The cybercriminal shares stories, technical details, but also provides advice for users

May 14, 2012 12:59 GMT  ·  By

Reddit features the interesting story of an individual who claims he is a botnet operator and a malware developer.

He starts his story by saying that he manages a customized ZeuS botnet made up of around 10,000 bots, which he uses for IRC, distributed denial-of-service (DDOS) attacks and Bitcoin mining. As expected, most of the processes go through an anonymity service to stay hidden from the “feds.”

In a post entitled IAmA a malware coder and botnet operator, AMA, at press time featuring around 600 comments, the man details his work and answers the questions of curious bystanders interested in the technical details of his activities.

“I don't pay taxes from my income, I would like to, but then I would need to answer difficult questions like where that money comes from. I withdraw cash and try to pay by cash every time it's possible,” he explains.

“Tax law enforcement is also very unsuccessful, a company can evade millions of taxes by simply setting up a bank account in switzerland and wiring all that money there. This however only works as long as the existence of such an account is kept secret.”

He also gives “non-obvious” advice for the average user on how to stay secure while surfing the Web.

Referring the mobile baking, he reveals that, “Banking on mobile phone, it's stupid, but atm 'not that dangerous as it seems', because 99% of cybercriminals can't code and there is no (serious) android or iOS malware yet on the market.”

The cybercriminal recommends users to read security blogs to stay up to date with the latest threats, but he particularly highlights the importance of updates, especially the ones made to the operating system and common applications such as Adobe Reader.

When asked about the security solutions that give him the most headaches, he appoints Kaspersky as being the most problematic. However, in the end, he claims he managed to get around it.

“Kaspersky was the most challenging at first, Kaspersky is paranoid as [expletive]! But it has an exploit in KIS, KAV and PURE, allowing to start malicious code in the memory context of a trusted system process unnoticed. Kaspersky won't interfere if it thinks it's the system process doing changes to the system.”