Discussing the state of malware with the press, we often explain the big, highly visible worms of the past are falling out of favor with attackers, being replaced with hack-for-hire type work. Attackers have found they can make more money creating trojans and setting up spamnets (using home PCs, DDoS botnets) than creating highly visible worms (iloveu virus).
This recent post to full-disclosure (security/vulnerability mailing list) provides a good example:
———- Forwarded message ———-
From: [redacted]
Date: Nov 12, 2006 11:20 AM
Subject: [Full-disclosure] KeyloggerYesterday I finished programming a keylogger, and have decided to sell it online for a small price. I have posted here because I believe people would be interested in a hacking tool such as this – keyloggers are the easiest and quickest way to obtain an email password. Here are its features:
-> Undetectable by ALL antivirus products in use today.
-> Remains on victim’s computer permanently (adds to startup).
-> Bypasses Windows Firewall.
-> Sends logs via email to your chosen email account.
-> Logs include computer information, current window name, and of course
logged keystrokes.
-> Logs are sent hourly.
-> Displays fake error message to user.My pricing plans are:
-> $11 = Keylogger.
-> $16 = Keylogger + Source code.
-> +$5 to either for access to all future updates.I only accept paypal/credit card.
Fortunately, OSFirewall will warn you if something attempts to log your keystrokes — without the need for AV/AS signatures:
Here’s what happens after you select "Deny":
Perhaps, you have something interesting to say?