Slashdot Mirror


New Mega-Botnet Discovered

yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"

3 of 257 comments (clear)

  1. Clean up botnets by DragonDru · · Score: 5, Insightful

    How can we expect to clean up the botnets if the hosts are never contacted. I may think I am clean, but if I unknowingly lack the skills to know better, I would never know better, and would never do better. The big papers detailing botnets never provide enough details to know if *I* screwed up the internet.

    --
    20 characters max for the password? How will I use my favorite poems as passwords?
  2. Re:Can Help? by steveb3210 · · Score: 5, Insightful

    Cue the response of the typical /. user:

    "I use linux and firefox and noscript and noflash and adblock plus.... so therefore I should be able to surf ANY site I want to..."

    Too bad you forgot to turn off images and just got pwned by the 0 day buffer overflow the hackers discovered in libjpeg.

  3. Re:Can Help? by Bigjeff5 · · Score: 5, Insightful

    Ever notice that 99% of trojan and virus attacks require user intervention?

    Social Engineering is the primary attack risk to a computer network once basic protection measures are taken (firewall, AV, and current updates), because users are the primary vulnerability. That's why it is usually worth the trouble to simply give the user bare minimum rights to their machines. It helps limit the damage they can cause.

    This is, however, inconvenient, and so is not done universally. There are even reasons not to do it that are sound, though requiring any kind of security generally makes low user rights a necessity.

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller