Windows and Malware

Posted on by Vytautas Kasparavičius

There is an interesting post / comment in redit. The guy claims that he now owns a botnet of ~10k bots and you can ask him anything about it. One interesting idea he mentioned was that all antiviruses suck and they are made this way for  a purpose. It is better for antivirus vendors to charge users on monthly basis for “updates” than to set up some defense mechanism to prevent virus infection at all (then there wouldn’t be any monthly charge). Also, he compiles his malware code for every machine personally. So such malware is not detected by heuristic antivirus software (of cause, he does have perl scripts which randomize code automatically).

In his opinion, it is possible to create such a tool that would prevent malware execution at it’s roots. On example of such tool – disk drives with “read – only” option. This way you setup your system (which you’ve got from vendor directly and triple checked hashes and so on) and after that, you put your disk to “read-only” mode. This way, any of the system files, MBR and etc could not be affected. All files and other useful / necessary stuff should be stored on a network drive / server (which would not allow any type of executable files). This is simple and effective however not so user – friendly: think, you want to update your PDF reader? Remove read – only lock, do the update, and then set the lock again. This would be pretty awful to use from user perspective.

Another approach is simply to monitor all system files, MBR and etc. For this kinda work he recommends GMER(been there, tried that, works as expected). However, this approach too is a no – go for an average windows user.

One more interesting thought: use only open source software (especially for encryption). If you don’t – you’ll never be sure you use the software which does what it advertises (for example, in US there are no such thing as 100% privacy).

On average day he does 40$ on bitcoin alone. That’s a day. It takes around 30 minutes of work a day. Pretty good job, right? Also, as he does not use stolen data (think – credit card numbers), but only sells that to a third party so he’s in so called “grey” area.

In the end, an interesting thought on malware market share :) (citation from one of throwaway236236 posts):

  • Linux: low market share, educated users -> hopeless
  • OS X: low market share, slowly rising, uneducated users -> some day maybe, but I never coded on OSX and am too lazy to learn to