Slashdot Mirror
When Hacked PCs Self-Destruct
An anonymous reader writes "From The Washington Post's Security Fix blog comes a tale that should make any Windows home user or system admin cringe. It seems the latest version of the Zeus Trojan ships with a command that will tell all infected systems to self-destruct. From the piece: 'Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.'"
this could actually be a good thing if it happens.
This is mostly speculation so take with as much salt as you think it needs.
Historically, there's not been an obvious connection in the mind of a user whose PC has been hacked with there being a serious problem with this. After all, most home users are probably unaware that their computer is participating in a huge DDOS attack in the first place, and ISPs have been very reluctant to police their customers.
I don't think credit card fraud through keyloggers is anywhere near prevalent enough to make people take notice either. Let's face it, a trojan which installs a keylogger and reports anything which looks like credit card details back to a known location is going to produce more valid credit card details in the space of a couple of weeks than most people could hope to use in a lifetime of fraud so even if your card details are stolen this way, I'm not sure there's a huge chance they'll ever be used.
But if the trojan hoses the host PC along with all the family photographs and all the music they've paid good money for - ah, now that might actually make people realise that there's a problem.
The way you say that makes it sound like it's a bad thing...
So, essentially, you're telling me that people who get infected are at risk of losing their PC's data. People unable or unwilling to keep their PCs secure might suffer the consequences thereof themselves instead of only posing a threat to others on the net, through spam, DDoS or spreading more malware.
Care to explain where the negative aspect is?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Try explaining that to Joe Sixpack. When Windows doesn't work for whatever reason, the computer is "broken" and needs to be taken to a shop for repair. They can not tell the difference between broken hardware or broken software (and software hick-ups may of course be caused by broken hardware that still mostly functions - it is not always that easy to tell, even by experts).
Self-destruct is imho a very apt description.
Maybe it should be used more. Then more people would feel the pain of being infected. Of those 100,000 computers I can not imagine they can actually use the data of more than a handful of people for serious crimes. All the rest of the people is not affected until the malware disables their computer.
When it leaves all your files intact.
The thing whacks the registry. Hardly a "nuclear option"; all your files are intact. Running the repair tool off your install CD should fix this, or you can do a reinstall with "leave filesystem alone" option.
I heard a Congressman once say, "reporters are fight promoters". If they keep overstating what's happening, we won't know how to really secure our machines.
There's at least one other reason that the botnet holder may have opted to kill it....If he downloaded something that gave him a reason to freak out. Imagine a scenario where you're looking through some stolen data and realize you just picked up information about a government run weapons facility or assassination plans. The dumbest thing you could do is leave tracks, but since that's already been done, you might as well try to destroy your tracks and hope nobody notices.
On a side node, between the semi-bogus slashdot headline and the wildly sensationalized article, which is also misleading on at least a couple of points, there's surprisingly little news here. If more accurate information was in that article, it might be different.
- Nobody would know what RTFA meant if it didn't need to be said all the time
or 4) they did it for shits 'n giggles. Possibly while either drunk or high.
"The dew has clearly fallen with a particularly sickening thud this morning"
Try explaining that to Joe Sixpack
What does it tell when educating the average person becomes a metaphor for an impossible task?
You've missed the point. And while you apparently read part of the article, you didn't read all of it obviously.
That or you have no idea what Data is worth. Why do you think these guys are in this business?
The data on your machine is worth anywhere from about as much as the hardware, up to 1000+ times as much as the hardware, depending on how much cash you have in your bank account.
What this trojan did was "nuke" the OS. If it did its job well enough the fix won't be as easy as popping in a recovery disk (if you've still got it) to fix it, though a recovery partition aught to get you back to square one at least.
Depending on who got hit, getting their PC up and running could take anywhere from a few hours (unlikely, since that person probably runs AV software and is careful about where they visit), to a few days, to weeks depending on how often they use the machine.
If the whole point in tanking the OS was buy time to use stolen credit card and account info, it would be pretty effective, no?
Frankly, if all they did was somehow manage to short out the hardware without stealing any data, then it's not really much of a loss at all. Losing $50k out of your bank account, now that's a serious loss.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Actually, telling people that hackers really can turn your computer into a bomb wasn't that bad an idea. At least people feared that possibility.
Try telling a Windows user who hasn't updated his browser in almost 8 years that evil script kiddies can turn his machine into a spam relay. They won't care because they don't know what it means and what the implications are.
I'm speaking from experience here...
It means a computer has become a commodity, an appliance, rather than a high-tech toy. And that in itself is a good thing. Joe Sixpack should not need to know how the internals of his computer work, just the basics. I do expect Joe Sixpack to know about Windows and preferably the existence of alternatives, about a hard disk and what it does and how big he should want it, what a processor speed roughly means and whether he would need 1GB or 2GB or 4GB of memory for his needs. I don't expect him to be able to install an operating system, hunt down drivers to make it all work, partition the hard disk in the process, care about whether it is NTFS or FAT or whatever, and be able to know what the information on a blue screen means. I don't know how the internals of my digital camera work, but I do know what the megapixel and zoom functions mean for example. But if there is a problem with it I go back to the shop.
To add the obligatory car analogy: I don't know how an internal combustion engine works, but I do know what it means to have say a 1.6 diesel engine in your car. When something about the car is broken I call my garage, I'm not trying to have it fixed. I know I have to add fuel, have to check oil now and then (though in modern cars that's also less and less), and how to add water for the windscreen sprinklers (dunno how you call those things in English). That's enough.
100 years ago you would have to be able to fix your own car: they were new technology, quite rare, and for a select audience only. Cars were technically simpler at the time which also helped a lot. The same for computers. 20 years ago we were working with DOS, people owning a computer and actually being able to use it could normally also install the OS, and do low-level operations. That is not necessary anymore.
When a computer breaks down and can not start up anymore it is often NOT trivial to figure out what is wrong. An error message is not always caused by the direct error: some minor corruption in your video driver, and then the image on your screen starts playing up. Or is it really the monitor that is not good? It's not that easy.
OK time to stop, I start rambling, I think the point is clear.
I don't know how to fix my car. I don't know how to fix my tv. I don't even know how to fix a lawn mower. If any of those break beyond something minor, someone else has to fix it for me. The computer is in the same niche for the vast majority of computer users.
Thanks for my favourite car analogy.
Do we really allow everybody to take of in a 'commodity' car and cause uncontrolled damage?
Or do we demand proof of a minimal level of control of the vehicle, and a good insurance if things go wrong?
Running the repair tool off your install CD should fix this, or you can do a reinstall with "leave filesystem alone" option. :(. Afaict that started sometime arround the late win98/early winME era (I never bought a machine that came with 2K big brand OEM so I can't comment on what happened there).
Unfortunately a significant proportion of OEMs don't provide proper install CDs anymore
In the 98/ME/2K days this wasn't such a big deal since you could just borrow a CD from someone who had a proper copy. However microsofts actions with and since the release of XP have made it much more awkward to get arround this by just borrowing a CD. Big brand OEM copies are bios locked. system builder and retail copies require activation and if you use them with a big brand OEM key you are going to have to ring MS and beg for activation. Volume license copies of XP don't have this shit but using a generated key is likely to trip up WGA and using a borrowed key on any machine you don't control puts the company it was borrowed from at risk of ending up on the WGA shitlist. With vista the no-activation-requied VLK copies have gone completely.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Am I the only one who thought, "I'd RATHER that malware corrupted a Windows installation than it sat there, harvesting data"?
Michael Reed, freelance tech writer.
vista
Am I the only one who thought, "I'd RATHER that malware corrupted a Windows installation than it sat there, harvesting data"?
No, but after reading the article I understand that a use case for this feature is: first harvest data, then win additional time to abuse this data by disabling the computer.
"Money is a sign of poverty." - Iain Banks
You're joking right? Where do you think most spam comes from, distributed denial of service attacks, identity theft, etc? hint
You might not know how to fix your lawnmower, but I'd bet you know how to put gas & oil in it, remove dog poo from the wheels, and have the sense not to run over big, obvious rocks. By not taking basic, common-sense (oxymoron, I know, I know ...) precautions and doing basic maintenance, Joe Sixpack invites this upon himself. The information is available. The products to help protect Joe & his Wintoy are inexpensive and easy to get and use.
I prefer rogues to imbeciles because they sometimes take a rest.
Wait, so let me get this straight: your son installed a dialer on your computer while he was unsupervised, but somehow it is the phone company's fault you were charged for it? I'm sorry, but that is one of the major things that is wrong with society. Nobody can take the blame for their own or their charges actions (yes, you child is your responsibility). It's not the phone company's responsibility to filter all outgoing calls automatically. It's not the phone company's responsibility to supervise your son's porn surfing. What you do in this instance is ground your kid or make him pay you back $300 if he is old enough to work, you don't bitch at the phone company for it.