All articles licensed
under a Creative
Commons License.  



Home | About me | Press | The Fourth Wall | Links

Tuesday, February 21, 2006

Your questions, answered....

Not so long ago, I put this thing up, asking you to hurl your questions at me. Well, I'm bored now, so I'm going to slice and dice my way through your missives. Thanks to all that put something my way, and if I don't answer your question, don't shoot me or I'll be incredibly annoyed.

Q. yo! how do you go about actually finding new infections? (Fu Manchu)

Well, technically, no security researcher ever "finds" new infections. The people that get this stuff first are almost always the end-users who fell victim to something in the first place. It's just that it takes a bunch of self-appointed cheerleaders to make some noise, rattle some cages and get the word out on the streets about it. Sometimes you get lucky, but most of the time you're constantly patrolling the "bad districts" and dodging the hookers, so to speak. Of course, contacts, tip-offs, irate victims and lots of other factors come into play. But there are many, many other methods of grabbing a hot new installer. Can't tell you about those, though. It'd be like Batman showing you what he keeps in the heel of his Bat-boots.

Oh wait, it was that Bat-attracting thingy. Doh.

Q. If you had the chance to make a change regarding Security & Internet. What would you change? (Andy at Hull)

Yoink, bit of a wide-ranging question there. Without a doubt, the one thing I would like to do, is hunt down and set fire to all those people that turn up to the latest "spyware bust" and get all snidey and idiotic about it. Usually with a whole bunch of comments about the people unlucky enough to get infected, too. The Java applet was a perfect example. Lots of idiots commenting along the lines of "well, duh, you asshat, of COURSE you'll get infected if you click on something. What kind of security researcher are you, etc etc". Presumably because they knew of the dangers, it meant there was no need for anyone to write about it and show an average end-user what could happen if they hit yes.

Oh dear.

The same idiocy was in evidence (on a grand scale) during this thing. Check out the comments, they're pretty retarded. Mind you, most of those only started showing up after John Dvorak wrote this. Whoops, I forgot, I'm a Microsoft shill with a hidden agenda. I hope poor old John didn't see this, or he'd have really had it in for me.

So yeah - burn em all.

Q. If you could relive the 80s and 90s, what would you do different? And if you could bring with you your knowledge of malware in the future, how'd you go about prophesizing? (Kimson)

Well, I probably wouldn't do much different in the 80's and 90's, as I'm only 27. But I'd definitely try to watch more Miami Vice, MacGuyver and Sledgehammer ("Trust me, I know what I'm doing". Best. Show. Ever).

The second bit of the question confused me slightly, but it intrigued me so much I couldn't let it lie. I think it means, if I knew what as coming in the future, how would I have tried to spread the word about the coming infections? Is that even partially close? Well, on the assumption that it might be, this is what I'd do:

Do a T-800 and hunt down / destroy the younger versions of the nastiest malware creators, preferably when they were whiny teenagers, so nobody would care too much that I was saying hasta la vista, baby as I dropped them off a cliff.

I think the worst malware creators have a hell of a lot to answer for, and I don't think this view is in any way extreme or over the top. They're scum, and must be punished. If some idiot wants to make a quick buck by throwing together some crappy lines of code that make people's lives a misery, whether that misery be lost productivity, files, replacement computers, ruined lives and God knows what else - well, they deserve what they have coming to them. A big old can of whupass.

Of course, if I misread your question, I've now told everyone about my T-800 fantasy. Well, as long as I didn't mention the one about the whipped cream and the scuba-diving suit.

Q. I'm afraid I have to ask ... Mr PG, just what is "the ROFLCOPTER" ??, enquiring minds want to noes! (Steven)

This is a ROFLcopter. Have fun ;)

Q. In light of recent events, how is it possible for the likes of the 180Solutions group able to get VC cash?? Do any of those investors have any sense, do they even care? Do they know? Should we start a letter writing campaign to inform them?

Inquiring minds want to know. And who better than you to answer? :D (TeMerc)

Hey, I'm just some guy with a website ;)

It's all in the spin, basically. I severely doubt any Adware company drives their sales pitch with stories like these. From what I've seen, it isn't that difficult to aquire VC backing with the right powerpoint presentation and a little whiz-bang tech-talk. Of course, we hear all the right noises now, too. Noises of cleaned up installs, evil rogue distributors driven out with their tails between their legs and new and improved security features.

But let's face it, unless you take your distribution model 100% in-house, it is impossible to police your own network without outside "help". Until recently, this help came in the form of security researchers who did all the work, only for x, y and z Adware companies to step in, claim the credit for nailing the evil rogue while at the same time, hurling legal threats at whoever usually helped them clean up in the first place.

Looks like this particular form of merry-go-round action has now gone tits up. I think it's a brave step, and a much needed move. I am personally sick of babysitting companies who can't clean up their own nappy spills. I'll also add - in the case of the recent release by 180 Solutions...and this is my own personal opinion (as noted by the big-assed "all my own work" notice at the bottom of every page), I think this is probably related to the FCT thing they may or may not have hanging over them.

Seriously - we're talking about something that happened months ago. Why did 180 wait so long to put that out? Why did this only surface after the CDT submitted a complaint to the FTC?

Why does the headline mention a "flaw" in AIM? I don't get it. What flaw in AIM? AIM was just the chat client used to pop the infection link. There's also lots of mentions of Botnets, and IRC commands and all the rest of it, but as far as I can see, 180's involvement in any of the Rootkit-powered Botnet begins and ends with us passing some info onto them, and 180 switching off their rogue distributor.

Unless they want to talk about the structure of the Botnet, the methods used to track the group by myself and Wayne Porter, the detailing of the underground groups running this thing, who they worked with, how the files in the Botnet worked, how the initial Adware payloads were simply a decoy to get the real meat (the rootkit) on board, where the Botnet servers were located globally, how BitTorrent was auto-installed and used to push illegal movie files, the hours and hours and hours of painstaking, meticulous research work put in by teams across the globe, then I am clearly missing something here.

What makes me laugh most is that I get the impression 180 seem to think the biggest deal about something that began in October and ended in January was the 64 installations of their software, and not the Rootkit, the Botnet itself, the BitTorrent, the reworked Malware and Trojans or any number of other things these hacker guys did.

No, 64 installs of their software is where it was all at, apparently.

Even the number 64 is intriguing, because the 64 installs seem to be from the second install - why was no song and dance made of the installs from the first wave? How many installs happened in that one?

But hey 180, if you're reading this, now that I've got your attention, feel free to drop a note in this blog entry (not trackback to a blog entry I can't even leave a comment on, eh?) and clear up, once and for all, why you labelled me a "fanatic" over your software being on The Amazing Racist website, only for it to magically vanish a few weeks later when nobody was looking. Fuss died down, attempt at marginalisation underway, nobody cares anymore so move onto the next one, right?

Wrong.

Q. How come you are working in IM security? It doesn't seem that dangerous. (Douglas)

Well, it's where all the hot new attacks are currently at, believe me. Bad guys are slowly moving away from drive-bys, and looking for easier ways to blam your PC. What better way than using a medium where you can not only hide the infection URL behind something innocent looking, but also get past the "trust barrier" by using your friends to infect you? Some reading material. Scary stuff, and it will get worse.

Q. Why are the rest of the superheroes being pricks towards Wonder Woman? (Kimson)

See, 20 years ago, the DC Comics universe had multiple worlds, with multiple Batmen, Supermen and all the rest of them. It was confusing. DC had the idea of turning it into a mega-event, with worlds dying, characters such as Supergirl and the original Flash (Barry Allen) getting dead and (eventually) the creation of a single, unified Universe.

Twenty years on, and the DC universe has (for some mysterious reason) become a darker, and more violent place. In the wake of the rape of Sue Dibny (Elastic Man's wife) by Doctor Light, it turns out the "good guys" (Justice League America) wiped his mind and turned him into a vegetable. Batman didn't agree with this, and they wiped 10 minutes of his mind, too. Of course, Batman is a badass, so he eventually remembers this and it all kicks off. With more and more heroes losing their way (including an increasingly sissy Superman), things come to a head when Max Lord (one time good guy) takes control of Superman and, as a last resort, Wonder Woman is forced to break his neck to free Superman from a murderous rampage.

Unfortunately, the supercomputer created by Batman to keep tabs on all superheroes (in case they go rogue, borne out of the paranoia of his mindwipe) has itself bcome corrupted, and beams this image to the whole world. Now nobody trusts Wonder Woman, everyone fears the other heroes and the bad guys organise into a real nasty army that kill and ask questions later.

This all builds into a seven part epic, "Infinite Crisis".

Many characters have been killed, never to return including - God damn it - Blue Beetle and a host of others. Numerous comic books are ending this month, as the entire DC Universe jumps forward one year - the gaps being filled by "52", which recounts the lost year in a weekly serial. A year that - rumour has it - sees the good guys cope without Batman, Superman or Wonder Woman. Eek.

As the heroes fall apart in Infinite Crisis, the original Superman (the old one with the grey hair) returns to save the day, from a self-imposed exile at the end of the original Crisis 20 years ago. His intention - bring back the "alternate Earth", where the Golden Age heroes used to live and the bad guys regularly took a pounding.

Unfortunately, it all goes wrong, and I simply cannot wait for Issue 5, where the old Superman goes head to head with the current, sissy version. The winner decides the fate of the Universe. From the previews I've seen, their punches are so hard, each blow shatters and fragments reality itself. I mean....wow.

In case you're wondering, the picture above is Power Girl. They call her PG. She rocks. Though the DC artists tend to draw her a little better than I do.

Q. Can you believe it's not butter? (Paperghost's sister)

No. No, I can't.

And on that bombshell, I go now.

posted by paperghost at 9:41 AM | Digg it!