PLANO, Texas — How easy is it to enslave someone’s computer?
“All you have to know is how to click,” said McAfee Labs Research and Communications Director Dave Marcus.
To prove that point, McAfee has set up a demonstration for its clients where they actually create malware that can be used to enslave computers.
Russian crime syndicates are happy to sell would-be cyber-thieves or spies a basic toolkit for $4,000. Add-ons “with all the bells and whistles” might run as much as $15,000.
McAfee has coined this business CAAS, “crimeware as a service,” and it includes online or live tech-support.
Showing ordinary law-abiding web-users this software was once considered taboo in the Internet security community, but McAfee believes it’s more important “to get people a better understanding of [malware] and a healthy respect for what it actually does and how it actually operates,” Marcus said.
Participants are given a workbook and a special laptop that cannot be connected to the web. Devices that could download the software are forbidden in the classroom. Users open up the Microsoft friendly toolkit and within a few minutes have created a virus that can potentially enslave a computer. It is hidden on a phony bank email, a common phishing scam that attempts to direct web-surfers to a site that downloads the virus. To save time, the fake emails are pre-installed, but those are easy enough to spoof, Marcus said.
“It’s actually ridiculously simple too install the software,” he added.
Once the second virtual computer sends out a “ping” that the malware has been installed, the virus creator has complete control of the enslaved computer. He can read emails, and see what the person other is typing.
The overall point of the lesson is that the stereotype of the hacker as a code writing genius is false. All one needs is $4,000, the software and the desire to break the law.
“If you have the personality to be a cyber-criminal, the [syndicates] want to provide you with the tools. They don’t want to rely on you being a coder,” Marcus said.