Tag Archives: computer viruses

[Friends-only] The legal implications of virus tracking

Posted on by
6

A while ago, Shelly’s computer was hit by a nasty piece of malware, which I wrote about in great length in my LiveJournal here. I removed the malware, and wrote up an extensive report about where it came from, how it was installed, how it operates, and most important, who makes money from it. This entry received hundreds of replies, has been linked to from spamfighting and virus-fighting forums,a nd prompted me to put it up on my Web site here, where it generates tons of emails.

One of those emails was from a person claiming to have worked for a company that writes this stuff. This email fills in some of the gaps in the backtracking I did, and names names. The information in the email seems to check out–for example, the company in question is a known source of drive-by spyware and adware, as detailed by Computer Associates here, so I put it up on the VX2 site.

Imagine my surprise when I get hit by a demand letter from a Canadian attorney (note: PDF file) telling me to take the page down and release information about the person who emailed me.

Fun, fun, fun.

So I’ve spent most of the day today on the phone with lawyers. I’ve taken the email off my site, and told the lawyer I’m not giving him any more information about its source; we’ll see what happens next.

On the one hand, it’s extremely difficult and expensive for a Canadian to sue an American. On the other hand, the guys who make spyware and adware do get very, very rich from it. So we’ll see.

Follow the Money; or, why does my computer keep getting infested with spyware?

Posted on by
342

[EDIT] This particular post has generated a very large amount of email, and apparently is being read by a large number of people infected with VX2. As a result, I’ve edited it, to clean up typos and to add additional information about the exploits used, the way VX2 works, and the sources of the spyware scourge. New information is identified with [EDIT].

If you’re reading this post and you’re on a Windows computer, the odds are overwhelming–between 80% and 90%–that you are infected with at least one virus or spyware program, and the odds are very high that you’re infected with dozens or hundreds.

Yes, you. Even if you are technically literate, you have a firewall, and you never download suspicious attachments, you are almost certainly infected. There is lots and lots and lots of money in computer viruses and spyware, especially the variety that makes popup ads appear on your machine. The question I’ve always had, though, is who’s making all this money by infecting your computer?

A couple nights ago, Shelly’s computer became infected. Shelly’s technically savvy, the apartment we live in is on a closed private network with a hardware firewall between us and the Internet, and she also runs a software firewall on her computer, and she still became infected nonetheless.

I spent about six hours removing the infection, and also tracking down the source of the infection, and painstakingly backtracking all the popup ads that the adware displayed on her computer. My goal: Follow the money. Discover where the infection came from, and who was making money from it. The results were, to say the least, interesting.

If you don’t care about stuff like this, you can skip the rest of this message. If you’re curious about the mechanisms by which spyware and viruses work, who is responsible for them, why they’re so common, how they spread, and most important, who makes money by creating and releasing them: read on!

It’s 9:02; do you know where your computer’s been?

Posted on by
18

So. I went to a client’s site this afternoon to set up several brand-new Power Mac G5 systems. Apple Cinema Displays, Adobe Creative Suite Professional, Quark 6, the works. Beautiful systems; I wish I had one.

And then the client asked me to look at his Windows XP laptop, because it’s been “acting funny.”

He has broadband at his house. He’s never run Windows Update.

It’s after 9:00 at night and I’m still here. Why am I still here? 1,524 copies of the W32/Bagle.z virus and counting. Plus about 6,000,000 Windows security updates that need to be installed. And did you know that Bagle blocks Windows Update from doing its job? Isn’t that lovely?

If you are reading this on a Windows computer, and you have never run Windows Update on your computer, you are infected with a virus. Or more likely, thousands of viruses. Yes, I mean YOU. Right now, the average life expectancy of an unpatched Windows box connected to the Internet is less than twenty minutes.

I could be at game night right now. I could be hanging out with cool people and playing Are You a Werewolf? But no.

Well, it was bound to happen…

Posted on by
10

The first-ever cell phone virus has been reported by antivirus research firm Kaspersky Labs.

It’s still quite primitive, infects only Symbian phones, carries no payload, and spreads via Bluetooth. As such, it’s a proof-of-concept, not a dangerous virus. Unquestionably, however, cell-phone viruses have been demonstrated to be technically possible and feasible…pretty scary, when you consider that Microsoft, makers of notoriously insecure operating systems and Web server software (IIS is so well-known for its security holes that a lot of people call it “Inherently insecure Server”) is getting into the cell-phone operating system business.