Slashdot Mirror

← Back to Stories (view on slashdot.org)

The World's Biggest Botnets

Posted by CowboyNeal on from the poised-to-strike dept.

ancientribe writes "There's a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication, according to researchers, and it's a direct result of how Storm has changed the botnet game, with more powerful and wily botnets on the horizon. This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) — and what makes them tick and what they are after."

9 of 243 comments (clear)

  1. Re:Does it run on Windows? by Wonko+the+Sane · · Score: 3, Interesting

    I'd feel a lot safer if I could ever get selinux to work...

  2. Note total absence of word "Microsoft" by Animats · · Score: 5, Interesting

    It's interesting that these articles don't even mention that Microsoft's insistence on running executable content from the browser is at the heart of all these problems.

    1. Re:Note total absence of word "Microsoft" by Shados · · Score: 4, Interesting

      In Protected Mode, IE7 on Vista is genuinly sandboxed, and throws a fit if you so much as do a right click View Source (which would run an executable: notepad by default). If the browser was actually standard compliant (sometimes by the time Duke Nuken Forever and Spore comes out I guess), it would be an excellent all around browser.

      Other stuff, like running an executable sent to you by MSN is so freagin hard it puzzles even me sometimes (I beleive by default you have to change something in the registery, or it simply will flag em and you'll never be able to so much as extract exes from a zip file). Thats probably pushing it too far, but point is, if you don't have the admin password, its relatively difficult to do something retarded aside to hit your own account (which is possible in any OS really, and even then, you get quite a few warnings).

      Something of interest, though not really related: Once I installed some game (I forget which) that tried to install a copy protection crap, and Vista actually asked me if I wanted to install it separately from the game itself (I got 2 pop ups). Said no, and it happened that this particular game would run without the copy protection...so I was able to tell it to shoo off (while my friend on XP hosed his install because of it...a patch came out the week later to fix the issue, but I never had the problem in the first place). MS is learning. Slowly.

    2. Re:Note total absence of word "Microsoft" by fred+fleenblat · · Score: 4, Interesting

      Maybe solve isn't the right word, but switching everyone to linux (for example) would cut the infection rate to zero for about a year, until the bad guys adapted. After that it would still be way, way lower, mostly because of the better management of admin privileges.

      OLPC is potentially quite secure against naive user problems. There are plans for about a billion of these, so you'll have your answer pretty soon.

  3. The lack of mention of business security here... by downix · · Score: 4, Interesting

    All of these articles on botnets such as Storm always mention home system vulnerability...

    Well, let me point out for a second how while dangerous for a single home system to be infected, it is a world worse when a business system becomes infected.

    Within hours, typically that botnet has replicated to all of the machines on the internal network. Worse, now that botnet has access to your critical database information, consisting of customer records. Often times, the brains behind these botnets can better datamine than your business can, finding interconnections with your customers to better flood them with spam, or worse.

    At my job, one of our machines was hit with the Storm. We isolated it within minutes, but even then it still wa a close call. If I hadn't been doing a routine portscan at just the right moment, we'd have never spotted it.

    After that, the boss authorized me to begin a slow migration to Linux.

    --
    Karma Whoring for Fun and Profit.
  4. Re:Microsoft isn't the only irresponsible company by GaryOlson · · Score: 4, Interesting
    Microsoft is not the only culprit. I have a Netgear FVS124G (with the latest firmware) which has been compromised: 3 sets of packets were sent on port 80 to the router and after the last set of packets "Access rule 257 added" was logged. Access rule 257 did not show in the interface. Then the router started sending botnet check-in packets on IRC ports to various IP addresses. And, the router log showed the malware was sending traffic using every MAC address in the route table as a "compromised PC" -- even the laptop which was disconnected from my network.

    Yes, the router was still emailing me every log of all network traffic -- my traffic and the malware traffic also. Seems the malware author does not think my ability to log their traffic was significant.

    Netgear was very helpful. Tier1 tech support said securing the router was my responsibility. Asshats!

    --
    Every mans' island needs an ocean; choose your ocean carefully.
  5. Re:Yes, free software would fix the problem. by thogard · · Score: 3, Interesting

    But most sun machines are on very big pipes compared to most windows boxes. The same is true of Mac as the people who own them tend to be well off enough to have decent broadband.

    Also a bot net of suns is worth far more per machine than windows machines. The numbers I've heard are a sun box on a big connection is worth at least $100 vs about $.1 for a windows box. And there are Solaris 10 botnets out there (thanks telnetd)

  6. Re:You Sank My Enterprise! by hedwards · · Score: 5, Interesting

    If you think you can do better than Fortune 100 support teams, you are sorely mistaken. They have all the time, money and employees they want to throw at this problem and still get their ass kicked. People trying to tweak non free software are working in the dark and will always be surprised. No matter how much they spend, they can never fix the problem.


    The reason that the corporate world has issues with bots, has far more to do with the corporate environment than it does with the security of the platforms involved. After all any sufficiently secure platform can be made insecure by allowing the wrong morons to use it.

    On my home network, I can do things like block every single incoming port and disable pretty much all of the outgoing ones as well. I can install firewall software on each computer to scan the remaining ones. I can create my own install media to remove nearly any part of windows which isn't related to the bare essentials, then install the bets antispyware software and demand that anybody that uses the computers not click on links in email.

    I'm sure there's more, but I would be surprised if I were allowed to do even that much if I were responsible for securing a corporate network.
  7. Software paladins? by Richard+Kirk · · Score: 3, Interesting

    Part of the Storm threat is that it is able to intimidate those who stand up to it, or attempt to combat it. This would suggest that Storm is in turn vulnerable to an attack by an even bigger botnet. It can succeed on poorly protected machines and lurk in the many dark corners of the Internet, like cockroaches. Suppose enough of us willingly subscribed the spare cycles in our machines to serve as a botnet that would fight the others? Could that work?

    Can we come up with a working definition of 'good' for such a botnet? I would not subscribe my machine to any government directed search for terrorists, for example (that's probably got me on a no-fly list). However, it should be possible to confine our botnet to the named botnets in the article, and do 'good' in an sense that would be acceptable to most users. If the project veers towards evil, then there must always be a way to unsubscribe.

    Then, we want a fancy UI like the SETI screensaver, so we can see how we are doing, and root for our side.