back to article Polish knights slay Virut, the brazen virus army that has its own EULA

Security researchers have decapitated a spam-spewing network of hacked computers by pulling the plug on the central command-and-control servers. The compromised PCs were infected by the Virut virus and were being remotely controlled from these servers by miscreants. The takedown operation was coordinated by CERT Polska, the …

COMMENTS

This topic is closed for new posts.
  1. Zaphod.Beeblebrox
    Thumb Up

    Well Done!

    Well done, gents! Nice to see the good guys win one for a change!

  2. dogged
    WTF?

    The software nasty infects .exe and .html files to display adverts and open a backdoor to the botnet's masters

    wat.

    .html is just a file full of markup. It can't execute anything so how can it display ads (which are not an existing part of the markup)?

    And how can a .html file be a vector for infection?

    .exes I get, oldschool though that may now be (and thus easily caught by any decent AV). But who downloads torrents without AV checking them?

    I dunno. Maybe it's a Monday afternoon thing. This story has me confused.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      It could be malformed html that exploits specific weaknesses in particular parsers to get them to behave undesirably. Or it could be that the html directs the browser to get malicious binaries that similarly exploit specific browser weaknesses. Either way, these weaknesses continue to be found and patched regularly and as html and the Web gets ever more complex and feature rich, they can only become more numerous.

      With the forthcoming adoption of IPv6, now might be a good time to make a clean break from html/http and come up with something better suited to this era.

    3. Anonymous Coward
      Anonymous Coward

      Adds javascript code to HTML file to display ads from another website

    4. Captain Scarlet Silver badge

      Simple use of iframes to dodgy websites, nothing new if it manages to do a drive by download or exploit they work very well.

    5. Boris the Cockroach Silver badge
      Flame

      Simple

      Its runs a javascript that can handily link a sequence of bytes to the SVCHOST program, to avoid the scanners all you do is bit shift the sequence before you run the link.

      Then said file goes on a rampage through your HDD add the javascript and bit shifted virus to every .HTML file on your pc... then adds it to every .exe program just to be sure.

      Gawd I love IE as a browser........ NOT

      Fire... because thats where the malware creators should be

  3. Anonymous Coward
    Anonymous Coward

    Something s wrong in the Universe

    virus and windows in the same article and no Eadon?

    Doesn't his network work in the snow?

  4. The FunkeyGibbon
    Devil

    It's own EULA?

    Cheeky bastards!

    1. Steven Roper
      Devil

      Re: It's own EULA?

      That's what got me wondering as well!

      I mean, these people are thieves, scammers, and parasitic scum of the lowest order, who don't give a flying fuck about anyone or anything other than their own gain - otherwise they wouldn't be doing what they do. Yet the purveyors of the software these "people" - and I use the term very loosely - use for their activities, expect them to honour an EULA, when they already fork two fingers up at every law on the books? What the hell are they smoking?

      I swear, some of these people must be seriously delusional about who they are and what they do. I can't think of any other explanation for it. It reminds me of Sanford "Spamford" Wallace, who actually believed he was doing people a favour by smothering their inboxes with spam, and couldn't understand why people hated him. I can't even begin to fathom what must be going on in the heads of such people.

    2. E_Nigma
      Joke

      Re: It's own EULA?

      I see a lawsuit in the making. I'm just not sure if it's Sony, MS or some other major company with prior art in the area of "malware that comes with an EULA" that holds the actual patent?

  5. Anonymous Coward
    Anonymous Coward

    "does nothing to remove infections from compromised drones - which are, don't forget, innocent users' Windows PCs."

    Innocent users? They are not innocent.

    Ignorance is no excuse in the eyes of the law.

    If these "innocent users" kept their PCs up to date and knew how to use the internet, thoses botnets would not take hold and cause disruption for everyone.

    Innocent my arse.

    1. asdf
      Stop

      >If these "innocent users" kept their PCs up to date

      Half the problem is Chinese running pirated windows copies (little sympathy there except for the government they live under). The other is not everyone is technically gifted or leaves their computer on the internet constantly for updates (think grandma still on dialup). Much of the problem though is Eastern Europe not giving a crap about Western laws or laws in general except the ones that make the leadership rich.

      1. Bronek Kozicki
        Flame

        I live in Britain and don't give a crap about laws of continental Europe, why should Poles give a crap about laws that do not concern them? Apart from that I fail to see how this is relevant to virus infections; running pirated software is the same illegal in Britain as it is in Poland or Germany. Enforcement and penalties are also quite robust in Poland, AFAIR.

  6. asdf
    Facepalm

    wow

    EULA for the really stupid is more like it. I would like to see the baddies take a client to court over breaking the EULA.

    >The licence forbids users from sharing the download with computer security organisations or anti-malware firms.

    Yeah that would hold up in court. And even if it did the court would probably need to refer all the other obvious law breaking by the plaintiffs to law enforcement where the penalties would be much stricter than any EULA. You generally don't get pound you in the ass prison for breaking contracts.

    1. Anonymous Coward
      Anonymous Coward

      Re: wow

      <blah blah blah> ...pound you in the ass prison for breaking contracts.

      Eh? Who said the perps lived in/within reach of the USA? Anyway, they have not been identified yet.

      1. asdf

        Re: wow

        Of course they don't. They live in a fairly lawless country I am sure that will forever stay in the developing category for it. Just saying not a lot of countries that would go to the effort to enforce a EULA but look other way on massive computer intrusion and fraud.

      2. asdf

        Re: wow

        >Eh? Who said the perps lived in/within reach of the USA?

        Its very possible but would be very stupid for script kiddie fraudsters in the US to want to get their hands on some pre made malware. Then again the baddies wouldn't need to sue on the EULA but just black mail on anonymously reporting the more serious crimes.

        1. Uffish

          Re: PYITA

          I think you missed the point.

    2. asdf

      Re: wow

      I thought any contract that violates the law is considered non binding. Sure would be a grey area depending on how EULA is written but pretty sure would be hard to collect on breaking the EULA was what was thinking.

    3. Robert Helpmann??
      Childcatcher

      Re: wow

      pound you in the ass prison for breaking contracts

      Is it too early in the week to be cracking wise about this malware kit making use of a backdoor if the EULA was violated?

    4. Magani
      Big Brother

      Re: wow

      "I would like to see the baddies take a client to court over breaking the EULA."

      More likely that they'll send round Bruno 'The Bear' to rearange your face as a little hint pour encourager les autres

  7. teebie

    "Seizing the reins of the botnet [] nothing to remove infections from compromised drones "

    That's a shame, virut (and virux) is a real pisser to get rid of - potentially infecting all .exes and .htmls, even those inside (unencrupted) zip files, and .scr if I remember correctly, as well as residing in memory to reinfect the files if you clean them. Also it can't (couldn't?) be cleaned with combofix.

    The disinfection route i took was to get a linux live cd, delete all potentially infected files, reinstall windows, sod it, create a new partition, install linux.

    Maybe I could have stopped at step 3.

This topic is closed for new posts.

Other stories you might like