> > Nowadays the big, noisy, obvious, "own the net" type "outbreak" of > > yesteryear is not the model of choice for your typical cyber-thug (you > > know, those running virtually all malware these days).. > > > > In fact, _avoiding_ exactly that is pretty much top of their list of > > desiderata. > > How do we know this? > > I mean, it seems kind of circular to say "We haven't seen another Code Red II > for a while, so the malware writers are doing other things." Of course they > are off doing other things: we haven't seen another Code Red II in years. > > What other evidence exists?
This is a business now - albeit illegal, but a well-established, organized, "professional" business. The compromised machine (or browser) is the commodity. The longer one can extend the life of the commodity, the more useful and profitable it is. Probably the best source of evidence of this is the fact that there are currently millions of compromised machines that could easily be exposed via a "Code Red III" event, but they are not - they are being used for fraud instead. You can only skin a sheep once, but you can fleece it over and over. I'm sure Nick can come up with precise examples if he wants to. He knows what he's talking about in this space. t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
