Software Theft a Problem for Actual Thieves

By

Published October 01, 2010

| FoxNews.com

Pity the criminal mastermind. After all, he's a victim too.

The FBI announced Thursday that it had cracked a scheme that used "a potent strain" of the malicious Zeus application to siphon millions from bank accounts in the U.S. and abroad. Zeus is software that secretly turns PC against their owners, linking the computers into a "botnet" of zombies -- a network of PCs completely unaware of the software they're running.

Zeus is available to buy for this purpose on numerous underground forums. But sadly, not everyone pays the software's author for his careful labor.

"There isn't just one Zeus botnet out there, there are hundreds if not thousands of them," explained Roel Schouwenberg, senior anti-virus researcher with security software firm Kaspersky Labs.

"When you look at the Zeus business model, it's a package that anyone can purchase to conduct attacks … that can be monetized in one way or another," Schouwenberg told FoxNews.com. That flexibility has quickly made Zeus one of the most potent threats on the Internet today.

And despite the sophisticated digital rights management baked into Zeus to protect it from theft, that's exactly what has happened.

"Zeus is actually being pirated, so you can get all the versions for free," Schouwenberg said.

Criminals seeking Zeus can track it down readily using simple searches online, he said. "Though these versions will most likely be older and/or pirated. To find the most recent versions of Zeus knowing Russian will definitely help," he added.

Today's modern criminal needs protection, just as a legitimate franchise like McDonald's or Barnes & Noble needs protection for its trademark, its business concept, its know-how. Without such protection, all the crook's best ideas would simply be stolen, the entire business would be replicated as a cheaper alternative, and the original business would be destroyed.

That's why the criminal masterminds behind Zeus carefully protect their piracy-promoting program from being pirated, said Sergei Shevchenko, senior malware analyst for security software company PC Tools.

"With an apparently growing network of ZeuS operators, the real masterminds behind the ZeuS construction kit understand one thing: They have stay above the competition -- and they have to protect their software both from the pirates who steal it and from the competing gangs that are trying to copy their best ideas," Shevchenko told FoxNews.com.

"Thus, they introduced a hardware-based activation process similar to Windows activation, to make sure only one purchased copy of the ZeuS kit -- the kit that produces malware -- can run on one computer," he said. Without it, "the ZeuS kit would be pirated, that would in turn discourage the authors from further development of ZeuS, and they’d eventually quit, just like normal piracy destroys legitimate businesses."

Modern criminal activity is complex business, one that requires professionals with legitimate diplomas and advanced skill sets. It's very different from the malware scene five years ago, Shevchenko explained, when the malware market was chaotic, full of buggy viruses that crashed all the time, competing authors stealing each others’ ideas -- and even building viruses that eliminated other viruses as soon as they infected computers and networks.

"The malware scene is very different now," he told FoxNews.com. "It quickly adopts the best principle of the normal software development lifecycle, by introducing QA, project management, by delegating different stages of the malware development process to different specialized professional programmers such as kernel driver developers, developers of sophisticated packers, GUI builders, etc."

"By involving professional programmers, many of whom have University diplomas, malware development becomes a very expensive process," Shevchenko told FoxNews.com. "Thus, the malware kit price climbs up, and then its developers need protection from piracy."

"Ironically, these programmers do not see crime in their action," he added. "They compare it to Kalashnikov gun manufacturing ('we make the weapon, it’s not up to us how it’s used'), implying that while the AK-47 is a weapon of choice for terrorists and mafia, it’s still a subject of pride for many."

FoxNews.com's SciTech section is on Twitter! Follow us @fxnscitech.

URL

http://www.foxnews.com/tech/2010/10/01/software-theft-problem-zeus-botnet/