Slashdot Mirror


New Mega-Botnet Discovered

yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"

4 of 257 comments (clear)

  1. Need I say more? by udippel · · Score: 5, Interesting

    From the article:
    Around 45 percent of the bots are in the U.S., and the machines are Windows XP.

    On the other hand:
    Nearly 80 percent run Internet Explorer; 15 percent, Firefox; 3 percent, Opera; and 1 percent Safari
    What else does one expect? Since it is an infection spread through trojans on legitimate sites and XP the target, what can we expect the browser to do?

    In the end, we might see all browsers running completely sandboxed on demand, that is: no interaction with the rest of the system; a 'browse-only' kiosk.

  2. Re:FTP? by TubeSteak · · Score: 5, Interesting

    Then what would people use to download and upload files? Would FTP come back into style?

    I already use a program called SandBoxie after seeing it mentioned on /.
    You can either allow files to escape the sandbox on a case by case basis or setup default allows wherever you like.
    And as a general comment, it's terribly easy to allow files into a sandbox, like when you want to upload something, but not allow any changes out.

    P.S. FTP server/client software has terrible security. Even the most popular ones, which have been around for over a decade, still get hit with remote exploits.

    --
    [Fuck Beta]
    o0t!
  3. Re:is it really this bad? by mea_culpa · · Score: 5, Interesting

    I think it is more widespread. I'll take my local bank as an example. I stop by to make a deposit, I notice the teller minimizing her facebook page as I glanced at the screen.
    I am shocked that a bank would allow any www access on a machine that has direct access to accounts. Dollars to donuts there is some form of malware on that machine, or already throughout their network.
    It was my belief that competent IT would only allow the necessary Intranet infrastructure to run the banks applications. But I would bet their policies get changed by ignorant management that are sold on 'security' appliances and software to protect themselves while granting www access.

  4. Re:Can Help? by Anonymous Coward · · Score: 5, Interesting

    Maybe it'll finally open the government's eyes to protecting their networks.

    Oh, they realize it. There is a big push to have a standard secure desktop to all of the Fed's computer. The standard is good. It does everything that you'd expect for a secure desktop. Restriction of services, and admin accounts, and blocking Active X controls. Lock down the ability to connect to Windows share willy-nilly. Make sure that all the patches to software are installed in a timely fashion. (IE: Conflicker should not be infecting Federal machines, if they were following these guidelines, they would have had the patch deployed in 10 days) And the best part is (in theory anyway, I have yet to see it actually happen) that if a software vendor wants to be on GSA, they need to certify that their application can run without admin rights. And if they don't they need to document exactly why.

    The problem? It was supposed to be implemented February of 20088. And outside of a few big pilot programs, nobody has the thing 100% implemented yet.

    Part of the problem is that if you implement everything, you're practically guaranteed to not be able to work in your environment, so one must find and document the exceptions. If you have a crappy network/desktop practices to begin with, you'll be screwed in your deployment. Our practices were good to begin with, scoring 80% compliance, and it didn't take much to get to 90%, but that last 3% to be in the green is proving to be a killer.

    There are some exceptional sysadmins out there, but they are often hogtied by anti-security regulations and expectations.

    The regulations generally aren't the problem (Though just last month it was announced that Entrust encrypted email is no longer acceptable to send PII through. You have to use an encrypted USB thumbdrive. And not just any drive, A Kanagaroo drive. No BlackBox Data Travellers, no IronKeys, just these colorful Kanagroo drives, so sometimes the regs don't make sense), it's the expectations. I'm always told that "The company (I work for a subcontractor to the feds) will do everything that they can to make sure that we meet Cyber's needs". Which is great until somebody with enough political clout is inconvenienced. Fortionatly, this is becoming more and more rare, as the Feds have been backing our decisions.

    Support from software vendors also suck: "It works for us, why don't you give them admin rights, that'll fix it?" Uh, not just no, HELL NO