Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mariposa Botnet Beheaded

kdawson posted more than 4 years ago | from the sting-like-a-butterfly dept.

Botnet 177

northernboy and many other readers sent news of the beheading of the Mariposa botnet with three arrests in Spain. "Defense Intelligence of Ottawa working with ISPs and Spanish authorities have taken down yet another > 12M PC botnet, called Mariposa. The three top-level operators are in custody, but remain anonymous under Spanish law (how quaint: apparently in Spain, the accused have some right to privacy). AP is claiming that the botnet included systems in roughly half of the Fortune 1000 companies, scattered over 190 countries. Interesting details: none of the three principals has a prior criminal record. Although apparently hardworking, they are not uber-hackers, but rather had connections to the Spanish mafia, which apparently helped to equip them. At the time of arrest, they were not showing signs of their significant new income level. From the article: 'Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger. After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.'"

cancel ×

177 comments

Another... (2, Funny)

zmaragdus (1686342) | more than 4 years ago | (#31344230)

Another one bites the dust...

Good for them, but I still don't see a noticeable reduction in my spam mail. Gotta keep working at it, guys.

Re:Another... (4, Funny)

someone1234 (830754) | more than 4 years ago | (#31344362)

This was done much better than the previous one done by Microsoft. Catching the human masters and putting them in "federal pound me in the ass prison" is the right solution to this problem.

Re:Another... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31344772)

I don't believe in physical violence of any kind, and the Scripture doesn't support racism. The only true Nazis in this world are fags.

Re:Another... (1)

CanadianRealist (1258974) | more than 4 years ago | (#31345292)

To really have a noticeable effect on the problem, I think that we need to provide a better deterrent to other botnet operators by making a sufficiently good example of these ones.

Maybe installing well publicized web cams that that provide a full time live feed of their "pound me in the ass" prison cells for all to see would help.
We could also have special "guest pounders" from time to time. Maybe charge a small fee to watch that, to raise money to pay for better investigations of remaining active botnets.

Re:Another... (1)

maxume (22995) | more than 4 years ago | (#31345514)

Yeah, physically violating prisoners of the state sounds like a great thing to do on a Saturday afternoon.

Re:Another... (2, Funny)

0100010001010011 (652467) | more than 4 years ago | (#31346008)

...putting them in "federal pound me in the ass prison"...

This isn't Riyadh. You know they're not gonna saw your hands off here, alright? The worst they would ever do is they would put you for a couple of months into a white-collar, minimum-security resort! Shit, we should be so lucky! Do you know, they have conjugal visits there?

Re:Another... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31344444)

Another one bites the dust...

Good for them, but I still don't see a noticeable reduction in my spam mail. Gotta keep working at it, guys.

Whenever I'm asked about spam emails and the products offered, I'm lightly hesitant to say that it's a scam because I'm afraid of lawsuits (*that I can't afford to defend myself against) from the one business that may be legitimate or close to a legitimate one. Now, I'm quite a bit more confident that all spam is a scam.

* Several years ago there was this online retailer that sold pet supplies - I can't find a reference - who sued anyone and everyone who said anything bad about him or his business. Many people settled out of court for thousands of dollars. The owner of said firm ended up stiffing his lawyers - Old Buddhist saying: "Opportunity knocks. Karma hunts you down." - talking about the lawyers who represented the owner.

Of course privately, one on one, when some asks, my response is that no legitimate business use spam email. Then I'll get the question occasionally "Well, my bank sends me emails and they're legitimate!" Then I have to go and explain notices of closings is one thing but also it could be a phishing expedition. Then you get the old people who get so afraid that they won't even use email for anything.

Re:Another... (1)

stiggle (649614) | more than 4 years ago | (#31344790)

You won't see a reduction until the ISPs start to be accountable for their users.
ISP should be pro-active in managing connections - only open up certain ports where the users have requested it.
eg. SMTP - home users should only be able to connect to port 25 on their ISPs mail server.
Do home users need remote access to Windows Filesharing? I don't think so, so the ISPs could block those ports by default too.

The old days of only clueful people connected to the net are long gone (by about 20 years).

Re:Another... (1)

NormalVisual (565491) | more than 4 years ago | (#31344964)

SMTP - home users should only be able to connect to port 25 on their ISPs mail server.

I don't really understand why egress filtering like this isn't being done as a routine course of business these days.

Re:Another... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31345026)

Yeah because home users NEVER use outlook to get their mail from pop servers like yahoo or google. We should block port 25 from home connections completely and completely ignore all the businesses with hundreds of infected machines.

GOOD GAME SIR YOU WIN AN INTERNETS.

I love these lame assed fascist fixes you nerds come up with.

Re:Another... (4, Informative)

NormalVisual (565491) | more than 4 years ago | (#31345168)

Did you not read the parent's comment about having ports opened on request before you decided to start flinging the ad homs? The vast majority of home users don't grab their mail from remote servers via POP or IMAP (POP is on port 110, not 25, BTW), and the vast majority of Yahoo and Google mail is delivered via their web interface.

Jesus Christ, use a little bit of critical thought before nerdraging.

Re:Another... (0)

Anonymous Coward | more than 4 years ago | (#31345380)

Did you not read the parent's comment about having ports opened on request before you decided to start flinging the ad homs? The vast majority of home users don't grab their mail from remote servers via POP or IMAP (POP is on port 110, not 25, BTW), and the vast majority of Yahoo and Google mail is delivered via their web interface.

Jesus Christ, use a little bit of critical thought before nerdraging.

I believe the parent was refering to outbound mail, not inbound? :)

*cough*criticalthought*cough*

Re:Another... (1)

NormalVisual (565491) | more than 4 years ago | (#31345448)

I believe the parent was refering to outbound mail, not inbound

I knew exactly what he was referring to, thanks.

Re:Another... (5, Insightful)

entrigant (233266) | more than 4 years ago | (#31345148)

What the hell is wrong with you two? The only situation I can find this even remotely acceptable is in response to verified abuse complaints, and even then the appropriate resolution is attempt to contact the customer then disable the entire connection if the customer is unable to resolve the issue. Depending on the severity you don't necessarily need to do it in that order.

I'm leasing an internet connection. You route IP packets destined for my address directly to me, and you route any and every IP packet I send to the appropriate next hop. The end. No if's, and's or but's. No blocked, ports, no traffic shaping, no injected tcp resets... nothing. Just route the damn traffic.

Re:Another... (0)

Anonymous Coward | more than 4 years ago | (#31345840)

What the hell is wrong with you two?

They're wasting time arguing on Slashdot rather than doing something useful. Just like you and I, in fact.

Gotta go. Code's done compiling.

Re:Another... (1)

Idimmu Xul (204345) | more than 4 years ago | (#31345654)

SMTP - home users should only be able to connect to port 25 on their ISPs mail server.

I don't really understand why egress filtering like this isn't being done as a routine course of business these days.

Er, what if I want to send an email through my work mail server, or one provided by someone that isnt my ISP? You two have just locked me out of securely authenticating to any other mail servers ...

Re:Another... (1)

NormalVisual (565491) | more than 4 years ago | (#31345936)

Then you contact your ISP and ask to have the port opened like the previous poster said. We're not talking about an unconditional ban of port 25 traffic forever.

Re:Another... (1)

3.5 stripes (578410) | more than 4 years ago | (#31345998)

SASL and TSL don't require port 25.

w00t (1)

Daryen (1138567) | more than 4 years ago | (#31344260)

I know it's just one botnet of many, but stories like this make me smile anyway.

apparently in Spain, the accused have privacy (5, Insightful)

captainpanic (1173915) | more than 4 years ago | (#31344370)

From TFA:

how quaint: apparently in Spain, the accused have some right to privacy

That's because in Spain you're not guilty until proven guilty by a court of law. The days of the Spanish inquisition are over.

What country doesn't protect its accused in the 21st century?

Re:apparently in Spain, the accused have privacy (2, Insightful)

bsDaemon (87307) | more than 4 years ago | (#31344394)

In the US at least, the names of the accused are only withheld in the case where the perp is a minor. Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?

Re:apparently in Spain, the accused have privacy (4, Informative)

julesh (229690) | more than 4 years ago | (#31344646)

Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?

The Cnet [cnet.com] article provides their ages, which range from 25 to 31.

Re:apparently in Spain, the accused have privacy (3, Interesting)

Max Romantschuk (132276) | more than 4 years ago | (#31345020)

Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?

Do you seriously believe that today's bot nets have any resemblance with the irc-botnets of yesteryear? Bot nets are used primarily by organized criminals these days, trading in identities and performing phishing and scamming operations. The script kiddies were replaced by real crooks with guns a long time ago.

Re:apparently in Spain, the accused have privacy (1)

bsDaemon (87307) | more than 4 years ago | (#31345076)

Keeping myself thinking that botnets are lame keeps me from realizing that only a sucker keeps going to work instead of running a botnet.

Re:apparently in Spain, the accused have privacy (4, Informative)

realityimpaired (1668397) | more than 4 years ago | (#31344430)

In both the USA and Canada, you're allowed to publish the names of the accused as long as they're adults. The accused need to request that the court protect their anonymity by ordering that their names not be published until after the trial, and the court maintains the right to deny that request.

For juvenile offenders, it's a different story... young offenders must always be referred to by pseudonym to protect their anonymity, and their records are expunged when they turn 18. Unless, of course, they're tried as adults, which has been known to happen in cases of violent crime.

Re:apparently in Spain, the accused have privacy (1)

dorre (1731288) | more than 4 years ago | (#31344968)

I am curious to what positive effect this might have in reality?

Re:apparently in Spain, the accused have privacy (3, Insightful)

Anonymous Coward | more than 4 years ago | (#31345108)

For the accused? None. It means that, for example, if a girl wants to screw a guy over for the rest of his life she just has to accuse him of rape. The newspapers will publish his name as a suspected rapist and his name is tarnished for the rest of his life, even if he's ultimately exonerated.

For the newspapers? It sells newspapers and makes them more money. It's a seriously fucked up system. But unfortunately, it's one that's enshrined in that simple concept of freedom of the press: that the press can publish whatever they want as long as it is not a lie. As long as they use the words "accused" and "alleged", they can get away with it. I'd much rather live in a system where the name of the accused is considered private and not published until they are found guilty.

Re:apparently in Spain, the accused have privacy (1)

Killjoy_NL (719667) | more than 4 years ago | (#31345758)

For the innocent family of the accused or people who share the same name as the accused it could lead to harassment as well.

Re:apparently in Spain, the accused have privacy (2, Interesting)

Anonymous Coward | more than 4 years ago | (#31345122)

In both the USA and Canada, you're allowed to publish the names of the accused as long as they're adults.

Which is done, of course, with the understanding that these people are again innocent as they have not been proven otherwise. Since they are innocent, there is nothing for them to be embarrassed about, and no reason not to publish their names.

Also, the publication of names can have the effect of bringing forth witnesses.

Unfortunately, the court of public opinion has no presumption of innocence.

Re:apparently in Spain, the accused have privacy (4, Insightful)

Archon-X (264195) | more than 4 years ago | (#31346096)

Which is done, of course, with the understanding that these people are again innocent as they have not been proven otherwise. Since they are innocent, there is nothing for them to be embarrassed about, and no reason not to publish their names.

Unless they stand accused of something embarassing, like: rape, paedophelia, fraud, beating up grandmas, etc.

Re:apparently in Spain, the accused have privacy (0)

Anonymous Coward | more than 4 years ago | (#31346088)

Well, unless of course people remembers you for what you were accused instead of your innocence, which is something that tends to happen a lot. People remembers better bad things about you than good things, unless you're a politician, in which case, for some reason, people tend to forgive and forget. Bummer.

Re:apparently in Spain, the accused have privacy (1)

Martin Blank (154261) | more than 4 years ago | (#31346098)

Their records can be sealed when they turn 18, not expunged. An expunged record means that it never happened in the eyes of the court, no exceptions. A sealed record means that it legally never happened, though there are exceptions. A petition must be made to the court (at least in some states) to seal the records, and they are then available only in very limited circumstances. The court may deny the petition, and certain serious crimes (murder, arson, carjacking, etc.) are not eligible for seal.

Re:apparently in Spain, the accused have privacy (5, Funny)

bhamlin (986048) | more than 4 years ago | (#31344520)

The days of the Spanish inquisition are over.

I wasn't expecting that...

Re:apparently in Spain, the accused have privacy (2, Funny)

roman_mir (125474) | more than 4 years ago | (#31344808)

well obviously you weren't, nobody expects the Spanish Inquisition.

Re:apparently in Spain, the accused have privacy (1, Funny)

Anonymous Coward | more than 4 years ago | (#31344828)

The days of the Spanish inquisition are over.

I wasn't expecting that...

No one ever does.

Re:apparently in Spain, the accused have privacy (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#31344966)

Of course you weren't. They are ruthlessly efficient.

Re:apparently in Spain, the accused have privacy (1, Funny)

Anonymous Coward | more than 4 years ago | (#31345566)

NOBODY EXPECTS /. to setup such an obvious punchline to an overused Monty Python skit.

Re:apparently in Spain, the accused have privacy (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31344572)

The USA. There, the theory goes (according to some US expat) that it's more important to keep the police accountable (by having them keep a log about every significant interaction with the general population, incl. the names of all involved).

In theory, that's a good thing - but only if the average citizen understands the difference between "appeared on the police's books" and "guilty".

Re:apparently in Spain, the accused have privacy (4, Insightful)

stiggle (649614) | more than 4 years ago | (#31344690)

Keeping those accused anonymous to the public until the conviction helps prevent jury prejudice from what they see in the media.

How can you expect a jury not to be influenced by what they is in the media before they sit for the trial.

Re:apparently in Spain, the accused have privacy (0)

Opportunist (166417) | more than 4 years ago | (#31344996)

Not at all? Why do you think the very first a smart judge or lawyer does is to disallow the jury from getting any media coverage of the case?

But what about local News? (1)

formfeed (703859) | more than 4 years ago | (#31345356)

But if you keep them anonymous, how can the local News show their pictures every night?

The American way (i.e the right way) to do this, would be continuing coverage, so the people stay informed-envolved-in touch: "Still no decision as the trial against Jose Bandito [ugly picture], nicknamed the spam king, goes into its third week, costing the taxpayer almost 10000$ a day."

Re:apparently in Spain, the accused have privacy (1)

roman_mir (125474) | more than 4 years ago | (#31344728)

but only if the average citizen understands the difference between "appeared on the police's books" and "guilty".

- on average, average citizens are able to differentiate between these concepts because on average they are smarter than the average. It's easy to see from an average example of an average guy, such as G.W.Bush for an average example.

Offtopic, but relevant.. (3, Insightful)

Archon-X (264195) | more than 4 years ago | (#31344752)

'How quaint' that you're innocent until proven guilty?
Am I the only one that is getting tired more and more frequently by juvenile editorial quips?

I used to come here for impartial, to the minute news - neither of which seem to exist in any great quantity anymore.

Re:apparently in Spain, the accused have privacy (5, Informative)

Culture20 (968837) | more than 4 years ago | (#31344774)

In the U.S. press, it would be portrayed as:
"Three alleged EVIL HACKERS were arrested today for allegedly HACKING MILLIONS OF COMPUTERS! ZOMG!" And then they'd go to the person's home, and knock on the door. If no one answered, that would be taken as damning evidence by the reporter. If a family member came to the door but said the accused wasn't there, that would be taken as damning evidence by the reporter. If the accused were seen and questioned, but said they couldn't comment on the case, that would be taken as damning evidence by the reporter. If a dog farted, that would be taken as damning evidence by the reporter...
allegedly

Re:apparently in Spain, the accused have privacy (1)

Opportunist (166417) | more than 4 years ago | (#31344890)

In our media, you'd get to hear in an adjective-heavy article how these individuals are the worst slime on earth, should be roasted, burned and quartered, only to have the article close in the formula "The presumption of innocense applies".

Re:apparently in Spain, the accused have privacy (1)

Hurricane78 (562437) | more than 4 years ago | (#31345810)

And in some non-US countries, that “reporter” would go to jail himself for that. (Slander)

Re:apparently in Spain, the accused have privacy (1)

tunapez (1161697) | more than 4 years ago | (#31346084)

Errm... where's the frightening headline?

SUPER NET ZOMBIE SMASH-DOWN HACK-MAGEDDON!!!!!

Roll the foreboding theme music. Cue the Burger Despot "L337 Hakzor Happy Meal" promo in... 3...2...1...

Re:apparently in Spain, the accused have privacy (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31344882)

So you prefer being arrested and imprisoned without the public or anyone else being aware of it. Law enforcement transparency is the first defense against tyranny.

Re:apparently in Spain, the accused have privacy (1)

pe1rxq (141710) | more than 4 years ago | (#31345078)

There is a difference between pulic records and huge bold letters on the front page of a newspaper......

Re:apparently in Spain, the accused have privacy (0)

Anonymous Coward | more than 4 years ago | (#31345114)

Or perhaps you are confusing not releasing the names to the press with those who need to know being aware. Where does it say they have been arrested and imprisoned without anyone else being aware?

Re:apparently in Spain, the accused have privacy (2, Informative)

thesaintar (865954) | more than 4 years ago | (#31344900)

In Argentina this is the case too, when the media is present, arrested individuals have their faces covered off by the police in order to safeguard their identities

Re:apparently in Spain, the accused have privacy (0)

Anonymous Coward | more than 4 years ago | (#31345064)

What country doesn't protect its accused in the 21st century?

The US.

(But they execute people, too, so if you meant "civilized country", I really don't know.)

Re:apparently in Spain, the accused have privacy (0)

Anonymous Coward | more than 4 years ago | (#31345084)

That's because in Spain you're not guilty until proven guilty by a court of law. The days of the Spanish inquisition are over.

What country doesn't protect its accused in the 21st century?

Then again, it's a perfect way for nobody to ever know that you got arrested. :)

Or the way we say it here: get eaten by dark.

Re:apparently in Spain, the accused have privacy (1)

work30295i235 (1758680) | more than 4 years ago | (#31345278)

You're right! Secret arrests are great! At least, for governments that do no evil. The US Constitution however protects the accused by mandating citizens names released to keep the police honest and accountable.

Re:apparently in Spain, the accused have privacy (1)

Alinabi (464689) | more than 4 years ago | (#31345414)

well, secret arrests are marginally better than lynching.

Re:apparently in Spain, the accused have privacy (1)

cetialphav (246516) | more than 4 years ago | (#31345512)

This does nothing for transparency of government, though. I like to know what my government is doing and that means publishing information. It seems scary to me that the government could arrest you and not have to tell anyone about it. I think Bush and Cheney would have loved that to be accepted in general.

If you want a transparent government, then you have to accept that a certain amount of information is going to be revealed. I think that is a reasonable price considering the amount of power that a government has.

isp's cooperating (3, Insightful)

grapeape (137008) | more than 4 years ago | (#31344400)

Great that another one went down, but the line about catching a lucky break was disturbing. ISP's dont normally cooperate when told they are harboring botnets? Isnt not cooperating pretty much the same as supporting it? Why not just publicly list them and black hole them? I would imagine it wouldnt take much of that to get them to want to cooperate.

Re:isp's cooperating (1)

js3 (319268) | more than 4 years ago | (#31344438)

how do companies have so many computers that can be remotely controlled?

Re:isp's cooperating (1)

Calinous (985536) | more than 4 years ago | (#31344756)

It's in the interest of the corporation to have all computers able to be remotely controlled (pushing software to computers, by example). They don't want to have the computers controlled by anybody else, though.

      As for "how", maybe they used some IE6-only internal sites, so they were open to exploits, maybe it was social engineering, and so on.

Re:isp's cooperating (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31344578)

For the same reason you dont want ISPs to cooperate with the RIAA.

Because someone says a IP address is doing something they consider bad, doesn't mean the ISP should automatically jump. Yes, in this particular case it sucks, but if you want privacy you have to take the downside with the upside.

Re:isp's cooperating (3, Insightful)

Nos. (179609) | more than 4 years ago | (#31344740)

Its called privacy. I for one am glad that both major ISPs in the area have publicly stated that they don't give out any information without a warrant.

Like the drug war (4, Insightful)

tjstork (137384) | more than 4 years ago | (#31344406)

All these stories remind me of the war on drugs. Every so often, the government nabs a big drug gang, and they have some impressive sounding stats and a PR photo with as much loot spread out as possible "this cache had a street value of 8 billion dollars", with of course all the guns and other stuff lined up, and, yet, the price of drugs on the street continues to fall, people are still running out of emergency rooms with iv's inserted so they can mainline... this whole sorry truth is that you can't expect the gov't to really defend your computer any more than it can defend your house.

If the botnet is down... (1)

GhigoRenzulli (1687590) | more than 4 years ago | (#31344410)

...they lost all their IRC channels.

W32.Pilleuz (4, Informative)

sleekware (1109351) | more than 4 years ago | (#31344454)

Discovered: September 29, 2009
Updated: September 30, 2009 8:32:32 AM
Also Known As: W32/Autorun.worm!a758e0e7 [McAfee], W32/Rimecud [McAfee], W32/Autorun-AUP [Sophos], ButterflyBot.A [Panda Software]
Type: Worm
Infection Length: 109,056 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

W32.Pilleuz is a worm that spreads through file-sharing programs, Microsoft instant messaging clients and removable drives. It also opens a back door on the compromised computer.

Currently, W32.Pilleuz has been most commonly referred to as the Mariposa or Butterfly botnet.

Source: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99 [symantec.com]

Re:W32.Pilleuz (0)

Anonymous Coward | more than 4 years ago | (#31344822)

When I tried to search Google for this, only news stories came up. This is quite useful technically detailed information. Mod up!

Different article/same topic (-1, Troll)

moeinvt (851793) | more than 4 years ago | (#31344474)

http://www.information-age.com/channels/security-and-continuity/news/1203193/three-arrested-in-connection-to-worlds-largest-botnet.thtml [information-age.com]

"Mariposa was disabled in December 2009 when a working group of volunteers, some of which were security software vendors, managed to take over the 'command and control' servers that co-ordinate the network."

What gives these bloody do-gooders the authority to "take over" other people's servers? Why couldn't this be an excuse for all sorts of network intrusions? "Oh, I thought this server was hosting malware or controlling a botnet, so I took it over with altruistic intentions". From the story a few days ago, MS went to court in order to get Waledac shut down. Seems like things could get tricky with jurisdictional issues as well. Maybe the U.S. government should issue some letters of marque so that private citizens could "attack" foreign malware servers?

Re:Different article/same topic (1)

Calinous (985536) | more than 4 years ago | (#31344788)

They probably simply changed the IP addresses for the servers that were commanding the bot net. The ISP might have some explanations to do, if it broke the contract with the botnet operators, or the botnet operators might have some explanation to do if they broken their Terms of Service.

Re:Different article/same topic (4, Interesting)

FyRE666 (263011) | more than 4 years ago | (#31344802)

"What gives these bloody do-gooders the authority to "take over" other people's servers?"

The same authority I have to "take over" someones car keys if I see them staggering out of a bar, and fumbling around to find the lock on their door while throwing up all over the hood. If you're acutely aware, and certain, that your non-action is allowing an illegal activity to take place then why not intervene? The problem today is that too many people just stand there like idiots doing nothing in the face of evil or criminal activity. The fact the servers these shitbags were using were probably compromised, or funded by illegal activities is neither here nor there.

Re:Different article/same topic (4, Insightful)

ConceptJunkie (24823) | more than 4 years ago | (#31345080)

The most common things people do when they are witnesses to someone committing an illegal activity is re-elect him.

Re:Different article/same topic (1)

Dumnezeu (1673634) | more than 4 years ago | (#31345976)

If you're acutely aware, and certain, that your non-action is allowing an illegal activity to take place then why not intervene?

Because, in some parts of the world you are accused of conspiracy for just allowing an illegal activity to take place if you or your property were in any way involved even if you were not aware, while in other parts of the world it is strictly prohibited to do anything about it except call the police. In many places, if you see someone raping a child, the only action you are allowed to make is call the police. If you try to help the child, you may go to prison as well, because whatever happened was... none of your business. Both of these "rules" are democratic countries.

Re:Different article/same topic (1)

Opportunist (166417) | more than 4 years ago | (#31344944)

Our law. When I am aware of a crime happening, I have to stop it if it is in my power (without endangering me or anyone else) or call the police. Not doing either would make me an accomplice.

In other words, I pretty much have to take over those servers and shut them down or hand them over to the relevant authorities, or face criminal charges myself.

plus 5, 7roll) (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#31344484)

Lay doCwn paPer

Dumb Criminals (1)

228e2 (934443) | more than 4 years ago | (#31344568)

FTA

Critically, one suspect also made direct connections from his own computer to try and reclaim control of his botnet after authorities took it down around Christmas. Investigators were able to identify him based on that traffic. They were able to back up their claims with records from domains he registered where he would eventually host malicious content.

I feel like some criminals are just stupid . . I mean really? You do all this stuff from your home computer? If I ever had to 'go rouge' I feel that I could last for years just off of common sense alone by using different public computers in a place with no cameras. Hell, I may even use repeatedly use someone elses computer just to further shed the blame.

Re:Dumb Criminals (1, Interesting)

maxume (22995) | more than 4 years ago | (#31344638)

Arrogance is pretty common among the set of criminals that get caught.

(As is stupidity, but it can be difficult to tell the two apart)

Re:Dumb Criminals (0)

Anonymous Coward | more than 4 years ago | (#31344648)

Yeah I love to 'go rogue'.

Re:Dumb Criminals (3, Insightful)

CrazyBusError (530694) | more than 4 years ago | (#31344654)

"If I ever had to 'go rouge' I feel that I could last for years just off of common sense alone by using different public computers in a place with no cameras."

You'd probably still be caught red-handed, though...

Re:Dumb Criminals (1)

228e2 (934443) | more than 4 years ago | (#31344742)

probably. after getting away with it for so many years, they probably felt invincible and got lazy . . which is something i could easily see myself doing.

sigh, back to my desk job . . . .

Re:Dumb Criminals (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31345044)

WHOOSH!

Re:Dumb Criminals (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31344942)

If only I had mod points, everyone seems to have missed this gem.

Re:Dumb Criminals (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31344670)

Learn to spell "rogue", for fuck's sake.

Re:Dumb Criminals (5, Funny)

julesh (229690) | more than 4 years ago | (#31344682)

If I ever had to 'go rouge' I feel that I could last for years just off of common sense alone by using different public computers in a place with no cameras.

I think I might do the same if I ever go "rouge [wikipedia.org] ".

Re:Dumb Criminals (1)

archangel9 (1499897) | more than 4 years ago | (#31344916)

I think I might do the same if I ever go "rouge [wikipedia.org] ".

if I have to get away from the authorities, I plan on going plaid [youtube.com] .

Re:Dumb Criminals (0)

Anonymous Coward | more than 4 years ago | (#31345754)

I think I might do the same if I ever go "rouge [wikipedia.org] ".

I recommend going "rouge [wikipedia.org] " instead of verbing nouns.

Re:Dumb Criminals (1)

Inda (580031) | more than 4 years ago | (#31344868)

And that would be your first mistake.

Pay someone else to push the keys.

Re:Dumb Criminals (1)

Opportunist (166417) | more than 4 years ago | (#31344972)

Botnets are stolen and restolen fairly often between groups. Makes sense when you think about it, it's easier to use the sheep army of someone else than building your own. He probably assumed that it was just another group taking over his botnet.

Nothing quaint to privacy (1, Informative)

Anonymous Coward | more than 4 years ago | (#31344596)

Some justice systems emphasise correction instead of simple eye for an eye. Even if you make grave missteps, once attoned for you should get a chance to show you've bettered yourself. Too many people will assume ``once a crook, always a crook'', and while not infrequently true, this isn't always the case. If only just for those few people who do better themselves privacy WRT criminal justice is a good thing. Think about it.

There's more: In some countries (eg Spain) the justice system is rooted in the royal prerogative to administer justice, thus criminal justice cases are necessairily crown vs. accused, and therefore the rest of the populace has in principle no need to know the name of the accused. You could argue that for certain cases there would be a legitimate interest or need for the public to know, but that's another discussion and doesn't apply here.

like apples and oranges (2, Interesting)

Gen. Malaise (530798) | more than 4 years ago | (#31344754)

"The Mariposa botnet, which has been dismantled, was easily one of the world's biggest. It spread to more than 190 countries, according to researchers. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China." ----- Wait, what? This was written by the AP's "technology writer". I guess he doesn't read /.? The Google attack was not a botnet.

That's some summary! (0, Offtopic)

spammeister (586331) | more than 4 years ago | (#31344806)

Sometimes you can just tell it's a kdawson submission. I would like to see a summary of the summary now please!

Re:That's some summary! (1)

JustNiz (692889) | more than 4 years ago | (#31345118)

Wow nice. Kdawson is the next new internet meme.

the door smashes open and (1)

archangel9 (1499897) | more than 4 years ago | (#31344860)

"NOOObody expected the Spanish ISPs to cooperate!" - Cardinal Ximénez

Why is it so hard? (3, Insightful)

JustNiz (692889) | more than 4 years ago | (#31345058)

Why is it so hard to dismantle a botnet? Rather than find the botnet owners by technical means, surely all they need to do is determine who are the businesses being advertised via spam from the botnet, and get them to spill who they did their advertising deal with.
I mean the advert always has to specify somewhere to send your money right?

It seems to me that if they made it as illegal to be an 'spamvertiser' as it is to be a botnet operator, and actually enforced it with presecutions, I bet the whole botnet and spam thing generally would stop happening due to a lack of businesses willing to pay to use that method for advertising.

Re:Why is it so hard? (1)

Teun (17872) | more than 4 years ago | (#31345652)

Yes that sounds so logic.

But it isn't that simple.

Years ago we had some pirate TV stations that would come on late at night with porn.
They were paid in cash by advertisers so you'd go to them to stop the financing right?

Wrong, these pirate stations would sprinkle in adverts for companies that had nothing to do with them, just to muddy the waters.

Re:Why is it so hard? (2, Informative)

Alioth (221270) | more than 4 years ago | (#31345784)

The spamvertisers are *already* advertising and selling products illegally, such as prescription drugs without a prescription, ripped off merchandise, unauthorized copies of proprietary software etc. You don't need to make any new rules, just prosecute the spamvertisers for the laws they already break. The reason these businesses are using spammers to advertise is precisely because what they are doing is already illegal and therefore they cannot use the normal legal advertising channels to hawk their wares.

If ISPs helped... (4, Interesting)

Nicopa (87617) | more than 4 years ago | (#31345094)

If ISP helped authorities on these things, there wouldn't be botnets, nor spam. Many attempts at preventing spam stop at their refusal to help. It would be nice to force them by lay to cooperate with spam fighting efforts. Sadly laws to force them to cooperate fighting "piracy" seem to pass easier..... =/

Georgia Tech (1)

gtarget (1360439) | more than 4 years ago | (#31345098)

+1 For Georgia Tech!! go jackets!!

Pentalty for 12 million botnet = 6 years (4, Interesting)

guanxi (216397) | more than 4 years ago | (#31345456)

Here's one reason botnets thrive: In addition to the fact that the perpetrators are likely to get away with it, per one article [cbsnews.com] , They face up to six years in prison if convicted of hacking charges..

6 years max? For hacking 12 million computers? Ignoring the intrusions, how much did it cost the victims in labor and downtime to fix it? Hundreds of millions? And add to that the damage they did with the botnet; I don't know what this one did, but it could be spam, DDoS attacks, stolen personal info, extortion, etc.

Also, I still don't understand why the U.S. government doesn't treat these wide-spread, expensive crimes as a priority. Given the scale of these crimes, there should be a large task force pursuing them. I get the sense they are looked on as computer problems, not crimes.

Re:Pentalty for 12 million botnet = 6 years (0)

Anonymous Coward | more than 4 years ago | (#31345950)

no matter what other says, but those "victims" could have secured there online live first, so saying they are victims is.... friendly

these people are responsible for their systems on their own!

no, i don't like spam nor botnets either, but it is not the fault of the botnet operators that millions(or billions) of computers are kept susceptible to them

if they would have "hacked" these 12 million computers manually - that would be another story.... but this was done using well known holes automatically...

to give a metaphor: No insurance company pays for your stolen car if they find out that you left the keys in it! Because it is YOUR fault then, that people stole it! (of course those thieves still get prosecuted, but not with the same sentence as if they would have broken into your car. You invited them with leaving the keys inside!)

Same goes with computers imho

More info (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31345798)

From a Spanish newspaper:

http://www.elpais.com/articulo/tecnologia/Cae/red/cibercriminal/Mariposa/controlaba/millones/ordenadores/zombis/190/paises/elpepusoc/20100302elpeputec_8/Tes

They controlled 13 million of IP's and personal data of 800,000 people, which they used to sell to third parties. To mask the money income, they engaged in online poker games where they lost intentionally, but they never paid.
They used a system to hide their IP's until one of them forgot to use it.

Their names are protected, but not their initials and alias:

Name.Surname1.Surname2. (age) "alias" (place)

F.C.R. (31 yo) "Netkairo" / "Hamlet1917" (Balmaseda, near Bilbao)
J. B. R. (25 yo) "Ostiator" (Santiago de Compostela, La Coruña)
J.P.R. (30 yo) "Johny Loleante" (Molina de Segura, Murcia)

Also they didn't make the botnet. They bought it.

FCC Rules Part 68 (0)

Anonymous Coward | more than 4 years ago | (#31345802)

It could be argued that attaching a pc without adequate AV software would violate FCC Rules Part 68. So why doesn't the government start an AD campaign to get people to use good AV and stop these botnets?

Quaint? (0)

Anonymous Coward | more than 4 years ago | (#31345934)

(how quaint: apparently in Spain, the accused have some right to privacy)

Huh? Isn't that how it works in most of the world? You know, the whole "innocent-until-proven-guilty" thing. Habeas data!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...