Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cleaning Up Botnets Takes Years, May Never Be Completed

Posted by timothy on from the down-there-somewhere-let-me-take-another-look dept.

Once a botnet has taken root in a large pool of computers, truly expunging it from them may be a forlorn hope. That, writes itwbennett, is: the finding of researchers in the Netherlands who analyzed the efforts of the Conficker Working Group to stop the botnet and find its creators. Seven years later, there are still about 1 million computers around the world infected with the Conficker malware despite the years-long cleanup effort. 'These people that remain infected — they might remain infected forever,' said Hadi Asghari, assistant professor at Delft University of Technology in the Netherlands. The research paper will be presented next week at the 24th USENIX Security Symposium in Washington, D.C. (And "Post-Mortem of a Zombie" is an exciting way to title a paper.)

10 of 74 comments (clear)

  1. Never be completed by fustakrakich · · Score: 2

    Golly Gee! Neither will garbage collection... Let's just let it pile up, eventually it will collapse by its own mass.

    --
    “He’s not deformed, he’s just drunk!”
  2. Vast majority will be in landfill... by Gordo_1 · · Score: 3, Insightful

    well before 10 years is up.

    1. Re:Vast majority will be in landfill... by swb · · Score: 4, Insightful

      I wonder how many infected systems either were originally VMs or physical systems turned into VMs that will live on in VM farms far longer because they support some obsolete or unupgradeable system or because nobody wants to turn them off.

      It's not hard to see systems that should eventually die off live on far longer thanks to virtualization.

  3. Re:However, by RobinH · · Score: 4, Interesting

    Yeah, but half those infected machines/networks are probably critical infrastructure like dams and nuclear plants. You know, the kind of software from vendors that won't warranty it if you install antivirus... I'm looking at you Rockwell Automation.

    --
    "I have never let my schooling interfere with my education." - Mark Twain
  4. Re:However, by gstoddart · · Score: 4, Insightful

    If your critical infrastructure for your dam and nuclear plant is sending stuff out to the internet, you likely have bigger problems.

    However, I won't disagree with your point about vendors being impediments to security.

    --
    Lost at C:>. Found at C.
  5. Re:However, by IamTheRealMike · · Score: 2

    In fairness, many AV engines are total crap and are notorious for interfering and breaking all kinds of software.

  6. Re:However, by houghi · · Score: 2

    What I tghink is a shame is that we do not go after the REAL resposible people.
    These systems have all a systemn admin that maintains them. These all used to read /. and now they don't anymore. So the real reason is Digg. Why do they want to blow up nuclear plants? I don't know, but that is the question we should REALLY ask Digg: have they stopping wanting to blow up nuclear plants?

    --
    Don't fight for your country, if your country does not fight for you.
  7. I'm confused by Minwee · · Score: 2

    Isn't this why we have Internet Cleanup Day?

    Really, why is it so hard for everybody in the world to just take one day out of the year to shut down all of their systems, wipe the hard drives and re-install everything from the installation media?

    1. Re:I'm confused by ThatAblaze · · Score: 3, Insightful

      Anyone who has a 8 year old computer has probably lost the installation media for it. Many of them might be running POS systems that don't work past win95. We're not talking about office or home computers here, those have all been changed out long ago. These are mostly old computers in a back room that have been plugging away at a single task for years.

  8. Re:You're attacking the wrong part. by htomc42 · · Score: 2

    How about simply putting them in a jail cell with a computer terminal. Their task is to use their own network to go in and disinfect each and every last machine. They don't see the light of day again until they accomplish this task, and if it's longer than their lifetimes, so be it.