Silicon Shecky

“I’ll make them an offer, they can’t refuse.” Remember that line? Well it seems that the TDL-4 botnet is using the same line, and very effectively.

TDL-4 has over 4.5 Million Zombies according to recent reports. It removes Malware it doesn’t like. It hides in the MBR of a machine, making it difficult to remove. All of these statements have been going around, and you can read more about the inner workings of TDL-4, all over the web. Kaspersky has a real good look at it. All that said, why am I looking at this phenom of a botnet? The botnet they claim is nigh indestructible.

to tell the truth, I’m looking at this from another angle. You see the ads on the sidebar of my page (unless you have an ad blocker). Yes, I put ads up on my site, in hopes of someone clicking on that ad, and then purchasing from the site. Its called affiliate marketing. I get a kickback if anyone does. I personally would love for those ads to pay for this blog, but so far, I haven’t made a cent. That is fine, this blog isn’t going away, and that is not the point of my rambling. The point is Affiliate Marketing.

Affiliate Marketing, is used by some people to great success. There are people who make millions of dollars per year through Affiliate Marketing. There are states which are writing laws to stop online companies from not paying taxes, claiming that Affiliate Marketing means the company has a physical presence in their state. It a big deal.

This brings us back to TDL-4. TDL-4 not only is a nasty nasty bug, but it gets spread through its own form of Affiliate Marketing in the underworld. In fact, people can get anywhere from $20 to $200 dollars per 1000 infections according to the Kaspersky article. These Affiliates can get credit for infections through multiple methods. Man in the middle Hijacking, Fake ads, Phishing scams, you get the picture.

So the botnet expands, the criminals all get a chunk of the cash, and we, the normal users get stuck with PCs that wind up slow, or mail servers that wind up blacklisted. It becomes a headache for IT. We can patch, run anti-viruses, have firewalls, and follow best practices to our hearts content, and we still are going to be vulnerable. We need some way of getting ahead of the curve on the whole issue. Unfortunately, that would rely con companies being forthcoming about their shortcomings, and letting people see code. That isn’t going to happen for a long time. So instead, TDL-4 will keep making deals the criminals can’t refuse.

Don’t you hate it when you can’t see a website? I know it drove me crazy for a few days. Then I checked my security software settings.

I was trying to check a couple of websites recommended to me out, and couldn’t see them on one of my machines. Laptop was fine, but my desktop would just show a blank page. As the pirate who had a steering wheel attached to him said, “It was driving me nuts.” I knew it was something on the desktop that I had either installed for testing or had set wrong. Turns out I was half right.

I use Kaspersky Internet Security suite on my machines, love it and recommend it to people. Its technology has allowed me to watch it block drive-by download attempts. So I decided a long while ago to tighten the security down on my Desktop. It worked really well, but the banner ad blocker was the thing keeping me from a website run by a marketing company, which had an article I wanted to see. Once I went in and whitelisted the URL, it was fine, but man, what a way to find out something works, and works well.

Back in March, Microsoft announced that Live One Care, a suite of security products, was going the way of the dinosaurs. Vendors such as Symantec and McAffe rejoiced that they didn’t have to go up against the 900 pound gorilla, and everything seemed to be fine with the world. Everything was back in its proper place.

That’s what you thought at least. In reality it has been leaked that Microsoft has been working on an AntiVirus program that will be free, and will be officially announced soon. Morro, as it is being called, is supposed to offer protection from viruses, spyware, trojans, and rootkits. It is also going to be free. Now it will supposedly only compete with software such as the low end offerings from the Major AV vendors, plus items such as the AVG free software out there. The real question is, how will this affect the AV companies, and is this going to be bundled with Windows 7.

Why bundle it with Windows 7? Well, the rumor is that it will be out of beta and on the market near the end of 2009. This puts it in the same time frame as the release of Windows 7 (Oct. 22, 2009). I figure it will come out as a High Priority Update a month after Windows 7 is launched, to try and circumvent the antitrust issues bundling Morro with Windows 7 would cause.

Try as the might though, if Microsoft ties Morro in anyway into Windows there will be antitrust allegations. Honestly, we have seen this sort of behaviour from Microsoft in the past, when it went head to head with Netscape back in the 90′s. Just look at all the lawsuits from that. The difference is that the AV/Security companies do have a lot more resources available to fight Microsoft in the courts.

My big question is this, why must a company such as Microsoft try to be everything? Can’t they learn to focus on the OS and other current offerings without getting into another software area? Add on that you can bet Morro will be heavily targeted by the underworld on the Internet, just because it is Microsoft.

This is something to keep your eyes on.