Slashdot Mirror
Is the Botnet Battle Already Lost?
An anonymous reader writes "Researchers are finding it practically futile to keep up with evolving botnet attacks. 'We've known about [the threat from] botnets for a few years, but we're only now figuring out how they really work, and I'm afraid we might be two to three years behind in terms of response mechanisms,' said Marcus Sachs, a deputy director in the Computer Science Laboratory of SRI International, in Arlington, Va. There is a general feeling of hopelessness as botnet hunters discover that, after years of mitigating command and controls, the effort has largely gone to waste. 'We've managed to hold back the tide, but, for the most part, it's been useless,' said Gadi Evron, a security evangelist at Beyond Security, in Netanya, Israel, and a leader in the botnet-hunting community. 'When we disable a command-and-control server, the botnet is immediately re-created on another host. We're not hurting them anymore.' There is an interesting image gallery of a botnet in action as discovered by security researcher Sunbelt Software."
check if there is a "start" icon in your left lower corner of the screen. if so - yes, chances are you have caught a virus, and your computer is taken over and controled by the dark forces.
You have no idea how depressing it is that I can't decide if the above comment should be modded flamebait, funny, informative or insightful.
Botnet, Skynet, whatever... We effectively lost the war against the robots when we first invented computerization, thus creating the posibility for the future war against the robots.
Oh wait, this is slashdot. Nevermind.
Correct. The sweetheart in question HERE is probably an overclocked dual core Athlon chip that would handle that poem in a few milliseconds.
Seven puppies were harmed during the making of this post.
If you do not know how to check, I can assure you that your network is fully owned.
Got Code?
Slashdot needs a mod option: +1, Whatever.
# I am Dyslexia of Borg. Prepare to have your arse laminated.
# I am Pentium III of Borg. Deactivation is futile. Prepare to be identified.
and for the slashdot crowd
# We are Infinity of Borg. Bandwidth is futile. You will be queued.
What does it matter, really, if you've been rooted?
The sad fact is that no matter how often you're rooted, as the other post quite clearly pointed out, you're never going to get approval to remove the defective software that allowed it. If knowing creates willful negligence but not knowing doesn't, there's a certain advantage in not looking.
Just watch your netops keep uninstalling the more obvious malware and reimaging your boxes every few years and pretending everything is ok. Nod when they call the AV and the firewall edge box due diligence and don't watch those road warriors connect their notebooks to your localnet. You never get documents with executable content in email from outside your network anyway and if you did the virus scanner would stop it before delivery, wouldn't it?. Nobody on your network would click a suspicious link. These are not the rootkits you're looking for. Repeat after me: "I am so shocked! Gosh those hackers are clever. I hope they go to prison for a long time if they're ever caught using their completely anonymous fault tolerant botnet."
Now go heal some sick people, and never get admitted to your hospital under your own name.
Help stamp out iliturcy.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Your post advocates a
(x) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting botnets. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop botnets for two weeks and then we'll be stuck with it
(x) Users of windows will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from botherders
( ) Requires immediate total cooperation from everybody at once
(x) Many pc users cannot afford to lose business or alienate potential employers
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for the internet
(x) Ease of searching tiny numeric address space of all IP adresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of botnets
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with botherders
( ) Dishonesty on the part of botherders themselves
(x) Scope creep of any powerfull monitoring tool that is introduced to deal with a particular burning issue
(x) The old "Who watches the watchmen" problem
(x) The powerfull temptation to use it as a tool for censorship.
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) Connections should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
(x) We should be able to use P2P without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
My Karma: ran over your Dogma
StrawberryFrog
If you're running windows, you don't get rooted. Instead you get administered.
"We are all geniuses when we dream"
- E.M. Cioran
He probably wishes his backdoor had a little more security.
Censorship is telling a man he can't have a steak just because a baby can't chew it. --Mark Twain