Slashdot Mirror


New Botnet Dwarfs Storm

ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."

9 of 607 comments (clear)

  1. Re:Scary by Pojut · · Score: 5, Interesting

    Dispose of Windows, install a more secure OS, and take the time to learn to properly use your new OS


    Or you could just learn how to properly secure XP and not go clicking all willy-nilly on every email you receive.

    With a combination of three free programs and a bit of common sense, I haven't gotten a single virus or bit of spyware on my XP box in literally years. ZoneAlarm, AVG, and Spybot make a fantastic defense.
  2. Re:Designate Windows OS as Terrorist Tool by Arancaytar · · Score: 5, Interesting

    Last I heard, they were arguing the exact opposite - non-Windows systems are too hard for the government to break into.

    And who knows, perhaps Kraken is sending your data to HLS on the side? If I made a government spy virus, I'd disguise it as a spambot too... the signal is lost in the noise.

    This, needless to say, could also explain the surprisingly low discovery rate on standard AV tools.

    [/tinfoil hat]

  3. Re:Or Unix or Mac ... by Lumpy · · Score: 5, Interesting

    yes actually.

    Viriuses and bots are Incredibly easy to get installed and infected on a PC. It's brain dead easy.

    It's far harder to get a linux or OSX or BSD infection going as you trigger the "you are trying to install "XXXX" enter your admin information to allow this to install for applications that are going to get it's hooks in the system. all other applications ca reside in a location that is safer and installable by the user only. and YES you can do this in linux, a user can download compile and run or even install an app to the user directory and use it just fine.

    all OSX users I know dont simply click yes to everything because the software makers have 1/2 a brain for those platforms. windows apps all think they need to shove crap all over the pc. and therefore pc users are usedto having even a fricking mp3 playing app shoving thing in the windows system directory, changing the registry, etc...

    stop that stupid behavior (return to farking ini files in the app directory instead of the incredibly stupid registry) and stop installing 65,000 random dll's in the system directories.

    --
    Do not look at laser with remaining good eye.
  4. Re:Scary by Pojut · · Score: 4, Interesting

    ..and is undetectable in over 80 percent of machines running antivirus software.


    Hence why I also said using a bit of common sense (i.e. not clicking on everything that shows up in your email) and using a well-configured firewall. I also will occasionally check on the traffic that is outbound from my PC just to make sure something like this has not occured.

    It really is not difficult to keep a windows box secure. Granted, it requires more attention than a Linux box, but still...it's quite easy to set up and maintain.
  5. Why is it hard to block this spam? by ConfusedVorlon · · Score: 4, Interesting

    serious question:

    most folks don't send more than 50 mails a day (number pulled out of a** and is for illustration only)

    so how about this ISP anti-spam approach:

    1) if a user sends more than 350 emails in a week, or more than 100 emails in a day, the ISP emails the user with a 'do you have a zombie' email.

    this would list the subjects & initial contents of emails sent.

    user could either reply 'yup, I send a lot of email please bump me up to a higher trigger level' or 'please help me fix this - I'm not really a viagra salesman'

    x days/emails after the warning, the ISP could start blocking stuff if there was no response to their warning mail.

    This would give people a chance to know if their machine was infected (I think mine is clean - but I certainly don't monitor outgoing smtp traffic) and generally provide a service to all at little inconvenence.

    Would this be bad ??? Is it really hard to spot a zombie PC that is sending spam out through your network?

  6. Undetectable? by nick_davison · · Score: 4, Interesting

    a botnet of 400,000 zombies...is undetectable in over 80 percent of machines So, does that mean it's a botnet of 2,000,000 zombies, or that there are actually only 80,000 that have been detected but they're pretty sure they're only finding 20% of them so 400,000 sounds right?

    If it's truly undetectable, how would you know what percentage of cases were undetectable? Surely, be definition, you couldn't tell?

    In other news, most women think I'm damn sexy. It's just undetectable in 99% of cases. But I'm sure they do!
  7. Re:How does it get in? Duh! by bestinshow · · Score: 4, Interesting

    The problem is that Windows hides file extensions to make filenames look prettier.

    Of course, the user should think "hmm, why does this filename have .jpg still?", but let's ignore the user for now and assume them to be a moron that will do the worst possible action.

    Windows could do a lot more itself. It could have a set of very basic rules to run on files when they are downloaded or double clicked.

    e.g.,: Filename has two extensions, last of which is exe - mark as highly probably virus/trojan/spyware. Alert the user to this fact, with the disabled "Continue" button for 10 seconds, or never enabled to force the user to rename (Also only use the extension as a hint to the action that will be undertaken when double clicked. Perform analysis of file contents to check that it actually appears to be that type of file.)

    Don't run downloaded .exes (in fact, any .exe that hasn't been run before) until there has been a warning, with a delay so the user can't just click Continue. The warning window shouldn't be bland non-exciting 9pt Calibri either, there should be something to make the user pay attention and think. "Why is Aunt Mavis sending me a cool dancing sheep screensaver?!" I think that Vista does this already?

    Self-extracting zip archives should be identified and de-archived by the OS Zip extraction function, and the .exe part should never be run. Indeed, self-extracting zips should be banned, simply because they're a useless format nowadays.

    But in the end, there will be idiot-user ways around these rules, there will be flaws in the rules (I'm not spending all day tweaking them for a mere Slashdot post), and the malware will adapt.

    On a Mac I imagine you could just give you malware the system image icon in the application package, and it would fool most users. Apart from user education (hahahaaaaaaaaaaaaaaaaaaaaaaaaaa) it's going to be difficult to eradicate the malware problem.

    Of course every time an image file format, or Office file format, etc, has a buffer overrun issue on an OS, exploits will be made. Parsers should be stricter, and peer reviewed for good secure programming practices.

  8. Re:Designate Windows OS as Terrorist Tool by Anonymous Coward · · Score: 5, Interesting

    Well, at least you have an opinion. It's really the mark of users that plain suck. Give all those same users who click on everything and anything that sounds vaguely interesting a nice, shiny new Ubuntu machine - ALL of the users mind you - so replace most people's Windows machines. See how long it takes those same people to be rooted. Now what will you complain about? Their sucky OS? Or their lack of ability to treat their computing resources as carefully as they SHOULD be treating their government ID's such as SSN's in the US and bank info, etc.? It's the users - not the OS.

  9. Re:Designate Windows OS as Terrorist Tool by 99BottlesOfBeerInMyF · · Score: 4, Interesting

    Well, at least you have an opinion. It's really the mark of users that plain suck.

    I really wish this was the case, but OS vendors could do much much, much more to make their systems secure by default. As for the metric that users suck, sure they do. Last I read, however, compromises that had no user interaction were still responsible for more incidences than ones that have a user interaction component, There are a lot more trojans out there than worms that compromise machines silently, but the latter hit a lot more machines at a time and more often.

    Give all those same users who click on everything and anything that sounds vaguely interesting a nice, shiny new Ubuntu machine - ALL of the users mind you - so replace most people's Windows machines. See how long it takes those same people to be rooted.

    Actually, they would probably last a lot longer. The truth is, Linux is attacked less by automated worms so most users would fare better. It is not that Ubuntu is really much better for security than Windows (it is better in some ways, worse in others) but there is one big thing Ubuntu has going for it. Canonical does not have monopoly influence on the desktop OS market.

    Ubuntu currently has security that is appropriate to the threat posed by malware attacking it. Regardless if that security is currently better or worse than Windows, there is no reason to think Ubuntu would not continue to provide whatever level of security is desired by users. You see, Canonical sells services based around Ubuntu. Most of the contributors to Linux are users (either on a large or small scale) or are hired by users. If Canonical does not provide them with the security they want, they can and will go elsewhere. There are lots of Linux distros and companies selling services based upon it. In a worst case, Linux can fork to provide users what they need. Basically, is comes down to motivation. If Ubuntu is not good enough, Canonical loses money; ergo, Canonical will invest in security improvements so they can make more money.

    When Windows does not provide the appropriate level of security to make the average user happy, Microsoft does not lose significant money. In fact, in many cases machines are slowed down by malware such that the user does switch to a new vendor. The problem is, they switch computer vendors (from Dell to Lenovo for example) and Microsoft actually gets an extra sale out of it. Usually the influence MS wields in the desktop OS market makes switching to another OS vendor impractical or uneconomical, especially given MS's ability to break interoperability with other OS's and lock in user's via their data, applications, etc.

    Now what will you complain about? Their sucky OS?

    It is not even that Windows sucks on technical merits. They suck because they are the biggest target and they don't care. When I go down to the bar, I don't wear a bulletproof vest of any sort. When I browse the internet from a Mac or Linux machine I don't bother with sandboxing my browser or running it in a VM that resets every time I use it, or even running antivirus software scans. I don't need to. If, I take a business trip to Baghdad, I'll probably wear a vest. Most people would not think to do so. For someone at a tourist bureau in Baghdad to try to persuade people that Baghdad is a more secure place than Minneapolis is absurd. For them to argue that there are more troops protecting you in Baghdad than in Minneapolis is beside the point. For them to argue their are concrete emplacements and checkpoints to catch "bad guys" is likewise beside the point. The measures in place are insufficient to deal with the level of threat presented. This is true for Baghdad and Windows.

    And to answer your second question, if Ubuntu were regularly compromised in daily use, yeah I'd argue its security sucks. There is a lot of work that can be done to make every OS more secure for users, but for the most part only Windows has a big problem for normal