Slashdot Mirror

← Back to Stories (view on slashdot.org)

CA Warns Of Massive Botnet Attack

Posted by Zonk on from the watch-your-heads dept.

m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."

3 of 357 comments (clear)

  1. The most unsettling thing... by pschmied · · Score: 4, Interesting

    This is really starting to smack of organized crime. A friend of mine forwarded an article to me on this last night.

    If you are an end user who just wants to use your computer, it may be time to look at getting a Mac. The bar for information security in the face of this level of organization is getting too tall for your average end user.

    If you are in an enterprise situation and have a usage policy that allows users to use corporate equipment for personal banking on breaks, you may want to reconsider that policy.

    Oftentimes, computer usage is negotiated by labor unions and you cannot simply change computer use policy out from underneath users. In this case, I wonder what the legal responsibilities of the company are to exercise due dilligence in protecting its end users?

    If you haven't already done so, it's time for a lesson in defense in depth. That means IDS, IPS, Firewalls, Antivirus, Spam blockers, AV web proxies, etc. And because perimeter defense is all but a quaint memory in today's more agressive world, you may want to look at host-based firewalls and other AntiWorm systems.

    Good luck. We all need it.

    -Peter

    --
    . Penguins Surely Ca
  2. Re:As I've been saying for years: by metsu · · Score: 5, Interesting

    I would suggest using user levels.

    regular customers would get level 1 or level 0. (Web and mail access, no incoming ports, etc.)

    Then it would be a customer's decision to apply for a higher level. maybe pass a test, portscan, etc. sign something that gives them responsability for the services running on their box.

    They could even make higher levels cheaper, as an incentive for customers to educate themselves. like level 4's get 15% off their monthly bill.

  3. You missed my point. by pschmied · · Score: 4, Interesting

    Yes, you can secure a windows box.

    But, does every end user need to be a damned security expert? Sorry, but the average Joe shouldn't have to know what the hell a host based firewall is, much less if it's a good one.

    Sorry, cowboy, if you are looking for easy (Gentoo doesn't cut it) and reasonably secure, the Mac is a pretty good option.

    Now, if you notice, the second part of my post dealt directly with defense in depth for enterprises that pay for real, professional security experts to mitigate the risks of running Windows. Windows can be managed, but it's expensive and requires more due dilligence than some other platforms that ship with a better default security posture.

    Congrats on the purchase of your Venitian AMD64. When *you* get off your duff and provide support to *my* extended family's fleet of PCs at slash-rate prices, I'll list you as an alternative to buying an Apple.

    Cheers!

    -Peter

    --
    . Penguins Surely Ca