Security researchers have decapitated a spam-spewing network of hacked computers by pulling the plug on the central command-and-control servers. The compromised PCs were infected by the Virut virus and were being remotely controlled from these servers by miscreants. The takedown operation was coordinated by CERT Polska, the …
Well done, gents! Nice to see the good guys win one for a change!
The software nasty infects .exe and .html files to display adverts and open a backdoor to the botnet's masters
.html is just a file full of markup. It can't execute anything so how can it display ads (which are not an existing part of the markup)?
And how can a .html file be a vector for infection?
.exes I get, oldschool though that may now be (and thus easily caught by any decent AV). But who downloads torrents without AV checking them?
I dunno. Maybe it's a Monday afternoon thing. This story has me confused.
It could be malformed html that exploits specific weaknesses in particular parsers to get them to behave undesirably. Or it could be that the html directs the browser to get malicious binaries that similarly exploit specific browser weaknesses. Either way, these weaknesses continue to be found and patched regularly and as html and the Web gets ever more complex and feature rich, they can only become more numerous.
With the forthcoming adoption of IPv6, now might be a good time to make a clean break from html/http and come up with something better suited to this era.
Simple use of iframes to dodgy websites, nothing new if it manages to do a drive by download or exploit they work very well.
Gawd I love IE as a browser........ NOT
Fire... because thats where the malware creators should be
Something s wrong in the Universe
virus and windows in the same article and no Eadon?
Doesn't his network work in the snow?
It's own EULA?
Re: It's own EULA?
That's what got me wondering as well!
I mean, these people are thieves, scammers, and parasitic scum of the lowest order, who don't give a flying fuck about anyone or anything other than their own gain - otherwise they wouldn't be doing what they do. Yet the purveyors of the software these "people" - and I use the term very loosely - use for their activities, expect them to honour an EULA, when they already fork two fingers up at every law on the books? What the hell are they smoking?
I swear, some of these people must be seriously delusional about who they are and what they do. I can't think of any other explanation for it. It reminds me of Sanford "Spamford" Wallace, who actually believed he was doing people a favour by smothering their inboxes with spam, and couldn't understand why people hated him. I can't even begin to fathom what must be going on in the heads of such people.
Re: It's own EULA?
I see a lawsuit in the making. I'm just not sure if it's Sony, MS or some other major company with prior art in the area of "malware that comes with an EULA" that holds the actual patent?
"does nothing to remove infections from compromised drones - which are, don't forget, innocent users' Windows PCs."
Innocent users? They are not innocent.
Ignorance is no excuse in the eyes of the law.
If these "innocent users" kept their PCs up to date and knew how to use the internet, thoses botnets would not take hold and cause disruption for everyone.
Innocent my arse.
>If these "innocent users" kept their PCs up to date
Half the problem is Chinese running pirated windows copies (little sympathy there except for the government they live under). The other is not everyone is technically gifted or leaves their computer on the internet constantly for updates (think grandma still on dialup). Much of the problem though is Eastern Europe not giving a crap about Western laws or laws in general except the ones that make the leadership rich.
I live in Britain and don't give a crap about laws of continental Europe, why should Poles give a crap about laws that do not concern them? Apart from that I fail to see how this is relevant to virus infections; running pirated software is the same illegal in Britain as it is in Poland or Germany. Enforcement and penalties are also quite robust in Poland, AFAIR.
EULA for the really stupid is more like it. I would like to see the baddies take a client to court over breaking the EULA.
>The licence forbids users from sharing the download with computer security organisations or anti-malware firms.
Yeah that would hold up in court. And even if it did the court would probably need to refer all the other obvious law breaking by the plaintiffs to law enforcement where the penalties would be much stricter than any EULA. You generally don't get pound you in the ass prison for breaking contracts.
<blah blah blah> ...pound you in the ass prison for breaking contracts.
Eh? Who said the perps lived in/within reach of the USA? Anyway, they have not been identified yet.
Of course they don't. They live in a fairly lawless country I am sure that will forever stay in the developing category for it. Just saying not a lot of countries that would go to the effort to enforce a EULA but look other way on massive computer intrusion and fraud.
>Eh? Who said the perps lived in/within reach of the USA?
Its very possible but would be very stupid for script kiddie fraudsters in the US to want to get their hands on some pre made malware. Then again the baddies wouldn't need to sue on the EULA but just black mail on anonymously reporting the more serious crimes.
I thought any contract that violates the law is considered non binding. Sure would be a grey area depending on how EULA is written but pretty sure would be hard to collect on breaking the EULA was what was thinking.
pound you in the ass prison for breaking contracts
Is it too early in the week to be cracking wise about this malware kit making use of a backdoor if the EULA was violated?
I think you missed the point.
"I would like to see the baddies take a client to court over breaking the EULA."
More likely that they'll send round Bruno 'The Bear' to rearange your face as a little hint pour encourager les autres
"Seizing the reins of the botnet  nothing to remove infections from compromised drones "
That's a shame, virut (and virux) is a real pisser to get rid of - potentially infecting all .exes and .htmls, even those inside (unencrupted) zip files, and .scr if I remember correctly, as well as residing in memory to reinfect the files if you clean them. Also it can't (couldn't?) be cleaned with combofix.
The disinfection route i took was to get a linux live cd, delete all potentially infected files, reinstall windows, sod it, create a new partition, install linux.
Maybe I could have stopped at step 3.