StopBadware Intern Blog

Learning the Landscape
Friday June 29th 2007, 4:18 pm
Filed under: Uncategorized

  I have only spent a few days doing website analysis but it appears that my perceptions of the threat of malware on the internet were a bit off base.
Even though I was often called on by friends and family members to resolve Badware related issues, I have only come into contact with malware as an actual end user on a personal level once. I’m a long time linux user but three years ago decided to use Windows on my desktop at home out of convenience. Okay, okay, I did it for the games. I actually don’t have any excuses because the only ones I played repeatedly were Doom 3 and Unreal Tournament 2004 – both have native Linux implementations.
 In Windows land, functionality means 3rd party software and 3rd party software costs. I wanted a mount -o loop like I had in Linux and everyone recommended Alcohol 120%. I downloaded the software. I navigated to a well known crack site ending in .sk. I knew the danger of malware on these sites and was using Firefox. Full speed ahead.

 I knew better. I shouldn’t have been doing what I was. I wasn’t auto-exploited. The malware that infected me was particularly nasty. Broke my display adapter driver. Made the control panel unusable, even in Safe Mode. I tried doing the usual HijackThis, Spybot, and adAware routes that were the first line of defense then. No go. I could have reinstalled by why bother. Since I had only been using the Windows system for about a month I decided to just go back to using my Linux system. Different mantra, everything is released as source so the more egregious violations of users machines is largely moot.

 The only mechanism of control related to the StopBadware project is a Google search results interstitial page. Surprisingly, the Internet isn’t the Wild Wild West (as an aside, was the western frontier ever really the Wild Wild West?). When sites lose traffic, they lose their value – people and thus the Internet responds to this modality of control. I don’t see well established purveyors of questionable content (warez, cracks, porn) distributing malware – these sites have too much to lose now, their ads are worthless if there is no traffic. The delivery vector isn’t the shady alleyways, but rather anywhere on the net where lax security has allowed an attacked to place an iframe or javascript link to malicious code. Said malicious code is hosted by ‘throw away’ hosts. We are forced to mark sites that have been hacked as ‘bad’ because even if the ‘throw away’ hosts are down, the linking site is still linking and even if they pull the links, the site may still be vulnerable to the same attack that resulted in the attacker originally injecting the malicious code that linked to malicious software.

 As one of our departing interns said: We have smoked them out of their caves and now the Internet at large is fair game for malware.

 So here we are, standing in front of the Internet sized game of wack-a-mole. StopBadware and their mechanism of control works, but is the action ultimately a step towards a more secure Internet and near elimination of Badware or impetus for attackers to step up their game? This question can be asked in the context of anti-virus vendors, computer security researchers, con artists. It is a race of attack v. defense. The problem is systemic of humanity, technology only seems to augment how the problem manifests. This battle occurs in perpetuity and the success of the project is real. Full speed ahead.

Comments Off on Learning the Landscape