Slashdot Mirror

← Back to Stories (view on slashdot.org)

Infected PCs for Rent

Posted by michael on from the 2-bedrooms-1-bath dept.

prostoalex writes "UK authorities are raising concerns about entire networks of infected and compromised PCs (BotNets) being available for sale or rent to the highest bidder. The Register quotes a detective from Hi-Tech Crime Unit saying 'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'"

44 of 281 comments (clear)

  1. I'm going to rent a bunch of these by Anonymous Coward · · Score: 5, Funny

    Install distcc, and install Gentoo in record time.

    1. Re:I'm going to rent a bunch of these by irokitt · · Score: 4, Funny

      On the same note, SETI@home is also interested.

      --
      If my answers frighten you, stop asking scary questions.
    2. Re:I'm going to rent a bunch of these by Lord_Slepnir · · Score: 5, Funny

      you mean in under 8 hours???

  2. Gives a whole new meaning by overshoot · · Score: 5, Funny
    to "on-demand computing."

    Kinda sad to see IBM, HP, and others lagging so badly in commercializing this important new technology.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  3. The real culprits... by D-Cypell · · Score: 5, Funny

    Good to see big industry players using their expertise and experience to enable new market creation.

  4. Damn by Beer_Smurf · · Score: 5, Funny

    Damn, one more thing I can't do with my mac.

  5. Blessing in disguise? by Dachannien · · Score: 5, Insightful

    If you can sell it, you can get stung selling it. This may be the sort of thing that law enforcement agencies need in order to start busting people.

  6. Terrorism? by MrChuck · · Score: 4, Insightful
    So how long before companies/gov't are taken "hostage" by rented DOS machines?

    Now, if we just BLOCK connections from windows boxes to our machines except for (say) WWW or DNS, then our lives are better. pf (in openbsd and now freebsd 5) can do it.

    Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.

    1. Re:Terrorism? by nil5 · · Score: 5, Funny

      Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.

      Looks like the only person using IPv6 is a spammer!

    2. Re:Terrorism? by PurpleFloyd · · Score: 5, Informative
      So how long before companies/gov't are taken "hostage" by rented DOS machines?
      It's already happening. Plenty of online casinos have been the victims of blackmail from DDoS attackers - basically, the DDoS'ers are running a protection racket. I've heard that the Russian organized crime syndicates may be involved; obviously, this is only speculation by myself and others.
      --

      That's it. I'm no longer part of Team Sanity.
    3. Re:Terrorism? by dustmite · · Score: 5, Insightful

      Distributed DDOS on an organization's servers IS NOT TERRORISM already (unless explicitly accompanied by physical violence or threats of physical violence). Sheesh, have we all been that brainwashed already by Bush and things like Patriot Act?

      If DDOSing some servers is "terrorism", then so is almost every single crime in the book.

    4. Re:Terrorism? by PurpleFloyd · · Score: 4, Funny
      "Speculation is worth nothing"

      Jeez, you must be really new here, huh?

      --

      That's it. I'm no longer part of Team Sanity.
    5. Re:Terrorism? by SacredNaCl · · Score: 4, Interesting

      So how long before companies/gov't are taken "hostage" by rented DOS machines?

      That kind of thing already happens. A friend of mine does administration for a couple small and medium size ecommerce sites. The calling card is typically a 30 minute DDoS attack followed by an email and/or phone call saying "we can make this problem go away if you pay us".

      If you don't pay them they DDoS you a few more times. If you pay them, they DDoS you a few more times and demand more money. Only option is to go to the Feds with it and hope they use attacks your upstream provider can help filter.

      --
      Freedom is merely privilege extended unless enjoyed by one and all.
    6. Re:Terrorism? by sgifford · · Score: 5, Informative
      It depends on whose computers they are. 18 USC 2332 (b), as modified by the Patriot act, defines terrorism as:

      (5) the term ''Federal crime of terrorism'' means an offense that -

      (A) is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct; and

      (B) is a violation of ... 1030(a)(1) (relating to protection of computers), 1030(a)(5)(A)(i) resulting in damage as defined in
      1030(a)(5)(B)(ii) through (v) (relating to protection of computers),

      18 USC 1030a refines this:


      (5)(A)(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

      (ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

      (iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; ...
      (B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused) -

      (i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

      The courts have been very liberal in how they define damages to computers; shutting down a government department for a few hours would easily meet this criteria.

      So if they're the government's and you say "do this thing or else I'll DDOS your computers", it's definitely terrorism.

      The interesting question is, under this law, would it be terrorism for me to say "Senator Levin (our excellent senator from Michigan), if you don't vote against DMCA II, I'm going to have all of my friends email your office" if doing that results in crashing their mail server, forcing them to buy a new one for more than $5K? I guess ambiguities like that are what you end up with when you write a several hundred page law in a few days, as the Patriot act was written.

      --
      My Web Page
  7. A preview for Grid Computing? by datastalker · · Score: 5, Insightful

    While it is deplorable that it takes criminal action (or porn) to move technologies to the forefront, it does happen. This, to me, seems like the famed "Grid Computing", and whilst stopping criminals, I hope law enforcement learns enough to pass the knowledge on so that others can use it for legitimate computing.

    --
    Find out about the Lexus Rx400h Hybrid!
    1. Re:A preview for Grid Computing? by Abcd1234 · · Score: 4, Informative

      Bah, this is definitely *not* grid computing. Grid computing is sorta like clustered computing, but not quite, where it's possible to purchase CPU cycles from the grid for use in high-performance computing applications. Think a beowulf-for-hire, only the nodes aren't necessarily commodity hardware (for example, here in Western Canada, there's a project to build a grid connecting various academic supercomputing resources).

      These zombie-nets, OTOH, are simply large networks of computers that can be asked to do the same thing on a large scale. BFD. Hell, I wrote some Perl code to do just this for administration of a testbed during one of my previous jobs. It's nothing new, and most definitely not an advancement of technology.

    2. Re:A preview for Grid Computing? by Paul+Townend · · Score: 5, Informative

      I think that's a really dodgy view of Grid computing. Grid computing is essentially resource/service sharing across heterogeneous nodes (i.e. different types of machines - macs/pcs/microscopes/etc). To do that, the Global Grid Forum are developing a load of standard protocols and methods for getting everything to inter-communicate.

      As far as I'm aware, there is currently no standard way of purchasing CPU cycles or similar, although there are a number of working groups whose remit probably covers this.

      The beauty of the Grid is more in being able to seamlessly connect to pretty much any hardware resource you want - I suspect that in reality, the actual economics will be dictated more by existing commercial agreements more than anything else.

  8. Immense power. by nil5 · · Score: 5, Interesting

    With the number of known vulnerabilities in Microsoft operating systems, (not to mention the ones we don't even know about) it is really not hard to imagine these botnets being frighteningly large. I read one article that estimated the current number at something like 100,000! I'm doubt it's enough to bring down the entire Internet, but this could still be capable of providing some crushing DoS attacks, a la SCO.

    Gives some merit to distributed hosting companies like akamai, etc.

  9. Kiss Me, I'm Redundant by Anonymous Coward · · Score: 5, Funny

    I'm sure this will be redundant by the time it's posted, but at the bottom of the article:

    The new Microsoft Partner Programme is here. Bringing all the advantages of previous programmes into a single framework, we've made it easier than ever for Partners to engage with Microsoft.

    With three levels to choose from, you can select the one that works best for your organisation.

    Become a Registered Member today. No fee. No obligation. Just clear business benefits, including:

    Free business-critical telephone support (charged at national rate)

    Free online technical support

    Online sales and marketing resources

    Sales and technical training

    For more information, please visit: www.microsoft.com/uk/partner/programme

  10. Re:How is that possible? by Carnildo · · Score: 4, Insightful

    Think "protection racket":

    "Nice e-business you've got there. Be a shame if it got DDoS'd into oblivion by some unscrupulous types, wouldn't it? We'll protect you against that, for only $50,000 a month! How about it?"

    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  11. Despite all this ... by Anonymous Coward · · Score: 5, Funny

    In Soviet Russia computers rent you.

  12. Seriously guys. . . by UFNinja · · Score: 4, Interesting

    We need to start beating the living crap out of people who mess with our stuff. Spammers, malware writers, black hats, you wouldn't put up with the neighborhood kid stealing your bike would you? No. You'd go kick his ass and take back your back. It's time to start kicking ass and taking back our Internet.

  13. Infected PC's for Sale??? by WwWonka · · Score: 5, Funny

    I find this article on infected PC's/networks for rent so full of sh..#$.\10# \AE \3H......

    Welcome!

    This PC is for rent.
    Please contact us at

    www.Claria.com

  14. Distributed Malware. by Leonig+Mig · · Score: 5, Insightful

    The scope of this is huge - true - I'm no industry player or top level developer - but still - we can all see the scope of this.

    distributed applications are the killer app of the internet - XAML, .net, Java - all buzzwords. Grid computing - thanks to Oracle - The Internet - so much scope it created the biggest financial bubble in the history of capitalism.

    Now - the corporates (MS?) are getting so inept that criminal gangs are stealing our future off us. Please - let's start stopping them.

    --
    i'm trying to give up sigs.
  15. microsoft by stfubye · · Score: 5, Interesting

    A guy I know runs his unpatched Windows XP computer 24/7, and never does virus scans. The other day he got 1000+ (around 400mb) executable files in his C home directory. I asked him what he plans to do about it, and surprisingly enough he didn't want to apply critical updates. He said he doesn't care what people do to his computer, because he does nothing important on it. It amazes how many people must think like him.

    1. Re:microsoft by DoraLives · · Score: 4, Insightful
      I don't think he'd be so complacent if one day he found someone had deleted his files, erased his hard drive etc.

      Which is why there's a case to be made for producing malware that's really mal. Perhaps even grand mal.

      In a weird sort of left-handed logic, certain people would be doing the computing community at large a MAJOR favor if only they'd take the time to write viruses, worms, and trojans that would be so kind as to format hard drives!

      --
      Is it fascism yet?
    2. Re:microsoft by D.A.+Zollinger · · Score: 5, Insightful

      Well, that's the problem. People don't want to know about viruses, trojans, zombies, etc. They want their desktop. They want their applications. They want it to "just work."

      Consider the phone. People just want to be able to pick up the receiver, dial the number, and talk to their friend/family/co-worker/etc... They don't want a phone switch in their house, sitting under their desk. They don't want all of the burdens involved in maintaining complex hardware.

      I'm willing to bet that the first person/company who can provide people with a computing experience without a computer stands to make a lot of $$$. If they can provide the system maintenance, installation of applications, protection from viruses, protection from hardware failure - they will be able to open a huge market, and cash in.

      This is where I think Linux will prove pivotal, because this is where we lead Microsoft. Our thin client paradigm is so different, that we lead in many areas. Consider how Microsoft does thin clients - 256 colors only, 800x600 max, 8 fps - all rendered on the terminal server where the "picture" of the desktop is sent down the wire to the thin client who displays the "picture" and sends feedback of mouse clicks and key presses to the terminal server. Linux, and X, render everything on the X terminal, and send back and forth on the pipe application information. What does this all mean? You can play quake 3 on a linux X terminal but you couldn't on a Microsoft solution. And it would take YEARS to fix that gap. We lead here, and we could exploit it if we jumpped on this opportunity.

      Did I say World Domination? Oops...now you all know my plans...

      --
      I haven't lost my mind!
      It is backed up on disk...somewhere...
    3. Re:microsoft by Rude+Turnip · · Score: 5, Insightful

      He'll care when there is kiddy pr0n on his computer that was put there by a hijacker and he takes the heat.

      --
      Bill Clinton: Pimp we can believe in. - The Shirt!!!
  16. I told you!!! by DAldredge · · Score: 4, Funny

    I told you /. was a DDOS front! Most of these 'stories' are placed by competiors of the companies linked from the stories...

    I TOLD YOU!!!

  17. There is a solution by osjedi · · Score: 5, Interesting

    I strongly believe that the most effective way to end this would be to scan for compromised nodes, identify them, and KNOCK THEM OUT. Then the user can call the local home-computer fixit guy to come fix their computer. He'll see it's infected with malware and fix it. User gets his computer fixed, fixit guy makes a buck, and one less node is spewing out sh*t.
    Yes, I know this approach would be illegal. A felony computer crime in fact. I want legislation to make it legal and justified. I see it as self defense. Compromised nodes are clogging the internet with crap and the best defense is to knock them off-line. If I were standing in the middle of the freeway, clogging traffic and causing accidents the police would come remove me, by force if necessary. I see zombie nodes on the internet the same way.

    --
    -=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
    1. Re:There is a solution by Caraig · · Score: 5, Insightful

      Reaching out and clobbering computers is exactly the same thing that the RIAA wants the legal power to do.

      The only real solution is an ISP-side one. The ISP says, 'If your computer is spewing out malware broadcasts, we have the obligation to kick you off the internet and then help you clean up your computer. If something happens, contact our customer care department or go to the other ISP down the street.' Yes, it inconveniences users but I'd rather see some users inconvenienced than Big Government give legal power to ANYONE to clobber a node without recourse.

      --
      "I am an Adept of Tantric VAX."
  18. Re:Blaming the user by Anonymous Coward · · Score: 4, Insightful

    There is a limit to that I think. Think of it in terms of cars. Imagine buying a car from a major car manufacturer only to find out that every month you'll need to bring it in to the shop and have a few problems with it fixed. While they don't charge you to fix the car, it sure gets annoying and makes you wonder about the overall quality of their products. What's worse is when one of these problems appears before there is a fix and causes you to have a wreck and die, hurt someone else, etc.

    Anyway that analogy can go on forever, but you should be able to see the point. MS has a responsibility to put out reliable, secure software just as much as Ford, Mazda, whatever has to put out safe, reliable vehicles. The patch-as-you-go thing doesn't cut it, and it's made obvious by things like this botnet problem.

  19. Re:Blaming the user by rainman_bc · · Score: 5, Insightful

    Isn't that like saying we should blame the dumb shit who doesn't install an anti-theft device in his/her car? Or the auto makers for not making it standard?

    A thief is a thief. An extortionist is an extortionist. A duck is a duck.

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  20. A comedy in One Part. by YankeeInExile · · Score: 4, Funny

    Scene: A Courtroom

    Bailiff The first court of Onlineia is now in session, Honorable Judge Foo presiding. Judge I have read your complaint. Let's hear from the plaintiff. Plaintiff Thank you, your honor. In our case, we intend to prove that the defendant, in violation of our terms of service, removed the viruses we had gone through great trouble to install and operate on a network of computers, leading to considerable monetary damages in the sum of $1.2 million Judge You may call your first witness Plaintiff Thank you, your honor. We call J. Random Hacker

    Bailiff swears in J.R.H.

    Plaintiff Mister Hacker. Did you, on 21 May 2004 rent for exclusive use, twenty-four hours of access to our BotNet DeLuxe service? JRH I did Plaintiff And what was your intention when you rented use of the cluster? JRH Well, at first I just wanted to set up a program to repeatedly check the home page on slasdot, trying to get first post Plaintiff And how did you go about that? JRH Well, I wrote this monster of a VB Program, but it was really buggy and I could not get it to work, so I decided to switch to Ruby Plaintiff And what happened next? JRH Well, I chose to install Geekdist Linux 12.11 because it came with the toolchain I was accustomed to Plaintiff But, did you not agree, when you rented this exclusive access not to damage our network in any way? JRH I guess so ... Plaintiff And would you not consider removing our access to these machines a form of damage? JRH No, sir, I do not. I consider the machines upgraded Plaintiff No further questions.

    ... write your own ending.

    I think a good path for D. to take would be to show that P. does not have standing to bring the case in the first place, but that probably would have come up in pretrial motions... I have to go work

    --
    How does the Slashdot Effect happen given that no slashdotters ever RTFA?
  21. ... the dark side of distributed computing :-) by JMZorko · · Score: 4, Interesting
    I find this fascinating. Programs like SETI@home use the CPU of millions of distributed nodes to crunch SETI data -- a far more scalable solution to computing problems like this than running a big machine / cluster of your own. This article describes the same thing, except on the opposite side of the line -- millions (potentially?) of distrbuted nodes being used to do the will of spammers / virus writers / etc., a far more scalable solution than running your own spamming system.

    Really, I do find this fascinating, albeit in an underhanded way.

    Regards,

    John

    --
    Falling You - beautiful
  22. question by moviepig.com · · Score: 4, Interesting
    So there's a new micro-ecology of predators (spammers) and prey (vulnerable machines).

    Presumably the exploitation of these victim-lists will proliferate with all the automated efficiency that is the spammer's hallmark. At its logical extreme, there'll soon be multiple spammers descending simultaneously en masse onto each listed victim, which one way or another results in the victim being shut down (presumably).

    So, might the predators eat themselves out of existence?

    (I know. I've been watching too much sci-fi.)

    --
    Seeing bad movies only encourages them. Watch responsibly
    1. Re:question by Xeger · · Score: 5, Interesting

      An interesting idea.

      If we take our cues from nature, I would expect that long before the predators exhaust their supply of prey, they will turn on each other. Each predator's worms/virii/malware will begin to not only infect machines, but destroy competitors' malware that has already infected the machine.

      In fact, come to think of it, the most effective way to own a box is to infect it, destroy any competing malware, and then patch the exploit that allowed you to infect it in the first place! We may begin to see host-healing worms that do just this. (Without the ability to kill off competing infections, however, this practice is only marginally useful.)

    2. Re:question by tunabomber · · Score: 4, Interesting

      This thread is getting really bizarre. This "host-healing worm" you describe reminds me of that episode of Futurama where Fry gets infected with space worms that turn his body into their palace and treat it as such, giving him superhuman healing abilities, as well as increasing his intelligence and muscle build.
      This begs the question: will viruses ever stop being viruses and start being symbiotic entities that live in our computers similar to the e. coli bacteria in our intestines (which we need to digest food properly)?
      Someone earlier mentioned that there are few viruses out there that reformat hard disks, because doing so puts people on guard, preventing future infections. And someone else mentioned that he knows someone whose hard drive is full of strange executables that are undoubtedly of malicious origin, but the person doesn't care as long as the computer still runs the same.
      Following these trends to their head, I believe the "virus" (if you want to call it that) of the future will be something that infects a machine, and then does everything it can that is invisible to the user to improve the state of the computer: it would run windows update periodically to defend against other worms, perform hard disk defrags and other performance optimizations to give it more computing resources to work with, all the while giving the user's packets and tasks a higher priority so as to not set off any alarms. This is the type of worm that would "earn" its place on the computer by being so inocuous that the user wouldn't even have to worry that it's there.

      Viruses have already evolved to parasites, and soon they will be symbiotes.

      --

      pi = 3.141592653589793helpimtrappedinauniversefactory71 ...
  23. Re:Blaming the user by Draknor · · Score: 4, Interesting

    No, its more like blaming the dumb shit who leaves his doors unlocked and his windows open (pun not intended, but apt!), and then leaves the car sitting in a questionable neighborhood.

    Installing anti-virus & firewall software are basic computer security measures, like closing the windows & locking your doors. Neither are foolproof, but both are simply a matter of training the user. Unfortunately, its been my experience that installing anti-virus & firewall software tends to be a much more painful process.

    And of course - downloading updates would be analogous to putting fuel in the car: it is basic maintenance that needs to be done relatively frequently.

  24. WTF, you call this "news"? by Anonymous Coward · · Score: 5, Informative

    You've NEVER used EFNET, have you?

    This shit has been happening for years, virtually unchanged. The only difference is that now it's slightly more automated than it used to be, slightly more publically visible, and slightly more capitalist in nature. But what this article is describing was totally standard for the botnet wars in 1997, just then it was Wingates and "shells" instead of worm infections and "Zombies".

    (Posted AC because I'm paranoid.)

  25. the only answer by pizza_milkshake · · Score: 4, Interesting
    the only real answer would be to write a worm to wiggle its way onto exploitable machines, patch known holes, i.e. turning off most services, setting common application settings to common-sense ones and then delete itself.

    unfortunately, this would be illegal. however, that won't stop anyone; what's stopping people from doing this is that to someone who could do it it's a waste of resources. if you have all those machines out there you can get your hands on, why not use them for your own nefarious purposes, since the people who own them neither have the common sense nor the ability to control their own machines.

  26. Re:Blaming the user by walt-sjc · · Score: 5, Insightful

    While I would have agreed with you a few years ago, the problems are so frequent and the mass userbase so non-technical, that blaming the user just doesn't cut it. Many users DO update their software / AV yet still get hit. At some point the manufacturers of software need to take more responsability. Someone can take home a brand new Dell, plug it in, connect to the internet, and before the first patch gets downloaded end up with a worm. It's fast, damn fast. If you're going to make grandma or little Johnny your target market, then you damn well better make sure that the product is shipped secure to begin with, and maintains itself.

  27. Here at Miami University (in Oxford, Ohio)... by ToadMan8 · · Score: 4, Interesting

    We have a bot network problem like everyone else... these things riding in on the coat-tails of the M$ft vulnerabilities has given us the 'ol one-two punch.

    We estimate anywhere between 400 and 1500 of the ~10,000 on campus (student resedential) machines have some sort of back door installed.

    We have blocked any incoming traffic to any dorm machine (regrefully) so they can't be controlled from outside because we mostly are tired of getting blacklisted for DoSing people or for spamming.

    The saving grace has been TippingPoint, a network traffic analysis tool that sits behind the backbone routers and adds a latency-free checkpoint dropping traffic related to the M$ft security exploits. And when they get Blaster, Bagle, Nachi, etc etc etc they get automatically disabled by the routers and we (IT Services Support on campus) either fix their issues for them or they have to fix them themselves. When fixed they are automatically re-enabled.

    --
    I haven't posted in so long, my sig is out of date.
    1. Re:Here at Miami University (in Oxford, Ohio)... by davisk · · Score: 4, Insightful

      Blocking incoming connections won't help terribly much when the backdoor is a bot that connects to an irc channel and receives its commands from there.