Looks like I have a new project for next week, once this weeks messy proposals nastiness is out of the way. A staffer at a Russian ISP tipped me off to an old malware company learning a new trick, with essentially a distributed, keyboard-watching spy network turning your typos into gold in the form of misspelled domain registrations leading to portal-potties full of ad-trash. First step is figuring out their program’s nuisance-grade request obfuscation (calling it “encryption” would be like calling a McDonald’s trainee a chef, but I haven’t gotten around to decoding it yet); next step is flooding it with statistically significant bogus requests and seeing if they take the bait. Third step, as you know, is profit! publishing the findings for peer-review, and retaining a lawyer*.

PS. VMWare Player kicks ass. This is free (as in beer) virtual machine software that runs on Windoze, Linux and probably a couple others. Free as in catch did you say? Of course there is a catch: it won’t let you create your own virtual machine images (officially…), only download and run pre-made ones. However, here is also a great article on creating your own custom images using QEmu, an open-source virtualization program that can write image files in VMWare player’s format. The easiest way to set up a dodgy-software sandbox is create a blank IDE (or SCSI, etc.) drive image using Qemu, start it inside VMWare Player, pop in your favorite** OS install CD, and close VMWare & make a copy of the image files when the OS finishes installing. Viola, you now have a perpetually clean OS copy to run dangerous crap on! When finished, simply close VMWare again and overwrite the now dirty copy with your saved clean one.

*for when theirs inevitably find out that said findings have been published, and raises a hissy. Or, move to Finland and simply thumb nose at malware vendor…

** as measured by the remaining thickness of the install CD (you reinstalled Windows HOW many times? Gosh, you must love it!).


Leave a Reply