Slashdot Mirror
New Mega-Botnet Discovered
yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"
Can they fix the government? Infect AIG and get our money back?
Maybe this isn't such a bad thing after all.
Beer is proof that God loves us and wants us to be happy.
large corporate and government PCs
So small ones are mostly safe.
THL phish sticks
It looks like Guardian has finally been uncovered. Everybody act really friendly, no fast moves to the on/off switch.
Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
From the article:
Around 45 percent of the bots are in the U.S., and the machines are Windows XP.
On the other hand:
Nearly 80 percent run Internet Explorer; 15 percent, Firefox; 3 percent, Opera; and 1 percent Safari
What else does one expect? Since it is an infection spread through trojans on legitimate sites and XP the target, what can we expect the browser to do?
In the end, we might see all browsers running completely sandboxed on demand, that is: no interaction with the rest of the system; a 'browse-only' kiosk.
Get Abby & the whole NCIS crew on the job. Everyone know a goth hacker chick will solve it!
Need more useless stuff to read on teh internetz?
In the end, we might see all browsers running completely sandboxed on demand, that is: no interaction with the rest of the system; a 'browse-only' kiosk.
Then what would people use to download and upload files? Would FTP come back into style?
are the government IT in the USA really this incompetent?
Politics is Treachery, Religion is Brainwashing
Have they used it yet, and have we seen an effect?
Within the past few days, I have seen an increase in spam volume.. It's been an interesting week so far.
Nouvelles de jeux et technologies en français. TC
MS has helped terrorism and foreign enemies by creating and defending such a lousy operating system. MS has basically handed our infrastructure to communists.
Hah. Defend that, you pro-IP right wing charlatans.
Do they email you?
They had switched to Vista like MS was chanting all along they would not have had all thoes security holes in XP... oh wait Linux is what i was thinking of not Vista lol
I wonder if the AVG product they were using was the freeware version or one of the commercial products...
I think it's great that they find this kind of stuff but at the same time I have some misgivings about how they don't do much to point the public in the right direction as far as finding out if they're infected or what they can do to remedy the situation. It seems that a lot of security articles are lean on providing the details about helping yourself to a more secure system.
Dedicated Cthulhu Cultist since 4523 BC.
It's just "Ukraine", not "the Ukraine".
Now with more Bot to boost your immune system!
The Kruger Dunning explains most post on
www.blockacountry.com
Of course I'm running Linux. Think I'm suicidal?
How can we expect to clean up the botnets if the hosts are never contacted. I may think I am clean, but if I unknowingly lack the skills to know better, I would never know better, and would never do better. The big papers detailing botnets never provide enough details to know if *I* screwed up the internet.
20 characters max for the password? How will I use my favorite poems as passwords?
I thought this article was about this story from the BBC about UK government PCs in botnets, is it a coincidence that two Windows based government botnet stories appear at the same time? Or is this just a sign of how fit Windows is for the job.
http://news.bbc.co.uk/1/hi/technology/8010729.stm
"All of the infected machines were Windows-based PCs and the vulnerability was targeting security holes in Internet Explorer and Firefox."
A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.
Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."
Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" sobbed marketing marketer Steve Ballmer.
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.
"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."
"Yes," said Phagge. "Yes, they do."
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.
http://rocknerd.co.uk
Yeah, it's called President Obongo supporters.
For once, an article on botnets notes that the infected machines are in fact Windows. You don't see that often.
http://rocknerd.co.uk
So somebody please explain to me, how the initial infection actually happens (from TFA):
"victims are infected when visiting legitimate Websites containing a Trojan"
How does this even run, nevermind take over the whole system??
Microsoft are pretty competitive in the cloud computing arena.
what does the scouter say about the botnets powerlevel?
Blurred screen shots, off-handed mention of files and sites...
Why not at least release specifics so that we can avoid these sites?(or at least get them to clean up their act)? Why not give us details about the actual filenames and so on?
Or at least give us details on the actual control application and the files it is paid to infect the computers with so that we can avoid them.
Articles like this annoy me because they accomplish nothing constructive.
devolves as time progresses. I present Exhibit A for your consideration:
http://www.youtube.com/watch?v=czR1yxKfhUc
That's quite a step down from the people who brought us jazz music and rock 'n roll.
I am shocked that a bank would allow any www access on a machine that has direct access to accounts.
It is funny how people can spend a fortune on security and then do something like install a WEP protected Wifi access point in one of the offices that is trivial to crack and that gives you direct access to otherwise heavily fortified networks. Another thing that can guarantee a good laugh is wireless connected security cameras. I saw this interview on TV the other day with a guy whose child had some sort of chronic disease. Apparently he was something of a Nerd because had installed a camera in the back of his car hooked up to and a Netbook or some such gadget so he could keep an eye on the kid. He told the reporter that the system worked fine but he had to make some modifications to the software because when he used the out-of-the-box configuration when he was driving through the city centers and business districts, he would keep getting cross connections from wireless connected security cameras all the time. You'd think that in this day and age wireless security cameras would have an encrypted connection.
I've switched to lynx.
“Common sense is not so common.” — Voltaire
I thought that was the whole point of posting.
Nerd rage is the funniest rage.
I get a little tired of this silliness of "Oh Windows is unfixably hackable!" That shows an amazing ignorance of computer security. Good admins realize that there is no such thing as perfect security, and no system that can't be broken in to. So the answer isn't the hunt for the perfect system, the answer is defense in depth. You secure your systems and network on multiple levels, and you keep an active watch on what happens. You take proactive steps to keep things secure, you don't just sit back and say "Well my OS is invincible."
It is the same basic philosophy you see in physical security. Good physical security doesn't come from trying to have a single unbreakable defense, it comes from layers.
The crowing on about Macs really makes me think of a home analogy: The Mac types have decided security comes from living in a gated community away from the "rabble". They pay to live in their special enclave, and figure the exclusivity keeps them safe. Over all, it does, they are a smaller target. However they are lax on their security because of this, they leave doors unlocked, valuable laying around and so on. However the security is all in appearances, it isn't real. Finally, someone decides to hit the community, and simply goes off road and bypasses the gate guard. They then have free run, because of the laxness of the users.
Me? I take the bad neighborhood view, regardless of OS. Security comes from a host firewall, and a network firewall, and a virus scanner, and an IDS, and keeping the system patched, and a good password, and running as a deprivileged users and so on. No one of those things is what makes security good, it is the more of them you do. It is a defense in depth, so that a single failure doesn't have wide spread implications.
So if your security is switching to Macs, well have fun then. Best you DON'T encourage others to join you though, since your security is all in remaining small.
I am continuously validated on a little theory I have come to about computer security.
There is no such thing.
I see people say Windows this Linux that and Oh My Mac but I have come to believe that unless the dam thing is cut off from the internet, wireless cards removed and under guard physically 24/7, if someone wants in the thing bad enough, they will do it.
We have a winner!!!
The fact that the military discovered that they had lost terabytes of info on a new fighter tells me that they have no clue. A secure military network with any sort of internet link??? GAAAAK!
Anyone who says they can absolutely protect an internet connection is either lying or deluded. You can protect against known attacks. There is no way to be 100% protected against unknown attacks. The attacks to be worried about are always the unknown attacks.
Idiots with lots of your dollars at work.
This is anecdotal, but after having recently spent a month in Ukraine (please, not THE Ukraine... it isn't plural) and witnessing first hand the rampant use of illegal versions of XP, I am not surprised by this discovery at all. The illegal versions (DVD eXtreme Edition, Fuck You Bill!) can't be subjected successfully to WGA and therefore cannot be fully patched. Blame who you want, but this is how it is there right now. The culture is such that they don't bat an eye at getting a burned DVD in a shiny official-looking case (with XP DVD! printed on it) for way less than what they'd pay for one from Microsoft. To be clear, this is the Ukrainians I'm talking about. I have no idea about the U.S. government buildings.
Get off my lawn! Megabots are so 1980's. We had Transformers back before you whippersnappers were even born!
For real!
LOL!
ha ha
Mega Botnet?!?!
He is Legend.
Anybody have any idea how this type of infection happens? I.e does a user simply visit the site, and without any sort of prompt automatically downloads a file that runs amok or does the user actually have to invoke something once on the site to download this?
"During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
Only 1.9 million PCs? Boooo-ring! Wake me up when it gets as big as Conficker.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
I don't think you can just grab some numbers from a convenient botnet CnC portal and say ah-hah 1.9 million infected machines for a lot of reasons.
Check out the blog about counting botnet victims at http://blog.damballa.com
...proves you are a monstrous ass whom all good people should permanently ignore.
if windows ever gets their act together so that Windows is better than *nix (linux, mac, solaris, etc), then you can bet that the crackers, virus writers will turn to where it is easier.
I prefer the "u" in honour as it seems to be missing these days.
Researchers from Finjan who found the botnet say it's controlled by six individuals,
We should be able to shut this one down with one clip in a .45.
Have gnu, will travel.
And for the Ultra Mega-Botnet you also have to have Ziva doing something covert, and Tony doing something illegal (cause thats when he knows he is having fun).
I guess that all falls under the lyrics of a song that say "Sometimes you gotta do the wrong thing to the right thing".
Could it be this?
Botnets. World wide botnets.
What kind of boxes are on botnets?
Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even ASUS, too!
Are boxes. Found on botnets!
All running Windows, FOO!
Guaranteed! This comment 100% Anthrax free!
Sorry guys,
I see a lot of replies to the post but not enough answers.
I only have 2 little questions since I also use Windows XP.
I use a thinst... "sandboxed" Opera to do my browsing.
1) How can I know if I am already infected / vulnerable?
2) What measures can I take to protect my system?
The "I know my system is safe and I dont have to worry" atitude is security's biggest enemy in my humble opinion. :(
So I have no problem to state that I am not sure that my system can not be harmed
P.S. Before starting a Win/Linux/MacOs OS war let me tell you that
I would prefer to learn to secure a OS that I already know something than to learn how to secure
a OS that I really don't know.
Thanks for any comments/answers
Have a nice day
fade
What of the ISP's that host these botnets. Many of these botnets are used to spew spam. If they do then this is easily detected and IMHO the ISP uplink in question should simply pull the plug and advise their client that it looks as if their toilet is broken because there sure seems to be a lot of sh*t coming from them.
I know my ISP does this. I know because they have phoned me and I had to advise them its not my OpenBSD servers generating spew, but another of their clients on the subnet. We found it fairly quickly.
I've heard so many excuses. Some involve excuses it would breach service agreements. So lets look at that one. How many end users write service agreement contracts? How many end users even read them? I think the answer here is obvious. Pretty much anything reasonable can be written into the contracts so that sort of excuse doesn't hold much water.
The obvious answer is the ISP's in question actually might make money carrying this spew. They certainly made money when they provided connectivity to known spammers. They also make money when they charge extra for static IP's. Note that a static IP makes it much easier to trace and quarantine a bot.
If we want these problems to go away then one way to address the issue is to look at issues of an accessory either before or after the fact.
Let me provide an example. If someone digs a big hole in the road and someone else drives in and wreaks their car and many kills some people in the process, then the excuse of "I didn't know a car could fall into a hole" or "I didn't think anyone would drive their car down this road at night" or any other excuse that might be dreamed up is not likely going to carry much weight. If someone sees the hole and ignores it using the excuse that "Well, its not my hole", then that excuse also is not likely to hold much weight.
An ISP hosting infected machines should be just as liable as the client who owns it. Many of these botnets reveal themselves. We need to start asking for accountability.
Consider people like Conrad Black. Last I heard he's in jail. That is accountability. Any excuses he and his lawyers might have dreamed up didn't carry much weight.
Here is another example. In the movie called "Nuremburg", Alec Baldwin asks in one scene if "anyone in this country accepts responsibility for anything?". I think this says an awful lot. Only one person seemed to be responsible for the killing of millions.
So in this story we have over 1 million bots discovered and apparently 6 perpetrators and how many are responsible? These bots are identified, now what? I've had more than 50,000 bots attack my servers. Can I call the cops? If I provide IP addresses does anyone pull a plug?
We need to think on this.
At some point I really really hope that people running these botnets wipe the hard disks of people running insecure systems. It sounds mean, but people who chose insecure systems, over and over, need to be punished. Stupidity should never be rewarded. Ever. Find out what a secure system is. Find out what an insecure system is. Know the difference. I've seen too many 'go blind' when making decisions like this. Guessing is being stupid. Saying 'oh, I just don't know' is honest, but stupid. Read a little. Learn a little. People who repeat the same mistakes need to be punished.
Just leave one port open and we will pwn you with a brand new 0day exploit !!
Linux boxes are the most precioussssss of hostsssss..
By the time you patch it will already be too late.
controlling a million machines ....
So ... to be in compliance, you can only run Windows desktops, is that correct? Wow! Way to feed the MS machine.
See also:
Is NIST endorsing or mandating the use of the Windows XP or Windows Vista operating systems or requiring each setting be applied as stated?
No. NIST does not endorse the use of any particular product or system. NIST is not mandating the use of the Windows XP or Vista operating systems, nor is NIST establishing conditions or prerequisites for Federal agency procurement or deployment of any system. NIST is not precluding any Federal agency from procuring or deploying other computer hardware or software for which NIST has not developed a publication, security configuration checklist, or virtual testing environment. Although the FDCC currently applies to Windows XP and Vista, security guidance is available for other platforms. The OMB and GSA updated the Federal Acquisition Regulation (FAR) on February 28, 2008, Part 39 now reads as follows:
It seems as if they're quite open to non-MS products. Now, I have read the "now reads as follows" bit, so I might be mistaken. But on the face of it...
I have picked up a mod troll! They are following me around and modding posts which clearly are not troll as such.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The government probably installed Cathedral software to initially protect themselves. Who would have thought there was a backdoor?
// no
Just for fun, someone should program two botnets to adapt themselves and hate each other and then see what happens. ;-)
Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
You're in a Windows shop. You run Windows apps. It doesn't matter if Windows gets malware. You're Windows all the way, Ra RA! Good for you.
A pity for your customers, though. I hope they aren't processing my credit application. Or my medical records. Or my driver's license. Or anything else having to do with me.
Help stamp out iliturcy.
Just run Windows games in virtualization
And watch the games become slideshows. Or has support for DirectX and OpenGL in virtualization improved since I last checked? Or did you mean things like solitaire and Tetris®, which are probably already cloned to heck and back on every single L*n?x desktop environment?