ComputerWorld has a disturbing article on the links between organized crime and virus/trojan attacks:
And what was happening, according to Hypponen, was the beginning of a concerted, unabashed effort to turn virus and worm infections into cash.
Eight days after MyDoom.A hit the Internet, somebody scanned millions of IP addresses looking for the back door left by the worm, said Hypponen. The attackers searched for systems with a Trojan horse called Mitglieder installed and then used those systems as their spam engines. As a result, millions of computers across the Internet were now for sale to the underground spam community.
There's a lot more - including this scary anecdote:
Hackers and malicious-code writers are increasingly automating the Internet shell game that keeps many of them one step ahead of law enforcement. The Kuwaiti hacker group Q8See is a case in point.
On March 8, a Russian source reported to F-Secure analysts the existence of a Trojan horse created by Q8See called Slacke. But what made Slacke unique was the extraordinary lengths to which its authors went to hide their tracks and the mystery that remains about the group's intent.
First, the worm downloaded code from a Web site hosted in Sao Tome and Principe, a small island nation located off the Atlantic coast of Africa. Analysis by F-Secure, however, showed that the domain rights for the Web site had been sold to a company in Sweden. But registration information listed the company name as JordanChat and the location as Irbid, Jordan. The contact name was TeR0r.
As thousands of infected computers downloaded the malicious code from the Web server in Sao Tome and Principe, they were then linked to an Internet Relay Chat system operated by CNN in Atlanta.
Once logged into CNN's IRC server, the systems connected to an IRC channel in Mexico called Noticias. And when Hypponen and his analysts studied the channel, they were astonished at what they saw.
"There were 20,000 clients just sitting on the channel doing nothing. They looked like people, but they were bots," he says, referring to programs that perform repetitive, automated functions.
The bots, however, weren't alone. According to Hypponen, three Kuwaiti users, presumably members of Q8See, were sitting on the channel and sending commands to the bots to scan various ranges of IP addresses. And while CNN eventually shut down the chat server, nobody knows for sure what the hackers were doing.
Scary, to be sure. In light of that, read what Dan Gillmor has to say about Microsoft's "security":
If you buy a new Windows PC for your home and hook it up to a DSL service or a cable-modem line without first installing a hardware or software firewall, your computer could well be compromised by hackers before you've even had time to install Microsoft's "critical" security updates.
The PC may be turned into a spammer's toy, a zombie spewing thousands of mail messages per day, some of which could clog corporate networks. Or, worse, it may now have a keystroke logger in place, snarfing up personal and corporate log-ons and passwords and sending them who knows where.
This is a clear and present danger to corporate networks. If an infected home PC gets connected to the corporate network, via a VPN or other means, all the work IT does internally to keep things safe could be wrecked.
Yet this is reality. Why? Because Microsoft doesn't require computer makers and retailers to sell their PCs with totally updated operating systems. The computers likely will have XP with the most recent service pack, but no subsequent updates.
Dan compares manufacturing, where vendors are held (legally) responsible for known flaws in their products to software, where we throw up our hands and sigh. That's not going to last forever - the trial lawyers have feasted on tobacco companies, and are now looking at fast food. Regardless of what you think of those sorts of tactics, one thing is clear - part of the motivation is the pile of money that the big companies behind tobacco and fast food have access to. How long is it going to be before the trial lawyers catch the whiff of MS' $50 billion pile and combine that with the actively negligent security from MS? It won't take a great lawyer to point out just how half baked the XP SP2 firewall is, or that every OS prior to SP2 shipped with no active firewall and lots of ports open that have no business being open.
When it comes to legal action, I think MS is going to regret posts like this one. It's a good, informative post - but look at it from the standpoint of liability - here's an MS employee admitting that the latest rev of the OS doesn't ship in a safe enough state. This after many, many nasty attacks over the last few years. I suspect that MS is going to have a lot of trouble with this, and I think it'll be sooner rather than later.
Update: TechRepublic is also unimpressed.