Forgot your password?
typodupeerror
Security Programming IT Technology

Interview With an Adware Author 453

Posted by kdawson
from the warming-up-for-the-botnet-era dept.
rye writes in to recommend a Sherri Davidoff interview with Matt Knox, a talented Ruby instructor and coder, who talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for surreptitiously installing adware on millions of computers.) "So we've progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that's encrypted — really more just obfuscated — to an executable that doesn't even run as an executable. It runs merely as a series of threads. ... There was one further step that we were going to take but didn't end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers. It turns out that in Windows, you can get access to the interrupt handler pretty easily. ... It amounted to a distributed code war on a 4-10 million-node network."
This discussion has been archived. No new comments can be posted.

Interview With an Adware Author

Comments Filter:
  • by Thelasko (1196535) on Tuesday January 13, 2009 @05:57PM (#26440031) Journal

    Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.

    *COUGH [wikipedia.org]*

    Allegedly

  • by MobyDisk (75490) on Tuesday January 13, 2009 @05:57PM (#26440033) Homepage

    Talented computer repair techs can stay in business just fine. But yes, the adware/spyware boom caused an explosion in the repair field too.

  • by Archangel Michael (180766) on Tuesday January 13, 2009 @06:18PM (#26440307) Journal

    If you click "Parent" it opens up so you can see that it said ....

  • Re:No wonder (Score:3, Informative)

    by Lonewolf666 (259450) on Tuesday January 13, 2009 @07:10PM (#26440953)

    Maybe even that won't get rid of the adware.
    It will, if you do it right. That means
    1) Don't try to "repair" the installation, format C: and do it really from scratch.
    2) Don't install from a "recovery CD" from the hardware vendor, it might have the adware pre-installed. Use an unmodified Microsoft CD. Install from that.

    Now you have a clean installation. To make it stay clean (not only from adware), do the following:
    3) Before you connect to the internet again, install the latest service pack AND the post-SP4 hotfixes. Here a utility that collects all the updates into an offline update CD is helpful. I use the offline updater from heise, a German IT publishing house.
    You can download the current version from http://www.heise.de/ct/projekte/offlineupdate/download/ctupdate50.zip [heise.de]
    The UK site of heise has an article in English that explains the system (for an older version, but I think the principle still applies): http://www.heise-online.co.uk/security/Do-it-yourself-Service-Pack--/features/80682 [heise-online.co.uk]
    4) It is usually a good idea to use something else than Internet Explorer for surfing ;-)

  • by Lonewolf666 (259450) on Tuesday January 13, 2009 @07:38PM (#26441281)

    True, and even some corporate users would not want it if their old applications won't run. On the other hand, the old cruft will continue to give them trouble until they DO a redesign.

    Apple went the other way with OS X, see http://en.wikipedia.org/wiki/History_of_Mac_OS_X [wikipedia.org]. It took them four years to develop it, and backwards compatibility was limited.
    For a while, I'm sure that cost them customers. But by now, it seems they got past that problem and the new, shiny OS helps them to gain market share from Microsoft.

  • Re:Chilling (Score:3, Informative)

    by 4D6963 (933028) on Wednesday January 14, 2009 @12:08AM (#26443825)

    Malware isn't as lame as you make it seem. I just got infected by a virus. It doesn't do much, except a few things : when you log into FTP to upload to your website, it sniffs the FTP packets so it can itself login again and deface your website by inserting malware in it (which results in a Google malware warning that I currently still have on this site [homebrewgames.org] (the site is still "infected")). It does one other thing, it prevents your web browsers (although not your entire system, nslookup still works) from resolving the domains of all the antivirus vendors as well as microsoft.com.

    That's discreet, subtle and cunning, and I had to boot into another copy of Windows to run an online scan. We're not in 1998 anymore, malware isn't just casino pop ups anymore, it's some very serious stuff.

  • by symbolset (646467) on Wednesday January 14, 2009 @02:55AM (#26444989) Journal

    You don't "fix" a computer. You reinstall, it should only take 20 minutes tops. Of course, you should not be an idiot and not let it get that way to begin with. Regardless of your overinflated salary you are throwing away money. Dumbass.

    Look, I'm not a stranger to making an ass of myself on slashdot, but I still get to point out when other people do it. Sure, from a good image I can flash a 40GB SATA 3.0 drive in 3 minutes flat and the user is up and running. Add five minutes and I can restore today's user data from their good backup. That's not the common experience in the field because they have no good image and seldom have backups. In 20 minutes on the same drive you can install Windows if you have SP3 media. You still can't get all the updates, install the system drivers, install the accessory drivers, do a reasonable security software install and user configuration in 20 minutes. You definitely can't restore their user data, nor their critical apps. It just can't be done.

    If the typical consumer were willing to pay his tech to come out and set him up properly, and visit him and make a good image semiannually, maybe. If they bought spares, better still. But they usually won't. Usually they won't call for help until they've borked it good and don't have backups. Most people if you gave them a button that booted their computer from an "emergency backup" spare drive, would crash their main system, then the emergency backup, and then call for help.

    And some of them, oh, God I wish it were not so, utterly rely on some system running Windows 95 that hasn't been updated since because it was set up for them a decade ago and it still works and they bought into a system with no migration path.

  • by zooblethorpe (686757) on Wednesday January 14, 2009 @11:42PM (#26460847)

    Mods, while I might not personally agree with the rationale of throwing away computers because of infections, Digishaman's argument certainly makes sense, at least on an economic level, for the vast legions of the clueless. If they have browsing habits that habitually get their machines so glommed up with muckware as to be unusable, they're going to have to shell out major buckage to get their machines un-mucked -- and at that point, it *does* indeed begin to make more sense for them to just buy a newer low-end machine -- at least the OEM OS should be more up-to-date than their older machine, and might therefore last a bit longer before being rendered unusable again.

    Cheers,

Sentient plasmoids are a gas.

Working...