Viral advertising

Philosecurity recently published an extremely interesting interview with a guy who used to write adware. He lays out in very clear terms what anyone venturing out online—especially from a Windows box—is up against:

Matt Knox: So we’ve progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that’s encrypted– really more just obfuscated– to an executable that doesn’t even run as an executable. It runs merely as a series of threads. Now, those threads can communicate with one another, they would check to make sure that the BHO was there and up, and that the whatever other software we had was also up.

…

Sherri Davidoff: How private is people’s information today?

M: Not at all.

S: Do you think that in our society we delude ourselves into thinking we have more privacy than we really do?

M: Oh, absolutely. If you think about it, when I use a credit card, the security model is the same as that of handing you my wallet and saying, “Take out whatever money you think you want, and then give it back.”

Chilling to hear the details, but sadly not so surprising.