D'you mean people like klansmen, neo-Nazis, psychics, child pornographers, and members of Congress?
I haven't the vaguest idea.
NewtonTrino
Illuminator
- Joined
- Jul 2, 2007
- Messages
- 4,585
It's mostly teenagers and college students who do it for fun. And to inflate their own egos.
In addition there are several criminal rings that specialize in bot nets and other types of computer fraud.
There are a lot of different types of these things as well. Viruses vs Trojans vs Worms as well as plain old social engineering. A virus is basically a self replicating bit of code usually with side effects. Trojans are typically something you run which has some side effect (for example turning your machine into a botnet node). Worms are similar to viruses but typically exploit specific security holes to replicate themselves across the network. You can also somewhat mix and match the different items. For example you could use an exploit on windows to display the user a social engineering message. For example you can tell them they have a virus but if they simply give you money you can make their machine "secure". It's almost like the old mafia protection racket. In these cases the exploits are typically written by professional hackers who are trying to make money.
There are also governmental organizations writing these things. For example the recent stuxnet worm which was targeting the Iranian nuclear program.
So basically they get created by many people with all kinds of different agendas.
In addition there are several criminal rings that specialize in bot nets and other types of computer fraud.
There are a lot of different types of these things as well. Viruses vs Trojans vs Worms as well as plain old social engineering. A virus is basically a self replicating bit of code usually with side effects. Trojans are typically something you run which has some side effect (for example turning your machine into a botnet node). Worms are similar to viruses but typically exploit specific security holes to replicate themselves across the network. You can also somewhat mix and match the different items. For example you could use an exploit on windows to display the user a social engineering message. For example you can tell them they have a virus but if they simply give you money you can make their machine "secure". It's almost like the old mafia protection racket. In these cases the exploits are typically written by professional hackers who are trying to make money.
There are also governmental organizations writing these things. For example the recent stuxnet worm which was targeting the Iranian nuclear program.
So basically they get created by many people with all kinds of different agendas.
JJM 777
Illuminator
- Joined
- Jun 25, 2004
- Messages
- 4,060
I imagine that nowadays viruses etc. are seldom written and distributed just for fun. Also the early format C: kind of sabotage stuff seems to have quite much disappeared. In modern world most viruses seem to serve the interests of their more or less professional creators, no unnecessary risks taken without a profit motive. The thumb rule seems to be: make minimal damage and raise minimal attention, do quietly and unnoticeably whatever you do.
Last edited:
Andy_Ross
Penultimate Amazing
- Joined
- Jun 2, 2010
- Messages
- 67,686
I will look forward to that.
Dancing David
Penultimate Amazing
I agree with the rest of your post, but unlike the old days, most malware is written for profit. Some may be written for ego, but not like the early days.
Dancing David
Penultimate Amazing
Well certainly that is true of the rootkits and droppers, but rouge malware advertises itself, while making itself hard to remove. Now we never know which date release variants are out there until the trigger date.
Considering the prevalence of the TDSS/TDL/Alureon strain I agree that profit is the larger motive, and when you consider the number of netbots, that is also for profit.
Dancing David
Penultimate Amazing
That is just crazy! Sorry but get involed in malware removal and learn something. The people detetcing malware are not releasing it. Most of the main brands McAfee, Panda, Microsoft and Norton are worthless against the newer rootkits and droppers. They will get past the real time scans almost every time. Sophos, Kaspersky and Prevx are a little better, but this is a ridiculous idea.
Get involved in malware removal, find out what malware does, look at the report forums, look at the fact that most malware removal is AFTER the fact. There is no malware protection that is ahead of the curve, ever.
Believe me the lag time is there, even MBAM and the others (including the three I trashed) are actively involved in finding out the new variants and strains, they recruit people to report them, and there is always a lag time.
You show me the AV software that is ahead of the curve, you show me whose AV catches the stuff before it comes out?
Do you know the prevalence of the ones that steal your information? Why is it that the TDSS/TDL/Alureon is so hard to stop?
Last edited:
Milbrandt
Muse
The digital Big Pharma keeps our computers sick to earn money from the anti-virus software they make. Actually, the anti-virus software itself is what makes your computer sick. Then you let that geeky friend who knows all about computers look at it, but little do you know about his conflict of interest. They're all in on it and have shares in these companies. They will let you install the latest "anti" virus software, which will fix it for just long enough so that you don't get suspicious.
And think about it, when the starter motor of your car doesn't work, do you install software on it to fix it? No! You just hit it hard with a pair of pliers to get it working again. The anti-virus manufacturers don't want you to know this, but if you hit your computer hard enough, all of your problems will be gone.
Sometimes prayer works too.
And think about it, when the starter motor of your car doesn't work, do you install software on it to fix it? No! You just hit it hard with a pair of pliers to get it working again. The anti-virus manufacturers don't want you to know this, but if you hit your computer hard enough, all of your problems will be gone.
Sometimes prayer works too.
ElMondoHummus
0.25 short of being half-witted
I'm sorry, but Dancing David is right; you have no idea what you're talking about.
The primary writers of malicious software are, as characterized by others here, those who have an interest in creating botnets for others. Most people pay the most attention to really noticeable, hard to miss infections like those damn fake AV scareware/"hostage"ware ones, but the actual majority of malicious software is created in order to gain remote control of your computer and allow it to become a launching point against ultimate targets.
There are clear trends where malicious software originates from, and there are clear trends on where defenses against those attacks are from, and the two are not the same.
Furthermore, there is increasing acknowledgement among security individuals that the best steps to increase security is further centralization of services and better hardening steps of the host operating systems in order to prevent such attacks from being successful in the first place. Neither of those steps make protective software companies that much money, if any.
I know that the next obvious step for those advocating the "cui bono" argument is to further pound on it by highlighting how big an industry protective software has become. But at this point, I'd have to tell you all that the only acceptable argument is to actually demonstrate such links, not merely claim they can exist. There's a clear link between car accidents and the increase in costs of an automobile due to increasing safety features, but is anyone trying to peddle the cui bono argument on car makers and blame them for the distribution of alcohol and cell phones/texting plans and the increase in accidents due to those?
Sorry, can't tell if you're pulling a Poe with that or not.
Milbrandt
Muse
I'm not sure whether you're really not sure.
I put the prayer part in there so that you'd all know I wasn't serious.
Then again, sometimes you really get those kind of people here.
ElMondoHummus
0.25 short of being half-witted
Well, yeah, but that's the problem: We really have gotten those sorts of folks here. That's what threw me. Your post did indeed read like mockery of the position even before the prayer, but it also read like what some honest cranks have posted. Hence my invocation of Poe's Law. The more woo I read, the more I realize that many out-and-out parodies are frighteningly inseparable from honest woo peddling.
Dancing David
Penultimate Amazing
Here is my issue, there are four main ways that people make money off of malware and none of them are AV companies:
1. Adware and redirection: these people make money, every time Google redirects you to the wrong page, ching, every time you see an ad, ching.
2. Spam mail, a lot of bots are used to generate spam or generate email addresses for spammers. Every spam sent and answered, ching.
3. Compromised systems/backdoors and security threats, your credit cards numbers, your bank routing numbers , social security numbers. Ching, ching, ching.
4. Rouge malware, infects your machine, locks it up, pay to get the scanner. Doesn't work. Ching.
There are more, although I am not sure who benefits from DNS attacks, but steal corporate information, ching.
Steal account numbers, ching.
Watch emails at large corporation, insider trading, ching.
Which one of those benefits the AV corporations?
1. Adware and redirection: these people make money, every time Google redirects you to the wrong page, ching, every time you see an ad, ching.
2. Spam mail, a lot of bots are used to generate spam or generate email addresses for spammers. Every spam sent and answered, ching.
3. Compromised systems/backdoors and security threats, your credit cards numbers, your bank routing numbers , social security numbers. Ching, ching, ching.
4. Rouge malware, infects your machine, locks it up, pay to get the scanner. Doesn't work. Ching.
There are more, although I am not sure who benefits from DNS attacks, but steal corporate information, ching.
Steal account numbers, ching.
Watch emails at large corporation, insider trading, ching.
Which one of those benefits the AV corporations?
ElMondoHummus
0.25 short of being half-witted
If I remember correctly, one of the protective software companies (Sophos? F-Secure? I don't remember...) conducted a study and found that spam profits were severely hitting a wall, with the number of spam messages needed going up severely, nearly exponentially, to hit the same levels of response from just a few years ago. This makes sense, given the increasing awareness of the problem, but my point is that spammers are hitting the wall hard due to severely diminishing returns.
I've always thought about studying a hypothesis I generated, just to see if there was any merit in this notion, but: I've for years now suspected that the real money wasn't in the individual message responded to, but the selling of spam lists to marketers (some legitimate, many others openly illegitimate and scamming) overenthusiastic about the potential for email-generated profits. It's a testable hypothesis, but I've never gotten off my butt to see if I could even land an answer.
In my defense (in other words, obscuring the fact that I'm sometimes lazy
), this wouldn't be an easy study. How would you get email harvesters to answer you honestly? I have no idea.PixyMisa
Persnickety Insect
Ayup. Recursive percussive maintenance.
If a mechanical device is giving you trouble, and you don't know what the exact problem is, hit it with a hammer.
If it starts working again, problem solved.
If it shatters into a million pieces, then at least you know what the problem is (it's shattered into a million pieces) and how to fix it (buy a new one).
If neither happens, get a bigger hammer.
calebprime
Penultimate Amazing
- Joined
- Jul 5, 2006
- Messages
- 13,001
rouge
Rolfe
Adult human female
