Slashdot Mirror
The World's Biggest Botnets
ancientribe writes "There's a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication, according to researchers, and it's a direct result of how Storm has changed the botnet game, with more powerful and wily botnets on the horizon. This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) — and what makes them tick and what they are after."
I thought so.
You are being MICROattacked, from various angles, in a SOFT manner.
In other words, stupid people and people who dont care about security punish the rest of us. How nice.
You dont know how much I would appreciate a "Internet License" to show basic security and protections on the net. WIth the financial nets and traffic nets as they are, I'd say that hauling a 2 tom missle down a highway and doing this would be similar.
Imagine if somebody did this but donated cpu time to distributed computing projects like that one on cancer research. Force philanthropy would be rather strange and still illegal, but at least slightly more noble in a Robin Hood sort of way.
This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) -- and what makes them tick and what they are after.
From the look of things, it appears that their sole purpose is to send me myspace friend requests from lonely, hot girls that have Tom as their only friend, and have selected me as the lucky person who gets to share in viewing their private, personal website, which has many photos of their naked breasts and vagina. Seriously.
The theory of relativity doesn't work right in Arkansas.
It's interesting that these articles don't even mention that Microsoft's insistence on running executable content from the browser is at the heart of all these problems.
Well thankfully I run Windows, which is inherently more secure than your "open source" systems. These botnet creators can look right inside your operating systems and see the vulnerabilities, whereas with Windows...
Ah, but you fail it!
In other words, stupid people and people who dont care about security punish the rest of us. How nice. You dont know how much I would appreciate a "Internet License" to show basic security and protections on the net.
Anyone who thinks non free software can be secured should be denied said license. FTFA:
If you think you can do better than Fortune 100 support teams, you are sorely mistaken. They have all the time, money and employees they want to throw at this problem and still get their ass kicked. People trying to tweak non free software are working in the dark and will always be surprised. No matter how much they spend, they can never fix the problem.
Friends don't help friends install M$ junk.
All of these articles on botnets such as Storm always mention home system vulnerability...
Well, let me point out for a second how while dangerous for a single home system to be infected, it is a world worse when a business system becomes infected.
Within hours, typically that botnet has replicated to all of the machines on the internal network. Worse, now that botnet has access to your critical database information, consisting of customer records. Often times, the brains behind these botnets can better datamine than your business can, finding interconnections with your customers to better flood them with spam, or worse.
At my job, one of our machines was hit with the Storm. We isolated it within minutes, but even then it still wa a close call. If I hadn't been doing a routine portscan at just the right moment, we'd have never spotted it.
After that, the boss authorized me to begin a slow migration to Linux.
Karma Whoring for Fun and Profit.
So the world's largest networked super computer runs Windows. It is sad really, all these hundreds of millions of computers on the planet - half of them sending spam for the other half to filter out. One would think that there should be something slightly more useful for them to do.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Yes, the router was still emailing me every log of all network traffic -- my traffic and the malware traffic also. Seems the malware author does not think my ability to log their traffic was significant.
Netgear was very helpful. Tier1 tech support said securing the router was my responsibility. Asshats!
Every mans' island needs an ocean; choose your ocean carefully.
If you are afraid of Linux, switch to OSX.
We have heard that line saying it's the fault of the novice computer.
I did not believe that 10 years ago. I still don't believe it.
10 years ago, I thought that Microsoft would fix the bugs that created this Anti-Virus business.
I was wrong. Microsoft never saw a business reason to fix those bugs. Instead they increase the "It's not our fault" marketing, and even got into the [Anti]Virus business themselves.
The Windows Virus-prone bugs 10 years ago were:
- System access/execution from Office templates.
- System access/execution from Active X.
- System access/execution from Browser in general.
- System access/execution from Email attachments.
These features I suppose are there for novices. The same novices that are blamed for perpetuating "viruses" by using these "features".
These "features" have never existed in Linux.
There are millions of Macs out there, and growing. But they're harder to compromise by design. The elusive "Mac virus threat" remains largely a marketing device for Symantec.
Have you read my blog lately?
That's what I thought the name of the article was, I was like, cool! Then I was let down :-(.
I've read Slashdot for the last 5 years, and now I start posting... Go figure
DD-WRT. Problem solved.
I see your informative link, and raise you a pithy comment.
Not really. There is a very simple reason why botnets are dominated (to pretty much 100%) by MS systems. Numbers. Most machines in home user hands simply are running on some kind of MS OS.
Yes, Linux and MacOS are more secure. It's harder to slip something into the system, at best you can run with user privileges, yes, yes.
Unless you trick the user. And that's pretty much the main infection vector today. About 95% of malware comes in the form of infected spam mails, only 5% of infections rely on system insecurities, buffer overflows or other system related security holes.
And when you can trick the user into executing something, it's trivial to trick him also into giving the malware elevated privileges, provided you promise him something. Send someone a "tool" that promises 20% more speed or ram, but since it has to hook deeply into the system, it will require root privileges.
Yes, you won't fall for it. But the average clueless user? After all, this thingamajig is gonna do something with your system to make it run faster, so it's kinda logic that it will need system privs.
No system is secure from malware. Security is by definition the minimum of a system's security capabilities and its adminstrator's security capability. BOTH need to be secure to create a secure system.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Keep up the smack talk and I'll rent part of the botnet to DDoS you, just for kicks. Hey, it's not like renting a few 1000 boxes for a few days was expensive!
That's how it affects you. Well, unless you can be blackmailed along the lines of "pay me X bucks or you go offline for Y days, let's see if your biz survives", it probably won't affect you, directly at least.
How about your employer? What would happen if his internet presence, his mailserver, his means to communicate online were rendered useless for a month? Would the company survive?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
But most sun machines are on very big pipes compared to most windows boxes. The same is true of Mac as the people who own them tend to be well off enough to have decent broadband.
Also a bot net of suns is worth far more per machine than windows machines. The numbers I've heard are a sun box on a big connection is worth at least $100 vs about $.1 for a windows box. And there are Solaris 10 botnets out there (thanks telnetd)
You see this is exactly why Windows is winning. Linux is still yet to provide a credible botnet to face off against the Windows botnet. There's just no comparison, Windows wins every time!
This is my footer. There are many like it, but this one is mine.
I made that suggestion, but for some odd reason shooting morons launching executables named "invoice.pdf.exe" is considered illegal in my country.
Yeah, we got silly laws here.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Botnets and I cannot lie... :)
Serious hack. I did a quick run on your router and there does not seem to be a documented hole ATM. Also, if the rules don't show up on your interface then either:
1) Netgear ppl were complete morons and the GUI is not directly linked to the filesystem records/small database/whatever
or
2) Hacker is good enough to alter this part of the router's code as well, meaning he flashed the firmware remotely.
I wonder how many people have been hit with this without knowing. It is one thing to monitor your PC's activity, but a router? Scary shit. Better get that rusty copy of Snort up and running again.
PS: you actually check your logs..wow. You either work for the NSA or you are half Klingon. Also, did you find out who it was, and whether you were sending out payloads similar to the one you received(meaning that it wasn't an "important" node that attacked you)?
The sophistication of this Storm "application" is much more indicative of a mature elder programmer, who probably has read the complete cypherpunks archives. We talked about stuff like this long ago. Compare to things like the Morris worm, the two Manila children, etc. Those were intense, but brief due to coding errors and the like.
Bah. No, these people are not children and they do know what they're doing.
Agreed. I think the long-term solution is to design OSes so that each application can only write to a limited subset of the filesystem; either each app is kept in some sort of individual sandbox, or maybe it can only write to files it creates, or files of a certain type that are associated with it, or some similar scheme. You could probably fudge something like this into a current OS with enough chroots/jails/runases and ACLs, but I think it's the sort of thing that's going to require a ground-up rewrite for an entirely new security model. I'm not even sure that it would be compatible with the idea of a single 'filesystem' as we currently think of it; you might instead have segregated applications each with their own sets of files, and a single 'browser' that allowed you to move/share files between applications as necessary. From a user's perspective, such a machine might be entirely 'task-oriented' rather than file-oriented.
I think there's a research OS or two around that have been designed like this, but it's a long way off for most mainstream ones. Of any of the commercial vendors, I could probably see Apple doing it first, because they seem to be the ballsiest when it comes to just breaking backwards-compatibility and rewriting things for the sake of rewriting them (and which arguably "weren't broken" according to others, e.g. launchd), but I still have a hard time imagining it within the next decade. Windows is and will always be a slave to its software base, and most of the Unices tend to be evolutionary rather than revolutionary in their design (which is fine, it's just a different approach).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Part of the Storm threat is that it is able to intimidate those who stand up to it, or attempt to combat it. This would suggest that Storm is in turn vulnerable to an attack by an even bigger botnet. It can succeed on poorly protected machines and lurk in the many dark corners of the Internet, like cockroaches. Suppose enough of us willingly subscribed the spare cycles in our machines to serve as a botnet that would fight the others? Could that work?
Can we come up with a working definition of 'good' for such a botnet? I would not subscribe my machine to any government directed search for terrorists, for example (that's probably got me on a no-fly list). However, it should be possible to confine our botnet to the named botnets in the article, and do 'good' in an sense that would be acceptable to most users. If the project veers towards evil, then there must always be a way to unsubscribe.
Then, we want a fancy UI like the SETI screensaver, so we can see how we are doing, and root for our side.
"stupid people"
Because someone does not know much about computers, and specifically computer security, does not make them "stupid". It most often means that they have things they they are skilled to deal with. Because you probably cannot perform open heart surgery does not make you stupid either. It means that you probably know about computers and their security. We all have our areas of expertise and interest and they cannot be everything-there is only so much time and mental capacity.
This type of attitude I find prevalent among people who know a bit about computers. This is one of the reasons that Linux has taken so long to be usable for the masses. Most people do not want to build their own computers and most people don't want to have to learn about computer security. They want the people who specialize in it to make it where it works for them.
It's really nice to be a linux user for over a decade and sit back and say "ha ha". I don't believe Microsoft is capable of combating, or willing to combat, the problem. At the bottom of this issue however, is the fact that many users are clicktards. Infecting a linux or mac system is as easy as tricking a user into clicking something, or even simulating the pop-up password dialog box for a sudo event. Let's start with Fedora for instance. The ssh service, by default, allows root logins. How many users would enter their root password into a javascript popup that is titled "New updates for your Fedora system are available. Enter your root password to download and apply these updates"? I'm not picking on Fedora, it's a great distro. I certainly don't agree with PermitRootLogin yes as a default in sshd_config. Regardless of firewall settings, it's foolish. Alternative systems should be taking a cue from the shortcomings of Windows and doing what they can to minimize their own strike zone.
boycott slashdot February 10th - 17th check out: altSlashdot.org
PS actually your reply is Redundant; but a good reminder for all. Keep up the good work ;)
Every mans' island needs an ocean; choose your ocean carefully.