Malware Authors Copying Enterprise Software Licenses: They'll Upgrade Your Keylogger With A Contract

from the how-nice-of-them dept

Mon, Feb 26th 2007 7:05pm — Mike Masnick

Since so many anti-malware applications work by reactively adding fingerprints of new malware apps to a big list of malware, it's important for anyone using malware to continually update their apps. Apparently, the malware creation industry is sorting itself out into various components that somehow mimic the legitimate software world. The writers of malware are separate from those who are actually deploying it -- but those who deploy it need to constantly update the malware to stay ahead of the security products out there. So that leads the malware writers to start offering enterprise-style licensing deals where they'll continue to upgrade your trojan horse, rootkit or keylogger as needed. Of course, you have to wonder about the wisdom of entering into any kind of long-term contract with someone who may go out of business and have to run from the law at any moment. So, if anything, the fact that these malware writers are willing to offer such longer term contracts suggests they realize that there's little-to-no chance that anyone's ever going to track them down.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

10 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

security, 26 Feb 2007 @ 8:20pm

DO NOT RUN AS AN ADMIN!!!!!
So many of the world's e-Problems would be eliminated if owners or Admins did NOT run as Adm - except when needed to do some specific tasks.

It will be interesting to see if Windows Vista's new policies will have an effect
[ link to this | view in thread ]
Anonymous Coward, 26 Feb 2007 @ 8:27pm

running as admin
There are the programs thar require you to run them as admin - AutoCad for instance. It should be be illegal to write software that requires running as admin.
[ link to this | view in thread ]
The Dukeman (profile), 26 Feb 2007 @ 8:37pm

You can thank Cisco for that.
I just updated the firmware in my Linksys router only to find that in the new version the user name cannot be changed. That's not the worst of it. Too bad. Now I'm reticent to buy any new hardware from them.
[ link to this | view in thread ]
Anonymous Coward, 26 Feb 2007 @ 10:12pm

Linux anyone?
[ link to this | view in thread ]
Another Anonymous Coward, 27 Feb 2007 @ 2:49am

Advertisers
Maybe the time has come to go after the companies that use the malware in addition to the writers of malware. I wonder what would happen to the income of malware-writers if companies faced criminal prosecution if they pay them any money at all? And it would be a lot easier to catch companies that do that than to try to hunt down the malware-producers.
[ link to this | view in thread ]
Anonymous Coward, 27 Feb 2007 @ 5:58am

Re: You can thank Cisco for that.
who cares about the username on your router, just pick twice as good a password
[ link to this | view in thread ]
Jack, 27 Feb 2007 @ 11:12am

Re: DO NOT RUN AS AN ADMIN!!!!!
I am Jack's pre-emptive failure.

http://www.threatcode.com/

Those lists are why so many are required to run with admin rights. Its not the OS that makes an admin, its the apps that they use. (tho the OS does have a hand in providing stupid policies that are difficult/impossible to work around without requiring ACL changes and/or rights elevation.

It would be WONDERFUL if every application could be run without admin rights, alas, we are not there yet. Keep shamin' em, we'll get there.
[ link to this | view in thread ]
Solo, 27 Feb 2007 @ 3:09pm

"So, if anything, the fact that these malware writers are willing to offer such longer term contracts suggests they realize that there's little-to-no chance that anyone's ever going to track them down."

Writing the malware probably is not even illegal. Selling it to someone who plans to distribute it on a large scale might be a little harder to defend, but I'm guessing not really. "I'm selling the stuff, but it clearly states that it is for educational, academic purpose and should only be used in accordance to the law, so my ass is covered"

It's not the tool that is illegal, it's the use. We do not emprison the crowbar makers, nor should we go after the the software writer.

Obviously the current approach is a cat and mouse game, where the mousetrap is always a generation behind :)

The day people start valuing "security" from the software they buy is the day software makers will make secure software. When the market demands it, the manufacturers will provide.

People don't want secure software like they don't want cars with good mileage.
[ link to this | view in thread ]
Solo, 27 Feb 2007 @ 3:09pm

"So, if anything, the fact that these malware writers are willing to offer such longer term contracts suggests they realize that there's little-to-no chance that anyone's ever going to track them down."

Writing the malware probably is not even illegal. Selling it to someone who plans to distribute it on a large scale might be a little harder to defend, but I'm guessing not really. "I'm selling the stuff, but it clearly states that it is for educational, academic purpose and should only be used in accordance to the law, so my ass is covered"

It's not the tool that is illegal, it's the use. We do not emprison the crowbar makers, nor should we go after the the software writer.

Obviously the current approach is a cat and mouse game, where the mousetrap is always a generation behind :)

The day people start valuing "security" from the software they buy is the day software makers will make secure software. When the market demands it, the manufacturers will provide.

People don't want secure software like they don't want cars with good mileage.
[ link to this | view in thread ]
|333173|3|_||3, 28 Feb 2007 @ 5:48am

If it were illegal
even if it were illegal to make the malware, and the police were to come after you and you skipped the country and never kept your contract, there is nothing the person wgho paid you for support could do, since he would ahve to admit to being a criminal to go after you. While the right to not commit self-incrimination may cover you, the judges would be unlikely to see things that way.
[ link to this | view in thread ]