Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnet on Botnet Action

Posted by CmdrTaco on from the thats-not-hot dept.

Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."

13 of 187 comments (clear)

  1. So Possibly... by QBasicer · · Score: 4, Insightful

    ...the botnet creaters are trying to make their botnets more secure, and prevent other botnets from taking over the host? I'm not sure whether this is good or bad. The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?

    --
    x86, oh yes, I'm pro.
    1. Re:So Possibly... by plover · · Score: 5, Insightful

      I don't report zombies on Comcast addresses probing my home web server to Comcast because I'm afraid they'll just get all pissy about my running a web server. It's strictly a "personal use" server, and it doesn't see a megabyte of traffic a day, but you never know what's going to tweak the wrong person. I figure it's better to stay below the radar, keep the patches current, keep watching the logs and put up with the probes.

      --
      John
  2. Evolution by Shambly · · Score: 5, Insightful

    I think this one oneupmanship is very good. Sure bots are bad but if we look at a virus they are now developing a symbiotic relationship with the hosts. How long until they become indispensable to the security unconscious consumer. Sorta like how bacteria evolved into helping the organism it inhabited. Very interesting to see where this will ultimately lead.

  3. Re:The fat years are over by Applekid · · Score: 5, Insightful

    There's a little more than just bandwidth. If your botnet can gain one extra machine, that's an advantage of +1. If your bothnet can gain control of a machine belonging to a competing botnet and kick it off that one into yours, you gain one extra machine and remove one from your opponent for an advantage of +2.

    When it comes down to botnets being commissioned for Spam and DDoS attacks, the one with the most machines gets the highest bid, and the difference between that bid and the second best is likely directly related to how many computers make up the difference.

    There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.

    Sounds very similar to nature's natural selection.

    --
    More Twoson than Cupertino
  4. Re:Note to Editors by thestudio_bob · · Score: 5, Insightful

    Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

    --
    The real Sig captains the Northwestern. This one captains /.
  5. botnets evolve themselves out of business? by Maximum+Prophet · · Score: 4, Insightful

    If botnet A installs patches 1,2 & 3, and botnet B simultaneously installs patches 4, 5, & 6, could the target machines be completely immunized after the next reboot?

    --
    All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
  6. Re:Note to Editors by AndersOSU · · Score: 3, Insightful

    because it is self defeating. If you clean up a computer, you no longer have access to a computer that would clean up other computers.

  7. Re:Note to Editors by bhmit1 · · Score: 4, Insightful

    Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.
    Because of liability and money. A large company won't do this because if they take control of your machine against your will through a security hole (and there's no other way they'd put a dent in the problem if people had to volunteer to have this installed) they are liable for any damage that does and open themselves up for trespassing lawsuits. Consider a patch that a company is not installing because it conflicts with business critical applications or because they are aware of an even bigger security hole it exposes.

    As for some hacker doing it, it's all about money, and maybe a little fame. Doing this puts you in a worse position than the airline ticket hacker. So anyone that exposes themselves to this kind of risk, does so for money. And right now, there's money to be made in cutting out the competition in terms of making your botnet bigger than theirs and less likely to be removed (users are less likely to notice just one bot).
  8. Re:Note to Editors by Chosen+Reject · · Score: 4, Insightful

    "And now we see that evil will always triumph, because good is dumb."

    --
    Stop Global Warming!
    Just say no to irreversible processes!
  9. Re:The fat years are over by misleb · · Score: 3, Insightful

    There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.


    So if there is an intelligent designer behind the changes in the bots in response to selective pressure, is that evolution or intelligent design?

    -matthew
    --
    "THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
  10. Re:Unfortunately, this is not true by Mostly+a+lurker · · Score: 2, Insightful
    The initial realization of the scale of the problem came from an FBI study last year. You can start with Malware Trends. However, it is important to note matters are deteriorating faster than anticipated when that article was written last year.

    You might also read Bumper crop of malware expected in 2007 which starts with Gartner's prediction that

    75% of all enterprises will become infected with undetected, financially motivated malware by the end of 2007.
    Unfortunately this is all too real and there are no quick fixes.
  11. Re:Note to Editors by qwijibo · · Score: 2, Insightful

    Good has to be diligent and honest to be good. You can argue shades of gray, but that's just another way of saying degrees of evil.

    When you decide to be a vigilante group and dish out your style of justice for others' perceived sins, you are at best what Machiavelli describes astutely as "other than good."

    I'm a sysadmin, so if I were a juror and your "other than good" tactics landed you in court, I would not in good conscience be able to vote to convict you for trying to do something about these idiots. However, you should realize that good faith is not inherently good, and frequently creates the good intentions with which the road to hell is paved. If you're willing to live with possible consequences for your "other than good" tactics, I'm willing to look the other way. After all, the net harm would have to be less than the botnets are causing now.

  12. Re:Note to Editors by Anonymous Coward · · Score: 1, Insightful

    So you are saying that if one guy goes into a house because the door was open and does whatever, and then a second guy comes, shouts something at the first guy so that the first guy leaves the house, the second one should be tried for trespassing?

    Because that is what he did. The trojan was already installed by someone else, he just used it to tell the trojans to commit suicide.