Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnet on Botnet Action

Posted by CmdrTaco on from the thats-not-hot dept.

Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."

21 of 187 comments (clear)

  1. Note to Editors by Billosaur · · Score: 5, Funny

    Never let CmdrTaco come up with headlines after a night of watching girl-girl porn... the images created are... disturbing...

    --
    GetOuttaMySpace - The Anti-Social Network
    1. Re:Note to Editors by TheMeuge · · Score: 5, Funny

      How do you think he came up with his username?

    2. Re:Note to Editors by thestudio_bob · · Score: 5, Insightful

      Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

      --
      The real Sig captains the Northwestern. This one captains /.
    3. Re:Note to Editors by dkf · · Score: 4, Funny

      Yeah, it should have been 'Informative'.

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    4. Re:Note to Editors by smooth+wombat · · Score: 4, Funny
      But what will CmdrTaco do when he is NEVER allowed to come up with headlines?


      Work on the broken mod point distribution code?

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    5. Re:Note to Editors by qwijibo · · Score: 4, Interesting

      Because good has to be much more diligent, and that is orders of magnitude harder.

      When you're working for evil, you don't have to worry about collateral damage. If you cause one system out of 100 to stop working completely, or just have some incompatibility that makes it less useful to the user, you don't care. If they didn't want to be infected, they'd have better security. Propagating evil viruses, trojans and worms is easy because you can be careless and expect the rest of the world to reboot if you have a bug.

      This is also why large organizations have people to test that patches don't break the necessary functionality in their supported applications. If something breaks, they have to support it, so they make sure it's not going to come back to bite them. This takes a fair amount of time, people, and all of the supported configurations to ensure that things are safe. It's a real pain in the neck (or other body part) to do a good job at this.

      The most secure machine is one that is turned off, unplugged and locked in a room that has an armed security guard with standing orders to shoot everyone. That's not the computer usage model that any of the companies listed want to encourage. They want the user to be insecure to different degrees.

    6. Re:Note to Editors by bhmit1 · · Score: 4, Insightful

      Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.
      Because of liability and money. A large company won't do this because if they take control of your machine against your will through a security hole (and there's no other way they'd put a dent in the problem if people had to volunteer to have this installed) they are liable for any damage that does and open themselves up for trespassing lawsuits. Consider a patch that a company is not installing because it conflicts with business critical applications or because they are aware of an even bigger security hole it exposes.

      As for some hacker doing it, it's all about money, and maybe a little fame. Doing this puts you in a worse position than the airline ticket hacker. So anyone that exposes themselves to this kind of risk, does so for money. And right now, there's money to be made in cutting out the competition in terms of making your botnet bigger than theirs and less likely to be removed (users are less likely to notice just one bot).
    7. Re:Note to Editors by Chosen+Reject · · Score: 4, Insightful

      "And now we see that evil will always triumph, because good is dumb."

      --
      Stop Global Warming!
      Just say no to irreversible processes!
    8. Re:Note to Editors by plover · · Score: 4, Interesting
      I'm not so sure about this. Why does good have to be diligent and honest? Why can't this be done by vigilante groups who are not officially sanctioned, but nobody complains about them?

      The internet is still pretty much wide open, with no single governing body. A vigilante group could operate out of any number of less-than-cooperative countries. And this vigilante group does NOT have to be 100% good or careful. These zombies exist because their owners don't know or care enough to keep their machines safe, and now they're out attacking the rest of us. I have about zero tolerance for dangerously ignorant people or their hardware when it's threatening mine.

      In medical terms, these zombies would be defined as malignant cancerous cells, and botnets as tumors. And to carry the medical analogy further, the treatment is to kill the rogue cells. We don't contact them, and ask "hey, Mr. Cancerous cell, you're hurting the rest of us, would you please stop?" No, we use chemo and radiation and surgery and remove and destroy the tumors so they don't spread further.

      I really don't see why a vigilante group can't send out "good-faith" efforts to patch bad machines. If those machines die as a result of a bad patch, well, perhaps its because they deserved to die. I certainly wouldn't complain if someone started actively dismantling these networks.

      --
      John
    9. Re:Note to Editors by karmatic · · Score: 4, Interesting

      I certainly wouldn't complain if someone started actively dismantling these networks.

      Some of us try.

      A while ago, I got a spam message, trying to infect me and connect me to a botnet - the software was a hacked up mIRC client with some DLL plugins. The client would automatically open a second connection, connect to a random network and channel, and proceed to spam people with virus messages on join. ("Type //some evil command to get op!, etc.")

      After talking to the admins, we banned the owners (only certain nicknames were allowed to control the bots), and replaced them with an eggdrop that had the infected people download and install an automatic cleaner. Thousands of infected computers were cleaned overnight, and hundreds more over the next few weeks. Is it possible that the cleaner broke a machine or two in the process? Possible, but unlikely (would be most likely due to a variant of the bot). Oh well - it made the IRC servers I used a lot more useful.
  2. Funny 404 by gblackwo · · Score: 4, Funny

    Got a good couple 404 error from slashdot on this page before anyone had commented, I thought the bots had a foothold.

  3. I can see it now... by Mockylock · · Score: 5, Funny

    In a dark area of Brooklyn, servers have a standoff wearing their bandanas, willing to die for their turf.

    "We are better with patches", says GlobalBot international server.

    InterSearchBot united server sneers, "PATCHES!?... WE DON' NEED NO STINKING PATCHES!"

    --
    "Please, shut up. Just when I think you can't say anything more stupid, you speak again." -Archie Bunker.
  4. So Possibly... by QBasicer · · Score: 4, Insightful

    ...the botnet creaters are trying to make their botnets more secure, and prevent other botnets from taking over the host? I'm not sure whether this is good or bad. The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?

    --
    x86, oh yes, I'm pro.
    1. Re:So Possibly... by plover · · Score: 5, Insightful

      I don't report zombies on Comcast addresses probing my home web server to Comcast because I'm afraid they'll just get all pissy about my running a web server. It's strictly a "personal use" server, and it doesn't see a megabyte of traffic a day, but you never know what's going to tweak the wrong person. I figure it's better to stay below the radar, keep the patches current, keep watching the logs and put up with the probes.

      --
      John
  5. The fat years are over by Opportunist · · Score: 5, Interesting

    The time when there was still a market to grow into with botnets is over. The big surge of new, clueless morons filling the net is slowly coming to an end, and even the morons now start using firewalls and AV tools (still no brains, but hey, I'm already happy with small steps).

    So the maximum amount of machines to have is pretty much reached. Now the battle for the precious dimwits started. Well, it started some time ago, but we now get a lot of bot malware that actually tries to kick out the competition.

    What for, one may ask. Why the overhead? I mean, what's wrong with 2 competing botnetters controlling a computer?

    Bandwidth. You can only pump so much spam out of a machine with a given bandwidth. If two try that at the same time, they have to share. And sharing is not really a trait of a botnetter.

    So, let the games for the herd begin. If anyone's looking for me, I'm in the lobby getting popcorn.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:The fat years are over by Applekid · · Score: 5, Insightful

      There's a little more than just bandwidth. If your botnet can gain one extra machine, that's an advantage of +1. If your bothnet can gain control of a machine belonging to a competing botnet and kick it off that one into yours, you gain one extra machine and remove one from your opponent for an advantage of +2.

      When it comes down to botnets being commissioned for Spam and DDoS attacks, the one with the most machines gets the highest bid, and the difference between that bid and the second best is likely directly related to how many computers make up the difference.

      There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.

      Sounds very similar to nature's natural selection.

      --
      More Twoson than Cupertino
  6. Evolution by Shambly · · Score: 5, Insightful

    I think this one oneupmanship is very good. Sure bots are bad but if we look at a virus they are now developing a symbiotic relationship with the hosts. How long until they become indispensable to the security unconscious consumer. Sorta like how bacteria evolved into helping the organism it inhabited. Very interesting to see where this will ultimately lead.

  7. Oblig by xBOISEx · · Score: 5, Funny

    "Begun, this bot war has"

  8. Botnet Gang Fights? by hcmtnbiker · · Score: 5, Funny

    *Cues West Side Story finger snapping*

    --
    If i had one dollar for every brain you dont have, i would have $1.
  9. botnets evolve themselves out of business? by Maximum+Prophet · · Score: 4, Insightful

    If botnet A installs patches 1,2 & 3, and botnet B simultaneously installs patches 4, 5, & 6, could the target machines be completely immunized after the next reboot?

    --
    All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
  10. Re:Could someone explain the closing of ports? by dkf · · Score: 4, Informative

    Could someone explain why it is important that ports are closed?
    The only way to have a message received off the internet is to have a port open. Most ports on desktop computers are only opened to specific machines while you're uploading or downloading some data (whether web, email, or any of a myriad other things). But on server computers, ports have to be open for connections from client machines which are potentially anywhere. If the software behind those ports isn't careful, it's possible to attack the machine through them.

    Desktop systems are usually not as highly protected on the inside as server systems (alas) so having a firewall that blocks off server ports "Just In Case" is a good plan.

    (And yes, I've left out lots of detail from this potted explanation.)
    --
    "Little does he know, but there is no 'I' in 'Idiot'!"