Slashdot Mirror

← Back to Stories (view on slashdot.org)

Despite Takedown, the Dridex Botnet Is Running Again (sans.edu)

Posted by timothy on from the down-but-sadly-not-out dept.

itwbennett writes: Brad Duncan, a security researcher with Rackspace, on Friday wrote on the Internet Storm Center blog that 'the Dridex botnet administrator was arrested on 2015-08-28, and Palo Alto Networks reported Dridex was back by 2015-10-01. That represents an outage of approximately one month.' The lesson here, writes Jeremy Kirk in an article on CSOonline is that 'while law enforcement can claim temporary victories in fighting cybercriminal networks, it's sometimes difficult to completely shut down their operations.'

4 of 57 comments (clear)

  1. You cannot succeed by Opportunist · · Score: 3, Interesting

    At least not until you take care of the root of the problem: The bots. People who run unpatched, unsecured boxes on fat pipes with no regard for the safety of others. Hell, not even of themselves.

    Get people liable for the shit their boxes do and you'll see this problem cease within months.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:You cannot succeed by Anonymous Coward · · Score: 5, Interesting

      So if your grandma gets hacked we should sue her and throw her in jail?

      How about we hold Microsoft accountable for the shitty fucking security in their operating system?

      That's the real problem here.

    2. Re:You cannot succeed by Dutch+Gun · · Score: 3, Interesting

      I'm not sure I buy that argument, especially when dealing with consumer hardware. As one example, how would a typical consumer possibly know that their router has been compromised? How would they even know it's "unpatched" in the first place? And what happens if you're completely patched up and you still get a bot on your system? While zero-day exploits are less common, they're do happen on a pretty regular basis.

      Nowadays, no consumer device should access or especially be accessed by the internet unless it's set up by default to auto-patch itself. This needs to be the new normal for hardware, because the reality is that security issues WILL be found, and that a typical consumer will NEVER patch things themselves. I used to have to update my Synology NAS box myself, checking when updates were available. After a well-publicized attack on their boxes, Synology wisely decided to allow their boxes to auto-patch themselves. We're starting to see this with some routers, and a lot of our critical software (OS, browsers) are now auto-patching as well. And we damn well need to make sure people making IoT devices get this right the first time.

      At this point, it's not just a matter of protection for the consumer that purchased the hardware. It's protection for the rest of the internet as well. We can't afford to leave old crap connected to the internet in perpetuity. As sad as that is, it's just proven to be too dangerous for the ecosystem as a whole.

      As for commercial-grade stuff... well, that's probably another discussion.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    3. Re:You cannot succeed by khasim · · Score: 3, Interesting

      The problem will be when the company selling those routers stops supporting them.

      Built correctly, those things should last for years and years. Longer than the companies want to spend money supporting them. They'd rather you purchased the newest model.

      But the security holes don't fix themselves.

      And even if you lock them down so that they cannot be "managed" from the Internet side, they're still vulnerable. It's just that the attack has to come from inside the network. Maybe via an ad banner or Java or whatever on a PC/laptop connecting through that router.