Slashdot Mirror
The New Face of Script Kiddiez
An anonymous reader writes "Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.'"
I'm pretty sure during, or shortly after the peak of, the Blaster worm period someone engineered a worm to reach systems vulnerable to the Blaster worm, rid them of it, and then seal the hole. It ended up causing more problems than the actual Blaster worm in some cases.
Exactly. While the rootkits, virus kits, worm kits, and other attack examples have been out there since the early DARPA days, most people using them were exploring for security holes to exploit. Now we've got people who just use that work to take over unpatched or obsolete machines.
They aren't hackers. They can't even claim to be crackers. They run a kit with as little thought to how it works as an Excel user thinks about the math and programming behind the interface. It's just a tool to them.
What's really annoying is their persistent attempts to break a patched/maintained environment wastes bandwidth that has better uses.
What's criminal is that their traffic interference can prevent you from using your connection to work or relax as you see fit. Legally, it should be comparable to theft of resources or vandalism preventing the use of resources. Following from that could be additional charges depending on the intended use of the victim's machines.
I do not fail; I succeed at finding out what does not work.
Whitehat viruses do exist in the wild. However, they too can bring down networks in a DDoS style; even while cleansing the system.
Computer virus infects Air Canada check-in system
W32/Nachi.worm
Yup. Blaster was the first, and Welchia was supposed to fix it. Problem was, Welchia located other nodes by pinging. It didn't take too long for a network full of Welchia to grind to a halt with all that traffic. I saw it happen; an office of about 200 people had to be disconnected from the WAN in order to keep it contained. (No, I was not in charge of that office or that network.)
Web 2.0 == Giant Blogspam Circle Jerk
uhmmm.. the botnet dood didn't register this domain. Well, now poor Timothy is going to have a busy week.
There are extradition treaties and things like that all over the place ;) If you break the law in the US, you can't necessarily just flee to Canada or Mexico or the UK, becuase they'll generally just send you back if the US asks, as the US does with other criminals. That's the "respect of US laws" that I think the GPP was talking about.
My blog. Good stuff (when I remember to update it). Read it.
Do you really think that the authorities didn't think of that? Do you really think that the information you've just presented isn't just some innocent person who happened to be involved with that domain name (or possibly not involved at all)? I'm sure whoever that domain name belongs to really appreciates you posting his information all over Slashdot. We all know that an Internet nickname must be tied to a registered domain name...... You're a fucking idiot.
P.S. I can't believe you just posted a whois query thinking you're fucking Sherlock Holmes...
Sometimes that is all you can get them on. Al Capone comes to mind.
For non-US people, or US people that never had history class, Al Capone was a famous bootlegger (someone that smuggled alcohol into the US) during prohibition (where alcohol was illegal). The FBI tried for a long time to catch him at it, but he always wiggled out. Finally they got him on tax evasion charges.