Dec

29

Vicious Viruses, from Daniel Flam

December 29, 2008 |

 Our computers were stricken by one of the most vicious and ingenious strain of virus/malware/Trojan system I have ever seen. It was a multi stage and multi component system composed of a timer based installer, a downloader that contains another downloader that in turn installs viruses that install other viruses. In addition this system operates in worm mode and installs itself on any other computer in the network exploiting the latest zero day security holes. In addition it uninstalls the antivirus on the computer and disables the firewall and the automatic updates, and preventing the installation of antiviruses. Because of the way it works the antivirus software took close to four days to discovers all the hidden features, slipping back between safe mode, offline updates and other methods of removing the virus. I am still unsure that it is behind me.

One of the most logical question would be: What do these operators and programmers stand to gain from designing a system on such a huge scale? The surprising answer is hundreds of millions of dollars, perhaps even billions! Over the last few years I have been working alongside with some of the major Internet marketing experts, which gave me insight to the problem. One of the key components in any successful internet marketing strategy is affiliate programs. These programs allow the vendor to expand the services to customers and add value to the site.

As an example, suppose we have a website that helps people find movers in their area. suppose you visit the above site and click on boxes. The boxes are supplied by a third party. Most affiliate programs have a vendor ID that is assigned to the link and a cookie to help track that the user indeed was referred by the vendor. This allows the user to leave the site. If on a subsequent visit the user decides to buy a product or service, the vendor would be granted a percentage of the sale. It use to be common practice to install a frame called a "invisible popup" in the page to mark the client and pay money to perpetrators, but newer browsers block these attempts.

I think you now all understand why these malware/viruses are such a lucrative business. By opening up as many sites as possible before being removed you are actually tagging these sites so if you purchase from any of these sites within three months you are paying the pirates a large percentage of the sale. For example if a Trojan popped up Amazon, then every purchase will pocket at least 4% of the profits (see this for example)

A couple of years ago I turned down a very high paying job offer to develop such malware for a company that makes well over 100M in profits every year from this scam. This is only one in a list of hundreds of companies worldwide that exist to exploit these security problems.

Unlike battling pirates in a million square mile area, government can battle the virus operators by the racketeering laws to follow the money trail and shut these operations down. They can investigate and expose the operators by infecting computers with the viruses and see what affiliate programs are tagged. Then they can hold payments by the affiliate programs. I think that these measures would be far more effective that trying to nail a specific individual. By drying up the pond, you get rid of the mosquitoes.

It would appear that I am in the business of making viruses - that is not the case - I went to a job interview and when I did a background check of what the company does that is what I discovered. I decided that morally I cant be associated with such a company. 


Comments

Name

Email

Website

Speak your mind

Archives

Resources & Links

Search