Are Computer Crooks Renting Out Your PC?

An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"

Re:Are Computer Crooks Renting Out Your PC?

[hairyfeet]

Now that the Linux FUD patrol have weighed in (hows that 6 year old X Server bug? Figure out how to make drivers run past a single update yet?) allow the ministry of truth to relay the facts.

..FACT...Post Sp2 Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast. OOTB post Sp2 is easy to lock down and will NOT get infected simply by hooking to the net as ALL incoming all blocked BY DEFAULT.

..FACT.. Talk to ANYONE that actually repairs machines (such as myself) and we'll be happy to tell you that a good 90% of infections are INSTALLED BY THE USER. REPEAT nearly ALL INFECTIONS are INSTALLED BY THE USERS, with the other 10% divided between outdated Adobe products and using out of date browsers like IE 6. Why would they install bugs? Two words: SOCIAL ENGINEERING that's why. One of the new bugs I'm sure this bunch is using is the "New limewire" installer, which punches a huge hole in security and sets up a proxy so they can MITM anything coming from that machine. "But Limewire is dead!" you say, true but the users don't know that so the "new" limewire simply drops them on gnutella while pwning the box.

..FACT...Linux without IT personnel IS WORTHLESS. These infections are being done primarily in the SOHO, consumer, and SMB markets where there is NO or lax IT personnel. These users WILL NOT in no particular order...learn BASH, learn CLI, trawl forums for fixes when the update shit all over the drivers, play hardware roulette trying to figure out what works and what don't, hell I could go on all day. Your "solution" may as well be "give them a fab and make them build their own box! Then they'll know what is going on with their systems!" While this is true you have better odds of winning the lotto than getting the masses to go along.

..FACT...When Linux becomes a big enough target IT WILL BE PWNED. See the current rounds of bugs going through Android, or the "KDE Look Screeensaver Trojan" for examples. Windows malware thrives on uneducated users will to install dodgy shit. Lots of uneducated users willing to install dodgy shit on Linux? Here comes the malware. Right now the users of Linux at least attempt to educate themselves and don't go around installing dodgy shit off of Freshmeat. if that situation changes? Welcome to the jungle, we got fun and games.

So your entire argument is based around several fallacies. One that an uneducated user of Windows, which is the ones that get pwned, will suddenly be willing to learn your PITA Linux dance and become an educated Linux user. if that were true they'd quit installing dodgy shit and wouldn't have that problem in Windows either. Two that the bugs are magically knocked down the doors and installing themselves, when it is the users inviting them in and offering them coffee. See the fake AVs, the fake Limewire, and the "watch the hot pron, just install this codec.exe now!" for examples. if Linux users were willing to install dodgy shit like that, don't think someone would be writing it? Think again.

The funny part is you WILL NEVER ask yourself this econ 101 question "What am I doing wrong, that my competitors are doing right?" (hint it is NOT a conspiracy) because when your product costs $0 and the competition has a starting price of $100 and $700 respectively, and they are royally kicking your ass? something is rotten in Denmark.

I could point out it is because your driver model is a drawing of a turd with "fix it yourself LOL!" written underneath, that no B&M like myself will touch it because you can't allow updates without half the drivers shitting themselves, tying software to the kernel rev is fucking idiotic, hell I could go on all day but why bother? You'll just keeping munching that shit sandwich OF FREEDOM while telling everyone one complete lie after another, thinking they'll buy your bullshit. Hell go to Linux TM repos and see every single argument any FOSS zealot will use to rebut me, from "ItWorksForMe (TM)" to "StableABINonsense(TM)" because t