Slashdot Mirror
CA Warns Of Massive Botnet Attack
m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."
Cops and robbers, all the time.
And in the meantime, technology gets more sophisticated. Progress eitherway.
1. Get every compromised PCs to join the same botnet.
2. White-hat hack into the botnet.
3. Tell all compromised PCs to wipe their hard drives.
4. No more compromised PCs! Well... not for a while anyway!
Moving to a new platform/OS without knowing all the ins and outs, could be just as dangerous as staying with Windows.
I remember my early days with Linux, back when I used to futz around and actually made my machines less secure, before I learned a great deal more about the OS and its features.
I am not saying that switching is bad, I am just saying that it is important to know what you are switching to before making the switch.
Nobody should get caught with their firewall down holding their LAN cable in their hand...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
And what happens when a free software box is owned? Who gets held responsible then? Red Hat? Linus?
Why doesn't Slashdot ever get slashdotted?
So basically you want me to give my ISP a list of ports I may require so they can white list them for my machine?
I'm sure my ISP would love it if I would say ask for ports 4662 to 4672 and 6881 to be unlocked.
I wonder what they'd think I was planning with those...and I'm sure the new knoppix iso would not be their theory.
Now after having edonkey and bittorent work,
I'll only need
5800 for VNC
21 & 22 anybody?
How about this idea, everyone has complete access privileges. The isp notices for common characteristics of a bot net and common malware. If such is found on the user the ISPs gateway forces all HTTP connects to a URL that has detailed instructions on how to install spybot seach & destroy, ad aware etc. Kind of like a hotel sends you to a registration page to buy internet access for the day when you connect.
The last step is for the user to either call or through some other mechanism notify the ISP that his machine is (for now) clean. The ISP removes the user from its black list and not only do we now have a patched windows box, but also one with basic defenses for the future. It be kind of like catching the criminal pc, putting it into jail until the software is installed and then releasing it as a rehabilitated system
"Nimis exaltatus rex sedet in vertice - caveat ruinam!"
OK, these things need to be taken seriously, but any press release needs to be taken with a grain (or bag) of salt. Spyware is the threat flavor of the day, and the specialized programs (ad-aware/spybot/spy sweeper/etc.) are better at managing it than traditional A/V is (at least right now). Bots are scary. Need to reformat and reinstall (our instructions to students at this major university). Viruses you can just clean (mostly, but mytob is throwing a wrench into that clean division). You figure which is scarier.
CA is the only product which detects ALL three of the mentioned viruses as of this posting. Which is not to say that they're making this up, but I'd be more willing to believe it if it came from the Secret Service or CERT.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Yeh right... here's what would REALLY happen. If you need your port re-opening all you'd have to do is call the ISP, navigate a large and confusing IVR system, get routed to an overseas callcenter, discover that you're 18th in line (but your call is important to them), and finally get to speak to a script-droid who has no idea what a port is but suggests that you should reinstall Windows. No thanks mate I'll stick with my real internet.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
Here's a good spot.
Intron: the portion of DNA which expresses nothing useful.
Sounds like a personal problem. You are free to buy a firewall and any other toys you need to harden your network and systems to the level that makes you happy. You are free to file complaints with other ISPs about systems that are trying to abuse your systems. You can even hire a lawyer to take legal action against their owners. Lobby your legislature for new laws and/or increased funding for enforcement. Just don't ask my ISP to cripple their network because you can't take the heat.
Mea navis aericumbens anguillis abundat
Organized crime.
In the old days, virus authors were really just trying to see how much of a nuisance they could be. Now, however, the ability to combine stolen resources spread over a large geographical area makes it incredibly easy to do some serious crime for relatively low risk.
Try looking at it from a criminal's perspective. The resources to mount a massive attack are easy to come by; thanks to most folk's unwillingness/fear to learn anything about computer security. The police are perceived as being just as clueless as the victims with the cracked computers. The investigation has to start with the machines that were cracked, which gives the crakers more time to cover their tracks.
And this says nothing about the complexities of getting a conviction with the morass of International laws involved.
It's evil as hell, but a bit ingenious.
I'm not tense. I'm just terribly, terribly, alert.
>>is there any hope that all the bad things that are happening with Windows (and Microsoft), that they will change their ways and actually anticipate some of these problems that are occurring?
As great and infallible as non-Windows OSs are, these same problems exist with Linux, Mac et al, just on a much smaller scale. Having some 95% of all desktops, Windows is the natural target here.
The problem isn't Windows or Microsoft. The problem is the **users**. They open email attachments without questioning the source. They don't run anti-virus software (or don't maintain the subscription). They don't employ firewalls. They don't update and patch their systems. They don't scan their systems for adware.
Yes, IE allows adware to be installed. Yes, Windows has the RPC hole. Yes, the windows kernel is, has been, and most likely will always be, insecure. But there are steps that a user can take to protect themselves. I have used Windows since Win286 and I have never been infected with a virus, never been compromised by a worm and never been the victim of spyware. I'm not an anti-MS person but I don't blindly use their software. I have more *nix servers than Windows servers but you could hardly consider me a fanatic.
True, I'm an IT professional and have a greater knowledge of PCs than 99% of users out there (just like the rest of us here), but it's not rocket science to keep yourself protected.
If the Penguin Dream of taking over the desktop ever comes true, you can bet that viruses, trojans, adware, etc will become an epidemic on Linux just as it is on Windows.
Remember: dumb users are platform-independent.
Ryosen
One man's "Troll, +1" is another man's "Insightful, +1".