Slashdot Mirror
Over a Million Zombie PCs
Doyle writes "A BBC article discusses new research revealing that over 1 million computers have been compromised and are being used in bot nets. From the article: 'The largest network spied on by the team was made up of 50,000 hijacked home computers.'"
... the breakdown of that million by operating system?
You never know, it might be a nice bit of PR for some Apple/Linux/BSD organisation to casually slip into a Press Release.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Remmeber when viruses would just "format C:"? When you were infected, you knew it cause your HD was blank. Now the average user can't tell when they have a problem or not...
No sane person should connect a critical piece of computer infrastructure, such as any computer dealing with the management of the electrical grid, to the internet.
Better thing would be to require by law that none can be connected instead.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Governments?, What about ISPs? They are the ones having to pay for the added bandwitdh on both sides. I'm surprised most ISPs dont run IDS that can detect Zoombie Networks and automatically send emails to its infected customers. This will not only pay for itself by reducing bandwidth, but also make the customers more happy.
mnewberg.com
Well this is 1 million zombie-infected PC's, which are infected with specific types of trojans and such and presumably are actively being used in bot-nets.
I imagine there are quite a few more machines that are zombie infected that were not detected for whatever reason (turned off, firewalls, etc), plus all the millions of more machines that are "just" infected with viruses, spyware, or trojans that do not produce bot-net like activity.
Home PC users do not need to generate traffic on port 25 that's going anywhere other than their ISP's mailserver. ISP mailservers should use SMTP authentication. Of course these simple measures would mean support calls from users who need to reconfigure Outlook, and support calls cost money, so it'll never happen.
Nonetheless, these companies are proffiting while user machines get hijacked. Someone needs to make a little bit of effort, 'cause for now spreading these nets wider is way too easy.
Now many will call me a Microsoft basher and i unashamedly am and with a dammed good reason. The insecurity of microsoft OSs does not just effect those who want to use (or dont know they have other options)windows, but it effects me and my peers. ,HPUX,Solaris,OS X(maybe i should just include this in *BSD) and *BSD are not perfect and have some security issues , though nothing on this scale(my opinion ) , you can use the argument about if blah had blah monopoly then blah would be just as cracked (which i think is rubbish and doth not change the fact that it is only and if as it isnt so cant be proven) So as a user of the internet on my chosen Unix variants at home and at work I still have to suffer microsofts lackluster Network security through the set-up of botnets .
I know * linux
Spam - DDOS and freinds continue to plauge our internet services.
Fine blame the average user for not updating etc , the fact remains that a person who is skilled in other areas should not need to have the knowlidge level of a Tech or even System admin or developer just to be able to safely use a computer (Ease of use is a difrent kettle of fish)
Sorry for the rant , but I am rather narked off at Spam nets
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Yea, they had the ability to disconnect me until I cleaned up some p2p software I had running. I'd say this is much more important than a few TV episodes.
Paying taxes to buy civilization is like paying a hooker to buy love.
Time for someone to write a worm that forces an update from Windows Update; downloads a copy of SpyBot Search & Destroy, runs it and then turns on the firewall.
-Charles
Learning HOW to think is more important than learning WHAT to think.
I'm not the greatest security expert, but I follow the proper guidelines (running AV, firewall, patches etc) and I still find that my xp machine is constantly coming up with some sorts of odd processes or quirks. I am giving up on windows as a personal machine, simply because it's ridiculous to constantly be fighting off things like this. I'm not going to blame anyone but the virus/spam/malware writers. I do what I can to practice "safe computing" (sic) and don't download stuff willy nilly.
I think it's a shame that it has to be like this. Unfortunately the only real solution would be genetically modifying everyone to get rid of the gene that makes people think it's ok to spam/hack/whatever people's machines. Impossible as it is, the best solution would be to shut down the internet for about 2 months, then all the spammers would have to give back their money to the people that paid them (as if they would). Not likely to happen though.
"Will it take a major internet terrorist attack like bringing down a power grid to make governments act?."
Yes.
Of course it will.
How many, out of that estimate, pertain to those who still didn't patch up that stupid RPC/DCOM vulnerability for 2000/XP?
"The ones who dont do anything are always the ones who try to pull you down" -- Henry Rollins
Comment removed based on user account deletion
Thank you, I could not have said it better myself. I use Linux everyday, and in all honesty I patch my Linux box more than I patch my Windows XP box. Sure, the Linux box is frequently getting simple app upgrades/patches, but there are a good number of security fixes in those patches as well. An admin I work with left his Red Hat box unpatched and for a year and it got nailed twice, just do the math. Linux might be more secure, but it is only as secure as the person who administrates the box.
...that all these botnets themselves seem to compromised that journalists and researchers can so easily get into them. If you're going to compromise other people's computers for whatever nefarious use, do you want your system itself wide open for someone to steal away from you or document your doings for law enforcement? The best back doors and holes are ones that no one sees until you're using them and it is too late.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Because it is not in the ISP's best (i.e. financial) interests to do so. Finding these machines, teaching users how to clean them up, and then reactivating their access would require a great deal of manpower and money. Since not doing it is consequence-free, there is no incentive to do it. It's like dealing with hazardous waste; it's difficult and expensive. Without some outside force compelling companies to dispose of it appropriately, they would deal with it the cheapest and easiest way possible. That is, dumping it on the rest of us, like these ISPs do.
Show me where in the documentation for a new PC it goes into firewalls, etc. I can show you in the owner's manual for my car where the seatbelts are explained.
Unless, of course, many ISPs start doing it. Then what happens is those that don't start finding that they're not allowed to peer with those that do, etc...
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Comment removed based on user account deletion
They won't clean up, they will go to an ISP that doesn't care. I run a small ISP, I've called customers and informed them of these issues... nothing happens... threaten to cut them off... nothing happens... cut them off... they call angry say "Fine! Don't bother!" and a customer is lost. A customer lost, is a customer lost. Police != Profit unfortunately, and it's a fine line to walk.
Comment removed based on user account deletion
How long til they start using distributed hijacked PC networks to crack complex codes etc....
In what way is my ISP responsible for what I do on the internet? I don't know about you, but I don't pay my ISP to protect me and my privacy. I pay my ISP to provide a pipe, and nothing more.
"No one is more miserable than the person who wills everything and can do nothing." -Emperor Claudius 10 BC - AD 54
Doesn't matter now because even if they've been upgraded, the infections are probably still present and running. They could all be Windows XP SP2 now for all we know, but the trojans are already in.
Believe me, this is not the answer.
I work for my ISP as helpdesk/tech support. I get calls all the time, 'Yeah, I got this pop-up from Norton says that Internet Explorer is trying to access the internet, what should I do?'
If these PCs became zombies, than the users that operate them would have no clue how to operate a software firewall. Instead, they need AV software, and some computer training, and possibly a hardware firewall.
Easiest to implement would be a DSL/Cable modem and firewall combo that the ISP setup and configures. They can leave the documentation for the end user to configure ports and such if they can figure it out on their own, otherwise, it's full on blocking all incoming ports.
I'm all for the computer equivilent of a drivers license before they are allowed to hook up their PC to the internet.
Why does everyone insist that firewalls are secure? There are so many ways to bypass them it is not even funny, and I am not only talking about NAT but SPI also. Ultimately it is like a strainer. Blocks some but not all. Really more of a traffic cop. Everyone has allowed open ports, and I can run scripts to pull down what I can not push up. Why bang on locked windows and doors, when I can stroll in through the front main entrance? People have very hard time managing internet logs too, even if they do discover they've been compromised. Sheesh!
Have your machine intentionally be part of the "zombies", and you get all the goodies, and look like a victim at the same time.
I'd just like to know why taskmanager says CPU utilization is over 50%, the hard disk is thrashing, and the network light is on constantly, but task manger only list 3 processes using 2%? Nothing shows up on virus scans, nothing shows up on spyware scans and half the time it quits as soon as I open taskmanager.
At least in linux TOP shows you what process is sucking up the cycles, giving you a fighting chance. I'm not completely clueless, I've used windows since 3.11, cut my teeth on basic and dos batch scripts, installed Linux on a machine before win95 was released and still I know the wife's WinXP machine that's fully patched hardware and software firewalled is owned and can't find out how; what's Joe average going to do?
Apocalypse Cancelled, Sorry, No Ticket Refunds
People and businesses that are irresponsible are not to be treated as equal partners in this world.
While I agree with the sentiment, it doesn't practically work when applied to the Internet. There are a few reasons. One is the legal reason. ISPs are common carriers and if they start monitoring their traffic and nicking people for being zombies, they could be held responsible if they miss some zombies and those zombies cause damage (yes, I realize this is inane, but it's how lawyers and the law think). The other is that I believe ISP level blocking would significantly harm the internet. Just like blackholing all of China's email traps legitimate messages, blocking whole ISPs would trap legitimate connections. In some areas, a wide choice of ISPs is not available, and legitimate users would have to jump over hurdles just to get onto the internet.
Additionally, why should I allow some ISP to adopt a business model that puts their costs onto me?
Do you think ISP prices would go DOWN if they started going after zombie boxes? If anything, they would go up, since tracking down and dealing with the problems would require more resources, more people, more time. As I said in another post, the ISPs have decided that it's cheaper to buy more bandwidth.
Also, you're a user of a service. The business model already puts their costs onto you. I hope you already knew this.
The Windows XP firewall is pretty seamless. It is on and just sits there unlike NIS or ZoneAlarm.
But for Cable/DSL the easier answer is just put in a NAT box. I mean a simple router goes for $10. If the ISPs hadn't tried to gouge everyone for hooking up two computers to one line, this probaly wouldn't be an issue now.
Just a Tuna in the Sea of Life
why dont governments form a unit to identify and at least notifiy the owners of these machines?
To paraphrase the late great Jerry Orbach playing Lenny Briscoe, "Sure, let's get the government involved. That'll solve everything."
And as far as the ISPs go, I've worked for ISPs that wouldn't even cut someone off for non-payment for fear of their subscriber numbers going down. Do you really think they have the manpower, resources, or interest in doing anything about this until they're forced to by business pressures? (eg, never.)
The only way to fix this problem is user education. And because most users refuse to be educated, or accept any form of responsibility for their own machines, I don't see this problem getting fixed. Ever.
Never underestimate the power of stupid people in large groups.
I'm not an expert or anything, but it seems to me that the zombies, need to report their presence to the controller, and that usualy done through an IRC channel. If you find the IRC's with the most connections, and block it or even better spoof-it to a tarpit and nobody complains about not being able to connect to their favorite IRC you'd be pretty safe. Of course a lot of people might complain that their 'puters lock-up as soon as they log in.
Apocalypse Cancelled, Sorry, No Ticket Refunds
"If Joe User were required to start by using Linux or BSD, it would set computing back 10 years."
To a time before rampant SpambotNets and the DMCA. Sign me up! :-)
It's not the ISP's job to firewall. The clients are paying for an Internet connection, not a web-browsing service, so they get a damn Internet connection.
Besides, by doing some filtering, you take responsibility. You remember, common-carrier status and all that.
Vintage computer games and RPG books available. Email me if you're interested.
But face it, that sucks so badly that everyone just increases the max with that program that's going round (no I can't be bothered to Google it, I don't even use windows any more :-).
P2P users all do it, why can't a worm/botnet client do it?
# cat
Damn, my RAM is full of llamas.
I can run any spyware tool @ random and find something and once a month I trap a virus either in the browser cache or the jpi cache on one or all of these machines.
I wasn't looking over your shoulder when you performed this scan, so I don't know precisely what you saw, but finding things in the browser cache is not cause for alarm. For example, if I were to rename some virus-laden executable to have the JPEG extension, reference it in an img tag in an HTML file, and pop it on a website, all browsers would download the file - they don't know any better. It's not like they're then going to say, "Oh look, it's an executable! I better run it now." (At least, one would hope... :)
Just because you find something in your browser cache doesn't mean you're infected.
The Online Slang Dictionary
Like that act is stopping the malicious attacks? Dosn't look like it. You have a better idea?
why dont governments form a unit to identify and at least notifiy the owners of these machines?
I think I would prefer my tax dollars go to the fixing of schools and highways or medical research or even the military before someone gets a government job notifying people that their comptuters are bothering people.
Then they'll come up with a reason to charge you for opening each port through the firewall.
Who said anything about charging $ to clean up Mom's PC? Better yet to barter with her...clean it up for a batch of cookies...or a 6-pack. People are generally a lot more willing to trade goods/services than pay $.
And if she's family, she should understand where you're coming from. You may not be a heartless bastard, but the spammers sure are. And keeping that machine clean costs $. Or cookies
Practice Kind Randomness and Beautiful Acts of Nonsense.
Consider telling your mom "Hey mom, I just bought you a new PC. Here's the deal, though: since you don't have the time or money to keep your computer from getting infected, I had to get you a different kind of computer. It's very easy to use, and does lots of great stuff, but looks a little different. The good part is, you won't get disconnected again. Oh, and I'm putting this little box (router) between you and the internet for your protection. Don't worry, you don't have to actually touch it or do anything, it'll just work."
Then drop a Mini Mac on them.