Bot Infestations Reach Nearly 1.2M

← Back to Stories (view on slashdot.org)

Bot Infestations Reach Nearly 1.2M

Posted by ryuzaki0 on Thursday March 22, 2007 @01:47PM from the worried-inboxes-everywhere dept.

mengel writes "According to the folks at SecurityFocus the number of bot-infested systems has surged to nearly 1.2 million. This after a big drop in December when lots of people replaced/upgraded systems. Time to upgrade your spam filtering software, the onslaught is coming."

4 of 194 comments (clear)

Min score:

Reason:

Sort:

Tweaking liability laws by Harmonious+Botch · 2007-03-22 13:50 · Score: 5, Insightful

These bots could be greatly limited with proper tweaking of liability laws. Under current laws, if I leave a pool or a car unsecured and somebody else gets injured or killed, I can be found totally or partially liable. But if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear.
1. Re:Tweaking liability laws by Watson+Ladd · 2007-03-22 13:52 · Score: 5, Insightful
  
  It would be hard to determine what constitutes appropriate security. And how are you supposed to know about a zero-day or a subtle misconfiguration? A pool is easy to secure. A car is easy to secure: Both have small threat models and physical protection is all you need. A computer is much harder to secure.
  
  --
  Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
2. Re:Tweaking liability laws by mrbluze · 2007-03-22 14:14 · Score: 5, Insightful
  
  if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear
  But if you have a car which injures people because the manufacturer put in lousy breaks, lousy locks, lousy steering etc, then the car manufacturer is in trouble, right?
  
  Whilst I agree with you, the liability laws need changing, "reasonable" attempts at securing a Windows PC (eg: using antivirus software) have proven to be a waste of time, so the onus should be on the manufacturer.
  
  --
  Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
An easy fix by davmoo · 2007-03-22 14:58 · Score: 5, Insightful

In another reply I saw someone suggest ISPs sending automated snail mail notices to users who's machines have been owned.

I'll go one better. Cut the fucking thing off the net until the user fixes the problem.

I fail to see why it seems to hard to detect these things. When an ISP sees a machine go from sending out 4 or 5 emails a day to spitting out thousands of emails every hour, it should be obvious there's a problem.

Also, close the damn mail ports off. If a customer wants to host their own email server at home, fine...but make them call in and request that the port be opened. And make it clear that if their machine gets owned, they get cut off and fined before access will be reconnected.

And finally, spam has been a problem for years...how come the MTAs haven't been rewritten to not allow header forging, etc, in all that time? Isn't this supposed to be one of the big advantages of open source and open protocols?

--
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.