Slashdot Mirror

← Back to Stories (view on slashdot.org)

America's 10 Most-Wanted Botnets

Posted by timothy on from the lurking-on-your-parents'-desktops dept.

bednarz writes "Network World ranks America's 10 most wanted botnets, based on an estimate by security firm Damballa of botnet size and activity in the United States. The leader is Zeus, with 3.6 million compromised PCs so far. The Zeus Trojan uses key-logging techniques to steal user names, passwords, account numbers and credit card numbers, and it injects fake HTML forms into online banking login pages to steal user data. At the bottom of the list is Conficker, which despite its celebrity status has compromised just 210,000 US computers so far."

84 comments

  1. Let's talk about bots... by Anonymous Coward · · Score: -1, Offtopic

    I have to say that Firefox is getting a lot worse lately. The user experience is in serious need of improvement and development is the pits. I installed the latest "big deal" Firefox update on June 30th. (For some reason they skipped a full four secondary updates, but whatever.) Upon restarting, which took several minutes, I began using Firefox 3.5.

    At first, Firefox seemed strangely familiar. I thought they had changed very little unnecessarily until I visited the Acid3 test. Lo and behold, I was still using Firefox 3.0.0.11. What the fuck? I manually invoked Check for Updates and repeated my first attempt only to find, upon restarting, the same thing.

    Finally in desperation I downloaded the installer manually from Mozilla. The install ran surprisingly quickly and, after a few minutes, I was launched with the new version. I had to check, though, because again I thought it looked like very little had changed.

    In fact, did Mozilla bother changing anything beside the JavaScript? The new TraceMonkey is great and all, but they could have at least made it look like they were working on something else. When the most noticeable improvement is the "Know Your Rights" button (which everyone ignores) one really starts to wonder what the fuss was all about.

    Well, after the three tries it took to upgrade, I found my profile wouldn't migrate. This was a mess, but I was able to eventually retrieve my bookmarks from a long, arcane file path in a hidden directory. But then upon visiting my bookmarked sites I found that almost none of my add-ons are compatible with it. Therefore my browser is almost entirely functionless.

    The bookmark tool itself could use a polishing. It's a mess and has been since version 1.0. If a browser is meant to render and organize content, Firefox surely falls down in this area. Why does it take me several minutes to slosh through the GUI just to make a new folder and alphabetize some bookmarks in it? Not to mention the damned Bookmarks toolbar, which takes up too much damn space and can't be turned off.

    And speaking of the GUI, it's slow as Hell slowget rid of the proprietary XUL and just hardcode the damned interface already!

    I also have to mention memory use. On my system, Firefox was swallowing an incredible 400 MB with only a simple HTML 4 table open. 400 MB?! I blame this on the Firefox team's use of C++, where memory management is about as easy as herding cats. Likewise Firefox is a slow, bloated nightmare. (For a contrast, there's Safari, which is written in Objective C and is very small and efficient.)

    Most of the time I have heavy JavaScript sites open. I shudder to think how much Firefox eats then, and I'll be sure to check in the future. No wonder my system tends to slow down when I've left Firefox open for days on end with dynamically updating pages and RSS feeds. Clearly, Firefox leaks memory like a cracked sieve in a waterfall.

    With Firefox smelling more and more like crapware, I started to dig a little, first on Wikipedia and then on the Mozilla Development Forums. It turns out that my observations are part of a larger pattern of Firefox quality issues and development customs. The Mozilla developers are a bunch of arrogant, abusive shitheads.

    For starters, they're still running all tabs in the same process. This is something IE7 and Safari 3 have had right for years. So if a plugin crashes or a page takes forever to finish rendering, everything's stuck. You can't even switch tabs to another page! And Firefox 3.5 is a "milestone" release? Firefox 3.6 and 4 are milestones too, and process-per-tab isn't scheduled for either.

    Developer interaction with Firefox users is stilted too. Som

    1. Re:Let's talk about bots... by Runaway1956 · · Score: 1

      I'd put this asshole on ignore, but AC actually makes some good posts now and then. Which asshole is which? Slashdot should enable us to put people on ignore based on IP address rather than nick. Hmmm, how would that work? Hmmm..........

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  2. slashbots by Anonymous Coward · · Score: 5, Funny

    I'm surprised the slashbots aren't on that list. They have the power to take a website offline in mere moments thanks to the power wielded by their evil overlord, CmdrTaco. He simply posts a link to the site he wants removed from the net on the front of his homepage, and the site goes offline.

    1. Re:slashbots by starglider29a · · Score: 3, Funny

      Yes, but he only wields this power for good.

    2. Re:slashbots by mcrbids · · Score: 5, Funny

      I'm surprised the slashbots aren't on that list. They have the power to take a website offline in mere moments thanks to the power wielded by their evil overlord, CmdrTaco. He simply posts a link to the site he wants removed from the net on the front of his homepage, and the site goes offline.

      Thus invoking what has been described as the greatest paradox of all time: Slashdot can remove sites from the Internet by merely posting them, yet it's quite demonstrable that none of the slashbots ever RTFA.

      So where are these mysterious article readers, and where do they come from? I'm waiting for a Scientific Expose on Nova...

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    3. Re:slashbots by HomelessInLaJolla · · Score: 0

      Pay-per-click bots used to artificially adjust page rankings and for the generation of statistical data used by network administrators to promote their latest list of needed upgrades to their financial budget directors.

      --
      the NPG electrode was replaced with carbon blac
    4. Re:slashbots by sopssa · · Score: 1

      This is why slashdot should iframe the target site under summary :)

    5. Re:slashbots by Culture20 · · Score: 2, Funny

      Proof that lurkers still outnumber posters. &$#^*ing leaches. They're the reason I can't RTFA. Stop reading and post something!

    6. Re:slashbots by Anonymous Coward · · Score: 1, Funny

      Yes, but he only wields this power for good.

      Oh, how quickly they forget.

    7. Re:slashbots by DNS-and-BIND · · Score: 2, Interesting

      The stats are something like 95% of /. website readers never click on the comments, much less register an account and post.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    8. Re:slashbots by Anonymous Coward · · Score: 0

      The article said MOST wanted. That doesn't include slashbots. Ask any female.

    9. Re:slashbots by DMUTPeregrine · · Score: 1

      They may not read the article, but they all prefetch it.

      --
      Not a sentence!
    10. Re:slashbots by koxkoxkox · · Score: 1

      Ah, if only they knew the pearls of wisdom they're missing out ...

    11. Re:slashbots by QuantumRiff · · Score: 1

      Unfortunately, some of us are still trying, unsuccessfully. Damn those pink ponies.

      --

      What are we going to do tonight Brain?
    12. Re:slashbots by ZiakII · · Score: 1

      People actually click on those links?

    13. Re:slashbots by ImYourVirus · · Score: 1

      I wanna know what answer to the poll won. :)

      --
      Why is common sense called that if it's not common?
    14. Re:slashbots by ImYourVirus · · Score: 1

      I never saw a link. :D

      --
      Why is common sense called that if it's not common?
    15. Re:slashbots by niw · · Score: 1

      And now you can know!

    16. Re:slashbots by ImYourVirus · · Score: 1

      Awesome, thanks!

      --
      Why is common sense called that if it's not common?
    17. Re:slashbots by Opportunist · · Score: 1

      Yeah, but its impact is limited to those servers that have open 0x50 ports. You can easily defend against that one.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    18. Re:slashbots by Opportunist · · Score: 1

      Think before you ask for something! You are aware that you're asking 20 times the amount of people who post on /. to post something, and those people having even less to say than the average /. poster, aren't you?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    19. Re:slashbots by Opportunist · · Score: 1

      Judging from my firewall log, yes, people click on anything as long as it promises them something "cool".

      I have a link on my webpage that states quite bluntly "DO NOT click this link. It leads to a trojan, you'll be drive by infected when you click this. DO NOT click! I don't take any responsibility"... yaddayadda.

      Over 50 percent of the people who go there DO click. Now, I don't infect them. I only belittle, berate and ridicule them for being utterly stupid in the fact of a certain now-where-did-I-put-that-Windows-CD afternoon.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. PT. Hacker by mc1138 · · Score: 1

    Just goes to show the old adage is true, there's a sucker born every minute...

    --
    The musings of just another geek and his junk.
  4. Top ten lists... by Anonymous Coward · · Score: 5, Informative

    Please... If you are interested in top 10 lists, put the information from least significant to most. This makes the piece more interesting.
    Thanks.

    No. 10: Conficker

    Compromised U.S. computers: 210,000

    Main crime use: Also called Downadup, this downloader worm has spread significantly throughout the world, though not so much in the U.S. It's a complex downloader used to propagate other malware. Though it has been used to sell fake antivirus software, this crimeware currently seems to have no real purpose other than to spread. Industry watchers fear a more dangerous purpose will emerge.

    No. 9: Gammima

    Compromised U.S. computers: 230,000

    Main crime use: Also know as Gamina, Gamania, Frethog, Vaklik and Krap, this crimeware focuses on stealing online game logins, passwords and account information. It uses rootkit techniques to load into the address space of other common processes, such as Explorer.exe, and will spread through removable media such as USB keys. It's also known to be the worm that got into the International Space Station in the summer of 2008.

    No. 8: Swizzor

    Compromised U.S. computers: 370,000

    Main crime use: A variant of the Lop malware, this Trojan dropper can download and launch files from the Internet on the victim's machine without the user's knowledge, installing an adware program and other Trojans.

    No. 7: Hamweq

    Compromised U.S. computers: 480,000

    Main crime use: Also known as IRCBrute, or an autorun worm, this backdoor worm makes copies of itself on the system and any removable drive it finds -- and anytime the removable drives are accessed, it executes automatically. An effective spreading mechanism, Hamweq creates registry entries to enable its automatic execution at every startup and injects itself into Explorer.exe. The botmaster using it can execute commands on and receive information from the compromised system.

    No. 6: Monkif

    Compromised U.S. computers: 520,000

    Main crime use: This crimeware's current focus is downloading an adware BHO (browser helper object) onto a compromised system.

    No. 5: TR/Dldr.Agent.JKH

    Compromised U.S. computers: 1.2 million

    Main crime use: This remote Trojan posts encrypted data back to its command-and-control domains and periodically receives instruction. Often loaded by other malware, TR/Dldr.Agent.JKH currently is used as a clickbot, generating ad revenue for the botmaster through constant ad-specific activity

    No. 4: Trojan.Fakeavalert

    Compromised U.S. computers: 1.4 million

    Main crime use: Formerly used for spamming, this botnet has shifted to downloading other malware, with its main focus on fake alerts and rogue antivirus software.

    No. 3: TidServ

    Compromised U.S. computers: 1.5 million

    Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment. It uses rootkit techniques to run inside common Windows services (sometimes bundled with fake antivirus software) or in Windows safe mode, and it can hide most of its files and registry entries.

    No. 2: Koobface

    Compromised U.S. computers: 2.9 million

    Main crime use: This malware spreads via social networking sites MySpace and Facebook with faked messages or comments from "friends." When a user is enticed into clicking on a provided link to view a video, the user is prompted to obtain a necessary update, like a codec -- but it's really malware that can take control over the computer.

    No. 1: Zeus

    Compromised U.S. computers: 3.6 million

    Main crime use: The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers. It injects fake HTML forms into online banking login pages to steal user data.

    1. Re:Top ten lists... by basementman · · Score: 0, Offtopic

      Stealing content from a top 10 list kind enough to put their content on 2 pages instead of 10, stay classy slashdot.

      --
      A Magic the Gathering Article and Forum Aggregator
    2. Re:Top ten lists... by Teun · · Score: 1
      You must be a Microsoft shill 'cause both lists omit the facilitator.

      :)

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    3. Re:Top ten lists... by Ragzouken · · Score: 1

      It's alright, I was using ad-block anyway.

    4. Re:Top ten lists... by LuvlyOvipositor · · Score: 1
      Emoticon means satirical.

      But really, the facilitator(s) are your friends and family.

      --
      Where do we go from here?
    5. Re:Top ten lists... by CopaceticOpus · · Score: 1

      Perhaps I'm in the minority, but I prefer top tens lists with #1 first. I usually skip to the end of the list and read backwards. In this case, knowing the size of the #1 botnet gives me some perspective on the scale of the other list items.

      Having a countdown only makes sense to me if there is drama about what #1 will be. I wasn't really on the edge of my seat to find out the name of the biggest botnet.

    6. Re:Top ten lists... by T+Murphy · · Score: 1

      I don't expect there to be 12 million PCs infected, as many of the people managing to be hit by one of these can easily find more, but at the same time I understand some/many botnet programs fight off others to either avoid notice or to establish more complete control. I won't bother trying to speculate how these two forces balance out, but I'm assuming there are people here who can offer some insightful comments to this end.

      --
      My webcomic
    7. Re:Top ten lists... by bursch-X · · Score: 1

      Maybe that was the format meant for the writers of the trojans, because they'd definitely be on the edge of their seats wanting to know whether their botnet had "won" or not ;-)

      --
      There are two rules for success:
      1. Never tell everything you know.
    8. Re:Top ten lists... by Opportunist · · Score: 1

      I'm fairly sure they don't care. If you're on that list at all, you won. It's like a Forbes 400 list for malware.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:Top ten lists... by Opportunist · · Score: 1

      The "battle" for computers is still a minor concern for malware writers. So far, the battle is rather against AV suits. Usually, the attempt to remove other malware has been limited to "rival" malware from others who fish in the same pond, but the attempt to actually proactively push out everyone else has been minimal until recently.

      Only a short time ago some malware packages started actively searching (and removing) other malware, mostly the "noticable" kind that bombards the user with ads and exhibits other "suspicious" behaviour. My theory is that they want to avoid that the user notices something is wrong and calls a knowledgeable friend, who might then also find the other, more stealthy and less obvious, trojan.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. !Botnet by Darkness404 · · Score: 4, Insightful

    The leader is Zeus, with 3.6 million compromised PCs so far. The Zeus Trojan uses key-logging techniques to steal user names, passwords, account numbers and credit card numbers, and it injects fake HTML forms into online banking login pages to steal user data

    And how the heck does that make it a botnet? Apparently now botnet is a buzword for any type of popular malware now. Now, if it said that it went and DDoSed websites, yes that would make it be a botnet, but this? That just is malware.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:!Botnet by maxume · · Score: 5, Informative

      It is a botnet that happens to include key logging and other phishing features. It even features an EULA:

      http://jabolins.livejournal.com/16538.html

      --
      Nerd rage is the funniest rage.
    2. Re:!Botnet by Darkness404 · · Score: 0, Flamebait

      Hm, that is interesting. However the article didn't ever mention anything about the actual botnet part of it which I kinda thought was the point of the article. But having a EULA for a botnet? Now thats funny.

      --
      Taxation is legalized theft, no more, no less.
    3. Re:!Botnet by Teun · · Score: 5, Informative

      Malware becomes a botnet when it can be remotely controlled and updated, that's what these ten have in common.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    4. Re:!Botnet by maxume · · Score: 3, Informative

      It highlights a confusion in the way the terms are used: I guess it might make more sense to say that a botnet is comprised of systems running botnet software, rather than systems running a botnet. Apparently in the case of Zeus, people are purchasing the software as a kit and then deploying it in order to create their own botnets, so the Zeus botnet software is the platform for more than 1 botnet.

      --
      Nerd rage is the funniest rage.
    5. Re:!Botnet by thelexx · · Score: 1

      Unless the bots are coordinated in their action it doesn't seem like much of a 'net'work, just a bunch of bots (which is the part of 'botnet' that DOES make sense in the "can be remotely controlled and updated" context).

      --
      "Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
    6. Re:!Botnet by Runaway1956 · · Score: 1

      But, the EULA looks as legitimate as anything Microsoft or Adobe asks you to "sign", or accept. begin sarcasm: IMO, that makes it legal, doesn't it? end sarcasm

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    7. Re:!Botnet by bursch-X · · Score: 1

      Malware becomes a botnet when it can be remotely controlled and updated, that's what these ten have in common.

      So Windows IS a botnet.

      I knew it all the time.

      --
      There are two rules for success:
      1. Never tell everything you know.
    8. Re:!Botnet by Opportunist · · Score: 1

      As if anyone ever read an EULA...

      Seriously, I want to do that experiment. Write a piece of software and fill the EULA with legalese saying pretty much "we pwnz yoo". And wait how many still install it.

      My money is on 90 percent.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:!Botnet by Opportunist · · Score: 1

      Terminology isn't easy anymore in mal/crimeware. Is it a virus? A trojan? A worm? What if it infects a PC, runs in the space of another program, distributes itself autonomously and phones home? It's a worm according to its spreading, a virus according to its location in memory and a trojan according to its actions. Please classify.

      Botnet is a convenient term for any malware that has a more or less permanent connection to its controlling server. I wouldn't make DDoSing a defining feature. As we've seen of lately, updating malware to change its behaviour and role is trivial and done often, what's stealing passwords today can be used for DDoSes tomorrow. Want to reclassify every time it changes its behaviour?

      The reason why DDoSes are fairly rare is that there's simply no good way to squeeze money out of this stone. You can easily turn credit card numbers and bank access into money. But DDoS? First, your target would not be Joe Citizen, because he's not worth enough to blackmail him. What could he give you? 5k? Peanuts. You get that much and more from him by stealing his bank info. And not only from him but from a few thousand other fools. Now we're talking money. So you'd have to turn to companies that rely heavily on the internet for business. For a while it was popular to try to blackmail online betting services, until they beefed up their infrastructure. Companies also more readily turn to law enforcement and consultants that cost a little money, but less than what you try to squeeze from them. No Joe Random can afford that.

      In a nutshell, it's more profitable to steal from many small targets than from a large one. After all, it's easy to automatize the process, so whether you steal from one or from a thousand targets does not really matter.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    10. Re:!Botnet by Aqualung812 · · Score: 1

      My money is on 90 percent.

      Bob Barker, put me down for 90.01 percent.

      --
      Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
  6. Is there a reward? by gubers33 · · Score: 3, Funny

    Are they wanted Dead or Alive?

    --
    Just because you are wrong and I called you out on it doesn't mean I am a Troll.
    1. Re:Is there a reward? by hansamurai · · Score: 1

      I've seen a million websites, and I've DDOS'd them all.

      --
      Reviewing just the first hour of video games.
    2. Re:Is there a reward? by HTH+NE1 · · Score: 1

      Are they wanted Dead or Alive?

      Doesn't matter: they're zombies.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    3. Re:Is there a reward? by Anonymous Coward · · Score: 0

      I don't think this is what Jon Bon Jovi had in mind.

    4. Re:Is there a reward? by Anonymous Coward · · Score: 0

      Honestly, if some agency posted a reward for the destruction of these botnets which was less than the amount of money that can be made by running one, but large enough to make clever unemployed young geeks stand up and take notice, we'd probably see these things start vanishing.

      Or, if not vanishing, at least going rogue and not concertedly attacking or spamming. I'd like to see computer hackers and script kiddies have to actually fight their own kind just to get any "business" done in the future. At the moment, they've got it all too easy.

  7. "despite its celebrity status..." by spacefiddle · · Score: 1

    Yes, for some reason, a widely discussed, analyzed, publicised, dissected threat that everyone knew about just hasn't managed to do as much damage as it might have.

    /facepalm

    --
    That which does not kill us makes us... st
    1. Re:"despite its celebrity status..." by rm999 · · Score: 2, Interesting

      Don't you think it's a problem that a lot of people have never heard of Zeus? I would agree with you if Conficker was the only computer worm/virus out there.

    2. Re:"despite its celebrity status..." by spacefiddle · · Score: 1

      Hmm? That's my point... not enough people DO know about common threats, and if they did, they wouldn't be as effective.

      --
      That which does not kill us makes us... st
  8. Obligatory Short Circuit quote by megamerican · · Score: 2, Funny

    Number 5: "It's nice to be wanted."

    --
    If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
    1. Re:Obligatory Short Circuit quote by timias1 · · Score: 1

      In regards to your signature, someone at wired either pulled the article or the link got broken. I have to assume the latter, but the former would be just as likely.

  9. Backwards by sexconker · · Score: 1

    Who the fuck does a "Top 10" list with number 1 being shown first?

    Nobody will click to the second page to read about botnet number 10.

  10. car analogy... by Em+Emalb · · Score: 1

    People don't go to the mall and leave their car unlocked*, so why do users think security on a computer is not just as important?

    *Yes, there are exceptions, no, you aren't special for being one, but I would enjoy reading your missive on why you don't lock your 1972 Pinto with nothing in it of value.

    --
    Sent from your iPad.
    1. Re:car analogy... by ConceptJunkie · · Score: 2, Insightful

      People don't go to the mall and leave their car unlocked*, so why do users think security on a computer is not just as important?

      20 years of Microsoft trying to convince them security isn't an issue might have something to do with it.

      --
      You are in a maze of twisty little passages, all alike.
    2. Re:car analogy... by mcgrew · · Score: 1

      If you have nothing of value in your car, a thief can cause a $200 window repair getting in your locked car. A brick and two seconds is all it takes to "hack" a car. Then when the theief finds he's wasted his time, he may decide to break the rest of your windows.

      That said, I lock my car because the stupid thing has a button that opens the trunk from the passenger compartment, despite the fact that there's another one on my keychain. What moron came up with that idea, I wonder?

      --
      Free Martian Whores!
    3. Re:car analogy... by ethanms · · Score: 1

      People don't go to the mall and leave their car unlocked*, so why do users think security on a computer is not just as important?

      Well... I don't know if that's an accurate analogy because you know fairly quickly when you return if a thief has stolen something from your parked car.

      I think it would be more analogous to think of the malware as an invisible car-jacker who can jump in your car without your noticing when you're driving along the road. That car-jacker waits in your back seat--listening to your conversations (key logging), relaying your location back to it's boss, and possibly will take control of your car while you aren't in it--and you might not even know this is all happening.

      So I guess it might be better to say "why do people think they can drive through bad neighborhoods with their car doors unlocked" ??? :)

      So that would make firewalls and securing exploits like locks and closed windows... and Norton is like a guy who rides around in your back seat and should a car-jacker jump in he yells "Hey who the heck is this?!?" and kicks him out if you say so.

    4. Re:car analogy... by Em+Emalb · · Score: 2, Interesting

      How has microsoft convinced anyone for the past 20 years that security isn't important? If anything, I'd say it HAS convinced people security IS important.

      --
      Sent from your iPad.
    5. Re:car analogy... by ConceptJunkie · · Score: 3, Insightful

      Microsoft has made security a real issue since about 2000, or at least acknowledged it. Since about 2004 they have actually made significant headway solving the problem. Before then, they were pretty much completely negligent on securing their system or making users aware that Windows was like a sieve.

      That adds up to about 20 years of ignoring security, the legacy of which is still causing problems today, such as the more than 10 million botted Windows machines across the world.

      --
      You are in a maze of twisty little passages, all alike.
    6. Re:car analogy... by maxume · · Score: 1

      They figured out it was a misfeature; on my car, the button is in the glove box, which can be locked with the door/ignition key (as a bonus, I have valet keys that will open the door and start the car, but they won't open the glove box or trunk).

      --
      Nerd rage is the funniest rage.
    7. Re:car analogy... by linzeal · · Score: 1

      There was a story in Oakland a few years ago of a guy who was sick of people stealing his stereo. So he got this great idea, weld some razor blades to the back of the receiver and on the edge of the amps. As far as I know he is serving a 3-4 year sentence for assault with a deadly weapon.

      --
      An Education is the Font of All Liberty
    8. Re:car analogy... by bursch-X · · Score: 1

      Wrong analogy, cars make it clear that you have to take action to make your car safe. You lock it. On Windows the only "locking" mechanism obvious to the user is the login/logout. And of course to bring in another car analogy, if Windows was a car, the doors would have holes everywhere so you just put your hands in push in the right places and the doors would open, furthermore your car could be remotely unlocked with any multi-functional TV remote.

      --
      There are two rules for success:
      1. Never tell everything you know.
    9. Re:car analogy... by bursch-X · · Score: 1

      Unfortunately the Norton guy would be slightly senile and not notice many of the new kids on the block and let them take over your car anyway.

      --
      There are two rules for success:
      1. Never tell everything you know.
    10. Re:car analogy... by stine2469 · · Score: 1

      I dont have a 72 Pinto, but i have a very beat-up 94 mustang, and it's better if someone doesn't have to break out the windows to find that there is nothing of value (unless you count tacobell wrappers from the '90's) inside.

    11. Re:car analogy... by Opportunist · · Score: 1

      Because they're not losing anything if their computer is compromised. It's content vs. tangible good all over again. I'm fairly sure if the car wouldn't be gone so they can't drive anymore when someone steals it, people would leave the car keys in, because it's more convenient and they can't lose them.

      When you hijack their computer, first of all they don't notice it. They might notice their internet connection is getting sluggish at times, but they don't really care too much. FSCKing provider charging for 10mbit and I only get 7, talk about false advertising... but they leave it at that. It still works. Those ad windows are a nuisance, but that's certainly only something that I have to deal with. FSCKing webpages with their full size popup ads... but they leave it at that. It still works.

      You will notice that malware goes to extreme lengths to ensure it does NOT cripple the machine to the point where the user cannot use it anymore. I've seen code in malware that makes sure it does not clog the connection so people don't get inconvenienced enough to actually go investigate.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    12. Re:car analogy... by Opportunist · · Score: 1

      Not only that, but until recently it was easier to trash the car and get a new one instead of trying to get him out of the car at all. He had a bit of leprosy, so if you pulled to hard some bits of him fell off and rolled under your seat, then started to rot and stink up your car, usually enough that you eventually trashed it and got a new one.

      But he sure has spiffy clothing.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    13. Re:car analogy... by renoX · · Score: 1

      I'm not that convinced that Microsoft takes security seriously:
      http://www.theregister.co.uk/2009/06/18/windows7_security_hole/

    14. Re:car analogy... by mcgrew · · Score: 1

      Mine's right out in the open, but I did discover yesterday (used car, no manual to read) that if you lock the car with the remote, the button inside the car doesn't work. I still mey get under the dash and disconnect the button, though.

      --
      Free Martian Whores!
  11. Conficker Stats by NES+HQ · · Score: 1

    In case anyone's wondering: http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking

  12. I don't get it... by BlueScreenOfTOM · · Score: 1

    I don't understand why, in this day and age, this shit is still happening. I can think of at least 3 free antivirus applications that anyone with a Windows PC can download and use at no cost, with little or no effort required. Most COTS PCs come with some kind of antivirus software (usually the dreaded Norton, which totally blows but is better than nothing for most average users). Is the problem that people don't know that there are free solutions out there? Is it that people are willingly not installing antivirus? Are these viruses particularly good at avoiding detection? It boggles my mind that that many machines are still being infected.

    1. Re:I don't get it... by vil3nr0b · · Score: 1

      Even more boggling is when ISP's refuse to blacklist these zombies. Kill the modem after you send out a nice letter stating their box is hosed and must be repaired before they are allowed back on the pipe.

    2. Re:I don't get it... by 0ld_d0g · · Score: 0

      The Conficker vulnerability was patched months before it was seen exploited in the wild. All that means is people aren't up to date with security updates. I can understand some people being hesitant to install windows updates in case they break anything. [Though out of tens of thousands of updates, only a handful have broken software that was coded properly in the first place] But security updates should be installed automatically. I would argue that this should be the default option. If companies want they can turn it off but it should be on by default for home users.

      Ultimately its just a lack of awareness.

    3. Re:I don't get it... by Joce640k · · Score: 3, Informative

      Simple: There's always a window between a virus appearing in large numbers and an antivirus updating itself. Get a copy of Virtual PC and try it yourself - get a few viruses from your daily spam. I do it every once in a while and it can take two or three days for my antivirus to kick in. Today's Viruses can disable all the major antivirus programs and prevent you from rebooting in failsafe mode to delete them so once they're in, they're in. There's no way for the antivirus to get rid of them.

      --
      No sig today...
    4. Re:I don't get it... by techno-vampire · · Score: 1

      Can they prevent you from booting from a CD? If so, color me impressed. If not, you can always boot from a live CD with some form of Linux on it and ClamAV. Use that to clean up your system, then reboot into Windows.

      --
      Good, inexpensive web hosting
    5. Re:I don't get it... by pandrijeczko · · Score: 2, Informative

      I thoroughly recommend the Trinity Rescue Kit precisely for this purpose and for repairing and/or cloning NTFS partitions from a bootable Linux CD.

      And, no, I'm nothing to do with any of the team who develop it, I came across it pretty much by accident and have used it ever since.

      --
      Gentoo Linux - another day, another USE flag.
    6. Re:I don't get it... by raylu · · Score: 1

      Yes, of course that's a solution, but that hardly falls under the OP's "little or no effort required."

      --
      Maurice Wilkes, debugging, 1949
    7. Re:I don't get it... by techno-vampire · · Score: 1

      There's a slight misunderstanding here: I wasn't suggesting using a live CD instead of a virus checker running under Windows, I was suggesting it as a "last resort" when other scanners/checkers are unable to do the job. Yes, it's a bit of work (Not that much, really, once you have the CD set up.) but it's a lot better than nuking, paving and reinstalling.

      --
      Good, inexpensive web hosting
    8. Re:I don't get it... by Opportunist · · Score: 1

      There are many reasons. Allow me to list a few.

      First, the obvious one: The user with no AV suit and no brain. He got his computer built by a "friend" who is almost as clueless as him (or even managed to slap that box together himself), or (worse) thinks he's so damn smart and can get it done for cheap. I.e. hacked Windows (which can't be updated, but hey, it 'works'), AV costs money and those free ones are useless (the former is a matter of about 30-50 bucks a year, the latter simply untrue), and some 'tweaks' that eliminate the last threads of anything resembling security (like making his standard account administrator because then 'everything works'. Yes, indeed, including malware).

      Second, the almost as obvious one: The user who has an AV suit, but didn't ever bother updating it (or his OS for that matter). Either because it was disabled for some reason or because he's paranoid enough to avoid any contact with those companies (they're spying at you, after all... ironically, he's handing a lot more info to some people in a country the name of which ends in -stan).

      Then the user who had an AV suit that suddenly "stopped working". Probably around the same time when his license renewal was due. But hey, it continued to 'work', so why bother?

      And finally, my personal favorite, the dancing pig enthusiast. Most of the time a subset of the above, he finds something he REALLY wants to have or see on the internet and installs it, grants it every permission and clicks away every warning. Look up dancing pig in Wikipedia for an explanation, I'm feeling lazy today.

      Aside of these groups that make up something I'd estimate at about 80-90 percent of infections, there's also the battle between malware and malware fighting groups. And that battle can't really be won easily by the latter.

      First of all, you're always in the defense. You're always at the reaction side of the action-reaction equation. You can hardly go proactive and do something in advance. There's simply too much possible entry points for infections and you don't know what malware will do until you got it in your hands. I hope I'm not giving away trade secrets, but there's currently a strongly exploited 0day in circulation concerning a product from a maker of a well known graphics suit, document creator and a tool that's very popular with internet games (I guess anyone can guess now who and what product...). Now, AV people are scrambling to find out what kind of exploit it is (currently it seems it has something to do with the graphics rendering engine for certain formats in that product), when they find out how it's exploited they have to figure out a way to detect malware exploiting this hole, then they have to implement a way to detect that and finally push it to their AV updates.

      Yes, that takes a few hours, as you may expect.

      So you're always second in that battle.

      Now add that it's anything but common anymore to just provide the malware "plain". You have installers (like that 0day exploiting) that download encrypted executables (most of the time XORed, good enough to pass most firewalls easily, just XOR with another seed if you get too well known, or use multiple seeds to avoid brute forcing by the firewall), you have executables that are runtime packed and runtime encrypted (they come with their own decryption routine, very tricky for pattern matchers for obvious reasons and behaviour heuristics for their erratic behaviour before they're decrypted, not to mention that you get more and more decrypters that decrypt-then-run but decrypt on the fly, run and trash the already executed code)...

      I fear we're losing the battle. The way I see it, our only chance is to educate the user. We can't protect him much longer.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:I don't get it... by raylu · · Score: 1

      I'm aware, but this still is irrelevant to the original comment.

      --
      Maurice Wilkes, debugging, 1949
  13. BotNet Problem solved. by Anonymous Coward · · Score: 0

    Just create an update that wipes a system clean of them. Make it manditory with all virus protection and firewalls to have to have a clean slate before a user can access the internet, (kinda like that Microsoft update that made ZoneAlarm block internet access). I think the majority of the problem with BotNet's success, is the user is unaware of the infection.

  14. Gumblar? by metrix007 · · Score: 1

    Using the 9 ball exploits? Didn't even make the list?

    --
    If you ignore ACs because they are anonymous - you're an idiot.
  15. Re:slashbots - CmdrTaco always says that by zukinux · · Score: 1

    CmdrTaco always says that : "With great power comes great responsibility", he even told this sentence to Spiderman.

    That's why he's not using his power to get all the bitches out there.

    --
    Read and Comment at my BLOG
    !!!