On GameFAQs: What is error code 80710092 on the PS3?
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 7 of 20:
Next »
« Previous
Okay sending spam is the goal, but how does it work?
A series of time-restricted worms have been observed. Each infects a machine and sends out a burst of copies and notification to a site. The site is closed fairly quickly, I imagine, but many infected computers have been identified.
As virus scanners are updated, the worm becomes less and less successful; probably largely disappears before its expiration date.

What's going on?

Apparently, the purpose is to keep control over the machine so that it can act as a relay/distribution point for spam. It's intended to make money.

Okay.

The question I'm wondering about is the worm's distribution method. Wouldn't an antivirus be able to clean out everything the worm installed? An antivirus successful enough to stop the spread of the worm would also eliminate the worm-writer's ability to control the machine, it seems.

I can see two possible explanations for these experiments.
First, the actual worm designed to work with a spam-spreader hasn't been issued. When it is, it'll work for a little while, then be killed. I don't like this explanation much, because whatever is being advertised will be identifiable, which means the company paying for the spam is known, and from there it'll be easy to find the spam sender. That person may or may not be able to help find the worm-writer, but s/he is in for a very hard time.

The second possibility makes more sense: anti-virus programs may not be cleaning the computer completely. What's being tested is not the worm, but the mask. The only way the worm-writer can find out whether the mask works is to see if the anti-virus companies get past it.
When the successful mask has been confirmed, the worm-writer will issue spam in small enough bursts that it'll be impossible to identify what's happening, so the infected pc's won't be easily identifiable, and no one will guess the mask's existence.
Other worms with the mask would be issued to increase the supply of infected machines.
Finding a working mask would be worth experiments.

Anybody agree, disagree?
Posted by: Anton Philidor   Posted on: 02/17/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

did i miss something?  ryusen | 02/17/04
did zdnet forget something?  stephen732@... | 02/17/04
re did zdnet forget something  Llandros Loressin | 02/18/04
They may just assume it's MS  doctormoriarty | 02/18/04
spam related?  JWatson77 | 02/17/04
bagle o$  stephen732@... | 02/18/04
Okay sending spam is the goal, but how does it work?  Anton Philidor | 02/17/04
Agree  NT Admin | 02/17/04
Encysted code, maybe?  Anton Philidor | 02/18/04
Sounds good, in theory  NT Admin | 02/18/04
Use a Anti-Virus - end of problem  Xunil_Sierutuf. | 02/17/04
True but:  Suicida| | 02/18/04
They've tried  doctormoriarty | 02/18/04
Text-Only emails in Outlook  AWC_z | 02/23/04
user problem  knopf@... | 02/18/04
user problem  AWC_z | 02/23/04
How fix?  gsquared | 02/18/04
ISPs can stop this stuff  nroose | 02/18/04
ISPs can stop this stuff  knopf@... | 02/18/04
ISPs can stop this stuff  Quaint_Data | 02/19/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement
Click Here

SmartPlanet

Click Here