Slashdot Mirror
Zombie Networks On The Rise
A reader writes "
According to Symantec via the BBC online, Zombie PC nets are growing very fast. Of course, it should also note that Symantec may want those numbers to be as scary as possible. " ITMJ is part of OSTG, like Slashdot. There's also a NY Times story on the article as well.
...numbers to be scary. And, they want the bad news to come from them. Otherwise, people would wake up and start using products like Panda or Kaspersky.
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
...to get people to realize that the internet is not a nice place? I applaud Microsoft's attempt to make their OS more secure, even if it isn't as comprehensive as it should be. As illegal as it is, I would love to see a zombie virus spread that locks down peoples computers, cleans them and installs a firewall. I certainly wouldn't put my head on the block for that one, but I'd love to see it happen. Hopefully it'd cut down on my spam.
You too can learn to link to the NYT without registering.
c ure.html?ex=1253419200&en=651229ed583b13bc&ei=5090 &partner=rssuserland
Here the reg free link...
http://www.nytimes.com/2004/09/20/technology/20se
This is another case where NAT should be used to protect our more feeble computer-using companions. Click here for my previous comment on the subject.
NAT really would stop all these type of things from happening by just purchasing a $50 dollar router for our friends and family. We're never going to be able to teach them, so just give in and recommend a hardware based solution they don't have to manage.
Chris
Symantec's industry survives because of news article that promote security threats.
-------
artlu.net
The new Hacker Horror film from Miramax!
... "My tcpdump is showing huge numbers of zombie packets, and they all want more brains."
... "When's the last time you shaved?"
... "Um, moo ha ha ..."
With Christian Slater as the disenfranchised White Hat Hacker
Winona Ryder as the potenial but largely unreachable love interest
Donald Sutherland as the evil mastermind behind the Zombie Networks
Written, directed, produced, and music composed on the Casio by Roland Emmerich.
ZOMBIE NETWORKS. This film is not yet rated.
MORE PACKETS!
Opening everywhere February 30th 2005.
As a guy who gets to clean up these pieces of junk daily, the number of trojans around is growing. Earlier it was maybe one a week. Two or three if there was a major outbreak. Now its 1-2 a day. Good business as clueless lusers pay OK amounts for cleanup as long as they dont have to do the dreaded reinstall that their compaq/hp/dell support line offered as a solution.
Whats annoying is that some of these buggers can really mess up the system. Simple 'pop in cd / go to free online web scanner and clean up' no longer works in some cases... Symantec should concentrate more on making their crappy AV software work better and resist disabling by virii better and stop issuing more sensationalist press releases.
Its way too common to get a virus-filled computer with norton internet security installed. Some bug had just killed the whole AV software, leaving an empty 'shell' up that keeps telling the user everything is fine. They usually wake up when their ISP cuts their line and tells them to clean up and call back when their system is secured.
I mean, for example - on IRC people used to make spambots and run them off of their shells or even their own PCs. Now its zombified machines that do the spamming. There was (is?) a huge problem on Undernet not so long, for instance where miriads of hosts were used to promote a certain website under false pretenses, fooling people into accepting a DCC send request or even downloading a file of the said website and infecting their machine to have more spam bots.
Seriously, most P2P protocols need to be improved in detecting that there is no one home, or someone is going to figure out how to inject IP addresses into their networks for DDoS attacks.
One line blog. I hear that they're called Twitters now.
For example, spamwarez.biz gets name services from ns1.zombie-dns.biz thru ns7.zombie-dns.biz. zombie-dns.biz nameservers are *also* running on a Zombie network, and setting DNS servers in the domain registrar's control panel. If you can shut down zombie-dns.biz at the registrar and deactivate, then the entire zombie network collapses.
Of course, most registrars don't give a damn about this, especially the Spam friendly ones, but I've successfully managed to shut down a small number of zombie networks by using various means.. not all of which might be considered ethical or even 100% legal.. but who cares?
Someone is sending spam using my email address as the return, and I'm getting hundreds of bounced emails.
The originating IP's are all different, and I am assuming these are all compromised systems. I'm not going to email every ISP to let them know, as I've found out that most ISP's do not contact their clients to inform them their systems are compromised. All I can do is contact the upstream providers for the web site being spamvertised, and hope that the hosting provider shuts them down.
Pete Carr Owner Chatmag.com
I wonder whether we will see a law which forces you to secure your system once you connect to the internet, just like you have to properly lock your car when you park it. In a time, where the gap between webserver- and home-connectivity has shrunk to such a small amount of bandwith, an insecure computer on the net is a danger, not only to the data stored on itself, but to other computers worldwide as well.
Life is just nature's way of keeping meat fresh.
Isn't there a law someplace about knowingly compromising someone's computer for use without their explicit consent? Sabotage, or stalking, or just plain theft?
Over the first six months, the number of monitored bot networks rose to more than 30,000, from fewer than 2,000.
This is like saying that there's an increase in monitoring car dealerships which steal cars to resell to car rental agencies. Can we repo the cars which are within US borders? Are _ALL_ of the botnet owners somehow in other countries?
With a significant portion of internet traffic running through Virginia shouldn't it be a pretty basic task to monitor and shut these down? I acknowledge that it would take time, and manpower, and some forensic skill but clearly it can't be impossible.
+++ATHZ 99:5:80
Like a page out of a horror novel I read
A survey of Internet vulnerabilities to be released Monday shows a sharp jump in attacks on Windows-based personal computers during the first six months of 2004, along with a marked increase in commercially motivated threats.
The Internet Security Threat Report says that from Jan. 1 to June 30 there were at least 1,237 newly discovered software vulnerabilities, or flaws that could compromise security. That translates into an average of 48 new vulnerabilities a week.
The survey, done twice a year, is based on monitoring by Symantec, which publishes software made to protect computers from Internet attacks. Trends in the report mirror findings by recent government-supported research.
The survey warns about a significant increase in the number of "bot," or robot, networks, which are arrays of interconnected personal computers that have been compromised to inject large volumes of viruses, worms, spyware or spam into the Internet. Over the first six months, the number of monitored bot networks rose to more than 30,000, from fewer than 2,000.
This represents the expansion of a black market economy in which the creators of the bot networks sell access to them to commercial spammers and others who wish to send information anonymously, according to the survey.
"The authors are changing their methods," said Alfred Huger, senior director of engineering for security response at Symantec. "We saw a dramatic increase in electronic commerce attacks."
Whereas in the past, attackers' motivation has most frequently been ascribed to grandstanding, it now appears that motives are increasingly financial, according to the survey.
Electronic commerce was the industry sought out most often, accounting for nearly 16 percent of all attacks, according to the survey. This was a significant increase from the 4 percent reported during the previous six months and suggests a shift to so-called phishing scams that are designed to steal confidential information and pass it along to attackers, according to the authors of the report.
Another trend seems to be a growing sophistication in malicious software, Mr. Huger said. "We're seeing a professional hand in development that was pretty startling in terms of malicious code."
The networks of bot computers vary greatly in size, he said. The average size was about 2,000 captured machines, known as zombies. But the researchers found one network of more than 400,000 such machines.
Many of the networks consist of home computers connected to broadband cable or DSL networks, but the survey established that 50 percent of the attacks came from captured computers with Internet addresses controlled by Fortune 500 companies.
The survey also documented more than 4,496 new Windows viruses and worms during the most recent period, which is four and a half times the number from the corresponding period of 2003. In January 2001, when the survey first began, it identified only 308 malicious programs. As of June 30, the total number of documented threats to Windows software has exceeded 10,000.
Excuse me while I kiss my Mac, 21 years and only 1 virus.
SMACK!!
30'000 zombies makes a scary graveyard per day. On the other hand, this makes up roughly 10 Mio zombies per year. This compared to an install base of several hundred millions of PCs running microsoft software, the round trip is still quite low (or high if you look at it the other way around)
This might due to the small number of broadband subscribers (or the good job of aunt sue installing the latest security patches in time).
...when my PC started its habit of flashing the word "BRAAAIIINS" every few minutes.
F-Prot for Windows is a time limited trial but it works for a few days anyway. The free version of F-Prot for DOS works on win9x systems for free (not limited either) and I've heard of some people using the free command line scanner (that comes with the F-Prot for Windows trial version) on WinXP but I haven't tried it.
Grisoft's AVG Anti-virus has a free version.
ClamAV is a free Windows anti-virus scanner
And there are others. I use several of them just for the hell of it to scan systems and compare results. I would never, ever pay for anti-virus software. IMO that's stupid when free anti-virus software exists.
not to mention that if people stopped making viruses, the anti-virus companies would go bankrupt...
so IMO it's in those companies' vital interest to make sure everyone and their dog knows that the virus menace is everywhere and affects (potentially!) everyone.
Why bad-mouth Symantec for pointing out the reality of the situation? Would you be happier if it were CERT or someone else delivering the bad news?
Symantec and its tools are part of the solution. Not exclusively the solution, or the only solution, but a part of it. And, by letting people know that problems are out there, they're performing a service that is necessary; you didn't think someone like Microsoft was going to be issuing press releases to the media that put its products in a negative light, did you?
It's not even as if the other AV vendors that you mention are any different to Symantec: both Panda and Kaspersky are closed-source commercial products and both companies have prevalent virus activity and warning indicators on the homepages of their respective websites. And I bet they both send out press releases to the media highlighting large-scale infestations and particularly dangerous threats, so why crucify Symantec for being the company whose press release the BBC chose to focus on?
Bottom line: why blame the messenger if the message is accurate?
Just what's Symantec done here to warrant you being any more ticked off at them than anyone else? Do you have a legitimate reason for targetting them or are you just trolling?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
"The key challenge for Microsoft is not XP users," said Mr Beighton, "it's the Windows 98 and 95 machines."
Any bets that we'll still this line 5 or 10 years down the road? The "ain't broke, don't fix" mentality is above and beyond some individuals' concept of needing to update.
"Update? Why do'z I need to do'z dat? My solitare runz just fine ma!"
Some aim to please, I aim to tease.
Looking at the security logs on my Linux system (with a broadband connection), there is at least one hack attempt to log into my system using sshd (users such as root, cisco, syadmin, admin etc...) .
In the past week these have been from the India Institute of Technology, Florida International University, and various Korean servers. And that doesn't include the RPC DCOM exploits that come in all the time from other windows systems (about one every five minutes).
A sure bet your PC is indeed a zombie PC:
It continues to moan even when your not watching pron!
Life is Reality
For most elections, they still use traditional zombie networks. In your country, I believe you call them political parties.
One line blog. I hear that they're called Twitters now.
What is with all these conspiracy theories? Symantec and McAfee are not writing these things. If they did then their products would be perfect.
I have to deal with this crap every day for work. I work on a collage campus and the network is infested with viruses, zombies, IRC wars, DDoSs, etc. You name it and we have it. This is a serious threat and....
LINUX IS NOT THE ANSWER! It is not a viable option for 90% of the desktops out there. (OMHO)
There will always be multiple OSes on the market, if Linux was the only one then it would stagnate from lack of competition, just like Windows has. We need to get serious about the problem. ISPs need to mandate a AV product and a hard ware firewall to get a connection, even for dialups. Large institutions like universities and corporations need to be held accountable for the targets they are providing. And yes M$ needs to secure their code.
This is a serious issue, the Internet is a dangerous place and as long as we let people on the Internet with out protection they will be targeted and compromised. The mean time of Windows infection on a unprotected unpatched system is 30 minutes or less. Linux viruses are not impossible, all it will take is a script kiddie or two with an axe to grind and you guys are as boned as the rest of us.
Why do we HAVE to look at numbers? just kill all the PCs which have been turned "undead" and move onto the sequal already. Quoting numbers and writing down names is all fine and dandy but it's not preventing it.
Force people to install security updates or sell the PCs with them all pre installed and make windows update automaticly run once a month.
Install some open source virus scanners and such the same way. Make sure it is CLEARLY labeled that the PC will automaticly update all these files the first of each month by an update program. As and when possible (AKA soon aspossible).
Tell the people it will prevent viruses, make things faster and generally help things. Is it really that difficult?
I like muppets.
It'd continue to run even after it died! But I hope it'd run as fast as those zombies in 28 Days Later and not slow like in Night of the Living Dead.
If someone says he and his monkey have nothing to hide, they almost certainly do.
To quote the fine article:
Don't think so. There are *far* fewer exploitable services running on Windows 95 and Windows 98, as compared to Windows 2000 and XP. I'd *much* rather use Windows 98 online than Windows 2000 or XP, in security terms. Most of the recent worms use exploits in services that never existed prior to Windows 2000 ...
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
...you're not aware of what a zombie network, or zombie is then:
"A zombie computer is a computer attached to the Internet that has a hidden software program, a "backdoor". This backdoor allows the computer to be remote-controlled by others.
A Zombie Computer army can then be used for the purpose of Denial of Service attacks (DDoS).
A singe Zombie Computer can send unsolicited e-mails ( spamming).
Backdoors are often installed with spammed trojans or e-mail worms."
http://en.wikipedia.org/wiki/Zombie_computer
A Botnet [Zombie Network] is a collection hosts (bots) under a common command and control infrastructure. Often the command and control is an IRC server or a specific channel on a public IRC network. A bot typically has an agent client such as an IRC client and programs that are activated through the command and control infrastructure. Generally botnets are made up of compromised systems with scan, exploit and attack tools all used for nefarious purposes including denial of service attacks or sending of spam. Miscreants running these rogue botnets do so for reasons varying from fun to profit, with botnets often at war with each other. Popular botnet malware in 2004 include agobot, phatbot, rbot, rxbot and sdbot.
Spam attacks originating from a Botnet can be identified by passive os fingerprinting, a technique first introduced in OpenBSD in the venerable pf packet filter. Newer firewall equipment can be configured to take action when a botnet is attacking by using information obtained from passive os fingerprinting."
http://en.wikipedia.org/wiki/Botnet
Minimum standards for connecting to the network would be preferable. Obselete versions of Windows (those not gaining security fixes) should be barred.
Perhaps less experienced users would benefit from firewalling at the ISPs network too. I believe all the ISPs that appeal to inexperienced users (AOL) should provide this as standard.
So what you are saying is that the real skynet will be born of ZOMBIE computers on the internet...
... better hope they don't become self aware.
I have the latest anti-virus software which 100% prevents my computer from being targeted by an sort of vi[NO CARRIER] ... brainzzz ... must have brainzzzz ...
I've been troubleshooting slow network connections at two of our remote offices, and I found something very interesting. Both of the offices are connected to us via a Cisco VPN. Each of the offices is connected to the internet via a PIX firewall and cable modem. During the past year I've seen the performance of these links deteriorate to worse than ISDN speed performance - here's why:
It seems these cable modem networks are flooded with zombie machines constantly scanning networks for vulnerable hosts to infect. Cisco's floodguard freaks out and thinks that its internet connection is being ddos attacked and starts discarding packets it thinks are malicious.
Well, it seems that Cisco's algorithm for determining malicious packets isn't perfect, so it throws out the baby with the bath water....resulting in a REALLY slow connection.
After disabling floodguard the links were back up to 3 Mbps and 10 Mbps.
So if your networks are zombie free, and you can't figure out why your internet connection sucks and you are running floodguard, try disabling it and running some tests.
-ted
This zombie problem is worse than we thought! Check out the Zombie Infection Simulation!
- Bruzer
"Tempt not a desperate man" - Willy S.
I have often wondered what irc servers and channels these zombie operators use to control and monitor these compromised pc's. Do any of you know an irc server and #channel to go and watch the carnage ?
I believe some ATM machines were switching to Windows NT as well. Not sure how widespread that is. Forget ripping the machine out, just infect it.
I've a much better idea, disconnect them all together, problem solved!!
"security, they argued, was best implemented in the end point"
that is, the programs, the bloody OS and drivers and stuff. Any software firewall that runs on the PC is not considered "the end"
I will NOT accept any ISP's shoving NAT solutions upon customers, this should NOT be the common and accepted.
A firewall however, set up to maybe block port 135, 4444 and UDP 69 should be OK. TCP Port 135 most important, ut no NAT solution, several services does not work with this like:
Starcraft
IRC DCC send/get
VPN
And any servers that need an official, working IP.
A NAT solution is not internet access, it is web-access disguised as internet access.
Teasing the nobles, and rightfully so!
"This is a serious threat and...."
...intersects with...
"SPs need to mandate a AV product and a hard ware firewall to get a connection, even for dialups."
Please tell me you aren't even in the running to take responsibility for your network's problems. It should be pointed out that most ISPs have a mandate in their ToS that tell people to use these things, but it's user education that stops them answering inbound blaster requests with 'yes'. As for 'hardware firewall', the only good one is around 2 inches of STP air.
The technology exists to cure these problems, but it's mostly because it's not a _requirement_ to have security in place; I'm with you as far as pointing out that this is largely a sociological issue, but on everything else you're on your own.
"Linux viruses are not impossible, all it will take is a script kiddie or two with an axe to grind and you guys are as boned as the rest of us."
Of course, we'd need to add in some handling of unprotected controls, make sure that we tried out security 'zones' rather than applied permissions, then tried to leverage open office on it's ability to act as an email editor.
Worms are more likely for Linux, but the average Linux user is usually competent enough to handle a firewall, not the least because of their status with other Linux users. Linux users are encouraged to think of security 'out of the box'.
This idea that 'ubiquity' is the key to the sheer number of attacks completely fails to take into consideration Linux in server areas, and is frequently spouted by people that don't understand that there is little difference between a 'server' or 'desktop' install of Linux.
Oddly Draconis
Too cynical to live, too stubborn to die.
Yeah, I know, enough zombie jokes ...
But I'm picturing an Orkut or Friendster or other lame "social network" ... would the users have fake pictures that make them look worse and more decayed, rather than better (unlike their living counterparts)?
"ITMJ is part of OSTG, like Slashdot."
LOLOMGWFT
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
"True that the *nix server could be affected, but it's really due to a compromise on the MS Win32 system."
Yup. But infected is infected.
The *nix box won't be affected by any of those viruses, but the machines it shares them with can be infected. And that infection can put a load on the network (particularly the viruses that do scanning).
It's easy to put anti-virus on the file server and just kill the infections there.
So PC users are gonna have to do some fast leveling to autmomatically turn these Zombies, let lone destroy the.
"The key challenge for Microsoft is not XP users," said Mr Beighton, "it's the Windows 98 and 95 machines."
I thought 98 was immune to blaster, sasser, et. al.
GETPKG - Package Management for Slackware
I don't know about YOUR network, but on ours, the W32-based viruses spread BECAUSE they run on a W32-based server (W32 bots, DCOM hacks, ActiveX controls, etc.). In contrast, my desktop W2K machine has never picked up viruses from any of our *nix boxes.
Sure, it's possible for an infected file to be sitting on a *nix box, waiting for the unsuspecting W32 client to pick it up, launch it, and so on. However, without a mechanism to put it on that box (as an attachment to an e-mail, or something similarly obvious and easy to block), the network is at much lower risk (in my experience) when the servers are all *nix boxes, at least at the outermost levels.
YMMV,
Tim
However they are very tenacious.
So - what's a good reference to detect and fix XP zombie issues? I run a firewall, (ZoneAlarm) and up to date antivirus softwrae, but I ain't no network expert. SpyBot and Adaware seem to deal with the junk other users (family) load onto the machine (and the occasional clue by four when needed), but I'd like to be more certain I ain't part of the problem. Unfortunately, moving to Linux is not an option (yet).
Any good suggetsion s- I've seen a lot of gloom and doom reports, but few good sources of what to do (even goofle ain't that helpful).
I'm a consultant - I convert gibberish into cash-flow.
Hackers on Mars have accidentally opened ports allowing Hell to infect PCs with evil viruses and turn them into Zombies!
AntiVirus software isn't enough. Hand me my pistol, my shotgun, my BFG and my flashlight.
"You spoony bard!" -Tellah
I am a sys admin for a hosting comapny, I cannot tell you guys how many spam zombies are out there, they are growing and the are scary, they will target a domain and spew out thousands of alpha numeric combinations hoping to land one delivery. We had so much trouble wiht one customer, he had to change his domain name, it is really bad... I am now starting to support the trend of ISP blocking port 25 all together, and to only allow email out via their mail servers (so they can make sure their users are no spam zombies). Spam sux :(
photoplankton
These sort of zombie nets are as much a threat to Symantec as they are anyone else. Symantec exists to help (and admittedly to make money doing so) other corporations perform business securely. I think it ignorant and paranoid to state that any security firm wants to see more trouble on the internet.
no "beowulf cluster" joke, this time, hu ?
--- Back to the trees, back to the trees !
Love the biting satire there Mr. Hemos. But, why
the heck should we worry? We live in a NAT world,
keep up to date on everything under the sun (SpyBot, NAV etc. etc.) and have even *uploaded* new viruses to McAfee et al.
Shit, my friend, I even *MET* someone who wrote an early (and very crappy) virus. To his dishonor it was
the very crummy "Pixel" virus (named after a
forgotten mag here in Greece).
I collaborated with him on a project to do a sort
of network dongle (shudders). Fun really, but
the irony is what I didn't do. I could have turned
our corporate network into a Beowulf long before
our Brother At NASA did...
Chuckles. OK, I'll go and contemplate that *beautiful* white blimp again - more olympics here, this time for people who have real problems
to deal with... Hope they have lots of fun.
Let's look at the average home PC. Most owners treat it like any other appliance, like a toaster or a refridgerator. They never consider the security implications. They see these bright shiny advertisements on TV for hyper-speed DSL or cable downloads and they hook right into the Internet, without any security forethought.
It's like walking out onto the Dan Ryan expressway blindfolded during the morning rush hour. Your survival rate is measured in seconds.
Of course, in a perfect world, this would not be a problem, because the good people would exercise netiquitte and leave the security-ignoramauses along. But unfortunately, there are bad people out there-- ones that write viruses; send spam; and use other peoples machines to wreak some imagined vengence against some site. What's a mother to do?
OK, here is what I want on my machine-- developers, wake up!
1) I want a zombie detector running at all times. I want it to tell me if someone is trying to get into my machine from the outside (regardless of port). I want it to tell me if some process on my machine is trying to reach a remote machine on the Internet (regardless of port). I want this to have an icon in my startup tray that will check for updates every x minutes, and blink if there are any. I want it to check for updates when I boot up anyway. And I want it to have the option to remove the zombie it finds.
Yes, I know this looks a lot like some commercial products (like from Symantec) but I want it free. And hacker-proof.
Does anyone out there have a zombie detector??
2) I want a utility that will check my incoming email, and check for a valid senders IP/hostname. If it fails, dump the email into the spam folder. This is in addition to any Baysian filters and other spam traps that almost work.
3) I really want an appliance computer. Not something where I need (a) a friendly neighborhood computer expert, or (b) a comp science degree (as if that helps), or (c) a hacker mentality to keep my machine vermin free and configurable. To you computer manufacturers / OS designers / application developers: Make it EASY for us, EVEN IF IT MAKES IT HARD ON YOU!! Apple, you are the closest right now.
When my wife feels comfortable on a computer, you have succeeded.
Off my soapbox.
Here's a (I think I'm typical of the hackers out here) way of rewording your request:
You *WANT* someone to 0wn your machine?
Be careful. Before you know the nanny state from hell
is going to decide that censoring the Simpsons (obscenity, full frontal nudity, graphic imagery)
or "The Rights of Man" (by my soulmate from Norfolk UK Tom Paine) is good for you.
Think before you wish for things - the real world is a lot nastier than the "Twilight Zone" !!
The internet is a mere tea party in comparison to
my friends the collared doves in a local park here
(chuckles).
As for spam. Er. I very rarely see any. Yahoo does
a pretty good job on that email account, and if your're real careful you won't subscribe to so many listserv things that your brain explodes.
Microsoft software is closed-source. As a consequence of this, the good guys (who vastly outnumber bad guys) are not allowed to look at the code and spot potential security holes, suggest fixes &c. Meanwhile, bad guys look at the code anyway, permission or not, spot the security holes and write software which takes advantage of them.
Symantec sell anti-virus software. This software is closed-source. As a consequence of this, everyone who wants a copy has to pay for it. Plus, the good guys (who outnumber the bad guys) are not allowed to examine and improve it; while the bad guys examine it anyway and take advantage of any opportunity to exploit it.
Symantec basically exploits the disadvantaged -- people who, through no fault of their own, have had something unpleasant happen to their computer -- for financial gain. If someone is running Windows, it's not really their fault that Windows is insecure. After all, it was already on the computer when they bought it (thanks to Microsoft's illegal monopoly), and it appeared to work out of the box.
Imagine if a restaurant sold food that made you constipated, knew that it made you constipated, and didn't do anything about it except suggest you buy some laxatives from the chemist across the street. Would anybody put up with that? It's crazy that in the realm of computers, people can and do get away with this sort of stuff all the time. I think it's all to do with how, in the late 1970s, someone at VisiCorp got worried in case someone designed a road bridge with the help of VisiCalc {a then-popular spreadsheet}, it collapsed, and VisiCorp got some of the blame.
The ONLY way you can ever be sure your software will do what you want, exactly what you want and nothing but what you want, is to read the source code -- or get somebody with nothing to gain from lying to you to do that for you. And if the supplier won't let you read the source code then screw them - they are no good.
Je fume. Tu fumes. Nous fûmes!
It's the only 98 machine I use as all my other ones are Linux or XP. It's at my company's office running legacy DOS applications that don't run well under XP, much less Linux/BSD. I also use it for e-mail and web browsing. I've had zero trouble with viruses, worms, trojans, and all the other flavors of malware because I use a little common sense, don't use IE or OutLook, and do use the AVG virus scanner (which never goes off), Zone Alarm freebie firewall and Ad Aware.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
that have nothing to do with the implementing programming language.
Remember the URL path hacks, esp. on Macs? foobar:/local/path links combined with location.href redirecting javascript... no buffer overflows there.
Many of the old outlook flaws that propogated some huge viruses and worms were because of how shittily it handled MIME-types and what attachments should be activated in the preview pane...
Again.
Sometimes the biggest problems aren't the much maligned buffer overflows but by people figuring out using features of software in ways that it was not intended.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
The last few really severe worm outbreaks took advantage of vulnerabilities that HAD ALREADY BEEN FIXED, for weeks.
In the end, the real fix for the situation is going to have to take place where the rubber meets the road. ISPs will have to do a better job of supervising the kinds of traffic flows that are coming out of the PCs attached to their networks. It should be part of your internet connection contract to be up to date, and have security measures in place.
The ISPs that don't do this... maybe they shouldn't be allowed to connect to the internet at all.
planet texture maps and more
We killed zombies by having our chaste, but scantily-clad female cleric turn them, while our muscular yet dim-witted fighter bashed them with a two-handed sword. If the going got really tough, we'd get our dextrious elven companion to lob some holy water on them.
Considering the technology to use dll hooks to bypass protection in online gaming, one must consider the ramifications if the technology gets in the wrong hands. Of course one of the people releasing the hooks the most is also a person who used to have loads of trojans downloadable on his clan's website, so that does not take much stretch of the imagination to make one fear the future abilities of viral scum. Fortunately, there are files like the ones called UTDC that catch the hooks, but then the author of the hook just releases a new one. Funny thing is, that this time, the UTDC fellow is on the Hook kook, has his number and puts out a new protection immediately afterwards. No, tickle may not pwn you any more, but there is always going to be someone who does.
Karma: Bad is the liberal way of saying this guy won't drink the kool aid here on slash dot. I wear my Karma with pride
"Carrier".
...
"I guess we have a different definition of infected. If I'm understanding you correctly, the file in question only affects MS Win32 clients and is really just another file to the *nix server. Maybe the term carrier would be more appropriate here as the UNIX system itself isn't compromised."
I like that. Short, sweet and to the point.
"The main point I try to make though concerning the AntiVirus on the UNIX CIFS servers is that if your getting a virus saved to a file, your really defending too late in the infection process."
and
"The file server is really a secondary point of infection if you look at the path of infection."
I am in complete agreement with you.
But the number of workstations is usually a lot higher than the number of servers. Which means that, statistically, the likelyhood is a lot higher that SOMETHING will go wrong with the virus software on a workstation than on a server.
Note: that's just statistics. That's not because it is Windows or the users are idiots or anything else.
So, the first line of defense is the workstations.
But a workstation can get their updates/software messed up and get infected. In which case, the workstation will probably try to save the virus to the server. So the server is our warning system.
Busted workstation
becomes
infected workstation
and
attempts to infect server
and
server yells for help
and
admin rushes and fixes the problem.
begin rant mode:
But anti-virus software is the DUMBEST solution to the problem in the first place. It is purely REACTIVE. That means that the virus has to be out and infecting machines BEFORE the anti-virus people get (DELAY #1) and then they have to write and release an update for it (DELAY #2) which THEN has to be downloaded by the workstations (DELAY #3). TWICE so far, McAfee has NOT had an update available before I've blocked email files with those viruses (yep, I block all executable files coming in).
Virus infections are a failure of the security model of the operating system.
This bugger was really tough to remove. I tried the adaware and Panda and any other "auto removal" tools that I could find. These efforts got me to the point where the homepage was no longer being affected
But through the process, I got introduced to "HijackThis" and "FindNFix" which is (or was at the time) more of an analysis tool than a repair tool. Using these tools, I was able to see that my efforts were only partially successful. Even though my homepage was no longer changing, I continued to have a persistent BHO that I could not get rid of. Or rather, once removed, it would re-appear on each reboot, usually with a different name.
I came to the realization that I was infected by a dormant bot. And that any time I started my browser, the bot would "phone home" and receiving no instructions, would do nothing. I knew that the day was coming when this bot would be instructed to do something besides nothing, and my computer would be enlisted as a soldier in a "drone army".
Because the "phone home" occurs as an http request via port 80, it occurs almost undetectably (I could see it happening via tcpdump on my firewall) and it is essentially impossible to block, unless you block web browsing to your user population.
This is the new evil..
I don't know that we have seen these drone armies put to use yet. The possibilities are frightening.
I see many posts, by the uninformed, that say.. Patch em up. Scan em thouroughly and run your adaware. You'll be safe then. Don't be misled. This is infection is more stealthy than that.
In the end, it took me several hours to learn how to remove this infection. I used the tools listed above, and some procedures I found documented in the news groups. I had to disable recovery, boot into safe mode, move (rename) the file three times and only then did my diagnostics come up clean.
I don't want to needlessly frighten anyone, but this one really scares the bejeesus out of me.
We are talking about Zombies from infected files in P2P applications.
How hard is it to imagine that someone who knows how to create a virus would create one, put it in a valid program such as a Mandrake 10.x distro, or a pirate copy of Office?
How hard is it to imagine that only a few users get this specific variant, so it never gets detected. Not by AV, and not *because* the MD5s were not checked by the 125 people that got Mandrake 10.x from this virus writer?
Zombies are on the rise. AV can only do so much. It cannot stop many of these memory resident worms.
We need to get some serious focus on the HoneyPots so that we can build a distributed HoneyPot network and report these Zombies to the ISPs. Back it up with some sort of router based DNSbl so we can force the ISP's to cleanup their netblocks, or else deal with users who can no longer get to their favorite websites.
Much of this framework is available. We just need the manpower behind it.
Edwin D.
I remember Trinoo back in late 1998, also CDC's BackOrifice. It was very clear back then that zombies were going to be a problem. The unfortunate truth is that security companies, ISPs, and the like only focus on issues once they reach critical mass, so they can justify expenditure. By the time meetings have been had, strategy has been discussed, marketing has been massaged, etc, the problem has grown into an epidemic.
The ISPs need to pick up the ball here, put up some IDS capable proxies in and start shutting down the shit they're spewing into the internet. Otherwise the problem is never going to go away if you expect grandma to buy something to solve a problem she doesn't understand.
They don't want to actually see more trouble.
They want the perception that the internet is becoming more threatening, ideally in conjunction with their product being portrayed as a solution.
That leads to increased sales for their overpriced consumer-level products. It's like how the Bush Administration spews agitprop about terrorism despite the total absence of domestic terrorism problems since 9/11-- both as a preventive measure and as an underhanded plan to create public demand for anti-terrorism policies which increase government involvement in areas where it will end up costing us heavily.
Game, set, match Symantec/Rove.
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
"I want ... I want ... I want ... I want ... but I want it free. And hacker-proof."
So you listed out requirements for a program that you are not willing to pay for. Where is the incentive to work on a project such as this? For the common good? For truth justice and the spam free way of the general public?
Most people who could program something like that probably don't need it, and the people who need it are not willing to pay for it. That would be a terrible business model. Too bad the dotcom boom passed, you could have made a million with the idea alone.
I bet you want your music free, and your p0rn free, and free internet access. Some things you just have to pay for. Just think of all the silly business models and requirements you could write if you only had a spam and virus free computer.
Probably true - in Symantec's case however, the threat is very real. I say this as an InfoSec professional who has dealt with the effects of zombie networks hammering critical infrastructure. In some cases it is far from trivial to deal with and may disrupt business significantly (and the bottom line) unless a lot of prethought and money has gone into securing a very flexible infrastructure beforehand.
holy water would have only shorted-out the VAX ...
The guy writes a wishlist, and you come down on him. You must be a spammer or virus author yourself. One thing for sure, you are a jerk.
This ought to take care of those zombie colors:
1 054216
http://shit.slashdot.org/article.pl?sid=04/09/20/
I'm quite surprised that some law firm hasn't ambulance-chased down some random dDoS victim, traced the attack, and then sued a whole bunch of small companies and perhaps even rich homeowners where some of the actual 0wn3d bot PC's used for the dDoS resided (not MS of course; they have too big a legal dept to "settle"). Even minor contributory negligence seems to go a long way in injury lawsuits these days.
This would probably eventually have some effect on the size of bot nets residing within US legal jurisdiction.