Bot Infestations Reach Nearly 1.2M

← Back to Stories (view on slashdot.org)

Bot Infestations Reach Nearly 1.2M

Posted by ryuzaki0 on Thursday March 22, 2007 @01:47PM from the worried-inboxes-everywhere dept.

mengel writes "According to the folks at SecurityFocus the number of bot-infested systems has surged to nearly 1.2 million. This after a big drop in December when lots of people replaced/upgraded systems. Time to upgrade your spam filtering software, the onslaught is coming."

16 of 194 comments (clear)

Min score:

Reason:

Sort:

Tweaking liability laws by Harmonious+Botch · 2007-03-22 13:50 · Score: 5, Insightful

These bots could be greatly limited with proper tweaking of liability laws. Under current laws, if I leave a pool or a car unsecured and somebody else gets injured or killed, I can be found totally or partially liable. But if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear.
1. Re:Tweaking liability laws by Watson+Ladd · 2007-03-22 13:52 · Score: 5, Insightful
  
  It would be hard to determine what constitutes appropriate security. And how are you supposed to know about a zero-day or a subtle misconfiguration? A pool is easy to secure. A car is easy to secure: Both have small threat models and physical protection is all you need. A computer is much harder to secure.
  
  --
  Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
2. Re:Tweaking liability laws by gregleimbeck · 2007-03-22 13:57 · Score: 5, Funny
  
  If my unsecured computer causes somebody to get injured or killed, I will take responsibility. OTOH, if my car starts spreading malware and spamming, you're SOL.
  
  --
  P.S.,
  
  This is what part of the alphabet would look like if Q and R were eliminated.
3. Re:Tweaking liability laws by mrbluze · 2007-03-22 14:14 · Score: 5, Insightful
  
  if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear
  But if you have a car which injures people because the manufacturer put in lousy breaks, lousy locks, lousy steering etc, then the car manufacturer is in trouble, right?
  
  Whilst I agree with you, the liability laws need changing, "reasonable" attempts at securing a Windows PC (eg: using antivirus software) have proven to be a waste of time, so the onus should be on the manufacturer.
  
  --
  Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
4. Re:Tweaking liability laws by mrbcs · 2007-03-22 14:23 · Score: 5, Interesting
  
  I work for a small ISP and that's exactly what we do. You get two strikes. First is a warning to clean up your machine and put on antivirus software. Next time, we kick you off the network and terminate your account. Problem totally solved. We've had two people get the first warning. None kicked yet.
  
  --
  I'm not anti-social, I'm anti-idiot.
5. Re:Tweaking liability laws by 1u3hr · 2007-03-22 14:44 · Score: 4, Insightful
  
  These bots could be greatly limited with proper tweaking of liability laws.
  There are hundreds, perhaps thousands, of known spammers in the US. (See the ROKSO list, eg.) Barely a handful are ever prosecuted. One or two have been sentenced, trumpeted here as a victory against spammers, but really showing that being caught and punished for deliberate spamming is a very rare event. Considering that, what could a "negligent" spammer get?
  ISPs can easily detect and cut off spam spewing robots. They have the right to do so in their TOS, but are just too complacent or perhaps concerned they'd have to deal with hundreds of clueless users complaining about it.
6. Re:Tweaking liability laws by penix1 · 2007-03-22 15:30 · Score: 4, Interesting
  
  Although it gives you a "warm fuzzy feeling"(TM) that your company isn't contributing to the bot problem, too many kicks and you soon have no customers. All that you are doing is forcing that customer to go to an ISP that won't give them the boot. It does nothing to actually solve the problem.
  
  An alternative would be instead of cutting them off completely, offer them an antivirus solution. Although I hate them, this is what companies like AOL and NetZero are doing.
  
  B.
  
  --
  This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
Hmmm.... by groovemaneuver · 2007-03-22 13:51 · Score: 5, Funny

This must be related somehow to Windows being the most secure operating system... :p
1. Re:Hmmm.... by glittalogik · 2007-03-22 13:53 · Score: 5, Funny
  
  Damn those 1.2 million Linux users! Bloody hell, when will they learn?
All those bots must be coming from by Steve--Balllmer · 2007-03-22 13:52 · Score: 5, Funny

all those Linux and OS X systems, since Symantec says Windows is the most secure operating system.
Re:I, For One... by miro+f · 2007-03-22 14:49 · Score: 4, Funny

How long before these bots link up and become nodes in a larger network? At that point they store information, react to direct stimulus and transmit to the rest of the network. Each cell might be relatively simplistic, with no goals other than self-preservation, replication and transmission of data to the other nodes. Surely, there will be fitness rewards for a node that behaves in a certain way? With a billion of them, I wonder what potential would be for emergence?

translation: Imagine a beowolf cluster of those!

--
being vague is almost as cool as doing that other thing...
Re:Battle is now greylisting versus IP address spr by Anonymous Coward · 2007-03-22 14:53 · Score: 5, Interesting

The IP address spread is fairly simple to understand. If you have 100,000 zombie PCs with 100,000 IP addresses, then clearly you can send 100,000 pieces of spam without ever using the same IP address twice. That makes the honeypot database of greylisting useless, since I rely on waiting to see a given IP address send email to a known "bogus" email address to correctly identify that IP address as a spammer (in the short term, at least).

That isn't greylisting at all (though it is useful against spam).

Greylisting is giving a "new" incoming SMTP connection a 400-series error message the first time they try to send email to you. A 400-series error means a temporary problem - please try again. When they try a second time they try to send email, you accept.

Since all legitimate email servers will retry when they get a 400-series error, a legitimate message will go through, at a cost of a time delay.

However, most spammers don't bother retrying (although some do), so you can block a lot of spam with greylisting, with very little bandwidth or CPU cost.
An easy fix by davmoo · 2007-03-22 14:58 · Score: 5, Insightful

In another reply I saw someone suggest ISPs sending automated snail mail notices to users who's machines have been owned.

I'll go one better. Cut the fucking thing off the net until the user fixes the problem.

I fail to see why it seems to hard to detect these things. When an ISP sees a machine go from sending out 4 or 5 emails a day to spitting out thousands of emails every hour, it should be obvious there's a problem.

Also, close the damn mail ports off. If a customer wants to host their own email server at home, fine...but make them call in and request that the port be opened. And make it clear that if their machine gets owned, they get cut off and fined before access will be reconnected.

And finally, spam has been a problem for years...how come the MTAs haven't been rewritten to not allow header forging, etc, in all that time? Isn't this supposed to be one of the big advantages of open source and open protocols?

--
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
1. Re:An easy fix by metlin · 2007-03-22 16:07 · Score: 4, Insightful
  
  In another reply I saw someone suggest ISPs sending automated snail mail notices to users who's machines have been owned.
  
  I'll go one better. Cut the fucking thing off the net until the user fixes the problem.
  That's not really fair.
  
  Most users are not technically sophisticated to do anything, even if they were told that their computers were affected.
  
  Computers and the internet are far too prevalent today to simply cut somebody off because their boxes were compromised. If you must, blame the manufacturers for designing systems that can so easily be taken over by bots and viruses.
  
  Most people don't really care, because to them the computer is just like the TV or the microwave - a tool that lets them do something. If the tool gets messed up and causes problems because of something, they can't be held responsible because face it, they have no clue whatsoever. If you are designing a system that you think even an idiot can use, then make sure that it is idiot-proof.
  
  But companies want to sell $OS to your grandma, but do not want to take responsibility for what happens when things go to hell. If you are selling something to grandma, make it grandma-proof. She will open attachments, she will not have a clue about what's out there on the web -- if you are selling her a tool, make sure that it is protected against the mistakes she most likely will make.
  
  Somehow, in the software industry, it is considered acceptable to call the users idiots and let go. Now here's the thing -- even some of the very smart people have trouble using computers simply because it is not their thing. Not everybody can be a computer geek, and nor should they expected to be.
  
  If anything, the software manufacturers should be held responsible. Stop blaming the users already, please.
Re:Computer bots by Technician · 2007-03-22 17:18 · Score: 4, Funny

How does one know if their computer (or relative's, etc.) is infected by a bot? Are there special diagnostic tools for that?

There are 3 things to look for.
1 Is it running Windows?
2 Is it connected to the Internet?
3 Has it been on for more than 20 minutes?

--
The truth shall set you free!
Re:Open Source Virus Protection by Gareth+Williams · 2007-03-22 17:45 · Score: 4, Insightful

I run a gnu/linux based operating system, and I don't forsee that I will ever run antivirus software on it. Yes, even if people actually start writing viruses that target it.

I don't look at automated breaches of security as any special case. A security breach is a security breach. Crack attempts, spyware, adware, malware, viruses, trogans, blah blah... it's all the same problem: stopping unauthorised code running on your machine.

If my mail client has a bug that allows remote code execution, the mail client is faulty and must be patched. If my browser has a bug that allows a remote site to snatch files off my local filesystem, then my browser is faulty as must be patched. If I, FSM forbid, stupidly download and run some malicious application then I am faulty and must be "patched".

I have all non-essential services turned off, I run a firewall, I keep all my applications up to date with security patches, and I only install software from my distribution's repositry.

I don't care how much money they are making for some big security companies, these "anti-virus" applications that people are so obsessed with running on windows are just an ambulance at the bottom of the cliff.

There is something fundamentally flawed with the idea of waiting until your security has already been breached and then trying to clean up after the fact. Once it's breached that's it, game over - reformat, reinstall O/S, and replace data with last known good backup.

--

--Gareth