25 Percent of All Computers in a Botnet?

Beckham's_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the 'fathers of the internet', has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We've discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering. With the extremely lucrative activities that can be done with botnets (such as password ripping, spamming, DDoSing), as well as reports of organized crime adopting 'cyber-terrorism' as a new line of income, is it likely that law enforcement will ever be able to curb this particular bane?

Law enforcement?

[countSudoku()]

Why not start with the ISPs? Have them start policing their own customers and shut off their connections when a compromised system is discovered, then help that poor, unconnected shmuck clean their PC so they can rejoin the world wide pr0n.

I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas. Pain in the ass, but at least they're running clean and happy now. This is after I said I'd never help them because they made the mistake of buying XP laptops instead of a Macs. What can you do? Gotta clean it, even if it's partially the cause of the problem and the people using them are not of the highest technical ilk.

Re:How to stop the bots

[x_MeRLiN_x]

25% does seem a little high, but then again it's not hard to imagine that people who this affects don't talk with too many people online who they haven't met in person. Just today I was playing Counter-Strike (1.6 of course) and a fellow player revealed the reason for them not moving or shooting; a pop-up. This is hardly a rare occurrence. I can't empathise in any way with those who are perfectly content to accept their computer is infected with some sort of adware and believe there is nothing they can do to prevent the infection of such malware.

Class action

[bigberk]

There could definitely be a class action lawsuit at some point facing Microsoft. That one company has a mass deployment of an operating system that is obviously dreadfully vulnerable to infection. Some might reasonably argue that Microsoft has an implied duty to provide a reliable operating system, as the backbone infrastructure of the modern computing world.

Among the victims of the easily infectable Windows platform are:
1) Large internet service providers, who suffer tremendous bandwidth costs due to DDoS attacks and spam
2) Sites that have been forced offline or had skyrocketing costs due to DDoS attacks
3) Businesses which suffer downtime due to networks congested with worm activity

I think it is time for an ambitious group of lawyers to start barking up this tree. It wouldn't be so big a concern if it wasn't for the fact that Microsoft has made a specific effort to rollout their operating system as a foundation of the world's business computing. They are providing faulty infrastructure.

Yes it is possible to eliminate

[gurps_npc]

The single reason why spam and other net abuses go on is that there is no world wide laws. It is a public crime, people can click on the spam and hunt down the person committing the crime simply by following the money. They getaway with it because If one country creates an effective law and enforces it, the spammers can just move to another country.

You want to cure it? Have ICAAN come up with a set of standard, simple guidelines. Not censorship, just simple things like "No sending out spam emails", "No Zombie Bot". Then have ICAAN rule that failure to pass laws enforcing these guidelines (individual countries get to decide what the actual law would be) or failure to cooperate to enforce them results in disconnect for that country from the rest of the internet. That would be ICAAN's sole enforement power

Give people a 3 month warning, then start disconnecting the countries that are the worst violators, giving the secondary violators another warning. In one month, if they pass new laws or fund new enforcements, they get a trial hook up again.

I predict one year of nastyness, during which all countries scramble to create and enforce real laws.

The worst of the worst of the offending countries, might split off and form a secondary, 'dangerous' internet. But who would care.

EVEN MORE SCARY it's 1 in 2 windows computers.

[goombah99]

it says 1 in 4 are infected. But lets drill down. First take out all the mac and linux and Unix computers since the botnet rate, while not zero, is probably not signiciant. We can also exlcude most but not all embedded system. Since mac and linux and Unix , and embedded systems acocunt for more than a quarter of the market this means that most Windows computers are infected at a rate closer to 1 in 3.

Next remove all the server clusters and the majority of computers in highly active IT bussiness envirmonments. We can probably exclude most military computers. That takes out another quarter of the machines.

So basically your personal computer at home or poorly maintained bussiness machines are carrying the bulk of the infection and it's not entirely way off to say the botnet rate is 1 in 2 for windows.

The ISPs could help stop this

[vinn01]

I blame the ISPs for allowing traffic to leave their networks with spoofed IP addresses. That is - passing IP packets that are sourced within thier network with IP addresses that are not within their network.

Botnets spoof IP addresses to make if harder to track down the bots. But the IPS know where the bots are and could kill them, or filter them, if they had the testicles to do it. By pass the spoofed IP addressed traffic they make it harder for the rest of the world to filter the bots.

Botnets would be a heck of a lot easier to filter, and choke, if valid IP addresses were forced on all traffic.

Re:Request

[rbochan]

The major ISPs are the problem...

A few months back, I did some work for some folks hat were getting phone calls and actual snail mail from their ISP (rhymes with load gunner) telling them to take their computer off line and have it repaired. The ISP actually did cut them off, because their machine was saturating the line all the time as a spambot and as a server for other bot infections.
The major ISPs will do it, but only if it's already costing them $$ in bandwidth.

Re:You Are Required by Law

[Watson+Ladd]

It's easy to tell that you have a rabid dog, a toxic waste spill, a bad phone line. It's hard to tell if your computer is part of a botnet, esp. if you only have 1 and your ISP is uncooperative. Also, insecure computers don't join botnets by themselves, they get hacked. Saying the owner needs to fix it is going to lead to a lot of outcry about how people who don't understand computers are getting jailed for something they aren't responisible for. They won't get one iota of sympathy from me, but all other lusers will oppose these laws.

What about a broadband users license?

[bdwoolman]

There are ham licenses, Why not license high-speed access in some way? It is also powerful. The process does not have to be hard, but at least one person, say, at home or in the SOHO should demonstrate he or she knows how to secure the computer (to some minimal standard) and keep it that way before a broadband install is allowed to the address. You can create all the fine security software and solid OSs you want, but unless the users are clued in then it is hopeless. The bar does not have to be set that high. But there is nothing like a license to motivate a little learning.

Or at least require ISPs to provide minimal security training to their broadband customers. As has been said: Most infection is self inflicted through ignorance. Some people might welcome the chance to learn. I know I did not want to scuba dive without some training. A lot of parents would be motivated to learn about filtering software etc. A license should be grandfathered in of course. This problem will worsen in direct proportion to bandwidth. And certainly there should be citizens' band speeds. (TBD)

People might grumble, but if it is sold as a community responsibility a license track might fly. Most (well, many) people are motivated by a sense of community responsibility. I had a young friend whose computer was a viral soup. Infected beyond redemption. Ruined. I reinstalled Windows for her, which cleaned up the mess, but she was resistant to the idea of anti-virus software because she claimed she did not do anything serious with the computer and did not want to hassle. Her current mess had taken years to build. And, she asked, couldn't she just redo the box again when it tanked? But I pointed out to her that it wasn't just her that suffered, it was the whole community that suffered when she left her computer vulnerable. (I explained a little about bots) The idea that she could be hurting others through inaction really upset her (she had never thought it through) and so we were downloading Zonealarm, AVG and AdAware in no time. In the end she bought a subscription to a suite. McAfee I think.

Before anyone starts screaming about rights and freedoms being taken away, please think about this: A license is a way that a civil society makes its members accountable, from food vendors to electricians. I am less free because of all the bots out there. If people can't get on the highway without demonstrating some knowledge, Why should they get on the information highway in a state of ignorance, especially now that we are banking and shopping there?