Slashdot Mirror
CA Warns Of Massive Botnet Attack
m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."
Now witness the power of this fully operational botnet... :/
Welcome to Blackbeard's weapons emporium. You will see we have the finest collection of AK-47s, anti-aircraft missiles, and Airzookas. Oh, and over here we have wholesale zombie PCs.
Cops and robbers, all the time.
And in the meantime, technology gets more sophisticated. Progress eitherway.
Do I have to buy the whole network at 5 cents a PC? Or can I just buy say a dollar's worth? I wouldn't mind having 20 PC's... I can force all those PCs to join my network games of Quake and Unreal... finally I'll have people to play with... gasp... maybe even online 'friends'! Mommy will be so happy... in fact I think I'll go upstairs right now and tell her the good news!
---
Programming is like sex... Make one mistake and support it the rest of your life.
Maybe the SETI program should invest in some of this cheap computing power...
Glieder, Fantibag, Mitglieder?
These guys shouldn't be writing code, they should be writing Harry Potter novels.
access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC.
Heck, that's five cents more per PC than SETI@Home pays me, and they won't eat me when I find them like the aliens will.
1. Get every compromised PCs to join the same botnet.
2. White-hat hack into the botnet.
3. Tell all compromised PCs to wipe their hard drives.
4. No more compromised PCs! Well... not for a while anyway!
Moving to a new platform/OS without knowing all the ins and outs, could be just as dangerous as staying with Windows.
I remember my early days with Linux, back when I used to futz around and actually made my machines less secure, before I learned a great deal more about the OS and its features.
I am not saying that switching is bad, I am just saying that it is important to know what you are switching to before making the switch.
Nobody should get caught with their firewall down holding their LAN cable in their hand...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
...at five cents per computer, they do have a lower TCO after all!
Weaselmancer
rediculous.
This is really starting to smack of organized crime. A friend of mine forwarded an article to me on this last night.
If you are an end user who just wants to use your computer, it may be time to look at getting a Mac. The bar for information security in the face of this level of organization is getting too tall for your average end user.
If you are in an enterprise situation and have a usage policy that allows users to use corporate equipment for personal banking on breaks, you may want to reconsider that policy.
Oftentimes, computer usage is negotiated by labor unions and you cannot simply change computer use policy out from underneath users. In this case, I wonder what the legal responsibilities of the company are to exercise due dilligence in protecting its end users?
If you haven't already done so, it's time for a lesson in defense in depth. That means IDS, IPS, Firewalls, Antivirus, Spam blockers, AV web proxies, etc. And because perimeter defense is all but a quaint memory in today's more agressive world, you may want to look at host-based firewalls and other AntiWorm systems.
Good luck. We all need it.
-Peter
. Penguins Surely Ca
I think it would be fine to move to OpenBSD, and keep all your settings on 'paranoid'.
:)
It does ship *secure* out of the box. No remote exploits.
Don't open any ports until you get the hang of it.
Either way, it won't be *more* dangerous than Windows
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
In a recent survey of BotNet administrators, hosts running Microsoft Windows operating systems were found to have at least a 40% less TCO than a comparable Linux offering.
"With volume discounts and integrated tools, we can now offer "managed" remote hosts as low as 5 cents per unit."
one better than mcleodeight
I would suggest using user levels.
regular customers would get level 1 or level 0. (Web and mail access, no incoming ports, etc.)
Then it would be a customer's decision to apply for a higher level. maybe pass a test, portscan, etc. sign something that gives them responsability for the services running on their box.
They could even make higher levels cheaper, as an incentive for customers to educate themselves. like level 4's get 15% off their monthly bill.
And what happens when a free software box is owned? Who gets held responsible then? Red Hat? Linus?
Why doesn't Slashdot ever get slashdotted?
So basically you want me to give my ISP a list of ports I may require so they can white list them for my machine?
I'm sure my ISP would love it if I would say ask for ports 4662 to 4672 and 6881 to be unlocked.
I wonder what they'd think I was planning with those...and I'm sure the new knoppix iso would not be their theory.
Now after having edonkey and bittorent work,
I'll only need
5800 for VNC
21 & 22 anybody?
How about this idea, everyone has complete access privileges. The isp notices for common characteristics of a bot net and common malware. If such is found on the user the ISPs gateway forces all HTTP connects to a URL that has detailed instructions on how to install spybot seach & destroy, ad aware etc. Kind of like a hotel sends you to a registration page to buy internet access for the day when you connect.
The last step is for the user to either call or through some other mechanism notify the ISP that his machine is (for now) clean. The ISP removes the user from its black list and not only do we now have a patched windows box, but also one with basic defenses for the future. It be kind of like catching the criminal pc, putting it into jail until the software is installed and then releasing it as a rehabilitated system
"Nimis exaltatus rex sedet in vertice - caveat ruinam!"
OK, these things need to be taken seriously, but any press release needs to be taken with a grain (or bag) of salt. Spyware is the threat flavor of the day, and the specialized programs (ad-aware/spybot/spy sweeper/etc.) are better at managing it than traditional A/V is (at least right now). Bots are scary. Need to reformat and reinstall (our instructions to students at this major university). Viruses you can just clean (mostly, but mytob is throwing a wrench into that clean division). You figure which is scarier.
CA is the only product which detects ALL three of the mentioned viruses as of this posting. Which is not to say that they're making this up, but I'd be more willing to believe it if it came from the Secret Service or CERT.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Yeh right... here's what would REALLY happen. If you need your port re-opening all you'd have to do is call the ISP, navigate a large and confusing IVR system, get routed to an overseas callcenter, discover that you're 18th in line (but your call is important to them), and finally get to speak to a script-droid who has no idea what a port is but suggests that you should reinstall Windows. No thanks mate I'll stick with my real internet.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
Yes, you can secure a windows box.
But, does every end user need to be a damned security expert? Sorry, but the average Joe shouldn't have to know what the hell a host based firewall is, much less if it's a good one.
Sorry, cowboy, if you are looking for easy (Gentoo doesn't cut it) and reasonably secure, the Mac is a pretty good option.
Now, if you notice, the second part of my post dealt directly with defense in depth for enterprises that pay for real, professional security experts to mitigate the risks of running Windows. Windows can be managed, but it's expensive and requires more due dilligence than some other platforms that ship with a better default security posture.
Congrats on the purchase of your Venitian AMD64. When *you* get off your duff and provide support to *my* extended family's fleet of PCs at slash-rate prices, I'll list you as an alternative to buying an Apple.
Cheers!
-Peter
. Penguins Surely Ca
Swiss banks are so 20th century. They're expensive to open, and they actually cooperate with Interpol on money laundering.
Caymans are where it's at.
I am no longer wasting my time with slashdot
SpamForum
SpecialHam
And the new WildBiz.
WildBiz does not require registration; the other two do. Just enter the forums and look under "Proxy Lists". Typical ads:
First of all Hi to all of my seniorshooters here..
Having good collection of fresh Proxies and got DM ["Dark Mailer"
DM Latest version (Full) for $49
Fresh Proxies $50 for 500 proxies
dmandproxies@iamdns.com
61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
81.33.4.70:3128@TUNNEL$GOOD$2953$Spain
61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
218.208.247.81:3128@TUNNEL$GOOD$15219$Malaysia
219.144.194.74:1080@SOCKS4$GOOD$1125$China
66.154.54.215:80@TUNNEL$GOOD$4157$United States
66.154.54.224:80@TUNNEL$GOOD$1266$United States
We provide Hourly Updated Fresh Proxy Lists, which can be used for bulk mailing
That's how you market a botnet.
Yes, these operations are addressed to wannabe spammers. But the fact that they're advertised openly indicates how weak enforcement is.
Here's a good spot.
Intron: the portion of DNA which expresses nothing useful.
Sounds like a personal problem. You are free to buy a firewall and any other toys you need to harden your network and systems to the level that makes you happy. You are free to file complaints with other ISPs about systems that are trying to abuse your systems. You can even hire a lawyer to take legal action against their owners. Lobby your legislature for new laws and/or increased funding for enforcement. Just don't ask my ISP to cripple their network because you can't take the heat.
Mea navis aericumbens anguillis abundat
Organized crime.
In the old days, virus authors were really just trying to see how much of a nuisance they could be. Now, however, the ability to combine stolen resources spread over a large geographical area makes it incredibly easy to do some serious crime for relatively low risk.
Try looking at it from a criminal's perspective. The resources to mount a massive attack are easy to come by; thanks to most folk's unwillingness/fear to learn anything about computer security. The police are perceived as being just as clueless as the victims with the cracked computers. The investigation has to start with the machines that were cracked, which gives the crakers more time to cover their tracks.
And this says nothing about the complexities of getting a conviction with the morass of International laws involved.
It's evil as hell, but a bit ingenious.
I'm not tense. I'm just terribly, terribly, alert.
>>is there any hope that all the bad things that are happening with Windows (and Microsoft), that they will change their ways and actually anticipate some of these problems that are occurring?
As great and infallible as non-Windows OSs are, these same problems exist with Linux, Mac et al, just on a much smaller scale. Having some 95% of all desktops, Windows is the natural target here.
The problem isn't Windows or Microsoft. The problem is the **users**. They open email attachments without questioning the source. They don't run anti-virus software (or don't maintain the subscription). They don't employ firewalls. They don't update and patch their systems. They don't scan their systems for adware.
Yes, IE allows adware to be installed. Yes, Windows has the RPC hole. Yes, the windows kernel is, has been, and most likely will always be, insecure. But there are steps that a user can take to protect themselves. I have used Windows since Win286 and I have never been infected with a virus, never been compromised by a worm and never been the victim of spyware. I'm not an anti-MS person but I don't blindly use their software. I have more *nix servers than Windows servers but you could hardly consider me a fanatic.
True, I'm an IT professional and have a greater knowledge of PCs than 99% of users out there (just like the rest of us here), but it's not rocket science to keep yourself protected.
If the Penguin Dream of taking over the desktop ever comes true, you can bet that viruses, trojans, adware, etc will become an epidemic on Linux just as it is on Windows.
Remember: dumb users are platform-independent.
Ryosen
One man's "Troll, +1" is another man's "Insightful, +1".