Link: http://philosecurity.org/2009/01/12/interview-with-an-adware-author

This Q&A is an interesting interview of a coder who used to work for an adware company. Direct Revenue was sued by New York Attorney General Eliot Spitzer back in 2006 (http://www.out-law.com/page-6817); the eventual judgement exceeded $1 million. Matt Knox - the adware coder being interviewed - shared some interesting insights on user practices and the act of compromising Windows internally, as well as how easy it is to end up doing things that you would never expect you'd end up doing for a job.

Sample quote:


For a little while, the site through which all their ads ran was something like top 20 in Alexa. Monstrous, really huge traffic. Maybe 4 or 5 months into my tenure there, a virus came out that was disabling some of the machines that we had adware on. I said, “I know enough C that I could kick the virus off the machines,” and I did. They said “Wow, that was really cool. Why don’t you do that again?” Then I started kicking off other viruses, and they said, “That’s pretty cool that you kicked all the viruses off. Why don’t you kick the competitors off, too?”
It was funny. It really showed me the power of gradualism. It’s hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.

S: Did you feel this was the gently sloping path to Hell?
M: Oh yeah! Absolutely. [ laughs ] I actually believe that if you sum up everything I did it comes out positive, if only because I kicked off an awful lot more adware than I installed.

Read that a few days ago, very interesting

I had a difficult time reading it because I kept wanting the interviewer to drill deeper into the questions. I don't think Knox was being completely truthful in the interview, or at best was intentionally leaving stuff out. Perhaps this isn't dissimilar to illusionists and mentalists not giving away trade secrets, but frankly I don't care. Adware is the single most prolific malware out there in the wild right now, and they hide behind a semi-legal status to keep from being outright verboten in software development. This type of stance concerning this type of malware is what Sony and Symantec have used in the past to justify their including rootkit or rootkit-like code in their DRM and Antivirus software respectively.

Also, I found his response to what people could do to be safer online (run UNIX) to be a typical condescending cop-out, especially because he should know that if the majority of the market were running a *nix, then the focus of the adware developers would shift accordingly and whichever *nix was en vogue would de facto be the highest target. What would be the suggestion then-- run Windows? That's a patently ridiculous suggestion when there are far more useful things to suggest to people. Heck, it could be broken down to about three rules for most people:
Use a firewall.
Use antivirus.
Don't agree to anything from an online source unless you understand exactly what you're agreeing to.


Most people aren't stupid, though many are ignorant to the implications and details of how things like these adware "free" offers and programs work. Once they're informed, most people avoid that crap like the plague.

Oh, and his claims of persistence in the adware he wrote was crap. It applied mostly to Windows XP, and none of the examples he gave could have stopped me from removing it. Guys like me-- who are nuts-n-bolts centric and can take apart or put together an OS from pieces, even though we aren't programmers-- are every bit as prevalent as programmers like him, and there is a smaller group of experts out there who have a great amount of skill on both sides of that fence. I'm more than willing to point out that his skills with code are far above my level, but I'd no more assume that he's being honest with me with answers like in that interview than I would assume that Derren Brown is being completely honest with me in his explanations for what he's doing with his tricks. I used Brown in comparison because I do find him entertaining and think that he's quite skilled, just as I'm sure Knox is quite skilled in his craft. Using obfuscation to maintain the integrity of any software, even adware, doesn't require skill, though. All that requires is the willingness and drive to deceive.

Sorry if my reaction to the interview seems somewhat aggressive, but this type of malware is the type of crap that can ruin a day for me at work-- I'm an IT manager and I maintain the systems at the company where I work-- and I would gladly give up the impression from others that I have some sort of mystical or high-level skill for blocking and removing this stuff if every bit of adware were to disappear tomorrow.

Guys like me-- who are nuts-n-bolts centric and can take apart or put together an OS from pieces, even though we aren't programmers--


If you're that good (and I'm not doubting you), would you please consider paying me a visit (http://forums.randi.org/showthread.php?t=133745) in another thread? I suspect my query would be a two-minute no-brainer for you.

Rolfe.