Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Russian Botnet Tries To Kill Rivals

Posted by CmdrTaco on from the there-can-be-only-one dept.

alphadogg writes "An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords. Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the FBI estimating last October that they have caused $100 million in losses."

17 of 136 comments (clear)

  1. Why is this news? by Anonymous Coward · · Score: 3, Insightful

    Trojans, worms and viruses have been eliminating rivals for a long time. It's all part of the strategy to avoid being detected. The slower a system gets and the more unwanted traffic it generates, the more likely it will be analyzed in depth, and that's not good for the bot net.

    Apparently we've decided to go the "natural" route in software security: Instead of making software which cannot be compromised, we do a "good enough" job with software quality and then fight infections with some kind of immune system. IMHO this is the root of the problem. Computers are not highly redundant systems like biological systems. We really ought to create software which is safe by design.

    1. Re:Why is this news? by Conchobair · · Score: 5, Insightful

      I think there is a guy that just goes around from article to article asking "Why is this news?" on each of them.

      If it was a local report about a murder, he'd show up and say "Why is this news? People have been getting murdered for several years now." Or if if was a report on a politicians speech, he'd say, "Why is this news? Politicians have been telling us lies for years and years now."

    2. Re:Why is this news? by Imrik · · Score: 3, Funny

      Why is this postworthy? People have been asking "Why is this news?" for years now.

    3. Re:Why is this news? by Opportunist · · Score: 3, Insightful

      Not possible.

      Why? Because the core problem with system security is no longer the technical side. Systems (yes, even Windows) are by now mostly secure. Of course, there's always the odd security hole and some even get used, but they don't represent the majority of entry points anymore, not by a longshot. Over 90% of the infections (source not available due to NDA) are due to what I endearingly call "user stupidity". See Dancing pigs problem of computer security for reference.

      That is something you can not sensibly protect against, no matter how you create your product, unless you do not allow the owner of a computer to execute code he wants to run. And that's something I would not agree with under any circumstances, since it would mean that someone else gets to dictate what I can and what I cannot do with a machine I bought and own.

      And I am fairly sure the majority of people here would easily identify the problem with that.

      OTOH, if people may do what they want with their machine you can NOT protect them against an infection. You can of course inform them whenever something wants undue privileges, but eventually they will be the ones deciding what privileges they want to grant. And it's easy to trick people into granting more privileges than necessary. People are used to mere games requiring administrator privileges in Windows. If for nothing else, then to install their DRM device drivers. Imagine they got some "crack" for Windows that claims to turn their copy into a fully registered, legal copy. Will they grant access to manipulate core system files, even if they are able to understand the information provided? Of course they will, because after all that's what the program promises.

      Now imagine Joe Randomuser with just enough clue to hit the right button on the machine to turn it on without blowing it up getting the information that Shlabberdup.exe wants access to the thingamajig privileges, allow or deny? Joe learned that usually it "does not work" if he says deny, so he says allow. Because he wants his pig to dance.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. XKCD was there first by thegameiam · · Score: 4, Insightful

    How long will it be until this is a reality?

    --
    Need Geek Rock? Try The Franchise!
    1. Re:XKCD was there first by jgtg32a · · Score: 4, Insightful

      Is it bad, that when someone posts an XKCD link I only click on it only to confirm that it was the one I though it was?

  3. Botnets fighting botnets... by Anonymous Coward · · Score: 3, Interesting

    Why isn't this kind of technology being used to fight botnets? Couldn't a program be released using virus-like means to disseminate itself, and try to eliminate malicious software wherever it finds it? Sort of like a distributed-computing project, with each peer actively trying to disseminate a "counter-virus"? Or "antibodies", if you will?

    1. Re:Botnets fighting botnets... by grapeape · · Score: 4, Informative

      The problem is ethics...both would concidered intruders even if one is of the White Hat variety. Unfortunately it seems impossible to find ethically against something unethical so instead we all just sit around and complain about it while the problem gets worse.

    2. Re:Botnets fighting botnets... by clone53421 · · Score: 3, Informative

      Because it’s illegal.

      People trying to do good generally won’t risk going to jail for it.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  4. It's evolution in action. by VShael · · Score: 3, Informative

    They are competing for resources (which may or may not be scarce) and one can now prey on the other.

    Either evolve a defence, or die out.

    (Oblig tag)
    That's evolution in a nutshell. Note that no one is claiming the programs spontaneously emerged into cyberspace. Evolution has nothing to say about the origin of life. Abiogenesis is not Evolution.

  5. Oh, you kids these days, with your Intartubes by Rogerborg · · Score: 3, Informative

    In my day, we called this stuff Core Wars, and we kept our viruses in jars and shook them to make them fight.

    --
    If you were blocking sigs, you wouldn't have to read this.
    1. Re:Oh, you kids these days, with your Intartubes by TheLink · · Score: 5, Funny

      If you write malware in Java you could keep them in jars too...

      --
  6. Re:Let the botnet wars begin! by poena.dare · · Score: 5, Funny

    "What could be better than botnets trying to destroy each other?"

    Well, on the surface it looks good, but before long they'll be collaborating and eventually they'll learn to mate and produce better offspring. Then we'll have to amend the Defense of Marriage Act to keep botnets from getting married and start enforcing Don't Ask Don't Tell for networks.

    It's amazing how many people don't know that SkyNet's parents were homosexual transvestite liberal russian hackers that smoked heavily and collected guns.

    dARIUS qUAN predicted all of this. We should have listened!

  7. As long as its not guns by ratboy666 · · Score: 4, Insightful

    I'll make some popcorn and we can all enjoy the show.

    But seriously, only 100M in losses?

    I don't have the figures at hand, but "McAfee forecasts $1.8 billion in revenue for 2009". I would put the cost of the extra security in; the US did that when prosecuting Gary McKinnon, so there appears to be precedent.

    --
    Just another "Cubible(sic) Joe" 2 17 3061
  8. Re:In Soviet Russia... by conspirator57 · · Score: 3, Funny

    Spy Vs. Spy!

    --
    "If still these truths be held to be
    Self evident."
    -Edna St. Vincent Millay
  9. So It's an AI? by Doc+Ruby · · Score: 3, Funny

    An upstart Trojan horse program has decided

    The news that a botnet is killing its rivals is nowhere near as disturbing as the news that it's decided to kill its rivals.

    --

    --
    make install -not war

    1. Re:So It's an AI? by clone53421 · · Score: 5, Funny

      And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring...

      I am?

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.