New Mega-Botnet Discovered
yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"
How so? Network security in this context doesn't mean setting up a firewall and calling it a day, it means layered security of the entire network, including all the devices attached to it.
In the case of a trojan payload, properly patched machines along with restricted user accounts help quite a bit.
I wonder if the AVG product they were using was the freeware version or one of the commercial products...
I think it's great that they find this kind of stuff but at the same time I have some misgivings about how they don't do much to point the public in the right direction as far as finding out if they're infected or what they can do to remedy the situation. It seems that a lot of security articles are lean on providing the details about helping yourself to a more secure system.
Dedicated Cthulhu Cultist since 4523 BC.
Maybe it's unavoidable that when you let people download, they may get fooled. However, noticing you've got a botnet on your network is Network Security's job.
How can we expect to clean up the botnets if the hosts are never contacted. I may think I am clean, but if I unknowingly lack the skills to know better, I would never know better, and would never do better. The big papers detailing botnets never provide enough details to know if *I* screwed up the internet.
20 characters max for the password? How will I use my favorite poems as passwords?
> In the case of a trojan payload, properly patched machines > along with restricted user accounts help quite a bit.
So why does the XP installer first create an Administrator account and then prompts you to create a "user" account, which ALSO has (to have) administrative access??
There's a few million infections right there...
We're not talking about home users, we're talking about sys admins who should know better than to allow this when they configure users in their domains; and when they mass-prepare their workstation images.
Although Linux is better than most systems out there and is resistant to the various drive-by attack methods, nothing is completely impervious to malware. Linux can still get hit with a trojan if the user can be tricked into installing a tainted package as root.
"It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
Required for what exactly? There are probably government computers that legitimately need access to the internets.
Nerd rage is the funniest rage.
Cue the response of the typical /. user:
Too bad you forgot to turn off images and just got pwned by the 0 day buffer overflow the hackers discovered in libjpeg.
Ever notice that 99% of trojan and virus attacks require user intervention?
Social Engineering is the primary attack risk to a computer network once basic protection measures are taken (firewall, AV, and current updates), because users are the primary vulnerability. That's why it is usually worth the trouble to simply give the user bare minimum rights to their machines. It helps limit the damage they can cause.
This is, however, inconvenient, and so is not done universally. There are even reasons not to do it that are sound, though requiring any kind of security generally makes low user rights a necessity.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller