.

Interview with an Adware Author

<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Tue Jan 13, 2009 5:48 am

Interview with an Adware Author

Very interesting article here:

http://philosecurity.org/2009/01/12/int ... are-author

found it via CG's blog here:
http://carnal0wnage.blogspot.com/2009/0 ... uthor.html

scary but funny at the same time.
<<

LSOChris

Post Tue Jan 13, 2009 10:30 am

Re: Interview with an Adware Author

yeah thats a really good article. I really like how he talked about the evolution of them making their malware persistent.  good stuff.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Tue Jan 13, 2009 10:54 pm

Re: Interview with an Adware Author

Interesting stuff. I've run across some mal/spy/adware that used some of the techniques mentioned. Its really *very* frustrating when you hit this. I spent a few days cleaning off a machine for a business a while back, gave it back to them, and then the place was burglarized the next day and it was stolen. Just no winning for them.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Feb 03, 2009 5:39 pm

Interview with an Adware Author

Very interesting read. Just goes to show, it's all relative. Here's an excerpt:


Matt Knox, a talented Ruby instructor and coder, talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for allegedly surreptitiously installing adware on millions of computers.)

S: You wrote adware. You bastard.

M: [sheepishly] Yes, I did.  I got to write half of it in Scheme, which probably means that I deployed more Scheme runtime than anybody else on the planet.

S: Let’s back up a second. Why did you write adware?

M: I was utterly and grindingly broke for a little while.  I started working on SPAM filtering software. That work got noticed by [Direct Revenue], who hired me to analyze their distribution chain.  For a little while, the site through which all their ads ran was something like top 20 in Alexa. Monstrous, really huge traffic. Maybe 4 or 5 months into my tenure there, a virus came out that was disabling some of the machines that we had adware on. I said, “I know enough C that I could kick the virus off the machines,” and I did. They said “Wow, that was really cool. Why don’t you do that again?” Then I started kicking off other viruses, and they said, “That’s pretty cool that you kicked all the viruses off. Why don’t you kick the competitors off, too?”

It was funny. It really showed me the power of gradualism. It’s hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.

S: Did you feel this was the gently sloping path to Hell?

M: Oh yeah! Absolutely. [ laughs ] I actually believe that if you sum up everything I did it comes out positive, if only because I kicked off an awful lot more adware than I installed.

S: What was Direct Revenue’s business model?

M: Their business model was that they would buy a screensaver from somebody, or develop it themselves. It would be some stupid thing like a guy who’s washing their screen. Looks like a window washer guy? They’d say “Hey, if you want this, install our adware and you can have it for free.” An astonishing number of people will do that.

S: What did they call it? I presume they didn’t call it “adware.”

M: The good distributors would say, ‘This is ad-supported software.” Not-so-good distributors actually did distribute through Windows exploits. Also, some adware distributors would sell access. In their licensing terms, the EULA people agree to, they would say “in addition, we get to install any other software we feel like putting
on.” Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say “Hey! I’ve got 4 million machines. Do you want to pay 20 cents a machine? I’ll put you on all of them.” At the time there was basically no law around this. EULAs were recognized as contracts and all, so that’s pretty much how distribution happened.

S: Your company’s not one of those that would leverage exploits in order to get software on people’s computers?

M: We didn’t, no. Some of the distributors certainly did. If we found out a distributor was doing that, we’d say “Now we’re not going to distribute with you any more,” and we’d try to get off those machines.

The thing that I had a real problem with was the persistence work that I was doing.  This made it difficult for competitors to kick us off the machine. It was effectively impossible for a civilian to get us off the machine– unless they went through our uninstall process. You had to go to some web site, download an uninstaller, take a short survey about why they were getting rid of us, and then it would actually remove us and we would also leave a Registry key to make sure we didn’t reinstall.  Sadly, some misguided antivirus and anti-adware software would go in and remove that, which therefore meant that we would reinstall again.



For the entire interview:
http://philosecurity.org/2009/01/12/int ... are-author

Don
CISSP, MCSE, CSTA, Security+ SME
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Feb 03, 2009 6:53 pm

Re: Interview with an Adware Author

good read...he seems like a pretty chill guy, smart too. I'm taking an online Information Systems Security class and we just covered a chapter on why not to use Internet Explorer. Knox is clearly one of the reasons why but not only that it's the BHO's he used to install the adware. The book I'm reading right now talks a little bit about them but this article opened my eyes to how dangerous they are...I also learned that I better start reading those EULAs...very carefully... hahaha...Thanks for the link don
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Tue Feb 03, 2009 7:27 pm

Re: Interview with an Adware Author

Interesting article. What book were they talking about BHOs in Kris?
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Feb 03, 2009 7:50 pm

Re: Interview with an Adware Author

Ah, the books called PC Pest Control. I'm actually suprised this books in the course work it's somewhat outdated.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Wed Feb 04, 2009 6:30 am

Re: Interview with an Adware Author

awww... beat you by half a month don!

http://www.ethicalhacker.net/component/ ... ic,3333.0/
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 04, 2009 9:32 am

Re: Interview with an Adware Author

Oops. Topics have been merged with yours first.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software