Botnet on Botnet Action

Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."

Marching down the road of informational warfare

This was predicted in the past, but here's one of the roadmaps:

http://www.iwar.org.uk/iwar/resources/treatise-on- iw/iw.htm

Quite a lot of reading, but its not too bad. Seems like all that is happening is that the crooks are catching up with the research faster than the commercial people are.

Re:Could someone explain the closing of ports?

[dkf]

Could someone explain why it is important that ports are closed?

The only way to have a message received off the internet is to have a port open. Most ports on desktop computers are only opened to specific machines while you're uploading or downloading some data (whether web, email, or any of a myriad other things). But on server computers, ports have to be open for connections from client machines which are potentially anywhere. If the software behind those ports isn't careful, it's possible to attack the machine through them.

Desktop systems are usually not as highly protected on the inside as server systems (alas) so having a firewall that blocks off server ports "Just In Case" is a good plan.

(And yes, I've left out lots of detail from this potted explanation.)

Re:Evolution

[vivaoporto]

I can tell you in advance, without charge, where this will lead. Just like a disease vector, these machines will continue to be used by the botnet masters to infect other machines, spread SPAM, steal the very machine owner personal data and, in general, obfuscate illegal activities.

I don't know from where people commenting this article got the idea that having only one "infection" that don't totally destroy the machine is a good thing, even for the machine owner. Actually, it is very worse, because if people don't notice any different behavior they will not worry to fix the machine, even if they know about the infection. And in the end of the day, they will be the first to lose their money in some scam that they inadvertently help to spread.

People don't infect machines nowadays on the evilness of their hearts, only to wreak havoc or for bragging rights, not anymore. Now they do it for profit, it is organized crime that is happening there. Have no illusions about it.

Re:Note to Editors

[HUADPE]

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

It's illegal. Botnets constitute several levels of fraud in that they a. install software without your consent; b. steal your bandwidth to copy themselves; and c. then use your computer to commit some other crime.

c. would not be done by a "good" botnet, but a. and b. would. Even if all the hijacks came from a commercial server set up for it, a. would be violated. If you think click-through EULAs are invalid...just imagine the invalid-ness of a botnet install.

Re:Note to Editors

[It'sYerMam]

Hmm, I don't think this has been thought through properly. (regardless of the insightful mod) Just because you've patched up the security hole on the host computer doesn't mean you can't still send stuff out. And of course, it's less than trivial to build in a time delay before the bot patches security holes and terminates itself, during which time it infects as many PCs as it can - so if, by some mechanism, the way you got in is related to the way you're sending yourself out, it would still work.