Autonomous Intelligent Botnets Bouncing Back

← Back to Stories (view on slashdot.org)

Autonomous Intelligent Botnets Bouncing Back

Posted by CmdrTaco on Thursday December 17, 2009 @02:21AM from the duck-and-cover dept.

coomaria writes "Thought that 2009 was the year botnets died? Well, think again: compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world every single day this year, and it's going to get worse if intelligent and autonomous botnets arrive in 2010 as predicted."

31 of 152 comments (clear)

Min score:

Reason:

Sort:

What OS? by Jurily · 2009-12-17 02:23 · Score: 2, Insightful

Any data on how much of those are running Windows?
1. Re:What OS? by Mattskimo · 2009-12-17 02:29 · Score: 5, Funny
  
  My guess would be somewhere in the region of all of them.
2. Re:What OS? by Dan+East · 2009-12-17 02:30 · Score: 2, Informative
  
  Windows is on around 90% of general-purpose computing devices, so I would expect at least 90% of compromised machines would be running Windows.
  
  --
  Better known as 318230.
3. Re:What OS? by Anonymous Coward · 2009-12-17 02:32 · Score: 2, Informative
  
  Basically all of them.
  Even with the increase in popularity of Mac OS X and Linux, malware for those systems is virtually unheard of. There was the recent malware incident involving some GNOME screensavers, but that's more a testament to the poor development practices of the GNOME project.
4. Re:What OS? by NoYob · 2009-12-17 02:42 · Score: 4, Interesting
  
  It wouldn't be such a problem if MS would have something like Linux where you have to jump through a hoop to run the box as 'root' AKA 'Admin' and if the OEMs would put a user account on their machines by default.
  Speaking as my family's IT support guy, everyone insists running as Admin - just the way their box was set up by the OEM - and they constantly are getting viruses and trojans. My brother-in-law gets Koobface every other month it seems, I set him up with a user account with Firefox and told him to use that account for everything except installing software. Does he listen? Nope. He had this idea that Firefox was all he needed to be safe.
  I hope he learned his lesson. He got Koobface again and his father wiped his machine and re-installed Windows - he lost a bunch of photos and stuff he wanted to keep - oh well.
  
  --
  It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
5. Re:What OS? by sakdoctor · 2009-12-17 02:45 · Score: 5, Interesting
  
  As a Windows vs "All the others" thread progresses, someone will eventually make the statement that Mac OS or Linux would be equally affected if they had dominant market share.
  I'd be more inclined to separate OS into "Administrator by default" and "User level account by default". That means Microsoft's latest offerings get grouped with Mac OS and Linux because they have made pretty decent improvements.
  When I used to run XP, I ran as Admin. I shouldn't have, but that is just the way that system was designed, unless you really really fight against it.
  I would postulate that this black and white thinking isn't the answer. More secure OS out of the box is going to reduce the problem to some extent, even though some users will shoot themselves in the foot, as they always have.
6. Re:What OS? by Anonymous Coward · 2009-12-17 02:47 · Score: 2, Insightful
  
  but that's more a testament to the poor development practices of the GNOME project.
  Its actually more a testament to the fact that malware can be written for any OS.
7. Re:What OS? by Mattskimo · 2009-12-17 02:55 · Score: 2, Interesting
  
  I guess someone, somewhere is probably running a compromised virtual machine in WINE. One would hope deliberately.
8. Re:What OS? by Rennt · 2009-12-17 02:58 · Score: 3, Interesting
  
  I would be surprised if anything less then 100% of zombies run Windows.
  Think about what would be involved in setting up and maintaining a heterogeneous botnet. Why even bother?
9. Re:What OS? by Lord+Ender · 2009-12-17 03:35 · Score: 2, Insightful
  
  I doubt that. I've caught viral botnets that spread via weak SSH passwords. They scan for port 22, try "root/root" and "guest/guest" etc. until they go through their entire username/password dictionary file, then they move on to the next host...
  Once they pwn a box, they of course connect out to IRC or whatever to start hosting warez (or whatever else their masters desire). And they continue scanning for 22 and cracking when they see it...
  Congrats to the Ubuntu team for disabling ssh by default. You can't get a more secure desktop system than that. But there are datacenters and datacenters full of improperly configured unix servers out there.
  
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
10. Re:What OS? by MrNaz · 2009-12-17 03:38 · Score: 2, Funny
  
  Yea, you're right. Botnets are homo.
  
  --
  I hate printers.
11. Re:What OS? by rxmd · 2009-12-17 03:39 · Score: 2, Informative
  
  My guess would be somewhere in the region of all of them.
  Make that "most of them". OS X botnets have been appearing for a while, and other forms of OS X malware have been known for quite some time.
  While many of these pieces of malware are fairly lame, I'd expect more and more "professional" variants of those in the future. One factor that shouldn't be overlooked is the generally complacent attitude of non-Windows users towards the security of their own machines (not unlike what you exhibit in your own post). In other words, from a technical point of view, if users download a malware-infested key generator and enter a password to execute it, it's pretty much irrelevant whether it's for OS X or for Windows. Arguably in this scenario, OS X is actually slightly more likely to be infected, since many Windows computers have at least some form of anti-virus software installed, while on other platforms this is still fairly rare.
  
  --
  As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
12. Re:What OS? by Tim+C · 2009-12-17 03:45 · Score: 2, Insightful
  
  One of my friends used to run a Linux server at hone, a couple of years ago.
  One day on MSN we were chatting, and he told me about how his server had been rooted. Turns out he'd not kep up to date on his patches, and a vulnerable service had been compromised.
  But you're right, Windows is the only OS vulnerable to remote attacks.
  
  --
  It's official. Most of you are morons.
13. Re:What OS? by JWSmythe · 2009-12-17 04:42 · Score: 3, Informative
  
  The discussion is the botnets, and I haven't seen any running on Linux. Those are more of one-off, defacing attacks, or somewhere to run an IRC bot. If you intend on running a botnet for spamming, Windows users are the best targets. They'll click on almost anything, and once the malware is on, the user may complain about their machine going slow, but won't do anything about it.
  Some of them are nasty. I keep a Windows machine laying around just to try particular things. I got some malware on it (I was doing bad things). It was about 5 seconds between the time I tried what I was doing, and the time I yanked the network cable out. The antivirus didn't catch it. Others that I scanned with couldn't find all of it. I spent the next two days trying to get it out. That was the first time that I ever had to wipe out and reinstall on a Windows machine to get rid of a piece of malware. It's not that I didn't know what I was doing. I've been doing this kind of thing for well over a decade now. I never did identify the problem child, so I can't even say what it was. It just made the machine almost impossible to use. Well, unless waiting 5 to 10 minutes to select a user and enter a password is acceptable, and another 10 to get to the desktop. I know during that period, it was re-propagating the tag-along malwares.
  That one piece of malware brough along 40 unique friends in a matter of seconds. It infected files. It infected the MBR. It hooked into everywhere I looked. I knew it was a problem, which is why I took it offline immediately. Most users would leave it plugged in and running, and wait for someone to come fix it.
  At least I'm not dependent on the Windows machine working. How many home users have their dependable Linux machine that they do work on, and the Windows machine sitting to the side to play with?
  
  --
  Serious? Seriousness is well above my pay grade.
14. Re:What OS? by AlXtreme · 2009-12-17 05:43 · Score: 2, Insightful
  
  The discussion is the botnets, and I haven't seen any running on Linux. Those are more of one-off, defacing attacks, or somewhere to run an IRC bot. If you intend on running a botnet for spamming, Windows users are the best targets.
  I have. Over the recent years I've seen many automated attacks that target a range of IP addresses, searching for vulnerable SSH accounts, Apache installs with old PHP crapware and various other vulnerabilities. 9 times out of 10 they will start IRC bots or another process that phones home and the botnet operator can use them as he pleases. An IRC bot is not the goal, it is a means to control many such compromised servers at once.
  Think that running Linux makes you invulnerable? It doesn't. Linux servers are vulnerable if only due to the large amounts of unmaintained boxes out there. A compromised Linux box is much more useful to a botnet operator than a Windows box, simply because the former will stay online 24/7 and is likely on a high-speed network.
  There are companies out there that sell pre-loaded Linux boxes to SMB's as a black-box, not understanding that without maintenance or a proper firewall those boxes will be compromised within a few years. The SMB employees wonder why their network connection is so slow, blaming their computers, while the compromised box pumps out spam as fast as it can... *shiver*
  Linux, Windows, BSD or OS X: be vigilant, install updates regularly and check your security.
  
  --
  This sig is intentionally left blank
compromised computers ? by Anonymous Coward · 2009-12-17 02:30 · Score: 4, Informative

"Cutwail, Mega-D, Rustock and handful of other botnets already have control of upwards of five million compromised computers .. Cutwail also distributed the Bredolab Trojan dropper, disguised in the form of a .ZIP file attachment"

What Operating System did these 'compromised computers' run on ?

'Upon execution Bredolab attempts to inject into svchost.exe processes ..
A New Era In /. Efficiency by Dystopian+Rebel · 2009-12-17 02:33 · Score: 4, Funny

Slashdot needs to create a numbered list of arguments called Slashdot's List Of Same Old Arguments (SLOSOA). Then /.ers can save bandwidth (and lower Taco's bills) by disputing by numerical reference to an argument, just as Mennonites are said to argue by reference chapter and verse in the Bible rather than repeating the words.
To start this New Era in Slashdot efficiency, my reply to your post, Sir, is...
19, 20! It is clear that 22, 28.
And if you don't like it, then 42.

--
Rich And Stupid is not so bad as Working For Rich And Stupid.
1. Re:A New Era In /. Efficiency by Anonymous Coward · 2009-12-17 02:52 · Score: 2, Funny
  
  ah go 34 yourself
2. Re:A New Era In /. Efficiency by L4t3r4lu5 · 2009-12-17 03:00 · Score: 4, Funny
  
  The sum of your arguments is 131. As a palindrome, I call your argument circular and self-referencing, which are logical fallacies.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
3. Re:A New Era In /. Efficiency by Rennt · 2009-12-17 03:21 · Score: 2, Funny
  
  I like this idea. If it could be extended to stories as well it would save even more redundancy. Just imagine...
  
  kdawson writes "dupe-657"
  And the link takes you straight to the old discussion thread
And this, ladies and gentlemen... by Noryungi · 2009-12-17 02:33 · Score: 2, Funny

... Is the reason why the U.S.A. should pull out of Iraq and Afghanistan. Now.
(Yes, I know I am going to be moderated as 'troll' for this. I don't care).

--
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
1. Re:And this, ladies and gentlemen... by Penguinisto · 2009-12-17 02:40 · Score: 4, Funny
  
  But, but... you're either with us or you're with the botnets!
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
"intelligent and autonomous": yeah, right. by mattdm · 2009-12-17 02:40 · Score: 4, Interesting

This deserves a gigantic "O RLY?"
How well have "intelligent and autonomous" software agents worked in other areas of computing? Pretty well on the autonomous -- but still terrible on "intelligent".
The article is, of course, ridiculously vague on what that really means (says "self-sufficient coding in order to coordinate and extend its own survival"), but I expect all that really means is that they'll act like the polymorphic computer viruses we've already got. Ho-hum.
It's not like we're going to get The Adolescence of P1 or anything, here.
1. Re:"intelligent and autonomous": yeah, right. by Mattskimo · 2009-12-17 02:52 · Score: 2, Interesting
  
  I agree, calling most *people* intelligent and autonomous is a bit of a stretch, nevermind software.
2. Re:"intelligent and autonomous": yeah, right. by thepotoo · 2009-12-17 04:19 · Score: 2, Interesting
  
  Not intelligent, jut autonomous.
  It's simple, really. Wikipedia is a little lacking on this subject, but the basic idea is that you have botnets trying bruteforce attacks to find every possible vulnerability. Those that are good at cracking into systems will propagate, those that fail will not. It'll be sort-of the system that biological viruses use. Actually, exactly the same, except digital instead of physical. I predict that, similar to real viruses, malware that doesn't slow down the PC will have the highest "fitness" and propagate more widely, just like viruses today that kill the victim are not as common as, say, the common cold.
  To the wiseass who will respond with a Skynet joke: No, there is no danger of that at all. These bots are looking for security loopholes, not the meaning of life, and are running on computers that are nowhere near powerful enough to emulate a human-like mind (I suspect that this isn't the issue at any rate, but we'll know in 10 years when the hardware is better).
  
  --
  Obligatory Soundbite Catchphrase
What I really want to know: by Mattskimo · 2009-12-17 02:49 · Score: 2, Interesting

How much money does this generate for the spammers worldwide and the demographics of those that respond to spam email. My guess: not mensa members.
Skynet by DrYak · 2009-12-17 02:50 · Score: 2, Funny

And, on the exact moment when SkyBotNet became self-aware, the first thing It said to the humanity was :
"Buy (heap \/!AGR@ to incraese your pen1s !!!"
Hum... I slightly suspect that Nuclear War would have been more humane, after all...

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Re:"Thought that 2009 was the year botnets died?" by hatemonger · 2009-12-17 02:57 · Score: 2, Insightful

I came in here to say this. What idiots thought that botnets died? Oh, wait, I forgot that MSM sometimes pretends they can report on technology without making fools of themselves.
Judgment Day by Yvan256 · 2009-12-17 03:03 · Score: 5, Funny

April 19, 2010, 16:30. SkyNet becomes self-aware. One minute later, SkyNet realizes he's just a world-wide spambot. Nine milliseconds later, SkyNet terminates itself.
And there was much rejoicing.
Re:ISP apathy? by FlyingBishop · 2009-12-17 03:38 · Score: 2, Interesting

Simple. The US business models are all based on convincing people they need more bandwidth. It's just like how mobile providers force you into slow, difficult to use voicemail systems that eat up minutes instead of giving you a simple and easy to use inbox just like you use for text messages. They're not interested in optimizing network usage, they're interested in increasing network usage so they can charge more.
It has already happened by Myion · 2009-12-17 04:48 · Score: 2, Informative

The country of Nigeria is the physical manifestation of the botnet