Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zombie Report By ISP

Posted by Zonk on from the braaaains dept.

twitter writes "Information Week has a summary of a report by Prolexic detailing Zombie activity by ISP, country and population statistics. AOL, the largest provider, had the most zombies but lower rates than others. Fourth largest Earthlink was not in the top 20. The information is gathered from hundreds of customer sites." From the article: "Weinstein went on to say that Prolexic's numbers were actually good news for AOL. 'It's a demonstration that the tools we provide are keeping members safe. Our very aggressive actions -- we provide anti-virus, anti-spyware, and firewall services to our users -- make them measurably safer than those on other ISPs.'"

27 of 260 comments (clear)

  1. Turn turn turn ... by It+doesn't+come+easy · · Score: 5, Insightful

    AOL spins the report as good news because they claim a low rate of 0.54% zombie machines per million subscribers...yeah but...

    They are basing that on 21.7 million total subscribers. I wonder what their rate would be if they only counted broadband subscribers?

    --
    The NSA: The only part of the US government that actually listens.
    1. Re:Turn turn turn ... by tigerd · · Score: 4, Insightful

      I dont really think an ISP is responsible for zombiemachines. Its the endusers who has the final responsibility. That means your an my grandma...

    2. Re:Turn turn turn ... by theCoder · · Score: 3, Insightful

      Yes, I think they do. There are a number of benefits, both in direct savings (less bandwidth used, less of their own customers attacked, better Internet image) and in good relations (assuming it's handled correctly). Most people don't know that much about their computers. And if their ISP called up and helped them clean a virus/worm/trojan/other malware off their PC and made it run better, that customer is probably going to have a more positive view of the ISP. Of course, if the ISP blocks them and doesn't help them get back online, they'll probably have a negative view of the incident.

      --
      "Save the whales, feed the hungry, free the mallocs" -- author unknown
  2. Good! by ajs · · Score: 3, Interesting

    Now, perhaps we can start putting some pressure on the bad ISPs to clean up their networks on the basis of their successful peers.

    I'm really sick of everyone in the world looking down on me as soon as they find that my IP is on a Comcast block.

    1. Re:Good! by kiwimate · · Score: 3, Insightful

      No kidding. Comcast.net is ranked #5 in the Top Infected Networks table, and #2 in the Infected US Networks table.

      So, let's summarize. If you live in the Philadelphia area, then you're stuck with the monopoly broadband company, and the commensurate extortionate prices, wretched customer service, frequent service interruptions...and now this.

      I really loathe Comcast. And you just know there's no way they're going to clean up their act. Why would they? Where's the incentive or threat?

    2. Re:Good! by Bonker · · Score: 4, Insightful

      I'd be willing to bet that the majority of the 1st world zombies originate on 'White Label' broadband. The aforementioned Comcast, Cox, SWB DSL... things like that. AOL has the most of any ISP, but I bet the conglomerate of the top 5 cable and dsl bandwidth providers easily dwarfs them.

      They're the 'cheap' local providers, not the 'evil' big boys like AOL, so they're what your grandmother will subscribe to when your idiot nephew convinces her she needs an 'Always On' connection to listen to NPR or check her email every five minutes.

      Yeah, this *looks* like it's just the industry's problem, but it's not. It's mine and yours. Every time you or I answer 'Well, I need a computer and a cable modem to check my email, right?' with just a 'yeah sure', we're adding to it.

      Go buy Grandma that $39.99 firewall from Best Buy, configure it for her, and tell her that she doesn't need to worry about it. It's like the extra deadbolt on her front door. It helps keeps the bad-guys out.

      --
      The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  3. Let the jokes begin... by pete19 · · Score: 5, Funny

    AOL, the largest provider, had the most zombies

    Sometimes jokes just write themselves...

    --
    There is nothing more practical than a good abstract theory.
  4. Late night TV by Dancin_Santa · · Score: 5, Funny

    we provide anti-virus, anti-spyware, and firewall services to our users

    BUT WAIT! There's more!

    If you act now, we'll throw in ANOTHER anti-virus service at no extra charge! All this for only 89.95!

    Okay, I'm not supposed to do this, but I'll personally add another EXTRA anti-spyware monitoring system AND take off 50 bucks from the retail price!

    All this and more for only 3 easy payments of 39.95!

    1. Re:Late night TV by TheClam · · Score: 3, Interesting

      That's just not true. When I moved, I used a free AOL CD just for dial-up, but I never used the email address. When I closed the acct a few months later, I only had 5 emails in the inbox.

  5. Zombie Activity by fuct_onion · · Score: 5, Funny

    1. Participation in Distributed Denial-of-Service attacks
    2. EATING BRAINS

  6. Re:Still the worst offender by Anonymous Coward · · Score: 4, Insightful

    But you will block 21 million legitimate users too. If that is acceptable, I don't really want to have anything to do with your company.

  7. The fundamental zombie problem by Anonymous Coward · · Score: 3, Interesting

    End users just *don't care*. This is why there are botnets. Because, although their owned boxen are f-ing with the rest of the internet, it doesn't affect them - a selfish luser attitude, why should they bother virus/trojan scanning their boxen?
    I wish ISPs (victims and hosting) would hold the lusers responsible for this - I think criminal negligence would be an appropriate charge. I for one look after my gentoo linux boxen and keep them patched.

    1. Re:The fundamental zombie problem by RealProgrammer · · Score: 3, Insightful

      >End users just *don't care*.

      Not meaning to sound flippant, but you're giving them too much credit.

      For most people, that their computer might be part of a world-wide network of zombie slaves to an international cybermob is just not within their ability to fathom.

      So no, they don't care, but it's on the level of caring that their Chinese-made desk lamp was made by people who can't read about democracy on MSN. That's not quite it, but the point is it's simply not part of their world.

      People call me to fix their "broken" computers. When I remove the viruses and other crap and explain the problem, they *always* express outrage that someone would do that to innocent little them.

      Until then they don't care because they don't understand. Anyone who does understand feels violated and tries to do something about it.

      --
      sigs, as if you care.
  8. A solution by alvinrod · · Score: 5, Insightful
    No matter how many software or hardware tools an ISP has in place to stop their customers computers from being turned into zombies, the only real way to combat the problem is to educate the end user more.

    No amount of firewalls, switching to Mac or Linux, or anything else will stop people from having their computers taken over at the end of the day. Stupid users will always find a way to get infected dispite the best protection available.

    Operating a computer should be like operating heavy machinary. You need to pass a test that says you're qualified to do it. Don't want to take the time to learn how to properly use a computer and avoid being just another zombie PC sending me emails about lowering my car payments or free nude pics of celebrities? Then don't use a computer at all.

    If you think this is a little irrational, just remember that the financial damages caused by computer viruses are probably in the billions of dollars every year. Imagine how much trouble could be prevented.

    1. Re:A solution by 99BottlesOfBeerInMyF · · Score: 3, Insightful

      Operating a computer should be like operating heavy machinary. You need to pass a test that says you're qualified to do it.

      You need to pass a test because lives are at risk, not bandwidth. Realistically their should be some basic instruction, hopefully provided in schools, but at that same time most computers should be much, much, much, much, much harder to remotely take over and turn into a zombie. Windows is the worst of the bunch, but pretty much all OSs could be a lot easier to use securely. I imagine they would be too, except for the fact that since MS gained their monopoly, innovation has slowed to a crawl. I want default sandboxes for new applications, services off by default, and easy built in standards compliant encryption and authentication schemes.

      I agree that there will always be really stupid users that will get their machines taken over and agree to the most ridiculous risks to see the little bunny cartoon, but at least make the user click a button that says "Let this program do anything it wants to my computer" right next to the "run it in a sandbox and give it no access to the internet or my files" button.

  9. The other thing about AOL by everphilski · · Score: 4, Informative

    The other thing about AOL's dialup service is that they buy modems from local ISP's in areas where they don't operate central hubs. I used to work for one such ISP that contracted to AOL. We were very proactive about protecting customers, etc.

    So a lot of the AOL crowd having good numbers may very well be local ISP's that are taking good care of their own customers, and just happen to contract out to AOL on the side

    -everphilski-

  10. Re:Where's the beef^h^h^h^hlist? by Anonymous Coward · · Score: 4, Funny

    You know those underlined bits in the summary at the top of this page? They're called hyperlinks, and you can click on them... try clicking on the second one.

  11. Re:Still the worst offender by Anonymous Coward · · Score: 5, Insightful
    But you will block 21 million legitimate users too.

    If eBay, playboy.com and espn.com blocked AOL users until AOL got rid of their zombies AOL would make absolute certain that the problem would be solved within 48 hours.

  12. Stupid AOL by Andy+Dodd · · Score: 3, Insightful

    They had the most zombies but a lower rate than others. They spin this as good.

    But according to the post, Earthlink (the fourth largest provider) wasn't even in the top 20, implying that their zombie percentage is far lower than AOL's.

    --
    retrorocket.o not found, launch anyway?
  13. Re:Umm... by khendron · · Score: 4, Informative

    Here you go

    The Prolexic Zombie Report

    --
    Life is like a web application. Sometime you need cookies just to get by.
  14. Report. by saintlupus · · Score: 3, Informative

    The actual report is at:

    http://www.prolexic.com/zr/

    --saint

  15. Re:Article is incorrect by porcupine8 · · Score: 3, Informative
    I think it's (percent of all attacks originating from that provider) divided by (number of machines on that provider, in millions).

    So (making #s up) if AOL is 10% of all attacks, and 100 million machines, they have .1 percent per million. But if Joe's ISP has 5% of all attacks, and only 5 million machines, they have 1.0 percent per million.

    AOL has twice as many attacks total, but compared to their user base Joe's rate is ten times as high.

    --
    Warning: Apple/Nintendo fangirl. Likes her electronics cute & cuddly. May be rabid.
  16. AOL is on crack. Here's why. by bigtallmofo · · Score: 3, Insightful

    "That's three or four times as many attacks per million subscribers," Weinstein argued. "The numbers show that AOL members are significantly less likely to have been compromised by a zombie. This is actually good news for our users."

    Picture that you're a script-kiddie botnet owner looking for more zombie systems. You have a program that someone provided to you that scans netblocks for systems vulnerable to hundreds of various buffer overflow attacks. You get to pick what netblocks the scanner runs on.

    Which would you pick:

    1. AOL dialup netblocks, where the user's average 48 K/bps connection takes an average of 1 minute to scan and provides you with a wimpy 48 K/bps of DDoS power
    2. Comcast Cable Modem netblocks, where the user's average 384 K/bps upstream bandwidth takes an average of 6 seconds to scan and provides you with a beefy 4,000 K/bps downstream DDoS power.

    The numbers quoted above should be accurate enough to get the point. AOL hosts take far longer to compromise and provide far less "bang for the buck". No wonder they're compromised a smaller percentage of time.

    --
    I'm a big tall mofo.
  17. You gotta be kidding by Dammital · · Score: 5, Insightful
    "End users just *don't care* [...] a selfish luser attitude"
    I don't think that's fair. The end users, for the most part, have been handed a box that was advertised as an appliance: "Plug it in and you're good to go! Surf the net, download music, play games with your chums, get photos from the grandkids!"

    Except that it wasn't just an appliance, was it? It was a bug ridden piece of manure that was delivered with known defects, to people who by and large don't have the wherewithal to work around those defects.

    This is Microsoft's fault, plainly. Not the poor bastards who were taken in.

  18. Re:AOL is on crack. Here's why. by Foolomon · · Score: 3, Insightful
    What you're missing is the whole "economies of scale" concept. If someone is "acquiring" a botnet of 10,000 computers that is quite a lot of bandwidth even if all of them are providing a "wimpy 48 K/bps of DDoS power."

    Remember: most zombies involved in a DDoS attack are simply opening a connection, sending a malformed request then closing the connection. They aren't playing FPS games or downloading porn, so high bandwidth isn't really required. What is required is a vast diversity in IP address so that the firewall and server are overwhelmed trying to process every incoming request.

  19. Earthlink *is* 17th... by brockbr · · Score: 3, Informative

    The blurb says Earthlink is not in the top 20. Mindspring, listed as 17th most infected, is Earthlink.

  20. AOL's ISP is ATDN by jfengel · · Score: 4, Informative

    Actually, AOL's "ISP" is AOL Transit Data Network (ATDN), a related company. They're a "tier 1" provider, and they communicate directly with other tier 1 providers: AT&T, MCI, Level(3), Verio, GBLX, C&W, Verizon, etc. They're the guys who own the big continent- and ocean-spanning fiber optic networks.

    "ISP" usually refers to something more customer-facing than the tier 1 providers.