Slashdot Mirror
Zombie Networks On The Rise
A reader writes "
According to Symantec via the BBC online, Zombie PC nets are growing very fast. Of course, it should also note that Symantec may want those numbers to be as scary as possible. " ITMJ is part of OSTG, like Slashdot. There's also a NY Times story on the article as well.
Symantec's industry survives because of news article that promote security threats.
-------
artlu.net
How exactly would NAT protect them? A amjor control vector for these bot-nets is IRC, which can be used through NAT. The infection vector is e-mail, which is also useable through NAT.
If NAT became widespread, then the zombies will adapt. It is only a false sense of security.
Good idea, virus companies should start writing virii that lock down the 'average' users machine, patch holes in Windows, and replace the IE shortcut on the desktop with a Mozilla Firebird one :)
But wouldn't that put anti-virus makers out of business? (In my personal conspiracy theory, Symantec, Norton & Friends write the virii in the first place to generate even more revenue).
The alternative is for everybody to move over to Mac OSX - Making Unix user-friendly is easier than debugging Windows :)
A lot of good that will do when the trojan goes through your NAT/Firewall through that big hole we call "email."
Only a comprehensive approach will make a big enough difference. That includes patching, being skeptical of email attachments, firewalling, and virus scanning.
PC hygiene goes a long way too. People are slowly learning that you just can't install the "newest c00lest blah-blah of the day" anymore as it will be 99% spyware and 1% app. It will be poorly written and cause all sorts of problems.
These are just growing pains and even though the stats dont look good right now at least I can talk about spyware and viruses and have people understand what I'm saying.
Why bad-mouth Symantec for pointing out the reality of the situation? Would you be happier if it were CERT or someone else delivering the bad news?
Symantec and its tools are part of the solution. Not exclusively the solution, or the only solution, but a part of it. And, by letting people know that problems are out there, they're performing a service that is necessary; you didn't think someone like Microsoft was going to be issuing press releases to the media that put its products in a negative light, did you?
It's not even as if the other AV vendors that you mention are any different to Symantec: both Panda and Kaspersky are closed-source commercial products and both companies have prevalent virus activity and warning indicators on the homepages of their respective websites. And I bet they both send out press releases to the media highlighting large-scale infestations and particularly dangerous threats, so why crucify Symantec for being the company whose press release the BBC chose to focus on?
Bottom line: why blame the messenger if the message is accurate?
Just what's Symantec done here to warrant you being any more ticked off at them than anyone else? Do you have a legitimate reason for targetting them or are you just trolling?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
"The key challenge for Microsoft is not XP users," said Mr Beighton, "it's the Windows 98 and 95 machines."
Any bets that we'll still this line 5 or 10 years down the road? The "ain't broke, don't fix" mentality is above and beyond some individuals' concept of needing to update.
"Update? Why do'z I need to do'z dat? My solitare runz just fine ma!"
Some aim to please, I aim to tease.
Looking at the security logs on my Linux system (with a broadband connection), there is at least one hack attempt to log into my system using sshd (users such as root, cisco, syadmin, admin etc...) .
In the past week these have been from the India Institute of Technology, Florida International University, and various Korean servers. And that doesn't include the RPC DCOM exploits that come in all the time from other windows systems (about one every five minutes).
To quote the fine article:
Don't think so. There are *far* fewer exploitable services running on Windows 95 and Windows 98, as compared to Windows 2000 and XP. I'd *much* rather use Windows 98 online than Windows 2000 or XP, in security terms. Most of the recent worms use exploits in services that never existed prior to Windows 2000 ...
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
That makes no sense. If you would normally receive a packet (e.g. because you provide web service, or have an IM port open or whatever) then the NAT router will rewrite the packets so that you still receive the trojan.
OTOH if you wouldn't normally receive something (e.g. it's an HTTP attack and you don't run a web server) then the NAT makes no difference, you still won't receive it. Big deal.
NATs are not magical protective charms. They're just a desperate hack to get around running out of IP addresses. If you want a firewall, install a firewall, not a NAT.
But, would the NAT box normally be told to forward port 445, etc?
I didn't say that it was an alternative to a firewall for actual security, but it's better than nothing.
That's not totally true. Sometimes you might receive something -- if a worm runs through random IP ranges -- and the NAT does protect you from that. For the typical home user who won't configure the NAT to do anything, a non-exploitable NAT will keep them safe because it'll only forward packets to the user's box that have corresponding outbound packets. They're not perfect security, but when set up like that, they do act as a decent firewall.
How can you make that determination when neither has been accomplished?
What do you call OS X then?
'By the pricking of my thumbs, something wicked this way comes'
"True that the *nix server could be affected, but it's really due to a compromise on the MS Win32 system."
Yup. But infected is infected.
The *nix box won't be affected by any of those viruses, but the machines it shares them with can be infected. And that infection can put a load on the network (particularly the viruses that do scanning).
It's easy to put anti-virus on the file server and just kill the infections there.
Force people to install security updates or sell the PCs with them all pre installed and make windows update automaticly run once a month.
Sorry, but I'm not going to let any program, Windows Update included, automaticly [sic] run on my computer and update software willy-nilly. If you do this, you're just looking for trouble down the road when some "update" happens to either break software that you've got installed or install "new and improved" DRM from MS. You have to remember that a large number of updates from MS nowadays are not easily uninstalled... think twice before letting anything like that onto your system.
The member IRC Networks of IRCUnity have been systematically shutting down those channels as quickly as they are found. IRCUnity is the same group that disabled the Fizzer Worm last year.
Pete Carr Owner Chatmag.com
Let's look at the average home PC. Most owners treat it like any other appliance, like a toaster or a refridgerator. They never consider the security implications. They see these bright shiny advertisements on TV for hyper-speed DSL or cable downloads and they hook right into the Internet, without any security forethought.
It's like walking out onto the Dan Ryan expressway blindfolded during the morning rush hour. Your survival rate is measured in seconds.
Of course, in a perfect world, this would not be a problem, because the good people would exercise netiquitte and leave the security-ignoramauses along. But unfortunately, there are bad people out there-- ones that write viruses; send spam; and use other peoples machines to wreak some imagined vengence against some site. What's a mother to do?
OK, here is what I want on my machine-- developers, wake up!
1) I want a zombie detector running at all times. I want it to tell me if someone is trying to get into my machine from the outside (regardless of port). I want it to tell me if some process on my machine is trying to reach a remote machine on the Internet (regardless of port). I want this to have an icon in my startup tray that will check for updates every x minutes, and blink if there are any. I want it to check for updates when I boot up anyway. And I want it to have the option to remove the zombie it finds.
Yes, I know this looks a lot like some commercial products (like from Symantec) but I want it free. And hacker-proof.
Does anyone out there have a zombie detector??
2) I want a utility that will check my incoming email, and check for a valid senders IP/hostname. If it fails, dump the email into the spam folder. This is in addition to any Baysian filters and other spam traps that almost work.
3) I really want an appliance computer. Not something where I need (a) a friendly neighborhood computer expert, or (b) a comp science degree (as if that helps), or (c) a hacker mentality to keep my machine vermin free and configurable. To you computer manufacturers / OS designers / application developers: Make it EASY for us, EVEN IF IT MAKES IT HARD ON YOU!! Apple, you are the closest right now.
When my wife feels comfortable on a computer, you have succeeded.
Off my soapbox.