Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Worm "Families" Make Up Most Botnets

Posted by ryuzaki0 on from the why-can't-they-fight-eachother-instead-of-us dept.

JMoon writes "HNS has an article about the Sdbot and Gaobot families which are responsible for most botnets worldwide. These two families were responsible for 80 percent of detections related to bots during the first quarter of 2007. Other culprits, although on a much lesser scale, included Oscarbot, IRCbot or RXbot."

4 of 176 comments (clear)

  1. And that won't change soon by Opportunist · · Score: 5, Informative

    Recently, I had to put an SP1 WinXP online to demonstrate that it's (still) insecure to do that. I was expecting that the blaster menace has somewhat dwindled since its outbreak, simply 'cause it's been a while since its outbreak.

    Boy, was I wrong!

    It took 10 seconds for the FTP to go berserk, a minute later I was a happy member of the still strongly going family of wormspreaders.

    People simply don't update their systems. It's amazing, that thing is afaik about 5 years old now, and still there are a LOT of machines existing that still blow the worm through the net.

    We're not talking about an unfixable problem, or at least one where the user has to be dumb enough to open the can for the worm (ok, bad pun). It's as simple as updateing to SP2, something that works automatically.

    You actually have to disable MS Messenger to at least cease to get those annoying popup messages, so why can people disable that but not update their systems? That's simply beyond my comprehension.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Make a CD by davidwr · · Score: 5, Insightful

    If you are stuck with dialup, get a friend to download the SP2 CD and burn it for you.

    If you have DSL or Cable and nothing else on your LAN is infected, your NAT or other firewall should protect you from "out of the box" threats. As long as you stick to known-safe web sites like windowsupdate and most security-software vendors, you should be OK long enough to get updated.

    What's that? You are on DSL or Cable and do NOT have a firewall? Spend a few bucks and get one!

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  3. There's a reason for that. by Spazntwich · · Score: 5, Informative

    SDBot is incredibly popular because it's open source and easily modified to sneak past most AV software with minor changes. It also has an extremely wide array of features, and tends to be very reliable.

    People without the knowledge to code their own trojan/bot from scratch will naturally gravitate towards tools which allow them to make their money more easily, and it's a real time saver.

    Or so I hear.

  4. Re:Non Windows Bots by Anon-Admin · · Score: 5, Interesting

    I don't think those are bots.

    I noticed my servers SSH port being hit a few years ago. I moved it to another port, locked the port down, then set up an SSH honey pot on the standard port. The honey pot attempts to ID people from programs using a verity of methods such as space between key strokes and use of the backspace or delete key.

    I found that once the attacking software appeared to have access to the server, A person would login and check it out. Most of them attempted to use wget to dump a root kit onto the server. I have grabbed copies of the software they attempt to down load and checked it out.

    It normally consists of a root kit, network scanner, packet sniffer, and the scanning software to scan and hack SSH.

    I think these are wannabe hacker kids trying to get in.