« Microsoft's Honeyclient Project | Main | Cerberus-like Attack for Botnet Formation »
May 30, 2005
A New Business Model?
How could it be that a company in Russia is building a business around infecting other people's machines? 'No way!', you say. Well, this article from Information Week has the details.
This Russian company (which I will not link directly to) supplies one-line exploit code to other sites, who then get paid $0.06 per machine that is infected with that exploit code, which installs at least spyware and adware.
Interesting insight: I was testing my honeyclient implementation, and decided to access this Russian site to see if I could somehow download that exploit code to research. It turns out that the information they wanted from me is quite extensive. I mean, there's no way I'm giving them my address, phone number, etc., just so they can contact me to 'talk business'. So, in case you were wondering, they don't make it easy to obtain that exploit code.
It would be interesting to see with honeyclients if all the sites that work with this Russian company can be found via the way they would uniquely try and exploit IE and Windows 2K/XP. At least, that's what I'm assuming the exploit code targets.
Posted by Kathy at May 30, 2005 04:23 PM