Are Computer Crooks Renting Out Your PC?

An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"

Are Computer Crooks Renting Out Your PC?

[WrongSizeGlass]

No. I'm so busy surfing /. that I don't have any spare CPU cycles to rent out.

Re:Are Computer Crooks Renting Out Your PC?

[PopeRatzo]

Actually it is window's fault that it's insecure by design.

It's not so much that Linux is necessarily more secure, just that the botnets can't get their software to run on it. Something about not having the right drivers, is what I heard.

Yep, that's what I heard all right.

Oh, take it easy...

Re:Are Computer Crooks Renting Out Your PC?

[CapOblivious2010]

Linux users have a better common sense then the rest.

True enough, but that doesn't say anything about the security of linux... it merely says that people who are smart enough to get linux to work for them are also smart enough (on average) to avoid all the crap that idiot windows users fall for.

Are Computer Crooks Renting Out Your PC?

[1s44c]

Are Computer Crooks Renting Out Your PC?

No, I don't run windows and I set it up right.

I knew it

[fwarren]

Windows Vista was not that bloated. Microsoft was just monetizing spare CPU cycles on the Russian Black Market.

There are reasons for that...

[damn_registrars]

Santiam Memorial Hospital in Stayton, Ore.

I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

That happens for several reasons:

• The software they use as part of their work requires admin access (bad vendor programming)
• The hardware they need to access requires admin access (more bad vendor programming)
• They consider needing an additional password for admin function to be "too inconvenient" (bad user education)
• They didn't need to do it when they used 3.x/NT/98/etc ... why should they need it now? (also bad user education)
• They were told that their anti* software would protect them, even without ever updating it - or anything else (bad vendors meeting up with badly educated users)

Re:There are reasons for that...

[dwarfsoft]

Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

After I re-trained the one guy who kept adding users into Local Admin on how to determine (regmon/filemon/procmon) which folders/files/regkeys needed additional permissions (and how to manage a local group for those settings) and he continued to do it, I was only too happy to remove his access to be able to change any security settings or add any users to any groups. Problem was solved.

It wouldn't surprise me if far too many people in those Workstation Admin roles don't fully understand security, particularly in places like Hospitals where Doctors think they have the authority to tell everybody how things should be done.