Bruce, seeing that the Storm Worm has sprouted stock tout popups on its own bots:
(((I’m guessing the next step is to contact Storm bot victims directly and ask them to join the Storm Network voluntarily. AFter all, if you obeyed that Storm spam pop-up, you cashed in; and this would be a valuable opportunity to become a foot-soldier in the biggest online organized=crime outfit ever.)))
This paper studies an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, we measure how the shift from "hacking for fun" to "hacking for profit" has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year.
How to stop it?
Law enforcement is good, but insufficient.
Ditto traditional technological Internet security methods.
We already knew that.
Real progress will be made by disrupting the criminal economy
by poisoning trust.
Read the paper for the authors’ suggestions of Sybil attacks
and slander attacks.
Make the criminals’ identities unreliable and poison their reputations.
This is considered the paper of the year by some prominent computer
security professionals, and for good reason.
Fergie points out
a university project investigating censorship:
The "Great Firewall of China," used by the government of the People’s
Republic of China to block users from reaching content it finds
objectionable, is actually a "panopticon" that encourages self-censorship
through the perception that users are being watched, rather than a true
firewall, according to researchers at UC Davis and the University of
The researchers are developing an automated tool, called ConceptDoppler,
to act as a weather report on changes in Internet censorship in
China. ConceptDoppler uses mathematical techniques to cluster words by
meaning and identify keywords that are likely to be blacklisted.
Today, few malware developers use their own code. They write it for the
same reason commercial software developers do: to sell it for a healthy
profit. If you’ve ever bought anything online, buying from them may be
disconcertingly familiar. If you want to break into a computer or steal
credit card numbers, you can buy the necessary software online, just
like almost anything else. More than that, you can find user friendly,
point-and-click attack applications that have been pre-tested and
reviewed by experts, and read through customer feedback before making
You might even be able to buy technical support or get a money
back guarantee. Some developers offer their malware through a
software-as-a-service model. If you prefer an even more hands-off
approach, you can simply buy pre-screened credit card numbers and identity
information itself, or sign a services agreement with someone who will
do the dirty work for you. As in many other industries, money has given
rise to professionalism.
Online crime and malware development has become a full-blown and extremely
profitable commercial enterprise that in many ways mirrors the legitimate
software market. "We’re in a world where these guys might as well just
incorporate," says David Parry, Trend Micro’s Global Director of Security
Education. "There’s certainly more money in the cybercrime market than
the antivirus market. The internet security industry is a drop in the
bucket; we’re talking about hundreds of billions of dollars."
Microsoft claims that I (and possibly you, dear reader)
am violating 235 of its patents on Windows by running Ubuntu Linux:
After many earlier rounds of saber-rattling and FUD, Microsoft has
announced that Free Software users — including everyone who, like me,
uses Ubuntu Linux — are violating at least 235 of Microsoft’s patents,
though they don’t say which ones. Microsoft are now threatening end users
of GNU/Linux (that’s you and me again) with lawsuits unless we pay them
protection money. "Nice operating system you got there, it’d be a shame
if something were to happen to it."
The Microsoft position is this: even if you don’t use Windows, you still
have to pay them as much money as they would have gotten for selling
you a copy of it.