would be "unhealthy".

  • How do these guys not get caught? I mean, can't federal agents just set up fake transactions if hes publicly selling it? I know im simplifying it, so I ask anyone here to explain maybe how complicated it may be.
    • Re:What...? (Score:5, Informative)

      by Restil ( 31903 ) on Friday April 02, 2010 @09:29PM (#31711972) Homepage

      Here's the problem:

      Assuming the people who wrote and sell this software reside in the US or some country which will happily extradite them for us, it's possible that what they're doing isn't technically illegal. They're not actually USING the software, just selling it. This is somewhat equivalent to someone selling lockpicks. Granted, this software probably has no legitimate purpose, except perhaps to be used for security audits or something. However, even if it IS illegal, to get the Feds involved will require an almost certain guarantee of conviction. They want a jury to be debating the length of the sentence, not whether or not the suspects are actually guilty or not. If there is enough legal doubt as to whether or not a crime was even committed, the Feds will be leery of even getting involved.

      So fine, lets pass a law making the creation and/or publication of software that has mostly malicious intent. That'll be good... right? The only problem is, Congress gets to write that law. This means three things. First off, the law will likely be written in a way that is so vague that it ends up not only applying to the software in question, but half of the legitimate software ever written. Before you know it, all advertising, security software, operating systems other than windows, and of course, the ping program, will now be considered illegal.. technically. This means that the law will end up not being enforced. Next, they will be sure to word it in such a way as to render it unconstitutional, so next thing you know, the Supreme Court will tie it up for 10 years, and finally kill it. And finally, you can't pass a law without attaching a large number of completely unrelated riders, which will end up causing parties opposed to the riders to vote against and/or filibuster the bill, which causes the other side to insist that the opposing party WANTS people to have their banking credentials stolen... and so on.

      Anyways, to answer your question, Yes. You were simplifying it. It would be MUCH easier to just find a way to sneak a few images of child porn on one of their computers, and shut them down that way. THAT avenue at least seems to have no roadblocks.


      • Perfectly answered everything. Thanks a million man, see people? There are people on slashdot that arn't constant trolls :)
        • Re: (Score:3, Insightful)

          by Anonymous Coward

          Look, I know the grandparent was just trying to help, but in real-life people don't do things because of silly slippery-slope arguments.

          The reason that this is very hard for law-enforcement to stop is because it is not being done by lone guys in their parent's basements, but because it is business. As a start, read "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants", http://cseweb.ucsd.edu/~savage/papers/CCS07.pdf

          You can buy lists of valid credit card numbers, botnets, root-kitted

      • Well said, sir! Mod parent up!

        A law banning this would probably pass in Australia (don't start on the filter!). We ban sales of spray paint to minors (in case they graffiti), guns to non-farmers (in case they kill someone) etc.

        Just get your guys to sell a kit to an Aussie scriptkiddie, track em down (filter anyone?) then organise extradition to Down Under.

  • ...is still much better than the idea of government-owned, tax-paid malware.
  • "What we need are a few good old fashioned hangings." -- FTC commissioner Orson Swindell at the first FTC spam conference. I'm looking forward to hearing about one of the organized crime associated bots getting whacked by one of the competition, and so the owners of the former return the favor to the author of the (temporary) victor. I suspect it's happened already, but not publicized. Sooner or later one will. Then we'll see some real cyberwarefare. You think the US government has got some cyberwarriors li

You can fool all the people all of the time if the advertising is right and the budget is big enough. -- Joseph E. Levine