Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 8th, 2008, 1:53pm
   Mischel Internet Security Forum
   General
   Announcements (Moderators: Helena, Gavin_Coe, Magnus)
   New Paper: "Trojan Explosion" by Gavin		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: New Paper: "Trojan Explosion" by Gavin  (Read 1354 times)
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4091
New Paper: "Trojan Explosion" by Gavin
« on: Jan 19th, 2006, 6:15am »		 Quote Quote  Modify Modify
A new paper by Gavin dealing with the history of trojans and the current trends in malware is available at http://www.misec.net/papers/trojanexplosion/
 
Enjoy!
« Last Edit: Jan 19th, 2006, 6:17am by Magnus » IP Logged
hayc59
Original Gangster
******




VoodØØ Child™

   
WWW  

Gender: male
 Posts: 1428
Re: New Paper: "Trojan Explosion" by Gav
« Reply #1 on: Jan 21st, 2006, 9:09am »		 Quote Quote  Modify Modify
Very Nice and Thank You Wink
« Last Edit: Jan 21st, 2006, 9:10am by hayc59 » IP Logged
Brandon
Full Member
***





   


Gender: male
 Posts: 246
Re: New Paper: "Trojan Explosion" by Gav
« Reply #2 on: Jan 21st, 2006, 4:34pm »		 Quote Quote  Modify Modify
Nice paper Gavin Grin Thanks.
IP Logged
ASAP member since 2006 : Malware Complaints : a-squared Team
doubledown
Full Member
***





   


Posts: 144
Re: New Paper: "Trojan Explosion" by Gav
« Reply #3 on: Jan 23rd, 2006, 7:08am »		 Quote Quote  Modify Modify
Thanks for a very interesting overview of this topic - just out of interest I'm wondering how these trojan/spyware attacks actually generate money for the perpetrators? - to quote from your article:  
 
"Many attacks are organised crime, spyware or other trojans designed to earn money for someone out there. A tiny EXE file included in an installer can sit silently earning the owner 2 cents a day - PER infection. Such trojans known as Trojan CLICKERS can infect thousands of machines and make the author a lot of money."
 
Is this because the malware for example forces pop-up adverts to appear on the infected computer? - how does the "owner" of the malware then derive their revenue from the advertising?
 
Thanks for any insights.
IP Logged
illukka
Full Member
***



spyware fighter

316614602 316614602     mrllukka


Gender: male
 Posts: 124
Re: New Paper: "Trojan Explosion" by Gav
« Reply #4 on: Jan 23rd, 2006, 8:03am »		 Quote Quote  Modify Modify
they have counters on their ad servers..
also when drive by installed these trojans call home, again counters...
IP Logged
I Am A Proud Member Of ASAP Since 2004

To Ride, Shoot Straight And Speak TheTruth
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Posts: 1943
Re: New Paper: "Trojan Explosion" by Gav
« Reply #5 on: Jan 23rd, 2006, 8:29am »		 Quote Quote  Modify Modify
Clickers are quite common, all you need is a small application which spawns a hidden internet explorer window, and less than optimal security by the PC owner. Doesnt draw attention to itself, doesn't show any symptoms which would be obvious to the user. All it needs to do is download one webpage and then exit..
IP Logged
CalamityKen
Newbie
*





   


Gender: male
 Posts: 3
Re: New Paper: "Trojan Explosion" by Gav
« Reply #6 on: Jan 23rd, 2006, 8:31am »		 Quote Quote  Modify Modify
Read Ben Edeleman's very informative site:
http://www.benedelman.org/
 
It will take you a bit of time to read it all.
IP Logged
See CoU at least weekly:
http://www.dozleng.com/updates/index.php?&act=calendar
Member of A.S.A.P. since 2004
http://asap.maddoktor2.com
I support the right to arm bears
doubledown
Full Member
***





   


Posts: 144
Re: New Paper: "Trojan Explosion" by Gav
« Reply #7 on: Jan 23rd, 2006, 8:33am »		 Quote Quote  Modify Modify
Thanks for the information illukka  Smiley
 
What I'm still wondering though is who is paying 2c to whom - i.e. what is the "malware business model/scam" that is generating the profits? Clearly it's not the end user of the pc being scammed - presumably in that sense no financial crime is being perpetrated against the end user merely by having unwanted adverts/browser redirections - although of course that is a major irritation and inconvenience, and certainly such software unknowingly installed without the users permission is unwanted.
 
I realise of course that there are keyloggers etc with the potential to subject the pc owner to a more direct type of fraud in terms of stealing banking details and so forth, but presumably that's not what we're talking about here.
IP Logged
CalamityKen
Newbie
*





   


Gender: male
 Posts: 3
Re: New Paper: "Trojan Explosion" by Gav
« Reply #8 on: Jan 23rd, 2006, 8:49am »		 Quote Quote  Modify Modify
I believe it works like this:
 
* Marketing company makes pop up ad software and or a hijacker application
* Marketer signs up companies that want to have their site promoted on the Internet
* The company that wants their site promoted then signs a contract (I believe) to pay the Marketer a certain pay-per-click fee for each time a visitor clicks on the link to view the ad
 
Please read Ben Edelman's site for a complete description of the Marketers and how pay-per-click works.
IP Logged
See CoU at least weekly:
http://www.dozleng.com/updates/index.php?&act=calendar
Member of A.S.A.P. since 2004
http://asap.maddoktor2.com
I support the right to arm bears
doubledown
Full Member
***





   


Posts: 144
Re: New Paper: "Trojan Explosion" by Gav
« Reply #9 on: Jan 23rd, 2006, 9:54am »		 Quote Quote  Modify Modify
Thanks CalamityKen and Gavin for your informative posts  Smiley
 
My last post was before I saw CalamityKen's link to Ben Edelman's site - very interesting at a cursory glance, and as you say, a great deal of detailed information to digest there. Thanks for the summary of the situation in your last post CalamityKen - I think I now get the basic picture of the financial incentives behind the malware business.
 
IP Logged
doubledown
Full Member
***





   


Posts: 144
Re: New Paper: "Trojan Explosion" by Gav
« Reply #10 on: Jan 24th, 2006, 10:47am »		 Quote Quote  Modify Modify
Having browsed a bit further round Ben Edelman's impressive site the fact that malware is now in the realm of big business is very evident.
 
Well, I guess that puts to rest my stereotyped notions of trojan writers being geeky antisocial loners using their coding talents for their own devious ends  Wink  
 
Presumably they are more likely to be bright, well-presented, ambitious computer science graduates turning up to work in a gleaming office block with a positive team environment and a strong quality focus on delivering "best-in-class" spyware solutions - though i'm sure they don't call them that in-house!  Shocked
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register