Slashdot Mirror

← Back to Stories (view on slashdot.org)

Infected PCs for Rent

Posted by michael on from the 2-bedrooms-1-bath dept.

prostoalex writes "UK authorities are raising concerns about entire networks of infected and compromised PCs (BotNets) being available for sale or rent to the highest bidder. The Register quotes a detective from Hi-Tech Crime Unit saying 'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'"

26 of 281 comments (clear)

  1. I'm going to rent a bunch of these by Anonymous Coward · · Score: 5, Funny

    Install distcc, and install Gentoo in record time.

    1. Re:I'm going to rent a bunch of these by Lord_Slepnir · · Score: 5, Funny

      you mean in under 8 hours???

  2. Gives a whole new meaning by overshoot · · Score: 5, Funny
    to "on-demand computing."

    Kinda sad to see IBM, HP, and others lagging so badly in commercializing this important new technology.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  3. The real culprits... by D-Cypell · · Score: 5, Funny

    Good to see big industry players using their expertise and experience to enable new market creation.

  4. Damn by Beer_Smurf · · Score: 5, Funny

    Damn, one more thing I can't do with my mac.

  5. Blessing in disguise? by Dachannien · · Score: 5, Insightful

    If you can sell it, you can get stung selling it. This may be the sort of thing that law enforcement agencies need in order to start busting people.

  6. A preview for Grid Computing? by datastalker · · Score: 5, Insightful

    While it is deplorable that it takes criminal action (or porn) to move technologies to the forefront, it does happen. This, to me, seems like the famed "Grid Computing", and whilst stopping criminals, I hope law enforcement learns enough to pass the knowledge on so that others can use it for legitimate computing.

    --
    Find out about the Lexus Rx400h Hybrid!
    1. Re:A preview for Grid Computing? by Paul+Townend · · Score: 5, Informative

      I think that's a really dodgy view of Grid computing. Grid computing is essentially resource/service sharing across heterogeneous nodes (i.e. different types of machines - macs/pcs/microscopes/etc). To do that, the Global Grid Forum are developing a load of standard protocols and methods for getting everything to inter-communicate.

      As far as I'm aware, there is currently no standard way of purchasing CPU cycles or similar, although there are a number of working groups whose remit probably covers this.

      The beauty of the Grid is more in being able to seamlessly connect to pretty much any hardware resource you want - I suspect that in reality, the actual economics will be dictated more by existing commercial agreements more than anything else.

  7. Immense power. by nil5 · · Score: 5, Interesting

    With the number of known vulnerabilities in Microsoft operating systems, (not to mention the ones we don't even know about) it is really not hard to imagine these botnets being frighteningly large. I read one article that estimated the current number at something like 100,000! I'm doubt it's enough to bring down the entire Internet, but this could still be capable of providing some crushing DoS attacks, a la SCO.

    Gives some merit to distributed hosting companies like akamai, etc.

  8. Kiss Me, I'm Redundant by Anonymous Coward · · Score: 5, Funny

    I'm sure this will be redundant by the time it's posted, but at the bottom of the article:

    The new Microsoft Partner Programme is here. Bringing all the advantages of previous programmes into a single framework, we've made it easier than ever for Partners to engage with Microsoft.

    With three levels to choose from, you can select the one that works best for your organisation.

    Become a Registered Member today. No fee. No obligation. Just clear business benefits, including:

    Free business-critical telephone support (charged at national rate)

    Free online technical support

    Online sales and marketing resources

    Sales and technical training

    For more information, please visit: www.microsoft.com/uk/partner/programme

  9. Re:Terrorism? by nil5 · · Score: 5, Funny

    Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.

    Looks like the only person using IPv6 is a spammer!

  10. Despite all this ... by Anonymous Coward · · Score: 5, Funny

    In Soviet Russia computers rent you.

  11. Infected PC's for Sale??? by WwWonka · · Score: 5, Funny

    I find this article on infected PC's/networks for rent so full of sh..#$.\10# \AE \3H......

    Welcome!

    This PC is for rent.
    Please contact us at

    www.Claria.com

  12. Distributed Malware. by Leonig+Mig · · Score: 5, Insightful

    The scope of this is huge - true - I'm no industry player or top level developer - but still - we can all see the scope of this.

    distributed applications are the killer app of the internet - XAML, .net, Java - all buzzwords. Grid computing - thanks to Oracle - The Internet - so much scope it created the biggest financial bubble in the history of capitalism.

    Now - the corporates (MS?) are getting so inept that criminal gangs are stealing our future off us. Please - let's start stopping them.

    --
    i'm trying to give up sigs.
  13. microsoft by stfubye · · Score: 5, Interesting

    A guy I know runs his unpatched Windows XP computer 24/7, and never does virus scans. The other day he got 1000+ (around 400mb) executable files in his C home directory. I asked him what he plans to do about it, and surprisingly enough he didn't want to apply critical updates. He said he doesn't care what people do to his computer, because he does nothing important on it. It amazes how many people must think like him.

    1. Re:microsoft by D.A.+Zollinger · · Score: 5, Insightful

      Well, that's the problem. People don't want to know about viruses, trojans, zombies, etc. They want their desktop. They want their applications. They want it to "just work."

      Consider the phone. People just want to be able to pick up the receiver, dial the number, and talk to their friend/family/co-worker/etc... They don't want a phone switch in their house, sitting under their desk. They don't want all of the burdens involved in maintaining complex hardware.

      I'm willing to bet that the first person/company who can provide people with a computing experience without a computer stands to make a lot of $$$. If they can provide the system maintenance, installation of applications, protection from viruses, protection from hardware failure - they will be able to open a huge market, and cash in.

      This is where I think Linux will prove pivotal, because this is where we lead Microsoft. Our thin client paradigm is so different, that we lead in many areas. Consider how Microsoft does thin clients - 256 colors only, 800x600 max, 8 fps - all rendered on the terminal server where the "picture" of the desktop is sent down the wire to the thin client who displays the "picture" and sends feedback of mouse clicks and key presses to the terminal server. Linux, and X, render everything on the X terminal, and send back and forth on the pipe application information. What does this all mean? You can play quake 3 on a linux X terminal but you couldn't on a Microsoft solution. And it would take YEARS to fix that gap. We lead here, and we could exploit it if we jumpped on this opportunity.

      Did I say World Domination? Oops...now you all know my plans...

      --
      I haven't lost my mind!
      It is backed up on disk...somewhere...
    2. Re:microsoft by Rude+Turnip · · Score: 5, Insightful

      He'll care when there is kiddy pr0n on his computer that was put there by a hijacker and he takes the heat.

      --
      Bill Clinton: Pimp we can believe in. - The Shirt!!!
  14. Re:Terrorism? by PurpleFloyd · · Score: 5, Informative
    So how long before companies/gov't are taken "hostage" by rented DOS machines?
    It's already happening. Plenty of online casinos have been the victims of blackmail from DDoS attackers - basically, the DDoS'ers are running a protection racket. I've heard that the Russian organized crime syndicates may be involved; obviously, this is only speculation by myself and others.
    --

    That's it. I'm no longer part of Team Sanity.
  15. There is a solution by osjedi · · Score: 5, Interesting

    I strongly believe that the most effective way to end this would be to scan for compromised nodes, identify them, and KNOCK THEM OUT. Then the user can call the local home-computer fixit guy to come fix their computer. He'll see it's infected with malware and fix it. User gets his computer fixed, fixit guy makes a buck, and one less node is spewing out sh*t.
    Yes, I know this approach would be illegal. A felony computer crime in fact. I want legislation to make it legal and justified. I see it as self defense. Compromised nodes are clogging the internet with crap and the best defense is to knock them off-line. If I were standing in the middle of the freeway, clogging traffic and causing accidents the police would come remove me, by force if necessary. I see zombie nodes on the internet the same way.

    --
    -=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
    1. Re:There is a solution by Caraig · · Score: 5, Insightful

      Reaching out and clobbering computers is exactly the same thing that the RIAA wants the legal power to do.

      The only real solution is an ISP-side one. The ISP says, 'If your computer is spewing out malware broadcasts, we have the obligation to kick you off the internet and then help you clean up your computer. If something happens, contact our customer care department or go to the other ISP down the street.' Yes, it inconveniences users but I'd rather see some users inconvenienced than Big Government give legal power to ANYONE to clobber a node without recourse.

      --
      "I am an Adept of Tantric VAX."
  16. Re:Blaming the user by rainman_bc · · Score: 5, Insightful

    Isn't that like saying we should blame the dumb shit who doesn't install an anti-theft device in his/her car? Or the auto makers for not making it standard?

    A thief is a thief. An extortionist is an extortionist. A duck is a duck.

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  17. Re:Terrorism? by dustmite · · Score: 5, Insightful

    Distributed DDOS on an organization's servers IS NOT TERRORISM already (unless explicitly accompanied by physical violence or threats of physical violence). Sheesh, have we all been that brainwashed already by Bush and things like Patriot Act?

    If DDOSing some servers is "terrorism", then so is almost every single crime in the book.

  18. Re:question by Xeger · · Score: 5, Interesting

    An interesting idea.

    If we take our cues from nature, I would expect that long before the predators exhaust their supply of prey, they will turn on each other. Each predator's worms/virii/malware will begin to not only infect machines, but destroy competitors' malware that has already infected the machine.

    In fact, come to think of it, the most effective way to own a box is to infect it, destroy any competing malware, and then patch the exploit that allowed you to infect it in the first place! We may begin to see host-healing worms that do just this. (Without the ability to kill off competing infections, however, this practice is only marginally useful.)

  19. WTF, you call this "news"? by Anonymous Coward · · Score: 5, Informative

    You've NEVER used EFNET, have you?

    This shit has been happening for years, virtually unchanged. The only difference is that now it's slightly more automated than it used to be, slightly more publically visible, and slightly more capitalist in nature. But what this article is describing was totally standard for the botnet wars in 1997, just then it was Wingates and "shells" instead of worm infections and "Zombies".

    (Posted AC because I'm paranoid.)

  20. Re:Blaming the user by walt-sjc · · Score: 5, Insightful

    While I would have agreed with you a few years ago, the problems are so frequent and the mass userbase so non-technical, that blaming the user just doesn't cut it. Many users DO update their software / AV yet still get hit. At some point the manufacturers of software need to take more responsability. Someone can take home a brand new Dell, plug it in, connect to the internet, and before the first patch gets downloaded end up with a worm. It's fast, damn fast. If you're going to make grandma or little Johnny your target market, then you damn well better make sure that the product is shipped secure to begin with, and maintains itself.

  21. Re:Terrorism? by sgifford · · Score: 5, Informative
    It depends on whose computers they are. 18 USC 2332 (b), as modified by the Patriot act, defines terrorism as:

    (5) the term ''Federal crime of terrorism'' means an offense that -

    (A) is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct; and

    (B) is a violation of ... 1030(a)(1) (relating to protection of computers), 1030(a)(5)(A)(i) resulting in damage as defined in
    1030(a)(5)(B)(ii) through (v) (relating to protection of computers),

    18 USC 1030a refines this:


    (5)(A)(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

    (ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

    (iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; ...
    (B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused) -

    (i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

    The courts have been very liberal in how they define damages to computers; shutting down a government department for a few hours would easily meet this criteria.

    So if they're the government's and you say "do this thing or else I'll DDOS your computers", it's definitely terrorism.

    The interesting question is, under this law, would it be terrorism for me to say "Senator Levin (our excellent senator from Michigan), if you don't vote against DMCA II, I'm going to have all of my friends email your office" if doing that results in crashing their mail server, forcing them to buy a new one for more than $5K? I guess ambiguities like that are what you end up with when you write a several hundred page law in a few days, as the Patriot act was written.

    --
    My Web Page