Slashdot Mirror
Botnet on Botnet Action
Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."
You were thinking of a clusterfuck too?
home
This was predicted in the past, but here's one of the roadmaps:
- iw/iw.htm
http://www.iwar.org.uk/iwar/resources/treatise-on
Quite a lot of reading, but its not too bad. Seems like all that is happening is that the crooks are catching up with the research faster than the commercial people are.
and it has nothing to do with what users do other than use Windoze.
Friends don't help friends install M$ junk.
Desktop systems are usually not as highly protected on the inside as server systems (alas) so having a firewall that blocks off server ports "Just In Case" is a good plan.
(And yes, I've left out lots of detail from this potted explanation.)
"Little does he know, but there is no 'I' in 'Idiot'!"
I can tell you in advance, without charge, where this will lead. Just like a disease vector, these machines will continue to be used by the botnet masters to infect other machines, spread SPAM, steal the very machine owner personal data and, in general, obfuscate illegal activities.
I don't know from where people commenting this article got the idea that having only one "infection" that don't totally destroy the machine is a good thing, even for the machine owner. Actually, it is very worse, because if people don't notice any different behavior they will not worry to fix the machine, even if they know about the infection. And in the end of the day, they will be the first to lose their money in some scam that they inadvertently help to spread.
People don't infect machines nowadays on the evilness of their hearts, only to wreak havoc or for bragging rights, not anymore. Now they do it for profit, it is organized crime that is happening there. Have no illusions about it.
Yes, but they still have those two botnet's so they are not secure.
Extreme Programming - Redundant Array of Inexpensive Developers
It's illegal. Botnets constitute several levels of fraud in that they a. install software without your consent; b. steal your bandwidth to copy themselves; and c. then use your computer to commit some other crime.
c. would not be done by a "good" botnet, but a. and b. would. Even if all the hijacks came from a commercial server set up for it, a. would be violated. If you think click-through EULAs are invalid...just imagine the invalid-ness of a botnet install.
This sig has not been evaluated by the FDA. It is not designed to diagnose, treat, prevent, or cure any disease.
Because regardless of your intentions, it would still run afoul of the Misuse of Computers Act 1990.
Je fume. Tu fumes. Nous fûmes!
Hmm, I don't think this has been thought through properly. (regardless of the insightful mod) Just because you've patched up the security hole on the host computer doesn't mean you can't still send stuff out. And of course, it's less than trivial to build in a time delay before the bot patches security holes and terminates itself, during which time it infects as many PCs as it can - so if, by some mechanism, the way you got in is related to the way you're sending yourself out, it would still work.
im in ur
For the folks discussing having 'good' botnets, does anyone remember the Nachi worm? It's purpose was to use the same Windows RPC DCOM vulnerability that Lovesan (an 'evil' worm) used. It would then kill the lovesan processes and download the necessary patches from M$ to prevent further re-infection. It would then search out network segments for other machines to 'fix' Nice in concept, but the amount of network traffic that this created when it was in search mode would overwhelm closet switches in a decent sized LAN environment (minded, Lovesan did as well...). A company I was with had a branch office whose network manager was slow on patches. They got infected with both worms successively. While Nachi wiped out Lovesan (eventually), the office network was still useless until Nachi was cleaned off as well. Relying on autonomous software outside of your control to randomly secure machines is a bad idea.
Well, that certainly sounds like you're trying to be inflammatory, but I'll bite.
A trojan is a specific type of program that masquerades as one thing, but is in fact another. The original attack was most definately a trojan. As such, I can only assume that either a) the owner of the machine didn't know about it, and has no desire for it to continue, or b) it's a botnet owner - I don't care about them anyway.
The program that was sent to the client was very, very simple, and very limited. It looked for a running hidden mIRC.exe copy in a very specific hidden directory inside the windows directory. If found, it would terminate only that mIRC.exe, delete that specific hard-coded trojan-specific directory (no other legitimate program would be there), and remove the registry entry used to load it at startup.
As for "how do you know"? Well, it was a simple small app, and a decompile would show what it did. Or, the source code could be taken and recompiled, and compared. The app had my name and email in it, for heaven's sake.
As for the "YOU COMMITTED A CRIME" part - it would be interesting to see that argument in court. I connected to a publically accessable chat server, with the consent (implied and explicit) of the owner of that server. I placed a program to connect to a chat room, and simply pasted a command containing a URL. Arguably, the trespass was already done, and there was plenty of evidence to indicate that it was done without the consent of the owner of the computer. If anything, my script would "un-do" the harm originally done - it would be difficult to convince a judge that the Mens Rea was present for Computer Tresspass; given the rather limited scope and simplicity of the program, recklessness or negligence would be rather difficult to prove. Also, there was most certainly no intent to commit an act of Computer Trespass, further complicating a case against me.
Besides, good luck getting that one past a jury of my peers. "Their computers were infected, and attacking other computers online. I cleaned them up, at no charge, and restored them to how they were before they were attacked." - you really think you could convince a jury of 12 to convict for that?