__/ [ Ray Ingles ] on Thursday 09 March 2006 14:55 \__
> On 2006-03-09, BearItAll <spam@xxxxxxxxxxxxx> wrote:
>> I find it hard to believe that people are sitting around studying every
>> update (dosen't MS get one every day?), the study by these hackers would
>> have to be so well done that in just two days they could discover the
>> problem, write the code and distribute it to make use of the exploit.
>> Doesn't that sound to you people to be much too professional for a typical
> That's because it's not "hackers in basements" doing this stuff.
> Malware has a *business model* now. Once you compromise a machine, it
> can be used to:
> 1. Relay spam.
> 2. Host throwaway websites for collecting money from orders generated
> via spam.
> 3. Generate DOS attacks (extortion of websites is very common now)
> 4. Generate "click" traffic to get money from advertising
> 5. Keylog passwords to banks, auction sites, etc.
> 6. Redirect referral clicks
> If you don't recognize this fact about malware you will critically
> misunderstand the situation. It's not a hobby anymore, it's a job, and
> pros are working on it.
>> Call me Columbo if you like, but I can't help feeling that taking of
>> advantage of a bug at this pace would require prior knowledge of the bug.
> No, but it would require dedicated and high-level programmers. And they
> do exist on the 'dark side'.
Excellent points made, Ray.
You forget about (or intentionally neglected to mention) the business which
revolves around protecting the operating system from these flaws. Hackers
can be employed by the benefactors (albeit it's somewhat of a conspiracy
Microsoft will soon join to party with WanKer (sic), essentially benefitting
from its own flaws, financially-speaking.
Roy S. Schestowitz | YaSTall SuSE to figure out the magic
http://Schestowitz.com | SuSE Linux | PGP-Key: 0x74572E8E
3:00pm up 1 day 7:37, 7 users, load average: 0.15, 0.32, 0.43
http://iuron.com - help build a non-profit search engine