Slashdot Mirror
New Mega-Botnet Discovered
yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"
Can they fix the government? Infect AIG and get our money back?
Maybe this isn't such a bad thing after all.
Beer is proof that God loves us and wants us to be happy.
large corporate and government PCs
So small ones are mostly safe.
THL phish sticks
From the article:
Around 45 percent of the bots are in the U.S., and the machines are Windows XP.
On the other hand:
Nearly 80 percent run Internet Explorer; 15 percent, Firefox; 3 percent, Opera; and 1 percent Safari
What else does one expect? Since it is an infection spread through trojans on legitimate sites and XP the target, what can we expect the browser to do?
In the end, we might see all browsers running completely sandboxed on demand, that is: no interaction with the rest of the system; a 'browse-only' kiosk.
Get Abby & the whole NCIS crew on the job. Everyone know a goth hacker chick will solve it!
Need more useless stuff to read on teh internetz?
Then what would people use to download and upload files? Would FTP come back into style?
I already use a program called SandBoxie after seeing it mentioned on /.
You can either allow files to escape the sandbox on a case by case basis or setup default allows wherever you like.
And as a general comment, it's terribly easy to allow files into a sandbox, like when you want to upload something, but not allow any changes out.
P.S. FTP server/client software has terrible security. Even the most popular ones, which have been around for over a decade, still get hit with remote exploits.
[Fuck Beta]
o0t!
As you may guess, I am aware of the consequences. Though it seems to make sense in many cases, when everything any anything that one downloads is just for rendering the site.
Would FTP come back into style?
I, actually, hope not. Not FTP. But maybe a new system where users click some 'I want to download this file' button and get the content via an e-mail? Oh, wait, that's only slightly better than FTP.
Still, yes, a separate channel for file transfer outside of that box, not using any http could be safer.
Why are you blaming the US government for (a) defects in software they didn't write; and (b) a malicious botnet created and operated by someone else? The only reason the US government is being singled out in this article is because it makes the story more sensational, which means more eyeballs, which means more ad revenue.
I wonder if the AVG product they were using was the freeware version or one of the commercial products...
I think it's great that they find this kind of stuff but at the same time I have some misgivings about how they don't do much to point the public in the right direction as far as finding out if they're infected or what they can do to remedy the situation. It seems that a lot of security articles are lean on providing the details about helping yourself to a more secure system.
Dedicated Cthulhu Cultist since 4523 BC.
It's just "Ukraine", not "the Ukraine".
How about not, and it's actually more a case of the consumer's fault for demanding an easy life instead of something that works without breaking everything, but hey, dont let me get in the way of a good bit of MS bashing.
Now with more Bot to boost your immune system!
The Kruger Dunning explains most post on
But maybe a new system where users click some 'I want to download this file' button and get the content via an e-mail?
Right, because uninformed people opening attachments don't cause enough problems already...
Ezekiel 23:20
I think it is more widespread. I'll take my local bank as an example. I stop by to make a deposit, I notice the teller minimizing her facebook page as I glanced at the screen.
I am shocked that a bank would allow any www access on a machine that has direct access to accounts. Dollars to donuts there is some form of malware on that machine, or already throughout their network.
It was my belief that competent IT would only allow the necessary Intranet infrastructure to run the banks applications. But I would bet their policies get changed by ignorant management that are sold on 'security' appliances and software to protect themselves while granting www access.
no, they don't email me. they email you actually. thats why you get so much spam.
How can we expect to clean up the botnets if the hosts are never contacted. I may think I am clean, but if I unknowingly lack the skills to know better, I would never know better, and would never do better. The big papers detailing botnets never provide enough details to know if *I* screwed up the internet.
20 characters max for the password? How will I use my favorite poems as passwords?
A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.
Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."
Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" sobbed marketing marketer Steve Ballmer.
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.
"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."
"Yes," said Phagge. "Yes, they do."
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.
http://rocknerd.co.uk
For once, an article on botnets notes that the infected machines are in fact Windows. You don't see that often.
http://rocknerd.co.uk
Sandboxie rules!! I don't use XP machines often but if I have to run something that I don't entirely trust *cough*keygen*cough* I just use it.
Something to note, as my wife painfully discovered: Sandboxie is useless with patches since it can't "technically" patch the real binary, and if it patches the binary with a trojan AND you move the patched binary out of the sandbox...you're fUx0R3d. Yeah, now she's using Linux and forbidden from playing any Windows games at all after that episode...and she was sitting RIGHT NEXT TO ME and never once bothered to ask if she was doing something not good..."Task Manager has been disabled by your Administrator", when you're an admin is usually not a good thing to read.
Blurred screen shots, off-handed mention of files and sites...
Why not at least release specifics so that we can avoid these sites?(or at least get them to clean up their act)? Why not give us details about the actual filenames and so on?
Or at least give us details on the actual control application and the files it is paid to infect the computers with so that we can avoid them.
Articles like this annoy me because they accomplish nothing constructive.
I am shocked that a bank would allow any www access on a machine that has direct access to accounts.
It is funny how people can spend a fortune on security and then do something like install a WEP protected Wifi access point in one of the offices that is trivial to crack and that gives you direct access to otherwise heavily fortified networks. Another thing that can guarantee a good laugh is wireless connected security cameras. I saw this interview on TV the other day with a guy whose child had some sort of chronic disease. Apparently he was something of a Nerd because had installed a camera in the back of his car hooked up to and a Netbook or some such gadget so he could keep an eye on the kid. He told the reporter that the system worked fine but he had to make some modifications to the software because when he used the out-of-the-box configuration when he was driving through the city centers and business districts, he would keep getting cross connections from wireless connected security cameras all the time. You'd think that in this day and age wireless security cameras would have an encrypted connection.
File Transfer Protocol has been around since the early 1970s, and while most servers/clients FTP implementations have a history of exploits, their weakness is due not necessarily because of the exploits but rather because of the way the FTP protocol transfers information. FTP communication includes not only the transfer of files but also the transfer of authentication parameters. All this information is transferred in clear text. Clear text is also the way http transfer information/files. You can think of http as an ftp with anonymous authentication (no authentication required) Clear text transmission only became a major problem when the Internet spread like a virus, and the network could not be trusted from prying eyes.
As a result, secure File Transfer Protocols have been developed, which is nothing more than a transfer protocol (ftp, http, telnet) on top of an encrypted/secure layer. HTTPs, SSH, SFTP, FTP over HTTPS are such protocols, which are used every time security information has to be exchanged securely.
So in conclusion,file/information transferring is performed every time you click a link, not only when you want to upload/download a file. If the contents of the file/information does not need to be secure than the information is transferred in clear text. If on the other hand, information(including not only content, but also authentication)/files have to be secure, than a secure/encryption layer HAS to be used, and has been used since the mid 90s.
The data was not lost from military systems, it was obtained by crackers who penetrated military contractor's commercial systems. Yes, that leads to a whole bunch of questions and is not by any means an absolution of the military's IT security. But your statement does not match the facts.
To hear the gods laugh tell them your plans.
The data was not classified, just FOUO. Electronic copies exist for convince sake. It depends on the project, but there is usually no requirements for encryption of such documents. Expect that to change... soon.
The crowing on about Macs really makes me think of a home analogy: The Mac types have decided security comes from living in a gated community away from the "rabble". They pay to live in their special enclave, and figure the exclusivity keeps them safe. Over all, it does, they are a smaller target. However they are lax on their security because of this, they leave doors unlocked, valuable laying around and so on. However the security is all in appearances, it isn't real. Finally, someone decides to hit the community, and simply goes off road and bypasses the gate guard. They then have free run, because of the laxness of the users.
By the same analogy, Linux users moved some place where there was no town or civilized society of any sort, built their own community brick by brick, and the place isn't even on the map. But, they still aren't boneheaded enough to leave their doors unlocked. Linux users lock their doors using locks that they created, made their own latching systems to actually open the doors when unlocked, and know what their houses looked like when they left, so they can identify anything out-of-place when they return. Not only is it small, like the Mac community, but the people living there designed their own security into their customizable systems. The reward-to-effort ratio is just not high enough to justify even trying to get at the valuables inside, which may or may not be valuable to wherever the burglar came from in the first place.
Am I right?
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
Researchers from Finjan who found the botnet say it's controlled by six individuals,
We should be able to shut this one down with one clip in a .45.
Have gnu, will travel.
What of the ISP's that host these botnets. Many of these botnets are used to spew spam. If they do then this is easily detected and IMHO the ISP uplink in question should simply pull the plug and advise their client that it looks as if their toilet is broken because there sure seems to be a lot of sh*t coming from them.
I know my ISP does this. I know because they have phoned me and I had to advise them its not my OpenBSD servers generating spew, but another of their clients on the subnet. We found it fairly quickly.
I've heard so many excuses. Some involve excuses it would breach service agreements. So lets look at that one. How many end users write service agreement contracts? How many end users even read them? I think the answer here is obvious. Pretty much anything reasonable can be written into the contracts so that sort of excuse doesn't hold much water.
The obvious answer is the ISP's in question actually might make money carrying this spew. They certainly made money when they provided connectivity to known spammers. They also make money when they charge extra for static IP's. Note that a static IP makes it much easier to trace and quarantine a bot.
If we want these problems to go away then one way to address the issue is to look at issues of an accessory either before or after the fact.
Let me provide an example. If someone digs a big hole in the road and someone else drives in and wreaks their car and many kills some people in the process, then the excuse of "I didn't know a car could fall into a hole" or "I didn't think anyone would drive their car down this road at night" or any other excuse that might be dreamed up is not likely going to carry much weight. If someone sees the hole and ignores it using the excuse that "Well, its not my hole", then that excuse also is not likely to hold much weight.
An ISP hosting infected machines should be just as liable as the client who owns it. Many of these botnets reveal themselves. We need to start asking for accountability.
Consider people like Conrad Black. Last I heard he's in jail. That is accountability. Any excuses he and his lawyers might have dreamed up didn't carry much weight.
Here is another example. In the movie called "Nuremburg", Alec Baldwin asks in one scene if "anyone in this country accepts responsibility for anything?". I think this says an awful lot. Only one person seemed to be responsible for the killing of millions.
So in this story we have over 1 million bots discovered and apparently 6 perpetrators and how many are responsible? These bots are identified, now what? I've had more than 50,000 bots attack my servers. Can I call the cops? If I provide IP addresses does anyone pull a plug?
We need to think on this.
I do not know the exact law, exact regulation or a link or I would list it, but when I mention this, it will seem obvious to most.
I talked to a tech at a bank, he stated that there were laws on the books that made it illegal to connect up the banks private network that connects to other banks.
He also indicated that automatic updates (any and all) would be considered a violation of those same banking laws.
This is probably why nobody screams bloody murder and why the banks are so quick to eat losses due to fraud and scamming. They know that once the TRUST in the system is compromised, they have lost the war.
Yet just a couple of days ago I read about institutions who did NOT segment their networks (physically separating the connections between public internet and backend banking systems) and were finding that someone with enough technical knowledge could install monitoring software between connections and watch everything that passes. That much of the information is not encrypted as it is suppose to be.
Lets face it people, if you are NOT monitoring your outgoing packets and communications you simply do NOT KNOW whether you are safe or not. This monitoring takes time, time is money. Have you looked at salaries of IT professionals in the Security area of networks. You get what you pay for and the pay typically lags behind almost everyone else in IT, except in specific rare cases and where companies understand the importance. Than they pay higher rates for better people. You do not have to believe me, just go to Glassdoor and see for yourself.
These companies literally lose billions when they are hit, yet they will not pay a simple 6 figure salary to have someone with TCP/IP monitoring and packet sniffing experience montior their networks. Just hiring 3 or 4 of these types of IT professionals would be cheap insurance at preventing break ins and quickly cutting off attempts that probe your networks for weaknesses.
Personally I think companies should create Tiger teams of 3 - 5 IT white hat hackers to work each of three shifts. When the company is probed, have their team attack back. When the honey pot is accessed, proof positive of a cracker and/or hacker, basically someone doing something they should not be doing, go on the offensive.
I have always thought the best defense was a strong offense. Pretty soon the smart crackers would leave your company alone as they do NOT want their infrastructure crippled by attacks any more than you do. And if someone has left their PC unprotected and gets attacked, well that is their personal responsibility. Had they never allowed themselves to get cracked in the first place they would never have been used, attacked and thrown away.