Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bot Infestations Reach Nearly 1.2M

Posted by ryuzaki0 on from the worried-inboxes-everywhere dept.

mengel writes "According to the folks at SecurityFocus the number of bot-infested systems has surged to nearly 1.2 million. This after a big drop in December when lots of people replaced/upgraded systems. Time to upgrade your spam filtering software, the onslaught is coming."

10 of 194 comments (clear)

  1. Tweaking liability laws by Harmonious+Botch · · Score: 5, Insightful

    These bots could be greatly limited with proper tweaking of liability laws. Under current laws, if I leave a pool or a car unsecured and somebody else gets injured or killed, I can be found totally or partially liable. But if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear.

    1. Re:Tweaking liability laws by Watson+Ladd · · Score: 5, Insightful

      It would be hard to determine what constitutes appropriate security. And how are you supposed to know about a zero-day or a subtle misconfiguration? A pool is easy to secure. A car is easy to secure: Both have small threat models and physical protection is all you need. A computer is much harder to secure.

      --
      Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
    2. Re:Tweaking liability laws by gregleimbeck · · Score: 5, Funny

      If my unsecured computer causes somebody to get injured or killed, I will take responsibility. OTOH, if my car starts spreading malware and spamming, you're SOL.

      --

      P.S.,

      This is what part of the alphabet would look like if Q and R were eliminated.

    3. Re:Tweaking liability laws by mrbluze · · Score: 5, Insightful

      if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear

      But if you have a car which injures people because the manufacturer put in lousy breaks, lousy locks, lousy steering etc, then the car manufacturer is in trouble, right?

      Whilst I agree with you, the liability laws need changing, "reasonable" attempts at securing a Windows PC (eg: using antivirus software) have proven to be a waste of time, so the onus should be on the manufacturer.

      --
      Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
    4. Re:Tweaking liability laws by mrbcs · · Score: 5, Interesting

      I work for a small ISP and that's exactly what we do. You get two strikes. First is a warning to clean up your machine and put on antivirus software. Next time, we kick you off the network and terminate your account. Problem totally solved. We've had two people get the first warning. None kicked yet.

      --
      I'm not anti-social, I'm anti-idiot.
  2. Hmmm.... by groovemaneuver · · Score: 5, Funny

    This must be related somehow to Windows being the most secure operating system... :p

    1. Re:Hmmm.... by glittalogik · · Score: 5, Funny

      Damn those 1.2 million Linux users! Bloody hell, when will they learn?

  3. All those bots must be coming from by Steve--Balllmer · · Score: 5, Funny

    all those Linux and OS X systems, since Symantec says Windows is the most secure operating system.

  4. Re:Battle is now greylisting versus IP address spr by Anonymous Coward · · Score: 5, Interesting

    The IP address spread is fairly simple to understand. If you have 100,000 zombie PCs with 100,000 IP addresses, then clearly you can send 100,000 pieces of spam without ever using the same IP address twice. That makes the honeypot database of greylisting useless, since I rely on waiting to see a given IP address send email to a known "bogus" email address to correctly identify that IP address as a spammer (in the short term, at least).

    That isn't greylisting at all (though it is useful against spam).

    Greylisting is giving a "new" incoming SMTP connection a 400-series error message the first time they try to send email to you. A 400-series error means a temporary problem - please try again. When they try a second time they try to send email, you accept.

    Since all legitimate email servers will retry when they get a 400-series error, a legitimate message will go through, at a cost of a time delay.

    However, most spammers don't bother retrying (although some do), so you can block a lot of spam with greylisting, with very little bandwidth or CPU cost.

  5. An easy fix by davmoo · · Score: 5, Insightful

    In another reply I saw someone suggest ISPs sending automated snail mail notices to users who's machines have been owned.

    I'll go one better. Cut the fucking thing off the net until the user fixes the problem.

    I fail to see why it seems to hard to detect these things. When an ISP sees a machine go from sending out 4 or 5 emails a day to spitting out thousands of emails every hour, it should be obvious there's a problem.

    Also, close the damn mail ports off. If a customer wants to host their own email server at home, fine...but make them call in and request that the port be opened. And make it clear that if their machine gets owned, they get cut off and fined before access will be reconnected.

    And finally, spam has been a problem for years...how come the MTAs haven't been rewritten to not allow header forging, etc, in all that time? Isn't this supposed to be one of the big advantages of open source and open protocols?

    --
    I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.