[LINK] Your money dot con on ABC/RN

Sun Jun 24 15:25:07 AEST 2007

At 10:09 AM 24/06/2007, Rick Welykochy wrote:
>that is causing this financial fraud epidemic, i.e. PCs running
>Microsoft Windows. I have never heard of a Linux or Mac or BSD or
>other Unix zombie.

There are a few Nix based zombies, but they tend to be used by 
kiddies rather than organised crime.

Putting something on a Nix box tends to show up quickly, whereas it's 
easy to hide things on a windows box, automate restart of killed 
processes and auto run processes through modification of applications.

Something a little harder to do with a Nix platform :)

>The estimate made in the report is that approx. 50% of all PCs (running
>Windows I would conclude) are now owned by the Zombie Lords of the
>Underground Criminal Internet - we are talking hundreds of millions
>of PCs here. A zombie controller PC was investigated and found to
>be controlling about 1,000,000 zombies.

I'd be skeptical.

>PC users should now be updating their anti-virus databases every 12
>hours,

Well that's a bit ridiculous.  This opens the question of "are the 
anti squad part of the creation squad" theories.

We've seen anti-virus library updates in the past released months 
before the virus is even written.  Strange how that can happen.

>Banks will continue to be mum about online fraud (it is in their
>interest to refund the odd complaint and keep their traps shut),
>law enforcement officials will continue to pass the buck from one
>dept to the next and consumers will continue to run totally insecure
>computers on the insecure internet.

Consumers are lambs.

>California has enacted a law that makes it a crime to fail to
>report an online theft, fraud or other criminal activity. Sounds
>like a good first step to me.

What if the victim doesn't know it's happened?  The police find out 
first because someone doesn't bother to check their credit card 
statement "Oh, $3241 is about right" and the next minute the victim 
is a criminal!

I think when you make victims criminals, you encourage crime.

>A great second step would be to make it a criminal offense, actionable
>in the civil courts as well, to write and deploy software that lacks
>sufficient security provisions to prevent online fraud from happening
>in the first place. Call it "duty of software care" legislation.

Won't happen because no one can guarantee software is 
infallible.  Would you want to put yourself up for such risk?