Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zombie Network Explosion

Posted by CmdrTaco on from the want-braaains dept.

anti-globalism writes "The number of compromised zombie PCs in botnet networks has quadrupled over the last three months. Shadowserver tracks botnet activity and the number of command and control servers. It uses a variety of metrics to slice and dice its figures based in part on the entropy of botnet infections. The clear trend within these figures is upwards, with a rise in botnet numbers of 100,000 to 400,000 (if 30 day entropy is factored into equations) or from 20,000 to 60,000 (for five day entropy)."

12 of 262 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  2. How can you tell if a box is zombied? by oldspewey · · Score: 5, Interesting

    Honest question - without resorting to answers like "if it's not running Linux it's zombied" I'd be curious to know how the average user can even determine whether their box is pwn3d.

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
    1. Re:How can you tell if a box is zombied? by John+Hasler · · Score: 5, Funny

      "if it's not running Linux it's zombied"

      It isn't that easy. It might also be running BSD.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:How can you tell if a box is zombied? by v1 · · Score: 5, Insightful

      If you are only interested in actively used botnets (for DDoS and spam for example) then when you plug in the ethernet cable the router lights go mad, that's a good sign its pwned.

      You can't really look at the network usage using tools ON the machine, as rootkits are designed to hide all their activity from the system tools by modifying them. So the owned windows box may show little or no network traffic while your router is nearly catching on fire. But the lights on the switch/router don't lie.

      --
      I work for the Department of Redundancy Department.
  3. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  4. Insane increase in SSH attacks by h2o2 · · Score: 5, Informative

    I noticed an incredible increase in DenyHosts alerts over the last three days to the extent that I had to turn off alert emails. This picture says it all: http://stats.denyhosts.net/stats.html

  5. Re:I think I played that by Anonymous Coward · · Score: 5, Funny

    All I know is that I saw the words "zombie" and "explosion", and thought This is it! Finally! and grabbed my shotgun. So disappointed.

  6. Re:Interesting. by Lumpy · · Score: 5, Funny

    That's odd.

    I mostly have a email box full of messages that simply state...

    BRAINS!!!!

    I hate Zombie explosions, leaves festering goo all over the place.

    --
    Do not look at laser with remaining good eye.
  7. Riddle me this... by davmoo · · Score: 5, Interesting

    So if researchers can detect these things with apparent reliability in their process, why can't ISPs detect them the same way and cut the bastards off?

    If Comcast and ilk such as that were really interested in conserving network bandwidth, they'd be cutting off zombies instead of putting on bandwidth caps.

    --
    I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
  8. Re:Interesting. by M1rth · · Score: 5, Insightful

    Probably safe to assume a new hole was found in something windows-ish and is making the rounds, gathering up all the vulnerable machines.

    Before someone jumps on the "everyone should use Linux" bandwagon, Windows has over 90% of the market. Windows also has much more of the casual user market and much less of the enthusiast market - and the casuals don't keep a hawklike watch on their system.

    Therefore, if you want to make a big botnet, compromising Windows is the way to go.

    Someone found a new vulnerability, but didn't publicize it. Or they're exploiting the same old vulnerabilities (PICNIC, blank admin passwords, etc) and just stepped up their efforts again.

    If your machine's admin password is blank and you're not behind a NAT, you are completely exposed. All the botnet guys have to do is get into the system through XP Pro's originally configured default drive shares and replace one commonly used file (say, a favorite new video game) with their payload. The user reinstalls the game figuring it got corrupted and it wipes out how they originally got in - but they're already in the system with a rootkit installed from the time the user tried to run your game, and it's a bot.

    The unfortunate reality is that the largest vulnerability is, and will be, the human element. They want their login to be "easy" - so anyone who gets physical access to the machine gets root access with no password credentials, or they use a trivially-cracked password. They want to "simplify" their security arrangements. They trust an email sent by their friends (or sometimes even spoofed to look like it came from themselves) or "system administrator at your domain."

    End result? More vulnerabilities.

    Unfortunately, the "solution" involves either telling a lot of crybabies "no, you can't have it this way" or else changing human nature. And it's not in human nature to stand up to the crybabies (actually, an actual corporation never would - it's "bad customer relations.")

    --
    If you can read this sig, congratulations, you have your glasses on!
  9. Zombie Network Explosion by Anonymous Coward · · Score: 5, Funny

    Best band name ever!!

  10. Re:clear sign that by MadMidnightBomber · · Score: 5, Funny
    Someone got a mail past our spamfilters at uni, pretending to be from the helpdesk, which contained a URL to some malicious code with instructions to download and run it.

    Not only did loads of Windows users run the damn thing, but we got loads of helpdesk tickets from Mac users asking for a Mac version.

    --
    "It doesn't cost enough, and it makes too much sense."