Slashdot Mirror
The New Face of Script Kiddiez
An anonymous reader writes "Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.'"
i find it rather funny that all these bot-net owners are getting so much publicity right now. The washington post recently had another article about another botnet owner. this is nothing new. people have been exploiting various networks and running botnets for at least a decade (that I'm aware of). these new botnets aren't any larger than the ones back in the day, either. in fact exploiting systems back then was way easier since security wasn't nearly as important to many people and firewalls were pretty rare. either way, ITS LAME
I guarantee half of those bots are a result of some rogue ActiveX installation that most moms didn't know enough to click "don't install". Do everyone a favor, and just shut off ActiveX entirely. -- Jim http://www.runfatboy.net/
Spread a worm that:
:')
* Spreads itself to at least 2 other computers (for survival)
* Downloads and installs ad-aware
* Activates your windows firewall
* Downloads appropriate patches from Microsoft
* Prepares ad-aware to run on the next boot
* Deletes itself from the system
That'd be so beautiful *sniff*
SecurityFix: so did you just download the source from some site and set it loose?
Witlog: yes
Witlog: changed settings, and started it
Witlog: thats all
Witlog: anyone could do that
Witlog: you don't have to know many things to do a botnet like this
Why can't Microsoft push out its security fixes like this???
He who knows best knows how little he knows. - Thomas Jefferson
If only I could come up with a script to clean a machine reliably I'd save plenty of time. Just today I tried and failed to de-crapify a horribly compromised Win ME/kazaa-induced nightmare.
I spent nearly an hour with ad-aware, hijackthis, and spybot s&d before realizing best case I'd end up with a limping Win ME system.
Now it's happily running 2k, fully patched, and the ignorant user warned.
Man, you really need that seminar!
I've met plenty of these kinds of kids, since I used to be among them myself when I got started. One difference between them and me was that I was given constructive toys, actual (simple) programming projects, while they just passed around hacks/cheats given them by someone else.
They don't have to be hackers to cause harm. All they're doing is playing with toys. That's why less harmful toys in wider distribution will dilute the harm.
--
make install -not war
This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler. He finds a script or two somewhere, configures it, and lets it go. He has no moral compass, he doesn't care about other people's property, and he seems to think this is a hoot.
Yeah, that is the impression I get of botnet operators in general, especially the ones that are as easy to catch as this one.
why isn't someone doing something about the supply source for these scripts? It's like leaving a loaded gun lying around -- some idiot may decide to use it, even though they don't know how. I say find the morons behind the botnet scripts and take them out.
A tool is a tool. There is nothing wrong with making a tool, or even distributing it. Besides the authors of these things are very hard to track down. One interesting thing I've heard several times is how easy this problem would be to stop. I mean, you log into the control channel, reverse an update, and send your own that shuts down the botnet, maybe along with a patch for the user or just a message alerting them to the fact they have been hacked. The only real problem with this is it is running code on someone else's machine without permission, hence illegal. Otherwise security researchers could take down most of the existing botnets in a week or two.
Because the source code is perfectly legal. Making the source code, distributing it, all perfectly legal activities. Compiling it is also legal. Using it is legal too....Using it on someone elses computer you dont have permission to, ILLEGAL... see how much you can do before you even come close to breaking the law.
The phrase "more better" is acceptable English. suck it grammar Nazis
Adam Vitale aka Batch1 arrested by Secret Service
M.
Saw your other post too.. U r right, whoever isn't mailing compliant these days and is promoting illegal shit like pharm or stocks on top of it, is just asking for the feds to bust through their door...
Hamster
I am not saying this guy didnt scam tons of people which is not right however if swank does not like you for whatever reason he will post you info on his anti friends websites so be very very carefull when dealing with swank and make sure your personal info is kept to you.. Personal revenge is the key to try and recover money that was scammed not whoring shit out to the anti's....
P.S. swank you know I dont like fake people.. You guys get a kick of this one http://www.spamhaus.org/rokso/evidence.lasso?roks
Look half way down the message and you will see this
"Swank"(Chris Brown) and "Batch1"(Adam Vitale) are in a tiff over a spam deal gone bad, and are in a flame-war on spamforum.biz.
Swank has repeatedly posted "Batch1's contact info that was used in their spam dealings with each other.
I think this is what I have been explaining all along about how swank has ties to the antis and posts peoples info if he doesnt like them and if you notice reading these articals the anti's really never say anything bad about swank HMMMM I wonder if he is friends with them.. Enjoy guys.....
1200000 / recipients_per_Email = 47,000 emails sent.
hard to understand isnt it hamster
also if you've paid any attention to the forum, the informant (sean dunaway) is already notified and you've started a double thread because of your ignorance
This is starting to sound like those Mafia wiretap transcripts that came out as the New York Mafia was coming unglued. Law enforcement was doing well enough that the crooks were more afraid than the good guys, and were desperately trying to figure out who was selling out.
Spamming is starting to yield to straightforward police work.
I should point out that ISP blocking makes these folks essentially useless, not to mention limiting upstream.
However, I hate that my ISP is packet filtering for things like torrents (Rogers), one has to wonder why they fail to filter for the things that uselessly waste their network rather than the people who actually use it.
-M
when you see the word 'Linux', drink!
I've met a number of these kids, and chatted with plenty in my day. I have always been under the impression that those who wanted to learn something did. I remember listening to Brock Meeks speak ad DefCon, only to have questioners lay into him saying, "You don't have to be interested in programming to be a good hacker." Those kids don't want to learn anything, and they won't.
I can name at least 3 of my friends from when I was 14 chatting on IRC who are off getting their PhDs now (and you can add me to that number in the Fall).
The kids who wanted to download "bitchslap" and knock a computer or two offline did that and didn't do anything more interesting than that. They ran into #2600 and barked at all of the people in there "Am I 1337 now!?!" and told all of their friends how hardcore they were.
All of that aside, most of the serious P2P research is simply outside of the reach of your standard issue coder, let alone some script kiddie who doesn't know what he's doing. Perhaps there's some simple, elegant technique out there that people haven't exploited yet. Heck, I have my own simple elegant technique that I think that everyone missed. The difference is that I'm writing a paper about it, not sitting in some IRC channel telling people how 1337 my misguided flood protocol is.
And, also, exactly, they don't have to be hackers to cause harm. They can be script kiddies and be plenty destructive. A script kiddie is called a script kiddie because he doesn't have any 1337 sk1llz though, not because he's trying to change the world. I wanted to learn about computers once too. You know what I did? I programmed.
Botnets ain't new. They're even past their prime, past the time of the huge 'net that grew, unhindered by user awareness or antivirus tools.
Today's botnets are no longer standalone tools. They are used to spread secondary attacks. That's where the new threat comes in. That's how secondary threats like trojans and viri can spread via email. Or you can use the botnet to download and distribute updates for trojans.
The possibilities are pretty much limitless. Just imagine you have a few 100 to a many 1000 computers at your hands that could be used however you like, and let your imagination run wild.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Some people trust the system on their computers because they don't know any better. That doesn't make the bad or wrong. Just "ignorant".
The only difference is that you have a physical limit to the houses you can break into. There is no such limit on computers.
People have a much easier time understanding physical security because they can see it. They know when they've been robbed. They know when the neighbors are robbed.
With a computer, they probably won't know, or even really care. Unless they lose money from their accounts.
And fighting against ignorance is a long and difficult task. There are millions of individuals out there and each one has to be correctly educated.
Personally, I'd recommend focusing on an easier target ("easier" being relative here). Get Microsoft to ship the next version of Windows without any open ports by default. Yeah, I know what you're going to say. But it's more likely to happen than educating the millions of individual users out there.
Given the text of the interview in the article, I'm guessing that he is not in this country, or at the very least that he's a non-native speaker.
My logic: There is a line where the reporter is interviewing the 'kid'. He says the following:
Aside from the obvious grammatical issues, the last word of the sentence is indicative of the fact that he may be a non-native speaker of English. A native speaker would likely use the word "that" instead of "this" when using the phrase "something like" in conjunction with an action taken in the past.
There's also the fact that he said "I've read" rather than "I read". While the former is not incorrect (using the past participle, 'have'), a native speaker is more likely to use the simple past ("I read" rather than "I have read"). This is especially true of a younger native speaker.
While it's obviously difficult to analyze the grammar of a script kiddy, if I had to bet I would say that he is a non-native speaker. Could easily be German, or east european given the language patterns.
In fact, I have noticed--and "experts" have noted--that "delayed adulthood" (a.k.a. "arrested development," "extended adolescence") has become common. My 28-years-old-going-on-16 son is a good example.
I can see the sophistication of such "Skript kiddie" operations as indicating some "kid" in his late-20s or early-30s, still living at home, and with the moral compass of your common housecat.
Any technology distinguishable from magic is insufficiently advanced.
Now we've got people who just use that work to take over unpatched or obsolete machines.
Right.. hence the word "script" in "script kiddies." They don't program, they just use. That's nothing new. And really, it's no different than anything else. You don't need 100 people to invent the wheel. You share libraries without caring how they work as long as they do what you want them to do. Anyway, nobody's giving this kid a medal, they're just showing an example of how easy it is for anyone to do.
Legally, it should be comparable to theft of resources or vandalism preventing the use of resources. Following from that could be additional charges depending on the intended use of the victim's machines.
Are you suggesting that the reason such activity exists is because we don't have laws against it? That prosecutors need more tools in the battle against script kiddies? Because from here, it sounds sort of like you're saying, "Shooting people should be illegal, with additional charges depending on what else was going on during the shooting."
https://www.eff.org/https-everywhere