http://philosecurity.org/2009/01/12/int ... are-author
found it via CG's blog here:
http://carnal0wnage.blogspot.com/2009/0 ... uthor.html
scary but funny at the same time.
Adware, spyware, viruses, worms, trojans, exploits, holes, patches, rootkits and more.
Matt Knox, a talented Ruby instructor and coder, talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for allegedly surreptitiously installing adware on millions of computers.)
S: You wrote adware. You bastard.
M: [sheepishly] Yes, I did. I got to write half of it in Scheme, which probably means that I deployed more Scheme runtime than anybody else on the planet.
S: Let’s back up a second. Why did you write adware?
M: I was utterly and grindingly broke for a little while. I started working on SPAM filtering software. That work got noticed by [Direct Revenue], who hired me to analyze their distribution chain. For a little while, the site through which all their ads ran was something like top 20 in Alexa. Monstrous, really huge traffic. Maybe 4 or 5 months into my tenure there, a virus came out that was disabling some of the machines that we had adware on. I said, “I know enough C that I could kick the virus off the machines,” and I did. They said “Wow, that was really cool. Why don’t you do that again?” Then I started kicking off other viruses, and they said, “That’s pretty cool that you kicked all the viruses off. Why don’t you kick the competitors off, too?”
It was funny. It really showed me the power of gradualism. It’s hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.
S: Did you feel this was the gently sloping path to Hell?
M: Oh yeah! Absolutely. [ laughs ] I actually believe that if you sum up everything I did it comes out positive, if only because I kicked off an awful lot more adware than I installed.
S: What was Direct Revenue’s business model?
M: Their business model was that they would buy a screensaver from somebody, or develop it themselves. It would be some stupid thing like a guy who’s washing their screen. Looks like a window washer guy? They’d say “Hey, if you want this, install our adware and you can have it for free.” An astonishing number of people will do that.
S: What did they call it? I presume they didn’t call it “adware.”
M: The good distributors would say, ‘This is ad-supported software.” Not-so-good distributors actually did distribute through Windows exploits. Also, some adware distributors would sell access. In their licensing terms, the EULA people agree to, they would say “in addition, we get to install any other software we feel like putting
on.” Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say “Hey! I’ve got 4 million machines. Do you want to pay 20 cents a machine? I’ll put you on all of them.” At the time there was basically no law around this. EULAs were recognized as contracts and all, so that’s pretty much how distribution happened.
S: Your company’s not one of those that would leverage exploits in order to get software on people’s computers?
M: We didn’t, no. Some of the distributors certainly did. If we found out a distributor was doing that, we’d say “Now we’re not going to distribute with you any more,” and we’d try to get off those machines.
The thing that I had a real problem with was the persistence work that I was doing. This made it difficult for competitors to kick us off the machine. It was effectively impossible for a civilian to get us off the machine– unless they went through our uninstall process. You had to go to some web site, download an uninstaller, take a short survey about why they were getting rid of us, and then it would actually remove us and we would also leave a Registry key to make sure we didn’t reinstall. Sadly, some misguided antivirus and anti-adware software would go in and remove that, which therefore meant that we would reinstall again.
Users browsing this forum: No registered users and 0 guests