Despite Takedown, the Dridex Botnet Is Running Again

itwbennett writes: Brad Duncan, a security researcher with Rackspace, on Friday wrote on the Internet Storm Center blog that 'the Dridex botnet administrator was arrested on 2015-08-28, and Palo Alto Networks reported Dridex was back by 2015-10-01. That represents an outage of approximately one month.' The lesson here, writes Jeremy Kirk in an article on CSOonline is that 'while law enforcement can claim temporary victories in fighting cybercriminal networks, it's sometimes difficult to completely shut down their operations.'

You cannot succeed

[Opportunist]

At least not until you take care of the root of the problem: The bots. People who run unpatched, unsecured boxes on fat pipes with no regard for the safety of others. Hell, not even of themselves.

Get people liable for the shit their boxes do and you'll see this problem cease within months.

Re:You cannot succeed

So if your grandma gets hacked we should sue her and throw her in jail?

How about we hold Microsoft accountable for the shitty fucking security in their operating system?

That's the real problem here.

Re:You cannot succeed

[khasim]

A different outlook:
http://swiftonsecurity.tumblr.com/post/98675308034/a-story-about-jessica

The COMPANIES with the most influence over the security of your systems usually have the LEAST incentive.

Re:You cannot succeed

[Gaygirlie]

That's bullshit. Routers and other kinds of Internet-connected appliances are an extremely popular way of growing out a botnet, and guess what? They don't run Windows. Wordpress is another extremely popular target, and guess what? You can run Wordpress under a whole bunch of different OSes. There are literally tens of thousands of examples out there where Microsoft doesn't play any part except as perhaps the OS on which the vulnerable software runs on, but the same applies to *BSD, Linux and so on -- on general-purpose computers it doesn't matter what the OS is if the vulnerabilities lie in the software that was installed on top of the OS. On appliances, sure, but you can't blame MS for the shit the appliance-manufacturers pull.

Re:You cannot succeed

[Dutch+Gun]

I'm not sure I buy that argument, especially when dealing with consumer hardware. As one example, how would a typical consumer possibly know that their router has been compromised? How would they even know it's "unpatched" in the first place? And what happens if you're completely patched up and you still get a bot on your system? While zero-day exploits are less common, they're do happen on a pretty regular basis.

Nowadays, no consumer device should access or especially be accessed by the internet unless it's set up by default to auto-patch itself. This needs to be the new normal for hardware, because the reality is that security issues WILL be found, and that a typical consumer will NEVER patch things themselves. I used to have to update my Synology NAS box myself, checking when updates were available. After a well-publicized attack on their boxes, Synology wisely decided to allow their boxes to auto-patch themselves. We're starting to see this with some routers, and a lot of our critical software (OS, browsers) are now auto-patching as well. And we damn well need to make sure people making IoT devices get this right the first time.

At this point, it's not just a matter of protection for the consumer that purchased the hardware. It's protection for the rest of the internet as well. We can't afford to leave old crap connected to the internet in perpetuity. As sad as that is, it's just proven to be too dangerous for the ecosystem as a whole.

As for commercial-grade stuff... well, that's probably another discussion.

Re:You cannot succeed

[khasim]

The problem will be when the company selling those routers stops supporting them.

Built correctly, those things should last for years and years. Longer than the companies want to spend money supporting them. They'd rather you purchased the newest model.

But the security holes don't fix themselves.

And even if you lock them down so that they cannot be "managed" from the Internet side, they're still vulnerable. It's just that the attack has to come from inside the network. Maybe via an ad banner or Java or whatever on a PC/laptop connecting through that router.

Re:You cannot succeed

[houghi]

As far as I know, the software at launch is safe. Yes, there will be some zero-day hacks and even those who are not patched.

The real issue is however people clicking on ThisIsNotAVirus.exe.pdf or what not.

So most is Trojans and not virusses. Microsoft also issues patches.

Car comparison time:
A car company makes a car with an error. They find an error and recall the car.
Microsoft makes software and an error is found. They make updates available.

If my car is vurlerable for not breaking and thus killing people and I decide not to taker the time to get it repaired, who is at fault?

And by no means am I a MS fanboy. If they KNOWINGLY leave out security issues AND those are the ones abused (and yes, that also happens) then by all means they should be held responsible. But I am against the nanny state that tells me there is no responsibility on the side of the user by default.

So it is only part of the problem. I am sure people would click on NotAVisus.sh that then demands their root password just so they can see som celebrity nekid. No need to blame Linus for that.

Name of the game: Whack-A-Mole

[QuietLagoon]

So long as law enforcement continues to play the botnet's game of whack-a-mole, the problem will not be solved, or even diminished.

.
Law enforcement needs to follow the money....

Article is misleading

[burtosis]

in fighting cybercriminal networks, it's sometimes difficult to completely shut down their operations.'

Except for the sometimes - yes.

Be careful of what you wish for...

[NotQuiteReal]

You might well end up with only "certified", "licensed" (and "taxed") software distributions that you must "subscribe" to, and accept all automatic updates.

Running unauthorized software will be illegal.

Problem solved.