Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are Computer Crooks Renting Out Your PC?

Posted by samzenpus on from the let-me-see-that-a-minute dept.

An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"

21 of 208 comments (clear)

  1. Are Computer Crooks Renting Out Your PC? by WrongSizeGlass · · Score: 5, Funny

    No. I'm so busy surfing /. that I don't have any spare CPU cycles to rent out.

    1. Re:Are Computer Crooks Renting Out Your PC? by 1s44c · · Score: 3, Insightful

      Oh god, here come the douche bag linux comments. If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS. It ain't Windows' fault.

      Actually it is window's fault that it's insecure by design. Sure you can work around the problems but it's not 100% effective. Adobe also deserves some of the blame and their flash nightmare is more or less the same on all OS's.

    2. Re:Are Computer Crooks Renting Out Your PC? by Gordonjcp · · Score: 3, Interesting

      "Might want to use an alternate OS" because it's less bother to keep Linux secure than Windows?

      That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure? I'm sure there's a car analogy in there involving buying a Yugo with no doorlocks, or being given a Mercedes with central locking and an alarm already fitted, but I can't be bothered making it.

    3. Re:Are Computer Crooks Renting Out Your PC? by fuzzyfuzzyfungus · · Score: 4, Insightful

      Don't forget Adobe Reader. I've lost count of the number of Reader security advisories that apply to basically every OS they release binaries for. It isn't often you see news of an exploit vector for Solaris; but Adobe manages it.

    4. Re:Are Computer Crooks Renting Out Your PC? by PopeRatzo · · Score: 5, Funny

      Actually it is window's fault that it's insecure by design.

      It's not so much that Linux is necessarily more secure, just that the botnets can't get their software to run on it. Something about not having the right drivers, is what I heard.

      Yep, that's what I heard all right.

      Oh, take it easy...

      --
      You are welcome on my lawn.
    5. Re:Are Computer Crooks Renting Out Your PC? by John+Hasler · · Score: 3, Insightful

      Possible, but very, very unlikely. Attacking home Linux boxes just isn't cost-effective. There aren't enough of them. Sometimes security through obscurity actually works.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    6. Re:Are Computer Crooks Renting Out Your PC? by Threni · · Score: 4, Insightful

      Exactly. "Are Computer Crooks Renting Out Your Windows PC?" would be a better headline.

    7. Re:Are Computer Crooks Renting Out Your PC? by Anonymous Coward · · Score: 4, Insightful

      You forgot to mention that:
      Linux users have a better common sense then the rest.
      Linux users use legitimate repos when they install any software.

      I think the mac users fit in there as well, but with only linux and windows as experience, I really can't speak for them.

    8. Re:Are Computer Crooks Renting Out Your PC? by DarkOx · · Score: 4, Insightful

      Right on I am getting real tired of "I run X" where X is most of Linux therefor I am secure. That attitude alone tells me you are probably making big mistakes all over the place. Arrogance does that. Its true people writing those comments are probably safer than Joe Public with his OEM crap ware laden Windows XP installation, out of date virus defs, and default Windows firewall configuration, 3000 never applied updates waiting, and logged in as an Administrator, but that is pretty low bar to be above!

      I do IT security for a living, here is a hint. Whatever software you are using take steps we all read about, firewall, antivirus if that makes sense for your platform, don't elevate permissions when your don't have to, keep your box update, and after you have done all those things continuously check to make sure you are still doing them and above all use common sense at all times, always think before you click!

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    9. Re:Are Computer Crooks Renting Out Your PC? by CapOblivious2010 · · Score: 5, Insightful

      Linux users have a better common sense then the rest.

      True enough, but that doesn't say anything about the security of linux... it merely says that people who are smart enough to get linux to work for them are also smart enough (on average) to avoid all the crap that idiot windows users fall for.

    10. Re:Are Computer Crooks Renting Out Your PC? by Tablizer · · Score: 4, Informative

      That "Web 2.0" /. interface indeed is a CPU hog, full of polling JavaScript. Fortunately, they still allow the old-style as an option.

      --
      Table-ized A.I.
    11. Re:Are Computer Crooks Renting Out Your PC? by melikamp · · Score: 4, Insightful

      Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast.

      Wow. Do you realize that AV software is largely ineffective against new viruses? Here is a typical scenario out of my life: a friend wants me to fix a Windows PC infected with a virus. Sometimes the virus is apparently racing the AV, and sometimes the AV is disabled. But there is always AV. So what good is it? The only useful feature of an AV software is that there is a slight chance it will behave unusually after the machine is infected, and so alert a user of an intrusion sometime in the past (that is, of course, only if the virus is destructive or buggy).

      So on one hand you acknowledge that Windows is insecure by default, and should be secured. But to secure it, you want to install a piece of software that slows the computer down, while failing to prevent many viral infections.

      You also fail to address the biggest issue with securing Windows: it is theoretically impossible. Because the software is proprietary, it is insecure by any sensible definition. It is insecure for you as the user, although it is made to provide "security" for Microsoft. Not for any technical reason, but solely because of Microsoft's greed, you have a backdoor in your OS that only Microsoft (you hope) can use. Whatever other security holes there are, you propose to fix with other proprietary programs, each having its own backdoor.

      When Linux becomes a big enough target IT WILL BE PWNED.

      Linux kernel will be pwned? As in, once Linux reaches X% desktop share, all of the sudden a bunch of kernel exploits will be found? How? The value of a kernel exploit today, either local or remote, is already enormous. If they are already found at the rate they are introduced, then what does the popularity have to do with it?

      Or did you mean, Linux-based OSes will be owned? All of them at the same time? Or one in particular? And then which one? I am not surprised seeing Android in trouble: every android phone sold today is a proprietary platform, and the proprietors happen to be incompetent. This does not mean that we won't be able to install Debian or Slackware on a phone a few years from now and enjoy rock-solid security.

    12. Re:Are Computer Crooks Renting Out Your PC? by syousef · · Score: 3, Insightful

      ..FACT...Post Sp2 Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast. OOTB post Sp2 is easy to lock down and will NOT get infected simply by hooking to the net as ALL incoming all blocked BY DEFAULT.

      ..FACT.. Talk to ANYONE that actually repairs machines (such as myself) and we'll be happy to tell you that a good 90% of infections are INSTALLED BY THE USER. REPEAT nearly ALL INFECTIONS are INSTALLED BY THE USERS, with the other 10% divided between outdated Adobe products and using out of date browsers like IE 6. Why would they install bugs?

      I almost got pwned the other day through a driveby download googling some medical information. Using the latest Firefox browser. XPSP3 with updates. Latest flash and a slightly out of date version of Adobe reader - 9 (but it doesn't matter which version you use because they never fully fix it and there's always an exploit out in the wild that hasn't been fixed!) I certainly didn't click on any installers or even banner ads. So no it's not just user software. Microsoft Security Essentials is what prevented the virus from executing. Zonealarm would have kicked in next. But this drive by did manage to get past sever of my defenses. And windows firewall is no where near as good a solution as simply sticking a proper router in between for incoming AND a good software firewall for outgoing.

      Adding "FACT:" to the start of every paragraph is utterly lame and does not lend any authority at all to your post.

      --
      These posts express my own personal views, not those of my employer
    13. Re:Are Computer Crooks Renting Out Your PC? by Nerdfest · · Score: 3, Informative

      I actually have an RSS feed just for Adobe security updates. It's kind of sad.

  2. Are Computer Crooks Renting Out Your PC? by 1s44c · · Score: 5, Informative

    Are Computer Crooks Renting Out Your PC?

    No, I don't run windows and I set it up right.

  3. I knew it by fwarren · · Score: 5, Funny

    Windows Vista was not that bloated. Microsoft was just monetizing spare CPU cycles on the Russian Black Market.

    --
    vi + /etc over regedit any day of the week.
  4. Hospitals are no surprise by HangingChad · · Score: 4, Informative

    >Santiam Memorial Hospital in Stayton, Ore.

    I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!". Seriously, there were places I wanted to take a shower after leaving because their workstations were so riddled with spyware and trojans.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:Hospitals are no surprise by mjwx · · Score: 3, Interesting

      I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

      I provide tech support for a few local retail chains here, everything I've seen has made me _not_ want to use my CC anywhere. Senor POS terminals run Windows XP on Celeron Processors. Senor recommend turning off Windows update. Staff are typically too lazy to type in passwords so the default "senor" user is often left without a password. Access to USB simply requires you to open the access panel at the bottom (not even screwed into place)

      The EFTPOS system is a software client provided by the bank run on a Windows XP box out back which the staff use for general internet access. The client is SSL so it goes over the general internet.

      At least the Pronto system is relatively secure, running on AIX or Linux (prefer Linux, fewer things like backup clients run on AIX these days). of course the client wont update the software so I use the term "relatively secure".

      Of course the client in this case wont let us tighten security. Password everything, move the EFT client to headless machine, silicon up the USB ports, restrict internet access to 80,110 and 443.

      Sticking to cash, the AU banknote has more security measures built into it then Senor POS terminals.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  5. There are reasons for that... by damn_registrars · · Score: 5, Interesting

    Santiam Memorial Hospital in Stayton, Ore.

    I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

    That happens for several reasons:

    • The software they use as part of their work requires admin access (bad vendor programming)
    • The hardware they need to access requires admin access (more bad vendor programming)
    • They consider needing an additional password for admin function to be "too inconvenient" (bad user education)
    • They didn't need to do it when they used 3.x/NT/98/etc ... why should they need it now? (also bad user education)
    • They were told that their anti* software would protect them, even without ever updating it - or anything else (bad vendors meeting up with badly educated users)
    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:There are reasons for that... by dwarfsoft · · Score: 5, Informative

      Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

      After I re-trained the one guy who kept adding users into Local Admin on how to determine (regmon/filemon/procmon) which folders/files/regkeys needed additional permissions (and how to manage a local group for those settings) and he continued to do it, I was only too happy to remove his access to be able to change any security settings or add any users to any groups. Problem was solved.

      It wouldn't surprise me if far too many people in those Workstation Admin roles don't fully understand security, particularly in places like Hospitals where Doctors think they have the authority to tell everybody how things should be done.

      --
      Cheers, Chris
  6. Re:For the applications by sortius_nod · · Score: 3

    So you're saying you use Mac OS?