Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Massive Botnet Building On Windows Hole

Posted by kdawson on from the so-patch-it-already dept.

CWmike writes "The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed 'Downad.a' by Trend (and 'Conficker.a' by Microsoft and 'Downadup' by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. 'We think 500,000 is a ballpark figure,' said Macalintal when asked the size of the new botnet. 'That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's... starting to grow.'"

11 of 223 comments (clear)

  1. Re:Going around my work already by Anonymous Coward · · Score: 3, Insightful

    Three words:

    Incompetent IT Department.

  2. Re:Idiots by LtGordon · · Score: 4, Insightful

    I own a legit copy of XP Pro and it bothers me how frequently MSFT releases that Genuine Advantage garbage. If only they put that kind of enthusiasm into the rest of their products.

  3. Re:Go vigilante by alohatiger · · Score: 5, Insightful

    ISP action is definitely appropriate. If they can tell who is using torrent software, they should be able to tell who is sending spam and which machines are part of a botnet.

    Filtering/quarantine at this level is like shooting down a scud missile on the way up instead of on the way down.

    --
    Bigtime Consulting - "We're the best because we cost the most"
  4. Re:Idiots by jaxtherat · · Score: 5, Insightful

    Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

    Not sure why this was modded funny, as this seems to be far and away the predominant mentality of windows users...

    --
    http://www.zombieapocalypse.tv/
  5. Re:Idiots by 0123456 · · Score: 5, Insightful

    "Some think they know better what updates to install than Microsoft suggests."

    When updates stop breaking other software, and Microsoft stop bundling DRM as 'critical updates', then I suspect people will start trusting Microsoft to tell them what updates to install.

    Personally I like to see what Microsoft are doing to my computer before I install it.

  6. Re:Idiots by Xabraxas · · Score: 4, Insightful

    You're just an idiot then. You don't need to click on FREEREGISTRYSCANNER or anything like that to get infected. In fact you can click on a link that you click everyday and get infected. The best you can do is stay up-to-date and pray for no 0 day exploits.

    --
    Time makes more converts than reason
  7. Analogy by jaavaaguru · · Score: 3, Insightful

    If you buy a gun, and leave it sitting in your front garden, then some criminals come along, take control of it, and kill everyone in your street, you're kind of responsible for that.

    Apart from the obvious killing != spam and/or fraud, how is leaving an unprotected OS with known problems available to be hijacked by anyone who wants to do damage with it any different? You should still be responsible (although the punishment might be different). Suppliers should be forced to make this obvious to people buying this stuff.

    --
    Follow me
    1. Re:Analogy by NicknamesAreStupid · · Score: 5, Insightful

      What if I buy a rosebush and plant it in my garden, then somebody uses it to deface little kids and old ladies with its thorns? Am I kinda liable for that?

      Is a computer more like a gun or a rosebush? I guess that depends on whether it is running Windows or Linux.

    2. Re:Analogy by Bane1998 · · Score: 5, Insightful

      Computer to 'Some simple concept' analogies are stupid as hell. Get over your elitism. Most people don't understand the first thing about computers, and they don't have to. Just like most people use a TV, VCR, whatever, without any clue how it works, they just use it to play movies. Blinking 12:00.

      Your analogy fails because leaving a gun out is gross negligence. It's a dangerous thing, and that's fairly obvious. A computer isn't. I suppose an argument could be made that computers are dangerous. It would be quite a stretch though. In that case there should be mandatory licensing to operate one, you know... like a car. But there isn't. So, either make the argument that computers are dangerous and should be controlled (and make sure you understand the actual ramifications of that argument), or stfu and realize that no, most people don't understand Computer Security or why it's important, and they never will.

      And then, as an expert in the field, learn that you aren't smarter than mom and dad using their computer, you just have a specialized skill set. Most nerd kids like prolly half the slashdot crowd are or were.. started out with computers coming naturally to them. It's easy to assume then that it shoudl come naturally to everyone. And when you see it doesn't, your first reaction is that something is broken in them. After that nerd grows up a bit in the world, that person learns that no... they aren't idiots. We just have an aptitude for something that others don't. And that doesn't make them dumb. They probably have skills we don't. Say... socializing for example. So my guess is your (and all those who always come to slashdot posting the same song and dance) maturity level hasn't quite evolved yet.

      And to not be elitist myself... I can admit I was once the same way. I grew out of it, as will you. :)

  8. Re:Idiots by dissy · · Score: 4, Insightful

    I dont get viruses because I'm not a wintard who opens any FREEREGISTRYSCANNER add they see.
    I've been running windows xp without firewalls/AV for like four years now. Every 6 months or so I scan for viruses, rootkits, trojans, and adware, and i've yet to come up with anything.

    Well of course if you have a rootkit, scanning for rootkits will show clean. Thats how they work.

    A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using, and the rootkit feeds back false info such as directory listings omitting the rootkits files, and if one tries to open one of its files by name, the open() call now controlled by the rootkit returns a no such file error.

    You no doubt have a home router that does a form of NAT, which acts as a firewall for all intents and purposes for incoming connections, so your statement about not running a firewall is false.
    At least I hope so, else you have been rooted 10 minutes after connecting your computer to the internet. Sadly, your description fits the profile of someone who is infected and doesn't even know it because it has been that way since day one it went online.

  9. Re:Dial up users. by Ragzouken · · Score: 4, Insightful

    Did you read the bit where he said what you said?