Slashdot Mirror
Botnet on Botnet Action
Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."
Never let CmdrTaco come up with headlines after a night of watching girl-girl porn... the images created are... disturbing...
GetOuttaMySpace - The Anti-Social Network
so little time.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Got a good couple 404 error from slashdot on this page before anyone had commented, I thought the bots had a foothold.
that is some strange evolution going on. it seems that some of the porn spam bots have learned how to spam slashdot with story title submissions
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
In a dark area of Brooklyn, servers have a standoff wearing their bandanas, willing to die for their turf.
"We are better with patches", says GlobalBot international server.
InterSearchBot united server sneers, "PATCHES!?... WE DON' NEED NO STINKING PATCHES!"
"Please, shut up. Just when I think you can't say anything more stupid, you speak again." -Archie Bunker.
...the botnet creaters are trying to make their botnets more secure, and prevent other botnets from taking over the host? I'm not sure whether this is good or bad. The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?
x86, oh yes, I'm pro.
This was predicted in the past, but here's one of the roadmaps:
- iw/iw.htm
http://www.iwar.org.uk/iwar/resources/treatise-on
Quite a lot of reading, but its not too bad. Seems like all that is happening is that the crooks are catching up with the research faster than the commercial people are.
The time when there was still a market to grow into with botnets is over. The big surge of new, clueless morons filling the net is slowly coming to an end, and even the morons now start using firewalls and AV tools (still no brains, but hey, I'm already happy with small steps).
So the maximum amount of machines to have is pretty much reached. Now the battle for the precious dimwits started. Well, it started some time ago, but we now get a lot of bot malware that actually tries to kick out the competition.
What for, one may ask. Why the overhead? I mean, what's wrong with 2 competing botnetters controlling a computer?
Bandwidth. You can only pump so much spam out of a machine with a given bandwidth. If two try that at the same time, they have to share. And sharing is not really a trait of a botnetter.
So, let the games for the herd begin. If anyone's looking for me, I'm in the lobby getting popcorn.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I think this one oneupmanship is very good. Sure bots are bad but if we look at a virus they are now developing a symbiotic relationship with the hosts. How long until they become indispensable to the security unconscious consumer. Sorta like how bacteria evolved into helping the organism it inhabited. Very interesting to see where this will ultimately lead.
"Begun, this bot war has"
In a robotic female voice:
"Take this ... and that ... and one of these ..."
All we need is to build a botnet capable of hunting down and destroying other botnets... or perhaps converting them? Kind of the Internet equivalent of an evangelist...
GetOuttaMySpace - The Anti-Social Network
This is laughable for you who grows upsward in a suburb with no real problems or life challenges but i've been a botnets sexual object. it is confusing in childhood to have affection and torment from same thing, your botnet. new laws are needed.
*Cues West Side Story finger snapping*
If i had one dollar for every brain you dont have, i would have $1.
With all the punk 1eet programers out there, you would think that someone would spend time writing this instead of silly viruses.
I am tired of having pop-up advertisements beat my pop-up blocker.
excitingthingstodo.blogspot.com
and it has nothing to do with what users do other than use Windoze.
Friends don't help friends install M$ junk.
How long until a botnet become sentient and decides eradicate humanity? ;-)
I keep telling people those Windows machines are dangerous. This puts them on a whole new scale.
http://www.dieblinkenlights.com
From a longtime Windows luser (i.e. lots of use, little technical experience):
Could someone explain why it is important that ports are closed?
From my heuristically driven mind: If a computer is infected, why wouldn't a bot simply check which of the ports are open and pick one of those? And if a computer is not infected, closing ports should not prevent infection from malware or web pages that the user installs.
The only situation I can see would be one where seemingly the 'infector' shoots blindly towards one specific port on a random IP without any user intervention, and manages to infect it. Is this usual?
As the the human casualties mounted, a horrific peripheral effect of Computer combat, we couldn't help wondering what the world could have been.
It's "PLOAF," not "P-LOAF." Ask about it.
"Hawt Botnet on Botnet Action". With links to robot porn.
Best Slashdot Co
Forget anti-virus or malware vendors. We'll just admit that we live in the wild west/various mob ruled internet. How long do you think that it'll take them to figure out that they might be able to shack down the owners of those PCs for say a $30 a year "protection" fee from other anti-virus/anti-malware/ general evil spreading software products?
-
Cheesy Quotes! 5 Bucks, get your Cheesy Quotes!
If botnet A installs patches 1,2 & 3, and botnet B simultaneously installs patches 4, 5, & 6, could the target machines be completely immunized after the next reboot?
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
All I could think of when reading this headline was Buck Rogers in the 25th Century. Specifically the second season, when they introduced Twiki's robot girlfriend. You know, the one who said "bootybootybooty," instead of "bidibidibidi."
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Reminds me of Phillip K. Dick's "Second Variety," where the robots evolved first into killing their human masters, then into killing one another.
SJW: Someone who has run out of real oppression, and has to fake it.
Bow chicka bow wow...
This sort of reminds me of John Barnes "Meme Wars" books. Except that the botnets are fighting over our computers instead of our minds. I'm wondering if it will get to the point where people will actively choose to infect their computer with one particular botnet or another if they find that that particular one interferes the least with their particular usage. At least you would know what your computer is infected with and that will keep the other garbage out.
Would one of you /. geniuses please discover a manual config of this idea so that we can breed an army of WinMules that can't reproduce any more bots?
The irony would be delicious.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Botnets who like guns
Botnet mud wrestling
Botnet suicides
Botnet - Revolutions
How I learned to stop worrying and love the botnet
With profits already dwarfing that of the global drug business, there is every incentive for these tech savvy mafias to continue their heavy investment in improving their infrastructure. Most people in IT do not even yet realise the scope of the threat we are facing.
A lot of disputes in the old wild west arose from open ranges, where "anyone" could graze. In practice it led to nasty disputes and illegal attempts to fence off ranges. I reckon it might be amenable to economic approaches.
Classical Liberalism: All your base are belong to you.
This sounds an awful lot like how Skynet might get started.
"No, no, no, don't tug on that! You never know what it might be attached to."
Almost everything you said is partly correct in some limited cases.
Some of the browser exploits don't require a user to allow the wrong thing nor visit an obviously bad web site. "Good" web sites get cracked and used as distribution vectors. Exploit chains are created such that malware can get on the box as an ordinary user, then elevate to super-user status by taking advantage of a local privilege escalation vulnerability. The amount of worm traffic probing around the internet, and the continual new versions of botnets with worm capabilities seem to indicate that remote execution holes have not been abandoned as a propagation vector.
Except in cases where they are seeking data from particular sources (confidential information, plans to fighter jets, government documents, millions of credit card numbers, etc.) botnet masters don't seem to much care about the nature of the systems they infect. They are clearly a mixture of home users, corporations, and government agencies.
Finally, it may be popular wisdom, but it really isn't clear at all that Windows market share causes botnet masters to ignore other platforms. Particularly in the last couple years it has become clear that cost/benefit analysis drives botnet technology. If it were easier to infect and own Mac OS X, there are over 20 million of them around, far more than the number needed to spam the bejeezus out of the entire planet. It's the number of bots needed by a botmaster that's important to their cost/benefit analysis. If they could own 10,000 Mac OS X systems at a lower cost than owning 10,000 Windows systems, they would do it tomorrow.
If you mod me down, I shall become more powerful than you could possibly imagine.
GTA: Botnets
A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.
If you mod me down, I shall become more powerful than you could possibly imagine.
Somebody should write worms that infect, propagate, and then kill/wipe the host. Maybe the cleanup/restore required will result in a more secure machine.
Bigtime Consulting - "We're the best because we cost the most"
Hmm... I suppose that if an open source effort were orchestrated and hosted from a non-extradition country, such a botnet fleet could be designed and maintained without running afoul of this law. The idea still has a number of other problems, not least of which is that it's not clear how R&D would be funded. Botnets are evolving rapidly due to the influx of R&D money. The Anti-botnet won't benefit from revenue generated by stolen credit card numbers, data stolen and then sold to corporations and governments, and SPAM.
If you mod me down, I shall become more powerful than you could possibly imagine.
as a West Side Story-style spontaneous but well-choreographed, complex dance-and-song number. I'm pretty sure that's just me, however.
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
What I'd like to see is a map of IP addresses, perhaps by provider, with the "turf" colored by type of infection. That would be awesome.
It's low cost and high payoff. A machine can scan 24/7/52. If your box is vulnerable, it WILL be found.
That's because the attacks are automated. They aren't specifically including or excluding any addresses (email or IP).
That's because the people spouting the "popular wisdom" do not understand security. Which is understandable because most people don't understand security.
Windows is exploited the most because Microsoft has, in the past, opted for a less secure security model so that Microsoft OS's and apps could be more "user friendly".
Everything was open, by default, on all systems.
Even today Microsoft is focusing on putting a firewall on the box instead of closing the ports.
Even if Ubuntu and Microsoft and Apple each had 1/3rd of the market, Microsoft would still be exploited more because of those decisions.
the botnet has you.
Most ports on desktop computers are only opened to specific machines while you're uploading or downloading some data
Except, of course, on hosts running modern versions of Windows, which is what started the first waves of botnet infection in the first place.
Microsoft has "fixed" this by installing a software firewall to block these ports, but they're still all open. Every Windows-running desktop on the planet (with the exception of the remaining 9x boxes) is essentially running itself as a server.
As to why I bring this up: it's a lot easier to compromise a firewall application than it is to get a TCP/IP stack to accept connections on closed ports (has anyone ever managed to do this, incidentally?).
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
For the folks discussing having 'good' botnets, does anyone remember the Nachi worm? It's purpose was to use the same Windows RPC DCOM vulnerability that Lovesan (an 'evil' worm) used. It would then kill the lovesan processes and download the necessary patches from M$ to prevent further re-infection. It would then search out network segments for other machines to 'fix' Nice in concept, but the amount of network traffic that this created when it was in search mode would overwhelm closet switches in a decent sized LAN environment (minded, Lovesan did as well...). A company I was with had a branch office whose network manager was slow on patches. They got infected with both worms successively. While Nachi wiped out Lovesan (eventually), the office network was still useless until Nachi was cleaned off as well. Relying on autonomous software outside of your control to randomly secure machines is a bad idea.
Because it is much easier to extinguish the light around you, than to fight the darkness within you.
Wow. Distributed Core Wars.
Ali Baba?
at the risk of being a karma whore, here's the article without ads http://www.darkreading.com/document.asp?doc_id=122 116&print=true
Cisco self-defending network is goaled to just that;
t p%3A%2F%2Fwww.cisco.com%2Fgo%2Fsdn%2F&ei=7Q0pRtToI Ki2igHx_5mLAw&usg=AFrqEzd4QZQnJHghofcLklFEObpXpaH5 ww&sig2=FUeImc-mn6XBWm6_bGCk3w
http://www.google.com/url?sa=t&ct=res&cd=1&url=ht
In a nut shell, it'd drop the connections of infected hosts.
Long term, if this gets into all routers/switches/AP's, then when someone with a zombie plugs into the network, they will not create as much garbage traffic as they do today.
In full disclosure, I own Cisco stock.
If these bots evolve, whats to stop them from ordering new hardware for themselves? Then they'd set it up and the new machine orders new machines. The morons on the web might be saturated but stealing their money and buying more bot computers likely has a future. I'm picturing that episode of X-files that Gibson helped with - the trailer in the middle of nowhere with a whack of T3s going into it. More likely if they got really intelligent, they'd take over a small carribean island. No wait, thats meatworld speak. They'd go for a wintery climate that never lost power.
You want what? by when? Sorry we haven't finished the time travel project yet... that's next week.
Hello... hello, you're from the year 2003 you say? And this story on today's front page of Slashdot was old news then? Wow.
Hawt Botnet on Botnet Action!
I see your informative link, and raise you a pithy comment.
A good deed never seems to go unpunished. Morris tried to make people aware of the lax security on the internet. So maybe he botched the timing constant. They nailed him good for all his best intentions.
My other car is a 1984 Nark Avenger.
You may safely assume that a business server is administrated by someone who has at least half a clue and uses security features, no matter how lenient, so the consumer is the core target group for botnetters.
Having worked for a fortune 100 company and later done Windoze upgrades for another, I can say that assumption is anything but safe. It had nothing to do with the users and everything to do with OS choice. The admins worked hard but it was all a waste of time regardless of the amount of money they spent. Smaller companies might be expected to fare better due to their freedom, independence and brain power, but they don't. Windows and all closed source "security" is just so much voodoo. If you don't want to take my word for it, you can read about some recent big dumb company exploits here.
Friends don't help friends install M$ junk.
I don't know if anybody has done a survey to figure this out for other platforms, but I've seen a couple different sources suggest that as many as 20% of home user systems running Windows are actually infested with malware. I've seen large organizations that has ambient infestation rates as high as 11% to 15%, even running an industry leading antivirus. The pool of potential targets might be larger than you expect. Also, any zero-day (or really any number of days before a patch is available) attacks will have a potential target pool as large as the entire population.
If you mod me down, I shall become more powerful than you could possibly imagine.
Regarding IE, well, yes, it has historically had more holes than any other browser, but a zero day hole in Safari just won a guy a laptop yesterday. The niche status of a platform isn't security. Actually a programmatic approach will generally be close to 100% efficient for the target population vulnerable, whereas social engineering must be very, very clever to fool more than a few percent of the exposed users, and extremely clever to get into the half-to-all range. Of course, if you SPAM enough people with the attempt, social engineering only needs to work on a small percentage to yeild a nice botnet fleet.
If you mod me down, I shall become more powerful than you could possibly imagine.
I agree. The goal of a benign "good" worm, however, is to patch systems that are outside of your control and may not otherwise get patched, which may be affecting you or your network.
Most of the other claims in the original post are not really controversial at all. This particular claim may have been overstated, but perhaps not. I haven't seen figures which total up the economic impact of malicious software, but I wouldn't be at all surprised if it was in excess of $100 billion dollars per year, if you total the damages, profits to the bad guys, cost to the good guys, and money spent on security products and consulting which might otherwise be spent on something more productive. Then decide if one should discount the official UN estimates for the drug trade, which may arguably be considered to be overstated by most governments for political reasons. Those two markets might not be as far apart as you intuition tells you. If you then add all the grey-market activity from advertising which drives spam, you might exceed handily the drug trade. Most likely not, but the botnet market is probably larger than most people would guess.
In any case, well funded organized crime groups control both markets. Maybe it's really a single market.
If you mod me down, I shall become more powerful than you could possibly imagine.