Slashdot Mirror
Over a Million Zombie PCs
Doyle writes "A BBC article discusses new research revealing that over 1 million computers have been compromised and are being used in bot nets. From the article: 'The largest network spied on by the team was made up of 50,000 hijacked home computers.'"
... the breakdown of that million by operating system?
You never know, it might be a nice bit of PR for some Apple/Linux/BSD organisation to casually slip into a Press Release.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Remmeber when viruses would just "format C:"? When you were infected, you knew it cause your HD was blank. Now the average user can't tell when they have a problem or not...
Governments?, What about ISPs? They are the ones having to pay for the added bandwitdh on both sides. I'm surprised most ISPs dont run IDS that can detect Zoombie Networks and automatically send emails to its infected customers. This will not only pay for itself by reducing bandwidth, but also make the customers more happy.
mnewberg.com
Well this is 1 million zombie-infected PC's, which are infected with specific types of trojans and such and presumably are actively being used in bot-nets.
I imagine there are quite a few more machines that are zombie infected that were not detected for whatever reason (turned off, firewalls, etc), plus all the millions of more machines that are "just" infected with viruses, spyware, or trojans that do not produce bot-net like activity.
Home PC users do not need to generate traffic on port 25 that's going anywhere other than their ISP's mailserver. ISP mailservers should use SMTP authentication. Of course these simple measures would mean support calls from users who need to reconfigure Outlook, and support calls cost money, so it'll never happen.
Nonetheless, these companies are proffiting while user machines get hijacked. Someone needs to make a little bit of effort, 'cause for now spreading these nets wider is way too easy.
Yea, they had the ability to disconnect me until I cleaned up some p2p software I had running. I'd say this is much more important than a few TV episodes.
Paying taxes to buy civilization is like paying a hooker to buy love.
Time for someone to write a worm that forces an update from Windows Update; downloads a copy of SpyBot Search & Destroy, runs it and then turns on the firewall.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Thank you, I could not have said it better myself. I use Linux everyday, and in all honesty I patch my Linux box more than I patch my Windows XP box. Sure, the Linux box is frequently getting simple app upgrades/patches, but there are a good number of security fixes in those patches as well. An admin I work with left his Red Hat box unpatched and for a year and it got nailed twice, just do the math. Linux might be more secure, but it is only as secure as the person who administrates the box.
...that all these botnets themselves seem to compromised that journalists and researchers can so easily get into them. If you're going to compromise other people's computers for whatever nefarious use, do you want your system itself wide open for someone to steal away from you or document your doings for law enforcement? The best back doors and holes are ones that no one sees until you're using them and it is too late.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Because it is not in the ISP's best (i.e. financial) interests to do so. Finding these machines, teaching users how to clean them up, and then reactivating their access would require a great deal of manpower and money. Since not doing it is consequence-free, there is no incentive to do it. It's like dealing with hazardous waste; it's difficult and expensive. Without some outside force compelling companies to dispose of it appropriately, they would deal with it the cheapest and easiest way possible. That is, dumping it on the rest of us, like these ISPs do.
They won't clean up, they will go to an ISP that doesn't care. I run a small ISP, I've called customers and informed them of these issues... nothing happens... threaten to cut them off... nothing happens... cut them off... they call angry say "Fine! Don't bother!" and a customer is lost. A customer lost, is a customer lost. Police != Profit unfortunately, and it's a fine line to walk.
Believe me, this is not the answer.
I work for my ISP as helpdesk/tech support. I get calls all the time, 'Yeah, I got this pop-up from Norton says that Internet Explorer is trying to access the internet, what should I do?'
If these PCs became zombies, than the users that operate them would have no clue how to operate a software firewall. Instead, they need AV software, and some computer training, and possibly a hardware firewall.
Easiest to implement would be a DSL/Cable modem and firewall combo that the ISP setup and configures. They can leave the documentation for the end user to configure ports and such if they can figure it out on their own, otherwise, it's full on blocking all incoming ports.
I'm all for the computer equivilent of a drivers license before they are allowed to hook up their PC to the internet.
Have your machine intentionally be part of the "zombies", and you get all the goodies, and look like a victim at the same time.
I'd just like to know why taskmanager says CPU utilization is over 50%, the hard disk is thrashing, and the network light is on constantly, but task manger only list 3 processes using 2%? Nothing shows up on virus scans, nothing shows up on spyware scans and half the time it quits as soon as I open taskmanager.
At least in linux TOP shows you what process is sucking up the cycles, giving you a fighting chance. I'm not completely clueless, I've used windows since 3.11, cut my teeth on basic and dos batch scripts, installed Linux on a machine before win95 was released and still I know the wife's WinXP machine that's fully patched hardware and software firewalled is owned and can't find out how; what's Joe average going to do?
Apocalypse Cancelled, Sorry, No Ticket Refunds
why dont governments form a unit to identify and at least notifiy the owners of these machines?
To paraphrase the late great Jerry Orbach playing Lenny Briscoe, "Sure, let's get the government involved. That'll solve everything."
And as far as the ISPs go, I've worked for ISPs that wouldn't even cut someone off for non-payment for fear of their subscriber numbers going down. Do you really think they have the manpower, resources, or interest in doing anything about this until they're forced to by business pressures? (eg, never.)
The only way to fix this problem is user education. And because most users refuse to be educated, or accept any form of responsibility for their own machines, I don't see this problem getting fixed. Ever.
Never underestimate the power of stupid people in large groups.
"If Joe User were required to start by using Linux or BSD, it would set computing back 10 years."
To a time before rampant SpambotNets and the DMCA. Sign me up! :-)
I can run any spyware tool @ random and find something and once a month I trap a virus either in the browser cache or the jpi cache on one or all of these machines.
I wasn't looking over your shoulder when you performed this scan, so I don't know precisely what you saw, but finding things in the browser cache is not cause for alarm. For example, if I were to rename some virus-laden executable to have the JPEG extension, reference it in an img tag in an HTML file, and pop it on a website, all browsers would download the file - they don't know any better. It's not like they're then going to say, "Oh look, it's an executable! I better run it now." (At least, one would hope... :)
Just because you find something in your browser cache doesn't mean you're infected.
The Online Slang Dictionary