Virus Infections

My home PC is infested with viruses. The quick way to get rid of them is to reinstall Windows from scratch. However I am studying these critters to gain knowledge on viruses in general.

Every so often, my system tray has an icon that says my computer is infected. It asks that I click the icon to disinfect. Clicking it take my browser to some rogue web page where they try to get me to buy antivirus software.

LOL. Yeah right. I am not going to pay the guys that actually came up with the virus. How stupid do you think I am? A quick check to the Task Manager shows a "braviax.exe" process running. When I kill the process, the icon goes away. This is the culprit. I find a copy of the file in the C:\Windows folder. So I delete the file and pat myself on the back.

Here is the first trick. When I reboot, the problem comes back. The "briaviax.exe" file comes right back. I run msconfig and find that file it set to run on Startup. How did the file get back there? A little research and I find that there is another copy in C:\Windows\System32. That's actually smart. You have to eradicate both locations.

My system is still full of viruses. Let's try to get rid of them. Then we can find out how modern day PC viruses operate. This is good stuff.

Power of Proxy

I was reading a post with a lot of comments. One dude said he was trying to make money with Google AdSense by clicking on his own ads. Normally Google detects and blocks this type of behavior. The guy said he got around this by clicking once a day using a web proxy.

The web proxy hid his computer IP address from Google. That made it like somebody else was clicking on the ads he hosted on his site. This pissed some people off, especially those who were paying Google for displaying ads in its AdWords program.

This sounded like an interesting idea. The guy stated that it was not worth it. So he quit. I wonder whether he was telling the truth. So I decided to investigate. There are a number of drawbacks to this technique.

Not all proxy sites let you see ads on the pages they serve up. Furthermore, some sites that do show ads force you out of the proxy when you click the Google ads. This defeats the purpose as Google can then detect who you are. Still I consider the original idea a great hack. It is thinking outside the box to get a little cash.

Malware Marketing

This past year a team came out with an instant messaging client. It was provided free of charge. They needed to make some money. So they started experimenting on how they could profit off their users. Of course they tried having ads in their app. Then they got creative. They released some malware but got busted by LifeHacker.

Later the company came out and tried to do damage control. They call the malware their "research" module. That is a spin on the act of some software getting installed with their instant messenger, then taking over control of your computer to do their parallel processing.

In the good old days, sneaky code like this was shipped out with free programs. The bad boys just hoped you did not detect that your machine had been compromised. Now it has been taken to another level. When some tech site does detect you app doing sneaky things, you put the marketing spin on the evil deed to make it look like you are doing no evil. LOL. Damn those marketing guys.

Oh yeah. If you are wondering what product I am talking about, it is Digby. I am safe. My IM software is Yahoo Messenger. And Yahoo makes some green backs off me. However they just put the ads in my face. At least they are not trying to hide anything there.

Uncrackable

Insomniac came out with the Spyro game 10 years ago. I played it a couple times. It has some nice animation when the little dragon flies around. The company had their profits robbed when their game was quickly cracked for the Playstation. They decided to step up their anti-crack efforts with the release of their Spyro Year of the Dragon release. They shared some of what they did to protect their program and their revenue. I highlight some of their techniques here because it is very interesting.

The first thing to realize is that no program is crack proof. You are only trying to delay crackers when you put protection in there. It is a cat and mouse game. Typical cracks insert some intro code which tell the user who cracked the game. Then the crack runs the normal executable that is cracked. The normal executable is compressed to keep the overall size of the game the same.

So how to do prevent such a crack? A simple method is to introduce checksums. You see whether the code has been altered. If it has, you do something to prevent the game from continuing. There are ways to store checksum data in tables which makes checksum anticrack methods weak. The better checksum protection interleaves the checksum protection with actual program code.

Crackers do their work in their spare time. Make it hard for them to debug your application. Then it will also be hard for them to crack your app. Another technique that works is to delay what you do on detection of the app being cracked. That way it is hard for crackers to test whether the crack worked. They may also just assume that the crack worked, when in reality you will detect the crack and later halt the game.

I put some simple encryption into a product for work once. It was just a way to encrypt keys that were required to activate the app. Luckily we did not have a lot of general users who wanted a cracked app. This was just a method to keep the business users honest. They were too busy to actually crack the darn thing. If you are selling to the general public, you are going to want to research ways of your own to slow down the crackers. Your profit may hinge on the productivity of this effort.

Zero for 0wned

With the recent news about the release of the ZF05 zine, I thought I would ask the following question. Who are the authors? They call themselves Zero For 0wned. This is the fifth installment of their zine. I assume this is an electronic only zine.

Having read most of ZF05, I find myself getting bored looking at all their listings of hacking into systems. But get this. Their general writing is very amusing. It is a good read. I laugh out loud at many things they write such as "Dan Kaminsky is a noob".

It is hard to pin down any facts about Zero For 0wned. They are an underground group. In their zine they say they are silent at conferences, not revealing themselves. Their mission appears to be to destroy people or movements they are against.

There are some lessons learned from seeing the mass ownage from their latest zine issue. You should not reuse passwords. If you are a security professional, you had better employ good security practices yourself. And finally, nobody is safe. You are vulnerable if your computer is connected to the net.

PerlMonks Hacked

The PerlMonks site has been hacked, exposing all kinds of user information. Zero For Owned has taken responsibility. They have published passwords and e-mail addresses of some of the "cherished" members of PerlMonks. Specifically the janitors and saints at PerlMonks have been outed by Zero For Owned.

A PerlMonks update on their site states that the root password on one of their servers was compromised. They store the user information in plain text. That includes user passwords as well. It was thus easy for Zero For Owned to, well, conduct mass ownage.

This was just a demonstration by Zero For Owned. Their e-zine states they just exposed the weakness, and did no harm to any code repositories. It is still a sad state of affairs. I have been e-mailed users that were affected. I was not sure if PerlMonks was doing this already.

Peer Sharing Ownage

Some dude just got handed a verdict which will make him pay big for sharing files using Kazaa. The recording industry company sued him. His Kazaa stash was about 800 songs. However the suit was for copyright infringement over about 30 of the songs. In the end, he was getting charged over $20k for each song.

I think part of the problem with this case was the poor choice of lawyer. He had some professor that used the case to increase his own popularity instead of trying to get his client off the hook.

The individual found guilty was Joel Tenenbaum. He does not have the $600k that the verdict handed down. If the decision does not get overturned, he will just file bankruptcy. There has not been a lot of cases where the individual was sued for a huge amount like this. However we can see where this is going. The record labels want their money. And they are tired of file sharing sights "stealing" their profits.

So what are we to do? Should we stop downloading songs for free illegally? Normally I would say no. But you have to do a cost benefit analysis. If the legit song costs a buck, and you might get sued for $20k or $30k if you get caught, you might just want to pay that buck. Or you can do what I do. Just listen to the radio. No charge.