×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blackhole Exploit Kit Successor Years Away

samzenpus posted about 4 months ago | from the new-villian-please dept.

Crime 108

msm1267 writes "The Blackhole Exploit Kit has been out of commission since October when its alleged creator, a hacker named Paunch, was arrested in Russia. The kit was a favorite among cybercriminals who took advantage of its frequent updates and business model to distribute financial malware to great profit. Since the arrest of Paunch, however, a viable successor has yet to emerge--and experts believe one will not in the short term. This is partially the reason for the increase in outbreaks of ransomware such as CryptoLocker as hackers aggressively attempt to recover lost profits."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

108 comments

What? (4, Funny)

cold fjord (826450) | about 4 months ago | (#45903393)

This isn't a story about wormholes and warp drive? It's just a story about hackers?

What a gyp!

Re:What? (1, Offtopic)

Cryacin (657549) | about 4 months ago | (#45903513)

What, you'd rather have kits to create blackholes around? I think the fact that it's hard to create a black hole at will is a feature rather than a bug.

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45903571)

Well, i'd rather have the kits in the hands of those who profess providing tools to block these exploits. That list of people who *SHOULD* have access to this no longer includes the NSA or NIST.

Who knows, perhaps the NSA has a hand in providing some of those exploits.

Re:What? (-1, Flamebait)

Anonymous Coward | about 4 months ago | (#45904229)

i wish we could just throw all the niggers down a black hole. or put them all on rocket ships headed straight for the sun. usa alone would see a fivefold increase in GDP without the niggers dragging everything down with their stupidity and maladaptive gangsta culture.

Re: What? (-1)

Anonymous Coward | about 3 months ago | (#45904451)

Well if you put enough in one hole it will automatically become a black hole. That's just nigger physics.

Re:What? (0)

Anonymous Coward | about 3 months ago | (#45905409)

the funny part is that you think you're better than anyone, ever.

Re:What? (-1, Offtopic)

Jeff Flanagan (2981883) | about 4 months ago | (#45903577)

If you're not the sort of person who would say something awful like "Jew a person down," don't say crap like "What a gyp." http://en.wiktionary.org/wiki/gyp [wiktionary.org]

Re:What? (-1, Flamebait)

Anonymous Coward | about 4 months ago | (#45903697)

It ain't the Jews who are trying to pickpocket me and break into my car every time I'm in southern Europe.

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45904217)

I'll trade you your casual car thieves and pickpockets for the tweakers (it doesn't matter what ethnicity, meth does a body bad regardless of skin color) that carjack, home invade (or just do a knock and shoot), or tear out wires, pull the tailgate from a truck, or grab the compressor out of your A/C unit.

Re:What? (-1)

Anonymous Coward | about 3 months ago | (#45904681)

The Jews are far busier gaming the entire planet's financial systems to steal entire economies at a time. I'd rather lose a wallet here and there, but whatever.

Re:What? (0)

Anonymous Coward | about 3 months ago | (#45904847)

I question your plus +1 Insightful

What's the difference?

It ain't the Jews who are trying to pickpocket me and break into my car every time I'm in south L.A.

Re:What? (1)

cold fjord (826450) | about 4 months ago | (#45903833)

So you don't like the fact that I used the word "gyp," but you feel free to use "crap", and impose a racial context? I don't consider "wiktionary" an authoritative reference, and even then that definition contains caveat and uncertainty. Other far more authoritative references don't burden that word so. Feel free to pester someone else or I may become niggardly in my civility for a time. (I suggest you look that one up too.)

Re: What? (0)

Anonymous Coward | about 4 months ago | (#45904273)

The white man has spoken!

Re: What? (0)

Anonymous Coward | about 4 months ago | (#45904323)

That's mighty white of you.

Re: What? (0)

Anonymous Coward | about 3 months ago | (#45904755)

It's a somewhat known brand of bread in my home country.

Is NIGGER awful? (-1, Troll)

Anonymous Coward | about 4 months ago | (#45904289)

I wish you fucking Google+ niggers would fuck off back to Googleland and stay the fuck off slashdot. Bedwetting easily offended douchebags all of you.

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45903587)

What a gyp!

Maybe, but what about the retarded colander-like Windows OS that propagates all this malware AND phones home to the NSA at every opportunity? You know people actually pay for that garbage?

Now THAT'S a gyp!

Re:What? (-1)

Anonymous Coward | about 4 months ago | (#45903647)

What a gyp!

So not only are you a government whore, you're also a bigot.

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45903719)

1. i *presume* (since no one pointed it out) that 'gyp' is supposed to be short for 'gypsy' / romano ? ? ?
2. when i heard this as a kid, it had ZERO connection with gypsies, as far as we knew... plus, i thought we spelled it 'gip'...
i got gipped... was a common phrase about being shortchanged/cheated, that -until this day, half-century+ later- i had ZERO clue was supposed to be associated with 'gypsies'...
3. for that matter, being amerikan, 'gypsies' didn't necessarily have the automatic association with 'romano', but was a simple phrase applied to all kinds of itinerant peoples, that -while not particularly praiseworthy- didn't seem to me necessarily pejorative, but basically descriptive...
to this day, if you casually say about so-and-so that they live a 'gypsy lifestyle', it has the meaning of being a carefree traveler, *not* a hustling carny, or something...
just sayin'...

Re:What? (-1)

Anonymous Coward | about 4 months ago | (#45903751)

replying to my own post post-googling:
well, don't that beat all, i *ASSUMED* you kneejerk morons screaming bigot were being both sincere and correct, turns out you are full of shit...
not that wikipedia is the ultimate source, but it does not breath or HINT of the word 'gyp' being related to gypsies in any way, shape or form...
apparently most associated with a particular person named 'Gyp'...
dicks..

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45903879)

Yes it is not the be-all-end-all. And you're the wrong one not me. [etymonline.com]

"to cheat, swindle," 1889, American English, probably derived from the colloquial shortening of Gypsy (cf. gip). Related: Gypped. As a noun, "fraudulent action, a cheat," by 1914.

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45903939)

1889 ... probably derived

Look, your usage guide only goes back to 1889. It says "probably." That word has been used in English since at least 1750. You need a better reference. I think if you paid anything for that you've been gypped.

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45904107)

That word has been used in English since at least 1750.

[citation needed]. Even the OED says late 19th century.

Re:What? (0)

Anonymous Coward | about 4 months ago | (#45904225)

I got my dictionary free from the Weekend Edition Sunday Puzzle with Will Shortz for free, you insensitive clod!

Re:What? (a gyp) (1)

mattie_p (2512046) | about 4 months ago | (#45904191)

Merriam-Webster [merriam-webster.com] states that it is "probably short for gypsy." I trust Merriam-Webster over wikipedia in this case.

Re: What? (a gyp) (0)

Anonymous Coward | about 4 months ago | (#45904307)

Why would you trust Marriam Webster? What makes that more authoritative?

What What? (0)

Anonymous Coward | about 3 months ago | (#45904477)

>100 years more experience being a reference, and having paid professionals doing the writing.

Else, why trust, say, Nature more than /. for credible science info?

Re:What? (a gyp) (1)

DarkOx (621550) | about 3 months ago | (#45905307)

And you both need to get over it. English has only descriptive dictionaries not prescriptive ones, anyone can assign any meaning to a word they like. I think from context it'd pretty unlikely ggp post was implying anything racial. Irrespective of the etemology "gyp" is used commonly today to simply mean a cheat of some kind, long separated from any disparaging racial stereotype, quite honestly the best way to get these racial stereotypes to go away is to stop finding reasons, or rather excuses to get all butt hurt ( is that offensive to homosexuals? ) all the time, if you don't come by later and make it about a certain group for most listeners and readers it won't be.

Re:What? (a gyp) (1)

girlintraining (1395911) | about 3 months ago | (#45905587)

And you both need to get over it. English has only descriptive dictionaries not prescriptive ones, anyone can assign any meaning to a word they like.

The english language is not Fortran, where we should just redefine the value of four because we thought it'd be hip and cool. Language only works when people agree on what the words mean. So yes, anyone can assign any meaning to a word... but everyone else will (rightly) look at them as a dumb bastard who should be beaten to death slowly with a dictionary... and possibly the Chicago Style Manual too, because beating knowledge into people is a time-honored tradition amongst people who feel their IQ points slowly draining away everytime someone says something stupid on the internet and thinks it's actually half-way intelligent.

Shemantics (0)

Anonymous Coward | about 3 months ago | (#45905071)

Not even that. It's really about a bunch of self-declared "white hats" showing off how SMRT they are by posting "analysis" about the doings of their "black hat" friends. None of these are actually much into that thing we need so much to improve the state of the art, outstanding creativity with technology, which was the meaning of "hacking" before these s'kiddies hijacked the term.

Re:What? (1)

StripedCow (776465) | about 3 months ago | (#45905087)

This isn't a story about wormholes and warp drive? It's just a story about hackers?

IMHO, the title of the article should have been "Blackhole Exploit Kit Successor Light years Away".

Won't need too (2)

Billly Gates (198444) | about 4 months ago | (#45903411)

Come 90 days when 30% of all computers [neowin.net] gets death by 1,000 fire ants with exploits all at once.

Especially since MSE wont wont save these users either [neowin.net] .

Popcorn time, or an oh shit time if the internet potentially goes offline due to 260,000,000 infected bots.

Re:Won't need too (1)

Patent Lover (779809) | about 4 months ago | (#45903999)

I'm still trying to figure the "gets death by 1,000 fire ants" part.

Re:Won't need too (1)

Anonymous Coward | about 4 months ago | (#45904073)

... 1,000 script kiddies with XP 0 day exploits

Script kiddies not hackers (-1)

Anonymous Coward | about 4 months ago | (#45903425)

FFS do you have any idea how retarded you are?

Re:Script kiddies not hackers (0)

Anonymous Coward | about 4 months ago | (#45903443)

Do you know what a script kiddie is, or are you under the impression that it means 'someone I don't like?'

Re:Script kiddies not hackers (-1)

Anonymous Coward | about 4 months ago | (#45903499)

Do you know what a script kiddie is, or are you under the impression that it means 'someone I don't like?'

Yes.

Re:Script kiddies not hackers (1)

msobkow (48369) | about 4 months ago | (#45903859)

Script kiddies run it, but a hacker created it.

Re:Script kiddies not hackers (0)

Anonymous Coward | about 3 months ago | (#45904887)

Script kiddies run it, but a cracker created it.

Re:Script kiddies not hackers (0)

msobkow (48369) | about 3 months ago | (#45905103)

A cracker is a hacker who specializes in security.

Re:Script kiddies not hackers (0)

Anonymous Coward | about 3 months ago | (#45905567)

Hmm, I disagree. A cracker is certainly a very smart person that specialises in breaking or circumventing security systems, usually for illegal purposes or gains. A hacker on the other hand, may have all the same knowledge and capability, but generally won't actually do the cracking, or they may do it, only to prove they can but will leave it at that without causing any actual damage.

Re:Script kiddies not hackers (0)

Anonymous Coward | about 3 months ago | (#45905887)

No, a hacker can be a cracker, just like a locksmith can also be a housebreaker.
Hacker and cracker are not synonyms, but they are also not antonyms.

Years Away? I call Shenanigans (5, Insightful)

Anonymous Coward | about 4 months ago | (#45903457)

Let's face it, these professional exploit writers are not "years away" from their next great product. They don't stand idly by thinking they are winning. They continue to develop and hone their craft.

These new 'crypto locker' products are problematic and are going to wreak a lot of havoc on people. And while we security folks are battling the latest lock schlock the exploiteers are just waiting for us to get a handle on things so they can throw us the next curveball.

And let's not forget that the end of support for XP is coming in April. Whatever they have been holding back for XP's independence will show up soon after Microsoft finally sets XP adrift on an ice raft.

Re:Years Away? I call Shenanigans (4, Insightful)

Cryacin (657549) | about 4 months ago | (#45903525)

One company's malware is another company's upgrade incentive.

Re:Years Away? I call Shenanigans (4, Insightful)

plover (150551) | about 3 months ago | (#45904523)

It certainly won't get Grandma to update her Windows XP box. "You mean the emails and internets machine? I don't do anything with that."

A million zombies strong - and growing.

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45904577)

It certainly won't get Grandma to update her Windows XP box. "You mean the emails and internets machine? I don't do anything with that."

A million zombies strong - and growing.

You're right, of course. Old people are so stupid.

Re:Years Away? I call Shenanigans (0)

girlintraining (1395911) | about 3 months ago | (#45905621)

A million zombies strong - and growing.

Yes, and we should shame Grandma because she can't afford to plop down several grand on a Windows 8 license, new computer, and internet connection on her fixed income which barely pays for her medications and food. That seems legit.

Hey, asshole -- here's the reality: Most of those "zombie" machines aren't because Grandma is being a bitch, but because Microsoft and other vendors are. It's called forced obsolescence. I can still drive a Model T on the highway; the infrastructure hasn't changed. Computers can be designed in such a way that they can be used for decades before needing replacement. But they aren't, because it's not as profitable as screwing people over with mandatory upgrades every few years. We may be IT people who like to live on the bleeding edge, but extending that mentality to the general public is just a dick move that shows how out of touch you are with reality. The reality is it's our responsibility to design systems that can be maintained for long periods of time -- there's no reason why XP can't continue to have security patches on it.

Look at Linux: It hasn't bloated up to need a billion gigs of RAM and 9 trillion teraquads of quantum processors. It's requirements have pretty much remained constant for the past decade... and security patches are retroactively added for many years. There's no Linux XP, Linux 2003, Linux 8... there's just. fucking. Linux.

If a bunch of nerds in their mom's basement can maintain an operating system and keep it secure and up to date for decades at a go, why can't one of the biggest companies on the planet with billions in revenue manage to support their own products for more than the time it takes to say "Mandatory online activation"? Simple answer: Because we let them get away with it... because fuck Grandma. She should pony up for the latest and greatest like the rest of us! Yeah. -_-

Re:Years Away? I call Shenanigans (2, Insightful)

Anonymous Coward | about 3 months ago | (#45905847)

Yes, and we should shame Grandma because she can't afford to plop down several grand on a Windows 8 license, new computer, and internet connection on her fixed income which barely pays for her medications and food. That seems legit.

Ah, it is good to see that you are back with your outlandish statements and disproportionate replies to innocuous statements.

Plopping grands (0)

Anonymous Coward | about 3 months ago | (#45906731)

"she can't afford to plop down several grand on a Windows 8 license, new computer, and internet connection"

When is the last time you bought a PC? This isn't Apple land. If all Grandma is doing is Internet and email (i.e. not spending every weekend playing Crysis 3 with her Bingo buddies), she doesn't have to spend more than $250-$300 for a cheap desktop, running Windows 7 or 8.1, that is more than well enough equipped to handle her casual computing needs.

Re:Years Away? I call Shenanigans (1)

TangoMargarine (1617195) | about 3 months ago | (#45906757)

I can still drive a Model T on the highway;

If it's a "classic car" they let you just ignore all the safety standards? And would it run on unleaded?

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45906923)

Yes. If you had any understanding of the MVCSS at all you would already know it has never had a proper revision so the old standards are still in there, including what lantern your buggy needs. There are a number of car clubs that can help you out with your ignorance. The Model A group does a couple of trips per season and the typical upgrades are usually electrical as the old generators were (and are) a PITA. As for the fuel, you need hardened valve seats, no biggie on a cast iron 4-hole. Or you can use lead-additive.

Re:Years Away? I call Shenanigans (1)

swillden (191260) | about 3 months ago | (#45906947)

I can still drive a Model T on the highway;

If it's a "classic car" they let you just ignore all the safety standards?

Yes, actually. If the original vehicle didn't have air bags, seat belts, turn signals, etc., you're not required to have them. I think if you could find a vehicle that were made without headlamps it would be illegal to drive it at night, and if it couldn't manage the minimum speed you couldn't drive it on the freeway, but mostly you can just ignore all the safety standards implemented after the vehicle was made.

And would it run on unleaded?

They'll all run on unleaded, but there can be problems, mostly with overheated valves that fuse and stick. You can replace the original valve seats with hardened seats that don't need the lead-provided lubrication, or you can add aftermarket lead substitute additives to unleaded fuel and use the original equipment.

YACA - yet another car analogy (0)

Anonymous Coward | about 3 months ago | (#45907597)

Almost right, but the things you listed mostly affect the safety of the driver. Well, turn signals affect the safety of others, but in practice half of drivers don't bother to use them at all, so we have to drive like they don't exist (and be wary of those that might be unintentionally left on, effectively creating less safe situations).

Most states in the US require safety inspections annually or bi-annually. In those states, regardless of vehicle age, e.g. your brakes, alignment, tread, wipers, horn, etc. still have to meet spec. Also, while you'll get away with having no headlights during daylight here (even on a modern vehicle; YMMV), if it starts raining and you cannot turn on your headlights, you risk being pulled over and likely ending up with an impounded vehicle. So you cannot ignore all the safety standards, just those that mostly only put the driver and passengers at greater risk.

Back OT, we don't regulate operating consumer PCs without regard to the safety of others because the risk of death, amputation, and so on from a virus, worm, etc. is vanishingly small - so far, no DDOS has t-boned a school bus full of kids. However, I sometimes wonder just how many such occurrences it would take to lead to some kind of "PC safety and liability" legislation. For example, what if late this year some blackhat hacker utilized a botnet of unpatchable WinXP PCs to defeat a firewall at some industrial facility* and subsequently take over process control systems (foolishly not protected by an air-gap) causing an explosion (or whatever) that leads to many fatalities in the surrounding community? Interesting times, indeed.

[*] Make the facility manager a divorced woman and the hacker her vengeful ex-husband, and you've got another forgettable movie on Lifetime. If the poor protection of the process control systems is due to the (immoral, greedy, and of course male and lecherous) CEO ignoring her repeated recommendations to harden the security, that's Lifetime Movie of the Week material!

- T

Re:Years Away? I call Shenanigans (1)

plover (150551) | about 3 months ago | (#45908447)

I wasn't blaming Grandma. I'm simply pointing out reality: a lot of boxes are never going to be updated by their owners because they don't see the need. Asking them to see the need will get you nowhere, too.

I'm with you: it's not her fault. But somehow we have to deal with this. And Microsoft is walking away from the problem they caused.

Re:Years Away? I call Shenanigans (1)

Billly Gates (198444) | about 3 months ago | (#45908959)

Yeah I am sure Ford would be happy to give you free model T parts that wear out for life FOREVER!

My Android got EOL just 2 years after I bought it for $700 (the same cost as Grandma's computer). Don't tell me MS is the all sooo horrible and mean bad guy because after a mere 13 years people will have to stop relying on free updates for an OS that was made for dialup and AOL where security meant blocking a port with a good password and nothing more.

Sure your employer (a very cheap financial institution) may not value IT but who is to say that is the right thing to do.

My car is over 100k and I do not expect free service. Same with computers. Now if XP was free to make patches and didn't have a freaking whole command and control center which costs billions a year to operate to shut off bot nets 24x7 for an OS they only made between $40 - $175 10 years ago you might have a point. Mean old poor Microsoft.

My father is not technical literature anymore and is retired. He knew he was infected and I told him about XP EOL next year. For $100 I got a flash drive with Windows 7 and he purchased a key from MS online. He is good for 7 more years now. Was that so hard?

Grandma needs to be aware with notifications and upgrade. If her computer was made after 2006 it should have at least 1-2 gigs of ram and a core2 which will run Windows 7 fine if all she does is browse the net with IE and play solitare. Actually XP has a horrible version of IE. IE 8 is ancient, doesn't support HTML 5, doesn't have a JIT javascript compiler, is less secure, etc. Do not even go for versions earlier than IE 8. Facebook will probably be HTML 5 only very very soon and then what is Grandma going to do?

It is not like she knows what a browser is? Most users who say Google is their browser think the blue E standards for Enternet and go to google from there. Only geeks know what a browser is so it is not like she has the ability to comprehend what a firefox is.

Re:Years Away? I call Shenanigans (3, Insightful)

sunderland56 (621843) | about 4 months ago | (#45903563)

Let's face it, these professional exploit writers are not "years away" from their next great product.

And also don't forget - a *truly* great exploit kit is completely unknown to security researchers and the press. Once it's existence is known, it becomes much less useful.

Re:Years Away? I call Shenanigans (1)

swillden (191260) | about 3 months ago | (#45906961)

Let's face it, these professional exploit writers are not "years away" from their next great product.

And also don't forget - a *truly* great exploit kit is completely unknown to security researchers and the press. Once it's existence is known, it becomes much less useful.

I don't think that follows. Access by security researchers to the latest version of the kit, so they can analyze it and include countermeasures in the operating systems it attacks, that makes it much less useful. But mere knowledge of its existence doesn't damage its utility, and may enhance its saleability.

Re:Years Away? I call Shenanigans (5, Informative)

asmkm22 (1902712) | about 4 months ago | (#45903635)

If you bothered to read the article, you'd note that in the first two paragraphs they mention that they are arguing not that there won't be any replacements available for a few years, but that it will take a few years for one of the many alternatives to rise to dominance.

Re:Years Away? I call Shenanigans (1)

Anonymous Coward | about 4 months ago | (#45903783)

Well, "dominance" is not all it's cracked up to be. With several different complex exploit kits out there the security industry will have to focus on all of them at once which serves to "divide and conquer" those trying to stop the spread of these malicious offenders.

Many battles on many fronts is not good for the white hats.

Re:Years Away? I call Shenanigans (1)

Anonymous Coward | about 4 months ago | (#45904367)

What needs to be done is not to focus on the rootkit exploits, but to focus on the security holes. Lock those down, and it doesn't matter what the bad guys do, exploit-wise.

In my experience, what serves up malware the most are ad sites. Slapping on AdBlock and NoScript does far more (in my experience) for security than any AV utility (except Malwarebytes because it actually blocks by IP address) has ever done. The people who run the ad servers seem to not give a shit about security, and it affects everyone. So, until the ad companies bother to zip their fly, I will block them at the firewall as a potential attack source. Even the big names get nailed by this (wasn't there a /. article on Yahoo ads being malware tainted?)

Second, we need to move to a more isolated model. Not just virtualize the process and stack space, but the complete filesystem, and even offer the option for isolation on the thread level (although most likely this will require a new process.) That way, a Web browser with a window for a bank and a window with an add-on that got compromised won't allow the infected code to spread outside that window's space. Web browsers also need to run in a restricted user context. MS has done this with IE, but long term, people need to get used to the fact that a Web browser should not be able to load or save files outside of its own directory.

The ideal model would be something like Qubes OS. In hardware, the ideal model would be having the hypervisor run on its own core, using a Harvard architecture and its own machine instructions (the core being a FPGA perhaps), so even if machine code from the client VM did leak, it would be impossible for it to be executed.

In reality, I've found that existing tools can help mitigate damage done by malware, provided a user is at all clued. Nothing is 100%, but SandboxIE does a good job at keeping the Web browser process from trashing things. However, one is just a single privilege escalation from disaster with that model. The best I've found is running a sandboxed Web browser until a virtual machine, the VM being on its own subnet via a vSwitch. This way, if an attacker got control of the VM,there would be a very limited network topology they can access.

This is less of an issue on Linux, and OS X, because the focus of the bad guys is on ROI, and compromised Windows boxes provide that in spades. However, it might be good to start using Xen or VMWare on those as well.

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45905389)

In my experience, what serves up malware the most are ad sites. Slapping on AdBlock and NoScript does far more (in my experience) for security than any AV utility

But you'll never see 99% of the internet - the sites that generate their revenue from ads - endorse this approach. And before this starts a "but the internet should be free, and that includes 'ad free'" & "they need to find a different business model" parade of comments, ask yourself how many sites you visit that you would still support if you had to pay for them? Most people respond "I'll just find another site with better content that's free". Well, those sites are the very sites the "find a new business model" crowds don't want to use ads (and would eventually block with a paywall).

Ads can and do deliver malicious content. And many websites are simply ad whores. But there needs to be a middle ground that doesn't endanger site visitors and doesn't force the sites to charge for content. Do *I* have the answer? No. If I did I'd have a website using that model to generate revenue.

Re:Years Away? I call Shenanigans (1)

martin-boundary (547041) | about 3 months ago | (#45905155)

Depends, really. Right now the NSA has a lot of brand recognition, so if they market their tools with a recognisable logo they could dominate the global market in a month, tops. They should hire Bill Gates to head their malware product division, I'm sure they could make him an offer he can't refuse.

Re:Years Away? I call Shenanigans (4, Interesting)

mlts (1038732) | about 4 months ago | (#45904287)

IMHO, what we have seen in the CryptoLocker game is just the beginning. We have close to a perfect storm here -- Bitcoin being a currency that is easy to use no matter where one is, provided Internet access is obtainable [1]. For the most part, security is a joke because people/businesses either don't care, view it as having no ROI, or just view it will happen to "the other guy." Unlike incoming Internet connections which will get stopped by at the minimum, a perimeter firewall, the untrusted code on an external web page makes it well into the depths of a company. Most companies might have something to block the nudie pics, or use a device to force all SSL transactions to go through a transparent listening/MITM proxy (BlueCoat for example), but usually that is the extent of how far they go. Blocking suspect malware IP addresses tends to be rare unless a company is on top of their game.

With this in mind, it might take a single browser or add-on weakness for an organization to get malware deployed. Since most Web browsers run as the user, it means the malware usually ends up with a full unlimited user context. Barring Web based malware, there is always the good old fashioned "foo.pdf .exe" Trojan.

CryptoLocker is just version 2.0 (v1.0 being the early ransomware with an easily factored key being the same, or a flimsy encryption algorithm.)

I can see RansomWare 3.0, if it manages to get root/Administrator authority, installing a low level driver. It will encrypt files, and backup programs will back up the encrypted stuff (a la Microsoft's EFS), but the user won't know because the driver will allow reading/writing for a period of time. Then, after a cutoff date, the private key is wiped, and the driver is dropped from the system. This not just encrypts the files that are accessible, but it also ensures that recent backups will be completely and utterly useless for restores. The private key can also just never be stored on disk, and quietly fetched from the malware owner's website every time the machine reboots.

To boot, the software will detect where the software is installed and base the ransom of where it is located. If a police station, the demand to release all prisoners in the county jail can be made. A government office means that the criminals can demand someone be fired. At the extreme, if the files locked up are valuable enough, the organization can demand an execution of someone they don't like.

Now the question -- how can we prevent this. Well, it costs money. Someone can invent software that can check backups and detect files that were encrypted, but in reality, it means RansomWare 3.1 will just encrypt the file in a valid .doc, .xls, or other format. It will take keeping a round of backups for a long time. It will take better heuristics so an AV utility [2] can detect some process fiddling over time with files and stop it. It might even require machines be rebooted from offline media and scanned in that condition, and instead of a scan looking for anything out of the ordinary, the reverse happening -- a scan looking for anything that isn't a signed binary or valid Registry entry in order to find rootkits (assuming ones that just don't exist in RAM.) It might even require a new computer architecture with a hypervisor that can suspend the entire machine, then scan the RAM image and the disk every so often.

[1]: BitCoin isn't anonymous, but there are a growing number of "wallet mixing"/laundering services popping up. I'm sure a lot of them likely will just make off with any coins they get (a "100% commission"), but even if a fraction if the haul gets handed to the person coming up to the table, it can still be a good haul for the person trying to launder.

[2]: AV utilities tend to be a joke, but we can hope they might do the job.

Re:Years Away? I call Shenanigans (1)

dave562 (969951) | about 4 months ago | (#45904411)

You have a creative mind, but this has already been solved by non-persistent disks.

Re:Years Away? I call Shenanigans (1)

Spamalope (91802) | about 3 months ago | (#45905211)

You have a creative mind, but this has already been solved by non-persistent disks.

If your files and backups have been transparently encrypted for 6 months to a year that will not help you one bit. The key was on a malware server, and only copied to ram so your backup has no copy of the key. Your backups and off line disks newer than a year (or as long as the ransom folks care to wait) are all encrypted.

installing a low level driver. It will encrypt files, and backup programs will back up the encrypted stuff (a la Microsoft's EFS), but the user won't know because the driver will allow reading/writing for a period of time.

In the enterprise, incremental datastore backups as with PHDvirtual would save pre-infection data as long as your backup retention is long enough but the damage would still be severe. Using a transparent driver is really deadly. Hot spares and such would just be hit along with the primary systems.

So what if the ransomware targets existing encrypted backups? Target companies that must encrypt for secure off site backups (HIPAA), swap out the key and hold it for ransom when they need to do disaster recovery. (Say, because your malware wiped the production servers...)

Re:Years Away? I call Shenanigans (1)

xenobyte (446878) | about 3 months ago | (#45904789)

It strikes me that the solution is virtual disposable machines. Most advanced malware won't run on a virtual machine in order to make reverse engineering difficult, and the data can be continously verified from the outside, and data is stored on devices using a separate OS. If a file with a well-known extension suddenly appears encrypted then you know something's afoot and catch things right away.

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45904959)

It strikes me that the solution is virtual disposable machines.

Android, in other words.

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45905453)

Has someone actually paid any of these blackmailers? Seems very stupid to me, why on earth would they open up anything when they have just had your money? I actually do know some cases where the victim paid, but didn't get their data back. Never pay any blackmailer _anything_. It won't help, at all.

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45905823)

Thousands of documents without backups, thousands of family photos that can't be recovered.

You could say such memories are priceless.

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45905959)

IIRC, a few police departments ponied up the BitCoins.

CryptoLocker has put BitCoin on the map, for better or worse. Even though the currency has its ups and downs, it seems to be flirting, if not intimate with the quad digit mark.

Re:Years Away? I call Shenanigans (0)

Anonymous Coward | about 3 months ago | (#45905797)

A company did a survey on people that were affected by CryptoLocker and found out that the vast majority of them used the second payment option (not BitCoin). They either didn't know what BitCoin was or couldn't figure out how to acquire the currency.

Sweet Memories (1, Interesting)

Lisias (447563) | about 4 months ago | (#45903653)

When I was young and naive, and my worst worry was the Back Orifice from The Cult of the Dead Cow. :-)

Re:Sweet Memories (3, Funny)

myowntrueself (607117) | about 4 months ago | (#45904413)

I once ran a back orifice honeypot (fakebo) :) It was fun. The 'hackers' who took the bait would spend hours poking around in a virtual back orifice server. Some of them figured out it was a honeypot and left little messages for me ranging from "YOU BASTARD YOU MADE ME WASTE 2 HOURS OF MY LIFE!" to "Wow I finally figured out that this was a honeypot, very cool!"

Re:Sweet Memories (1)

Anonymous Coward | about 4 months ago | (#45904421)

The Cult of the Dead Cow. ..... now that's a name I've not heard in ages.

"given her age and the person lying before me" (0)

Anonymous Coward | about 4 months ago | (#45903767)

Was the double entendre intentional?

Shoot the motherfucker as detergent to others (0)

Anonymous Coward | about 4 months ago | (#45903775)

This way we can feel save and be save.

from who the pervert nsa? (-1)

Anonymous Coward | about 4 months ago | (#45904067)

fuck you you sick sack a shit

Re:Shoot the motherfucker as detergent to others (0)

Anonymous Coward | about 3 months ago | (#45905069)

Why the dirty talk?

Misread the title (0)

Anonymous Coward | about 4 months ago | (#45903935)

With a dim monitor and a brief glance on the headline, I totally misread it as Butthole Expansion Kit Successor. Too much slashdotting?

Fabulous Slashdot update (0, Offtopic)

Anonymous Coward | about 4 months ago | (#45904373)

The new Slashdot site really improves with every update. Now I'm forced to enable Javascript if I want to read the comments.

FUUUUUUUUUUUUUUCCCCCCCCCCCCCCKKKKKKKKKKKKKKKK

Not Hackers (3, Insightful)

ilikenwf (1139495) | about 3 months ago | (#45904497)

People who do this aren't hackers, they're degenerate criminals. Hacking doesn't mean cybercrime, and I resent the assumption that it does.

Re:Not Hackers (2, Funny)

plover (150551) | about 3 months ago | (#45904545)

People who do this aren't hackers, they're degenerate criminals.

What exactly is a generate criminal, and how do they differ from degenerate criminals?

Re:Not Hackers (0)

Anonymous Coward | about 3 months ago | (#45904739)

What exactly is a generate criminal, and how do they differ from degenerate criminals?

Go to any parliament, or any of the Presidential/Prime Minister offices and you will find them.

But of course, they are worse than their degenerate counterparts.

Re:Not Hackers (3, Interesting)

VortexCortex (1117377) | about 3 months ago | (#45905123)

What exactly is a generate criminal, and how do they differ from degenerate criminals?

Go to any parliament, or any of the Presidential/Prime Minister offices and you will find them.

But of course, they are worse than their degenerate counterparts.

Yes. But it is the regenerate criminal you should fear. Computing is almost to the point where a bot net can be host to more CPU cycles than required for sentience. One species' atrocity is another's way of life.

Re:Not Hackers (2)

Maritz (1829006) | about 3 months ago | (#45905941)

A degenerate [wikipedia.org] criminal is not quite massive enough to override the Pauli exclusion principle and form a Black Hole rootkit. Frankly, criminal neutron stars are quite enough, thank you!

Cryptolockers is kiddie stuff (0)

Anonymous Coward | about 3 months ago | (#45906019)

Real pirates have hundreds of thousands --if not millions-- of PCs under their control and are using their botnet to anonymously mine cryptocurrencies.

You have to be a sad and stupid fool to waste time trying to Cryptolock when there are millions to be made mining cryptocurrencies... Without *any* risk to get caught.

Crypto-locking harddisk and asking for a ransom may get you to jail.

Real succesful bad guys are joining anonymously several mining pools and printing money.

CRACKERS... (0)

Anonymous Coward | about 3 months ago | (#45906055)

!= hackers, /.

Re:CRACKERS... (0)

Anonymous Coward | about 3 months ago | (#45908753)

Repeat after me: I have lost this battle.

Excuse me, what? Profits? You mean THEFTS... (0)

Anonymous Coward | about 3 months ago | (#45906299)

as hackers aggressively attempt to recover lost profits.

No no no - thefts are not profits - they are thefts, period. As hackers attempt to steal more and more.

Find these hackers, chop off their hands, feet, throw them into a hog confinement and listen to them squeal.....

Re:Excuse me, what? Profits? You mean THEFTS... (1)

TangoMargarine (1617195) | about 3 months ago | (#45906807)

"They chopped off his hands and feet and rolled him into the bog."
"They pick pretty hard around here..."

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...