[Dshield] cracking SoBig/SINIT/MyDoom, et alius

jayjwa jayjwa at atr2.ath.cx
Wed Feb 11 23:36:12 GMT 2004

On Wed, 11 Feb 2004, John Draper wrote:

> My take on this is that these viruses are written by different people.
> I've already infiltrated into
> some virus hangouts,  and am keeping a pulse on these operations.

> It is more likely there are just script kiddies using the many numerous
> virus kits floating around
> the internet,  according to most of the conversations I've intercepted
> from listening to the Chat
> sessions on public Russian Chat groups.

Many claim that they are writers of virues or malware, or whatever...but,
the true originators don't go around blabbing on public chat rooms. These
people seek attention, and they get in in this form.

> Some other interesting things also came to my attention from some virus
> houses in E Europe that appear to be fighting among themselves.
> Most of these chat rooms are in Russian,  and other E European
> languages,  but my contacts
> are filtering out the more relevant information and passing it onto me.

Good work, agent #007, rondavouz with agent #054 at 23:12.43 at XYZ
and execute plan # QX348b...  Many of the virus writers do come
from these places, because many talented, otherwise gifted kids and young
adults lack the oportunities that we in the US have to go to University.
Bored kids = naughty code; the devil finds work for idle hands and all of
that. But this...

> I cant talk about
> specifics because of an ongoing FBI investigation as well as the German
> ver of the FBI.  But
> I can definately say there is a strong link between the virus writers
> and the huge spam gangs operating in E. Europe.

...is absolutely ludicris, and nothing more than attempt to paint a
picture of these so-called 'virus-writers' as something as universally
hated as spammers. I'm sorry, but that's just too far of a stretch to
make. Has anyone ever written a virus connected to profits and/or
instructed to/hired by a spammer/spam-gang? Yes, there probably has. Are
most of them like this? No, I won't even give up 10%.
I do wish vx.netlux was still online. It was a good place to learn about
virus, what they are, what they are not, the how's and the why's and a
rare look into the people that create them. Many report they do so for
reason such as: the challenge of it; learning to code/learning a language
in the process; boredom; or simply just to prove to themselves or others
that they can. Destruction is not their primary objective- if it was, we'd
see a virus mass-mail, replicate x times, then format -u C:

> A few years ago,  there never used to be much of a financial incentive
> to write and spread viruses, but not anymore.   From the chatter I'm
getting,  it seems the going  rate for payment for a virus
> is about $25,000 to $35,000,

rotflmao...wait- I dropped my keyboard, hold on!..oh god..haha.
...from these 'script-kiddies', as you say? How many Britney Spears CD's
worth is that? So if I happend to have, say, 100 viruses, I just netted
$3,500,000? I'm quitting my day-job. Does Bill Gates know about this?

 and with MOST of the jobs floating away
> off-shore these days,> you can expect to see a lot more of them,
as more and more unemployed  programmers give in to the temptation of
writing them for cash,  especially when rent is 3  months overdue.

Any programmer worth is salt has the ability to write a virus, it's not
hard. Modify a reg key, copy a few files, read a few others, send a bunch
of mail. There's the blue print for the last several popular worms.

> We need to work towards shutting these trojans down,  and a good way to
> do that,  is to report spam,  but then again,  the ISP's are falling
 way behind in dealing with this.

Let's place the blame where it belongs- not at some tele-virus
trans-continental spam-gang spreading viruses, but at home with Mr. Joe
Avg. User. Why? Because Mr. User opens mystery zip-files, then proceeds to
click on the attachment, that is clearly labeled as an .exe. He runs
notoriously vulnerable software from a company with an awful track record
for security. He's still running unpatched version of OS's from 6-9 years
ago...I count dozens of Windows 95/98 machines _still_ floating about the
intenet on a daily basis (via passive monitoring of connections to my
host), the rest lack half or better of the recommended service packs.
Aver. User IRC's as root, he keeps default installs of servers he never
uses and knows nothing about, places the cwd in his path, runs unknown or
user-modifiable binaries as root, and allows stuff such as ActiveX, JS,
Cookies, and auto updates to run wild and unchecked.
He never logs anything, uses telnet instead of ssh, has never heard of
a firewall, nor does he keep up with current announcements from his
OS/software company/vendor. It's someone _else's_ problem- the spam-gangs,
those virus-writers, the malware-kids. This frees him from any and
all responsibility, right?

Sure, there's some bugs out there- you keep your screens drawn and 99% of
them never come in. The 1% that does you swat and brush off, ready to move
on. But you don't blame the neighbors because you didn't screen in your
porch & BBQ and now are getting bit up.

(Disclaimer: No live bugs were hurt in the
making of this analogy.)

-- jayjwa

More information about the list mailing list