Slashdot Mirror

← Back to Stories (view on slashdot.org)

New ZeuS Botnet No Longer Needs Central Command Servers

Posted by timothy on from the andromeda-strain dept.

c0mpliant writes "Researchers at Symantec have identified a new variant of the ZeuS botnet which no longer requires a Command and Control server. The new variant uses a P2P system, which means that each bot acts like a C&C server, but none of them really are. The effect of which is that takedowns of such a network will be extremely difficult because there is no one central source to attack."

137 comments

  1. They still need a C&C by Hentes · · Score: 0

    If you want to actually control the botnet, you do need a C&C. What this setup might achieve is the obfuscation of the command flow so the C&C is much harder to identify.

    1. Re:They still need a C&C by Anonymous Coward · · Score: 1

      Don't confuse logic with sensationalism. "Security journalists" understand computers about as well as the average Facebook user.

    2. Re:They still need a C&C by neokushan · · Score: 5, Informative

      If my understanding is correct, the entire Zeus network now communicates amongst itself. There's no intermediate sites, IRC channels, twitter accounts, etc.
      This also means that any infected machine can act as the C&C. If that machine gets taken down, all the zeus authors need to do is use another node and keep going. It'll be extremely difficult to trace where the commands are genuinely coming from unless they happen to have access to the C&C server that originally sent the command, then hope that some sort of trail has been left - not an easy task, really

      --
      +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    3. Re:They still need a C&C by errandum · · Score: 2

      Fasttrack (Kazaa) or skype are not tied down to one server. The only centralized source in those, I believe, it's the log in... But I don't think these require that.

      On the other hand, spreading information through the network could be slow, making it less efficient.

      The only way the RIAA stopped kazaa was by exploiting their checksum algorithm to difuse bogus info. But I don't think that is an option. On the other hand, it should be possible for anyone to give orders to this botnet if they know the "key" to order them around... But if done right, that should be impossible.(or highly improbable)

    4. Re:They still need a C&C by errandum · · Score: 1

      Oh, and before you answer, not that it mentions a C&C server, there is no need for a server in this - just someone with a computer and the right access.

    5. Re:They still need a C&C by AlexBirch · · Score: 1

      The question is how easily will the ZeuS botnet be hijacked by someone else?

    6. Re:They still need a C&C by errandum · · Score: 2

      Most likely depends on the key scheme they used and how they "protect" it. But standard public key encryption schemes should give anyone a run for their money for a few years...

    7. Re:They still need a C&C by errandum · · Score: 2

      The article is not wrong. There is no need for a C&C server, which doesn't mean there aren't people with computers controlling it...

    8. Re:They still need a C&C by errandum · · Score: 3, Interesting

      I think it's worse than that. If it works with the scheme fasttrack (for example) uses, you'd need to get the people behind the computer to actually kill it. Even if they get the original machine, they can just switch places and keep going (since there is no single point of failure, from what I read).

    9. Re:They still need a C&C by Hentes · · Score: 2

      True, but unlike a p2p network a botnet has to be directed. If the network were truly decentralized, any machine could command it, thus anyone could steal it. My guess is that in order to prevent hijacking the commands are signed by the C&C, and then distributed through the network. This way, the origin of the commands becomes very hard to trace, but this method also introduces some vulnerabilities. For example, as each infected machine connects to a number of other ones, getting a list of infected machines would be fairly easy. You just need to deliberately infect a honeypot, and you can already detect a lot of infected machines. So it might be more effective to change tactics and try to remove the infection instead of targetting the head.

    10. Re:They still need a C&C by Skapare · · Score: 1

      Probably ANY machine that sends a C&C message ... which is properly signed ... can control it. Instead of the botnet "phoning home", the C&C has to find them. They could probably be spraying their scent around at random, and C&C messages sprayed at random are likely to find an eventual target.

      --
      now we need to go OSS in diesel cars
    11. Re:They still need a C&C by Ramin_HAL9001 · · Score: 4, Interesting

      But on the other hand, you still need to issue commands to the C&C. If you can figure out the communication protocol used to assign C&C powers to a node, then security researchers can easily toss-out the command to become a C&C to all nodes and then sink-hole it.

      Further, I am not aware of any way to encrypt communications between the botnet's controllers and the botnet's nodes because every node will need to have the private key to decrypt incoming communications. So anyone can analyze a node and just pick out the private key, and then start issuing commands to it as though they were the operators. It just adds bulk to the botnet code, and doesn't prevent anyone from sink-holing it.

      I think the real difficulty is simply containment. If the virus is designed to spread as rapidly as possible, then you need to spend a lot of time finding nodes and taking control of them to shut them down. I think the designers of ZueS are counting on that, and hope sheer numbers will be better than more precise control.

    12. Re:They still need a C&C by jonamous++ · · Score: 3, Insightful

      What if the commands need to be signed?

    13. Re:They still need a C&C by Anonymous Coward · · Score: 1

      While we're on the topic, don't confuse malware writers with "security experts". Security experts understand security about as well as Symantec.

    14. Re:They still need a C&C by errandum · · Score: 2

      But knowing the infected machines was never the problem. Spamm e-mail brings with it the address... But you can't really go knocking down doors forcing people to scan their computers. That's why the black holes were designed, you wouldn't invade anyone's privacy but at the same time take them down.

      Now, either the ISP's start disconnecting people that are infected, or you seem to stand no chance against it. But I believe new legislation will have to be drafted if we are to start disconnecting people off the internet for virus infections...

    15. Re:They still need a C&C by Kjella · · Score: 5, Insightful

      You're still thinking in terms of a C&C, when it doesn't apply anymore. Think of it more like a contagion, there's no "C&C" humans only people in contact with other people in contact with yet more people. There is no command to become a C&C. Commands are encrypted but also signed by the operators and nodes only have the public key to that so you can't fake one. They can just introduce a command anywhere, to any node and it'll relay it to its peers, that'll relay it to it's peers again amd so on until everyone got the command. You probably use a unique ID to avoid loops, like command 0xfe36735b I've already relayed, no need to relay it again.

      --
      Live today, because you never know what tomorrow brings
    16. Re:They still need a C&C by Ramin_HAL9001 · · Score: 0

      If the signatures need to be verified by a signature authority controlled by the attackers, it would be much easier to find out who is issuing the commands, just trace all communications back to the signature authority. And a communication to the signature authority would happen every time a command message needs to be verified by one of the nodes.

      Otherwise, the commands must be self-signed, so an ordinary man-in-the-middle attack on any one the nodes could reveal the signature to you. You could do it as soon as you are able to capture a signed command message to any one of the nodes, which are probably broadcast like chunks of a bit torrent -- if so, then these messages are pretty easy to find once you have enough nodes because the signed command message will be replicated so often. Then, just decrypt the signature with the private key you extracted from one of the nodes, and start issuing your own self-signed command messages.

      But I have never done anything like that before, it is probably much more difficult than I am making it sound.

    17. Re:They still need a C&C by errandum · · Score: 1

      You can simply send the public key in order to verify a signature by a private key. And there are ways to negotiate a secure exchange using only that. If they did things right, this thing is unstoppable unless ISP's get in on the action by disconnecting the infected nodes.

    18. Re:They still need a C&C by Wierdy1024 · · Score: 4, Insightful

      I'm not sure about your comments re: keys.

      It seems relatively easy to design a botnet to be peer to peer and yet not able to be taken over by a rogue node. Consider a P2P overlay network where each node plays "chineese whispers" and forwards any packet to all neighbours (with some TTL limit).

      The botnet owner creates a public private keypair, and uses his private key to sign control messages. Each host takes each incoming packet and checks if it is signed by the botnet-owner, which requires the public key of the botnet owner, and is built into the code. If someone reverse engineers a node, all they have is the public key, so can't sign messages (since signing requires a private key).

      An attacker could still DoS this network with unsigned Control messages, but that can easily be thwarted by:
      a) never forward any unsigned message
      b) forward signed messages only if it's version number is higher than the last forwarded message.

      To hide himself and operate the network, the botnet owner can use TOR or some other anonymising service to connect randomly to any node in the network (rather like utorrent DHT does), and send a signed control message with a version number higher than any seen before by the network.

    19. Re:They still need a C&C by Wierdy1024 · · Score: 2

      By the way, I think you were mixing up encryption with authentication. You are right that the control messages can't be encrypted, since they must be able to be decrypted by any node in the network, and hence security researchers have access to whatever key they are encrypted with, and can also decrypt them.

      They can however be signed (authenticated) to prevent anyone but the real botnet owner from sending them.

      (note, all of this is assuming assymetric (eg. RSA) cryptography - where one key is used for encryption, and another for decryption, or equally one key for signing, and another for validating)

    20. Re:They still need a C&C by Anonymous Coward · · Score: 0

      When you think about it that's pretty sick. Whoever is behind that is one pretty smart dude. How much longer before we see imitators I wonder? Shoehornjob

    21. Re:They still need a C&C by irtza · · Score: 5, Insightful

      There is no need for a private key for the signature nor the need for a signature authority. If I were to give you a public key and I sent you a signed message, you could verify the message came from me as long as my private key was hidden from a third party.

      This setup still requries C&C software, but as long as the C&C software is not distributed, each node can not initiate a command, but can propogate an already signed one. There would need to be a program that can insert a new signed command, but that need not be on every node. It would be much like gnutella - maintain a list of nodes to connect to and if you get in, you isue your command - disconnect from the network and you can reconnect at will from another IP address.

      --
      When all else fails, try.
    22. Re:They still need a C&C by testostertwo · · Score: 1

      Indeed. Furthermore, I look forward to the version that is able to make use of trusted computing architecture to get remote attestation that what it is talking to is an untampered-with bot. That should be an interesting day.

    23. Re:They still need a C&C by pinkeen · · Score: 1

      Actually, I don't think so, because the "Master C&C" can change constantly and still maintain the connectivity.

    24. Re:They still need a C&C by FatdogHaiku · · Score: 2

      The article is not wrong. There is no need for a C&C server, which doesn't mean there aren't people with computers controlling it...

      Exactly. They can put instructions out on the P2P network and it will just look like another infected machine "sharing" with it's brother bots.

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    25. Re:They still need a C&C by jonwil · · Score: 2

      If they were smart, they would have used public key cryptography to ensure that only commands signed by the bot-net author will be accepted. Assuming the RSA key is strong enough, it would be impossible for anyone else to send commands short of an as-yet-unknown weakness in RSA or a bug in the bot-net code.

    26. Re:They still need a C&C by wer32r · · Score: 1

      Further, I am not aware of any way to encrypt communications between the botnet's controllers and the botnet's nodes because every node will need to have the private key to decrypt incoming communications. So anyone can analyze a node and just pick out the private key, and then start issuing commands to it as though they were the operators.

      The botnet nodes/controllers would theoretically only need the public key of the person supplying the commands. If the commands are issued with a unique, verifiable sequence number (i.e. concatenated with the node's id), it would be practically impossible to issue false commands.

    27. Re:They still need a C&C by wer32r · · Score: 1

      ...given that the message itself is signed with the person issuing the command's private key. (forgot to add to parent)

    28. Re:They still need a C&C by Tom · · Score: 1

      I'm still studying the details, but either by now or by the next iteration, you can strike the term "C&C" from your vocabulary.

      Basically, if you used signed commands, the humans controlling the network can inject their commands anywhere and it'll simply spread through the network.

      --
      Assorted stuff I do sometimes: Lemuria.org
    29. Re:They still need a C&C by 1s44c · · Score: 1

      You seem to be missing the fact that the nodes don't all need the same keypair, each node can generate it's own keypair like every other bit of software which uses private key encryption.

    30. Re:They still need a C&C by 1s44c · · Score: 2

      That's not a serious answer. 'Faster than before' is meaningless in practical terms when the time to crack is going down from twenty times the life of the universe to five times.

    31. Re:They still need a C&C by 1s44c · · Score: 1

      You really are not thinking in peer2peer terms. It's not peer to peer if there is any central authority, and there is no need for one anyway.

    32. Re:They still need a C&C by Lennie · · Score: 1

      "signature authority" How do you trace that ? It would be similair to a selfsigned certificate used with HTTPS.

      The public key is obviously part of the software, you can't man-in-the-middle that. Why would there be a private key in the bot software ?

      The issuer of the commands just connect to one of the nodes in the P2P-network and creates a command and signs his/her command.

      It is much more likely they made an implementation mistake though, that is usually how these things get cleaned up.

      --
      New things are always on the horizon
    33. Re:They still need a C&C by Lennie · · Score: 1

      They could still use Diffie Hellman key exchange to bootstrap the encryption. You might be able to decrypt the traffic to/from a node that you have control over, but you won't be able to see the traffic between other nodes.

      --
      New things are always on the horizon
    34. Re:They still need a C&C by MacGyver2210 · · Score: 1

      I don't know about this.

      It seems like "Campaign Contribution" is the command to become a Human C&C.

      --
      If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
    35. Re:They still need a C&C by mycroft16 · · Score: 2

      So, would they be able to monitor the traffic and watch for new commands spreading and track the route those are coming from to find the computer that the new C&C stuff is flowing from? Seems like it would be hella difficult and time consuming, but possible.

    36. Re:They still need a C&C by DarkOx · · Score: 1

      Wrong -- the way to do is every node has the public key. The owners keep the private key. The nodes pass instructions around the network. Any node can submit an instruction to the network so the owners can use any node. Each node verifies the instruction is legit by the fact that it decrypts with the public key. Ideally the owners would just many different nodes to place new instructions on the network; that would help prevent security people from finding the source so easily. Another feature would be propagating messages that don't decrypt as well, treat them as noops; but pass them along anyway so people can't redially identify central distribution points by just analyzing network traffic. Nodes would at random but infrequent intervals introduce fuzz messages of that sort onto the network.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    37. Re:They still need a C&C by Anonymous Coward · · Score: 1

      if you don't know what you're talking about, why talk?

    38. Re:They still need a C&C by DarkOx · · Score: 2

      The answer is people need to be held accountable for their machines. The Internet is a public good just like roads. We don't let you operate an unsafe vehicle on our public roads, you can't operate an unsafe computer on our Internet.

      If you machine is spamming or propagating malware yes your access should be terminated until you fix it. Just because someone else may have done the damage by infecting your box does not mean you are not still obligated to fix the problem, just like if someone smashes your head lights while you car is parked some place YOU still have to fix them.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    39. Re:They still need a C&C by pmontra · · Score: 1

      ZeuS became self aware on February 25, 2012. That's what they'll teach. Are they sending terminators back in time to try winning the war?

    40. Re:They still need a C&C by errandum · · Score: 1

      Yep, I was about to hit you on that :P

    41. Re:They still need a C&C by cavreader · · Score: 1

      "If they were smart"
      I think the designers who created the bot have already shown how smart they are. These guys are also continually trying to improve their bot designs based on the number of computer systems they have successfully penetrated and the feedback they get back from those who detected it.
      The real question is can someone design a bot that nobody can detect until after it has already infected millions of machines? There is a already a window of time between detection and creating counter measures. The harder it is to detect and create countermeasures the more time for the bot to work. It's also got to the point where those tasked with fighting these types of attacks have a hard time figuring out a solution that will not adversely impact any other legitimate programs. Just the regression testing must be a bitch.

    42. Re:They still need a C&C by symbolset · · Score: 1

      They've been at this for quite a few years and have gotten very good at it.

      --
      Help stamp out iliturcy.
    43. Re:They still need a C&C by symbolset · · Score: 1

      ZeuS only runs on Windows. This problem will solve itself.

      --
      Help stamp out iliturcy.
    44. Re:They still need a C&C by neonKow · · Score: 1

      This would be a good system if we could GET to that point where we're not taking down 30% of machines because they're infected by malware, but given our current situation, I think the biggest problem is not how we maintain a safer internet, but how we can clean up all those dirty machines in the first place.

      You need a decent amount of technical expertise to secure machines and keep them secure. Unlike cars, the default configuration of computers is bad, there is no cheap way to maintain their security except to do it yourself, and it's hard to tell the difference between an unsafe computer and a safe one quickly.

      In addition, most people can't even tell what behaviors break their computers.

    45. Re:They still need a C&C by neonKow · · Score: 1

      That seems completely unlikely. That would require their software to be signed. The whole point of trusted computing (well, at least one of the points) is that random rogue players can't release "trusted" software.

    46. Re:They still need a C&C by CxDoo · · Score: 2

      I get the p2p part, encryption & so on, but how does one peer find out where are the others?

      --
      "Blah blah blah." - [citation needed]
    47. Re:They still need a C&C by Anonymous Coward · · Score: 0

      A proper node has its own private/public key pair that is sent to the botnet owner. After that the real math starts.

    48. Re:They still need a C&C by ahaveland · · Score: 1

      I suppose they can use a dns query to a number of short lived and deterministic domain names active for the day (though this can be defeated using superhuman efforts to preregister or block creation of those domains, if known), or query any number of bulletin boards containing encoded messages in various places. Querying BBSs is probably safer as http or https traffic blends into general traffic very well, given that users use of the web isn't unusual! It may even use google searches known to return 1 result.

      The possibilities are endless, and it probably uses many methods of picking up instructions and peer lists.

    49. Re:They still need a C&C by ahaveland · · Score: 1

      If one could actually get the key, then all someone would need to do is sign a command using a serial number of MAXINT, and the botnet would be toast...
      I would be very surprised if they hadn't thought of that already.

    50. Re:They still need a C&C by garaged · · Score: 1

      A very simple and secure design is simply make nodes share their public key on first connection, that way you need to get into all nodes to decrypt traffic and trace origin. Every host-host communication uses a single pair of keys, so you cannot really know what other two hosts shared until you get into them and get their keys.

      That's pretty much how SSH works, and it does the job pretty well

      --
      I'm positive, don't belive me look at my karma
    51. Re:They still need a C&C by Wierdy1024 · · Score: 2

      indeed, but if someone could get the key they could sign a message saying "uninstall yourself".

      The security of the system relies in the bot-maker never revealing his private key. HTTPS security relies on having secure private keys in the same way, and that works...

    52. Re:They still need a C&C by currently_awake · · Score: 1

      If ANY node can take control then we can shut down the whole network from a single node. Everything you need to know is available on any single node.

    53. Re:They still need a C&C by Anonymous Coward · · Score: 2, Insightful

      If the signatures need to be verified by a signature authority controlled by the attackers

      Red Flag 1: You don't know how Public Key Cryptography works.

      There is nothing magical about Certificate Authorities like Verisign. All they do is generate a random N-bit public/private key pair that meets certain mathematical rules (must be prime) then stick it inside a certificate (X.509 standard) then sign that certificate using the Verisign private key. How do people know what the Verisign public key is? The key is built-in to Windows, Firefox, Chrome, etc. All these programs have nothing more than a
      const unsigned char verisign_public_key[] = { /* key bytes */ };
      (Exact format differs, usually Verisign's self-signed X.509 will be stored in the out-of-the-box key store but there's nothing magical about that)

      Otherwise, the commands must be self-signed, so an ordinary man-in-the-middle attack on any one the nodes could reveal the signature to you.

      Red Flag 2: You don't know how cryptographically secure communication protocols work.

      You've clearly picked up some vague knowledge about SSL/TLS and have bluntly assumed that every encrypted protocol works the same way. Hint: They don't. The command protocol in question is most likely going to function like (if not actually is) SSH, if you have the public key stored locally (See verisign key above) inside the botnet software and you have the private key on the C&C system so that it never touches the network then there is no MITM possibility. Hell, you don't even need to encrypt really, just signing is good enough.

      MITMs exist because SSL sends the public key across the network from the server, if someone intercepts the key transfer then they can insert their own key instead. If the key isn't sent then it can't be intercepted (see laws of physics), there is nothing magical about it.

      But I have never done anything like that before, it is probably much more difficult than I am making it sound.

      As the other AC said, if you don't know anything about the relevant field then don't try to speak as though you have any sort of authority. Buy yourself a copy of Bruce Schneier's 'Applied Cryptography' before you try to do anything related to cryptography in future, it'll save you and your users from a world of hurt.

    54. Re:They still need a C&C by spongman · · Score: 1

      ZeuS only runs on Windows

      a computer on every desktop, and in every home... running skynet.

    55. Re:They still need a C&C by Anonymous Coward · · Score: 1

      I suppose they can use a dns query to a number of short lived and deterministic domain names active for the day (though this can be defeated using superhuman efforts to preregister or block creation of those domains, if known), or query any number of bulletin boards containing encoded messages in various places. Querying BBSs is probably safer as http or https traffic blends into general traffic very well, given that users use of the web isn't unusual! It may even use google searches known to return 1 result.

      You're over and under thinking at the same time. The entire point, according to TFS, was to eliminate querying twitter and random websites, etc (those are central points of failure).

      The simple solution is that the botnet infects more computers to add them to the botnet, when the botnet node uploads the infection to a new node, why can't the attacking node just include its own list of known peers? Once you have a list of peers, as long as at least one of them works, you can just issue a PEERJOIN to add yourself and retrieve a list of up to date neighbours from the overlay.

    56. Re:They still need a C&C by neokushan · · Score: 1

      Nope. Well, not necessarily - I can't say I know the ins and outs of the ZeuS network but for a system like this, they'll likely sign commands so that only the author can submit them. Sure, you know how to send commands to all the nodes, but without the private signature key, there's no way to send commands they'll accept. And the private key will never be stored on the C&C node that sent the command.

      --
      +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    57. Re:They still need a C&C by Anonymous Coward · · Score: 0

      As the sibling already pointed out, the entire security of the botnet relies on the private key remaining secret. One way to make this easier would be to have multiple private keys and require commands to be signed with all of them, and keep those keys separate.

  2. Logical evolution by gweihir · · Score: 1

    The scary thing is that they are about a decade behind with this step. This is just a logical evolution they likely found in the literature and implemented because the conventional way did not work very well. Of course this just means the the C&C control flow is obscured with techniques from anonymity technology.

      It is time for some more drastic legal measures, like punishing operators and makers of insecure software and systems.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Logical evolution by segin · · Score: 2

      That would punish me for running Mac OS X 10.3.9 on my iMac G3. Why should the law require me to use Linux? Hell, with some of the legal suggestions floating around on here, it would be illegal for me to use this machine for anything at all, due to an low watt-per-FLOP ratio.

      Slashdotters are killing my childhood, not 4chan.

    2. Re:Logical evolution by Skapare · · Score: 1

      I was not aware that Mac OS X 10.3.9 running on iMac G3 was vulnerable to botnets. But if it is, then you need to take that up with the maker who left you vulnerable to these legal liabilities. If you buy a car with no brakes and drive it out on the highway and crash into someone else, YOU are at least equally liable. Drivers on the road have the responsibility assigned by law to be sure they are operating a safe vehicle. Operating an unsafe computer on the internet should be just as much a responsibility.

      --
      now we need to go OSS in diesel cars
    3. Re:Logical evolution by Skapare · · Score: 0

      If there is nothing Microsoft can do (which I actually very seriously doubt), then no one should be using it. If a car manufacturer regularly made cars with brakes that did not work, people should not use those because they would typically lead to accidents that harm others, for which the driver has first and equal liability, under law. Same should go for a computer. Just because the maker doesn't know how to make it work right is not a valid excuse (it is a valid case for the buyer to sue the maker, if they claimed it would work).

      --
      now we need to go OSS in diesel cars
    4. Re:Logical evolution by Anonymous Coward · · Score: 2, Insightful

      Insecure is relative. Computers and systems have the same problems as the security of a country. You are calling for a TSA like approach for software and systems. The only 100% secure device is one with no human interface device, no ports to allow new data (no net, USB, CD-rom, etc.) and maybe not even a power cord.

      The most popular systems will have the most viruses written for them. Look at Windows. Now look at the reports of Apple OS viruses popping up as that system was becoming more popular. If everyone surged to Linux there would be a surge of viruses there too.

      Then you get into the operators. Not everyone can be trained to be 100% knowledgeable in every up or downside on the net. The only system that would work is some type of licensing like with cars. Oh wait, we have idiots who talk, text, eat, put make up on, drive drunk, and all that already with that program.

      Then you run the risk of having only official and approved operating systems. And FDA of sorts for computer systems...

      *pauses* Are you trolling? I mean, you are effectively asking for a series of laws that would not just put us on the road to a "Right to Read" future, but hang up the street signs and lighting as well.

    5. Re:Logical evolution by segin · · Score: 2

      If I interpret your remarks correctly, you're suggesting I should unplug (or heavily firewall, even more so than the NAT I use today) my iMac because Apple no longer pushes security updates for it, or be or else be criminally liable.

      Those laws are ideal, but would never be enforced anyways. What police officer wants to spend hours at a time checking the versions of each and every installed software application to verify that a machine is "secure"? And how many of the 245 million Internet users in the United States are going to constantly check the vulnerability disclosure lists to know when to uninstall/upgrade software to maintain compliance? I suppose it would mean a return to 1974's small ARPANET with a few thousand users across the nation.

    6. Re:Logical evolution by gweihir · · Score: 1

      Nobody requires 100% security. That is just stupid. But systems that can be automatically hacked and easily enough to make large bot-nets a reality are just a disgrace. These systems are so easy to hack, it does not even require intelligence and that is what needs to change. Without laws to enforce that change, vendors like Microsoft will always only deliver the worst quality they can still get away with, and that is pretty bad. Software with reasonable security level would require attackers to invest years of work for automated hacking tools to be workable. They would probably not invest that much time. And it would be relatively easy to patch the software afterwards to make al that work worthless. Not so today: Hacking these systems is easy and they stay vulnerable. Bot-bets are only possible because security is abysmally bad and it is time to change that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Logical evolution by gweihir · · Score: 1

      I like your analogy.

      But I do think that MS could do far, far better, but that would cost money and they have a near monopoly anyways and they are not liable for any damage their insecure systems cause, so why bother?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:Logical evolution by gweihir · · Score: 1

      That tired old argument has been shown to be invalid a long time ago. And Win7 is more secure. They just moved up from ridiculous security to bad security. They could do much, much better, but there is zero motivation for them to do so.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    9. Re:Logical evolution by Anonymous Coward · · Score: 3, Insightful

      Popularity only means attractive target. Vulnerable is not related to popular except that it also makes the target more attractive.

      The gold in Fort Knox is attractive. However, the security of Fort Knox is so unattractive that it offsets the attraction the gold has to would be thieves. The result? Crooks knock off small banks instead. The money is only attractive if it's reasonably easy enough to get.

      Microsoft's market share on the desktop has not changed in a significant way. Yet, most agree that Windows has become more secure despite the fact that we've been told by idiots like you that it was impossible because of their market share lead.

      Installing AV and security products doesn't effect OS market share either but most agree that it improves security. Again, market share is just a small part of of the equation.

      Adobe's Flash and PDF viewer were very widely deployed and have never been secure, ever. They were largely ignored up until Microsoft started making their browser and OS more secure. At that point we saw malware shift to Adobe products. They didn't suddenly become more popular back at the end of 2009 when researchers projected Flash and Reader the new attack vector of choice. The MS vulnerability well was drying up. It wasn't a shift in market share. It was a shift in security. MS got some and Adobe didn't.

      Considering the rapid growth of Chrome, why aren't security researchers saying it's the next big attack vector? It certainly has experienced a "surge" in popularity.

    10. Re:Logical evolution by Rockoon · · Score: 2

      What people like you do not seem to remember (or maybe you are too young?) is that before Windows had a TCP/IP stack, even before Trumpet Winsock, that Unix and VMS systems were notoriously exploited. Check the history of CERT advisory listings and its nothing but Unix and VMS systems being exploited until a phase change occurred when Windows PC's began to so overwhelmingly dominate the internet.

      History proves it. Some of the folks here born before 1975 know this to be true, because we were the ones breaking into Unix and VMS systems because back then. The majority of the internet was Unix so that was what was targeted. Now the majority of the internet is Windows and that is again what is targeted.. and now the owners of these systems are far less sophisticated.

      --
      "His name was James Damore."
    11. Re:Logical evolution by DarkOx · · Score: 1

      If I interpret your remarks correctly, you're suggesting I should unplug (or heavily firewall, even more so than the NAT I use today) my iMac because Apple no longer pushes security updates for it, or be or else be criminally liable.

      Criminally liable no but it should be against the civil code just equipment violations on a motor vehicle are. Firewall, patch, replace the equipment, disable vulnerable services, fix the problem however you like; but you are not entitled to degrade the public network. If you are found to be than you should be made to do something about it or stop using it.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    12. Re:Logical evolution by gweihir · · Score: 2

      What are you blabbering about? Because VMS and traditional Unix could be broken into, we do not need better security today? What kind of broken reasoning is that? And what about all the advances in software engineering and also secure software engineering (mostly ignored in practice and academic curricula)? People will not start to do better until there is significant incentive to do so. Software can be written so that it is really hard to break into. It is just more expensive.

      So, while you may consider yourself a hacker of the first hour (we had some of them in our CS course back then, all except one pathetic losers that could not hack the math and algorithm courses) don't you notice that these problems should have been fixed in the meantime?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    13. Re:Logical evolution by errandum · · Score: 1

      So, you'll punish everyone in the US, but then you discover the world is round and actually quite big. And that it doesn't really matter if you control the US computers when everywhere else no one passed legislation on that and the unsecure versions would keep existing.

      The only way to stop something like this is to heavily educate people. But who's going to pay for that? Who's going to profit? No one

    14. Re:Logical evolution by saleenS281 · · Score: 1

      It's also not reasonable to expect every bank in the US to have the security of fort knox. It would both be impossible for the bank to do business with customers if it was a three hour ordeal anytime someone wanted to make a deposit in the bank. As well as impossible to fund the amount of time and resources to secure them all.

      In the same way, it's completely unreasonable to expect every windows machine in every home in the world to have the kind of security say... the personal desktop of a security researcher has. Or the mainframe that processes transactions for Visa.

    15. Re:Logical evolution by neonKow · · Score: 1

      So is Microsoft still responsible for existing Win 95 machines that can't be patched?

      Computer security isn't that mature yet. When cars started out, they really WEREN'T that safe, and it would've been unenforceable to force car makers to make cars all that safe.

      I'll agree that unsafe computers these days are a much more widespread and possibly more harmful issue now thanks to the internet, but you shouldn't assume you can fix it just by choosing someone to take responsibility and punishing them if they don't/can't. That would be like punishing teachers if they can't clean keep the inner city neighborhood they work in free from adolescent gangs.

    16. Re:Logical evolution by neonKow · · Score: 1

      I dislike your analogy.

      Microsoft makes Windows. While Windows does have vulnerabilities, MS can't possibly control what you put onto Windows, which is also a big source of vulnerabilities.

      Java and Flash are both big sources of vulnerabilities, and once you get to any computer more complicated than a pocket calculator, you can't stop your users from just going out there and willingly downloading trojans .

      A more apt analogy would be that Microsoft makes cars, but they have to make sure nobody ever get their tires stolen, drives drunk, or puts in a GPS that leads them down the wrong route.

    17. Re:Logical evolution by neonKow · · Score: 1

      Nothing you say is exclusive of anything he/she's saying.

      He's comparing Windows to other OSes. You're comparing Windows to programs that run on Windows. He is saying people write exploits that run on Windows (which is true). You are saying people write exploits that target flaws in Flash. . . that run on Windows (which is also true).

      Chrome is not the next big attack vector because it still has a tiny tiny part of the market compared to IE, and it's definitely a smaller surface area to attack than Flash, so why bother? There are indications that Chrome is the second least secure of the major browsers, after Safari.

    18. Re:Logical evolution by ahaveland · · Score: 1

      I believe there was a time when connecting unapproved telephone equipment to the public network was quite a serious punishable offence.
      Apart from nasty privacy risks to the owner, in what way is a compromised machine abusing others on the network any different?

      The effort required to fix the number of infected machines is just so overwhelming that any ISP cannot cope, even if they wanted to.

      Some ISPs do a valiant job, but sad to say, the vast majority of them don't appear to care this >< much about their users, and the grief they cause.
      These are probably the worst from my perspective:- Vietnam, India, Pakistan, Brazil, Russia and Ukraine. Curiously, Iran appears disproportionately highly too.

    19. Re:Logical evolution by Rockoon · · Score: 1

      What are you blabbering about? Because VMS and traditional Unix could be broken into, we do not need better security today?

      Care to actually counter the evidence that refutes your world view about "vendors like Microsoft", or do you just want to change your tune at the drop of a hat like a fucking fundamentalist christian?

      --
      "His name was James Damore."
    20. Re:Logical evolution by Anonymous Coward · · Score: 0

      I think what he was saying is "everyone uses Microsoft as the example, but don't forget that all OSes have their flaws as do all companies that produce them, Apple included"

    21. Re:Logical evolution by Anonymous Coward · · Score: 0

      That tired old argument has been shown to be invalid a long time ago.

      No it hasn't I see it moderated "Insightful" at least twice a week right here on /. and it reads something like:

      Linux would get just as much malware if it were more popular.

      The implication is that there's nothing you can do if you're the top dog. Hence a Windows fan boy that makes such a claim is willfully admitting that Windows has not improved in a meaningful way because their market share really hasn't changed in a meaningful way.

    22. Re:Logical evolution by Anonymous Coward · · Score: 0

      Chrome is not the next big attack vector because it still has a tiny tiny part of the market compared to IE

      Wow dude... that rock you live under isn't tiny is it?

  3. Cause and effect by nurb432 · · Score: 2

    The more you press on shady people the more they will work around the restrictions.

    Its an endless cat-mouse game. And we are the losers.

    --
    ---- Booth was a patriot ----
    1. Re:Cause and effect by Anonymous Coward · · Score: 0

      I for one welcome our new botnet overlords.

  4. punishing makers of insecure software by nurb432 · · Score: 1

    Since no 'user controlled hardware' is 100% safe you propose TPM *everywhere* so users can no longer control anything. ( or have no computers at all )

    No thanks.

    --
    ---- Booth was a patriot ----
    1. Re:punishing makers of insecure software by gweihir · · Score: 1

      Nobody competent talks about 100% security (whatever that means), but systems that are very easy to hack are just not acceptable and those making ans operating them should be liable for any and all damage caused.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:punishing makers of insecure software by nurb432 · · Score: 1

      "easy" is an abstract concept that can only lead to complete TPM.

      --
      ---- Booth was a patriot ----
    3. Re:punishing makers of insecure software by gweihir · · Score: 1

      Nonsense. TPM does not make software more secure by the way. Maybe read up on the concepts you are throwing around here?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. The Daemon ! :) by Valtor · · Score: 1

    It's the daemon!

    http://thedaemon.com/

    Excellent book by the way. :)

    --
    "Sockets are the standard networking API, also useful for stopping your eyes from falling onto your cheeks" zeromq.org
  6. Can someone explain how this actually works? by Anonymous Coward · · Score: 0

    I don't fully understand how a 100% P2P system is possible. Surely you have to know at least one peer to start off with. Is there a list in the software or something? If this is the case can't they be taken down?

    1. Re:Can someone explain how this actually works? by LeadSongDog · · Score: 1

      Who would say? A white hat wants it contained until a countermeasure is available. A black hat wants the competitive advantage.

      --
      Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
    2. Re:Can someone explain how this actually works? by jonwil · · Score: 2

      You don't need that if the bot simply broadcasts any control message it receives to a known port on any computers it can find (without caring whether they are infected or not or whether the message got through). If enough machines are infected (and if the bot-net masters send the new message to enough initial known-infected hosts) then the message will be disbursed widely enough that most of the infected hosts will pick it up.

    3. Re:Can someone explain how this actually works? by Anonymous Coward · · Score: 0

      You mean like find hosts by bruteforce? Doesn't the botnet have to be huge for that to work?

    4. Re:Can someone explain how this actually works? by icebraining · · Score: 1

      Assuming it's self-spreading (through email, IM, etc), the instance sending those copies can put its own IP/port on the news copies, which will then communicate back to it. They can also then share the new IPs of those copies with the other nodes they're already connected to.

      --
      Dilbert RSS feed
    5. Re:Can someone explain how this actually works? by Lennie · · Score: 1

      That was my thought too, if the methode of spreading includes the IP-address of the originator and/or several peers that would be one way to bootstrap the P2P system.

      --
      New things are always on the horizon
    6. Re:Can someone explain how this actually works? by ae1294 · · Score: 1

      I don't fully understand how a 100% P2P system is possible. Surely you have to know at least one peer to start off with. Is there a list in the software or something? If this is the case can't they be taken down?

      In the same way AIDS is possible... Whoever infected you is your "at least one peer". But unlike AIDS that one peer sends you a list of peers it knows about and your machine does the same. Then you have a huge web of infected peers with huge amounts of redundancy. Plus there is probably a random IP search function if all the peers in the list are gone where the system just randomly sends udp messages until it gets a hello I have AIDS too here is my list of partners.

    7. Re:Can someone explain how this actually works? by berzerke · · Score: 2

      ...any control message it receives to a known port on any computers it can find...

      That's something the original article doesn't mention: Is the listening port on an infected computer static or not? If it's static, then a simple, and therefore quick, nmap scan of an IP space will reveal possible infected hosts on a network. You'd need to do further investigation to weed out the false positives, but it shouldn't be too hard to come up with a fingerprinting query to further narrow it down. Depended on how well it's set up, just looking for nginx Web servers may be enough to get a good idea of infected machines.

      If it's random, then look for port scans coming from infected machines. Still would be some false positives, but you can narrow down the list fairly quickly.

      If the listening port changes daily, hourly, etc. based on a formula, then you'll need to reverse the formula. And it would have to be based on a formula for the other nodes to find it without the noise of a port scan. But once you do reverse it, then you're effectively back to the static port scenario.

  7. *yawn* by Tom · · Score: 4, Insightful

    This comes as a surprise to anyone? Really? I attended conferences almost 10 years ago listening to and giving speeches about stuff like this. The technology is trivial, the only reason the bad guys haven't moved to the hardened networks stuff yet is because there simply was no need.

    If you want to know what's next, I can dig out my old slides. A guy from Britain and I came up with several highly resistant network designs. I think our final one would remain largely intact if you took out 90% of its nodes.

    Like all things in fighting spam and large-scale scams, eliminating the C&C servers was one step that was useful for a short span in time. There are still old botnets out there that you can take out with this approach, but the more advanced ones have left that window of opportunity now.

    As long as our politicians refuse to tackle the fundamental problem - that of tiny crimes in massive quantities - we're stuck. Our legal system still works by "cases", adapted to a physical world where the crime has an easily enumerated set of victims, each of which having suffered considerable damage. The legal and political systems still don't understand both the tiny and massive scales they need to deal with in a virtual world. Scam 10 people out of $1000 each and you'll get a court case and jail time. Scam 1,000,000 people out of a cent each and nobody in law enforcement will care, even though the damage to society is the same.

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:*yawn* by Anonymous Coward · · Score: 0

      The real fundamental problem is that is the basic business model of government!

    2. Re:*yawn* by Solandri · · Score: 1

      It's essentially the same thing as centralized peer-to-peer file sharing services like Napster being shut down, and decentralized ones like Grokster popping up to replace them. That happened ~10 years ago.

    3. Re:*yawn* by Krishnoid · · Score: 1

      Scam 10 people out of $1000 each and you'll get a court case and jail time. Scam 1,000,000 people out of a cent each and nobody in law enforcement will care, even though the damage to society is the same.

      Not to nitpick, but more than half of those ten may be in trouble if they lost that kind of money. Is the impact proportional for losing a cent (pretty much anywhere in the world)? The gain is the same to the scammer, but how do you calculate 'damage' on a one-cent scale?

    4. Re:*yawn* by Tom · · Score: 1

      Your argument is a moral, not a legal one. Legally, scamming a millionaire out of $1000 is the same as scamming a beggar out of his life savings of the same amount.

      --
      Assorted stuff I do sometimes: Lemuria.org
    5. Re:*yawn* by Tom · · Score: 1

      No, it isn't. Fuck off you retarded pseudo-revolutionary.

      I was to an ACTA demonstration today, and I am sick and tired and fucking pissed off at the juvenile idiots who turn every justified protest into an "against the system!" rally.

      I'm happy with our government system. I am very unhappy with the people currently in it, but that's in a good part because we stupid idiots put them there. If you put your vote in for any of the major parties last election, no matter what your justification is, you are part of the problem.
      And no, if you think you need to vote party A because otherwise party B which is even worse, will rule, then you have fallen for it hook, line and sinker. People like you are who keep the system stable, despite all your revolutionary rhetorics.

      --
      Assorted stuff I do sometimes: Lemuria.org
    6. Re:*yawn* by Anonymous Coward · · Score: 0

      Curious Yellow: The First Coordinated Worm Design
      By Brandon Wiley

      http://blanu.net/curious_yellow.html

    7. Re:*yawn* by doesnothingwell · · Score: 1

      Scam 1,000,000 people out of a cent each and nobody in law enforcement will care.

      If you have an MBA you get a pass on these "crimes", capitalism depends on them. I just love paging through someone's AT&T bill playing "find the scam", when the victim asks "Am I being cheated?".

      --
      They can have my command prompt when they pry it from my cold dead fingers.
    8. Re:*yawn* by joelpt · · Score: 1

      If you want to know what's next, I can dig out my old slides.

      Yes please. This would be interesting to see.

    9. Re:*yawn* by Anonymous Coward · · Score: 0

      By voting in the first place, you have fallen for it hook, line and sinker. People like you keep the system of capitalism and pseudo-democracy churning along! If you honestly think that voting in a minor party will fix things, you're deluded. Minor parties are just as easily corruptible as major ones, if not more so.

    10. Re:*yawn* by Tom · · Score: 3, Interesting

      That depends entirely on whether you are living in the real world or in lala-land.

      Minor parties are changing the system all the time. In my country, the existence of the green party has put issues of environmental protection, peace, critical re-evaluation of atomic power, etc. etc. onto the agenda of all the major parties. When they started getting a seizable share of the votes, the other parties realized they can't ignore these issues anymore.

      The same is happening with the pirate party right now. The fact that they solidly beat out one of the old major parties in a recent election shocked all the old parties, and suddenly they are starting to listen. ACTA was stopped in my country by a minister of the very party that lost its seats in that regional parliament to the pirate party. She's one of the smarter politicians, and she's understood that listening to the people is the only ticket her party has for survival.

      Sure, it is much slower and nuanced change than a revolution, but it also has a lot less death and destruction.
      And yes, I agree that "honest politician" is something you see once in a million.

      But unless you have a realistic, proven proposal for a better system, all the rhetorics is just bullshit, anger expressed in words, but ultimately not constructive.

      Because the first step in changing reality is accepting the current reality for what it is.

      --
      Assorted stuff I do sometimes: Lemuria.org
  8. What OS are these networks running on? by dgharmon · · Score: 1

    "takedowns of such a network will be extremely difficult because there is no one central source to attack."

    --
    AccountKiller
  9. Is anyone reminded of frequency-hopping? by Progman3K · · Score: 2

    There is no one node controlling the ensemble, yet they still need to coordinate their operations. The nodes must have perform a sort of hopping from one control-frequency (for lack of a better analogy) to another so they can't be followed

    --
    I don't know the meaning of the word 'don't' - J
  10. No Problem... by Anonymous Coward · · Score: 1

    Now it's a collective, right?
    So, all we have to do is find the bot named "hugh"....

  11. re: Politicians and the fundamental problem? by dgharmon · · Score: 1

    "As long as our politicians refuse to tackle the fundamental problem - that of tiny crimes in massive quantities - we're stuck"

    I don't agree, just build `computers' that can't be compromised by clicking on an URL or opening an email attachment.

    --
    AccountKiller
  12. Re: Politicians and the fundamental problem? by Lennie · · Score: 1

    It is very likely that the user is a large part of the problem, who do you intent to solve that ?

    There are still people who download a piece of software just based on an ad on a website (free anti virus or whatever) and install that on their machine.

    --
    New things are always on the horizon
  13. Re: Politicians and the fundamental problem? by Anonymous Coward · · Score: 0

    How about the proliferation of services on a modern machine? Most people have Flash on there and are completely oblivious to the fact that Adobe software can do a lot more than just draw some boxes and circles. These days I not only have to worry about viruses but also vendors, bad actors in the app stores, drive by downloads...it's near impossible to assure security unless you cripple your machine beyond the point of usefulness.

    Another problem is that we keep solving and re-solving the same problems over and over again in an effort to grab mindshare. It's not so much about advancement anymore as it is just having the latest shiny shiny. I wouldn't complain so much if they were using latest languages and techniques to harden the software (sometimes a rewrite is good) but I only see software practice getting sloppier and sloppier as time goes by and we're still using C++ for most things and still making the same basic mistakes as 20 years ago. Worse still the law of un intended consequences took a bit out of our asses with rapid deployment. That was supposed to create better quality software but ultimately made it easier to release crappy buggy software and put off the problem to later. The basic problem is that we don't care enough to solve the problem - you don't make money by preventing the exploitation of your customers, you make money by exploiting your customers...and quickly.

    I'll get off my soapbox now.

  14. Flood them with garbage by Anonymous Coward · · Score: 0

    Why doesn't someone figure out how to hijack the most prolific viruses/trojans/whatever, perpetrate them and flood the collectors with nonsense data so what they receive back from their minions of zombies is useless? Better yet, can't someone invent a simple virus that disables these complicated things? Then we only need a public campaign to convince all the AV people to not erase the "friendlies."

  15. Re: Politicians and the fundamental problem? by Tom · · Score: 1

    I've just given a talk on this on tuesday. Technology is a sideshow in the full picture of this crap. Phishing, spam, etc. are not primary technological problems. Botnets are just the currently most effective technology underlying this crap. Before botnets, we had rooted servers pumping out spam by the millions. We made that more difficult, so spammers went to easier targets and began building botnets. If we push them ouf of there, they will find other ways. It's a game of whack-a-mole.

    --
    Assorted stuff I do sometimes: Lemuria.org
  16. Re: Politicians and the fundamental problem? by Tom · · Score: 1

    It is very likely that the user is a large part of the problem

    Yes, but in an entirely different way than you mean it. The user isn't the dumb fool who is responsible for the whole mess - he is the weak link being exploited, and we blast him with "dumb user" ridicule instead of helping him out. Any surprise that users don't trust the geeks who should know better anymore? The IT department is not exactly admired in most companies. How it treats the users is one big reason why.

    There are still people who download a piece of software just based on an ad on a website (free anti virus or whatever) and install that on their machine.

    Yes, and
    a) aside from telling them what a bunch of stupid fucks they are, we aren't helping them one bit making the right decision
    b) they should absolutely be able to do that in a perfect world. We have the technology - why isn't every fucking program you download not automatically put into a sandbox? Why are extended permissions, where requested, presented to the user in a way that reads "program wants bla bla tech stuff, tech stuff, tech stuff, incomprehensible, tech bla bla" instead of telling the user what he needs to know in a language he can understand?

    We are way too obsessed with technical solutions. In a car analogy, we haven't built systems supporting the driver and making the car safer, we have invented HUD technology and now distract the user from the road with constant warning messages, confirmation screens and then tell him that the rising number of road accidents is a clear sign that most drivers suck.

    We are the idiots, not the users.

    --
    Assorted stuff I do sometimes: Lemuria.org
  17. Should be "ZeuS WINDOWS botnet". by couchslug · · Score: 2

    Never omit that salient point. It matters.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    1. Re:Should be "ZeuS WINDOWS botnet". by Johann+Lau · · Score: 1

      not it doesn't, not really.

  18. Re: Politicians and the fundamental problem? by Lennie · · Score: 1

    While I agree with you, it isn't as easy as you think it is.

    These malware will just be "I'm an anti-virus" so yes, the user just clicks yes to 'give access to whole system', as a virus-scanner would probably not work from a sandbox.

    --
    New things are always on the horizon
  19. No surprise here... by Anonymous Coward · · Score: 0

    But the good news is that it has always been and shall still always be trivial to identify individual bots: you see a DDoS, you warn the ISP "Machine at IP xxx.yyy.zzz.aaa participated in a DDoS on YYYY-MM-DD @ HH:MM:SS GMT".

    There's *nothing* bot owners can do around that.

    Kneejerkers will knee like the jerks they are saying: "but this is of no use..." bla bla bla.

    Truth is not only the public but also politicians / law-makers, ISPs are all warming up to the idea that it's totally cool to prevent an infested machine from connecting the Internet.

  20. Re: Politicians and the fundamental problem? by mcrbids · · Score: 1

    You could do what Google/Apple has done and take the user out of the equation. In both Google Market and iTunes, you can buy stuff with reasonable confidence that it won't hork your phone. By standardizing a place to safely get applications, and making it palatable for legitimate developers to submit to the implicit oversight, they've made it tough to end users to do stupid things like download an obvious scam/malware from an ad.

    Whatever the effect on our freedoms, the truth is that we can't reasonably expect people to be sharp enough to distinguish between malware and legit stuff. Heck, I've been doing software/computers for 20 years and I've been had a time or two. Especially recently, the scammers are getting rather good.

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  21. And the system became self aware on... by davecason · · Score: 1

    Welcome to Skynet.

  22. Re: Politicians and the fundamental problem? by Anonymous Coward · · Score: 0

    We have the technology - why isn't every fucking program you download not automatically put into a sandbox? Why are extended permissions, where requested, presented to the user in a way that reads "program wants bla bla tech stuff, tech stuff, tech stuff, incomprehensible, tech bla bla" instead of telling the user what he needs to know in a language he can understand?

    Doctors have the same problem. If you don't know how the human body works, explaining what is wrong with the patient is an exercise in confused frustration.

    Technical things are technical, as Einstein said "things should be as simple as possible, but no simpler". There's only so far you can drive things down, what about people who are illiterate and can't read? How do you accommodate them? People who are blind, how do they drive a car? People who are overly trusting and assume the best from being screwed out of their money by a con artist? (That last one lines up with people who install random shit off the Internet)

    You are right that the security systems are not particularly well designed but the bigger issue has always been social ("the user is dumb"); it's an outlook collision. Geeks tend to not be very social, they are naturally reserved, private and distrusting of others. Average people are "dumb" (as geeks call them), they trust, they are easily swayed by authority (including false con artist authority such as advertisements) and buy into cool and "everyone else is doing it".

  23. Whats new ? by amansx · · Score: 1

    I believe zeuS already had p2p capabilities as is evident from the last source leak. A well setup botnet even if based on p2p would eventually require a middle-man-server to coordinate its actions among the nodes in foreign networks especially if they are behind NAT.

  24. Re: Politicians and the fundamental problem? by Tom · · Score: 1

    Technical things are technical,

    They are, and still programming a VCR does not need detailed technical knowledge of how the thing works, only how to set the timer. And VCRs are a clear-cut case of the most sucking user interface one could design if it were a contest for maximum inconvenience.

    We know that the user doesn't have the technical knowledge - because he doesn't need to, shouldn't have to. So it is our task to explain to them what they need to know in terms they understand.

    Good doctors, btw., can do that. They can tell you what the symptoms are, how it will feel like, if you don't take this medicine. You don't need to know how the medicine works, only what the consequences of your actions one way or the other are.

    --
    Assorted stuff I do sometimes: Lemuria.org
  25. ANDROID (a Linux variant) only proves it more by Anonymous Coward · · Score: 0

    Well, whoever "down-modded" my post (via "hit & run" no justifications why on a computing/technical level either)? Eat this:

    Not only did the person I replied to make a point SO STRONG all you had was downmods in 'effete retaliation' but your doing that unjustified moddown of MY post only makes his point all the more stronger... & what helps that too? ANDROID!

    Android's a Linux variant, and it's been "TORN UP" on the security + malware front the past 4-5 yrs. now... why's that, if Linux is SO "malware free/resistant/proof", eh?

    His point & mine are why - That once a Linux gains a decent "majority 'marketshare'" on ANY given computing platform, it too will be 'shredded' on the security-front, because it's the MOST used/most popular... that means a LOT of "noob" users, & to malware makers?

    That's "EASY MONEY"... period! They're JUST like 'real criminals' that operate in the SAME pattern (ala my pickpockets example & how they too operate on 'crowds' where people gather (e.g. train & bus stations, malls, crowded city streets, etc.) & they do NOT go after "crowds of 1" only - because there's just not enough "ROI" to justify their efforts to try to victimize & steal from others in those conditions... however, Windows on PC's/Servers proves it, as does ANDROID/Linux on smartphones!).

    * Now, that "all said & aside"? Whoever the jackass was the down-modded my post has to live with the fact that facts above show that you're FULL OF SHIT, point-blank!

    APK

    P.S.=> I'd love to see the dork that down-modded my post disprove the technical points & data I put out, vs. his "hit & run" down-moderating b.s.!

    ... apk

  26. What a bunch of bullshit: STFU already! by Anonymous Coward · · Score: 0

    Once you're @ the top there's no direction except down (because significant "continued growth" is impossible once you saturate a possible market), unless a company diversifies into other areas/markets. As far as Windows popularity and it being attacked by malware makers the most? It's absolutely true!

    It's also why Linux for example doesn't get "hit" by malware as much as Windows does: Linux isn't used anywhere NEAR as much (1.19% marketshare vs. Windows' 95% marketshare).

    I.E.-> Malware makers are just like pickpockets - They go where the MOST possible "victims" are gathered (ala train/bus stations, malls, crowded streets and the like) to maximize their possible "ROI" for their efforts. Same with malware makers going after Windows (the most used OS) the most, vs. others like MacOS X &/or Linux.

    However, what DOES prove that once Linux were to gain a bigger piece of market on a given computing platform, it too, will be infested/infected a hell of a lot more? ANDROID does... it is, after all, a Linux variant, and it's being "torn up" on the security-front!

  27. Another effete "down mod" w/ no tech reasons? by Anonymous Coward · · Score: 0

    Is that "the best you've got", as far as the jackass that downmodded my posting? If so, and it obviously IS so?? I am laughing @ the absurdity of your stupidity... because it's so blantantly obvious that you cannot disprove the points I made on computing technical grounds, and all you have left, is your childish down moderation of my post, yet you're clearly computing technical know-how to justify said downmod.

    * Cowardly trolling losers abound online, but there's NO match for their presence here on /. though... not in my experience (since 1994 online & for decades before that in academia).

    APK

    P.S.=> Instead of "hit & run" downmodding, tell us WHY my post merited a down-moderation, & on valid grounds (computer technical oriented ones, since that's our subject-material in this forums section)... you will NEVER be able to do so, & in that fact, I am laughing @ the down-modder! apk