Slashdot Mirror
The New Face of Script Kiddiez
An anonymous reader writes "Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.'"
Would seem to imply a new genre of script kiddie, such as old people doing it, rather than a mere change in behavior. And if they can track and shutdown is bot network, why hasn't someone arrested this idiot?
...these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.
Great! Maybe he can reconcile my account balance while he's there.
This guy's the limit!
i find it rather funny that all these bot-net owners are getting so much publicity right now. The washington post recently had another article about another botnet owner. this is nothing new. people have been exploiting various networks and running botnets for at least a decade (that I'm aware of). these new botnets aren't any larger than the ones back in the day, either. in fact exploiting systems back then was way easier since security wasn't nearly as important to many people and firewalls were pretty rare. either way, ITS LAME
Hasn't this been going to for awhile?
"We are all geniuses when we dream"
- E.M. Cioran
These kids should be the new face of P2P research and production. Kids care more about group recognition, new toys and testing/breaking limits than they do about money. If more effort were put into giving them constructive P2P toys to play with, they would spend much less of their own effort breaking stuff.
Just stopping kids is a losing battle. The only way to win is to substitute something else into their idle hands. This has been proven over and again, most obviously with "Little League" which replaced gangs of window breakers with happy campers.
--
make install -not war
The worst part of this is that when these people are caught they are often given lucrative jobs at security and antivirus companies. Making the front page of slashdot will probably even look good on the lucky bastard's resume.
And what kind of name is witlog? It's like cunningpoop, or something.
Religion for nerds. Stuff that really matters
that should be distinctive on this "new face" is that it's either:
* Bruised and bloodied from the clue by four that's been applied; or
* mouth wide open screaming as his cell mate takes a new "wife."
I guarantee half of those bots are a result of some rogue ActiveX installation that most moms didn't know enough to click "don't install". Do everyone a favor, and just shut off ActiveX entirely. -- Jim http://www.runfatboy.net/
Spread a worm that:
:')
* Spreads itself to at least 2 other computers (for survival)
* Downloads and installs ad-aware
* Activates your windows firewall
* Downloads appropriate patches from Microsoft
* Prepares ad-aware to run on the next boot
* Deletes itself from the system
That'd be so beautiful *sniff*
SecurityFix: so did you just download the source from some site and set it loose?
Witlog: yes
Witlog: changed settings, and started it
Witlog: thats all
Witlog: anyone could do that
Witlog: you don't have to know many things to do a botnet like this
Why can't Microsoft push out its security fixes like this???
He who knows best knows how little he knows. - Thomas Jefferson
Witlog: so when i've read that article, i thought "why not to make my own"?
SecurityFix: so did you just download the source from some site and set it loose?
Witlog: yes
Witlog: changed settings, and started it
Witlog: thats all
Witlog: anyone could do that
Witlog: you don't have to know many things to do a botnet like this
This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler. He finds a script or two somewhere, configures it, and lets it go. He has no moral compass, he doesn't care about other people's property, and he seems to think this is a hoot. He sounds too much like those college boys who are accused of setting those Alabama church fires.
But as he says, anyone can do this. While it's nice that goups like Shadowserver.org are tracking down and shutting down these botnets, why isn't someone doing something about the supply source for these scripts? It's like leaving a loaded gun lying around -- some idiot may decide to use it, even though they don't know how. I say find the morons behind the botnet scripts and take them out. Stop wasting time on the small fry.
GetOuttaMySpace - The Anti-Social Network
The only reason this guy is having any success at this is because of the default security settings on Windows.
No, this isn't an anti-Microsoft rant. But the fact is that without those open ports, his worm wouldn't be spreading. You cannot depend upon the end-users to correctly patch or firewall their systems.
All it would take to stop this guy is for the next version of Windows to ship without any open ports by default. Ubuntu already does this, Apple already does this.
Having a software firewall on the machine is a distant 2nd place option. If there is a flaw in the firewall software, he'll have the same opportunity he has now.
I know they do'n't spelcheck articlez, but this is rediculus!
If only I could come up with a script to clean a machine reliably I'd save plenty of time. Just today I tried and failed to de-crapify a horribly compromised Win ME/kazaa-induced nightmare.
I spent nearly an hour with ad-aware, hijackthis, and spybot s&d before realizing best case I'd end up with a limping Win ME system.
Now it's happily running 2k, fully patched, and the ignorant user warned.
Man, you really need that seminar!
What he does is wrong. Don't get me wrong.
At the same time, I couldn't give a rat's ass. Leave your car unlocked, get your radio stolen, see me cry 0 tears.
Leave your house unlocked, and the fine china will walk out the front door.
Leave your computer unprotected, and your data/bandwidth will be taken.
We run OS X/Linux. Automatic security updates, 0 ports exposed, everything behind a NAT, no automatic execution of downloaded files, and nobody types in administrator password without calling me first, either because they don't know them, or they know to verify EVERYTHING with me. Did I mention that user desktops run few (no) services? CUPS, SMB, SSH. No remote or local root logins.
Everyone here understands that ANY thing they download could potentially result in all their data being messed up. Period.
The last piece of the puzzle for me would be to prevent people from "spoofing" OS X users using incorrect icons for executable mime-types. Then I'll be happy.
Why should I care?
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
"At least one machine that he showed me from his botnet was located inside of a major U.S. defense contractor."
Ah, the irony...
Ever tried to track these guys down? Have at it and let us know what you find out. =) First of all the term 'our authorities' sticks out. There isn't a single jurisdiction for this type of crime. A lot of these botnet operators live overseas and are hard to track down. Then if they do actually find them there are a lot of hurdles to jump through. The number of botnets is growing every day and I would guess that the number of law enforcment that deal with cybercrimes isn't growing at the same pace. This is already a huge problem and I would imagine it will only get worse.
Adam Vitale aka Batch1 arrested by Secret Service
M.
Saw your other post too.. U r right, whoever isn't mailing compliant these days and is promoting illegal shit like pharm or stocks on top of it, is just asking for the feds to bust through their door...
Hamster
I am not saying this guy didnt scam tons of people which is not right however if swank does not like you for whatever reason he will post you info on his anti friends websites so be very very carefull when dealing with swank and make sure your personal info is kept to you.. Personal revenge is the key to try and recover money that was scammed not whoring shit out to the anti's....
P.S. swank you know I dont like fake people.. You guys get a kick of this one http://www.spamhaus.org/rokso/evidence.lasso?roks
Look half way down the message and you will see this
"Swank"(Chris Brown) and "Batch1"(Adam Vitale) are in a tiff over a spam deal gone bad, and are in a flame-war on spamforum.biz.
Swank has repeatedly posted "Batch1's contact info that was used in their spam dealings with each other.
I think this is what I have been explaining all along about how swank has ties to the antis and posts peoples info if he doesnt like them and if you notice reading these articals the anti's really never say anything bad about swank HMMMM I wonder if he is friends with them.. Enjoy guys.....
1200000 / recipients_per_Email = 47,000 emails sent.
hard to understand isnt it hamster
also if you've paid any attention to the forum, the informant (sean dunaway) is already notified and you've started a double thread because of your ignorance
This is starting to sound like those Mafia wiretap transcripts that came out as the New York Mafia was coming unglued. Law enforcement was doing well enough that the crooks were more afraid than the good guys, and were desperately trying to figure out who was selling out.
Spamming is starting to yield to straightforward police work.
I should point out that ISP blocking makes these folks essentially useless, not to mention limiting upstream.
However, I hate that my ISP is packet filtering for things like torrents (Rogers), one has to wonder why they fail to filter for the things that uselessly waste their network rather than the people who actually use it.
-M
when you see the word 'Linux', drink!
Like which System Admin of a large government contractor is not aware of network security in this day and age, which would allow compromised computers and connections to the outside world?
It seems that you've been living two lives. One life, you're Thomas A. Anderson, program writer for a respectable software company. You have a social security number, pay your taxes, and you... help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias "Neo" and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not.
I'm sorry, I just watched matrix today again, so all my comments today might reflect it..i will go back to my cave till i'm off it.....
Like Script Daddiez.
Imagine if these bot nets did something more subtle... like.. turning a single random pixel black or slightly fudging the movement of the mouse. Warranty Havoc!! Gawd that would suck.
Botnets ain't new. They're even past their prime, past the time of the huge 'net that grew, unhindered by user awareness or antivirus tools.
Today's botnets are no longer standalone tools. They are used to spread secondary attacks. That's where the new threat comes in. That's how secondary threats like trojans and viri can spread via email. Or you can use the botnet to download and distribute updates for trojans.
The possibilities are pretty much limitless. Just imagine you have a few 100 to a many 1000 computers at your hands that could be used however you like, and let your imagination run wild.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Yeah, we'll catch him like Osama!
uhmmm.. the botnet dood didn't register this domain. Well, now poor Timothy is going to have a busy week.
Some people trust the system on their computers because they don't know any better. That doesn't make the bad or wrong. Just "ignorant".
The only difference is that you have a physical limit to the houses you can break into. There is no such limit on computers.
People have a much easier time understanding physical security because they can see it. They know when they've been robbed. They know when the neighbors are robbed.
With a computer, they probably won't know, or even really care. Unless they lose money from their accounts.
And fighting against ignorance is a long and difficult task. There are millions of individuals out there and each one has to be correctly educated.
Personally, I'd recommend focusing on an easier target ("easier" being relative here). Get Microsoft to ship the next version of Windows without any open ports by default. Yeah, I know what you're going to say. But it's more likely to happen than educating the millions of individual users out there.
..only old people run botnets.
my password really is 'stinkypants'
the activities of a kid named Witlog
Man, what were his parents thinking?!
We all here know what a hacker is. We all know what a cracker is. We all know what a script kiddie is. That's what we know.
The audience of the media don't know what a hacker is, or what a cracker is. They don't know that these botnets are not hackers or even crackers. They don't know what script kiddies are. The BBC calls these dudes hackers.
We know why script kiddies do their worthless crap. They do it for the attention. They do it for their own ego. The money makes them extortionists and thus, criminals. The media is making script kiddies out of ordinary losers by making them famous and calling them hackers.