SpyEye Botnet Nets Fraudster $3.2M In Six Months 99
wiredmikey writes "The SpyEye Trojan has a well-earned place of respect in the cyber-underground as an adaptable and effective piece of malware. Those same traits have also made it a bane for countless victims and the security community, and new research provides yet another reminder of why. According to security researchers, a hacker in his early 20s known by the alias 'Soldier' led a bank fraud operation that netted $3.2 million in six months. Powered by the SpyEye crimeware kit and aided by money mules and an accomplice believed to reside in Hollywood, Soldier commanded a botnet of more than 25,000 computers between April 19 and June 29 that compromised bank accounts and made off with the profits. Most of the victims were in the U.S., but there were a handful of victims in 90 other countries as well. Among the affected organizations were banks, educational facilities and government agencies."
the biggest problem here, personal responsibility (Score:2, Insightful)
Is that the victims were generally NOT the people who allowed botnets to run on their computers. Because if they had been, maybe that would have been just punishment for harming the common good by allowing malware.
This is 2011. Personal computing has existed for, depending on just how you measure, about 35 years. I've been using them that whole time, and have NEVER, not once, had any form of malware. It just isn't that hard, and people have had 35 *years* to learn to not run shit. It's time we start holding people responsible for the results. In this case, the owners of those 25,000 compromised machines should be responsible for the 3.2 million that was lost. It should be their responsibility to pay it back.
If people drive carelessly and crash into a crowd of people, we hold them responsible. If an engineer designing a bridge is careless and the bridge falls down as a result, we hold them responsible. It's high time we start holding people responsible here as well. If you can't act responsibly, then you don't get to be on the public internet with everyone else, just like if you can't drive responsibly we eventually take away your license. You are still free to drive on your own private land, just like you're still free to use your computer on your own private network, but you don't get to use it where the rest of us are trying to be responsible citizens of the online community.
35 *years*. Time to fucking stop running malware. Yes, the botnet operators also are responsible, but that doesn't mean the owners of the compromised systems are NOT. They are as well.
Re:the biggest problem here, personal responsibili (Score:5, Insightful)
In a world where picture frames come preinstalled with malware, in a world where simply visiting the wrong website can infect you if Flash has an unpatched vulnerability, that's too simplistic.
I blame people for running Trojans, I blame people for not doing updates (but come on, what other industry would tolerate having a recall on the second Tuesday of every month), but this is still a world in which drive-by downloads are possible. I run Noscript, of course, but don't expect anyone else to live with the problems it causes.
Re:the biggest problem here, personal responsibili (Score:2, Insightful)
If your mom or your friend cannot operate a computer without getting it infected with malware and trojans, they are not qualified to be operating a computer and should not be doing it. Furthermore, if they choose to do it despite their incompetence, they should be held liable for whatever damages their use does to others.