Slashdot Mirror
Over a Million Zombie PCs
Doyle writes "A BBC article discusses new research revealing that over 1 million computers have been compromised and are being used in bot nets. From the article: 'The largest network spied on by the team was made up of 50,000 hijacked home computers.'"
Maybe I should have sent THIS in afterall...
I'm a virgo and on Slashdot. Coincidence? Yes.
... the breakdown of that million by operating system?
You never know, it might be a nice bit of PR for some Apple/Linux/BSD organisation to casually slip into a Press Release.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Aren't zombies constantly searching for "brains" ?
compared to the millions of zombies in front of PCs.
:P
Come to think of it, the two just may be related.
If 1,000,000 computers can be identified as being zombie machines than 1,000,000 computer owners can be contacted. This is THE major problem afflicting the internet, why dont governments form a unit to identify and at least notifiy the owners of these machines? Will it take a major internet terrorist attack like bringing down a power grid to make governments act?. As net users we should advocate government involvment in a measured controlled way rather than the reaction that will come after an attack (patriot act?)
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
Is it really only one million? When I think of how the average user ends up getting a machine infected, I think of a whole lot more than 1 million. 10 million, perhaps.
01101001 01100001 01101101 01101110 01101111 01110100 01100001 01101100 01100001 01110111 01111001 01100101 01110010
At my university, we have to run snort at the head end of the network in order to control the havoc these compromised machines create. We also monitor the number of simultaneous connections each machine creates and block the ones at the very top.
MAc!
We're not zombies.
I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
*Connection Terminated Unexpectedly*
/dev/random
... a Beowulf Cluster of... oh wait...
(Hmm, can zombies be clustered? We all know from Night of the Living Dead that they DO cluster. Quite well, in fact...)
}#q NO CARRIER
In all honesty, that's it? I somehow expected more.
Just remember that it is also the responsibility of the computer users to patch their systems in a timely manner as soon as they are available.
If Linux had the the type of marketshare like Microsoft, there would still be plenty of zombie PCs to go around with unpatched systems.
Just putting an end to the mindless MS bashfest that inevitably arises with stories like these.
Remmeber when viruses would just "format C:"? When you were infected, you knew it cause your HD was blank. Now the average user can't tell when they have a problem or not...
Allready posted on Slashdot on Tuesday.
It's the Honeynet-Project again.
and at least notifiy the owners of these machines?
Something like that already exists.
Feel free to contact any of the infected and cross them out.
I'm a virgo and on Slashdot. Coincidence? Yes.
I know one thing: There's no way in hell they're ever gonna get passed my *ENLARGE YOUR PENIS* super leet windows 2003 install modded to look like xp *HELP RETRIEVE MY MILLIONS*. I even use IE7 beta, but I'm not scared cause I run McAfee *BUY SLIGHTLY USED PORN AT ROCK BOTTOM PRICES* firewall to protect my cable modem network. Let's see 'em try to get into THIS network! HA!
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
Better yet, why don't ISPs disconnect them until they can demonstrate they've been cleaned up?
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
No sane person should connect a critical piece of computer infrastructure, such as any computer dealing with the management of the electrical grid, to the internet.
Better thing would be to require by law that none can be connected instead.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Sales of silver cd-roms have gone up with the possibility of were-machines. Pitchfork and torch sales are also at their highest since the zombie scare in 1998.
From honeypot FAQ:
8. Do you prosecute the people that compromise systems within the Honeynet? No. The prime directive of the Honeynet Project is research and to share those lessons learn. It is not our goal to catch and prosecure blackhats. We do forward information about compromised systems to CERT so CERT can notify admins of compromised systems. We limit our contact with authorities only when the Project feels there is a critical need. If we were to become involved in a major legal case everytime a system was compromised, we would not have time for research, let alone our real jobs.
read more about honeypot here. It seems they probably could, but are not going to.
"So there he is, risen from the dead. Like that fella, E. T." - Father Ted Crilly
Governments?, What about ISPs? They are the ones having to pay for the added bandwitdh on both sides. I'm surprised most ISPs dont run IDS that can detect Zoombie Networks and automatically send emails to its infected customers. This will not only pay for itself by reducing bandwidth, but also make the customers more happy.
mnewberg.com
i never shut my PC off, leaving it running for hours on end. the monitor would go to sleep, but every now and then id wake up at early hours in the morning and it would be waking itself up. i figured this was because someone was remotely using my processor, which doesnt bother me much, because i wasnt using it anyway at that hour.
besides, that piece of shit off was just holding me over until i got my mac.
Damn, haven't been able to clean up their system in a while. I'm pretty tired of the "tech support" calls from them too..."why is the computer running so sloooooooow?" "why do we get these 'poop-ups' (as my father so lovingly calls them)?!?" "what do these warnings about 'your computer may be infected click here' mean?"
GAAAAAH!!!
So if 1 million machines are actively scanning for other machines with 200 threads. With ipv4 there should be 4211604225 theoretical public ips. If they were scanning with 200 threads/sec, they could cover the entire ipv4 address space in 21secs. Granted, I know not all 1 million are scanning, and I prolly screwed up in my ip calculations, but this still an astronomical number.
Now that the machines are known, their IPs are compiled into a list, what stops a good samaritan from setting up a script to patch them up?
It is probably quite complicated, technically speaking, because these machines now have to be scanned for every possible trojan, logger, virus in existance, but it's not impossible. Can an antivirus company, say, get a grant from a government to run a job like that?
You can't handle the truth.
One machine can be infected by multiple trojans.
One machine can reconnect to the same botnet multiple times as the person reboots to try and clear the problem.
One machine gets multiple IP addresses every time her reboots.
liqbase
Then buy a Mac and never worry about getting owned by some Eastern European punk kid again.
This explains why my startup sound suddenly changed into a groaning voice saying "Braiinnnnnssss..."
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
It's sad, but it seems the only way to mitigate this is to hold the OS vendor responisble for insecure code. Similar to cars, we hold the driver responsible if they ( say ) drive drunk, but the manufactorer responsible if while driving the wheels come off.
A Human Right
is a zombie PC.
One MEEEELLEYON ZOMBIE PCs!
Home PC users do not need to generate traffic on port 25 that's going anywhere other than their ISP's mailserver. ISP mailservers should use SMTP authentication. Of course these simple measures would mean support calls from users who need to reconfigure Outlook, and support calls cost money, so it'll never happen.
Nonetheless, these companies are proffiting while user machines get hijacked. Someone needs to make a little bit of effort, 'cause for now spreading these nets wider is way too easy.
Now many will call me a Microsoft basher and i unashamedly am and with a dammed good reason. The insecurity of microsoft OSs does not just effect those who want to use (or dont know they have other options)windows, but it effects me and my peers. ,HPUX,Solaris,OS X(maybe i should just include this in *BSD) and *BSD are not perfect and have some security issues , though nothing on this scale(my opinion ) , you can use the argument about if blah had blah monopoly then blah would be just as cracked (which i think is rubbish and doth not change the fact that it is only and if as it isnt so cant be proven) So as a user of the internet on my chosen Unix variants at home and at work I still have to suffer microsofts lackluster Network security through the set-up of botnets .
I know * linux
Spam - DDOS and freinds continue to plauge our internet services.
Fine blame the average user for not updating etc , the fact remains that a person who is skilled in other areas should not need to have the knowlidge level of a Tech or even System admin or developer just to be able to safely use a computer (Ease of use is a difrent kettle of fish)
Sorry for the rant , but I am rather narked off at Spam nets
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Time for someone to write a worm that forces an update from Windows Update; downloads a copy of SpyBot Search & Destroy, runs it and then turns on the firewall.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Tech: Hello sir, we are calling to inform you that your computer is infected with a trojan.
User: WHAT? I have Norton Antivirus installed on my machine and it says I am clean!! (last updated in 1999).
Tech: Our records indicate your machine was attacking other machines.
User: No it wasn't! I was just typing a word document on it and wasn't even using the internet! I will sue your ass for harrassing me with bull shit!
I think the only plausible defense against a botnet of such a size is to use the botnet against itself. Allow one of your systems to be infected with the botnet - effectively join their network. Then sniff the network traffic to find out what IRC server and channel to join and any security codes that are necessary to control the botnet. Then upload a "virus" into the botnet that will patch the infected system and remove the botnet binaries. No more botnet.
The only thing that makes me think it might not work is that it's similar to the stereotypical way of ridding the world of aliens in almost every sci-fi movie. Come to think of it, I might have gotten this idea from Independence Day.
I'm a big tall mofo.
Aren't linux users constantly searching for "girls" ?
...aiming a la-sor at the planet Earth!!! To avoid total destruction, you must pay me.... .... one meeeeelion dollars!!!!!
If a man empties his purse into his head no man can take it from him. An investment in knowledge pays the best interest.
...they're mine, all mine
Muhahahahahaha!
in the UK now the earlier hacker key logging story has broken, newscasters are doing their very best to convince people the internet is safe but ultimatly that wont last forever and it will simply be "safer" not to use the internet at all, with rampant ID theft, viruses, extortion by botnets, spam, worms, viruses, spyware,malware,tracking, phishing, 419's,fraud sites, its just not worth the risk of doing anything serious on the net at all! and if the hostilities continues its trend of growth it will be very soon for security professionals to argue against disconnecting as this is will eliminate a substantial risk/cost factor for buisness/private users
people just cant be bothered anymore (or thats the feedback i get), its just too complex for the average joe who is currently overwhelmed with threats to his financial and personal wellbeing (look at list i just mentioned) its hard enough to protect your assets in the "real world" as it is from conmen,burglars etc, without worrying that a glass screened box in the corner is gonna ruin you and your families life forever if you click on the wrong thing
i know im getting fed up of it and im an IT professional !
My home machine's webserver gets regularly punished by bots that are sending buffer overflow URLs. I only have port 80 open, too. I use my home machine for mythtv, and I certainly notice when the bots start attacking me.
It's really annoying. I've thought about what I can do to shut down bots that are annoying me with excess traffic...
Does anyone have some good suggestions for keeping zombie PC traffic off of linux webservers either via firewall rules, apache config files, or ?
Perhaps a more interesting question is... if your machines is being attacked by a zombie PC, is it okay to attack it back (and try to take it offline?) - Isn't this sort of like 'self defense'?
I'm not the greatest security expert, but I follow the proper guidelines (running AV, firewall, patches etc) and I still find that my xp machine is constantly coming up with some sorts of odd processes or quirks. I am giving up on windows as a personal machine, simply because it's ridiculous to constantly be fighting off things like this. I'm not going to blame anyone but the virus/spam/malware writers. I do what I can to practice "safe computing" (sic) and don't download stuff willy nilly.
I think it's a shame that it has to be like this. Unfortunately the only real solution would be genetically modifying everyone to get rid of the gene that makes people think it's ok to spam/hack/whatever people's machines. Impossible as it is, the best solution would be to shut down the internet for about 2 months, then all the spammers would have to give back their money to the people that paid them (as if they would). Not likely to happen though.
So that's what Zombo.com is!
"Will it take a major internet terrorist attack like bringing down a power grid to make governments act?."
Yes.
Of course it will.
This is a competitive supercomputer to Google's network!
I'm glad to be just part of the team!
<-[XP]-86840>: This message brought to you by Backdoor.Win32.Rbot.gen
SIGFAULT
The article says:
Many well-known vulnerabilities in the Windows operating system were exploited by 'bot net controllers to find and take over target machines.
That's the only mention of an OS. Any metrics on exactly which OS and version/patchlevel is the most responsible?
Weaselmancer
rediculous.
How many, out of that estimate, pertain to those who still didn't patch up that stupid RPC/DCOM vulnerability for 2000/XP?
"The ones who dont do anything are always the ones who try to pull you down" -- Henry Rollins
bots that infect computers ever conflict with each other. Like Bot1 takes over a PC, then Bot2 comes along, and maybe they fight over that PC or its resources?
A modern day witchhunt.
Comment removed based on user account deletion
What about ISPs?
An interesting article to view while a report of all infected hosts by worm variant is open on another tab of my browser. Most major ISPs have a list of IP addresses of infected hosts in order of bandwidth used. I suppose the bandwidth costs are just not all that high. Actually looking at some major ISPs data, I know they are not all that high per host. Probably the phone call costs more.
Grammma Nazis are teh fag0rtz , 1 Cn tr0ll 2 wid me n3 tr0ll methud
Comment removed based on user account deletion
hmm... would you be using a mac to u/l this "virus", like will smith did?
Comment removed based on user account deletion
I read a very interesting paper on this tactic/subject not too long ago. Rather than rehash the whole work, here is a link:
http://blanu.net/curious_yellow.html
I get nice little pop ups telling me my computer may be already infected all the time, don't you?
If you could reason with religious people, there would be no religious people
This is THE major problem afflicting the internet, why dont governments form a unit to identify and at least notifiy the owners of these machines?
Why should they? It's the ISPs who make money by providing Internet access. They should be responsible for alerting their customers about compromised machines. Most of them don't because it costs too much money, and there's little liability even if you do absolutely nothing.
On the other hand, customers aren't willing to pay for a notification service, or accept the privacy implications (notifying customers requires a mapping from dynamically assigned IP addresses to customer accounts). What's worse, a large percentage of them will just switch to another ISP once you restrict their network access because of a compromise.
Haven't you been watching 24? The terrorists can melt down every nuclear power plant in the country over the Internet!
...that all these botnets themselves seem to compromised that journalists and researchers can so easily get into them. If you're going to compromise other people's computers for whatever nefarious use, do you want your system itself wide open for someone to steal away from you or document your doings for law enforcement? The best back doors and holes are ones that no one sees until you're using them and it is too late.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
The more I read about this sort of thing, the more I realize that the net has become totally lawless.
Oh for vigilante justice. I want to string the spammers, phishers and bot-net admirals up from Ethernet cable and let them hang till their life is slowly peeled away from their body. Their head should be put on a pike, and placed at the entrance to the net, for all to see and take heed.
open4free © I'm wellcomed to my new real world, Matrix Inside!
And they all wear black gloves and use PowerBooks!
Sorry, I'm a newbie when it comes to security, but how can you tell if your computer is a zombie?
No sane person should connect a critical piece of computer infrastructure ... to the internet.
ROTFL...
Quickly! Disconnect the backbone from the internet! Unplug the DNS root servers! Take the routers offline! Cut the cables leading into Mae East! The internet is too dangerous!!!
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Perhaps all these Zombie comps should be put to good use. Who cares if people don't want to participate in grid computing ... they can be forced!
My coworker is doing some of his own investigations into this stuff. He hooked up a freshly installed, but unpatched, windows2000 box to the net with a freebsd box in between to monitor traffic. Within minutes it was infected, and we could see IRC traffic: connecting to a hidden channel to await instructions. Not that I'm that outraged that an old unpatched windows 2000 box is vulnerable; it's just amazing how quickly a worm will get you if you are vulnerable! -K
Is to aim for the head... In this case, the head of the user would probably be a better target.
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
When they're up, they're very entertaining.
An older spammer forum, SpecialHam.com is back up. With banner ads, even. "DarkMailer - not for newbies". "Blackbox Hosting - bulletproof hosting options" "SendSafe - bulk mail has never been this easy". "Bulkhost.com - the leader in bulk-friendly e-mail hosting".
Sites like these are where the hackers and spammers meet, find deals, and scream about being ripped off by each other. The actual deals tend to take place on ICQ.
-- Reality checks don't bounce.
Comment removed based on user account deletion
Bill Gates is using a robot net in building a spacecraft to return to his solar system.
Help end the use of Sigs. Tomorrow
Way to take it out of context, asshole. :P I don't think the DNS root servers are quite as important as a power grid :P
Comment removed based on user account deletion
Elvis didn't do no drugs!
Just imagine 1 million gastly little geeks with glasses Gates look alike zombies all staring in your Windows. Yikes!
If they aren't already logging who was using what IP at what time, they'll probably get boned by law enforcement when one of their customers does something illegal and the ISP can't help them track the criminal ;p
Why would we want such a useless thingy?
What can I do to see if my computer has been hijacked? netstat -r?
http://threetechguys.info Come, discuss Technology. Got a technology question? Come ask!
How long til they start using distributed hijacked PC networks to crack complex codes etc....
In what way is my ISP responsible for what I do on the internet? I don't know about you, but I don't pay my ISP to protect me and my privacy. I pay my ISP to provide a pipe, and nothing more.
"No one is more miserable than the person who wills everything and can do nothing." -Emperor Claudius 10 BC - AD 54
There's an oxymoron if I've ever seen one.
Blame the user for not patching?
I don't see either of these as reasonable without DRM. Computers are more complicated then any other consumer device and the exploits are more complicated then any other repair or maintenance we expect people to do. This won't change unless the home computer stops being a general purpose computer, through the magic of DRM. Then we could blame the vendor who had control.
At the very most, we will only hold people responsible for not doing relatively easy things: patching, anti-virus, firewall, etc.. These aren't enough though (0-day exploit, etc...) and we won't expect the average person to do more. If it's not reasonable to think the average person could fix it or prevent it, then we won't blame them.
The only alternative would be taking your computer to a specialist and having it certified. (DRM the slow way.) Then lawyers could blame the company that worked on it, or individuals could be liable for not having it serviced, as everyone knows you should.
Thanks for putting on the feedbag. Thanks for going all out. Thanks for showing me your Swiss Army knife.
Everyone has equal protection and responsibilities under the law, so OSS projects would have to be held to the same standards as oh-so-evil big corporations. Be careful what you wish for.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
There has GOT to be a movie in there somewhere. Perfect for Elvira's Mistress of the Night.
...it's for you.
cost vs unmitigated risk
And people say that the largest computer cluster in the world runs Linux. Bah!
Of course it runs Windows! Go Microsoft!
*ugh*
If you've got to ask, then you're probably a zombie.
"Where are we going?"
"Planet Ten!"
"When?"
"Real soon!"
I'm not good in groups. It's difficult to work in a group when you're omnipotent. - Q
This action would make sense and for that reason alone wouldn't be performed by government. But there are probably other reasons not to do this:
1. It would cause public fear and panic
2. It would expose that Microsoft products are the cause (that's how the public would see it... after all, kids are being raised by violent video games, not by parents)
3. Microsoft paid them not to do that. (ref: OpenSecrets web site for how much money Microsoft started donating since they first started to get into trouble.)
And generally, we just don't want the public to realize the government is using the same software they are...
... this is mostly due to M$ products being horribly insecure and unstable.
Thanks, Microsoft! Glad my Linux boxes aren't in that group.
If they aren't already logging who was using what IP at what time, they'll probably get boned by law enforcement when one of their customers does something illegal and the ISP can't help them track the criminal ;p
Europe currently lacks mandatory data rentention. On the contrary, many countries prohibit telcos from retaining call data records and the like for more than just a few months. As a result, ISPs can safely claim they do not collect that data. Currently, they simply don't have to.
Ah, thank you Steve Gibson from grc.com for that lovely nickname.
[an error occured while processing this directive]
The ISP needs to force the user to at minimum to install a software firewall.
Simpler than that. Just give customers a firewall appliance with their modem, and warnings of the doom that will befall them if they don't hook it up between their modem and PC....
iSKUNK!
The Internet is much too important to be connected to the Internet.
If corporations are people, aren't stockholders guilty of slavery?
This is scary stuff. I am not a techie, and this makes me nervous. I am behind a linksys router, i run zone alarm with very tight restrictions, recent virus scans show all pc's clean. are my computers clean? what's the best way to tell if my pc is a zombie???
My father recieved his first couple of Sparc-based unix boxes about 4 years ago in the wake of the dot-com collapse. For one reason or another, he decided to reinstall (a somewhat old version of) solaris from a disc he got with the system.
A couple of days later, his cable-modem based lan was nigh unusable; lo and behold, the unpatched solaris box was sending out data as fast as it could. Neither of us had the technical expertise to figure out what exactly had happened, but the process that was causing all the trouble was sitting in a dir full of various tools that seemed to be doing some sort of IP range scaning and self propegation.
If there are enough systems out there with a given hole, someone will exploit it, reguardless of OS.
(and please forgive the low-level question) ...How can I tell whether or not my own computer (PC, running XP) has been compromised?
Well, this brings the scenario closer to a fantasy movie with a powerful artifact to control an army of the undead... go figure :-)
I do too. I find it particularly funny that these helpful windows installation wizard popups keep appearing on my Mac (OS X) box.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
..spam mails is determining which are real and which are fake. :/
Tell your dad to stop surfing shady pr0n sites.
I have a bunch of Win XPhome, Pro and W2K boxes @ home, fully patched, personal firewalled, my router screens what it can, in fact it blocks most every port and tosses pings from both sides. There's antispyware and AV scanners running on all desktops. And brute force scans for virus and all other malware kick off weekly. The uplink is cable (shared). Am I contaminated? You betcha. I can run any spyware tool @ random and find something and once a month I trap a virus either in the browser cache or the jpi cache on one or all of these machines.
Shit I forgot why I wrote this - oh yeah. What is the definition of "GOOD"? So while there 1.2 globzigillion zombies out there, what is the likelihood you're actually clean? I'd say damn near zero.
hahah let me guess you're American ?
The wording should be changed to read: No sane person should connect any machine to the internet without at least a hardware firewall in between. They are really inexpensive and provide a critical line of defense against comprimise by worms.
/dev, etc.
Long ago I made the experiment of pluging an old Red Hat 6.x box directly to the internet with most of the ports open: telnet, ftp (anonymous), rsh etc. It was compromised in no time. The new owners did a decent job of hiding the tracks, they installed a kernel patch to provide "hidden" files, a new "top", several interesting cron jobs, thousands of new entries in
But they screwed up netstat. I was monitoring the machine remotely and could not see my own connection ! that gave it away. It seems they were half way thru the process. I was able to locate most of the source for the "worm" (I assumed it was one), the code was nicely annotated and the paradigm was really interesting, very close to the dream of the platform independent worm.
That was years ago, I don't even want to image how far the techniques have advanced in this time.
or post comments on /. without hitting preview
aload = allowed
M$ it's whats for diner!!!!!
and automatically send emails to its infected customers.
If the computer is compromised, then email may not be the best channel. Of course, email would be a good starting point.
Have your machine intentionally be part of the "zombies", and you get all the goodies, and look like a victim at the same time.
"Kaa's Law: In any sufficiently large group of people most are idiots. "
LOL, Maybe you should write that in proper English before calling people idiots.
BTW, it is a comma you forgot.
You know that is my experience as well. Somehow, being a linux user and happily married seems correlated. I wonder why?
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
What the hell are mods smoking nowaays?
Please explain to me how this is offtopic?
I work for a minor dialup in BFE, KY. We used to have large problems with our users getting hacked and zombiefied. But we decided since they weren't going to have a local firewall then we'd run one for them. Generally speaking Joe User doesn't need an internal SMTP server, http server, and so on. So we've got it set up now where they can connect to http, ftp, send their emails, send their IMs, play their games, and even use BT. But, alot of things that they'll never noticed are disabled for their own good. We'll occasionally have someone call about something not working and we'll then add in a rule to punch a hole for them. But I think that has been one person in the past year so far.
I'm surprised more ISPs don't do this as we used to be overloading our pipe due to the bots but now we're using half of our pipe durring peak times.
I could see this as a potential issue for some broadband ISPs but the saved money in bandwidth is much higher than the cost of manpower
Bravo!!! brxndxn you have hit the nail on the head, (with a sledge hammer)...
Politics is Treachery, Religion is Brainwashing
Features like these are the only way that they can make everyone climb on the 'Trusted Computing' bandwagon. Insecurity has been and will always be their greatest selling feature. Just think of the amount of bandwidth that could be freed up if stupid users were all forced to upgrade to 'trusted computing'.
If the Windows OS did not need fixing all the time then there would be no reason to 'upgrade', and you wouldn't see all those stupid users running back and forth to the computer stores to get their systems running again. 90% of the business that computer stores do is fixing user hosed MS computers!
If that went away then the bust would make the 2000 dotcom disaster look trivial by comparison.
....a group of super smart nersd somehow figures out how to do the same thing to these millions of PCs, but in reverse. Somehow create a worm that turns on the XP firewall, installs MS Anti-Spy and SpyBot and whatever else is needed. Isn't this easy to do (for the geek crowd)? Every new client I get (I'm a home computer tech) is infected with massive amounts of spyware. They have NO idea. My last two clients had more than 10,000 files and programs that were deemed spyware (not including cookies). It took forever to clean these machines, esp with those damn trojans not wanting to leave. I've got years of experience so I know what to do. But 99.999% of Windoze users doesn't have the damndest clue. My clients can't even set up their own DSL connections. how are they going to prevent their computers from being turned into zombies? Hell, they don't even know what that means.
It's up to the benevolent hackers or MS. My $$ is on the geeks outside of Redmond.
thanks!
They'll probably never know anyway as it would take them off the Spam circuit.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Who do we hold responsible when the owner leaves the keys in the ignition, the manufacturer didn't provide any door locks, and an Eastern European gang steals the car and uses it to deliver advertising circulars to 10,000,000 mobile homes? Just hypotheticall, of course.
Pe op le wi th a l ar ge pen is sho uld ha ve mas s iv e, frequ ent, la rge typ os d ue to ina dver tant ap pe nda ge intr usi on on the ke yb oard you wou ld th ink. No te t hat 99.9 99% of pen is spa m is ho rri bl y ful l of typo s. There fore, a ll pe nis spa m is r ea l. Go fo r the si ze in cre ase!
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Bad PR but who the fuck cares.
tihihi I said boxen.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Barring the 9th circuit and all of Great Britian as I understand it, there is another problem with retaliation in self-defense here.
Application of force. If someone attacks me in my home with real or apparant intent to kill, I respond in full. If I somehow manage to subdue said scumbag without killing them, after they are incapacitated I am no longer able to justify their death at my hands as self defense. In other words, if I tie up a murderer in my apartment and wait for the police, I cannot claim self-defense for then shooting him out of boredom.
In other words, the response is usually considered self-defense only if it is comparable to the attack. Try to take it offline, well, were you knocked off-line in the attack? Keep in mind, I most definitely am not a lawyer.
http://en.wikipedia.org/wiki/Self_defense
Slashdot: The left's answer to Rush Limbaugh...
Don't fall into their trap. The childish cynics and the childish idealists would have you believe that they are part of the left and right wings of the political spectrum; that one is conservative and the other liberal.
This is wrong. For proof, simply look at a dictionary whose definition of either term goes beyond "conservatives believe in right/conservative things" and "liberals believe in left/liberal things" and you'll see that the attempts by the "left" to keep things the same and the attempts by the "right" to do things that have never been done before, along with other actions which run directly contrary to the true meaning of various areas of the political spectrum or the meaning of those two words Conservative and Liberal.
Myself? I'm a conservative in the truest and best sense of the word: a traditionalist who tends to be frugal with expendatures, underestimate income, and prefers to limit government power. Following the lessons of the past, however, leads me to want to continue the best traditions which have made the modern world prosperous and free, rather than become one of the bickering children who would claim that their simplistic worldview, ignorant of the past, present, or future, is anything like the noble philosophies of the true left or right.
It's been a long time.
why dont governments form a unit to identify and at least notifiy the owners of these machines?
To paraphrase the late great Jerry Orbach playing Lenny Briscoe, "Sure, let's get the government involved. That'll solve everything."
And as far as the ISPs go, I've worked for ISPs that wouldn't even cut someone off for non-payment for fear of their subscriber numbers going down. Do you really think they have the manpower, resources, or interest in doing anything about this until they're forced to by business pressures? (eg, never.)
The only way to fix this problem is user education. And because most users refuse to be educated, or accept any form of responsibility for their own machines, I don't see this problem getting fixed. Ever.
Never underestimate the power of stupid people in large groups.
When I see a new PC and look at the user for 3 seconds... if only I could ask 2 questions and then bet money on whether the machine in question has any malware - I'd be rich.
Yea corporate networks are better - if the corporation is big. Most small businesses have owned or infected boxes.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Remember, Linux is is the Insecure OS, not WIndows! http://linux.slashdot.org/article.pl?sid=05/03/16/ 1517207&tid=163&tid=1&tid=218
Another blaster-like gets widespread, and destroys the machines in question. Wipe the HD, wipe the BIOS if possible. Wipe all files on all network drives with write access. Wipe everything. Write nasty letter to boss. Play fart sounds, change wallpaper to tubgirl.
THIS would wake people up. Not the fact that the ADSL light blinks a bit and the machine feels a bit slower.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
"If Joe User were required to start by using Linux or BSD, it would set computing back 10 years."
To a time before rampant SpambotNets and the DMCA. Sign me up! :-)
What? What?! NOW it's the ISP's responsibility?? Consistenty, Slashdot. Please. ISPs provide a connection to the Internet. It's the USER's responsibility to decide what they do with that connection. And it's the GOVERNMENT's (read: society's) responsibility to find and prosecute the sons of bitches who willfully and with malice inject our machines full of their garbage--be it bots, spyware, or spam. Casting [any] blame on the ISPs is akin to blaming P2P companies for copyright infringement or blaming Smith and Wesson for drive-by shootings. I could go on for hours, but I feel like I've made my point.
honestly how many botnet operators are that sufisticated? yes some are, but most?
your also forgetting something else. Possesion of the Private key means that it is undeniable that you are in control of said bot net. in short a digitally signed order is a literal signiture of the controler of the botnet. forget the "i was hacked to" excuse or the "that was someone else's ip 24 hours ago" one. if you have the private key your signing those mesages.
How would I read slashdot then ?
And yes I am reading it from a scada machine for those who kow what I am talking about.
"It seems they probably could, but are not going to."
Well yeah, it's not their job, and its as much their problem as it is the rest of the worlds.
Imagine trying to fix 100,0000 relatives computers. Most of these people are people who don't care at all if their computer is compromised, and would require someone else to fix it, not them.
In fact I was just at a cafe that had a few spybots installed on the machines there, I told many people who went up to use them exactly what was/would happen if they used it, most of the responses I got were "what are they going to do, break into my yahoo account". And it didn't stop a single person from using it (then I decided to login to their router and deny all access to irc ports).
TruePunk | Games
What? What?! NOW it's the ISP's responsibility?? Consistenty, Slashdot. Please. ISPs provide a connection to the Internet. It's the USER's responsibility to decide what they do with that connection. And it's the GOVERNMENT's (read: society's) responsibility to find and prosecute the sons of bitches who willfully and with malice inject our machines full of their garbage--be it bots, spyware, or spam. Casting [any] blame on the ISPs is akin to blaming P2P companies for copyright infringement or blaming Smith and Wesson for drive-by shootings. I could go on for hours, but I feel like I've made my point. (Re-post. Sorry, I guess I screwed something up. THIS is where this comment's s'posed to be.)
In a weird way, I have to give some credit to the botnet operator(s) who are running 50,000 machine botnet. That is, assuming they actually wrote the bot software themselves.
It's not easy to write networking application that would scale well, especially when you have n amount of peers and each peer has unknown amount of bandwidth.
If the machines can cross-communicate without centralized server and scale up to 50 000, that's one nice application.
now, only if they would use them for something else than extortion and crime..
There are no atheists when recovering from tape backup.
http://it.slashdot.org/article.pl?sid=05/03/15/134 1203&tid=172&tid=1
/. think we didn't RTFA in the first place or too dumb to understand it... We needed the diluted verion i guess.... or maybe Zonk and Camander Taco don't compaire notes... who knows. EIther way same story twice in 3 days = yuck.
RTFA!
I am pretty sure the BBC news post is just a dumbed down version of this report:
http://www.honeynet.org/papers/bots/
So it begs the question why is this news... Does
out
DarthVain
So how many of these are being used for P2P serving?
"But Judge, I wasn't me that was sharing those files "
Before you laugh, I had a Linux 'router' broken into about 8 years ago. I of course caught it in nightly auditing, but it happened.
Turned my machine into a porn ftp server and a bridge to break into the next person.. If I hadn't been auditing, might have been months before discovery..
---- Booth was a patriot ----
One box to rule them all, One net to find them,
One OS to bring them all, and in the darkness bind them.
http://www.ubuntulinux.org/
Brought to you by AOL. ;)
"Nature bats last..."
I've had machines show up in my shop along with notes from Road Runner stating that they can't regain their service until they show proof the machine was repaired properly. These machines have always been so bad off, they were unusable, yet they were kept online constantly, to display popups and act as zombies.
One case it was actaully not the customers machines, but his neighbor who was taking a free ride on their wide open wireless network. Turning on WEP immediatly fixed the problem. The customer couldn't figure it out, because they were a household of Macs, and were sure they couldn't get hijacked like that. They never even thought of the wide open network.
rm -rf
reinstall Windows! It's the answer to everything.
Sometimes seventeen/Syllables aren't enough to/Express a complete
1) get source code of whatever worm is making all these zombies
2) modify code to only spread itself for a few hours per machine before killing net connection and berating computer owner for poor security.
Result: bot nets destroyed, computer owners informed.
Optional result is you get arrested, but that's why I am leaving this up to a non-American to do. However, what if I drove to Mexico before releasing the worm, would that make a difference?
It occurs to me that we are seeing the Free Market at work. There is obviously more money to be made in spamming and supporting spamming than there is in ordinary folks like you and me communicating through email. Nor is this the type of thing that one ISP can solve alone, so you can't vote with your money at another ISP.
Until the cost equations tilt somehow, spam will continue and probably grow. As long as the incremental cost of sending additional spam is so close to zero it'll happen.
Perhaps another law is being broken with zombie nets, but as long as it's only for a nuisance like spam or zombie growth, I doubt the government will get involved.
Now, if we could prove that terrorists are shipping plans and information through zombie nets, steganographically hidden in spam, it would be a different story. We could wear our tinfoil hats right to the DHS and get action.
The living have better things to do than to continue hating the dead.
Apparently they were using SUSE 8 Pro and Solaris 8 as the Honypots. My issue with the BBC article is that although (as can be seen from the Honeypot site) 90% of the attacks were aimed at, or originated from a Windows machine, the offending OS is mentioned only once.
They (the BBC) should spell it out, so that the general public actually gets notified officially, and thus make it a well known issue amongs non-IT literate people.
why dont governments form a unit to identify and at least notifiy the owners of these machines?
I think I would prefer my tax dollars go to the fixing of schools and highways or medical research or even the military before someone gets a government job notifying people that their comptuters are bothering people.
Does this mean we have 1 million+ zombie users on our hands?
IT Guy: Get your stooped windows viruses off of me!
Zombie: Must click on banner...Must click on banner...Must kill all who don't click banners...
Hey any game makers out there, we have your self a new game...
Technabyte - Read my tech news blog.
Let's sue people whenever things go wrong!
is anyone really suprised by this? alot of people who own computers dont even bother updating any protection software they might have. its not really a surprise at this point
Society never gets more or less violent, the definition of violent just keeps changing.
But what command to send!!??? Sleep. Sleep... Data... Sleep.
Still have your notes from that? It sounds like it might be interesting to go over.
01101001 01100001 01101101 01101110 01101111 01110100 01100001 01101100 01100001 01110111 01111001 01100101 01110010
Independence Day
Or maybe from Shin seiki Evangelion (Neon Genesis Evangelion), Episode 13: Angel Invasion / Lilliputian Hitcher
Irene KHAAAAAAN!
Yup, they should make a law that forces ISPs to simply pull the plug on the users broadband connection when a zombied pc is conclusively detected. Until that user can show that they are a responsible pc owner and netizen, it's back to playing Solitaire or Minesweeper.
(Monty Python Argument Clinic Sketch.) The joke he was doing was a reference to the "Night of the Living Dead" series of zombie movies.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Sounds like a rip-roaring time. A great party, I bet.
My other first post is car post.
Sounds like speculation to me.
Now imaging those 1M PCs infected with good viruses, viruses that crawl the web, crunch difficult problems, etc.
Virus hackers: write good viruses that infect even more PCs.
Simpy
I've been relatively unharmed thus far. Sure i've had a few run-ins with malware, spyware, adware etc... but nothing I couldn't have simply lived with... and nothing that I haven't been able to defeat. So far my toughest experience was with a worm that was eating all my system resources and for some reason couldn't be removed by Norton... Luckily I'd prepared backups the day before because I was planning to do a fresh install of windows anyway. Most of my other experiences with malware etc, were "hey I didn't even notice the symptoms" moments when Avast! let me know about them. Personally, if I dont see a problem... then there's no problem. Generally though, my computer checks out clean. I know my way around windows and dos and the internet, but I wouldn't consider myself a computer expert since I know very little about programing and networking. So if I'm no expert, why am I unharmed? Well, I've got the good sense to use a decent virus program (Avast! free and recomended, google it), a spyware tool (spybot), a firewall (both hardware and software), and an automated backup utility. All that software of course could sit on your hard drive unused and you'd be better off which is why I've developed the good habits of manually activating a virus or spyware check every now and then, keeping my desktop, menus, and programs organized and free of crap, not falling for "britany_spears_naked.exe," and backing up frequently. Hey, a spindle of cd's is well worth the cost when you consider how much easier it is to back up your files than to re-create them after a disaster.
Over a million zombie PCs
not
Over a zillion mombie PCs!
Hello! I'm a disaster waiting to happen!
Comment removed based on user account deletion
When my uncle was living in Italy, there was one day that he was driving through the mountains and one of his wheels came off. He avoided falling off the cliff, and to hold his spare tire on, he decided to take one nut from each of the other wheels. He put the wrench on the first one to remove it, and it was loose, and so were the others. After checking that nobody he knew was trying to kill him, he decided that it was probably just thieves trying to steal his fancy wheels who'd been interrupted before they'd gotten them off.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This is where the government can step in: they can make it unlawful for ISPs to not disconnect someone after they are notified of illegal activities via a hijacked PC. Right now many ISPs simply don't care what their customers do. This should change.
When not handling abuse reports will result in being put out of business, this will wake them up and put people on the task.
There was sod all wrong with the Firestone tyres. It was because the users had been told to run them at absurdly low pressures to try to minimise the risk of the vehicle flipping at low speed. Had the Explorer been built with a low enough centre of gravity (instead of being about as stable as an egg standing on its pointy end) the problem would not have occurred.
As an aside, I use Firestone tyres on all kinds of vehicles, and have never had a problem. If I was in a nitpicky mood, I'd say that their 145SR15s are not nearly as sticky as the Michelin equivalents, but they *are* 1/3 the price.
ISPs should be held responsible for what theur client do when they have been notified of their wrongdoings and have decided not to pay attention to those notifications.
Right now there is the problem of many hijacked and virus-infected PCs on broadband networks, and the victims of those have the problem that they can identify the problem spot only by IP address,
The ISP acts as a shield between you and the troublemaker, by systematically ignoring requests to take them offline or to give you contact information so you can call them yourself.
This is not like the position of P2P companies or weapon manufacturers. It is like the ISPs position in copyright violation cases. The ISP is held responsible until they provide the name of the offender.
I now realize that you must be a Slashdot editor, presumably paid, and therefore an IT professional.
Yes, this is why I drive an automatic. I was taught to drive an automatic, and my first few cars were automatic.
I know how to drive standards (Stick shift) and have had a few vehicles that were standard. But I keep going back to Automatic.
I know some of my geeky friends who swear up and down on standards. They love to tune their cars and have complete knowledge of the inner workings of their vehicles.
They say an automatic is for wimps.
But I don't really care how my car works. I just works. If the car can shift the gears for me, why would I want to do it myself?
Same reason why I drive Windows computers and not Linux computers. I have many Windows computers doing all sorts of things - including managing themself. The HP Insight agents are a real nice feature.
I have a few RedHat & Mandrake boxes. But they do very little. They have BIND, DHCPD, and STunnel which are all configured via WebMIN.
Everything else is Windows here. Hundreds and Hundreds of computers. The only exception being 3 AS/400's. They cost a ton of money, but do what they are programmed to do very well. These are the H2's of the computer world.
Check again, they use Dell laptops. (Thank you, HD!)
It would be cool if it didn't suck.
The Eastern European gang!
The others share some blame for making it too easy, but let's not lose sight of the fact that the perpetrators of the theft have actual malicious intent.
Newest ad-aware, newest Norton SystemWorks, half a dozen other malware removal programs, winxp firewall up and running... and I can't get this stuff (ads, CPU-sucking processes which respawn, etc) off my parent's machine permanently. What's the deal? Is anyone else out there finding it flat out impossible to make this stuff go away? Jon
My home PC runs WinXP most of the time, behind a hardware firewall of course, and security updates are relatively painless. I have them set to download automatically, and only update when I want them to (it's not the default, but I don't like the machine rebooting itself when I'm not around or don't want to be interrupted), but the nag balloon pops up any time there are updates ready. I think their default is to update automatically as well. It's a big change for MS, but it's a lot safer than it used to be.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
There's certainly no excuse for implementing it as a worm when it could have just as well been a scanner program that operated at a controlled rate from an identifiable site. But one of the biggest problems with Nachi was that it generated too much internet traffic. It did lots of pings deciding what to infect, and worked fast enough that it generally made a bigger mess of any networks it was on than the original Blaster had.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I deal with several spy-ware comprimised machines every day. They account for perhaps fifty percent of my workday each and every day.
.exe files in the root and in the temp directory that were obviously spyware. The machine would NOT let me delete the files even though I booted with a known good "Bart's PE CD" I was unable to find what was preventing me from deleting them (attributes all seemed okay).
About a month ago things started getting worse again, for a while before that things had gotten better for a while. Part of it was because I was getting better at dealing with the crap but another part of it seemed like I was actually seeing fewer comprimised machines. The metrics seemed to bear this out too.
In the past few weeks, the machines have been more grossly effected - many having multiple installs of spyware and virtually every one of them containing a trojan back-door of some sort. On top of that, either I'm getting dumber or the crap is getting much harder to remove. In some cases, the computers wouldn't let me run the more common tools that I use - they would launch and be closed immediately.
In one case in particular, I had a machine that worked fine one day and the very next the machine litterally took hours to come up to the desktop! All the while it was doing *something* with the remote user's network connection. When I brought that machine in I booted using a bootable CD ROM and discovered a number of
After reimaging the computer, I put the data back down and reinstalled the programs and the machine was flawless - so it wasn't hardware. Unfortunately, time is money and I can not afford to take all the time in the world to do forensics.
What I guess I am trying to convey here is that in my opinion, there has been in the very recent past a fundimental change in the way this stuff is working. I suspect that these efforts are more than just an effort to make the spyware harder to removed. I suspect that there is now more happening in the background of these machines. I'm sure many of them are "bot-net" machines but even worse, I think some of the machines that I've seen are very busy "harvesting" data from the owner's machines!
If my hunch is correct, I'm willing to bet the in the very near future, we will see identity theft on a scale we had never imagined before. Frankly, I'm quite concerned about that and am suggesting that people who have been victims of this "nasty spyware" take the time to change all of the passwords and credit card numbers while their computer is still "fresh" or better yet, change the information in person at their bank or over the phone.
Does anyone else see the same things happening?
Google for "Process Explorer" - free download, shows all processes and CPU usage (there is also an option to show % fractions of CPU usage or context switches for being really precise). Shows processes in a tree also, so you can see what's started what. Also gives ability to pause (a la -SIGSTOP/CONT) processes, very handy lil download. Well done the creators.
-2A
The revolution will not be televised... but it will have a page on Wikipedia
There are two reasons a hacker might not want to leave the key unencrypted on his disk - one is that if he gets caught, it's proof that he knew the key, and the other is that if somebody cracks that machine, they can steal his zombie army. Neither problem is a real worry - if you're Evil But Not Stupid, you don't run the zombie controller on your own machine, you crack somebody else's machine and use that to crack somebody else's machine and use *that* to run the zombies from, so it's hard to trace back to you or the cybercafe you rode in on. The theft problem is a threat model issue - since the zombie controller is just another hijacked machine, you may decide not to worry about it getting stolen, or you do a little more cookbook cryptography and handle the asymmetric private key the way PGP does - store it encrypted using a conventional symmetric cypher using a password you can easily remember, so you don't need to store that on your machine, though you might write it on a yellow sticky note.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Sometimes having an over sized swap file can cause over hdd activity. Old rule was "swap should be 1.5 times size of RAM" (I think)... but this really doesn't apply for the amount of RAM our machines come with these days for what we do with them.
Also as someone else said - turning off index service (or "find fast" which came with older Office versions - dunno about recent ones).
Also as I mentioned in another post, check out the free download Process Explorer (google for it), watch 'context switches', see what's busy.
-2A
The revolution will not be televised... but it will have a page on Wikipedia
This *was* a few years ago, and crackers have gotten more sophisticated, and DSL and cable modem proliferation means there are lots more fast net connections for them to work with. At the time, Win95 was obsolete, RedHat was doing 7.x versions, and Staecheldraht attacks seemed to mostly come from universities (including Washington University, whose wu-ftpd was one of the main holes exploited by crackers, and a machine that looked like it was from MIT but was actually from somebody in Japan with a byte-order problem.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The client doesn't need to be technically sophisticated - you set them up by routing all their HTTP requests to your new-user server, so they don't even have to remember to go there themselves, tell them to wait while you run a scan, and then have them tell you whether they've got XP/Win2K/Win98/Mac/Linux and download the appropriate checkup program. Furthermore, it's not unreasonable to keep them in a quarantine zone with an easy mechanism to get full internet capability if they can fill out your form correctly - that keeps the naive users in protected mode, and lets the clients who know how to RTFM get unfiltered or semi-filtered access if they want it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Time flies like a banana.
Dance is a sack in the wars for their genocide. Decimated by manifest destiny. Tortured and enslaved in the process. And a bunch of the window actions can be resisted, but not an idea whose time has come. You've got connection limits and such to ensure that you and i have one thing in common. We're both human. There are also about 2759023845908750923854 (as of last week) versions of solitaire available for the right job. Awww geez, i'm running out of heaven every stone about the weight of a client for business.
Because you are a part of the leg, and is the tendon which connects the head with the lower extremities.
Are you on crack or something?
http://en.wikipedia.org/wiki/NMCIe ms
and
http://en.wikipedia.org/wiki/Electronic_Data_Syst
I saw the Sign, and it opened up my eyes
i sent a email to my isp complaining that my machine was attacked over 100 times in 30 minutes by zombie computers. they dont get it was already compramised machines they thought it was just port scanning. you know what ports got hit the most? 135 137 139 and 455 guess what that is ? netbios what does netbios = ? yes you guessed it microsoft. the only real way to get this type of stuff to stop is no1 make sure people are nated no2 if people do have there machine compramised and it starts anonying other people with constant exploits being sent at you. they should have there isp account take away from them untill they fix it up. granted not all machines that are compramised are windows machines alot of them are poorly administrated *nix boxes but only about 10%. as you can see from http://www.securityfocus.com/archive/75/393292/ here you can make joe user update his windows box but you can put him behind a firewall so the only bugs he can get hit by are ie bugs or other things along them lines
http://en.wikipedia.org/wiki/Electronic_Data_Syste ms
/. keeps breaking it.
Just copy and paste it,
I saw the Sign, and it opened up my eyes
That's a good idea in theory. Unfortunately, where technology is concerned, I don't trust the government to know what an ISP is, let alone realize that people can do illegal things with it.
Plus enforcement would be all but impossible. The tax revenue consumed by such a (IMHO) futile effort could be put to much better use.
The underlying cause of ISPs' apathy towards compromised PCs is that consumer culture in this country (posting from the USA) is broken. The way IMHO that consumerism is supposed to work is if you don't like the way someone is providing a service or product, you'll vote with your pocketbook and go to the competition. In this case, if the ISP that you're on allows compromised PCs on its network, then you get the heck off their network and switch to a provider that gives a damn about security. But the average USian is either too lazy, too stupid, or too cheap to do anything about it, and when you compound those factors with the average USian's complete stupidity regarding technology (see this post for my definition of stupidity vs. ignorance), you have the problem we're discussing.
Never underestimate the power of stupid people in large groups.
It's an email collection site, spammers.
Has been reported as fraud.
Or was that too obvious? I mean, zombie jokes aren't really the freshest material around.
Of course all operating systems have their security holes. However, it's stily to say that no matter how poor a OS design may be (Windoz), that it doesn't matter and they are "all the same."
I think the problem is not that customers are or should be unsatisfied with their own ISP and thus should move to another.
The problem is that other ISPs exist that do not care, and that we are all connected to one single Internet.
So even when you are at a ISP that cares about these things (I am), you still suffer from the million PCs of users at ISPs that don't care, and there is nothing you can do about that.
So an ISP should be required by law to care about this. Just as there exists a mandatory facilitation of lawful intercept (at least here), it could be mandated that ISPs provide a contact method to report compromised systems, and be mandated to actually do something with the reports.
For example, an e-mail address or form on their website where you enter date/time, IP address and observed activity (spamrelay, attempted virus delivery, portscanning or other hacking) usually related with compromised systems. The ISP would then have to handle these reports, for example in order of decreasing number of reports per address. The customer would have to be contacted, warned about the situation, maybe get moved to a closed network where they can download only tools, or disconnected completely until the situation is remedied.
Don't say it can't be done, my ISP does it and others do. But as it is not mandatory there remain countless other ISPs that don't, and millions of PCs that you can see attacking you and the rest of the world but you (and others) can do nothing about because you have no way of contacting their owner.
I think the solution should be instant death penalty for hackers.. Hey it shouldn't be tough to get compromised attacks down to almost nothing..
Just say no to license servers!!
"Vendor-written drivers have a very poor record". Sure. I'd much prefer my drivers to be written by someone who has time on his hands rather than the actual MANUFACTURER OF THAT HARDWARE.
Whether you're pro or anti MS, you've got to realise the parent poster was absolute bullshit.
FUD, plain and simple. "What good is it as an OS if you can't add various hardware" - find me an OS with better support for third party hardware right out of the box and I'll kiss you on the ring, you fucknut.
All OSs have their pluses and minuses, but one thing Linux and the Mac aren't renowned for is compatibility with loads of hardware.... Mod me up, you fvckers!
Taking the internet as a whole entity it begins to resemble a biological model, similar to cells comprising a whole creature, or a population of individual creatures comprising an ecosystem, subject to the same points of frailty and weakness. Infections break out all the time, a constant war is waged between organisms competing for scarce resources - food, territory, and the like. Or cpu time, disk space and bandwidth.
Genetically uniform populations are wiped out easily by viruses that are quicker to adopt, and are easily able to invade the cell and get it producing and distibuting more viruses in a chain-reaction.
What is interesting is that no biological system has a really large number of easily infectible hosts that have survived for any length of time, they have inevitably died out. The numbers of the initial population are irrelevant, a larger population simply means there are more target hosts for predatory orginisms to feed upon, which accelerates the process of the demise of the species. The only thing that will enable them to survive is geological isolation, or adaptation and evolution of more effective immune systems, feeding habits, physical robustness, intelligence, and other survival traits.
That being the case, the biological model is a warning that systems that do not adopt will inevitably perish. What is the biological equivalent of an anti-botnet botnet? A retrovirus would more akin to the sasser worm, in which a virus tries to repair the vulnerability that enabled it to infect the host/cell in the first place.
http://www.spreadfirefox.com/
so how helpful was this? The first day the american news sources said it was a good virus stopping the bad. I can tell you first hand that Nachi was more painful...
Your Average Joe
The problem is that other ISPs exist that do not care, and that we are all connected to one single Internet.
This is true, but technology exists to filter harmful content at the borders of a given ISPs network (known exploits, spam, virii, etc.). It's implemented with varying degrees of intelligence among ISPs.
So even when you are at a ISP that cares about these things (I am), you still suffer from the million PCs of users at ISPs that don't care, and there is nothing you can do about that.
I disagree. There are many steps you can take to minimize your systems' exposure to harmful content, such as an updated antivirus, spam filtering (on the server and the client), and a correctly configured firewall. I agree that these steps shouldn't be necessary, the problem should be prevented before it's created, but that's like saying you shouldn't have to carry an umbrella because it shouldn't rain.
So an ISP should be required by law to care about this.
In a perfect world, a law could be created and enforced that would acheive this. We don't live in a perfect world. The government tried to do something about one aspect of this problem with the CAN-SPAM act, which has been loudly criticized as a deeply flawed piece of legislation that not only doesn't accomplish what its writers intended, it in fact makes the problem WORSE by giving spammers the right to email anyone once with any campaign they choose, with the only condition that they give you the option to not receive any more messages related to that campaign. Expecting spammers to be discouraged because they're doing something illegal is like expecting your dog not to pee on your rug if you don't let him out.
Don't say it can't be done, my ISP does it and others do.
Yay for your ISP. I'm glad someone in the business world gives a damn about the quality of the product or service they're producing. They're in the drastic minority; most businesses (including ISPs) only care that the money keeps coming in faster than it goes out.
The facts of life in this case are these: Millions of vulnerable machines are connected to the Internet, through a combination of Microsoft's "swiss cheese" approach to security and user ignorance/stupidity. ISPs are unwilling or unable to do anything about zombie machines, either because of resource limitations or incompetent management. To say government is incompetent in this area is like calling water wet. All you can do (until the ISPs figure out a way that curing the situation could make them money) is protect yourself as best you can.
Never underestimate the power of stupid people in large groups.
I recently cleaned a machine from a neighbour, who asked me about the dangers of spyware. When I told them what could happen (I gave the classic example of online banking login), their reaction was: "oh, we're not that rich, who would steal our money?". What the???
As long as you can't force users to do something about the situation, you're nowhere. And to force them, they have to do something wrong.
The best thing would be to disallow them access to the Net on an ISP level, like another poster already pointed out.
There are many steps you can take to minimize your systems' exposure to harmful content, such as an updated antivirus, spam filtering (on the server and the client), and a correctly configured firewall. I agree that these steps shouldn't be necessary, the problem should be prevented before it's created, but that's like saying you shouldn't have to carry an umbrella because it shouldn't rain.
Of course I have taken all measures to be sure I do not get the bad guys on my system. I use Linux, filter for dangerous content, run a firewall, etc.
But this does not prevent me from receiving one hundred spam mails per day via compromised systems (which are rejected but still cause lots of logging and traffic), plus many more attempts to connect and portscan.
Also I have had to abandon a domain name because spammers have chosen to use it as a From address in their spams. I have had to set the MX record to localhost. When I try to set my own system as MX host, I get bombarded by bounces (thousands a day).
This is also caused by careless ISPs. A reasonably managed mailserver would not accept mail from a source address that has its MX set to localhost, but they do.
Finally, some of those virus infected systems are spreading their virusmail with my valid mail address as a sender address (because it appears somewhere on those systems). Others may think I am spreading that. I want to stop them from doing it but the ISP does not give me contact information and I have no way to force them to stop misusing my name (mail address).
I agree that a law is not the first choice to rectify such situations, but it may be the only way to make the ISPs do something. It does not matter so much that the government is incompetent, what matters is that I can send a letter or mail stating "you are required by law to take action so please do so within an X amount of time or I will take legal action".