Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Russian Botnet Tries To Kill Rivals

CmdrTaco posted more than 4 years ago | from the there-can-be-only-one dept.

Botnet 136

alphadogg writes "An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords. Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the FBI estimating last October that they have caused $100 million in losses."

cancel ×

136 comments

Sorry! There are no comments related to the filter you selected.

In Soviet Russia... (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#31085884)

Botnet kills YOU!

Re:In Soviet Russia... (3, Funny)

conspirator57 (1123519) | more than 4 years ago | (#31086300)

Spy Vs. Spy!

Re:In Soviet Russia... (0)

Anonymous Coward | more than 4 years ago | (#31087076)

I was thinking more of Battle Bots.

Re:In Soviet Russia... (1)

K. S. Kyosuke (729550) | more than 4 years ago | (#31087510)

Spy Vs. Spy!

Why not Bond Girl vs. Bond Girl? The spy can fetch some Martini in the meantime.

Why is this news? (3, Insightful)

Anonymous Coward | more than 4 years ago | (#31085950)

Trojans, worms and viruses have been eliminating rivals for a long time. It's all part of the strategy to avoid being detected. The slower a system gets and the more unwanted traffic it generates, the more likely it will be analyzed in depth, and that's not good for the bot net.

Apparently we've decided to go the "natural" route in software security: Instead of making software which cannot be compromised, we do a "good enough" job with software quality and then fight infections with some kind of immune system. IMHO this is the root of the problem. Computers are not highly redundant systems like biological systems. We really ought to create software which is safe by design.

Re:Why is this news? (5, Insightful)

Conchobair (1648793) | more than 4 years ago | (#31086336)

I think there is a guy that just goes around from article to article asking "Why is this news?" on each of them.

If it was a local report about a murder, he'd show up and say "Why is this news? People have been getting murdered for several years now." Or if if was a report on a politicians speech, he'd say, "Why is this news? Politicians have been telling us lies for years and years now."

Re:Why is this news? (3, Funny)

Imrik (148191) | more than 4 years ago | (#31086694)

Why is this postworthy? People have been asking "Why is this news?" for years now.

Re:Why is this news? (2, Funny)

flyneye (84093) | more than 4 years ago | (#31087336)

Because the enemy of my enemy is my friend...wait.. the enemy of my enemy is my..the enemy of my friend...oh forget it. How about an antivirus worm that searches them all out and hoses them down like a hot bath of p*ss till there is no point to the black hat vocation.

Re:Why is this news? (1)

Propaganda13 (312548) | more than 4 years ago | (#31089492)

Because the enemy of my enemy is my friend...wait.. the enemy of my enemy is my..the enemy of my friend...oh forget it. How about an antivirus worm that searches them all out and hoses them down like a hot bath of p*ss till there is no point to the black hat vocation.

The enemy of my enemy is my enemy's enemy - nothing more, nothing less.

If you've worked in a production environment, you'll know some fixes are worse than the original problem.

Re:Why is this news? (1)

Asclepius99 (1527727) | more than 4 years ago | (#31087062)

Why is this informative? People have been pointing out that other people don't have the same opinion as them for several years now.

Re:Why is this news? (1)

noidentity (188756) | more than 4 years ago | (#31088276)

Why is this notable? There's always someone going around commenting on how nothing is notable.

Re:Why is this news? (2, Insightful)

conspirator57 (1123519) | more than 4 years ago | (#31086388)

but doing it the right way front loads cost on the company that builds the correct system and places them at a competitive disadvantage with respect to shoddy software firms, say for example Microsoft and Apple.

besides, there is secure by design software. It just lacks features which makes it less competitive. Alternatively you can put a feature-rich OS on top of it, but then you've compartmentalized the problem, not eliminated it. Plus it's damned expensive. http://www.ghs.com/products/rtos/integrity_virtualization.html [ghs.com]

Myself, I like freeBSD as a compromise. It's not provably correct, but it's 2-3 known exploitable bugs in 10+ years are a good empirical indication of security. And it's free.

Re:Why is this news? (1)

Tim C (15259) | more than 4 years ago | (#31087208)

We really ought to create software which is safe by design.

And how do we protect a machine from its user installing trojans disguised as fun cursors, web browser toolbars, weather apps, sexy picture screensavers, etc?

Re:Why is this news? (1)

Mister Whirly (964219) | more than 4 years ago | (#31087550)

Easy - take away the keyboard and mouse. Oh, did you want the machine to actually be useful as well?

Re:Why is this news? (1)

Opportunist (166417) | more than 4 years ago | (#31088322)

Deliver them without a power cord, make them unavailable and only hand them out as the reward for passing "computer security 101".

Re:Why is this news? (1)

Ltap (1572175) | more than 4 years ago | (#31089126)

Easy - a test. "Quickly as you can, snatch the mouse from my hand."

Re:Why is this news? (1)

Culture20 (968837) | more than 4 years ago | (#31088256)

Trojans, worms and viruses have been eliminating rivals for a long time. It's all part of the strategy to avoid being detected.

It's news because this is a botnet-building system, kind of like an IDE or compiler. It's not the final executable. So it's sort of like a fight between mingw and VC++, where each searches for executables created by the other. Or to put in in car parlance: it's like Ford factories making all Ford cars in such a way as to detect all Toyota cars and make their pedals stick somehow. I'm guessing that prior to this, search-and-destroy was implemented by the coder, not the compiler.

Re:Why is this news? (3, Insightful)

Opportunist (166417) | more than 4 years ago | (#31088290)

Not possible.

Why? Because the core problem with system security is no longer the technical side. Systems (yes, even Windows) are by now mostly secure. Of course, there's always the odd security hole and some even get used, but they don't represent the majority of entry points anymore, not by a longshot. Over 90% of the infections (source not available due to NDA) are due to what I endearingly call "user stupidity". See Dancing pigs problem [wikipedia.org] of computer security for reference.

That is something you can not sensibly protect against, no matter how you create your product, unless you do not allow the owner of a computer to execute code he wants to run. And that's something I would not agree with under any circumstances, since it would mean that someone else gets to dictate what I can and what I cannot do with a machine I bought and own.

And I am fairly sure the majority of people here would easily identify the problem with that.

OTOH, if people may do what they want with their machine you can NOT protect them against an infection. You can of course inform them whenever something wants undue privileges, but eventually they will be the ones deciding what privileges they want to grant. And it's easy to trick people into granting more privileges than necessary. People are used to mere games requiring administrator privileges in Windows. If for nothing else, then to install their DRM device drivers. Imagine they got some "crack" for Windows that claims to turn their copy into a fully registered, legal copy. Will they grant access to manipulate core system files, even if they are able to understand the information provided? Of course they will, because after all that's what the program promises.

Now imagine Joe Randomuser with just enough clue to hit the right button on the machine to turn it on without blowing it up getting the information that Shlabberdup.exe wants access to the thingamajig privileges, allow or deny? Joe learned that usually it "does not work" if he says deny, so he says allow. Because he wants his pig to dance.

Re:Why is this news? (0)

Anonymous Coward | more than 4 years ago | (#31088874)

One, and only one, of the following is true:

1. An event is only newsworthy if it is the first time anything like it has ever happened.

2. You're an idiot.

I wonder if this how Skynet gets going... (1, Insightful)

wiredog (43288) | more than 4 years ago | (#31085964)

Could be an interesting way to create a "real" AI.

Re:I wonder if this how Skynet gets going... (1)

Krneki (1192201) | more than 4 years ago | (#31086182)

Only if you think as the only AI the self aware AI. If you are not that demanding you can already see a sign of intelligence in this botnet.

Re:I wonder if this how Skynet gets going... (0)

Anonymous Coward | more than 4 years ago | (#31087058)

I think you are confusing "Skynet" as something real.

Re:I wonder if this how Skynet gets going... (1)

Arancaytar (966377) | more than 4 years ago | (#31089046)

Creating Skynet would indeed be interesting.

Yay science! :P

Let the botnet wars begin! (1)

Gr8Apes (679165) | more than 4 years ago | (#31085966)

What could be better than botnets trying to destroy each other? Eventually one of them will screw something up and fewer and fewer systems will be members of any botnet as they get corrupted. That can only be good news as users wind up having to reinstall their software and hopefully at least a small percentage will learn a thing or two about security along the way.

Re:Let the botnet wars begin! (5, Funny)

poena.dare (306891) | more than 4 years ago | (#31086122)

"What could be better than botnets trying to destroy each other?"

Well, on the surface it looks good, but before long they'll be collaborating and eventually they'll learn to mate and produce better offspring. Then we'll have to amend the Defense of Marriage Act to keep botnets from getting married and start enforcing Don't Ask Don't Tell for networks.

It's amazing how many people don't know that SkyNet's parents were homosexual transvestite liberal russian hackers that smoked heavily and collected guns.

dARIUS qUAN predicted all of this. We should have listened!

Re:Let the botnet wars begin! (0, Flamebait)

DriedClexler (814907) | more than 4 years ago | (#31086278)

Let the DNA wars begin!

What could be better than DNA-based lifeforms trying to destroy each other? Eventually one of them will screw something up and fewer and fewer regions will be members of any ecosystem as they get corrupted.

Re:Let the botnet wars begin! (0)

Anonymous Coward | more than 4 years ago | (#31086878)

"Skynet..sorry botnet became self aware on 10 Feb 2010 and in a bid to protect itself fired missiles at Mozilla in a bid to give IE full market share and thus take over the world through shoddy browser security"

I found this on a tape from my long lost mother, recorded in the 7o's based on teh dodgy headband she was wearing! :-)

XKCD was there first (4, Insightful)

thegameiam (671961) | more than 4 years ago | (#31086032)

How long will it be until this is a reality [xkcd.com] ?

Re:XKCD was there first (0)

Anonymous Coward | more than 4 years ago | (#31086244)

I though Scientific America was first-- with it's "Core War" article [corewar.co.uk] .

Re:XKCD was there first (0)

Anonymous Coward | more than 4 years ago | (#31086456)

You realize that botnets have existed for much longer that XKCD, right? They existed long before 2005.

Re:XKCD was there first (4, Insightful)

jgtg32a (1173373) | more than 4 years ago | (#31086854)

Is it bad, that when someone posts an XKCD link I only click on it only to confirm that it was the one I though it was?

Re:XKCD was there first (1)

icebraining (1313345) | more than 4 years ago | (#31087116)

Yes. Randall should really include the name of the comic in the URL, so we can confirm without clicking.

Re:XKCD was there first (1)

dotgain (630123) | more than 4 years ago | (#31087390)

The name of the image is a somewhat terse description of it, that could be used. Not that anyone will, of course.

Re:XKCD was there first (0)

Anonymous Coward | more than 4 years ago | (#31088214)

Is it bad, that when someone posts an XKCD link I only click on it only to confirm that it was the one I though it was?

No but its the same reason you only fuck ugly/fat chicks.

Re:XKCD was there first (1)

socrplayr813 (1372733) | more than 4 years ago | (#31089006)

I can nearly always guess which it is. So if you don't want to be like me....

Re:XKCD was there first (0)

Anonymous Coward | more than 4 years ago | (#31089636)

Nah, that's normal. For this crowd, at least.

You can build your own virus farm! (1)

GameboyRMH (1153867) | more than 4 years ago | (#31088164)

It can be a reality, it's just that nobody's bothered to set up a virus farm with a malware visualization system yet.

If I could just free up the hardware...

Botnets fighting botnets... (3, Interesting)

Anonymous Coward | more than 4 years ago | (#31086038)

Why isn't this kind of technology being used to fight botnets? Couldn't a program be released using virus-like means to disseminate itself, and try to eliminate malicious software wherever it finds it? Sort of like a distributed-computing project, with each peer actively trying to disseminate a "counter-virus"? Or "antibodies", if you will?

This would be an easy one for Microsoft (2, Funny)

Errol backfiring (1280012) | more than 4 years ago | (#31086102)

Embrace, extend, extinguish...

Re:Botnets fighting botnets... (4, Informative)

grapeape (137008) | more than 4 years ago | (#31086142)

The problem is ethics...both would concidered intruders even if one is of the White Hat variety. Unfortunately it seems impossible to find ethically against something unethical so instead we all just sit around and complain about it while the problem gets worse.

Re:Botnets fighting botnets... (1)

Cyrack (688619) | more than 4 years ago | (#31086166)

And who do you think is going to cover the cost when the counter-bot-net screws up and wipes the PC instead of removing the bot? There are no gain for a company in making such a program, and any indivudal creating and distributing it is garanteed to get sued into oblivion.

Re:Botnets fighting botnets... (3, Informative)

clone53421 (1310749) | more than 4 years ago | (#31086360)

Because it’s illegal.

People trying to do good generally won’t risk going to jail for it.

Re:Botnets fighting botnets... (1)

SlayerofGods (682938) | more than 4 years ago | (#31088500)

Meh I'd send it out if someone wrote one for me. It's pretty easy not to get caught, just go to a public network, launch it and NEVER take credit for it. Espically for the simpler but more brutal ones like slammer or blaster I always wondered why if it was so easy to make the worm why did no one created a quick program that deletes the worm and turns on autoupdates? Not only would it save everyone a lot of work but would also be fun to watch them fight ;)

Re:Botnets fighting botnets... (1)

DragonWriter (970822) | more than 4 years ago | (#31087796)

Why isn't this kind of technology being used to fight botnets?

Probably because in many countries, remotely infecting and installing/removing software and other data on computers without authorization from the owner of the system is illegal.

Couldn't a program be released using virus-like means to disseminate itself, and try to eliminate malicious software wherever it finds it?

If you are making a tool to compromise system to build botnets, you probably don't care too much if it occasionally gets a false positive and trashes important software or data on the a target machine when trying to destroy competing malware, and any additional liability that destruction exposes you to is probably minor compared to the legal liability from the intended function of the software,.

If you are making "beneficial" software, the risk-reward assessment is different, and will weigh heavily in favor of not using viral distribution means, but getting people to voluntarily accept your software -- giving you the existing array of anti-malware software of various kinds.

Irony (1)

burkmat (1016684) | more than 4 years ago | (#31086070)

Malware gets exploited... Are we about to see makers start releasing patches for the malware to fix security holes?

Patching an exploit in your exploit? Is that good or bad?

yes (1)

someone1234 (830754) | more than 4 years ago | (#31086240)

Botnets already receive upgrades faster than your XP.

Re:yes (1)

burkmat (1016684) | more than 4 years ago | (#31086460)

...your XP.

First of all, there's no need to insult me. I don't run Windows, thank you very much.

Second, I've yet to come across any malware with polymorphic defense mechanisms. Sure, I've read about it here and there, and I haven't encountered any infected machines in a while, but is this kind of behavior really par for the course already?

Re:yes (2, Interesting)

HungryHobo (1314109) | more than 4 years ago | (#31086922)

http://webtorque.org/wp-content/uploads/malware_biz.pdf [webtorque.org]

the really quiet well made ones you don't hear much about.

Re:yes (0)

Anonymous Coward | more than 4 years ago | (#31089082)

Yes, I'd love to use my computer to open a PDF about botnets, what could possibly go wrong?

It's evolution in action. (3, Informative)

VShael (62735) | more than 4 years ago | (#31086076)

They are competing for resources (which may or may not be scarce) and one can now prey on the other.

Either evolve a defence, or die out.

(Oblig tag)
That's evolution in a nutshell. Note that no one is claiming the programs spontaneously emerged into cyberspace. Evolution has nothing to say about the origin of life. Abiogenesis is not Evolution.

Re:It's evolution in action. (0)

Anonymous Coward | more than 4 years ago | (#31086800)

Evolution would be a virus being transfered incorrectly, and that data modification happened to clean the infected system of other botnets, or protect itself from being cleaned.

In reality data transfer errors just cause the program to crash, not add functionality.

This is one of the common high level logical problems people have with evolution. (counterintuitive and there aren't any reproducable examples that we can test)

Re:It's evolution in action. (2, Insightful)

VShael (62735) | more than 4 years ago | (#31086888)

No, I don't think so.
It doesn't matter how the code changes from one generation to the next. Mutation (copying errors) or the mixture of two halves of parental DNA, or manipulation by an outside force, or some other mechanism.

What matters is that variation is introduced, and the most successful variations survive and the less successful variations do not.

It's an iterative process, much like software builds.

Re:It's evolution in action. (1)

HungryHobo (1314109) | more than 4 years ago | (#31087272)

Actually that particular problem has been looked at quite a lot.
Biological systems tend to have a lot of redundancy and fail softly.

Computer programs tend not to have much redundency and lots of invalid situations which cause a total crash.
Randomly change the destination of a mov or a jump and you've got nonsense code.

Try reading up on Tierra. They tried to address a lot of these problems by making the code a lot more like genetic code even going to far as to change how jumps work such that they look for patterns nearby rather than specific locations and other changes.

Re:It's evolution in action. (0)

Anonymous Coward | more than 4 years ago | (#31088084)

Actually, you are the person that has a problem with evolution.

Evolution == process
Natural Selection == process

Evolution in botnet software, as per TFA, occurs via developers modifying the code. Random mutation in bots is not needed.
There are other processes that evolve. For example, evolution of building codes, mostly as a reaction to bad designs, fires, deaths, and other injuries caused by inadequate building codes in the past.

"Evolution would be a virus being transfered incorrectly"

That would be mutation. :P

Re:It's evolution in action. (0)

Anonymous Coward | more than 4 years ago | (#31088016)

You mean intelligent design? The creator made all of those changes, the viruses didn't evolve on their own.

Nice try though.

Oh, you kids these days, with your Intartubes (3, Informative)

Rogerborg (306625) | more than 4 years ago | (#31086080)

In my day, we called this stuff Core Wars [robtex.com] , and we kept our viruses in jars and shook them to make them fight.

Re:Oh, you kids these days, with your Intartubes (5, Funny)

TheLink (130905) | more than 4 years ago | (#31086192)

If you write malware in Java you could keep them in jars too...

THOSE DIRTY RUSSIANS (0)

Anonymous Coward | more than 4 years ago | (#31086086)

Third world scoundrels, the lot of them. Too bad China doesn't need a(nother) peasant labour force.

I bet... (1)

mrv00t (858087) | more than 4 years ago | (#31086114)

...Lisbeth Salander is behind this!

Can we start using OpenBSD, Solaris, Linux? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31086116)

If it's really costing just American people and companies that much money, maybe it's time to stop using Windows.

There are so many alternatives! Servers should be running OpenBSD, FreeBSD, NetBSD, Solaris, Linux, Mac OS X Server, or even AIX and HP-UX.

Mac OS X and Linux make pretty damn good desktop systems for most users.

And if you need to run Windows, perhaps do it only on a system that isn't networked.

Re:Can we start using OpenBSD, Solaris, Linux? (1)

HungryHobo (1314109) | more than 4 years ago | (#31086990)

Whatever system is the most used will be the most attacked and almost certainly the most compromised.

Do OpenBSD, FreeBSD, NetBSD, Solaris, Linux, Mac OS X Server, or even AIX and HP-UX have less flaws than windows?

probably.
Almost certainly in fact.

But at the same time without the obscurity factor the flaws they do have will be found by determined attackers and due to the eternal demand for extra features there will always be new flaws.

There is no perfect system and you have to remember that virus writers are buisnessmen these days who go after the biggest targets.

Re:Can we start using OpenBSD, Solaris, Linux? (1)

countertrolling (1585477) | more than 4 years ago | (#31087088)

A cost/benefit analysis of switching might come in handy. There are other support issues besides just security.

Re:Can we start using OpenBSD, Solaris, Linux? (2, Insightful)

characterZer0 (138196) | more than 4 years ago | (#31087446)

$100 million? Please.

Many times that has been wasted supporting broken version of IE.

Many times that has been wasted waiting for reboots after BSODs.

Many times that has been wasted on upgrades nobody needs other than because old version no longer get security updates.

If lost money was going to cause people to ditch Windows, they would have done it a long time ago.

One to rule them all (1)

Gri3v3r (1736820) | more than 4 years ago | (#31086120)

I think it would have been cooler for that "russian botnet killer", if it was able to convert the "enemy" botnet program and have it under its control than just kill it.Then that converted program could start converting its own kind.Just like what Agent Smith was doing in Matrix!

Re:One to rule them all (0)

Anonymous Coward | more than 4 years ago | (#31086298)

A parasitic virus. Hmmmm...

Re:One to rule them all (2, Funny)

clone53421 (1310749) | more than 4 years ago | (#31086398)

Your ideas interest me and I would like to subscribe to your newsletter.

Re:One to rule them all (1)

ae1294 (1547521) | more than 4 years ago | (#31087456)

Your ideas interest me and I would like to subscribe to your newsletter.

Don't worry you can watch his idea's in his upcoming made for syfy movie.

Re:One to rule them all (1)

GameboyRMH (1153867) | more than 4 years ago | (#31089524)

Botnet client 1: You!

Botnet client 2: Yes, me. Me, me, me....

Botnet client 1:...Me too >:)

Botnet client 2: >:)

YoVu fail i7. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31086152)

progress. A8wy

As long as its not guns (4, Insightful)

ratboy666 (104074) | more than 4 years ago | (#31086204)

I'll make some popcorn and we can all enjoy the show.

But seriously, only 100M in losses?

I don't have the figures at hand, but "McAfee forecasts $1.8 billion in revenue for 2009". I would put the cost of the extra security in; the US did that when prosecuting Gary McKinnon, so there appears to be precedent.

Re:As long as its not guns (1)

Sulphur (1548251) | more than 4 years ago | (#31086696)

McAfee forecasts $1.8 billion in revenue

Then viruses, worms, botnets, etc. are forecast to do at least 1.8 billion

  in damage.

ONLY ON GUESS WHAT OPERATING SYSTEM? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31086248)

WinBLOWS [microsoft.com] .

Yours In Chelyabinsk,
Kilgore Trout

The enemy of my enemy is my friend (0)

Anonymous Coward | more than 4 years ago | (#31086276)

Usually the saying "the enemy of my enemy is my friend" would apply but in this case the enemy of my enemy is still my enemy.

honor among thieves (2, Funny)

bugi (8479) | more than 4 years ago | (#31086378)

But -- but -- That was my stolen property!

What are things coming to when you can't count on honor among thieves. I mean, thieves stealing from thieves? What is this world coming to!

How to explain this to noobs? (2, Interesting)

Alwin Henseler (640539) | more than 4 years ago | (#31086390)

You have this infected machine, perhaps it's a bot sending out bulk spam. Or you install a game on it, and a trojaned executable steals your CD-key and sends it off.. to China? To Russia? Who knows... Or you do some home banking with it (imbecile!), and possibly some program monitors your keystrokes, and sends of username+passwords to "parties unknown".

But the recurring problem: how to explain this to a noob? They're sitting on this trojaned machine, actively using it, processing private data with it, and just don't seem to care (as long as the apparatus still does the job). Anyone know of a good way to explain it to a person like this, what the dangers are? Why they should desinfect / wipe the machine ASAP? What does it take to make them understand what it means "there's a trojan / backdoor on your machine"?

Or is this futile? Should you just wait until they get hit hard(er)? Bank account emptied, e-mail account hacked, game CD-key blocked etc.? Any ideas?

Re:How to explain this to noobs? (2, Interesting)

clone53421 (1310749) | more than 4 years ago | (#31086476)

Online banking.

Even if you don’t do online banking on the computer, you’re allowing it to use the computer to spread itself. If you knowingly permit this you’re contributing to the defrauding of other people who do get their identities stolen, etc.

Re:How to explain this to noobs? (1)

Culture20 (968837) | more than 4 years ago | (#31088592)

But the recurring problem: how to explain this to a noob? They're sitting on this trojaned machine, actively using it, processing private data with it, and just don't seem to care (as long as the apparatus still does the job). Anyone know of a good way to explain it to a person like this, what the dangers are? Why they should desinfect / wipe the machine ASAP? What does it take to make them understand what it means "there's a trojan / backdoor on your machine"? Or is this futile? Should you just wait until they get hit hard(er)? Bank account emptied, e-mail account hacked, game CD-key blocked etc.? Any ideas?

At work, you become the BOFH and take away people's machines. If you're not the sysadmin, you become the sysadmin's worst nightmare: the concerned helpful almost-IT guy, and rat on your coworkers "New Ticket opened: I think Jerry's machine is infected. It's bluescreening a lot". At dinner parties, tell the plebes your horror stories of how an entire department thought they were fine, but their computers were part of a botnet doing nuclear weapons research for North Korea. You couldn't wipe the machines because the CIA wanted to inspect the traffic, then they confiscated the HDDs for national security, so they're "wiped" now.

Unfortunately, only some people will get the message that botnets and viruses should be taken seriously. Most people will just think you're being a jerk.

serves them right for not living up to the bargain (1)

bugi (8479) | more than 4 years ago | (#31086420)

If you can't expect your botnet-ware to keep your machine secure, then it's time to replace it. That is why we keep it on there right? It's a simple tradeoff, all our identity for some peace of mind.

So It's an AI? (3, Funny)

Doc Ruby (173196) | more than 4 years ago | (#31086604)

An upstart Trojan horse program has decided

The news that a botnet is killing its rivals is nowhere near as disturbing as the news that it's decided to kill its rivals.

Re:So It's an AI? (1)

clone53421 (1310749) | more than 4 years ago | (#31086842)

It didn’t decide to do anything. It’s doing exactly what it was designed to do.

Re:So It's an AI? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31087432)

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring... The attracting a female part makes you do things like getting a job, education... anything you can to improve your statute within society such that you have a better chance of courting a female...

You are just an automaton.

Re:So It's an AI? (5, Funny)

clone53421 (1310749) | more than 4 years ago | (#31087504)

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring...

I am?

Re:So It's an AI? (0)

girlintraining (1395911) | more than 4 years ago | (#31088578)

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring...

Well, that sounds like a ringing endorsement of lesbian relationships! I approve.

Re:So It's an AI? (1)

initialE (758110) | more than 4 years ago | (#31089480)

Given your nick I'd be a bit worried there.

Re:So It's an AI? (1)

tmmagee (1475877) | more than 4 years ago | (#31089734)

Yes. You are just doing it badly.

Re:So It's an AI? (1)

clone53421 (1310749) | more than 4 years ago | (#31089786)

Yes. You are just doing it badly.

I am?

Re:So It's an AI? (0)

Anonymous Coward | more than 4 years ago | (#31088238)

I think you meant to say "Disregard females, acquire currency".

Re:So It's an AI? (1)

Ja'Achan (827610) | more than 4 years ago | (#31088496)

We're on slashdot, so maybe your examples are ill-chosen...

Re:So It's an AI? (1)

Jedi Alec (258881) | more than 4 years ago | (#31089594)

And you are doing exactly what you evolved to do. Get resources, attract a female, make offspring... The attracting a female part makes you do things like getting a job, education... anything you can to improve your statute within society such that you have a better chance of courting a female...

You are just an automaton.

Bullshit. I have free will and a consciousness that allows me to take a step back and predict the consequences of decisions. I choose not to reproduce my genetic material(not by not courting females, just by picking those that feel the same way). I choose to accept a lower salary in exchance for better working conditions and more time to myself. And I choose to respond to an AC even though it will not accomplish anything of significance in the greater scheme of things ;-)

Bad analogy (1)

GameboyRMH (1153867) | more than 4 years ago | (#31089908)

Maybe it would be a good analogy if the trojan was programmed only to "spread" and then it decided to take out other trojans so that it could reach that goal.

The trojan is programmed, upon infection, to search for files with certain hashes (or whatever) and delete them. The decisions it made were far, far simpler with simple pre-programmed actions down to very minute details.

Humans are not programmed, for example, to put one foot in front of the other in a high-speed cycle in the direction of a gazelle and rotate the arm forward quickly while holding a spear and release it at a certain point in the throw calculated by the distance and angle to target and then to ambulate over to the corpse grab it with one hand and drag it back to the cave and beat your chest using an alternating reciprocating motion with both arms within sight of a reproductive female. You are programmed to survive and reproduce, those are just ways of going about it.

(I wanted to use a more up-to-date example, but holy shit, it is WAY more complicated these days!)

The intelligence of this trojan is comparable to a jellyfish, to be generous.

Reminder - This CAN be fixed (2, Insightful)

ka9dgx (72702) | more than 4 years ago | (#31086750)

Here it is... the reminder that Capability Based Security can fix this, if we raise awareness of its existence, and push to get it implemented. The idea is older than Unix, for chrissakes.

Microsoft's responsibility (2, Interesting)

Orlando (12257) | more than 4 years ago | (#31086920)

This may sound naive, but I'm assuming that the vast majority of the machines used in botnets are Windows PCs? So has any attempt been made to make Microsoft take some of the responsibility of this phenomenon on and do something about it?

Re:Microsoft's responsibility (1)

Overzeetop (214511) | more than 4 years ago | (#31088484)

Um, the vast majority of _machines_ are PCs, so short of some special effort, they will also harbor the vast majority of botnets. This isn't necessarily a statistical commentary, but a business one. Botnets are only as good as their numbers, and the way to get infected is to get the person sitting at the keyboard install it. Patches are generally made when exploits are found, whether it's by MS, Apple, or the OS community. That's what "patch Tuesday" is all about, and why everyone who bought and installed Windows has the default setting of automatically applying the latest patches automatically.

I realize you're trying to stir up some fanboi related mod points, but no matter how good the OS is the biggest security flaw resides outside the computer case.

Something i don't quite understand about theses (1)

G00F (241765) | more than 4 years ago | (#31087240)

Something i don't quite understand about theses botnets, the numbers are so high I wonder if AV or antimaleware not detect them? Because the size of each botnet are huge!

It makes me wonder if any of my PC"s are part of the bnet, and the AV's just don't detect it. I use game cracks even with games I own so I don't have to deal with CD/DVD's (2 toddlers, nothign is safe) I scan everything with clamAV and at least one other (avast/avg or even trendmicro), but using bittorrent makes it impossible to monitor traffic.

So, would having an up to date AV really protect people?

This is Russia! (1)

Catmeat (20653) | more than 4 years ago | (#31087374)

Given that this is Russia we're talking about, I suspect Zeus' problems won't be solved by well-targeted security upgrades.

They'll be solved by a well-targeted AK-47.

Spy toolkit - here it is (0)

Anonymous Coward | more than 4 years ago | (#31087408)

http://www.opensc.ws/opensc-marketplace/9184-new-bot-spyeye-v1-0-formgrammer-autofill-cc-modules-5.html

$100 Billion in Losses? (1)

SnapShot (171582) | more than 4 years ago | (#31088998)

Minor quibble. Yes, botnets suck and mafia run hackers can suck the stale &@%$ out of a necrotic &!#@'s &#%$#. But, does anyone ever believe any of these "X causes $Y Billion" losses estimates? Whether it's the RIAA, MPAA, BSA, FBI, FCC, or whatever, I think they make those numbers up.

Re:$100 Billion in Losses? (1)

SnapShot (171582) | more than 4 years ago | (#31089010)

Sorry, I meant Million not Billion. Not that it matters...

INFO (0)

Anonymous Coward | more than 4 years ago | (#31089192)

Thanks for it and the botnet tips: spy eye and zeus, gotcha!

How to kill bots (1)

turthalion (891782) | more than 4 years ago | (#31089766)

You see, Killbots have a preset kill limit. Knowing their weakness, I sent wave after wave of my own men at them, until they reached their limit and shut down.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>