Endpoint Protection

 View Only
Back to Library

Moving from Fame to Fortune 

May 02, 2009 02:28 PM

What changed everything was when the hackers, miscreants and ne'er-do-wells moved from fame to fortune. Once these guys figured out you could make money, malware became crimeware and nobody writes malware for bragging rights anymore. It’s for the moola.

So it’s been hard to explain Conficker/Downadup. It’s been plenty famous. But it wasn’t doing anything to make money. That changed shortly after the E variant came out. (If you can’t keep the varinants straight, don’t feel bad. Most people can’t. Want to see a terrific visual explanation? Check out the video Ben Narhorney put together to explain it all. You can see it on the Symantec Security Response YouTube channel. There are other great videos there too.

So how did Conficker move to fortune? Well it wasn’t by changing its own behavior. It was much more simple than that. It downloaded another well know piece of malware; Waledac. W32.Waledac can steal information from a machine, send spam from the machine and download additional files. And download additional files it did. The most popular way bad guys are making money on the internet right now is misleading application. And sure enough, on Conficker infected machines up pops a misleading application called Spyware Protect 2009.

imagebrowser image

Undoubtedly this is not the last use for these machines for fortune we’ll see. My prediction is that once they’ve drained as many dollars as they can out of the owners of these machines they'll start using them to drain money from non-infected machines. Most likely via spam. When we start seeing this happen we’ll let you know.


Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Jun 06, 2009 06:38 AM

Are there other monitoring tools that is free to use..
thanks... 

Migration User
May 22, 2009 12:41 AM

We use wireshark only to troubleshoot but not for monitoring since you could not get any fast intelligent information in one glance.   

Migration User
May 18, 2009 07:43 PM

@Tejas: The above mentioned softwares could do the trick, but getting the packets coming from the internet and not just your local PC in a network is a tall order. They need to collect information from an ethernet device, so to do what you wanted - you'd have to setup a collector in the WAN side and with the way the WAN is routed, you'd mostly get broadcasts.

Migration User
May 18, 2009 07:39 PM

R&D - they already have forums like this, maybe even had since the bbc days. Perhaps, even more.
I'm not sure about the infrastructure though. Some might have their own server filled with virtual machines, some use botnets for data mining, and a lot use the free web pages with many adverts, where you can create a web page, have it on the internet and not pay anything - which means anonymity.

Migration User
May 18, 2009 07:35 PM

Wireshark shows you the packets being sent or delivered on your eth. Network Monitor measures usage and speed.

Migration User
May 07, 2009 12:13 AM

just frwd me ur mail id ill reply it 2 u

Migration User
May 06, 2009 11:07 PM

@Om_123: Nice tools! PRTG Network Monitor V7 is good. How different is this with wireshark and the other free net monitoring tools...
thanks...

Migration User
May 06, 2009 12:49 PM

go to this url http://www.paessler.com/network_monitoring_tool to know more about netflow

Migration User
May 06, 2009 10:41 AM

Is there any way we can see what kind of packets are going thro the Network cards, especially the one which goes on the internet?

Migration User
May 03, 2009 08:22 AM

As their nasty business grows, so does their capitalization to R&D. Time might come when the hackers would be having the same infrastructure as the software houses that prevents them from making damage. If it happens them what a gloomy future it would be. Just my thoughts. 

Related Entries and Links

No Related Resource entered.