Slashdot Mirror
AU Government To Pilot Target Zombies
msblack writes "
Australian news sources are reporting that the communication regulators will begin notifying ISPs of infected customer computers. In a three-month pilot program, the Australian Communications & Media Authority will identify zombie computers and ask their owners to clean them or risk being disconnected. When will U.S. regulators and ISPs get on board?"
"When will U.S. regulators"..."get on board?"
Well I hope never. ISP should have rights to protect their network so they should be allowed to stop Zombie systems when they feel like it. But for U.S. regulation. I say No way. All regulation does is make loopholes for the bad guys and road blocks to the good guys. ISP should be willing to work with their customers to insure this doesn't happen, that is why a lot of ISP are offing free protection software to their windows users, partially because other big names are doing it so they can stay competitive, and partially because with less spam and viruses on their network they can more easily manage it. With US Government control it will be like your system is a Zombie and Fix it. To most people who only have a passing idea what a virus or spyware/addware is, most really won't know much how to fix it if it doesn't require clicking one button and then selecting the default for all questions. So if it is anything of a difficult fix, or requires hireing expensive techs to fix it they will toss their computer saying it is broken, or sue ISPs and the Government for disconnecting their ISP without giving them a means to remove it. Also systems like P2P, BitTorrent, and some distributive computing systems, all with legal uses, could be considered a zombie system to some some people like the Entertainment industry and can use that to force all people using the technology even for non entertainment uses (such as downloading Linux distros)
Government control adds rigidly defined rules to a flexible universe and often will cause more harm then good.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Zombies are just one type, we need to start identifying the Vampires and ghouls.
They cause MUCH more havoc than simple zombies.
liqbase
msblack writes "Australian news sources are reporting that government officials will begin deploying infected pilots. In a three-month pilot program, the Australian Communications & Media Authority will identify zombie citizens ask their caretakers to submit them or risk being zombified themselves. When will U.S. regulators and military get on board?"
and how long will it be before they ask my ISP to disconnect me because I'm running P2P software, making me a dangerous music thief?
slippery slope!
Seriously, how hard is it not to press the big red "No" button on a dubious site that asks you to install software that tracks the weather/vaccums your carpet/makes coffee? The warning is quite clear on all the browsers, I think, why are people still doing it?
Send email from the afterlife! Write your e-will at Dead Man's Switch.
In a three-month pilot program, the Australian Communications & Media Authority will identify zombie computers and ask their owners to clean them or risk being disconnected. When will U.S. regulators and ISPs get on board?
Our local cable and DSL providers are always shutting connections off for userse who's computers are virus-ridden. If your PC is acting as an open spam proxy or found to be connecting to zombie-networks, they shut you off, and you have to call to find out why. They recommend a service or software to help clean your PC, and they won't let you back on until you're free of any malware.
It's been like this for...years?
Pure, raw, unadulterated situation: congress doesn't care. The big ISPs don't care. They have had 10 years to address the situation and have refused all along. They are, however, willing to pass laws preventing unsecured wireless access points. Given a choice between lending support to MPAA/RIAA or actually addressing a serious problem, be it hacking, phishing, worms, viral attacks, DDOS attacks or any other legitimate issue.... look at it like this: how quickly have they acted to prevent the zombie issue? How quickly did they act to try and sneak the broadcast flag into law. Again? Or again?
Start writing campaign checks and picking up the tab for "fact finding missions" to Hawaii for a senator or ten... then you might find some interest on the hill.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
I got my hopes up for a second. I though, "Finally! Those fat cats in Canberra are taking some action to prepare for the immanant impending zombie pandemic."
My elation was premature. This is just some lame story about computers sending spam.
Come on people! We need to start stockpiling canned goods, fresh water and shotgun shells now! If we wait until the first reports of infection, it may already be too late!
Slashdot: 24 hours behind every other site or your money back!
It would be cool if ISPs proposed some anti-malware strategies to their customers, maybe send some Linux distro :)
I agree botnets are a problem and that my ISP has a right to stop me from being a nuisance to the rest of the internet. But outside of that do I really want my ISP taking broad arbitrary decisions on what I can do with my connection?
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
We should be able to find a technical solution to this without having to get the government involved in what amounts to censorship. I'm not saying we don't have a problem, but I am confident that the last thing we want is to have hundreds of additional employees at the FCC regulating traffic on the internet and sending nasty letters to people asking them to conform or be disconnected.
Think about what would happen if the FCC were running around sending letters to people about computers that might be sending traffic they've deemed as disruptive? Couldn't the administrators at the FCC just use that as a pretext to monitor for P2P traffic? No thanks, Big Brother.
------ Tim O'Brien
How many zombie movies do we need to point out that the government experimenting on zombies is very dangerous and foolish? Get rid of the zombies with a bullet or whack to the head and be happy.
From the article: "Anthony Wing, manager of the anti-spam team at the ACMA, told ZDNet UK sister site ZDNet Australia that the application, which took "some months" to build, can identify computers physically located in Australia that are being used for "illicit reasons".
"[The application] identifies IP addresses that have been used for illicit reasons -- for example spamming," Wing said. "There are a range of sensors around that world that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are so that can contact them... if the computer remains a threat to other Internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved".
...The ISPs will then be responsible for contacting their customers and helping them disinfect their computers.
This is great, assuming that:
$nice = $webHosting + $domainNames + $sslCerts
If there are the right incentives, the zombie problem will go away.
E.g. if the user somehow feels it is necessary, he'll take care of his machine.
I know of people who know full well their computer will get infected with malware. They do it anyway, because they figure it won't cost them anything. Their ISP won't bug them, nor the phone company, nor anyone they DDOS, etc. They simply don't care.
That's why I want multiple waves of hardware-destroying worms. Worms that ruin your mobo month after month, until people wake up and see that proper administration is good for them too.
Another possible incentive would be to fine ISPs for allowing machines on their netblock to send out spam or do other anti-social things -- but that's going to be less effective, because an ISP can't fix the problem on a user's machine. All it can do is disconnect it, and that just leads to support calsl and whining from the (l)user. Which is why it isn't done (duh!)
http://www.thebricktestament.com/the_law/when_to_
I think not. Free speech does not include the right to shout "Fire!" in a crowded theatre, and free use of the Internet does not include the right to allow your machines to stuff it up for the rest of us.
As a Telstra customer who saw his cable connection slow to about 1/100th of its normal speed thanks to the DNS attacks of a few months ago, I'm glad to see someone doing something about the problem.
Il n'y a pas de Planet B.
I'm a broke geek. I host my website on a machine on a machine in my house. Last few weeks i've caught my machine being used for zombie purposes. Attack vector was a vulerability in phpnuke.
/tmp -al . ..
/who 0 and found an IRC op from IGS.ca Below is a log of the chat I had with him.
.bigfirex. in a channel called #testebot.
Let me explain "why I use that holy peice of shit"
The website has a decent sized community. It's also going to be a pain in the butt transferring to something else (i'm thinking vbulletin) and i've never had a problem before the recent round of nuke upgrades. 3 according to the advisories the only patch is to get off phpnuke (again, wonderful)
So today the website freezes up again. Thanks to the fact that i'm dot com broke now I basically sit here all day updating my forums, reading other forums, getting up ocassionally to warm up a microwave burrito and wait for the day Bill Gates makes all of us former window admins disapear to redmond in the great microsoft rapture of 2006.
Ok.. SSH into the machine. Same as before, same exploit.
poo:~# ls
total 20
drwxrwxrwt 5 root root 4096 Nov 6 14:55
drwxr-xr-x 22 root root 4096 Sep 16 14:38
drwxrwxrwt 2 www www 4096 Nov 6 09:40 r0nin
drwxrwxrwt 2 root root 4096 Nov 6 09:40 bot.txt
drwxr-xr-x 2 root root 4096 Nov 6 10:00 enviar.pl
Oh you sons of bitches, you done gone fucked with an admin with nothing better to do than to track you down. I firewalled off port 80, copied the offending files out of tmp and change permissions. Googling revealed r0nin is some kind of shell server. Since 80 and 22 are the only ports open to this machine, they would run it on 80, crashing my website.
Then I looked at enviar.pl. It was just a stupid email script. Nothing notable.
Finally I looked at bot.txt.
# IRC
my @adms=("bigfirex"); #nick dos administradores
my @canais=("#testebot");
use LWP::Simple;
my $dados=get("http://66.185.162.241/...fusao/nick/in dex.php");
my $nick=$dados; # nick do bot.. c o nick jah estiveh em uso.. vai aparece com um numero radonamico no final
my $ircname = $dados;
chop (my $realname = `uname -n`);
$servidor='irc.igs.ca' unless $servidor; #servidor d irc q vai c usadu c naum for especificado no argumento
my $porta='6667'; #porta do servidor d irc
Ahh here it got interesting. I now had a IRC channel, with a room name. I tried connecting, but my machine was banned from the irc server.
I ended up ssh'ing to a customer account I had running at he.net, and firing up BitchX from there. A few minutes later I was in the chatroom #testebot with our magical master of ceremonies "bigfirex"
I sat there for a while seeing folks pop in and out. I asked the room "could you tell me exactly how you're exploiting my machine and would you please not do it again?" No answer from bigfirex.
I decided to ask an IRCop for help. Surely seeing the evidence (I could have provided him shorewall and apache logs) he would take immidiate action banning this guy from the network.
I did a
[msg(elsif)] hi are you an ircop?
[elsif(jake@admin.igs.ca)] sure
[msg(elsif)] someone on your network hacked my webserver and installed a bot, i tracked them back to here
[msg(elsif)] The bot is being run by a user named
[elsif(jake@admin.igs.ca)] sucky. you do know that he.net runs a server on this network, irc.he.net?
[msg(elsif)] actually im just using a shell i have there, the ip for my comprimised machine was banned from this
network
[elsif(jake@admin.igs.ca)] k. I don't know what I can really do for you. I don't know that person and all.
[elsif(jake@admin.igs.ca)] lots of machines are compromised with ircbot trojans that come here in order to get their
"When will U.S. regulators ... get on board?"
Never , because alll U.S. lawmakers are in the pocket of Big Zombie.
Ok, I'm sory guys, it's time for me to fess up. I'm on this task force and what actually happened was this. Me and the other sys admins for the AU Gov were sitting around playing DooM when our Boss walked in and yelled "what the hell are you guys doing?! The good tax payers aren't paying you to play games..."
;-)
We had to think of something quick so I told him we were cleaning infected zombies from the network, which, if you think about it, is at least partially accurate. He then left muttering something about "keep up the good work" and next thing I know suddenly all the other managers and politicians want their networks cleaned. Now it's a national headline.
Hey! My bad!
Hopefully never. Well, U.S. regulators anyway.
ISP's should be protecting their own networks. Saved bandwidth costs alone should be enough reason for them to want to detect and block zombies. The last thing we need is more government intervention.
Well, if the computer eats your brain, it is probably a zombie computer.
Similar to the upcoming US election results
So you say all Windows computers qualify automatically?
Linux is not Windows
Specifically Roger highspeed cable internet provider. They have disconnect a few of my client's computers, due to being infected with some trojan/spyware/virus etc.
After my clients said on the phone, that "I will try and maintain a infected free computer , and run current antivirus software", they reconnect my clients.
I don't actually so mind that they disconnect people, if they are infected with some sort of virus. Saves the rest of the people from being infect.
Money cannot buy happiness, but can buy something soo darn close, that you can't really tell the difference