Uhhh, how did we conquer Iraq? They have their own government, its not like we annexed it, dumbass. And even if you would like to consider Iraq to be 'conquered' by us, iraq != world.
What if you don't run Windows eh? What if you run a operating system they don't know how to use? Alright, sure, feel free to go on my computer, but good luck finding my warez when its owned by root (chmod 600:))
You should have masked mysql. If you are running a server with important things running you also need to consider every emerge when you do it. Learn to always emerge -av things.
...Before we start giving children in third world laptops en masse...They should be fed. Of course it would be great if children in such places had laptops, but there are *FAR* more pressing issues facing the world currently, unfortuinately.
...As a linux user, how am I benefitting from Microsofts 'innovation'? Linux is just a kernel...Show me what Microsoft has innovated in terms of kernels please?
Nothing will get done. Bush still has the VETO stamp. Its been sitting in his desk draw barely used for the last 6 years. I am sure it is going to get a major workout in the next two. This is not a bad thing, government is best when it does least.
You are clearly not very intelligent then. I have had a Gentoo server in my room that has been up for +100 days, and has been installed for 2 years. I never have had *any* problems with updates.
Seems to help when you know what your doing...
Ignore the silly botnets and invest the resources to find and punish their creators.
So illegalize coding botnet trojans? Excellent idea...not. This would basically illegalize sites such as milw0rm.com, governmentsecurity.org and securiteam.com.
If someone were to sue a botnet trojan coder wouldent that establish a legal precident...making all people who publish new bug/hole/exploit information liable? Security through obsecurity = bad.
You misunderstand. A lot of herders periodically move all their currently listening bots to another channel with different passwords as a security measure. That way, a security person or cop who has infiltrated must very quickly reverse engineer the update to find the new IRC server, login, and password. Some also have scripts that pose challenges and then kick those that do not respond with the right answer in a given timeframe.
No, I dont think I misunderstand. You see, I think you misunderstand. I understand the fact that I have friends who run 500k+ host botnets. I know people who have visits with federal agents. I have never herd of someone who just changes channels. Maybe noobies who run their botnets on a large network such as EFnet or IRCnet might just switch channels, but what people who are a bit more 'advanced' have their own DNS's. And they just switch subdomains. For example, a while ago I was toying with this one botter and he had his bots on ircds which subdomains under thisisasecret.com...and when ever I would find him again he would just use a diffrent subdomain...
People who are more intelligent just get a new domain, or they just direct the bots to a ip that is in a country with other things on their mind besides botnets..
Often botnet herders issue a command or update that switches the control channel (and sometimes rustlers join and do the same).
Often they just use a/TOPIC, as most bots parse the topic when they join. Or the botter can just login (publically) and then do what ever.
At this point, they have plenty of knowledge to issue their own update and if a certain nick or whatever is required
...as I said above..Commonly the bots are coded (via the config.h) to accept commands only from a certain NICK, IDENT and HOST. You can change your nick and ident to what ever, but there is no way you can get the HOST that its set to have...That is, unless you manage to get operator status (that requires you to have the oper username, password, and to have the ident and host that the operator line is set for) and use/chghost on yourself to that of the 'herder'.
they can usually kick the real controller or root the box the IRC channel is running on and send their own commands.
Kick the real controller? That would involve them getting +o or +h in the channel, and the only way this would happen if the herder +h or +o'ed you. And at best this would be only temporary damage. So what, you ban all of the bots and the herder? Then they gline (ban) you from the server, unbam them selfs and the bots and they get back in and the bots back in. All you manage to do is waste time, and realisticly, this would never happen. And about sending their own commands, read what I said above.
Most of the botnet herders aren't really very competent and are basically script kiddies.
Well, apart from the cost of the license, the time spent testing the patches and/or cleaning up if a batch goes awry, time spent running virus/adware/whatever scanners (which you almost certainly need, despite Windows Update), and anything I forgot about.
The cost of the licence? If you are running a legal version of Windows you can use Windows Update at no cost to you. Experienced users shouldent need things like anti-virus and anti-spyware things - I havent used them in years and I have manage to keep my boxes clean..But for the rest of the population it isnt *that* difficult to just boot to safe mode and do a spybot scan if they mange to get them selfs infected.
I've heard of Linux/UNIX machines being the control channel on a fairly regular basis
The 'control channel' is just a IRC channel. Usually running on UnrealIRCd. You can run Unreal on Windows or Linux.
everse engineer the instructions, and send your own update disabling the network and patching the vulnerability on all the machines. The only reason this is not done by security researchers is the legal liability.
Not quite true. At times this is possible, however, the smarter people make it so the bots will only accecpt login from a certain nick, ident and host. And this is assuming the person is using a well used trojan src. If it is custom how shall the security researcher know what command it is to download and exec it? It commonly is like.http.get and.exec and such, but it widely varies.
A long time ago, I used to run botnets and that other bullshit...So take it as I know what I am talking about.
It is a pity that the general open channels are a thing of the past, but so are private BBS'.
This is not true at all. There are plenty of -sp channels on IRC. Hell, just do a/list on EFnet...thousands upon thousands. And usually, when just going around IRC, you arent just going to walk up upon a botnet..
With care, and unless the net manager has taken extreme measures to prevent it, one can induce the clients to remove or disable themselves, rather than just trying to kill the control channel.
No shit. Simply decompile the exec, get the password (shouldent be hard, unless it is encrypted, usually isnt), get the server ip/port/password/channel and possibly channel key, join the channel, login to the bots (.l password or what ever) and do.rm and boom, they lost their entire net (thats assuming they have it set so *!*@* can login).
Basically this is a problem with people owning computers who don't know how to maintain them properly, and with MS making it unreasonably difficult, expensive, and time-consuming to maintain a Windows machine properly.
Now now. I am a Linux fan and such, but blaming Microsoft here is just stupid! You know why? Because usaully the thing is exploited hasent been patched yet. Every program has bugs, thats just how it is. Get over it. And how is it expensive to maintain windows machines properly? Windows Update is free, no?
But as someone who doesn't run Windows, I don't really care.
While *nix botnets arent nearly as prevalent as Windows botnets, there are still ones out there...Dont think you are exempt.
nother possibility is that somebody I do business with could get their machines owned, and gangsters could steal my identity.
Its very easy to get your identity stolen these days..Simply do some SQL injection on a pron site or what ever, then boom, you got yourself 5k credit cards.
Why can't we all just hit "delete"? takes only a few seconds.
Were you dropped a child? On Windows, you cant delete a exec if its running..and most botnet execs fuck up things like the task manager and have backups of themselfs on your box.
Why isn't it possible to simply identify the exploit being used to spread a particular botnet, and write software that uses the same exploit to travel throughout the net before activating (perhaps at some specific time) to both wipe out the botnet software and seal off the exploit?
Easier said than done. How does your 'software' know what on the machine is a trojan? That wouldent be very good would it if your 'software' illegally compromised hosts trying to get rid of the trojans and accidently got some guys stuff that isnt infected? Also consider, when ever a new exploit is leaked in to the wild, all of the current botnet trojans are updated with it...There are widely diffrent...there is no plasuable way to just rid of all hosts comprimised with hole ____
What ever happened to the branches of the federal gov? Wouldent the FBI be considered part of the executive branch and the courts would be part of the judicial? Shouldent the judicial branch be a 'check' for the executive branch?
It's a perfectly valid complaint about a product that it doesn't work if you didn't follow the directions TO THE LETTER
Umm....No? I have been using Gentoo for years (I wouldent ever use anything else) and I cant even remember last time I used the guide...If you know linux well it really shouldent be too hard.
Slashdot Mirror
Uhhh, how did we conquer Iraq? They have their own government, its not like we annexed it, dumbass. And even if you would like to consider Iraq to be 'conquered' by us, iraq != world.
One death is a tragedy; a million is a statistic. -- Joseph Stalin
What if you don't run Windows eh? What if you run a operating system they don't know how to use? Alright, sure, feel free to go on my computer, but good luck finding my warez when its owned by root (chmod 600 :))
Posts like the above make me wish there was a '+1, right on' mod.
Because it will garner attention. I think it would be safe to assume that more people have herd of autism than 'Rett syndrome'.
You should have masked mysql. If you are running a server with important things running you also need to consider every emerge when you do it. Learn to always emerge -av things.
You bleeding heart liberals need to get over yourselfs. Do you honestly care if a TERRORIST gets TORTURED? A few words for you:
The ends justify the means.
...Before we start giving children in third world laptops en masse...They should be fed. Of course it would be great if children in such places had laptops, but there are *FAR* more pressing issues facing the world currently, unfortuinately.
So, your saying that rich people dont use the roads that are funded by taxes etcetcetc?
...If you dont mind me saying, a amatuer botnetter can manage that....Anyone who is 'talented' and knows what they are doing can easily manage 200k.
...As a linux user, how am I benefitting from Microsofts 'innovation'? Linux is just a kernel...Show me what Microsoft has innovated in terms of kernels please?
Stealing my children? May I remind you that this is indeed slashdot?
It appears the guys wiki has been 'slashdotted' - its lagging badly.
You are clearly not very intelligent then. I have had a Gentoo server in my room that has been up for +100 days, and has been installed for 2 years. I never have had *any* problems with updates.
Seems to help when you know what your doing...
.......ReiserFS Honestly though, bad jokes aside, ReiserFS on it would be nice.
If someone were to sue a botnet trojan coder wouldent that establish a legal precident...making all people who publish new bug/hole/exploit information liable? Security through obsecurity = bad.
People who are more intelligent just get a new domain, or they just direct the bots to a ip that is in a country with other things on their mind besides botnets..
Reboot to safemode. Clean your startup. Find the exec. Delete it. Reboot.
Not quite true. At times this is possible, however, the smarter people make it so the bots will only accecpt login from a certain nick, ident and host. And this is assuming the person is using a well used trojan src. If it is custom how shall the security researcher know what command it is to download and exec it? It commonly is like
No shit. Simply decompile the exec, get the password (shouldent be hard, unless it is encrypted, usually isnt), get the server ip/port/password/channel and possibly channel key, join the channel, login to the bots (.l password or what ever) and do
Now now. I am a Linux fan and such, but blaming Microsoft here is just stupid! You know why? Because usaully the thing is exploited hasent been patched yet. Every program has bugs, thats just how it is. Get over it. And how is it expensive to maintain windows machines properly? Windows Update is free, no?
While *nix botnets arent nearly as prevalent as Windows botnets, there are still ones out there...Dont think you are exempt.
Its very easy to get your identity stolen these days..Simply do some SQL injection on a pron site or what ever, then boom, you got yourself 5k credit cards. Were you dropped a child? On Windows, you cant delete a exec if its running..and most botnet execs fuck up things like the task manager and have backups of themselfs on your box. Easier said than done. How does your 'software' know what on the machine is a trojan? That wouldent be very good would it if your 'software' illegally compromised hosts trying to get rid of the trojans and accidently got some guys stuff that isnt infected? Also consider, when ever a new exploit is leaked in to the wild, all of the current botnet trojans are updated with it...There are widely diffrent...there is no plasuable way to just rid of all hosts comprimised with hole ____
What ever happened to the branches of the federal gov? Wouldent the FBI be considered part of the executive branch and the courts would be part of the judicial? Shouldent the judicial branch be a 'check' for the executive branch?