Windows Loophole Spawns Zombies Which Attack the Web 13398

This has been a Microsoft strategy at LEAST since Ultraviolet.org released a list of reasons why people should not use IE 4.0 with ActiveX controls.

Of course, IE 4.0 was released in 1997, and Microsoft pretty much ignored all of the warnings, but threatened to sue the nonprofit organization and the owner of the machine used to host these warnings.

In the original Web Pages, the warnings demostrated how easily one could: Create a file anywhere on the PC, including hidden directories. Modify any file on the PC, including hidden files and protected NTFS files. Hide any file on the PC - making it appear as if it had been deleted. Actually DELETE any file on the PC - possibly disabling applications. Replace one file with another. Read someones' outlook e-mail. Send someone e-mail using Outlook. Register for a Verisign publisher using false credentials and invalid credit cards. Get users to trust your CA without asking. Low-level corrupt the drive to the point where only the drive manufacturer can reformat it.

Some of these hacks are occaisionally republished by other sites, and they still work just as well as they always did. Of course, nowdays, it's not uncommon for these sites to trace back to a bogus stolen credit card used to pay for both the site and the certificate. While it may not be enough to prosecute the actually creator of the site, it is enough to have the site shut down.

Ironically, the United States government has been using the Patriot act to try and track down these Cyber "persons" and uses these sites as justification for broader search warrant and internet "wiretapping" methods.

Keep in mind that willfully damaging a computer system of any kind, ranging from a corporate server, government server, to a personal PC or even a PDA - is a federal crime - felony - and is punishable by 5 years in prison PER OFFENSE. When a hacker does crack thousands of machines, and he is finally arrested, the usual practice of the defense lawyer is to arrange a plea bargain which includes full disclosure of exactly how the crack was done, probation, and 2000 or more hours of community service (often working on computer security for OSS projects). And finally, a nondisclosure agreement in which the defendent agrees not to tell anyone how he did the hack, how he was caught, or even how the case was settled.

Repeat offenders are often given less leniency. They are given the choice of working for certain government agencies in a "lifetime commitment" which usually involves top-secret clearance and very close supervision in a tightly controlled environment, and living in an environment where they can be very carefully monitored. In this environment, any further violations result in "termination".