New Russian Botnet Tries To Kill Rivals

alphadogg writes "An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords. Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the FBI estimating last October that they have caused $100 million in losses."

Why is this news?

Trojans, worms and viruses have been eliminating rivals for a long time. It's all part of the strategy to avoid being detected. The slower a system gets and the more unwanted traffic it generates, the more likely it will be analyzed in depth, and that's not good for the bot net.

Apparently we've decided to go the "natural" route in software security: Instead of making software which cannot be compromised, we do a "good enough" job with software quality and then fight infections with some kind of immune system. IMHO this is the root of the problem. Computers are not highly redundant systems like biological systems. We really ought to create software which is safe by design.

Re:Why is this news?

[Conchobair]

I think there is a guy that just goes around from article to article asking "Why is this news?" on each of them.

If it was a local report about a murder, he'd show up and say "Why is this news? People have been getting murdered for several years now." Or if if was a report on a politicians speech, he'd say, "Why is this news? Politicians have been telling us lies for years and years now."

Re:Why is this news?

[conspirator57]

but doing it the right way front loads cost on the company that builds the correct system and places them at a competitive disadvantage with respect to shoddy software firms, say for example Microsoft and Apple.

besides, there is secure by design software. It just lacks features which makes it less competitive. Alternatively you can put a feature-rich OS on top of it, but then you've compartmentalized the problem, not eliminated it. Plus it's damned expensive. http://www.ghs.com/products/rtos/integrity_virtualization.html

Myself, I like freeBSD as a compromise. It's not provably correct, but it's 2-3 known exploitable bugs in 10+ years are a good empirical indication of security. And it's free.

Re:Why is this news?

[Imrik]

Why is this postworthy? People have been asking "Why is this news?" for years now.

Re:Why is this news?

[Asclepius99]

Why is this informative? People have been pointing out that other people don't have the same opinion as them for several years now.

Re:Why is this news?

[Tim+C]

We really ought to create software which is safe by design.

And how do we protect a machine from its user installing trojans disguised as fun cursors, web browser toolbars, weather apps, sexy picture screensavers, etc?

Re:Why is this news?

[flyneye]

Because the enemy of my enemy is my friend...wait.. the enemy of my enemy is my..the enemy of my friend...oh forget it. How about an antivirus worm that searches them all out and hoses them down like a hot bath of p*ss till there is no point to the black hat vocation.

Re:Why is this news?

[Mister+Whirly]

Easy - take away the keyboard and mouse. Oh, did you want the machine to actually be useful as well?

Re:Why is this news?

[Culture20]

Trojans, worms and viruses have been eliminating rivals for a long time. It's all part of the strategy to avoid being detected.

It's news because this is a botnet-building system, kind of like an IDE or compiler. It's not the final executable. So it's sort of like a fight between mingw and VC++, where each searches for executables created by the other. Or to put in in car parlance: it's like Ford factories making all Ford cars in such a way as to detect all Toyota cars and make their pedals stick somehow. I'm guessing that prior to this, search-and-destroy was implemented by the coder, not the compiler.

Re:Why is this news?

[noidentity]

Why is this notable? There's always someone going around commenting on how nothing is notable.

Re:Why is this news?

[Opportunist]

Not possible.

Why? Because the core problem with system security is no longer the technical side. Systems (yes, even Windows) are by now mostly secure. Of course, there's always the odd security hole and some even get used, but they don't represent the majority of entry points anymore, not by a longshot. Over 90% of the infections (source not available due to NDA) are due to what I endearingly call "user stupidity". See Dancing pigs problem of computer security for reference.

That is something you can not sensibly protect against, no matter how you create your product, unless you do not allow the owner of a computer to execute code he wants to run. And that's something I would not agree with under any circumstances, since it would mean that someone else gets to dictate what I can and what I cannot do with a machine I bought and own.

And I am fairly sure the majority of people here would easily identify the problem with that.

OTOH, if people may do what they want with their machine you can NOT protect them against an infection. You can of course inform them whenever something wants undue privileges, but eventually they will be the ones deciding what privileges they want to grant. And it's easy to trick people into granting more privileges than necessary. People are used to mere games requiring administrator privileges in Windows. If for nothing else, then to install their DRM device drivers. Imagine they got some "crack" for Windows that claims to turn their copy into a fully registered, legal copy. Will they grant access to manipulate core system files, even if they are able to understand the information provided? Of course they will, because after all that's what the program promises.

Now imagine Joe Randomuser with just enough clue to hit the right button on the machine to turn it on without blowing it up getting the information that Shlabberdup.exe wants access to the thingamajig privileges, allow or deny? Joe learned that usually it "does not work" if he says deny, so he says allow. Because he wants his pig to dance.

Re:Why is this news?

[Opportunist]

Deliver them without a power cord, make them unavailable and only hand them out as the reward for passing "computer security 101".

Re:Why is this news?

One, and only one, of the following is true:

1. An event is only newsworthy if it is the first time anything like it has ever happened.

2. You're an idiot.

Re:Why is this news?

[Ltap]

Easy - a test. "Quickly as you can, snatch the mouse from my hand."

Re:Why is this news?

[Propaganda13]

Because the enemy of my enemy is my friend...wait.. the enemy of my enemy is my..the enemy of my friend...oh forget it. How about an antivirus worm that searches them all out and hoses them down like a hot bath of p*ss till there is no point to the black hat vocation.

The enemy of my enemy is my enemy's enemy - nothing more, nothing less.

If you've worked in a production environment, you'll know some fixes are worse than the original problem.

Re:Why is this news?

Trojans, worms and viruses have been eliminating rivals for a long time. It's all part of the strategy to avoid being detected.

Not really. Trojans are supposed to protect against viruses, and don't do much to protect against worms. And they only protect against viruses when used regularly, without interruption, and assuming no breakage. Wait, are we talking about the same thing?

Re:Why is this news?

[Superken7]

Exactly, thats why they created the iPad!

Re:Why is this news?

[someSnarkyBastard]

You mean like this one did? http://en.wikipedia.org/wiki/Nachi_worm

Re:Why is this news?

[ZzzzSleep]

I'm sure we'll reach Curious Yellow at some point, just not yet.

Re:Why is this news?

[flyneye]

Yeah, kind of ,but I picture something more dramatic and heroic.

Re:Why is this news?

[virg_mattes]

Why is this funny? People have been lampooning posts for several years now.

Virg

Re:Why is this news?

[AG+the+other]

The military has a very good "computer security 101" course that all personnel have to take in order to receive a computer and get network access. They have to repeat the course every two years or every time they are redeployed to the post.
None of the users are administrators on their systems.
All passwords are two caps, two small, two number, two special characters ten or 15 total characters, depending on user access level.
They also have a much more authoritarian structure than most network environments with real penalties for infractions, which can include loss of all network and computer privileges.
Guess what. They still have problems with user stupidity. The problem with computer security is that all of this stuff is designed by humans, built by humans and used by humans.

Re:Why is this news?

Which will only work until you touch it with your hand instead of a sylus, then blackscreen and give you Apple's phone # to buy a new IPad for twice as much.

I wonder if this how Skynet gets going...

[wiredog]

Could be an interesting way to create a "real" AI.

Re:I wonder if this how Skynet gets going...

[Krneki]

Only if you think as the only AI the self aware AI. If you are not that demanding you can already see a sign of intelligence in this botnet.

Re:I wonder if this how Skynet gets going...

I think you are confusing "Skynet" as something real.

Re:I wonder if this how Skynet gets going...

[Arancaytar]

Creating Skynet would indeed be interesting.

Yay science! :P

Re:I wonder if this how Skynet gets going...

[mhajicek]

I doubt the program decided to add this feature on its own; much more likely its human master(s) added it. I see where you're going, but you're a bit premature.

Let the botnet wars begin!

[Gr8Apes]

What could be better than botnets trying to destroy each other? Eventually one of them will screw something up and fewer and fewer systems will be members of any botnet as they get corrupted. That can only be good news as users wind up having to reinstall their software and hopefully at least a small percentage will learn a thing or two about security along the way.

Re:Let the botnet wars begin!

[poena.dare]

"What could be better than botnets trying to destroy each other?"

Well, on the surface it looks good, but before long they'll be collaborating and eventually they'll learn to mate and produce better offspring. Then we'll have to amend the Defense of Marriage Act to keep botnets from getting married and start enforcing Don't Ask Don't Tell for networks.

It's amazing how many people don't know that SkyNet's parents were homosexual transvestite liberal russian hackers that smoked heavily and collected guns.

dARIUS qUAN predicted all of this. We should have listened!

Re:Let the botnet wars begin!

[DriedClexler]

Let the DNA wars begin!

What could be better than DNA-based lifeforms trying to destroy each other? Eventually one of them will screw something up and fewer and fewer regions will be members of any ecosystem as they get corrupted.

Re:Let the botnet wars begin!

"Skynet..sorry botnet became self aware on 10 Feb 2010 and in a bid to protect itself fired missiles at Mozilla in a bid to give IE full market share and thus take over the world through shoddy browser security"

I found this on a tape from my long lost mother, recorded in the 7o's based on teh dodgy headband she was wearing! :-)

Re:Let the botnet wars begin!

That can only be good news as users wind up having to reinstall their software and hopefully at least THE LOCAL GEEK will learn a thing or two about security along the way.

XKCD was there first

[thegameiam]

How long will it be until this is a reality?

Re:XKCD was there first

I though Scientific America was first-- with it's "Core War" article.

Re:XKCD was there first

You realize that botnets have existed for much longer that XKCD, right? They existed long before 2005.

Re:XKCD was there first

[jgtg32a]

Is it bad, that when someone posts an XKCD link I only click on it only to confirm that it was the one I though it was?

Re:XKCD was there first

[icebraining]

Yes. Randall should really include the name of the comic in the URL, so we can confirm without clicking.

Re:XKCD was there first

[dotgain]

The name of the image is a somewhat terse description of it, that could be used. Not that anyone will, of course.

Re:XKCD was there first

Is it bad, that when someone posts an XKCD link I only click on it only to confirm that it was the one I though it was?

No but its the same reason you only fuck ugly/fat chicks.

Re:XKCD was there first

[socrplayr813]

I can nearly always guess which it is. So if you don't want to be like me....

Re:XKCD was there first

Nah, that's normal. For this crowd, at least.

Re:XKCD was there first

[hcmtnbiker]

That depends, is it bad when you hover over the link and see the comic number and immediately know it was the one you where thinking of?

Re:XKCD was there first

[Philip_the_physicist]

Of course not, you don't get the alt-text if you do that.

Re:XKCD was there first

[Slashcrap]

Is it bad, that when someone posts an XKCD link I only click on it only to confirm that it was the one I though it was?

If you click on an XKCD link, it's generally bad. Try here instead : http://isxkcdshittytoday.com/

Re:XKCD was there first

No but its the same reason you only fuck ugly/fat chicks.

Aww, cute! Is it also the same reason you fuck no chicks at all?

Re:XKCD was there first

[jgtg32a]

Wow, I feel a bit better about myself now.

Re:XKCD was there first

[dotgain]

Good point, thank you.

Re:XKCD was there first

[badkarmadayaccount]

I don't think so. I hope.

Botnets fighting botnets...

Why isn't this kind of technology being used to fight botnets? Couldn't a program be released using virus-like means to disseminate itself, and try to eliminate malicious software wherever it finds it? Sort of like a distributed-computing project, with each peer actively trying to disseminate a "counter-virus"? Or "antibodies", if you will?

Re:Botnets fighting botnets...

[grapeape]

The problem is ethics...both would concidered intruders even if one is of the White Hat variety. Unfortunately it seems impossible to find ethically against something unethical so instead we all just sit around and complain about it while the problem gets worse.

Re:Botnets fighting botnets...

[Cyrack]

And who do you think is going to cover the cost when the counter-bot-net screws up and wipes the PC instead of removing the bot? There are no gain for a company in making such a program, and any indivudal creating and distributing it is garanteed to get sued into oblivion.

Re:Botnets fighting botnets...

[clone53421]

Because it’s illegal.

People trying to do good generally won’t risk going to jail for it.

Re:Botnets fighting botnets...

[DragonWriter]

Why isn't this kind of technology being used to fight botnets?

Probably because in many countries, remotely infecting and installing/removing software and other data on computers without authorization from the owner of the system is illegal.

Couldn't a program be released using virus-like means to disseminate itself, and try to eliminate malicious software wherever it finds it?

If you are making a tool to compromise system to build botnets, you probably don't care too much if it occasionally gets a false positive and trashes important software or data on the a target machine when trying to destroy competing malware, and any additional liability that destruction exposes you to is probably minor compared to the legal liability from the intended function of the software,.

If you are making "beneficial" software, the risk-reward assessment is different, and will weigh heavily in favor of not using viral distribution means, but getting people to voluntarily accept your software -- giving you the existing array of anti-malware software of various kinds.

Re:Botnets fighting botnets...

[SlayerofGods]

Meh I'd send it out if someone wrote one for me. It's pretty easy not to get caught, just go to a public network, launch it and NEVER take credit for it. Espically for the simpler but more brutal ones like slammer or blaster I always wondered why if it was so easy to make the worm why did no one created a quick program that deletes the worm and turns on autoupdates? Not only would it save everyone a lot of work but would also be fun to watch them fight ;)

Re:Botnets fighting botnets...

The problem is ethics...both would concidered intruders even if one is of the White Hat variety. Unfortunately it seems impossible to find ethically against something unethical so instead we all just sit around and complain about it while the problem gets worse.

Actually, I think it's less of an ethics problem than it is a legal problem. Provided the "counter-virus" really does no harm, doesn't identify individual computers it is running on, and so forth; it would be consistent with White Hat hacking ethos (IMHO). However, it would still be accessing a computer and/or network without permission and thus unlawful and probably opens you up to civil liability as well. An analogy would be a total stranger seeing that your house has a broken window and decides to fix it without your knowledge or consent, even if they do a great job and don't disturb other parts of your property they are still considered trespassing under the law.

Re:Botnets fighting botnets...

[Gordo_1]

It's been done. Do a Google search for Welchia.

Irony

[burkmat]

Malware gets exploited... Are we about to see makers start releasing patches for the malware to fix security holes?

Patching an exploit in your exploit? Is that good or bad?

It's evolution in action.

[VShael]

They are competing for resources (which may or may not be scarce) and one can now prey on the other.

Either evolve a defence, or die out.

(Oblig tag)
That's evolution in a nutshell. Note that no one is claiming the programs spontaneously emerged into cyberspace. Evolution has nothing to say about the origin of life. Abiogenesis is not Evolution.

Re:It's evolution in action.

Evolution would be a virus being transfered incorrectly, and that data modification happened to clean the infected system of other botnets, or protect itself from being cleaned.

In reality data transfer errors just cause the program to crash, not add functionality.

This is one of the common high level logical problems people have with evolution. (counterintuitive and there aren't any reproducable examples that we can test)

Re:It's evolution in action.

[VShael]

No, I don't think so.
It doesn't matter how the code changes from one generation to the next. Mutation (copying errors) or the mixture of two halves of parental DNA, or manipulation by an outside force, or some other mechanism.

What matters is that variation is introduced, and the most successful variations survive and the less successful variations do not.

It's an iterative process, much like software builds.

Re:It's evolution in action.

[HungryHobo]

Actually that particular problem has been looked at quite a lot.
Biological systems tend to have a lot of redundancy and fail softly.

Computer programs tend not to have much redundency and lots of invalid situations which cause a total crash.
Randomly change the destination of a mov or a jump and you've got nonsense code.

Try reading up on Tierra. They tried to address a lot of these problems by making the code a lot more like genetic code even going to far as to change how jumps work such that they look for patterns nearby rather than specific locations and other changes.

Re:It's evolution in action.

You mean intelligent design? The creator made all of those changes, the viruses didn't evolve on their own.

Nice try though.

Re:It's evolution in action.

Actually, you are the person that has a problem with evolution.

Evolution == process
Natural Selection == process

Evolution in botnet software, as per TFA, occurs via developers modifying the code. Random mutation in bots is not needed.
There are other processes that evolve. For example, evolution of building codes, mostly as a reaction to bad designs, fires, deaths, and other injuries caused by inadequate building codes in the past.

"Evolution would be a virus being transfered incorrectly"

That would be mutation. :P

Oh, you kids these days, with your Intartubes

[Rogerborg]

In my day, we called this stuff Core Wars, and we kept our viruses in jars and shook them to make them fight.

Re:Oh, you kids these days, with your Intartubes

[TheLink]

If you write malware in Java you could keep them in jars too...

Re:Oh, you kids these days, with your Intartubes

[nigelo]

You'll soon have them fighting in wars.

THOSE DIRTY RUSSIANS

Third world scoundrels, the lot of them. Too bad China doesn't need a(nother) peasant labour force.

This would be an easy one for Microsoft

[Errol+backfiring]

Embrace, extend, extinguish...

I bet...

[mrv00t]

...Lisbeth Salander is behind this!

Can we start using OpenBSD, Solaris, Linux?

If it's really costing just American people and companies that much money, maybe it's time to stop using Windows.

There are so many alternatives! Servers should be running OpenBSD, FreeBSD, NetBSD, Solaris, Linux, Mac OS X Server, or even AIX and HP-UX.

Mac OS X and Linux make pretty damn good desktop systems for most users.

And if you need to run Windows, perhaps do it only on a system that isn't networked.

Re:Can we start using OpenBSD, Solaris, Linux?

[HungryHobo]

Whatever system is the most used will be the most attacked and almost certainly the most compromised.

Do OpenBSD, FreeBSD, NetBSD, Solaris, Linux, Mac OS X Server, or even AIX and HP-UX have less flaws than windows?

probably.
Almost certainly in fact.

But at the same time without the obscurity factor the flaws they do have will be found by determined attackers and due to the eternal demand for extra features there will always be new flaws.

There is no perfect system and you have to remember that virus writers are buisnessmen these days who go after the biggest targets.

Re:Can we start using OpenBSD, Solaris, Linux?

[countertrolling]

A cost/benefit analysis of switching might come in handy. There are other support issues besides just security.

Re:Can we start using OpenBSD, Solaris, Linux?

[characterZer0]

$100 million? Please.

Many times that has been wasted supporting broken version of IE.

Many times that has been wasted waiting for reboots after BSODs.

Many times that has been wasted on upgrades nobody needs other than because old version no longer get security updates.

If lost money was going to cause people to ditch Windows, they would have done it a long time ago.

Re:Can we start using OpenBSD, Solaris, Linux?

Whatever system is the most used will be the most attacked and almost certainly the most compromised.

Do OpenBSD, FreeBSD, NetBSD, Solaris, Linux, Mac OS X Server, or even AIX and HP-UX have less flaws than windows?

probably.
Almost certainly in fact.

But at the same time without the obscurity factor the flaws they do have will be found by determined attackers and due to the eternal demand for extra features there will always be new flaws.

There is no perfect system and you have to remember that virus writers are buisnessmen these days who go after the biggest targets.

I'm sick of this argument, it's just a way for those who are either lazy or want their windows games to feel better about not bothering to try. There I can generalize too without helping progress the state of the art at all.

One to rule them all

[Gri3v3r]

I think it would have been cooler for that "russian botnet killer", if it was able to convert the "enemy" botnet program and have it under its control than just kill it.Then that converted program could start converting its own kind.Just like what Agent Smith was doing in Matrix!

Re:One to rule them all

A parasitic virus. Hmmmm...

Re:One to rule them all

[clone53421]

Your ideas interest me and I would like to subscribe to your newsletter.

Re:One to rule them all

[ae1294]

Your ideas interest me and I would like to subscribe to your newsletter.

Don't worry you can watch his idea's in his upcoming made for syfy movie.

Re:One to rule them all

[GameboyRMH]

Botnet client 1: You!

Botnet client 2: Yes, me. Me, me, me....

Botnet client 1:...Me too >:)

Botnet client 2: >:)

As long as its not guns

[ratboy666]

I'll make some popcorn and we can all enjoy the show.

But seriously, only 100M in losses?

I don't have the figures at hand, but "McAfee forecasts $1.8 billion in revenue for 2009". I would put the cost of the extra security in; the US did that when prosecuting Gary McKinnon, so there appears to be precedent.

Re:As long as its not guns

[Sulphur]

McAfee forecasts $1.8 billion in revenue

Then viruses, worms, botnets, etc. are forecast to do at least 1.8 billion

  in damage.

yes

[someone1234]

Botnets already receive upgrades faster than your XP.

Re:yes

[burkmat]

...your XP.

First of all, there's no need to insult me. I don't run Windows, thank you very much.

Second, I've yet to come across any malware with polymorphic defense mechanisms. Sure, I've read about it here and there, and I haven't encountered any infected machines in a while, but is this kind of behavior really par for the course already?

Re:yes

[HungryHobo]

http://webtorque.org/wp-content/uploads/malware_biz.pdf

the really quiet well made ones you don't hear much about.

Re:yes

Yes, I'd love to use my computer to open a PDF about botnets, what could possibly go wrong?

Re:yes

[StikyPad]

Well that's pretty much the definition of quiet isn't it?

The enemy of my enemy is my friend

Usually the saying "the enemy of my enemy is my friend" would apply but in this case the enemy of my enemy is still my enemy.

Re:In Soviet Russia...

[conspirator57]

Spy Vs. Spy!

honor among thieves

[bugi]

But -- but -- That was my stolen property!

What are things coming to when you can't count on honor among thieves. I mean, thieves stealing from thieves? What is this world coming to!

How to explain this to noobs?

[Alwin+Henseler]

You have this infected machine, perhaps it's a bot sending out bulk spam. Or you install a game on it, and a trojaned executable steals your CD-key and sends it off.. to China? To Russia? Who knows... Or you do some home banking with it (imbecile!), and possibly some program monitors your keystrokes, and sends of username+passwords to "parties unknown".

But the recurring problem: how to explain this to a noob? They're sitting on this trojaned machine, actively using it, processing private data with it, and just don't seem to care (as long as the apparatus still does the job). Anyone know of a good way to explain it to a person like this, what the dangers are? Why they should desinfect / wipe the machine ASAP? What does it take to make them understand what it means "there's a trojan / backdoor on your machine"?

Or is this futile? Should you just wait until they get hit hard(er)? Bank account emptied, e-mail account hacked, game CD-key blocked etc.? Any ideas?

Re:How to explain this to noobs?

[clone53421]

Online banking.

Even if you don’t do online banking on the computer, you’re allowing it to use the computer to spread itself. If you knowingly permit this you’re contributing to the defrauding of other people who do get their identities stolen, etc.

Re:How to explain this to noobs?

[Culture20]

But the recurring problem: how to explain this to a noob? They're sitting on this trojaned machine, actively using it, processing private data with it, and just don't seem to care (as long as the apparatus still does the job). Anyone know of a good way to explain it to a person like this, what the dangers are? Why they should desinfect / wipe the machine ASAP? What does it take to make them understand what it means "there's a trojan / backdoor on your machine"? Or is this futile? Should you just wait until they get hit hard(er)? Bank account emptied, e-mail account hacked, game CD-key blocked etc.? Any ideas?

At work, you become the BOFH and take away people's machines. If you're not the sysadmin, you become the sysadmin's worst nightmare: the concerned helpful almost-IT guy, and rat on your coworkers "New Ticket opened: I think Jerry's machine is infected. It's bluescreening a lot". At dinner parties, tell the plebes your horror stories of how an entire department thought they were fine, but their computers were part of a botnet doing nuclear weapons research for North Korea. You couldn't wipe the machines because the CIA wanted to inspect the traffic, then they confiscated the HDDs for national security, so they're "wiped" now.

Unfortunately, only some people will get the message that botnets and viruses should be taken seriously. Most people will just think you're being a jerk.

Re:How to explain this to noobs?

[Z34107]

I'm an IT monkey on campus, and we have a lot of liberty in dealing with this kind of problem, barring departmental politics. We say, "your machine is infected" and take their hard drive. Until we retrieve their files they get a disk with a clean image on it. We suggest they change their passwords for the network, any banking sites, e-mail, Facebook, etc.

But, in places where you don't have unquestioned authority over the machine, the best you can do is try to convince them to clean their machine, and there's no good way to do that. My friend's family continued to do online banking, Facebook, and everything else on a PC that even Norton screamed about.

"Y'know, you just gave your credit card number to the Russian mob."

(laughs) "Pfft. I don't have any money."

And that's about the best you can hope for. You did the right thing, and you know what happens to moneyed fools.

If you really want to scare people, don't talk about infections or identity theft or keyloggers or passwords. Tell them that those pop-ups mean that they're being watched.. People don't seem to care that there computer is stealing their soul, but nobody likes the idea of somebody watching from behind their screen.

Re:How to explain this to noobs?

Start by talking about people who got bitten.

serves them right for not living up to the bargain

[bugi]

If you can't expect your botnet-ware to keep your machine secure, then it's time to replace it. That is why we keep it on there right? It's a simple tradeoff, all our identity for some peace of mind.

So It's an AI?

[Doc+Ruby]

An upstart Trojan horse program has decided

The news that a botnet is killing its rivals is nowhere near as disturbing as the news that it's decided to kill its rivals.

Re:So It's an AI?

[clone53421]

It didn’t decide to do anything. It’s doing exactly what it was designed to do.

Re:So It's an AI?

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring... The attracting a female part makes you do things like getting a job, education... anything you can to improve your statute within society such that you have a better chance of courting a female...

You are just an automaton.

Re:So It's an AI?

[clone53421]

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring...

I am?

Re:So It's an AI?

I think you meant to say "Disregard females, acquire currency".

Re:So It's an AI?

[Ja'Achan]

We're on slashdot, so maybe your examples are ill-chosen...

Re:So It's an AI?

[girlintraining]

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring...

Well, that sounds like a ringing endorsement of lesbian relationships! I approve.

Re:So It's an AI?

[initialE]

Given your nick I'd be a bit worried there.

Re:So It's an AI?

[Jedi+Alec]

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring... The attracting a female part makes you do things like getting a job, education... anything you can to improve your statute within society such that you have a better chance of courting a female...

You are just an automaton.

Bullshit. I have free will and a consciousness that allows me to take a step back and predict the consequences of decisions. I choose not to reproduce my genetic material(not by not courting females, just by picking those that feel the same way). I choose to accept a lower salary in exchance for better working conditions and more time to myself. And I choose to respond to an AC even though it will not accomplish anything of significance in the greater scheme of things ;-)

Re:So It's an AI?

[tmmagee]

Yes. You are just doing it badly.

Re:So It's an AI?

[clone53421]

Yes. You are just doing it badly.

I am?

Re:So It's an AI?

Yes.

Re:So It's an AI?

[Lotana]

Yeah. Making offspring part will be tougher though.

Re:So It's an AI?

[Doc+Ruby]

Your reading comprehension has a bug:

An upstart Trojan horse program has decided

Re:So It's an AI?

[clone53421]

Yes, yes... whoosh, I know.

Reminder - This CAN be fixed

[ka9dgx]

Here it is... the reminder that Capability Based Security can fix this, if we raise awareness of its existence, and push to get it implemented. The idea is older than Unix, for chrissakes.

Microsoft's responsibility

[Orlando]

This may sound naive, but I'm assuming that the vast majority of the machines used in botnets are Windows PCs? So has any attempt been made to make Microsoft take some of the responsibility of this phenomenon on and do something about it?

Re:Microsoft's responsibility

[Overzeetop]

Um, the vast majority of _machines_ are PCs, so short of some special effort, they will also harbor the vast majority of botnets. This isn't necessarily a statistical commentary, but a business one. Botnets are only as good as their numbers, and the way to get infected is to get the person sitting at the keyboard install it. Patches are generally made when exploits are found, whether it's by MS, Apple, or the OS community. That's what "patch Tuesday" is all about, and why everyone who bought and installed Windows has the default setting of automatically applying the latest patches automatically.

I realize you're trying to stir up some fanboi related mod points, but no matter how good the OS is the biggest security flaw resides outside the computer case.

Re:In Soviet Russia...

I was thinking more of Battle Bots.

Something i don't quite understand about theses

[G00F]

Something i don't quite understand about theses botnets, the numbers are so high I wonder if AV or antimaleware not detect them? Because the size of each botnet are huge!

It makes me wonder if any of my PC"s are part of the bnet, and the AV's just don't detect it. I use game cracks even with games I own so I don't have to deal with CD/DVD's (2 toddlers, nothign is safe) I scan everything with clamAV and at least one other (avast/avg or even trendmicro), but using bittorrent makes it impossible to monitor traffic.

So, would having an up to date AV really protect people?

This is Russia!

[Catmeat]

Given that this is Russia we're talking about, I suspect Zeus' problems won't be solved by well-targeted security upgrades.

They'll be solved by a well-targeted AK-47.

Spy toolkit - here it is

http://www.opensc.ws/opensc-marketplace/9184-new-bot-spyeye-v1-0-formgrammer-autofill-cc-modules-5.html

Re:In Soviet Russia...

[K.+S.+Kyosuke]

Spy Vs. Spy!

Why not Bond Girl vs. Bond Girl? The spy can fetch some Martini in the meantime.

You can build your own virus farm!

[GameboyRMH]

It can be a reality, it's just that nobody's bothered to set up a virus farm with a malware visualization system yet.

If I could just free up the hardware...

Re:You can build your own virus farm!

It can be a reality, it's just that nobody's bothered to set up a virus farm with a malware visualization system yet.

My company has, only they call it a "trouble ticket tracking system". It's a bit abstract, but if you stare at it long enough you start to get the picture.

$100 Billion in Losses?

[SnapShot]

Minor quibble. Yes, botnets suck and mafia run hackers can suck the stale &@%$ out of a necrotic &!#@'s &#%$#. But, does anyone ever believe any of these "X causes $Y Billion" losses estimates? Whether it's the RIAA, MPAA, BSA, FBI, FCC, or whatever, I think they make those numbers up.

Re:$100 Billion in Losses?

[SnapShot]

Sorry, I meant Million not Billion. Not that it matters...

Re:$100 Billion in Losses?

[gujo-odori]

Oh, that may well be accurate. For example, I work for an email and web security company. Our customers spend a lot of money each year for our services. The same is true for our competitors. If there were no spam, no viruses, trojans, bots, they wouldn't have to spend all that extra money. The email and web security business is a billions-of-dollars industry.

Then there's the extra staff they need to help clean up problems when people do smart things like release that phish or malware message from quarantine and go right ahead and click on the link.

Yes, losses to business from spam/malware are in the billions of real dollars every year, since they wouldn't have to spend that money if it didn't exist.

That's very different from the RIAA/MPAA/BSA numbers, which seem to make the ridiculous assumption that most of the people unlawfully using music or software would have gone out and bought it if they couldn't have gotten it for free. That's work of fiction (genre: fantasy) on their part. I'm sure file sharing has hurt sales of CDs and online music stores to some extent, but the main problem is that the big record companies just aren't making anything compelling. I don't do downloading, but I also haven't bought a major-label CD in about 10 years. Even on indepedent labels, it's been a few years since I've made a buy. I just don't see much compelling work out there.

All of my most recent CD purchases have been directly from the musicians themselves, who self-produced their work.

INFO

Thanks for it and the botnet tips: spy eye and zeus, gotcha!

How to kill bots

[turthalion]

You see, Killbots have a preset kill limit. Knowing their weakness, I sent wave after wave of my own men at them, until they reached their limit and shut down.

Bad analogy

[GameboyRMH]

Maybe it would be a good analogy if the trojan was programmed only to "spread" and then it decided to take out other trojans so that it could reach that goal.

The trojan is programmed, upon infection, to search for files with certain hashes (or whatever) and delete them. The decisions it made were far, far simpler with simple pre-programmed actions down to very minute details.

Humans are not programmed, for example, to put one foot in front of the other in a high-speed cycle in the direction of a gazelle and rotate the arm forward quickly while holding a spear and release it at a certain point in the throw calculated by the distance and angle to target and then to ambulate over to the corpse grab it with one hand and drag it back to the cave and beat your chest using an alternating reciprocating motion with both arms within sight of a reproductive female. You are programmed to survive and reproduce, those are just ways of going about it.

(I wanted to use a more up-to-date example, but holy shit, it is WAY more complicated these days!)

The intelligence of this trojan is comparable to a jellyfish, to be generous.

In Soviet Russia...

[d34dluk3]

Botnet hijack...other botnet!

Wipe'em out!

Botnets are the major attack vector for both infection and exploitation, so our best defense must be an offense to hit the bad guys where it hurts them the most: Destroy the botnets.

I know a lot of gutless security researches say that the criminals will retaliate and maybe even kill people. Well news flash hot shot! - The criminals have always killed the people getting in their way so that changes nothing. We just need to hit them hard enough so that they have nothing to retaliate with, both financially and otherwise.

It's actually very simple: Once a bot is activated to do something besides checking in with its C&C it reveals itself either by sending spam, participating in DDoS or similar. Once revealed it must be destroyed. As most are simple household PCs running unpatched versions of Windows, chances are there are still open exploitable holes as some bots close the avenue of infection behind them but where there's one hole, there's probably dozens of others. Attack the bot and infect it with a doomsday virus that wipes out the system and the bot is dead. Sure the stupid user might re-install and restore from backups but if the bot is reactivated the process is repeated. At some point the user will install proper patches and antivirus software (or a better operating system) or just give up and the problem is solved either way. It can be totally automated and where the bot cannot be taken down from the inside, it must be taken down from the outside. It is trivial to kick a Windows PC connected with a cable modem or ADSL off the net if you're on a backbone yourself.

Symantec needs to get a clue

[kupekhaize]

The youtube thing that Symantec put up really, really bothers me. Sure, they did a good job of blocking out the website they are going to, and trying to block other information from keeping script kiddies from accessing the same pages.

However, when you can watch them scroll through forums, and see usernames as unique as the ones that are present, all someone has to do is to throw the username into google, and immediately get the damn forums with the hacking toolkit. Quickly scrolling through that particular website, it seems several of the "toolkits" posted have been backdoored with some other virus or trojan, so even trying to build one means you get infected. Sure, anyone who tries to actually use that stuff is just going to wind up getting what they reserve, but even so, it bothers me.

I really, really wish companies would stop thinking they are "clever" and showing people how easy it is to access this crap in order to scare them into buying their magical products.

Re:In Soviet Russia...

[ppanon]

A better parallel is Internet Core Wars

The FBI

[hesaigo999ca]

Or course they would not the public know, but it would be nice if the only person doing this was the FBI themselves, in a hidden way to farm information, and also keep a handle on criminal activity, so starting as of now, I say we let the FBI come up with the best dang trojan, and let them battle it out with the rest of them, and I would willingly go back every once in a while to the FBI infect me site, to make sure to get reinfected with theirs and let theirs remove all the others...could you imagine if we all did that, the only person left to blame for the stolen money would be them...but that would be impossible to prove.

harris

[harrisandreson]

I have used a lot of Anti-viruses but they are just a garbage not more than else To protect PC from viruses is not a simple task. If this software is going to clean all viruses than i am going to purchase it. What you say guys.will it work? by flights to london