Interview with an adware author

toolbars2

Philosecurity has an interview with [Matt Knox], a former coder for Direct Revenue, an adware company which was sued in 2006 by New York governor Eliot Spitzer. The interview contains some interesting details of how the adware code worked internally: it created a Browser Helper Object, then ensured that the Browser Helper Object stayed up by creating a poller to check every ten seconds and regenerate the Browser Helper Object if it had stopped running. The poller ingeniously masked itself partly by exploiting Windows’ Create Remote Thread function to run itself as a series of threads instead of as an executable.

The truly fascinating bit of the interview is how [Knox] defies your initial suspicion that he’s a complete scumbag; he started off writing spam filtering software, was hired by Direct Revenue to do traffic analysis, started writing tiny bits of code to improve the adware, and eventually wound up knee-deep in the code.  [Knox] notes that you can get ordinary people to do incredibly distasteful things if you break those things into small enough chunks and introduce them gradually.

[via Waxy]

[photo: xcaballe]

Comments

  1. BigD145 says:

    He knew exactly what he was doing. He’s a scumbag.

  2. jpipesup says:

    I’m with bigd, he can make as many excuses as he likes. if you’re a developer, then you certainly know what adware is, and you would know if you were working for an adware company.

    scumbag

  3. localroger says:

    This guy went down so hard in the service of the dark side you have to wonder if he has two kids named luke and leia.

  4. blizzarddemon says:

    Yeah like you guys never did something you didn’t want to do for money. If you work at some burger joint, and your manager tell you to clean the toilets, you’ll be cleaning those toilets damn right.

    Its the same thing, just with code instead of shit.

  5. BigD145 says:

    Not the same thing. This guy went around and dirtied those toilets just so you could clean them. he ate extra spicy chilidog with velvetta on top and then aimed for the floor, walls, and ceiling.

    He saw the path, walked down it, and even planted poisonous mushrooms and thistles all the way down.

  6. circs says:

    As if anyone here is regularly inconvenienced by adware/spyware/viruses. Bah. I state that if you are not equal to avoiding/handling this malware that you have much more experience to gain before you can call yourself competent.

    I frequently end up removing this software from people’s computers, and usually I just encourage a backup and reinstall approach, at which point I create an image of the clean system, and create a DVD. Reimaging usually takes 10 – 30 minutes. My goodness, such a trouble…

    Here’s the solution: Linux – Firefox – Noscirpt, and oh yeah and don’t download files that are obviously borked.

    Though I do love this one line, “I actually believe that if you sum up everything I did it comes out positive, if only because I kicked off an awful lot more adware than I installed.” I lolled a lot. Yeah I don’t buy that at all, but I do think it’s really funny.

    Would I do it? If I was broke and it was do it or go hungry/lose my home, yeah, you bet I would.

  7. Cyrozap says:

    @circs
    Don’t forget Adblock Plus!

  8. Rick says:

    HANG ‘EM!

  9. Rangerx52 says:

    i hope the interviewer beat him unconsious when it was over. This man deserves to be strapped to a chair and forced to watch commercials for the rest of his life

  10. cde says:

    I for one, support the guy and his efforts. It’s people like him that keep people like me with nice, easy side work for spending money. Well, people like him and the people who don’t know how to use computers.

    I bet his main pc is a mac :D

  11. wtf says:

    If someone pays me to write nasty but legal code, why should I give a shit. Since when did Software developers have any moral responsibility? Leave that to the plastic surgeons and the legal profession.

  12. Lord Taco says:

    I’m curious only as to where this epic screenshot was aquired.

  13. sheep says:

    @lord taco: http://images.google.com/images?q=toolbars

    @scumbag: die!

  14. Roboguy says:

    I don’t get adware, etc., but I could really do without the “Would you like to install Google/Yahoo/AIM/Adobe/crapola toolbar?” option in installers.

  15. TJHooker says:

    With your average ITT grade engineer it’s usually wherever the finances take you..

    I did some stuff in ~2001 with the MS agent and user friendly interfaces. The threading part is the only thing remotely interesting here.

    The most sophisticated malware to date was rustock.c and the bulk of it’s hype was the packer it came in. It was spread through email attachments and did a lot of hooking and hiding in other drivers.

    That’s almost as good as malware gets without living in some volatile chip memory or becoming the host/kernel.

  16. Nick says:

    That screen shot is epic! although i think that guy wins the douche bag of the year award, i would much rather be willing to strangle the dumb ass who asks me “whats wrong with my computer?”.

  17. Richard says:

    if you get pwnt by that sort of crap, then you deserve to – darwin is alive and well and working his magic in cyberspace.

    but yeah, the guy’s a class a+ dickhead and should be made to walk the plank… and anybody who’d do the same should follow him. :-)

  18. luke says:

    as some one who fixes peoples computers, by removing this crap, i would have no problem with him going to jail.

  19. Richard says:

    @ luke – if I believed in hell, I’d have no problem with him going there either.

  20. Coderer says:

    @blizzard: the difference is, you go to work at a fast food joint to sell food to people that, though it might be a bit unhealthy, the customers generally *want*. To my knowledge, there are no malware/adware products created by companies that also write spreadsheet software or video games — if you go to work for a company and they have you writing adware, you pretty much knew they were an adware company when you took the job.

  21. Jeshii says:

    Re: “[Knox] notes that you can get ordinary people to do incredibly distasteful things if you break those things into small enough chunks and introduce them gradually.”

    Anyone else reminded of the United States of America Corporation from Snow Crash? XD

  22. Nubie says:

    @ Coderer, you are forgetting that malware hides in smiley packages and “desktop assistants” and “deal search bars” Or Free porn bars.

    People Want those, you may have confused want with need.

  23. Nubie says:

    Whooops, what about the wildtangent adware? It is sold in video games from walmart and other computer stores (or are they no longer in the adware business)

  24. jpipesup says:

    @nubie
    I challenge any adware company to distribute their software with the initial screen saying:
    “This software will produce popup advertisments at random times during browsing and send browsing information to our company and our affiliates. To continue, click next”

    See how many people “want” their software then. They are using a standard hacking technique – social engineering – to get inside the victim’s machine.

  25. HGHBooster says:

    nice picture, looks like my old internet explorer totally frozen.

  26. Nubie says:

    For the record if doing this meant money, and not doing this meant no money+starving, then I would probably do it. It doesn’t break the law does it?

    Heck the guy is my hero for insuring my job security (or is that Microsoft IE insuring my job security?) If I had a job that is, I only do this freelance for acquaintances.

  27. Nubie says:

    @jpipesup

    The companies do distribute adware that says that on the initial page, you just have to be able to read in english (as well as actually read it, which is by all counts more difficult than being able to understand english.)

  28. sounds wrong but… i’m not angry against this guy. i’d bet a lot of you would’ve done the same. you’re broke, you’re a good coder, why not?

  29. joe57005 says:

    I can understand why he did it, but it’s still wrong. Some people will kill and eat each other because they’re starving to death, but does that make cannibalism any less wrong?

  30. hulloha says:

    I love this guy, as well as the people who wrote “Win-Antivirus”. I pay for my schooling with the money I make removing this stuff from people’s machine. If they stopped making spyware/adware/malware/shitthatfucksupyourwindowsinstallware, then I’d be out of a job.

  31. hulloha says:

    Why on earth does hackaday make everything lowercase in the comments.

  32. anonymous coward says:

    well this schmuck keeps me in business. i run an out of home pc repair business locally. thank you for keeping gas in my car; i don’t want a real job.

  33. freyyr890 says:

    If the pay was right I would have no problem writing adware so long as it is within the bounds of the law.

    Actually I have no reservations against the guys who right the ‘hard’ malware (viruses, worms, trojans…) either. Just think, if self-propagating worms didn’t exist, we would have as secure networks as we do today?

  34. I can’t believe some people think that writing adware is acceptable. There are no excuses ever for proliferating adware and viruses across the internet.

  35. LOLDONGS says:

    Actually there is an excuse: Doing it for the lulz

    Doing it for money is just plain wrong.

  36. Morgan says:

    HHahahha I lolled when i saw the purple monkey.. I used to have it = [

  37. Low Pro says:

    If you’re sending this guy to the gallows, then send anyone who ever made a commercial or has orchestrated product placement in movies/TV. Lynch tho people who pay schools (fer crying out loud) to promote their product for a week. Ever hear about that kid getting suspended for wearing a pepsi t-shirt during coca-cola week?

    People don’t read. That’s why they get spyware and other malicious code. Don’t hang this guy, thank him! Not just for the work opportunities, but for waking up a world of youth to the risks and responsibilty that go with technology!

    People who judge this man harshly have never done anything wrong and we should appoint you as leaders of the human race, effective immediately.

    He didn’t install it on anybody’s computer except his own. Same goes for lusers.

  38. Louis II says:

    low pro:

    But! BuT!! I WANT big brother to take care of EVERYTHING for me so that my only responsibility in life is to be mindlessly entertained with out any responsibility at all!!!
    /sarcasm off.

    Your point is perfectly reasonable, but the sad truth is that we have a world of societies built on self-worth deficient individuals, seeking anything and everything that makes them look/feel valid, smart, capable, attractive or entertained/entertaining.

    I think the english had a name for it: “quiet desperation” To me this means that many live in a state of self denial and make subtly trendy attempts at fitting in to a construct they don’t even like so that they can feel worthy of existing.

    Some times I think that is what separates the hackers/technologists from the average human; they’re finding their own ways to be entertained, rather than delving in to a world of circumstance created by the “elite” who own/run everything else.

    So what is hacking?
    Perhaps it is the ability to read, write and make decisions for one’s self, rather than for a facade of social integration?

  39. Cassie Olesky says:

    I’ve found it worrying that the information on spyware and virus problems has not been keeping up with the danger. It seems like several years since spy ware or virus software gained from any awareness greatly. I wonder if that’s the reason why problems continue and folks are falling victim to viruses and spyware.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,499 other followers