Slashdot Mirror
New Botnet Dwarfs Storm
ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."
Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture... ends in an .exe, which is not shown" to the user, Royal says.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Infected Exchange server?
Yet another reason why you shouldn't be opening e-mail on a production server. Even if you are, the server admin at a Fortune 500 company ought to be smart enough to not click on the latest "Anna Kournikova pics!" e-mail.
Maybe this is my MS says that Outlook on an Exchange server is an unsupported configuration.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
Two words: hardware firewall.
Ok 2 more words: watchfor blinkenlights.
My blinkenlights are going crazy right now! Oh, I should stop all my torrents, too?
ps aux | grep wine
Oh good, nothing running. wineserver runs when you start a program and ends when the last process is closed. Nothing will simply start on its own (unless the process running under wine is aware that is being run under wine and can somehow write to rc.local...even then, you need root privs for that).
Obligatory blog plug: http://www.caseybanner.ca/
You know that VMWare is proprietary, right? Running ubuntu with wine in VMWare because using XP in VMWare wouldn't be FOSS is kinda self-contradicting.
The creator of this post (Jacob Smith) hereby releases it, and all of his other posts, into the public domain.
Free as in beer.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
The problem is that you don't have to click 'willy-nilly' on anything for most of these things to get into your computer.
The final word is that most people are connected directly to the internet without any firewall or anything else between them and the unwashed masses.
They tried the 'Run as Administrator' thing with Vista. It sucks.
You get spyware and crap TELLING you to click on the prompts--and people blindly follow it. Why? They don't know any better.
"For your Free iPod, click the Accept button, and then on the Allow Program dialog."
So, your logic fails.
Try http://www.virtualbox.org/, if you want free and open source virtualisation software.
"I've got more toys than Teruhisa Kitahara."
I assume that I found the correct contest, it fits the description.
They did however get the Vista box, by exploiting a flaw in Flash (from the same article). Both successful cracks was only achieved after the rules had been relaxed to allow exploits by "tricking" the judges into clicking on links to malicious web pages created by the contestants.
On the first day only direct attacks over the network was allowed, and all OSes survived that.
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!
The problem with that sort of intensive security model for the average user is that neither the user nor the software can be trusted today. The user can't administer their computer: it is simply too complicated and requires too much knowledge for the average user. But every operating system available today requires the user to administer their own home computer.
The same operating systems are in use on businesses all over the planet and no company in their right mind would simply dump the computer on the user's desk with a note saying this was theirs now and they should figure it out.
The second problem is the software. You hear about some game or whatnot from a friend who says they is really great and you have to have it. OK, so it gets downloaded and installed. How was it qualified as being suitable for that computer? How was it qualified as not containins malicious content? Well, neither qualification happened, it was just installed. Period. Whatever operating system administration is required to install the program is done. Without consulting anyone else.
Of course, if two weeks later you discover that your computer isn't working so good then it is time to call in the "expert". And often pay someone to remove whatever it was that is causing all the trouble. Not just reactive but long-time-after-occurrence reactive.
I know of no operating system today that doesn't work in this mode when self-administered. I assure you that if you give a program to an average user that requires both access to all the files on the computer and network access it will be granted, by whatever procedure requires this. Sure, someone clever might wonder why this is necessary but most clever geniuses distributing such malware will have some utterly wonderful sounding total BS answers to such questions.
Sorry, you can't escape the trap that is where we are today. If your computer isn't administered by a competent administrator and you install random crap on it that "Internet friends" tell you about, you are going to have troubles. No question about it. And no "security model" is going to change that. Locked-down machines that cannot be compromised by rogue software being installed will change that. And 90% of home users have no need of something they personally can install software on. Random software. Potentially harmful software.
Yes, it's true. There is AV software for Linux systems. It is for mail servers that serve Windows clients. Read the documentation, it's in there. Thanks for playing, though ;-)
Let us not become the evil that we deplore.
"Seriously, though - can an OS be secure, if it's users don't make rational choices?"
You can make system files immutable in Linux with chattr, an immutable file may not be overwritten by root unless chattr is first run, to remove the immutable flag.
furthermore, you can during install, use chattr to set files immutable, and then set user:owner of chattr to user chattr and set permissions to only allow user chattr to read or execute chattr as well as making chattr immutable so root can't replace it.
So yes, you can idiot proof a Linux system. Even if they still have sudo permissions so they can install new programs.
the basic point of this would be to have some type of chrontab based scanner, a remote administrator (eg: the guy who set it up for mr. i love porn and am stupid) and basically is mr idiot isntalls bad software mr remote admin can remove it, and make fake files in his owner/user group so that mr idiot can't install it again (although without access to chattr it might be hard to prevent mr idiot to find out how to use sudo to delete those files when he asks on a message board how to get around this 'error' when he tries to install software etc..)
although it's SO much easier to just not give Mr idiot sudo permissions and allow mr remote administrator approve any software Mr idiot wants on his system. the point was can linux be idiot proofed, and yes it can, in many functional ways.
https://www.gnu.org/philosophy/free-sw.html