Cleaning Up Botnets Takes Years, May Never Be Completed
Once a botnet has taken root in a large pool of computers, truly expunging it from them may be a forlorn hope. That, writes itwbennett, is: the finding of researchers in the Netherlands who analyzed the efforts of the Conficker Working Group to stop the botnet and find its creators. Seven years later, there are still about 1 million computers around the world infected with the Conficker malware despite the years-long cleanup effort. 'These people that remain infected — they might remain infected forever,' said Hadi Asghari, assistant professor at Delft University of Technology in the Netherlands. The research paper will be presented next week at the 24th USENIX Security Symposium in Washington, D.C.
(And "Post-Mortem of a Zombie" is an exciting way to title a paper.)
Golly Gee! Neither will garbage collection... Let's just let it pile up, eventually it will collapse by its own mass.
“He’s not deformed, he’s just drunk!”
So your solution is just to get rid of all personal computers.
well before 10 years is up.
Apoptosis - "The weariness of the cell is the vigour of the organism." - George Orwell.
Honestly, if this is a problem ... let ISPs basically block anybody who is still sending out packets with this crap.
If your machine is a threat to the rest of us, cutting you off from the the internet might get your attention.
This way when you call your ISP and say the intertubes are broken they can see the flag on your account which says "banished" and tell you to fix your PC, or stay off the internet.
But let's not pretend Linux, Android, or Apple haven't had similar problems.
The problem with botnets is people might not even know they're infected. Aggressively disconnecting from the internet might actually achieve something.
Lost at C:>. Found at C.
Denial arguably creates a problematic perverse incentive because it provides a DoS-like extra 'for free' if you can manage to make the target act enough like it has been botted.
For people who aren't exactly up to the task of running their own IDS, though, information would certainly be helpful. There probably are people who don't care about running a festering worm farm; but there are definitely people who don't know that they are doing so.
Yeah, but half those infected machines/networks are probably critical infrastructure like dams and nuclear plants. You know, the kind of software from vendors that won't warranty it if you install antivirus... I'm looking at you Rockwell Automation.
"I have never let my schooling interfere with my education." - Mark Twain
Sorry, too many false positives would result, and on top of that, anybody with 'undesirable' content will be accused of being a 'threat'.
“He’s not deformed, he’s just drunk!”
I'm really impressed that so many modern computers are lasting so long and that so many people are using them. Use it up, make it do, or do without is a good policy for things that aren't mission critical
If your reading comprehension can't mature past literal face value, implied equivalents and other subtleties will elude you.
Not that I necessarily endorse GP's snark or not.
If your critical infrastructure for your dam and nuclear plant is sending stuff out to the internet, you likely have bigger problems.
However, I won't disagree with your point about vendors being impediments to security.
Lost at C:>. Found at C.
The precedent was set long ago. ISPs regularly disconnect customers whose systems are spewing out spam email, participating in DDoS attacks, etc. The approach varies a bit depending upon the provider and the client's service level; consumers will usually be cut off without warning and enterprise connections might get a phone call or email first, but responsible providers act quickly on abuse complaints. Irresponsible providers often find themselves losing various bits of connectivity to the rest of the world.
Imagine malware which downloads porn, and you deny internet access to everyone who downloads porn because they must be "infected"
Maybe in the UK or Iran, but that isn't a net abuse issue, it's an issue of oppressive government.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
... they might remain infected forever ...
Nothing lasts forever: The infected computers will eventually cease to function. It would have been more accurate (and less of an inflammatory panic reaction) to suggest that the infected computers might remain infected for the remainder of their active life.
In fairness, many AV engines are total crap and are notorious for interfering and breaking all kinds of software.
What I tghink is a shame is that we do not go after the REAL resposible people. /. and now they don't anymore. So the real reason is Digg. Why do they want to blow up nuclear plants? I don't know, but that is the question we should REALLY ask Digg: have they stopping wanting to blow up nuclear plants?
These systems have all a systemn admin that maintains them. These all used to read
Don't fight for your country, if your country does not fight for you.
The news article claimed that researchers had control over the botnet, but the research paper implies otherwise, simply that the control network was rendered inaccessible.
Did Conficker have something to prevent a takeover, such as using a public key signature to verify update code?
If they were able to inject a popup window informing the user of the infection, surely disinfection rates would have been much higher. The research paper says that millions of users bought phony security software via Conficker, so they'd likely respond to a popup invitation.
So if I happen to be visiting a website while it's being DDoS attacked, I'll be disconnected because I "participated" in the attack? Instead of ISPs having to decide what's abuse and what's not, how about we design an infrastructure such that no ISP customer can do any harm, whatever the packets their system is sending?
Basically eliminate the Internet as it is and start from scratch. You better get cracking.....
You're messin' with my Zen Thing, man.....
Isn't this why we have Internet Cleanup Day?
Really, why is it so hard for everybody in the world to just take one day out of the year to shut down all of their systems, wipe the hard drives and re-install everything from the installation media?
Um, how will they do that without Internet access?
No sig today...
So the only ones infected are the ones who don't run or keep their PCs up to date correct? Just like the Yahoo Flash exploit, wouldn't antivirus software be blocking that exploit as it is not a new exploit? what about people who don't run Flash with the default setting? i don't allow flash to save any data i don't let sites save data in it and so on.
Jack of all trades,master of none
Hyperbole like "forever" has no place in a professional treatment of the situation. May take a decade or two though.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
it's pretty simple, if you are coughing up blood, you dont go to work and then infect your coworkers with ebola. why should we allow computers that are doing the same thing to come to the internet? people mostly dont know they are infected, so injecting a little HTML into served pages that will help them disinfect their computer would be a good start. if it's been a week and they are still infected, it's time to serve them pages only on how to disinfect their machine and close any unrelated ports.
there is no need for this bullshit to continue.
Anons need not reply. Questions end with a question mark.
If your SCADA machinery is plugged into the Public Internet, you got way bigger problems than whether or not it's a bot...
Quo usque tandem abutere, Nimbus, patientia nostra?
So if I happen to be visiting a website while it's being DDoS attacked, I'll be disconnected because I "participated" in the attack?
Pretty sure they're going to know if you sent just a few packets a minute or several million in the same time space...
Quo usque tandem abutere, Nimbus, patientia nostra?
ROFL, from the article:
Sometimes, it was hard for ISPs to help consumers clean up their infected computers. Asghari said he spoke to one ISP that contacted the same customer 36 times in an effort to get rid of Conficker.
“Every time the customer would say I’ve cleaned it up, but the infection would return,” he said.
You would be wrong: the death penalty doesn't discourage violent crime, either.
How about simply putting them in a jail cell with a computer terminal. Their task is to use their own network to go in and disinfect each and every last machine. They don't see the light of day again until they accomplish this task, and if it's longer than their lifetimes, so be it.