This Story Made Me Spill My Noodles


As any regular day, this evening after work I settled with a snack (today: Cup-o-noodles) behind the computer for some "light reading" of industry blogs and their related links. This was a safe activity until tonight, when I came across this 180solutions press release, which made my noodles fly all over the place.

Let's for a moment sidestep the disregard for the great research work my collegues at FaceTime did, and focus on this quote:

However, according to McGraw, the company took the extra measure of requiring each user to re-opt in to the installation a second time, even though proper consent was obtained at the time of first install. "In this case, the re opt in opportunity wasn't required, because the few users who did install our software as delivered in this exploit did so with knowledge and consent," McGraw said. "But it was the right thing to do given the unorthodox and unapproved nature of the installation interface those users encountered."

Now let's read that again.

How can one join "even though proper consent was obtained" and "unapproved nature of the installation" together in a single paragraph?

Let us assume, for arguments sake, that there are people out there who actually want something like Zango on their machine. These are the people that want Zango so much that they would be willing to install a Botnet Zombie + Rootkit + Trojan + assorted exploits on their machine? That know instantly what is going on their system, whereas it took a team of trained specialists days to investigate ??

I want to know who these people are. I haven't figured out whether I would want to hire them or put them in an assylum, but I definitely want to see them!

Sure officer, I obtained proper consent in aquiring these funds. He said: "Ok, Ok.. Here's my wallet, just don't shoot me."

While on the law-enforcement subject, consider these facts:

- 180 clearly knows about the botnet issue (as per their own press release)
- The botnet operator is clearly breaking several laws
- 180 identified who the affiliate using the botnet is (because they claim to have shut him down)
- 180 know the contact details of the affiliate (they need these on every affiliate to be able to send them payouts)

- Legal quote: "It is the duty of every corporation or person who has reasonable grounds to believe a crime has been committed to report promptly the suspected crime to law enforcement authorities." (Besides, it is the right thing to do)

I know first hand that FaceTime has contacted and cooperated with the proper authorities on the issue.

So, the question is:
Has 180 delivered the contact details of this botnet operating affiliate to any law enforcement agency?

About this Entry

This page contains a single entry by Jan Hertsens published on February 21, 2006 8:18 PM.

Sometimes I Hate Being Right- Send Keys was the previous entry in this blog.

Look Out Below! is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.