backtop


Print 15 comment(s) - last by cjohnson2136.. on Jul 30 at 11:14 AM

Computer crime doesn't pay in the long run

For malicious users, botnets represent one of the most lucrative get rich schemes.  The premise is relatively straightforward -- craft a virus that exploits vulnerabilities in the most used operating systems and infect numerous machines.  Once you have a mass of infected computers communicating with your command servers, they can be used as a for-hire army to perform such insidious tasks as mass spam mailing, mass theft of financial information, and denial of service attacks.

The key problem with the scheme is that its easy to spot and frequently is run by just a couple of individuals.  Take down those individuals and you can take down the botnet.  That's exactly the kind of breakthrough the FBI just made in the case of the botnet formed from the mariposa virus, also known as butterfly.

The mariposa virus first was launched in December 2008.  The virus quickly infected computers on half of the Fortune 1,000 companies and at least 40 major banks.

Back in 2009, the FBI and Spanish authorities arrested three individuals in Spain who had been maintaining the virus's botnet, which consisted of 12.7 million infected computers.  Now the FBI have nabbed a hacker in Maribor, Slovenia, named Iserdo, who allegedly wrote the virus.

States Jeffrey Troy, deputy assistant director for the FBI cyber division, "To use an analogy here, as opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighborhood."

The mariposa botnet was primarily used to steal financial information from the infected victims.  It may have actually been designed for a smaller infection, but inadvertently infected many more machines.  Trend Micro security advisor Rik Ferguson comments, "The guys behind it said it was more successful than they had intended to be.  As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success."

Ferguson says that takedown of Mariposa leaves the Conficker botnet as likely the world's largest.  There's an estimated 6M Conficker-infected machines, down from a peak of 12M machines.  While there's many smaller botnets, Conficker may be the last remaining huge botnet whose operators remain at large.

Despite the FBI's success in taking down botnets, Ferguson says the industry supporting botnets is still thriving.  He states, "The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over."





Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I have an answer...
By MrBlastman on 7/28/2010 10:43:02 AM , Rating: 4
To the problem... Take these guys and infect _them_... 12 million times with the ebola virus. Then, whip out a stopwatch and see just how long they remain solid.

Fitting punishment for the crime.




RE: I have an answer...
By inv on 7/28/2010 10:57:27 AM , Rating: 5
Make them work as technical support for old people til the day they die, now that's a fitting punishment. We'll have to put them on 24/7 suicide watch however...


RE: I have an answer...
By Earthmonger on 7/28/10, Rating: -1
RE: I have an answer...
By fic2 on 7/28/2010 12:33:42 PM , Rating: 2
More expensive, but I would rather see him locked up in supermax. Locked up for 23 hours a day with no human interaction. No visitors or outside interaction ever. For minimum of 20 years.


RE: I have an answer...
By cjohnson2136 on 7/28/2010 12:35:38 PM , Rating: 5
I honestly don't think they would have a problem with that they probably spend their lives like that already. I would say FORCE them to be with other criminals


RE: I have an answer...
By Samus on 7/29/2010 6:00:57 PM , Rating: 2
I agree, put them in prison with other criminals, let the 'system' do its work.

By 'system', I mean 'bubba'


RE: I have an answer...
By mydogfarted on 7/28/2010 2:14:51 PM , Rating: 4
I have a better option - let those of us who've lost hours cleaning this garbage off friends and family member's PCs take the time they lost smashing these jerk's bones with baseball bats and hammers.


RE: I have an answer...
By Omega215D on 7/29/2010 3:57:14 AM , Rating: 2
ooh, i'll supply the boombox with Geto Boys - Still playing while we carry out the process.


RE: I have an answer...
By w1z4rd on 7/29/2010 10:09:49 AM , Rating: 2
YES PLEASE!!!!!!

we just not allowed ot kill them


RE: I have an answer...
By neihrick1 on 7/28/2010 10:57:54 AM , Rating: 5
i'm sure he'll be "injected" plenty in prison


RE: I have an answer...
By medys on 7/28/10, Rating: -1
RE: I have an answer...
By tmouse on 7/28/2010 11:25:52 AM , Rating: 5
Contrary to popular urban myth the vast majority of these types are totally useless for any "good" purpose. Numerous security firms got severely burned by the "reward the hacker syndrome". Most are fairly antisocial and resent authority, that's part of the reason they became hackers. They have to do things their own way and follow their own rules which more often than not are VERY poor business practices and often illegal. The may be superior than others (and that is a large MAYBE, there are many really good coders who never went down that route) but the disharmony they cause in a group causes far more problems than they are worth. Then sooner or later they fall back into their old ways and that exposes the entire company to the results of their actions. Others just quit and leave the poor saps who invested in them high and dry. Being a hacker is not a great resume addition anymore its probably best to just throw them in a dark technology void hole.


RE: I have an answer...
By cjohnson2136 on 7/28/2010 12:34:39 PM , Rating: 3
I would have to agree with you on that. The only way to get a good hacker is to have some get a degree in cyber security with the purpose of building network security for companies or working for police of DOD. I have a couple of finds that know how to hack because they teach it in colleges now but they all want to work for the FBI


RE: I have an answer...
By YashBudini on 7/29/2010 4:13:18 PM , Rating: 2
The problem then becomes is the person really a white hacker or a gray one?


RE: I have an answer...
By cjohnson2136 on 7/30/2010 11:14:33 AM , Rating: 3
You will never know but the only way to stop a hacker is to have someone that udnerstands how hacks work. To understand how a hack works you have to know how to do it. It is a double edged sword. But the second that white hacker turns black or grey then throw him in jail.

The thing is the same thing could be said about police officers. There are some corrupt officers out there. If that officer is caught he is thrown off the force, thrown in jail depending on the crime and whatever other punishment there might be. You just replace him with someone that is trained. The same can be said for hackers. Good hacker turns bad throw him away and bring in another good hacker


"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer













botimage
Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki