How to turn someone else’s Windows XP machine into a nice little earner
Fascinating piece in MIT’s Technology Review about the black market in compromised machines. Quote:
“Here’s a new stat for the data-ravenous tech industry: $100 per hour. No, it’s not the new wage programmers charge for their services. Rather, it’s the average going rate for your computer’s resources, sold without your knowledge in shadowy underground markets, according to Vincent Weafer, senior director of Symantec’s security response team.
Weafer is speaking of ‘bot networks,’ ad-hoc clusters of several thousands computers that — unbeknownst to the user — are being deployed toward some nefarious end. Bot nets originate when a user unwittingly downloads a Trojan horse program containing malicious code. Sometimes the code gets onto a user’s computer when the user clicks on an e-mail attachment. Other times it’s embedded in a virus, and other times it’s masked as a different program and downloaded through peer-to-peer networks or IRC channels. According to a semi-annual report released by Symantec this week, these bot nets, are growing at an incredible rate. Last year, Symantec saw about 2,000 machines per day recruited into these bot armies. In its new report, that figure had grown to 30,000 per day. An unprotected machine will typically be attacked within 20 minutes of being put on the Internet, according to Weafer. ‘The fastest we’ve seen was a machine taken over six seconds after it was connected to the Web,’ he says.”
This is further confirmation that malware authoring has moved from being a hobby to a business. The problem with these Tech Review links is that they change very quickly into subscriber-only ones.