Slashdot Mirror
Zombie Networks On The Rise
A reader writes "
According to Symantec via the BBC online, Zombie PC nets are growing very fast. Of course, it should also note that Symantec may want those numbers to be as scary as possible. " ITMJ is part of OSTG, like Slashdot. There's also a NY Times story on the article as well.
...to get people to realize that the internet is not a nice place? I applaud Microsoft's attempt to make their OS more secure, even if it isn't as comprehensive as it should be. As illegal as it is, I would love to see a zombie virus spread that locks down peoples computers, cleans them and installs a firewall. I certainly wouldn't put my head on the block for that one, but I'd love to see it happen. Hopefully it'd cut down on my spam.
You too can learn to link to the NYT without registering.
c ure.html?ex=1253419200&en=651229ed583b13bc&ei=5090 &partner=rssuserland
Here the reg free link...
http://www.nytimes.com/2004/09/20/technology/20se
Surveys and public information releases like this are great free press.
First, it makes you appear to be THE expert because you reported it first. Second, it links your name to someone that focuses on this problem.
Why do you think we see the abc/new york times poll or whatever? It's because it's a cheap way to make news... it's a cheap advertising campaign.
Is this bad? I don't think so...
People get into the security business, for example, by reporting new viruses or exploits.
You can't blame them for releasing press releases.... it's part of their business. As it shoud be...
Seriously, most P2P protocols need to be improved in detecting that there is no one home, or someone is going to figure out how to inject IP addresses into their networks for DDoS attacks.
One line blog. I hear that they're called Twitters now.
For example, spamwarez.biz gets name services from ns1.zombie-dns.biz thru ns7.zombie-dns.biz. zombie-dns.biz nameservers are *also* running on a Zombie network, and setting DNS servers in the domain registrar's control panel. If you can shut down zombie-dns.biz at the registrar and deactivate, then the entire zombie network collapses.
Of course, most registrars don't give a damn about this, especially the Spam friendly ones, but I've successfully managed to shut down a small number of zombie networks by using various means.. not all of which might be considered ethical or even 100% legal.. but who cares?
A lot of good that will do when the trojan goes through your NAT/Firewall through that big hole we call "email."
Only a comprehensive approach will make a big enough difference. That includes patching, being skeptical of email attachments, firewalling, and virus scanning.
PC hygiene goes a long way too. People are slowly learning that you just can't install the "newest c00lest blah-blah of the day" anymore as it will be 99% spyware and 1% app. It will be poorly written and cause all sorts of problems.
These are just growing pains and even though the stats dont look good right now at least I can talk about spyware and viruses and have people understand what I'm saying.
...when my PC started its habit of flashing the word "BRAAAIIINS" every few minutes.
To quote the fine article:
Don't think so. There are *far* fewer exploitable services running on Windows 95 and Windows 98, as compared to Windows 2000 and XP. I'd *much* rather use Windows 98 online than Windows 2000 or XP, in security terms. Most of the recent worms use exploits in services that never existed prior to Windows 2000 ...
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
That makes no sense. If you would normally receive a packet (e.g. because you provide web service, or have an IM port open or whatever) then the NAT router will rewrite the packets so that you still receive the trojan.
OTOH if you wouldn't normally receive something (e.g. it's an HTTP attack and you don't run a web server) then the NAT makes no difference, you still won't receive it. Big deal.
NATs are not magical protective charms. They're just a desperate hack to get around running out of IP addresses. If you want a firewall, install a firewall, not a NAT.
I don't know about that. I find it ironic that even on P2P networks people are so infected that their files aren't even usable. The irony is that you can download functioning copies from the same networks that they are participating in or at least can get a free version of some decent virus protection, yet they don't. So I think even if not one more single computer virus was made starting tomorrow it would take forever for them to disappear.
Not trying to flame here but some of the worst havens I have seen are samba shares because people don't put antivirus on *nix servers. It is like pulling teeth trying to tell those admins that it DOES affect them. If their users are running windows, get a virus that does keylogging, and they log in again...guess what...it did affect the *nix server.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
Personally I have made more money freelance in IT the past few months than ever before. I have a great recipie.
1 -uninstall whatever Virusscanner they have. Norton is absolute crap. antivir catches more nasties, uses far less resources, is 100% free, and overall is a better product. Install it and update it.
install adaware and update it, install spybot search and destroy and update it and then install hijackthis.
then reboot the windows machine into safe mode. this BLOCKS most spyware and bugs from running so you can eliminate them. run antivir full scan on all files, set to clean then delete and look for all unwanted types of programs.
after that is done, reboot bact to safe mode and run adaware, do what it want's to clean, then spybot search and destroy, do what it says, then finally hijacthis to look for the typical nasties that are left clinging around.
finally I install for the user startupmonitor tha twill give you a warning box every time ANYTHING tries to insert it's self in the registry to run as soon as the computer boots, and allows you to block that action.
Then after it's clean and i na normal boot I no longer detect any virus or crapware I give it back to the user with a list of what I did, what I added and how it works, and finally a note that this will not immunize them, but they can and will start getting this crap again the second they start hitting the net again. i tell them they can limit the re-infection rate if they install and use mozilla and mozilla mail.
They also get a CD with all the apps I installed plus the latest mozilla.
All that Get's me $150.00 a pop. I usually have 3 of them on my bench running my process every day.
local computer "experts" are charging $250.00 and only re-install the OS, they do not offer a cleaning.
needless to say, I'm cleaning up.
Do not look at laser with remaining good eye.
I have talked to several people with XP boxes who have gotten infected while my 98SE box is just fine. Now, I protect that box with anti-virus, a hardware firewall, and using Mozilla and maybe that has something to do with it, or maybe I'm just lucky, but you have to admit that 98 is immune to many of the latest viruses.