[Dshield] MyDoom-A/B and Organized Crime

John Hardin johnh at aproposretail.com
Mon Feb 9 16:49:23 GMT 2004

On Sun, 2004-02-08 at 06:40, Erwin Van de Velde wrote:

> I don't think organized crime is involved as the worm doesn't do that much 
> damage...

What profit motive exists for OC to damage systems vs. stealthily take
control of them? If damage were a part of the worm it would be an
indicator *against* OC involvement, unless it were also a precisely
targeted attack (e.g. take out a business that competes with one they

> Okay, there is damage and SCO went down and so on, but if the virus writer 
> really wanted to cause damage, this is far to little: no files are deleted 
> and your computer does not explode :-)

OC != vandalism. OC == profit. Script kiddies or amateur Crackers
looking to publicly (or at least within their social circle) inflate
their egos or reputations are the ones who do splashy, widespread,
damaging attacks.

> I also do not know why someone would pay much for a virus as MyDoom, as no one 
> has any gain of it.

I would say there is considerable gain for most anyone in having remote
control of a few million Internet-connected computers.

> I think that organized crime would use hackers and virus writers for two 
> purposes: hacking into one specific system and taking down the internet.

How would taking down the Internet profit them? Give me a reasonable
scenario and I will agree. 

There is no centralized body anybody could blackmail with <voice
effect="SPECTRE Number 1"> "...We demand $100 million in flawless
diamonds or the Internet goes *poof*". </voice> 

However, taking certain specific entities off the net could work for
targeted blackmail, for example, DDoS'ing Ameritrade or E*Trade might be
worth a few $million. To do that sort of thing you'd probably need a lot
of Internet connected systems under your control...

> That are two actions by which they have a gain: getting information or
> altering data and demonstrating there powers (think of 9/11 on the
> internet).

OC != terrorists. They have no political motivation. In fact, I would
expect they rather try to *avoid* the limelight, where terrorists seek
it out.

OC is, essentially, a business, interested in profit, but without the
ethics or desire to remain within the law that keeps other, legitimate
businesses from doing exactly the same thing. 

John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r

More information about the list mailing list