Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over a Million Zombie PCs

Posted by Zonk on from the daaaaataaaa dept.

Doyle writes "A BBC article discusses new research revealing that over 1 million computers have been compromised and are being used in bot nets. From the article: 'The largest network spied on by the team was made up of 50,000 hijacked home computers.'"

20 of 564 comments (clear)

  1. Anyone know... by gowen · · Score: 5, Insightful

    ... the breakdown of that million by operating system?

    You never know, it might be a nice bit of PR for some Apple/Linux/BSD organisation to casually slip into a Press Release.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    1. Re:Anyone know... by dtfinch · · Score: 5, Interesting

      If Joe User started on Linux, or *BSD, then trying to use Windows would require taking time to learn.

      You can tell that Windows is meant to be used as a tool and not just for hobby because in Office and the Explorer search pane they have dozens of these little characters that'll dance and do tricks and stuff without really helping you out in the process. And a bunch of the window actions can be animated to slow them down a bit. You've got connection limits and such to ensure that you only use your desktop for desktop stuff. Network authentication restrictions ensure that your intranet design fits a standard, well supported model, and that the right edition gets used for the right job. And the whole thing is pretty awesome for running games.

      Linux must certainly be meant just for hobby because it comes with thousands of these little tools that just do their jobs without much in the way of glitter and animation to impress the user, or even a requirement that a user must be directly interacting with them.

  2. Must Be M$ Boxes Right ?? by Anonymous Coward · · Score: 5, Funny

    Aren't zombies constantly searching for "brains" ?

  3. That's still low... by BeneathTheVeil · · Score: 5, Funny

    compared to the millions of zombies in front of PCs.

    Come to think of it, the two just may be related. :P

  4. Why arent governments proacting agaisnt these nets by panxerox · · Score: 5, Interesting

    If 1,000,000 computers can be identified as being zombie machines than 1,000,000 computer owners can be contacted. This is THE major problem afflicting the internet, why dont governments form a unit to identify and at least notifiy the owners of these machines? Will it take a major internet terrorist attack like bringing down a power grid to make governments act?. As net users we should advocate government involvment in a measured controlled way rather than the reaction that will come after an attack (patriot act?)

    --
    "It's so convenient to have a system where everyone is a criminal" - A. Hitler
  5. Not surprising by dmf415 · · Score: 5, Interesting

    At my university, we have to run snort at the head end of the network in order to control the havoc these compromised machines create. We also monitor the number of simultaneous connections each machine creates and block the ones at the very top.

    1. Re:Not surprising by dmf415 · · Score: 5, Informative

      Do you find that blocking machines with lots of simultaneous connections causes problems with bittorrent clients? (Or is that an intended side effect? :) )

      No, I think most legitimate traffic is under 5000 simultaneous connections =). When we see a machine with 10,000 , 20,000 , 30,000 (which has been detected). We know there's a problem =)

  6. Imagine... by RedMage · · Score: 5, Funny

    ... a Beowulf Cluster of... oh wait...

    (Hmm, can zombies be clustered? We all know from Night of the Living Dead that they DO cluster. Quite well, in fact...)

    --
    }#q NO CARRIER
  7. Why not ISPs by winkydink · · Score: 5, Interesting

    Better yet, why don't ISPs disconnect them until they can demonstrate they've been cleaned up?

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

    1. Re:Why not ISPs by eaolson · · Score: 5, Insightful
      Better yet, why don't ISPs disconnect them until they can demonstrate they've been cleaned up?

      Because it is not in the ISP's best (i.e. financial) interests to do so. Finding these machines, teaching users how to clean them up, and then reactivating their access would require a great deal of manpower and money. Since not doing it is consequence-free, there is no incentive to do it. It's like dealing with hazardous waste; it's difficult and expensive. Without some outside force compelling companies to dispose of it appropriately, they would deal with it the cheapest and easiest way possible. That is, dumping it on the rest of us, like these ISPs do.

    2. Re:Why not ISPs by BitwiseX · · Score: 5, Insightful

      They won't clean up, they will go to an ISP that doesn't care. I run a small ISP, I've called customers and informed them of these issues... nothing happens... threaten to cut them off... nothing happens... cut them off... they call angry say "Fine! Don't bother!" and a customer is lost. A customer lost, is a customer lost. Police != Profit unfortunately, and it's a fine line to walk.

    3. Re:Why not ISPs by Grishnakh · · Score: 5, Interesting

      I agree, especially about suing the customers. If they can sue customers for using P2P applications, they can certainly sue customers for running malicious programs on their computers, knowingly (they've been informed), and performing illegal actions with them.

      Harsh times call for harsh measures.

  8. Re:Why arent governments proacting agaisnt these n by flumps · · Score: 5, Informative

    From honeypot FAQ:

    8. Do you prosecute the people that compromise systems within the Honeynet? No. The prime directive of the Honeynet Project is research and to share those lessons learn. It is not our goal to catch and prosecure blackhats. We do forward information about compromised systems to CERT so CERT can notify admins of compromised systems. We limit our contact with authorities only when the Project feels there is a critical need. If we were to become involved in a major legal case everytime a system was compromised, we would not have time for research, let alone our real jobs.

    read more about honeypot here. It seems they probably could, but are not going to.

    --
    "So there he is, risen from the dead. Like that fella, E. T." - Father Ted Crilly
  9. Re:Why arent governments proacting agaisnt these n by MatthewNewberg · · Score: 5, Insightful

    Governments?, What about ISPs? They are the ones having to pay for the added bandwitdh on both sides. I'm surprised most ISPs dont run IDS that can detect Zoombie Networks and automatically send emails to its infected customers. This will not only pay for itself by reducing bandwidth, but also make the customers more happy.

    --
    mnewberg.com
  10. I was wondering... by justforaday · · Score: 5, Funny

    This explains why my startup sound suddenly changed into a groaning voice saying "Braiinnnnnssss..."

    --
    I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  11. not entirely user behavior... by grassy_knoll · · Score: 5, Interesting
    from TFA:

    Getting the machines hijacked was worryingly easy. The longest time a Honeynet machine survived without being found by an automatic attack tool was only a few minutes. The shortest compromise time was only a few seconds.


    It's sad, but it seems the only way to mitigate this is to hold the OS vendor responisble for insecure code. Similar to cars, we hold the driver responsible if they ( say ) drive drunk, but the manufactorer responsible if while driving the wheels come off.
    --
    A Human Right
  12. Part of the team by dfj225 · · Score: 5, Funny

    I'm glad to be just part of the team!

    <-[XP]-86840>: This message brought to you by Backdoor.Win32.Rbot.gen

    --
    SIGFAULT
  13. Re:Why arent governments proacting agaisnt these n by Brad1138 · · Score: 5, Funny

    I get nice little pop ups telling me my computer may be already infected all the time, don't you?

    --
    If you could reason with religious people, there would be no religious people
  14. I find it interesting... by suitepotato · · Score: 5, Insightful

    ...that all these botnets themselves seem to compromised that journalists and researchers can so easily get into them. If you're going to compromise other people's computers for whatever nefarious use, do you want your system itself wide open for someone to steal away from you or document your doings for law enforcement? The best back doors and holes are ones that no one sees until you're using them and it is too late.

    --
    If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
  15. Rent zombies online! by Animats · · Score: 5, Informative
    They're down today, but SpamForum.biz carries ads for zombies, open proxies, botnets, etc. Numbers available range from 1000 to 50,000.

    When they're up, they're very entertaining.

    An older spammer forum, SpecialHam.com is back up. With banner ads, even. "DarkMailer - not for newbies". "Blackbox Hosting - bulletproof hosting options" "SendSafe - bulk mail has never been this easy". "Bulkhost.com - the leader in bulk-friendly e-mail hosting".

    Sites like these are where the hackers and spammers meet, find deals, and scream about being ripped off by each other. The actual deals tend to take place on ICQ.