Slashdot Mirror
25 Percent of All Computers in a Botnet?
Beckham's_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the 'fathers of the internet', has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We've discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering. With the extremely lucrative activities that can be done with botnets (such as password ripping, spamming, DDoSing), as well as reports of organized crime adopting 'cyber-terrorism' as a new line of income, is it likely that law enforcement will ever be able to curb this particular bane?
Isn't there a way to develop a virus that can spread through these compromised computers, but instead of doing the damage, it fixes the leaks? These compromised computers have some sort of back-door left open right?
Until they want to play the latest and greatest games. Then what? And don't give me the emulator lines, I'm talking out of box ready to play. You will not get rid of Windows, face that fact. The trick is to educate people on how to better protect their Windows machines against such things.
Anonymous Coward: "This is slashdot. Accuracy is second class citizen here, unlike King Bias."
I would be much more inclined to believe that 1 in 4 PC's are infected with one or more of the following:
- Virus
- Trojan
- Worm
- Spyware
- Adware
A few of the above are used almost interchangeable (by some people) and have the capability of effectively making the machine into some form of a bot or zombie (remotely controlled or not). Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.
Presumedly every OS can be bot-free. I mean it's not like they come pre-installed.
If you mean permanently bot-free, then it's going to be an empty internet because every OS has security issues.
Does anyone know a utility/website for detecting and cleaning bots?
There are lots of tools for detecting bots; as for cleaning them, well that depends upon the environment I suppose. ISPs have tools for detecting likely bots, but generally don't have the authority or motivation to do anything. Large organizations like universities and corporations have tools for detecting bots and taking them offline until they are fixed. How does one go about cleaning bots though? Do you wipe boxes before you know what is on them? That is the only sure way to rid a box of malware since you have no idea what else is on it.
The first question that needs to be answered is clean bots from what type of network do you want to clean bots from? The next is, how much control do you have over the machines?
With 99.9% of South Koreans "shackled" to Windows and "sitting behind fat pipes", why are we surprised?
.kr. It wouldn't surprise me at all if 99.5% of them were infected over there.
I keep banning new IP ranges originating from
I wonder how up-to-date Law Enforcement is on Cybercrime, i.e. crimes that are perpetrated in Cyberspace. There's just so many things that place them at a disadvantage. First, there's often the argument that no crime has even been committed. The 'net is a wild and crazy place, and if you're on it, there's personal responsibility for protecting yourself against the constant background of malware. Most people haven't been educated in this respect.
Second, IP forensics is a rather arcane art. Few are schooled, even fewer are of the calibre that Law Enforcement would need on their side. I'd guess that it's still more lucrative to be on the wrong side of the law, and given the nebulous nature of many of these crimes, there's just not much attraction to being a computer cop. There is a process, if you're interested, to become an expert witness in this field. That's a step in the right direction, but it's only part of the overall legal process. We still need Law Enforcement officials who are willing to press charges and a judge who's willing to sign required warrants.
Finally, there's the anonymity factor. Even IP forensics won't get your man. It'll get you their IP address, but it's a long way from the IP address to the culprit. There's dozens of arguments which could explain why your Internet connection has been implicated in a Cybercrime, most of them raising reasonable doubt.
It's possible, however. "Where there's a will, there's a way." We have to take these crimes out of Cyberspace, and start correlating information between network and reality. After all, there's generally financial transactions associated with large spam deliveries and 10k+ botnet DDoSing. It's a lot harder to claim that you're a victim of circumstance when not only was your IP spotted crawling through an ISPs subnet in suspicious ways, but you also received a few grand just before a mysterious DDoS that brought down a major website.
"Please describe the scientific nature of the 'whammy'" - Agent Scully
On linux, you only need a script that does the equivalent of this: Or, if you have netcat available to you and prefer to use that tool: Or just include all the tcpip stuff in the trojan the idiot linux luser runs. It's easy enough to add it to their
These things aren't after your own files and such They are after your network resources, and these are trivial to get, even on *nix, my friend. When linux is popular amongst the idiots who run everything that they are sent or directed to download, they will certainly run it on that platform. And doing this stuff on linux is far more trivial than doing it on windoze thanks to the standard 'dev' tools and shells that are pretty much guaranteed to be available to the attacker.
No its stealing, your more likely to be considered an accomplice though. If you leave your house unlocked someone comes in and shots you in the head, are you responsible? No If you wear a short skirt low cut top and get raped are you responsible. No You can't blame the victim
She won't get infected with anything if:
1. She is behind a router, like a cheapo Linksys or something, so her ip is not routable over the wan.
2. She doesn't use IE.
3. She has auto-updates turned on.
I've had my similarly illiterate mom on such a setup for several years now, and she's never been infected.
> I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas.
Tell them to fuck off or they'll start expecting it. If you must do it, charge an hourly rate equivalent to a mechanic.
The Microsoft monopoly relies on schmucks like us freely donating our time to clearing up their shit. Put a $50/hour charge on your time and let Microsoft bask in the overdue respect they deserve.
The real rub is that if your PC is infected with a halfway decent bot you'll never know it unless you monitor the outbound traffic.
A good bot will install a root kit that will disable and/or lie to anti-virus software.
The race isn't always to the swift... but that's the way to bet!
This is what you get as the result of profit first corporations, everybody else pays the costs and that cost often far exceeds (by a factor of thousands) the increase in profit that some asshat corporate executive wet dreams over.
Chaos - everything, everywhere, everywhen
I wonder how they got that 150M number--if it's the number of Bots out there or the number of infected PCs? If it's the former, and I suspect it is, you can't equate that to the number of PCs. One PC can be a member of several botnets. From what I've seen (and most of you have probably too), a PC either seems to be clean or has 14 bots and 95 pieces of spyware on it depending on the user's habits and training.
Real programmers use "copy con program.exe"
After getting feedback that the majority of their users have Spyware installed on their systems, Microsoft decided to incorporate spyware directly into the OS (embrace and extend). With the release of Microsoft Vista, your computer will come with software that runs silently in the background, regularly checks in with their network, and can be completely disabled remotely, similar to botnet software produced by others.
While this system is not pre-configured to send spam or generate DDOS attacks like many other botnets, it does have the ability to download new functionality in the background through Windows Update, so this capability could be added at a later date if enough customers continue to install third party botnets. This means that while your Vista computer is already part of a botnet out of the box, it's fairly dormant. As an indication of the omnionous potential of this enhanced system, Microsoft is calling it 'Windows Activation'.
XeoMage
Yeah...
But even per capita is not a good way to measure infection on windows.
Because windows is the most widely used OS, hackers are bound to write more malware for windows OS. So there SHOULD be quite a bit higher rate on windows, even with per-capita.
Yeah, as much as I like living pain (not worry) -free with OS X so far, it's only a matter of time until the cost/benefit of launching a reasonably successful large-scale attack against the OS arrives.
In the meantime, I'll keep Clam AV going, backup regularly, and keep my admin account separate from the others.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- to disconnect any equipment that interferes with the PSTN.
- to have your dog killed if it is rabid.
- to clean up a toxic chemical spill on your property.
- to take the medication that keeps you from spreading tuberculosis.
- to either fix any interference caused by your ham radio, or stop using the thing.
So, just how complicated is the solution to botnets and similar public network security issues?The catch is when major ISPs start charging for how much you use your broadband connections, it is more profitable for them to allow for botnets etc to continue.
Chaos - everything, everywhere, everywhen
Ya really easy I'm sure, unless you use CHMOD to make those files read only for the user. Then the malware would have to guess the root/admin password.
Or just read the file in, delete it and write it out again. Delete permission on files is governed by the directory they're in; as long as you have write and execute on the containing directory, you can delete the file and recreate it. No need to guess anyone's password.
Try it for yourself - open a read-only file in your home directory with vi, modify it, and try to save it. Vi will tell you that it's read-only, and to use "w!" to override. If you do, vi simply deletes the file and writes out the modified version.
It's official. Most of you are morons.
"I can't empathise in any way with those who are perfectly content to accept their computer is infected with some sort of adware and believe there is nothing they can do to prevent the infection of such malware."
I can empathize. I think most of those who are "content" aren't actually content. They're lost! They don't know how the problem started and certainly don't know how to fix it. Personally, I hate operating from a position of ignorance. I'm sure at least some, if not most of these folks do to. The problem is their operating system and apps have enough holes that they have no clue as to the precautions they should take. Also, they see "free" games and screensavers...oooh, cool! Do you really blame them for that? I just googled "securing windows" and got 6,920,000 results. Does the average user even know enough to do that? If they do, do they know enough to be able to separate the chaff or will they follow directions from some half-assed know it all who misses obvious or not so obvious weak points? Yes, everyone should put some effort into securing their systems but how can you not empathize with those who don't even know where to start? It's not as easy as knowing which end of a hammer to strike with and to most people a computer is just another tool.
I can see the solutions are out there. Alternative, more secure OS options and apps are available. The bigger problem is educating the every day, tool using, user that the options they are using ARE the problem.
I reserve the right to think for myself. Others' opinions are optional. Puppy on lap = typos...not illiteracy.
I agree! Not only that, joe sixpack buys his PC at the department store pre-laden with free trials and nag screens for firewalls, virus scanners, extended warrantees, computer courses, ect, until the thing boot's up at the same speed as the space shuttle. When it does finally boot-up, shit pops up all over the place asking the to sign forms, ect. If they RTFM (and are lucky enough to have picked the correct one from the 10 available), it looks nothing like it. Yet these same people buy self-assembled furniture, pre-fab garden sheds, plug-n-play home theaters, and other such "puzzles" from the same store and have no on going problems.
I can't count the number of people I have helped just sign up for the "pre-installed" ISP and get them on the net in the first place. They aren't "content", they complain to the store, then to the ISP, then just leave it in a corner until someone like me "fixes it" and shows them around the net. Sometimes they live with adware because they don't know how to clean it off but this doesn't mean they are not fucked off that they can't trust the thing to do their banking (as adevertised).
Blaming average users because someone is screwing them over is arrogance of the highest order, it's amounts to condeming the victims - a very ugly attitude in my books.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
it's only a matter of time until the cost/benefit of launching a reasonably successful large-scale attack against the OS arrives.
It's only a matter of time before some descendent of pigs evolve wings too.
You have to make decisions based on what you see and know, not speculation. Right now, and for the forseeable future, your best protection from trojans, worms and spyware is to install or purchase any OS besides Windoze.
It's not just a solution, it's the solution. A diverse population of computers will make botnets both expensive and small.
Friends don't help friends install M$ junk.
Like the ramen worm that effected most Redhat systems and then disabled the exploits it used?
Thanks for the link, it's a great example of how free software rocks. Six years ago, Ramen ate through a few poorly maintained Red Hat 6.0 and 7.0 servers running WUFTP. It did not eat through Debian, Mandrake and other distributions because there are lots of ftp servers to chose from. It has not been heard from since. A diversity of software limits the damage any one flaw can cause. Automated update tools insure the problems are fixed quickly. If something goes wrong, the user can download and burn a CD with all new software and then install it without loss of user data.
The Windoze user, on the other hand, is left with their ageing "original" CD to put all the flawed software back with tremendous hassle and loss. That's the problem with non free software - you depend on a single "owner" that can't possibly keep up for everything.
The only short term solution for the user is to leave Windoze. The only long term solution for the internet as a whole is to diversify. The two things are the same.
Friends don't help friends install M$ junk.
There are plenty of rooted Linux boxes out there, and there have been reports of Macs as being part of bot nets. Granted, the problem is still 99% Windows, but is not all unique to Windows.