Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Massive Botnet Building On Windows Hole

kdawson posted more than 5 years ago | from the so-patch-it-already dept.

Security 223

CWmike writes "The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed 'Downad.a' by Trend (and 'Conficker.a' by Microsoft and 'Downadup' by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. 'We think 500,000 is a ballpark figure,' said Macalintal when asked the size of the new botnet. 'That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's... starting to grow.'"

Sorry! There are no comments related to the filter you selected.

How is first ppost formed? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25955013)

How is first ppost formed
How firehose get story

They need to do way kdawson > who publish this FUD. becuse these Slashdotter cant frigth back?

it was on the Slashdot this mroing an editor in ar who had released three dupes. they are ignoring the three story tags and comments too lady dupes to rest my pary are with CmdrTaco who lost his cerdibility ; i am truley sorry for your lots

Re:How is first ppost formed? (1, Funny)

Anonymous Coward | more than 5 years ago | (#25955061)

Weak. In the good ol' days, a first post troll would have picked up on the words massive and hole and made a Goatse joke. You are a disgrace to the once proud troll race.

This resource is no longer valid. Please return to (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25955507)

This resource is no longer valid. Please return to the beginning and try again.

Idiots (1, Funny)

IceDiver (321368) | more than 5 years ago | (#25955025)

Don't people use auto-update?

Re:Idiots (0)

Anonymous Coward | more than 5 years ago | (#25955071)

No.

Re:Idiots (5, Funny)

moniker127 (1290002) | more than 5 years ago | (#25955123)

Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

Re:Idiots (5, Funny)

Henry V .009 (518000) | more than 5 years ago | (#25955159)

Here, let me turn it back on for you. There. Don't bother thanking me, I've already debited your bank account for my time.

Re:Idiots (2, Insightful)

Anonymous Coward | more than 5 years ago | (#25955227)

wait, wait, but then you do complain when a patch does not get installed and your system is compromized and it's all MSFT's fault... right, right? Am I right?
What did I win?

Re:Idiots (0)

Anonymous Coward | more than 5 years ago | (#25955297)

What did I win?

A shilling. Same as always.

Re:Idiots (1)

ThePengwin (934031) | more than 5 years ago | (#25955365)

A Rational Thinking award!

Sorry but these days they seem to be worthless

Re:Idiots (-1, Troll)

moniker127 (1290002) | more than 5 years ago | (#25955455)

I dont get viruses because I'm not a wintard who opens any FREEREGISTRYSCANNER add they see.
I've been running windows xp without firewalls/AV for like four years now. Every 6 months or so I scan for viruses, rootkits, trojans, and adware, and i've yet to come up with anything.

Re:Idiots (4, Insightful)

Xabraxas (654195) | more than 5 years ago | (#25955569)

You're just an idiot then. You don't need to click on FREEREGISTRYSCANNER or anything like that to get infected. In fact you can click on a link that you click everyday and get infected. The best you can do is stay up-to-date and pray for no 0 day exploits.

Re:Idiots (0)

Anonymous Coward | more than 5 years ago | (#25955841)

Of course you can, theoretically, get infected doing nothing at all... and yet, somehow, when I use Windows, it runs fine, for years at a time. Why do you think that is?

Re:Idiots (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25955935)

Of course you can, theoretically, get infected doing nothing at all... and yet, somehow, when I use Windows, it runs fine, for years at a time. Why do you think that is?

Because you're not telling the truth.

Re:Idiots (1)

Lershac (240419) | more than 5 years ago | (#25956159)

Nope,

I run XP in parallels on a mac. Same way. After I installed and configured my machine, I backed up the image, and said "lets see how long this takes" and one year later, its still going strong.
    No Spybot, No antivirus, and I surf and do lots of stuff on that Vmachine.

Re:Idiots (1)

moniker127 (1290002) | more than 5 years ago | (#25956391)

I think i'm just not as paranoid about security as some. This is not what my day revolves around, because it simply has not affected me, and I doubt it will any time soon.

Re:Idiots (1, Troll)

silarulz (1056046) | more than 5 years ago | (#25956487)

Or Just move to Linux, BSD, OSX...

Re:Idiots (4, Insightful)

dissy (172727) | more than 5 years ago | (#25955957)

I dont get viruses because I'm not a wintard who opens any FREEREGISTRYSCANNER add they see.
I've been running windows xp without firewalls/AV for like four years now. Every 6 months or so I scan for viruses, rootkits, trojans, and adware, and i've yet to come up with anything.

Well of course if you have a rootkit, scanning for rootkits will show clean. Thats how they work.

A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using, and the rootkit feeds back false info such as directory listings omitting the rootkits files, and if one tries to open one of its files by name, the open() call now controlled by the rootkit returns a no such file error.

You no doubt have a home router that does a form of NAT, which acts as a firewall for all intents and purposes for incoming connections, so your statement about not running a firewall is false.
At least I hope so, else you have been rooted 10 minutes after connecting your computer to the internet. Sadly, your description fits the profile of someone who is infected and doesn't even know it because it has been that way since day one it went online.

Re:Idiots (2, Funny)

corsec67 (627446) | more than 5 years ago | (#25955989)

You no doubt have a home router that does a form of NAT, which acts as a firewall for all intents and purposes for incoming connections, so your statement about not running a firewall is false.

Yeah, he would have to patch everything within 4 minutes [slashdot.org] to not have an infection.

Re:Idiots (0)

spongman (182339) | more than 5 years ago | (#25956363)

not at all: - install XP with network unplugged - turn on firewall - plug in network

Re:Idiots (0)

moniker127 (1290002) | more than 5 years ago | (#25956423)

Wear a tin foil hat much?

Dial up users. (5, Interesting)

aywwts4 (610966) | more than 5 years ago | (#25955347)

Indeed, my father in law is stuck on dialup, and wondered why his computer was so slow. (I hadn't been supporting him previously so I didn't look at his patch status) A quick speedtest (20 minutes later) showed he was downloading at less than a kilobyte per second.

Thats when I noticed it was downloading SP2 every single time he connected to check his mail. It has probably been downloading SP2 since it came out, years prior.

I think he was almost 70% complete with sp2 it probably would have been done in another year of intermittent use, but not before sp3 came out ;)

I now give him service packs on CDs

Re:Dial up users. (0)

Anonymous Coward | more than 5 years ago | (#25956377)

oh shutup, it doesnt download the same update over and over, it probably just never finished so it kept resuming.

Re:Idiots (0, Troll)

mika_au (1421751) | more than 5 years ago | (#25955361)

I disable Windows when I do an install of Linux.

This resource is no longer valid. Please return to (0)

Anonymous Coward | more than 5 years ago | (#25955695)

This resource is no longer valid. Please return to the beginning and try again. again.

Re:Idiots (5, Insightful)

jaxtherat (1165473) | more than 5 years ago | (#25955387)

Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

Not sure why this was modded funny, as this seems to be far and away the predominant mentality of windows users...

Re:Idiots (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25955545)

Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

Not sure why this was modded funny, as this seems to be far and away the predominant mentality of windows users...

If only there was a way to get the service packs without having to manually check it every day. Microsoft needs to make something automatic, like Apple's Software Update to download that stuff for you.

Man, Macs rule.

Re:Idiots (0)

Anonymous Coward | more than 5 years ago | (#25955699)

I hope you're being sarcastic or humorous because Auto-update is really very much the same as Apple Software Update (I have a mac, I know). I really don't get how people bag out Windows features like auto-update and user account protection (which IMHO is *less* annoying than it is on Linux/Macs as they ask for a password) when Linux and Mac OS have equivalent features. Macs do rule I agree, but I quite like many features of Windows NT based operating systems.

Re:Idiots (1)

Lershac (240419) | more than 5 years ago | (#25956199)

lets see, coz in Vista I get asked aLOT for UAC approval. On Macs, much much less.

all overusing the approval feature does is condition the user to clicking "go right ahead and ram that big cylindrical object up my arse."

Re:Idiots (1)

aweraw (557447) | more than 5 years ago | (#25956523)

Keep in mind that the object in question is only cylindrical in the best case scenario. The truth is not suitable to air in this time slot (kids might be watching). Let's just say that corners are uncomfortable.

Re:Idiots (1)

Iced_Eagle (1276052) | more than 5 years ago | (#25955139)

Don't bring any logic into this!

Re:Idiots (2, Informative)

Brain Damaged Bogan (1006835) | more than 5 years ago | (#25955213)

I would imagine that most pirated copies of windows wouldn't use auto update, you don't want your pirated OS contacting the developer whenever it feels like.

Re:Idiots (4, Insightful)

LtGordon (1421725) | more than 5 years ago | (#25955333)

I own a legit copy of XP Pro and it bothers me how frequently MSFT releases that Genuine Advantage garbage. If only they put that kind of enthusiasm into the rest of their products.

Re:Idiots (5, Funny)

Hal_Porter (817932) | more than 5 years ago | (#25955815)

I don't know why people complain about Genuine Advantage. If you buy the software it is unlocked. If you pirate it it will still work, even though it knows it is pirated, but it won't work 100%. I.e. pirate copies are partially locked.

Genuine Advantage would be better if they had a sense of humour about it. Like instead of black screening pirate copies [newsfactor.com] they could shrink the desktop slowly surrounded it by a dirty border and have photorealistic DirectX 10 cockroaches in the border. When you unlocked the workstation they'd scatter, but you still see the odd leg or antenna poking out from the edge of the monitor. Every so often one would run across the screen when you were hard at work. Hell, maybe you'd let people crush them with the mouse pointer but it would leave a nasty yellow blob on the screen. The longer you held out against buying a license, the more bold the roaches would become, and the more hit points they would have.

Essentially Microsoft discovered a way to make people RAGE! [imageshack.us] by accident with Clippy [wikipedia.org] . They should put that knowledge to use annoying pirates and making everyone else laugh at them. Most people have a fear of being mocked for being cheap, they should put that fear to use.

Re:Idiots (5, Interesting)

Architect_sasyr (938685) | more than 5 years ago | (#25955851)

Whilst I happen to be highly entertained by your idea about GA I should like to recount a little story:

Fully registered and licensed domain of XP machines (~60 or so). Update Windows Genuine Advantage. 58 of them claim to be pirated and cease to work at any level that can be considered acceptable for a corporation.

Stories like that are why people complain about GA.

Re:Idiots (0, Redundant)

Hal_Porter (817932) | more than 5 years ago | (#25955943)

I had a laptop with pirated XP on it which didn't pass Genuine Advantage. It worked fine for years, there were hacks to install Service Packs. Microsoft even documented how to change the license key from the leaked Corporate one to another. I actually had a spare OEM copy of XP but I used a keygen just to see if I could keep it working and see how Microsoft supported it.

The keygenned key let me install service packs but it stopped passing Genuine Advantage. There were cracks for that, but I never needed to use them. Apart from not being allowed to download stuff that needed GA from the Microsoft site I never really had an issue with it. And if you really have genuine copies, why not call Microsoft and get them to activate them for you, which they will certainly do if you have proof of purchase? Or read up on the latest cracks?

Whining about it on slashdot is just karma whoring.

Re:Idiots (2, Insightful)

LackThereof (916566) | more than 5 years ago | (#25956501)

On machines that fail WGA, Auto-update functions fine; manually updating from the Microsoft website is disabled.

However, XP's autoupdate is not particularly reliable with service packs. It's more likely to sit in the tray saying "click here to install SP2" than actually install itself, even if the machine is set to "Automatically download and install updates". And users always ignore tray warnings; it's just another bubble between Weatherbug and VirusProtectPro.

Re:Idiots (1, Insightful)

six025 (714064) | more than 5 years ago | (#25955251)

Auto-update works if you have a legitimate copy of Windows, and there are plenty of people using pirated copies of Windows which do not qualify for the "genuine advantage" required by Windows Update.

Even if MS managed to patch every security hole in Windows, there would still be a massive gaping hole left by the people who can't use auto-update and who are not inclined, or simply lack the technical ability, to seek out and install the required patches via a manual download.

This leads one to wonder about the wisdom of blocking illegitimate licenses from obtaining security updates via the auto-update service, as the end result of the decision is that everyone suffers to some degree e.g. increased spam levels.

Peace,
Andy.

Re:Idiots (2, Informative)

imemyself (757318) | more than 5 years ago | (#25955273)

I believe that MS actually does provide security updates for systems that do not pass WGA.

Re:Idiots (4, Informative)

LtGordon (1421725) | more than 5 years ago | (#25955377)

Systems that do not pass WGA are only allowed access to "critical" updates.

Re:Idiots (5, Informative)

The Bungi (221687) | more than 5 years ago | (#25955419)

Which this particular patch qualifies as.

Re:Idiots (0)

Anonymous Coward | more than 5 years ago | (#25955461)

security=critical

Re:Idiots (2, Informative)

master811 (874700) | more than 5 years ago | (#25955717)

That's not true, systems will still get access to the "recommended" updates as well if Auto-Update is set. I don't understand it myself as the same updates can't be accessed without validating, but they appear fine if you have it set to automatic (and don't use the windows update website).

Re:Idiots (4, Informative)

nabsltd (1313397) | more than 5 years ago | (#25955535)

Auto-update works if you have a legitimate copy of Windows, and there are plenty of people using pirated copies of Windows which do not qualify for the "genuine advantage" required by Windows Update.

If someone is already using a pirated copy of Windows as their desktop OS, then they probably wouldn't have a problem running a pirated copy of Windows 2003, either.

In which case, they can then download Windows Server Update Services [microsoft.com] which doesn't require WGA to download. After installing WSUS on Win2K3, they can configure it to only download updates matching the pirated MS software they have, and then individually approve or reject updates. They would then configure all the systems to retrieve the approved updates from the WSUS server.

By doing this, every update is available, and WGA is never installed on any of the systems.

Re:Idiots (0, Troll)

The Bungi (221687) | more than 5 years ago | (#25955263)

No, and that's obviously Microsoft's fault.

Remember Blaster, which had a full 40 days or something like that before the exploit was seen in the wild. 10 days is obviously not enough lead time. I personally think we should all be given at least 6 months warning for each vulnerability. Then the attack success rate would plummet to 20% from the 70% it seems to be at these days.

One year would be even better. 365 glorious days to decide whether or not to patch! That would be great.

Re:Idiots (0, Interesting)

Anonymous Coward | more than 5 years ago | (#25955265)

What about all the users that never, you know, bought the software? Or those [chinadaily.com.cn] who installed Windows Genuine Advantage and now have a black background and MS watermark?

Nooo, you must be an idiot if auto update, windows firewall or #insert service name here# isn't started at boot. Only possible explanation.

Re:Idiots (0, Troll)

cdrguru (88047) | more than 5 years ago | (#25955309)

Enabling auto-update implies the user trusts Microsoft to (a) update Windows properly and (b) not steal their bank account and credit card information with each update.

I would say most Windows users do not believe in (a). Some think they know better what updates to install than Microsoft suggests.

A significant number of users do not believe in (b). They have heard so much trash talk about Microsoft that they believe it is a criminal enterprise being operated by the Mafia.

I would say there is no hope for anything good coming from this set of beliefs.

Re:Idiots (5, Insightful)

0123456 (636235) | more than 5 years ago | (#25955505)

"Some think they know better what updates to install than Microsoft suggests."

When updates stop breaking other software, and Microsoft stop bundling DRM as 'critical updates', then I suspect people will start trusting Microsoft to tell them what updates to install.

Personally I like to see what Microsoft are doing to my computer before I install it.

Re:Idiots (1)

osu-neko (2604) | more than 5 years ago | (#25955543)

Enabling auto-update implies the user trusts Microsoft to (a) update Windows properly and (b) not steal their bank account and credit card information with each update.

Actually, installing Microsoft Windows and then connecting to the Internet implies you don't believe Microsoft will steal your bank account and credit card information. If they then further believe Microsoft will steal their data if they use Windows Update, no further analysis of their beliefs can yield useful information about what actions they may or may not engage in -- they have at that point proven to be completely irrational. Given this, any actions are possible, and you can try to rationalize their actions any way you like by picking and choosing from their contradictory beliefs, but it's ultimately pointless, since to do so assumes a level of rationality that is clearly not present.

Re:Idiots (1)

ushering05401 (1086795) | more than 5 years ago | (#25955637)

Niche markets have problems getting specialty software updated in a timely manner.

A client in the Veterinary field is still unable to update to XP SP3 because their medical office management software provider told me their product absolutely could not run on SP3.

I thought that the provider was thinking I was trying to upgrade to Vista, but no, SP3 apparently kills their server product.

Re:Idiots (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25955743)

Has anyone tried to run it on WINE? Just saying...

Internets is serious business (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25955077)

::21:34:51:: fubar> NOOOOOOOOOOOOOOOOOO
::21:34:52:: fubar> GODDAMMIT
::21:34:58:: fubar> NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
::21:35:03:: fubar> IM NOT DONE WITH MINE YET
::21:35:05:: @solar> lol
::21:35:06:: fubar> SHIT SHIT SHIT
::21:35:12:: fubar> SOLAR CAN YOU DO C++

Go vigilante (2, Insightful)

Anonymous Coward | more than 5 years ago | (#25955081)

It's time MS write botnets to exploit their own holes as means for patching said hole. Who gives a shit about the ethics of it, we are losing.

ISPs need to be more vigilant as well. Cut off subscribers ASAP when they're machine begins sending botnet traffic.

Re:Go vigilante (5, Insightful)

alohatiger (313873) | more than 5 years ago | (#25955367)

ISP action is definitely appropriate. If they can tell who is using torrent software, they should be able to tell who is sending spam and which machines are part of a botnet.

Filtering/quarantine at this level is like shooting down a scud missile on the way up instead of on the way down.

Re:Go vigilante (2, Informative)

Surreal Puppet (1408635) | more than 5 years ago | (#25955381)

Take a look at Schneier's arguments against this: http://www.schneier.com/blog/archives/2008/02/benevolent_worm_1.html [schneier.com] . One additional point is that stack/heap overflows and other memory-corrupting vulnerabilities often can't be made to be 100% reliable, and can be difficult to code for different service packs and such. This can be, and is, coded around as a matter of course, but a bug in the exploitation process can have disastrous and unpredictable results (in this case, interruption of a large swath of critical internal office file sharing networks.) This doesn't matter to the criminals, but it presumably matters to any prospective "grey hat" worm authors.

Re:Go vigilante (1, Informative)

techno-vampire (666512) | more than 5 years ago | (#25955621)

Personally, I'd rather see Microsoft put the effort into writing a version of Windows that doesn't have all those vulnerabilities in the first place. Of course, that would mean throwing out an awful lot of old code and that goes against their corporate culture, so I'm not holding my breath.

Going around my work already (0)

Anonymous Coward | more than 5 years ago | (#25955085)

This has been going around our work computers for about a week. Trouble is we have a lot of legacy computers that just do not get updated and/or we are forbid to install certain windows updates. Even if we had permission, our site internet is rather slow, so most computers go unpatched and the company relies on antivirus and firewall 100%.

Re:Going around my work already (3, Insightful)

Anonymous Coward | more than 5 years ago | (#25955133)

Three words:

Incompetent IT Department.

Re:Going around my work already (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25955211)

because I have a dedicated help desk for my home PC.. idiot.

Re:Going around my work already (1, Informative)

Anonymous Coward | more than 5 years ago | (#25955321)

Yeah, speaking of idiots...

his has been going around our work computers for about a week.

Re:Going around my work already (0)

Anonymous Coward | more than 5 years ago | (#25955357)

Even if we had permission, ...

You don't have permissions for your home PC?

Re:Going around my work already (0)

Anonymous Coward | more than 5 years ago | (#25955979)

Modded Insightful and Informative? Really?

It has begun! (0, Troll)

Iced_Eagle (1276052) | more than 5 years ago | (#25955119)

*Bill Gates rubs hands together*

"Excellent... Just excellent... Rise my army, rise up and do my bidding!"

It would be so easy. (5, Interesting)

Surreal Puppet (1408635) | more than 5 years ago | (#25955163)

Every time i see one of these high-yield Windows remote execution holes, I'm tempted to couple a timed network-stack-erasing payload to it (24 hours should be enough for it to be able to infect through vpn-connected laptops and such) and send it cracking. Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare? It could be argued that it's more fun to play pranks and infiltrate corporate and government networks, but we don't even see things like that (I know it was more common up to the early 90s, when the "criminal prankster hacker scene" still existed outside of small tight groups...)? Or do people just cover it up? You sysadmins out there, have you ever had anything like that happen to you, or anyone you know?

There's no profit it in. (5, Interesting)

khasim (1285) | more than 5 years ago | (#25955225)

Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare?

Pretty much. The closest was the "I Luv U" email which overwrote media files.

Since then, it's all about profit. Why destroy a computer when you can use it to send spam?

If you want to be really cruel, your "virus" would randomly alter a few numbers on any Excel spreadsheet it could access.

Re:It would be so easy. (5, Interesting)

Anonymous Coward | more than 5 years ago | (#25955383)

Welcome to the 21st century.

Unlike the 90's, viruses aren't typically coded for the purpose of doing as much damage as possible. Between eBay, Paypal, Amazon, and the other major e-commerce sites, the internet is now worth hundreds of billions - even trillions - of dollars every year. Dollars that would be lost if it went down or that can be stolen by the boatload. By and large, the motive for hacking - including the use of botnets - is all money driven these days. The two most common attack vectors are to either hold a site for ransom, threatening to take it offline via a Denial of Service attack if a certain mount is not paid or to simply use the masses of drones to slow down anti-phishing efforts by distributing the fake page across hundreds of bots (after all, you can run a web server using 500k of RAM and 200k of disk space, plus space for the pages, i.e. a Paypal clone takes up about 5MB on a drone.)

Judging by the size of this one, I'm going to guess its use will be the former rather than the later. 500,000 bots, all launched, say, the week of Christmas, would do a LOT of damage. Many of those systems will be corporate boxes and nobody will be sitting at them to monitor or notice anything, meanwhile a site that offers "last minute" shipping could be taken offline at the...well...last minute, costing them billions in lost sales. $10 mil would be a small price to pay to avoid that.

So yeah, it was more common in the 90's, but hacking solely to cause damage isn't something done any more. At all. The only people doing that would be, for example, if the Chinese were trying to crack a US State Department or Pentagon system (using the drones for brute force remote login attacks). That happens, but even there, the intent isn't to harm the systems, but merely to gain a valid login so you can steal information. This goes on in the corporate world too. After all, don't you think Ford would be willing to cough up $2 mil if someone could hand them a copy of Toyota's future business plan right now?

It's not so much that there aren't people who want to "just cause damage" but rather that those people grew up and realized they could make a lot of money by NOT damaging the systems. They needed jobs and there aren't a lot of positions available for someone with a skill set that includes brute forcing SSH logins. The generation that has come since them, mine (I'm 21, but I have friends who are 18 and 19, and we see each other as about the same) doesn't generally posses the level of skill of those who came before us. Sure, I can crack SSH and brute force NT Hashes with the best of them, but if you sit me and my 60 year old uncle both in front of a binary disassembler only he will know what he's doing, and finding the kind of flaw needed to make this massive botnet will require a very intimate knowledge of one.

Sorry, the script kiddies that bring the world to its knees have grown up and they refuse to work without pay.

Re:It would be so easy. (1)

ockegheim (808089) | more than 5 years ago | (#25956081)

...or to simply use the masses of drones to slow down anti-phishing efforts by distributing the fake page across hundreds of bots (after all, you can run a web server using 500k of RAM and 200k of disk space, plus space for the pages, i.e. a Paypal clone takes up about 5MB on a drone.)

Interesting... if I wanted to host a web page on my computer, I'd have to log into my ISP to unblock port 80, direct port 80 on my router to my computer, and turn on web sharing on my computer. But I guess a lot of people still connect directly to the internet and the worm wouldn't have much trouble activating services.

Re:It would be so easy. (1)

Surreal Puppet (1408635) | more than 5 years ago | (#25956191)

Many (most) bot servers include standalone mail/web server code, usually ripped from sendmail and the like.

Re:It would be so easy. (2, Interesting)

trawg (308495) | more than 5 years ago | (#25956181)

Many of those systems will be corporate boxes and nobody will be sitting at them to monitor or notice anything, meanwhile a site that offers "last minute" shipping could be taken offline at the...well...last minute, costing them billions in lost sales. $10 mil would be a small price to pay to avoid that.

Question: I'm not too savvy with the intricacies of DNS, but - could an organisation that was threatened with such a blackmail attempt do something like this:

1) duplicate your web infrastructure on a number of different networks
2) lower the TTL on your DNS records to something more responsive
3) /if/ you are attacked, update DNS records to point to your alternate hosting (..repeat as necessary until you run out of sites or they give up)

This is under the assumption that such an attack once launched would be hard to stop and/or redirect, which is quite probably not the case, I guess.

Re:It would be so easy. (1)

netcrusher88 (743318) | more than 5 years ago | (#25955497)

There was a fork of Blaster that installed the patch for the hole it used to spread, then deleted itself. Unfortunately, like Blaster, it had a tendency to crash the Messenger service, which causes Windows to reboot without letting the user interrupt the reboot. The anti-Blaster didn't get very far.

Re:It would be so easy. (0)

Anonymous Coward | more than 5 years ago | (#25956213)

That was not the issue... I recall that Nachi used the same exploit and patched, but it spread with the a ping to find other hosts to "fix". That's what took my network to it's knees, the ARP WHOHAS traffic following quad zero routes.

Re:It would be so easy. (1)

baomike (143457) | more than 5 years ago | (#25955663)

I have wondered also when someone is going to get pissed off enough to write some little bugger
that cleans a hard drive. Makeing it worth while for people to protect their machines.
No , I am not going to do it, but how long before somebody does?

Re:It would be so easy. (1)

pjbgravely (751384) | more than 5 years ago | (#25955907)

Did you forget about Witty Worm ? [wikipedia.org] I know it didn't attack the Microsoft windows operating system but it did randomly erase parts of the hard drive until the systm crashed.

at least he's not a house negro (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25955189)

obama is going to fuck up everything like the fucktard that he is. that nigger is going to get kicked from the white house in 4 years and you faggots with obama stickers are going to owe me an apology. fucking apemen.

Re:at least he's not a house negro (0, Offtopic)

FunkyRider (1128099) | more than 5 years ago | (#25955275)

1. moderate down -1: Off topic.
2. Don't like it? Get the fuck out of US of A. Coward.

Re:at least he's not a house negro (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25955449)

Are you on drugs?

Re:at least he's not a house negro (1, Funny)

Anonymous Coward | more than 5 years ago | (#25956021)

Wow.

Simply wow.

I mean, I haven't seen a collection of stupidity like this in years, and I read Stallman's articles from time to time.

Please, get yourself spayed before you breed.

ancient joke (5, Funny)

FunkyRider (1128099) | more than 5 years ago | (#25955283)

Reminds me an ancient joke:
Windows is same as whores: They both have massive hole and full of viruses.

Re:ancient joke (1)

dzelenka (630044) | more than 5 years ago | (#25955805)

I have another mental picture for you. I read the heading " New Massive Botnet Building On Windows Hole" and thought hemorrhoids. Painful, painful hemorrhoids!

Botnet, starting to grow (4, Funny)

PPH (736903) | more than 5 years ago | (#25955287)

Do you want a larger, firmer botnet? One that all the ladies will love and other guys will envy? Here's how to enlarge your botnet quickly and easily.

If your botnet stays up for 6 hours or longer, please seek the help of a physician.

Re:Botnet, starting to grow (1)

melikamp (631205) | more than 5 years ago | (#25955411)

How does one get other guys to envy the size of his botnet? Bust it out during parties and on dance floors? Join a botnet ring? Or just hope that girls will tell other guys about your size? I mean, of your botnet?

Re:Botnet, starting to grow (1)

corsec67 (627446) | more than 5 years ago | (#25955427)

Easy: DDOS competition.

If you can slashdot /., you obviously have a large botnet.

Re:Botnet, starting to grow (4, Funny)

ockegheim (808089) | more than 5 years ago | (#25956099)

Denial of Service to one's botnet can be disheartening.

Poooooooo what? repititialian? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25955349)

I was constipatid but nowe Im not. Everyone, everyone hear ye hear ye hoooooooray for me! And ALBERTUS Q. GORE! Formerly known as the great and smendifrrewi ho; jkodgpfhas9uhtiln huihnjklHIH*H njkl nm;n[[iit 0-ori90-35op3532,,m gskdsjopiiingu8 ub ass ass asss

Re:Poooooooo what? repititialian? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25955593)

Hey, quit trolling! Also, you spelled 'jkodgqfhas9uhtiln' wrong.

Just one more. Who's gonna mind? (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25955397)

Life on Windows is _meant_ to be dangerous and slow, right? Isn't that why we're make to go buy new hardware every two years, no matter what? :>

Enjoy, suckers: I've not needed the stuff since 1999. Some people just don't _require_ a 2x4 to the head to change.

6astards (1)

Tablizer (95088) | more than 5 years ago | (#25955471)

Hit at our company today. Pain in the butt. PC's that had lagging or broken anti-virus updates got hit the most.

Analogy (3, Insightful)

jaavaaguru (261551) | more than 5 years ago | (#25955707)

If you buy a gun, and leave it sitting in your front garden, then some criminals come along, take control of it, and kill everyone in your street, you're kind of responsible for that.

Apart from the obvious killing != spam and/or fraud, how is leaving an unprotected OS with known problems available to be hijacked by anyone who wants to do damage with it any different? You should still be responsible (although the punishment might be different). Suppliers should be forced to make this obvious to people buying this stuff.

Re:Analogy (5, Insightful)

NicknamesAreStupid (1040118) | more than 5 years ago | (#25955987)

What if I buy a rosebush and plant it in my garden, then somebody uses it to deface little kids and old ladies with its thorns? Am I kinda liable for that?

Is a computer more like a gun or a rosebush? I guess that depends on whether it is running Windows or Linux.

Re:Analogy (1)

AmberBlackCat (829689) | more than 5 years ago | (#25956059)

What if the choices are (Leave a gun in your yard) or (smash your television, audio system, and car). Because I just upgraded to Fedora 10 and lost all support for the Integrated sound, Nvidia, and my DVD burner. It's a choice between a security vulnerability and having half your hardware not working.

Re:Analogy (1)

jaavaaguru (261551) | more than 5 years ago | (#25956093)

I'll go with the third option, thank you. The last computer I bought works fine with the Ubuntu it came with. Even then, I'll keep a NAT router between me and the Internet because I know I don't always install the security updates as soon as they're available.

Re:Analogy (0)

Anonymous Coward | more than 5 years ago | (#25956091)

What's wrong with you? You're using a Stupid Gun Analogy when you could have used a Stupid Car Analogy!

Here: If you buy a car, and leave it sitting in your driveway, then some criminals come along, jack it, and kill everyone in your street, you're kind of responsible for that.

Didn't work? That's cuz tortuous analogies are stupid. Please stop.

Re:Analogy (1)

Whiney Mac Fanboy (963289) | more than 5 years ago | (#25956111)

If you buy a gun, and leave it sitting in your front garden, then some criminals come along, take control of it, and kill everyone in your street, you're kind of responsible for that.

Gun? Are you mad? Slashdot is about car analogies only.

how is leaving an unprotected OS with known problems available to be hijacked by anyone who wants to do damage with it any different?

One buys a car, forgets to lock it at night & it's used for a ram raid. Is the car owner responsible for the ram raid or a victim?

How can I sign up for this botnet? (0)

Anonymous Coward | more than 5 years ago | (#25955831)

I have some spare CPU cycles. I am an out of work advertiser, and I'd like to donate to other advertisers.

I'll reformat my machine and start fresh as soon as I need my machines back, but for now, seriously, how do I FOR SURE, join this botnet?

use norton (2, Funny)

delvsional (745684) | more than 5 years ago | (#25955833)

I use Norton, Mccaffee and AVG Grisoft all at once, oh wait nevermind. I don't use windows anymore.

Uh oh (1, Troll)

Stereoface (1400061) | more than 5 years ago | (#25955881)

Does that mean Macs have 10% of the market share of annoying ass spam networks? Cause they've already got 100% of the annoying and misleading commercials...

Wouldn't it be nice (2, Interesting)

Smuttley (126014) | more than 5 years ago | (#25956149)

if the people writing exploits for these security holes wrote a worm that once it had got onto a computer patched the exploit and then detached?

You could call it Good Samaritan Computing or something ;)

Everybody, SING ALONG! (4, Funny)

Chris Tucker (302549) | more than 5 years ago | (#25956161)

"Botnets, spammer's botnets!
What kind of boxes are on botnets?

Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even Asus, too!

Are boxes, found on botnets.
All running Windows, FOO!"

I'm running Mac OS X 10.5.5, here.

Why, yes. I AM a smug bastard!
Thanks for asking.

How Do They Survive? (3, Interesting)

Bob9113 (14996) | more than 5 years ago | (#25956347)

I'm curious - how do infected computers survive on the Internet?

We have legions of honeypots for the detection of infected hosts (not to mention the likes of GMail). ISPs have been qqing about bandwidth - surely bandwidth consumed by infection is the most loathsome waste.

Why don't ISPs have a takedown system? They could restrict who they trust - perhaps only Symantec and McAffee, maybe hotmail, yahoo, and GMail as well. The could do a limited takedown of outbound email only, adding a message to the customer's email account. Perhaps have an HTTP interceptor display a page with links to tools for system cleaning, maybe commercial products if they feel the defense of their corner of the net is not sufficient recompense.

OK, I can dig the risk of inappropriate takedowns - but we run that risk non-stop with the DMCA for a heckuva lot less tangible benefit.

Expense? I'm sure we could get a few dozen folks together to write the software.

Customer experience? Really now - if my Mom's computer was infected and her ISP told her, and gave her links to fix it, she'd love it.

Inability to trust the router droppings? Half the Internet connections in the world are probably covered by a couple dozen ISPs - start with trusting only those router entries.

So - what am I missing?

YABON - Yet Another BOt Net (or YABber On) (0, Flamebait)

gramlord (554156) | more than 5 years ago | (#25956445)

Why is another botnet, based on the incredibly insecure Windows VPS (virus propogation system), of interest. Yet another bot net, and more yabber (slang for talk) on the subject. Why doesn't the world of professional computer types fess up that Windows might look nice, might be easy for dummys to use, but is BAD. BAD for you. BAD for me. BAD for everybody. And the solution might be a little less pretty, perhaps, and a little more costly (depending on how you define "the solution"), but it will be GOOD. Damn the world's users for their blindly ignorant view on computers.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?