Slashdot Mirror


New Mega-Botnet Discovered

yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"

9 of 257 comments (clear)

  1. Re:Can Help? by PotatoFarmer · · Score: 4, Insightful

    So true. And so uncalled for here. Because surfing legitimate sites and catching a trojan is nothing that network security can do about.

    How so? Network security in this context doesn't mean setting up a firewall and calling it a day, it means layered security of the entire network, including all the devices attached to it.

    In the case of a trojan payload, properly patched machines along with restricted user accounts help quite a bit.

  2. One of four malware tools to find it... by east+coast · · Score: 4, Insightful

    I wonder if the AVG product they were using was the freeware version or one of the commercial products...

    I think it's great that they find this kind of stuff but at the same time I have some misgivings about how they don't do much to point the public in the right direction as far as finding out if they're infected or what they can do to remedy the situation. It seems that a lot of security articles are lean on providing the details about helping yourself to a more secure system.

    --
    Dedicated Cthulhu Cultist since 4523 BC.
  3. Re:Can Help? by LostCluster · · Score: 4, Insightful

    Maybe it's unavoidable that when you let people download, they may get fooled. However, noticing you've got a botnet on your network is Network Security's job.

  4. Clean up botnets by DragonDru · · Score: 5, Insightful

    How can we expect to clean up the botnets if the hosts are never contacted. I may think I am clean, but if I unknowingly lack the skills to know better, I would never know better, and would never do better. The big papers detailing botnets never provide enough details to know if *I* screwed up the internet.

    --
    20 characters max for the password? How will I use my favorite poems as passwords?
  5. Re:Can Help? by thePowerOfGrayskull · · Score: 4, Insightful

    > In the case of a trojan payload, properly patched machines > along with restricted user accounts help quite a bit.

    So why does the XP installer first create an Administrator account and then prompts you to create a "user" account, which ALSO has (to have) administrative access??

    There's a few million infections right there...

    We're not talking about home users, we're talking about sys admins who should know better than to allow this when they configure users in their domains; and when they mass-prepare their workstation images.

  6. Re:Can Help? by pwizard2 · · Score: 4, Insightful

    Although Linux is better than most systems out there and is resistant to the various drive-by attack methods, nothing is completely impervious to malware. Linux can still get hit with a trojan if the user can be tricked into installing a tainted package as root.

    --
    "It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
  7. Re:Can Help? by maxume · · Score: 4, Insightful

    Required for what exactly? There are probably government computers that legitimately need access to the internets.

    --
    Nerd rage is the funniest rage.
  8. Re:Can Help? by steveb3210 · · Score: 5, Insightful

    Cue the response of the typical /. user:

    "I use linux and firefox and noscript and noflash and adblock plus.... so therefore I should be able to surf ANY site I want to..."

    Too bad you forgot to turn off images and just got pwned by the 0 day buffer overflow the hackers discovered in libjpeg.

  9. Re:Can Help? by Bigjeff5 · · Score: 5, Insightful

    Ever notice that 99% of trojan and virus attacks require user intervention?

    Social Engineering is the primary attack risk to a computer network once basic protection measures are taken (firewall, AV, and current updates), because users are the primary vulnerability. That's why it is usually worth the trouble to simply give the user bare minimum rights to their machines. It helps limit the damage they can cause.

    This is, however, inconvenient, and so is not done universally. There are even reasons not to do it that are sound, though requiring any kind of security generally makes low user rights a necessity.

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller