Slashdot Mirror
New Mega-Botnet Discovered
yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"
Can they fix the government? Infect AIG and get our money back?
Maybe this isn't such a bad thing after all.
Beer is proof that God loves us and wants us to be happy.
large corporate and government PCs
So small ones are mostly safe.
THL phish sticks
It looks like Guardian has finally been uncovered. Everybody act really friendly, no fast moves to the on/off switch.
Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
From the article:
Around 45 percent of the bots are in the U.S., and the machines are Windows XP.
On the other hand:
Nearly 80 percent run Internet Explorer; 15 percent, Firefox; 3 percent, Opera; and 1 percent Safari
What else does one expect? Since it is an infection spread through trojans on legitimate sites and XP the target, what can we expect the browser to do?
In the end, we might see all browsers running completely sandboxed on demand, that is: no interaction with the rest of the system; a 'browse-only' kiosk.
Get Abby & the whole NCIS crew on the job. Everyone know a goth hacker chick will solve it!
Need more useless stuff to read on teh internetz?
In the end, we might see all browsers running completely sandboxed on demand, that is: no interaction with the rest of the system; a 'browse-only' kiosk.
Then what would people use to download and upload files? Would FTP come back into style?
Have they used it yet, and have we seen an effect?
Within the past few days, I have seen an increase in spam volume.. It's been an interesting week so far.
Nouvelles de jeux et technologies en français. TC
Do they email you?
They had switched to Vista like MS was chanting all along they would not have had all thoes security holes in XP... oh wait Linux is what i was thinking of not Vista lol
Why are you blaming the US government for (a) defects in software they didn't write; and (b) a malicious botnet created and operated by someone else? The only reason the US government is being singled out in this article is because it makes the story more sensational, which means more eyeballs, which means more ad revenue.
are the government IT in the USA really this incompetent?
Was that a rhetorical question?
What did you smoke?
I wonder if the AVG product they were using was the freeware version or one of the commercial products...
I think it's great that they find this kind of stuff but at the same time I have some misgivings about how they don't do much to point the public in the right direction as far as finding out if they're infected or what they can do to remedy the situation. It seems that a lot of security articles are lean on providing the details about helping yourself to a more secure system.
Dedicated Cthulhu Cultist since 4523 BC.
It's just "Ukraine", not "the Ukraine".
How about not, and it's actually more a case of the consumer's fault for demanding an easy life instead of something that works without breaking everything, but hey, dont let me get in the way of a good bit of MS bashing.
Now with more Bot to boost your immune system!
The Kruger Dunning explains most post on
Why shouldthe senators and congressmen from the state of Washington take all the heat?
www.blockacountry.com
I think it is more widespread. I'll take my local bank as an example. I stop by to make a deposit, I notice the teller minimizing her facebook page as I glanced at the screen.
I am shocked that a bank would allow any www access on a machine that has direct access to accounts. Dollars to donuts there is some form of malware on that machine, or already throughout their network.
It was my belief that competent IT would only allow the necessary Intranet infrastructure to run the banks applications. But I would bet their policies get changed by ignorant management that are sold on 'security' appliances and software to protect themselves while granting www access.
Of course I'm running Linux. Think I'm suicidal?
How can we expect to clean up the botnets if the hosts are never contacted. I may think I am clean, but if I unknowingly lack the skills to know better, I would never know better, and would never do better. The big papers detailing botnets never provide enough details to know if *I* screwed up the internet.
20 characters max for the password? How will I use my favorite poems as passwords?
I thought this article was about this story from the BBC about UK government PCs in botnets, is it a coincidence that two Windows based government botnet stories appear at the same time? Or is this just a sign of how fit Windows is for the job.
http://news.bbc.co.uk/1/hi/technology/8010729.stm
"All of the infected machines were Windows-based PCs and the vulnerability was targeting security holes in Internet Explorer and Firefox."
A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.
Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."
Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" sobbed marketing marketer Steve Ballmer.
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.
"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."
"Yes," said Phagge. "Yes, they do."
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.
http://rocknerd.co.uk
For once, an article on botnets notes that the infected machines are in fact Windows. You don't see that often.
http://rocknerd.co.uk
So somebody please explain to me, how the initial infection actually happens (from TFA):
"victims are infected when visiting legitimate Websites containing a Trojan"
How does this even run, nevermind take over the whole system??
Microsoft are pretty competitive in the cloud computing arena.
That is a pretty sweeping statement, similar to saying that all American companies can't lock their doors down.
This varies by department, organization, and sysadmin. A lot of US government divisions have intelligent, alert, and aware employees who do a good job at what they do. However, these people don't make the news.
This is one of the things with IT. If you do a good job, nobody notices. Its only if stuff fails is when people notice. Same thing with this mess.
what does the scouter say about the botnets powerlevel?
Blurred screen shots, off-handed mention of files and sites...
Why not at least release specifics so that we can avoid these sites?(or at least get them to clean up their act)? Why not give us details about the actual filenames and so on?
Or at least give us details on the actual control application and the files it is paid to infect the computers with so that we can avoid them.
Articles like this annoy me because they accomplish nothing constructive.
For starters they let MS off the hook too easily, which could be the reason that Windows sucks so bad at security in the first place.
I am shocked that a bank would allow any www access on a machine that has direct access to accounts.
It is funny how people can spend a fortune on security and then do something like install a WEP protected Wifi access point in one of the offices that is trivial to crack and that gives you direct access to otherwise heavily fortified networks. Another thing that can guarantee a good laugh is wireless connected security cameras. I saw this interview on TV the other day with a guy whose child had some sort of chronic disease. Apparently he was something of a Nerd because had installed a camera in the back of his car hooked up to and a Netbook or some such gadget so he could keep an eye on the kid. He told the reporter that the system worked fine but he had to make some modifications to the software because when he used the out-of-the-box configuration when he was driving through the city centers and business districts, he would keep getting cross connections from wireless connected security cameras all the time. You'd think that in this day and age wireless security cameras would have an encrypted connection.
I've switched to lynx.
“Common sense is not so common.” — Voltaire
Why are you blaming the US government for (a) defects in software they didn't write
But Microsoft gives them opportunity to review the code for security purposes, so they should have seen this coming.
I just made that up.
But I didn't make up the fact that the US government can review the code of open source alternatives. So they screwed up in at least one of two ways: (1) no ability to recognize security holes in the software they are using, (2) choosing a closed source system. Either way, they don't get off the hook on this one.
Just callin' it like I see it.
I blame them for letting Microsoft get away with leveraging their low-security rubbish, and not taking them down when they had the chance.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
I thought that was the whole point of posting.
Nerd rage is the funniest rage.
I get a little tired of this silliness of "Oh Windows is unfixably hackable!" That shows an amazing ignorance of computer security. Good admins realize that there is no such thing as perfect security, and no system that can't be broken in to. So the answer isn't the hunt for the perfect system, the answer is defense in depth. You secure your systems and network on multiple levels, and you keep an active watch on what happens. You take proactive steps to keep things secure, you don't just sit back and say "Well my OS is invincible."
It is the same basic philosophy you see in physical security. Good physical security doesn't come from trying to have a single unbreakable defense, it comes from layers.
The crowing on about Macs really makes me think of a home analogy: The Mac types have decided security comes from living in a gated community away from the "rabble". They pay to live in their special enclave, and figure the exclusivity keeps them safe. Over all, it does, they are a smaller target. However they are lax on their security because of this, they leave doors unlocked, valuable laying around and so on. However the security is all in appearances, it isn't real. Finally, someone decides to hit the community, and simply goes off road and bypasses the gate guard. They then have free run, because of the laxness of the users.
Me? I take the bad neighborhood view, regardless of OS. Security comes from a host firewall, and a network firewall, and a virus scanner, and an IDS, and keeping the system patched, and a good password, and running as a deprivileged users and so on. No one of those things is what makes security good, it is the more of them you do. It is a defense in depth, so that a single failure doesn't have wide spread implications.
So if your security is switching to Macs, well have fun then. Best you DON'T encourage others to join you though, since your security is all in remaining small.
Why are you blaming the US government for (a) defects in software they didn't write...
I don't blame them for flaws in software they didn't write, I blame them for buying that crap in the first place....
I am continuously validated on a little theory I have come to about computer security.
There is no such thing.
I see people say Windows this Linux that and Oh My Mac but I have come to believe that unless the dam thing is cut off from the internet, wireless cards removed and under guard physically 24/7, if someone wants in the thing bad enough, they will do it.
We have a winner!!!
The fact that the military discovered that they had lost terabytes of info on a new fighter tells me that they have no clue. A secure military network with any sort of internet link??? GAAAAK!
Anyone who says they can absolutely protect an internet connection is either lying or deluded. You can protect against known attacks. There is no way to be 100% protected against unknown attacks. The attacks to be worried about are always the unknown attacks.
Idiots with lots of your dollars at work.
This is anecdotal, but after having recently spent a month in Ukraine (please, not THE Ukraine... it isn't plural) and witnessing first hand the rampant use of illegal versions of XP, I am not surprised by this discovery at all. The illegal versions (DVD eXtreme Edition, Fuck You Bill!) can't be subjected successfully to WGA and therefore cannot be fully patched. Blame who you want, but this is how it is there right now. The culture is such that they don't bat an eye at getting a burned DVD in a shiny official-looking case (with XP DVD! printed on it) for way less than what they'd pay for one from Microsoft. To be clear, this is the Ukrainians I'm talking about. I have no idea about the U.S. government buildings.
Get off my lawn! Megabots are so 1980's. We had Transformers back before you whippersnappers were even born!
For real!
LOL!
ha ha
I agree with you, for different reasons than you think. Facebook at work.. IM or personal email at work.. all bad.. I'm as much an internet junkie as anybody, but I have learned to separate my personal life and interests from my work life... I think more worrying than the bots, is the ease at which she could copy information and send it to herself.
As to mixing web access and banking.. well I do online banking all the time. I might be more paranoid about it I suppose, if I had to keep cleaning my machine of bots, virri and malware.. (you can guess why I don't have to).. I suppose if she was running Facebook on a different OS it wouldn't be so concerning, but more than likely she wasn't
waiting for ad.doubleclick.net
I'm shocked they're still your bank.
But if you're not willing to put in extra effort to protect your own money, why are you surprised your bank doesn't?
This statement reeks of someone who has little or no experience in the business/real world. This all sounds well and good in academia, but do you seriously expect people to sit and stare at a computer for 8 hours and not have any "downtime?" I agree that Facebook is probably not a great website to be visiting on company time, but I think your statement is a little to naive.
In the future, please refrain from implicitly (or, for that matter, explicitly) equating communists with terrorists and/or enemies. They are nowhere close to being the same group of people.
Thank you.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
Mega Botnet?!?!
He is Legend.
Did anyone hold a gun to Microsoft's head demanding that it pander to consumers? Indeed, some of Microsoft's defenders on this site praise its responsiveness to consumers.
As for bashing, why waste a good shell?
Anybody have any idea how this type of infection happens? I.e does a user simply visit the site, and without any sort of prompt automatically downloads a file that runs amok or does the user actually have to invoke something once on the site to download this?
"During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
Only 1.9 million PCs? Boooo-ring! Wake me up when it gets as big as Conficker.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
I don't think you can just grab some numbers from a convenient botnet CnC portal and say ah-hah 1.9 million infected machines for a lot of reasons.
Check out the blog about counting botnet victims at http://blog.damballa.com
...proves you are a monstrous ass whom all good people should permanently ignore.
if windows ever gets their act together so that Windows is better than *nix (linux, mac, solaris, etc), then you can bet that the crackers, virus writers will turn to where it is easier.
I prefer the "u" in honour as it seems to be missing these days.
Researchers from Finjan who found the botnet say it's controlled by six individuals,
We should be able to shut this one down with one clip in a .45.
Have gnu, will travel.
And for the Ultra Mega-Botnet you also have to have Ziva doing something covert, and Tony doing something illegal (cause thats when he knows he is having fun).
I guess that all falls under the lyrics of a song that say "Sometimes you gotta do the wrong thing to the right thing".
Because they're stupid enough to use Windows.
I'm really curious... what bank?
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
I would more blame the government for using way too much of our tax dollars, and not take the time to hit the little "Windows Update" button or install some virus protection. We're not talking about some 70+ year old grandma, but a government with a multi-trillion dollar spending plan. I would expect multiple levels of encryption, routine computer updates and a full suit of anti-virus software on each machine with internet access just to start. For that I blame the government.
Could it be this?
Botnets. World wide botnets.
What kind of boxes are on botnets?
Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even ASUS, too!
Are boxes. Found on botnets!
All running Windows, FOO!
Guaranteed! This comment 100% Anthrax free!
Could be worse. I had an operation a few weeks earlier. While lying in bed waiting for the doctor to get ready. I heard keyboard sounds and opened my eyes to look, and the nurses were looking at their hi5 pages...
Sorry guys,
I see a lot of replies to the post but not enough answers.
I only have 2 little questions since I also use Windows XP.
I use a thinst... "sandboxed" Opera to do my browsing.
1) How can I know if I am already infected / vulnerable?
2) What measures can I take to protect my system?
The "I know my system is safe and I dont have to worry" atitude is security's biggest enemy in my humble opinion. :(
So I have no problem to state that I am not sure that my system can not be harmed
P.S. Before starting a Win/Linux/MacOs OS war let me tell you that
I would prefer to learn to secure a OS that I already know something than to learn how to secure
a OS that I really don't know.
Thanks for any comments/answers
Have a nice day
fade
What of the ISP's that host these botnets. Many of these botnets are used to spew spam. If they do then this is easily detected and IMHO the ISP uplink in question should simply pull the plug and advise their client that it looks as if their toilet is broken because there sure seems to be a lot of sh*t coming from them.
I know my ISP does this. I know because they have phoned me and I had to advise them its not my OpenBSD servers generating spew, but another of their clients on the subnet. We found it fairly quickly.
I've heard so many excuses. Some involve excuses it would breach service agreements. So lets look at that one. How many end users write service agreement contracts? How many end users even read them? I think the answer here is obvious. Pretty much anything reasonable can be written into the contracts so that sort of excuse doesn't hold much water.
The obvious answer is the ISP's in question actually might make money carrying this spew. They certainly made money when they provided connectivity to known spammers. They also make money when they charge extra for static IP's. Note that a static IP makes it much easier to trace and quarantine a bot.
If we want these problems to go away then one way to address the issue is to look at issues of an accessory either before or after the fact.
Let me provide an example. If someone digs a big hole in the road and someone else drives in and wreaks their car and many kills some people in the process, then the excuse of "I didn't know a car could fall into a hole" or "I didn't think anyone would drive their car down this road at night" or any other excuse that might be dreamed up is not likely going to carry much weight. If someone sees the hole and ignores it using the excuse that "Well, its not my hole", then that excuse also is not likely to hold much weight.
An ISP hosting infected machines should be just as liable as the client who owns it. Many of these botnets reveal themselves. We need to start asking for accountability.
Consider people like Conrad Black. Last I heard he's in jail. That is accountability. Any excuses he and his lawyers might have dreamed up didn't carry much weight.
Here is another example. In the movie called "Nuremburg", Alec Baldwin asks in one scene if "anyone in this country accepts responsibility for anything?". I think this says an awful lot. Only one person seemed to be responsible for the killing of millions.
So in this story we have over 1 million bots discovered and apparently 6 perpetrators and how many are responsible? These bots are identified, now what? I've had more than 50,000 bots attack my servers. Can I call the cops? If I provide IP addresses does anyone pull a plug?
We need to think on this.
At some point I really really hope that people running these botnets wipe the hard disks of people running insecure systems. It sounds mean, but people who chose insecure systems, over and over, need to be punished. Stupidity should never be rewarded. Ever. Find out what a secure system is. Find out what an insecure system is. Know the difference. I've seen too many 'go blind' when making decisions like this. Guessing is being stupid. Saying 'oh, I just don't know' is honest, but stupid. Read a little. Learn a little. People who repeat the same mistakes need to be punished.
I do not know the exact law, exact regulation or a link or I would list it, but when I mention this, it will seem obvious to most.
I talked to a tech at a bank, he stated that there were laws on the books that made it illegal to connect up the banks private network that connects to other banks.
He also indicated that automatic updates (any and all) would be considered a violation of those same banking laws.
This is probably why nobody screams bloody murder and why the banks are so quick to eat losses due to fraud and scamming. They know that once the TRUST in the system is compromised, they have lost the war.
Yet just a couple of days ago I read about institutions who did NOT segment their networks (physically separating the connections between public internet and backend banking systems) and were finding that someone with enough technical knowledge could install monitoring software between connections and watch everything that passes. That much of the information is not encrypted as it is suppose to be.
Lets face it people, if you are NOT monitoring your outgoing packets and communications you simply do NOT KNOW whether you are safe or not. This monitoring takes time, time is money. Have you looked at salaries of IT professionals in the Security area of networks. You get what you pay for and the pay typically lags behind almost everyone else in IT, except in specific rare cases and where companies understand the importance. Than they pay higher rates for better people. You do not have to believe me, just go to Glassdoor and see for yourself.
These companies literally lose billions when they are hit, yet they will not pay a simple 6 figure salary to have someone with TCP/IP monitoring and packet sniffing experience montior their networks. Just hiring 3 or 4 of these types of IT professionals would be cheap insurance at preventing break ins and quickly cutting off attempts that probe your networks for weaknesses.
Personally I think companies should create Tiger teams of 3 - 5 IT white hat hackers to work each of three shifts. When the company is probed, have their team attack back. When the honey pot is accessed, proof positive of a cracker and/or hacker, basically someone doing something they should not be doing, go on the offensive.
I have always thought the best defense was a strong offense. Pretty soon the smart crackers would leave your company alone as they do NOT want their infrastructure crippled by attacks any more than you do. And if someone has left their PC unprotected and gets attacked, well that is their personal responsibility. Had they never allowed themselves to get cracked in the first place they would never have been used, attacked and thrown away.
Just leave one port open and we will pwn you with a brand new 0day exploit !!
Linux boxes are the most precioussssss of hostsssss..
By the time you patch it will already be too late.
controlling a million machines ....
So ... to be in compliance, you can only run Windows desktops, is that correct? Wow! Way to feed the MS machine.
See also:
Is NIST endorsing or mandating the use of the Windows XP or Windows Vista operating systems or requiring each setting be applied as stated?
No. NIST does not endorse the use of any particular product or system. NIST is not mandating the use of the Windows XP or Vista operating systems, nor is NIST establishing conditions or prerequisites for Federal agency procurement or deployment of any system. NIST is not precluding any Federal agency from procuring or deploying other computer hardware or software for which NIST has not developed a publication, security configuration checklist, or virtual testing environment. Although the FDCC currently applies to Windows XP and Vista, security guidance is available for other platforms. The OMB and GSA updated the Federal Acquisition Regulation (FAR) on February 28, 2008, Part 39 now reads as follows:
It seems as if they're quite open to non-MS products. Now, I have read the "now reads as follows" bit, so I might be mistaken. But on the face of it...
I have picked up a mod troll! They are following me around and modding posts which clearly are not troll as such.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The government probably installed Cathedral software to initially protect themselves. Who would have thought there was a backdoor?
// no
Just for fun, someone should program two botnets to adapt themselves and hate each other and then see what happens. ;-)
Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
So, everyone that has their Windows computer compromised has only himself/herself to blame? They could have used Open Source, and they could have hired someone to review the Open Source software, which guarantees that it's bug-free, right? So it's really their own fault for getting hacked. Riiight..
You're making unreasonable assumptions about the ability of the government to have prevented this: that these machines weren't fully updated with the latest virus protection, and that updates and virus protection are infallible, which would require that virus authors submit their work to all of the anti-virus vendors before releasing it into the wild.
If you want to hold the government to a higher standard, good for you. I suspect the tax consequences of that higher standard would prevent us from ever reaching it, though.
Riiight.
Everybody != Government of USA
Just callin' it like I see it.
You're in a Windows shop. You run Windows apps. It doesn't matter if Windows gets malware. You're Windows all the way, Ra RA! Good for you.
A pity for your customers, though. I hope they aren't processing my credit application. Or my medical records. Or my driver's license. Or anything else having to do with me.
Help stamp out iliturcy.
Just run Windows games in virtualization
And watch the games become slideshows. Or has support for DirectX and OpenGL in virtualization improved since I last checked? Or did you mean things like solitaire and Tetris®, which are probably already cloned to heck and back on every single L*n?x desktop environment?