Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

CA Warns Of Massive Botnet Attack

Zonk posted more than 9 years ago | from the watch-your-heads dept.

Security 357

m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."

cancel ×

357 comments

Sorry! There are no comments related to the filter you selected.

Now.. (5, Funny)

Cruithne (658153) | more than 9 years ago | (#12714295)

Now witness the power of this fully operational botnet... :/

Re:Now.. (2, Funny)

drgonzo59 (747139) | more than 9 years ago | (#12714497)

But then again, post a link to the target on Slashdot and you got instant, free (less then 5c/machine) botnet attack.

Come to think of it, the operator is probabil not from US or Western Europe, if they were, they would have had something like 25c/machine, maybe even have a deal: buy 100 for the price of 90. Or perhaps, offer coupons to the slashdot geeks or something.

I personally would be interested and I would buy the botnet just so I can have it attack itself to see what happens.

There is a money trail. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12714298)

How long can this continue for?

Re:There is a money trail. (2, Funny)

SilverspurG (844751) | more than 9 years ago | (#12714544)

As long as they keep getting elected and increasing the amount they take in tax money.

Half Price Zombie PCs. (5, Funny)

iolagnm (645827) | more than 9 years ago | (#12714299)

Welcome to Blackbeard's weapons emporium. You will see we have the finest collection of AK-47s, anti-aircraft missiles, and Airzookas [thinkgeek.com] . Oh, and over here we have wholesale zombie PCs.

FIRST NIGGER (1)

Sexual Asspussy (453406) | more than 9 years ago | (#12714300)

    • Don Cheadle

Evolution, baby (3, Insightful)

metlin (258108) | more than 9 years ago | (#12714307)

Cops and robbers, all the time.

And in the meantime, technology gets more sophisticated. Progress eitherway.

Re:Evolution, baby (0)

Anonymous Coward | more than 9 years ago | (#12714462)

> Cops and robbers, all the time.
> And in the meantime, technology gets more sophisticated. Progress eitherway.

Thanks for your thoughtful, timely response. I'm not sure what would happen to Slashdot without people like you around.

Moderators: +5 insightful, please. Can't you see this man's a genius?

Re:Evolution, baby (1, Funny)

Anonymous Coward | more than 9 years ago | (#12714557)

Flag on the play. Excessive sarcasm. 15 Yards from previous spot.

Re:Evolution, baby (2, Funny)

capt.Hij (318203) | more than 9 years ago | (#12714577)

Not to mention the upcoming movie with Russel Crowe as the private eye who goes deep underground to catch these murderous thugs. Hours of film with Mr. Crowe staring at a computer screen typing away with his shirt off while chatting with the evil villian played by some totally hot babe also sitting at a computer. So not only do the cops and robbers evolve but so does our entertainment industry. I can't wait...

This is interesting... (2, Interesting)

under_score (65824) | more than 9 years ago | (#12714308)

It's cool in a way: very William Gibson-esqe or something. A new battlefront. I've moved my servers to OpenBSD [openbsd.org] due to their incredible security record, and I'm going to be moving my desktops/laptops to Mac/Linux soon. I don't want to be part of the problem.

Re:This is interesting... (2, Interesting)

macaulay805 (823467) | more than 9 years ago | (#12714344)

I have done this in the past, but there are some problems I keep running into regarding OpenBSD on my server.

1. The MySQL Databases' Tables keep getting Corrupted
2. The disk writes in OpenBSD are extremely slow.

So I had decided the best approach is to use OpenBSD with (its wonderful) PF as my firewall and use FreeBSD as the actual servers (with the chroot trickery that OpenBSD does by default). This setup has been rock solid so far.

Re:This is interesting... (1)

under_score (65824) | more than 9 years ago | (#12714353)

Cool! I'm not running much in terms of heavy db apps. But I'm planning some so I'll keep this in mind. Thanks!

Re:This is interesting... (1)

Gary W. Longsine (124661) | more than 9 years ago | (#12714367)

Migrating your desktops to Macintosh or Linux is a sweet deal if you can get it. Most of my clients are strapped to Windows for the forseeable future. It surprising how many IT professionals in big enterprises are talking about Linux and Mac OS X these days, though. As recently as a few years ago, all they talked about was Windows. Now many of them seem to be considering and exploring alternatives. Hosting Windows as a virtual machine on top of Linux is an idea they seem to be exploring more and more.

Re:This is interesting... (5, Insightful)

cnelzie (451984) | more than 9 years ago | (#12714381)

Moving to a new platform/OS without knowing all the ins and outs, could be just as dangerous as staying with Windows.

I remember my early days with Linux, back when I used to futz around and actually made my machines less secure, before I learned a great deal more about the OS and its features.

I am not saying that switching is bad, I am just saying that it is important to know what you are switching to before making the switch.

Nobody should get caught with their firewall down holding their LAN cable in their hand...

Re:This is interesting... (4, Informative)

WhiteWolf666 (145211) | more than 9 years ago | (#12714468)

I think it would be fine to move to OpenBSD, and keep all your settings on 'paranoid'.

It does ship *secure* out of the box. No remote exploits.

Don't open any ports until you get the hang of it.

Either way, it won't be *more* dangerous than Windows :)

Re:This is interesting... (0)

Anonymous Coward | more than 9 years ago | (#12714582)

"No remote exploits."

One, actually. And to say that OpenBSD will *never* have another exploit again is kind of silly. I love OpenBSD, and I use it at home on my server and laptop, but that doesn't mean I just sit around and pretend like everything is okay.

Checking the Errata [openbsd.org] and Package Updates [openbsd.org] once a day (or at least twice a week) never hurt anyone--especially if you have multiple users on your box. I'm paranoid--nobody uses my box to begin with.

Anyways, long story short: just because something seems secure, doesn't mean that anyone should be relaxed about security. If anything, the more secure something seems, the more attention one should be spending to security. Once someone does find an exploit or problem, it's going to spread like a wildfire, and if you're caught with your pants down... good luck.

With all of that being said, I feel comfortable using OpenBSD. It hasn't let me down yet, and I can only hope it keeps that reputation up with me. However, I treat every update/patch (as small as it may be) as if it were an exploit waiting to be abused by every script kiddie out there--then I'm just pleasantly disappointed when it isn't.

Re:This is interesting... (1)

th3space (531154) | more than 9 years ago | (#12714509)

offtopic

Previously, I had posted about the troubles I had been having with windows...last night, inexplicably, I couldn't get anything to happen...booted, explorer.exe crashed, tried running an app, explorer.exe crashed, ran a restore, reloaded, it crashed...I'm going to be spending my weekend trying to snag the things I hadn't backed up in a week or so - email, documents, presentations, etc - and then I'm installing OpenBSD.

Windows is a blight on the world of computers, and the sooner we rid ourselves of it, the better...I'd go mac, but I haven't the cash at this exact moment.

Sweet (5, Funny)

Quasar1999 (520073) | more than 9 years ago | (#12714309)

Do I have to buy the whole network at 5 cents a PC? Or can I just buy say a dollar's worth? I wouldn't mind having 20 PC's... I can force all those PCs to join my network games of Quake and Unreal... finally I'll have people to play with... gasp... maybe even online 'friends'! Mommy will be so happy... in fact I think I'll go upstairs right now and tell her the good news!

Re:Sweet (1, Interesting)

Cruithne (658153) | more than 9 years ago | (#12714360)

Just come to Zion LAN and you can have poeple for your network games of quake and unreal ;)

<shameless plug> Largest lan WI or IL have ever seen, all for charity, a ton of great prizes (graphics cards for UT2k4), blah blah blah... google it :P </shameless plug>

Re:Sweet (1)

m50d (797211) | more than 9 years ago | (#12714495)

I'd buy a few to run eggdrop on, if they're really 5 cents each and not traceable. No more pingflooding me and taking my ops.

Imagine... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12714310)

Imagine a beowolf cluster of these.

SETI (5, Funny)

dmauro (742353) | more than 9 years ago | (#12714313)

Maybe the SETI program should invest in some of this cheap computing power...

Re:SETI (-1, Offtopic)

Crimson Dragon (809806) | more than 9 years ago | (#12714362)

SETI engages in seeking distributed computing power through legitimate means..... to endorse this would undermine the purpose of SETI in the first place.

To condone users' computers being used for someone else's profit without their knowledge is a vicious form of exploitation.

Re:SETI (3, Funny)

InvaderSkooge (615857) | more than 9 years ago | (#12714389)

SETI engages in seeking distributed computing power through legitimate means..... to endorse this would undermine the purpose of SETI in the first place. Illegitimate use of computers scares away aliens?

Re:SETI (0)

Crimson Dragon (809806) | more than 9 years ago | (#12714588)

It should scare everyone away.

Using legitimate programs for illegitimate means is garbage. It should not be funny to anyone for any reason.

Re:SETI (1)

over_exposed (623791) | more than 9 years ago | (#12714460)

Since when is the SETI program for-profit? Last I checked, they were a money hole and are constantly asking for more funding? Granted, I agree that you should run SETI on any machines you don't own (in the monetary sense, not the quaint 'hacker' jargon) but SETI is far from a for-profit project. Hell, I know people would would gladly pay $5 a month to run SETI on another 100 computers under their team or user name.

Re:SETI (0)

Anonymous Coward | more than 9 years ago | (#12714605)

Or it could be a joke... get the stick out of your ass.

Wrong career (5, Funny)

Itchy Rich (818896) | more than 9 years ago | (#12714323)

Glieder, Fantibag, Mitglieder?

These guys shouldn't be writing code, they should be writing Harry Potter novels.

Re:Wrong career (1, Funny)

Anonymous Coward | more than 9 years ago | (#12714450)

Or Kubrick screenplays.

Mein Fuehrer! What is the point of a zombie army if we don't use it?

Re:Wrong career (2, Informative)

Hank Chinaski (257573) | more than 9 years ago | (#12714472)

Glieder = limbs
Mitglieder = Members

organized crime? (0)

Anonymous Coward | more than 9 years ago | (#12714325)

So is this legally organized crime? Can the people running such networks be prosecuted under such laws?

Re:organized crime? (0)

Anonymous Coward | more than 9 years ago | (#12714354)

Smoking is bad for you, right? If I rob a bank, can they arrest me? If a bear shits in the woods...

5 cents per PC? (0)

cK-Gunslinger (443452) | more than 9 years ago | (#12714326)


I'm rich, bitch!

How humiliating! (1)

Thud457 (234763) | more than 9 years ago | (#12714549)

P0wn3d for a mere 1/20th of a dollar?!!!

I'm insultilated!

Highest bidder? (5, Funny)

syntap (242090) | more than 9 years ago | (#12714335)

access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC.

Heck, that's five cents more per PC than SETI@Home pays me, and they won't eat me when I find them like the aliens will.

I don't get it (2, Informative)

giorgiofr (887762) | more than 9 years ago | (#12714338)

Impossible as it is to track the perpetrators of these actions, I still don't see what prevents the police from tracking the payments! I mean, it's not like the dudez meet in an airport and swap a case filled with money with one filled with IPs... or is it? If you (the police) monitor the marketplace, buy the botnet, then track your (bogus) payment to the dudez, all should be solved pretty quickly.

...Profit?

Here's a reason... (2, Interesting)

Saeed al-Sahaf (665390) | more than 9 years ago | (#12714423)

There are a lot of places, principally former Soviet republics and china, where The Law has different priorities. The people sell these "services" probably reside in one of those countries, and the people buying may be equally outside the grasp of US law enforcement. I used to work for Seth Warshavsky, he used to sell his snake oil out of a glass tower in Seattle. Now he lives in Thailand, just try to arrest him, The Feds have been trying for the last 5 years or so, we'll see.

How does the money change hands? (2, Interesting)

Nf1nk (443791) | more than 9 years ago | (#12714347)

We have two people, both scumbags that the authorities would like to catch, who most likly would prefer to never meet of know each others names. Niether one is trustworthy (even with nasal mist).
They can't meet because they are likley in widely separated areas.
They can't use a electronic transfer because it leaves a paper trail.
how do they move the money around?

Re:How does the money change hands? (1)

Keruo (771880) | more than 9 years ago | (#12714542)

simple, they just use someone they both trust to handle the money
even shady businesses have semi-legitimate escrow services

Re:How does the money change hands? (4, Insightful)

Hognoxious (631665) | more than 9 years ago | (#12714597)

even shady businesses have semi-legitimate escrow services
Also know as "Switzerland".

In Soviet Russia (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12714349)

The botnet buys you for 5 cents.

Re:In Soviet Russia (1)

suman28 (558822) | more than 9 years ago | (#12714383)

BillG? is that you? Is this what you did after you bought all the PC for 5 cents?
Oh, this and remaming Computer to 'My Computer'

Sheesh. Talk about inferiority complex.

Re:In Soviet Russia (0)

Anonymous Coward | more than 9 years ago | (#12714425)

Given this story, I guess it's "My Computers" now.

Price Check on Aisle 5 (2, Funny)

InvaderSkooge (615857) | more than 9 years ago | (#12714363)

Is 5 cents per PC the regular rate, or just the Memorial Day Weekend Sale price?

Ideal opportunity to disinfect the internet (4, Insightful)

technogogo (708973) | more than 9 years ago | (#12714369)

1. Get every compromised PCs to join the same botnet.
2. White-hat hack into the botnet.
3. Tell all compromised PCs to wipe their hard drives.
4. No more compromised PCs! Well... not for a while anyway!

Re:Ideal opportunity to disinfect the internet (1)

slot32 (815657) | more than 9 years ago | (#12714589)

Or... Get Microsoft to pay 5c for each PC, and inject Sp2 and other 'hotfixes' onto these machines.

Job done.

Many Bothans died . . . (2, Insightful)

WhiteWolf666 (145211) | more than 9 years ago | (#12714375)

... Bringing us this information.

Bah. Big Deal!

If you run Windows, you PC will be owned at some point. (Yes, yes, I know some of you out there are perfect, and haver *never* messed up *anything* security wise) This happens to me, this happens to less computer literate people, and this happens to large organizations with IT staffs, like the U of Chicago and Allstate.

The solution is the same as always. Switch OSs.

The hotfix is the same as always. Backup data, use your restore disk. Rinse, lather, repeat.

I don't understand why zombie networks are news. The only way that they should be news is when they are used to DDOS major targets. Then, someone should be held accountable. Software manufacturers? Zombie PC owners? ISPs?

I'm not sure. But just like the guy with the TV that summoned the coast guard, (http://www.syncmag.com/article2/0,1759,1781135,00 .asp [syncmag.com] ), someone needs to be held accountable, or no-one will fix their behavior.

Re:Many Bothans died . . . (0)

Anonymous Coward | more than 9 years ago | (#12714504)

If you run Windows, you PC will be owned at some point. (Yes, yes, I know some of you out there are perfect, and haver *never* messed up *anything* security wise) This happens to me, this happens to less computer literate people, and this happens to large organizations with IT staffs, like the U of Chicago and Allstate.

I've run Windows for the last 10 years, much of it on broadband for the last 4 or 5. Nope, never been "owned". I must be "perfict", 'eh?

Who will bell that cat? The only way DDoS will go (1)

blcss (886739) | more than 9 years ago | (#12714518)

away is if the vast majority of users switch to more secure software and only a tiny minority hold out. How are you going to make that happen? All we can do is secure our own machines and that's just not enough.

Re:Many Bothans died . . . (1)

over_exposed (623791) | more than 9 years ago | (#12714574)

The hotfix is the same as always. Backup data, use your restore disk. Rinse, lather, repeat.

I hate to nitpick, but it's not rinse, lather, repeat. First you lather, THEN you rinse. Repeat as desired. Maybe that's why you could never get the shine and manageability that you see in the commercials.

Re:Many Bothans died . . . (1)

Brenten (889192) | more than 9 years ago | (#12714603)

It's lather, rinse, repeat..

Oblig. quote (2, Funny)

mitchellandrews (798269) | more than 9 years ago | (#12714377)

The Botnet Funding Bill is passed. The system goes on-line August 4th, 1997. Human decisions are removed from strategic defense. Botnet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug...Botnet fights back.

X-Files? (2, Funny)

The Woodworker (723841) | more than 9 years ago | (#12714378)

Does this make anyone else think of the X-Files episode where they created AI by combining 12 different viruses on the net? Scarier still, does this mean that the first AI will appear on Windows!?! And am I just that old of a geek? Oh well, its Friday, give me a beer.

Re:X-Files? (1)

suman28 (558822) | more than 9 years ago | (#12714416)

Oh well, its Friday, give me a beer.
Real geeks don't drink beer. Their parents wouldn't allow such things to happen in their basement.

Re:X-Files? (1)

SirSlud (67381) | more than 9 years ago | (#12714482)

Nonsense. Real geeks keep the 'rents out of the basement by threatening to cut the net access upstairs.

All I have to say... (1)

teutonic_leech (596265) | more than 9 years ago | (#12714382)

'Five cents per PC'? - just follow the money, pal - just follow the money ;-)

As I've been saying for years: (2, Insightful)

grasshoppa (657393) | more than 9 years ago | (#12714390)

Most, if not all, ISPs need to lock down the end user's access to ports. Give them the basics ( outgoing 80, 110 and 143 ), but lock everything else down. In this case, I'd say everyone is guilty until proven innocent. Then, when someone calls in, you simply open the port they request.

This is more work for ISP support staff, but it would dramatically reduce network traffic; I bet it'd be an even flush as far as overall cost.

Re:As I've been saying for years: (2, Insightful)

WhiteWolf666 (145211) | more than 9 years ago | (#12714429)

Don't even have to have them call-in.

Have a sign-up page. You could even make it automatic.

"You recognize X-Y-Z, and confirm that you will be held responsible in the case of abuse, and confirm that you will be responsible for your own security, yadda yadda"

Then, if abuse is detected, cut'em off, and force them to call in to get off the blacklist.

Personally, I don't really like this. Better to make OS manufacturers accountable, methinks.

If your car could be infected with a 'virus', via Bluetooth, which caused the cruise control to turn on all the time, and accelerate to max, your car manufacturer would get hit hard by the government.

Why should your OS manufacturer be any different. Hell, they control *all* aspects of the chain now:

OS, E-mail client, Virus scanner, and Spyware scanner.

They are your one-stop security vendor, computing-wise. Yet if anything goes wrong, its your problem, not theirs. Sounds like a jobs for the courts to me.

Re:As I've been saying for years: (1)

grasshoppa (657393) | more than 9 years ago | (#12714515)

Meanwhile, I'm trying to do work towards something that will fix the problem instead slacking the responsibility for it off on someone else.

Have a sign-up page. You could even make it automatic.

So the latest and greatest virus can automatically open it's own ports. Yeah! No.

Personally, I don't really like this. Better to make OS manufacturers accountable, methinks.

That's great in theory, but the reality is this:

1) The government isn't going to do anything to MS or anybody else for making insecure products

2) I want protection higher up the chain. It just makes sense, there are fewer points to control.

Re:As I've been saying for years: (1)

InvaderSkooge (615857) | more than 9 years ago | (#12714447)

Sounds like a great idea to me. Then again, I recently sufferred massive head trauma and now think waiting on hold for hours to get my ISP to do anything is really fun.

That will only buy some time. People want P2P (1)

blcss (886739) | more than 9 years ago | (#12714483)

groupware, VOIP and file sharing applications and they'll do it over HTTP on port 80 if they have to. And these applications will have security holes. In the long run all you've done is force crackers to switch from crude port scanning to something very slightly more sophisticated.

Re:As I've been saying for years: (2, Funny)

QuietLagoon (813062) | more than 9 years ago | (#12714510)

Even better - continue to charge the users the monthly fee, but don't let the users connect to anything, and don't let anything connect to the users. This is a win-win situation. The users' PCs don't turn into automatons, and the ISP still gets the money.

Re:As I've been saying for years: (2, Insightful)

Detritus (11846) | more than 9 years ago | (#12714517)

Where did I put the tar and feathers?

If you want to be protected from the big bad Internet, signup with AOL. Some of us just want IP dialtone. Route the damn packets and leave us alone. I certainly don't want my ISP passing judgement on what ports they'll allow in packets that traverse their network.

Re:As I've been saying for years: (1)

Fross (83754) | more than 9 years ago | (#12714529)

How would this solve anything?

many virii get their foot in the door, so to speak, with an email. once something has executed, eg opening a document or some other vbscript, or an exe, it'll pull its full payload down from the web. and that can then sit and listen on one of those standard ports.

all this will do is interfere with people who need things other than you deem "necessary", eg streaming audio, online gaming, p2p, or ANYTHING bespoke whatsoever. i don't want my ISP to treat me like an infant, especially when they already have the tools to determine when and if my computer (with or without me) is misbehaving.

Re:As I've been saying for years: (1)

grasshoppa (657393) | more than 9 years ago | (#12714591)

many virii get their foot in the door, so to speak, with an email. once something has executed, eg opening a document or some other vbscript, or an exe, it'll pull its full payload down from the web. and that can then sit and listen on one of those standard ports.

That's the other half of it: Block all incoming ports. You can make connections out, and they can make it back to you, but that's it.

all this will do is interfere with people who need things other than you deem "necessary", eg streaming audio, online gaming, p2p, or ANYTHING bespoke whatsoever.

Obviously there would be a standard range of ports open. By no means was my list compreshensive. Given that a vast majority wouldn't even notice the change, I think it's a good solution. As long as ISPs are willing to open ports on an individual basis, I don't see how anybody can have a problem with this.

Re:As I've been saying for years: (5, Interesting)

metsu (601943) | more than 9 years ago | (#12714539)

I would suggest using user levels.

regular customers would get level 1 or level 0. (Web and mail access, no incoming ports, etc.)

Then it would be a customer's decision to apply for a higher level. maybe pass a test, portscan, etc. sign something that gives them responsability for the services running on their box.

They could even make higher levels cheaper, as an incentive for customers to educate themselves. like level 4's get 15% off their monthly bill.

Re:As I've been saying for years: (1)

eznihm (552487) | more than 9 years ago | (#12714578)

That's stupid. I woulndn't pay an ISP that had those policies.

That is a terrible idea, how about... (3, Insightful)

Phelan (30485) | more than 9 years ago | (#12714587)

So basically you want me to give my ISP a list of ports I may require so they can white list them for my machine?
I'm sure my ISP would love it if I would say ask for ports 4662 to 4672 and 6881 to be unlocked.
I wonder what they'd think I was planning with those...and I'm sure the new knoppix iso would not be their theory.

Now after having edonkey and bittorent work,
I'll only need
5800 for VNC
21 & 22 anybody?

How about this idea, everyone has complete access privileges. The isp notices for common characteristics of a bot net and common malware. If such is found on the user the ISPs gateway forces all HTTP connects to a URL that has detailed instructions on how to install spybot seach & destroy, ad aware etc. Kind of like a hotel sends you to a registration page to buy internet access for the day when you connect.

The last step is for the user to either call or through some other mechanism notify the ISP that his machine is (for now) clean. The ISP removes the user from its black list and not only do we now have a patched windows box, but also one with basic defenses for the future. It be kind of like catching the criminal pc, putting it into jail until the software is installed and then releasing it as a rehabilitated system

Re:As I've been saying for years: (2, Interesting)

Jellybob (597204) | more than 9 years ago | (#12714595)

I like the policy of my current ISP Andrews & Arnold [aaisp.net.uk] (UK).

You have full access, with real IPs for all your machines, and no restrictions on running servers.

If they get any abuse reports you have 3 strikes - first and second report they'll e-mail you. Third report they'll kill your connection, and call you up to let you know what happened.

It's then up to you to fix the problem before they reconnect you.

Looks like I bought my last PC (0)

Anonymous Coward | more than 9 years ago | (#12714403)

At 5 cents per zombie, why buy a computer? This way is much cheaper.

Effects of Economics? (0)

Anonymous Coward | more than 9 years ago | (#12714408)

So if these computers are available at 5 cents each, and antivirus software would make it more difficult to install worms, would the "hackers" make more of a profit from their work? In effect, wouldn't they be put into a "If you scratch my back, I'll scratch yours." scenario with antivirus developers?

Then again, by driving the buying price of compromised systems higher would the demand for one decrease and therefore reduce the amounts of spam and malware with the invisible hand of capitalism?

I kind of doubt it, but it is interesting to think about (for me anyway!).

So Microsoft is telling the truth... (5, Funny)

Weaselmancer (533834) | more than 9 years ago | (#12714414)

...at five cents per computer, they do have a lower TCO after all!

No, NO. (2, Funny)

game kid (805301) | more than 9 years ago | (#12714493)

They have a lower TCP: total cost of pwnz0rship.

Re:So Microsoft is telling the truth... (1)

fshalor (133678) | more than 9 years ago | (#12714550)

Look at the profit factor too! Those zombies were originaly had for *free* by their new owners. A $0.05/PC cost is pure profit!

However! (1)

agtwilight (325275) | more than 9 years ago | (#12714415)

If you buy the security suite and onsite consulting from CA you can be saved from this awful evil!

twi

The most unsettling thing... (4, Interesting)

pschmied (5648) | more than 9 years ago | (#12714431)

This is really starting to smack of organized crime. A friend of mine forwarded an article to me on this last night.

If you are an end user who just wants to use your computer, it may be time to look at getting a Mac. The bar for information security in the face of this level of organization is getting too tall for your average end user.

If you are in an enterprise situation and have a usage policy that allows users to use corporate equipment for personal banking on breaks, you may want to reconsider that policy.

Oftentimes, computer usage is negotiated by labor unions and you cannot simply change computer use policy out from underneath users. In this case, I wonder what the legal responsibilities of the company are to exercise due dilligence in protecting its end users?

If you haven't already done so, it's time for a lesson in defense in depth. That means IDS, IPS, Firewalls, Antivirus, Spam blockers, AV web proxies, etc. And because perimeter defense is all but a quaint memory in today's more agressive world, you may want to look at host-based firewalls and other AntiWorm systems [intrinsicsecurity.com] .

Good luck. We all need it.

-Peter

Re:The most unsettling thing... (1)

tomstdenis (446163) | more than 9 years ago | (#12714500)

I hate this sort of reply. You don't need a mac, hell you don't even need Linux/bsd/whatever.

You just have to be "not a moron". Granted security is easier if you

a) Know what you're doing
and
b) Use the right tools...

That said you can secure a windows box so that not every little worm that gets loose can have a feast on your computing resources....

This "oh buy a Mac they're secure" bullshit is really annoying. Yes they're cool, but I'd rather have a Venice AMD64 based system anyday. They're cooler, faster and cheaper [and you can stick a nice free OS like Gentoo Linux on it]

Tom

They're going to call it... (0)

Anonymous Coward | more than 9 years ago | (#12714441)

... 'Slashdot', and cunningly post links to sites which won't be able to withstand the attack, unless they meet the hackers' demands!

With the added feature of the Dupulator(tm), they will be able to compound the attack for weeks, if not months, to come!

OS-X? (1)

vettemph (540399) | more than 9 years ago | (#12714445)

So in infects Windows.

Doesn't touch Linux or OS/2???
What about OS-X? Is it just a typeO or is there more OS/2 on the net than OS-X?

Re:OS-X? (1)

WhiteWolf666 (145211) | more than 9 years ago | (#12714521)

They said Apple, of which, in the IT reporting world, OS-X is the main subset.

I'm not scared (1)

part_of_you (859291) | more than 9 years ago | (#12714448)

I have Windows XP Pro, on a 2003 server. I've updated IE6.0 and keep my computer updated regularly. I also have the new Microsoft pop-up blocker. Also I have the corporate version of Symantec Antivirus. AND I don't look at porn. The only problem I really have is my karma on Slashdot. I don't know which is worse.

GunBound - Owns your PC (2, Interesting)

tburt11 (517910) | more than 9 years ago | (#12714452)

My kids like to play Gunbound.http://gunbound.net/ [gunbound.net]
They weasled my wifes login, and loaded it onto her PC. I found out why the other day, because they were having trouble installing the "upgrade".
Trouble was, my wifes login no longer has "Administrator Access". So I elevated the privs, did the upgrade, and downgrade the privs.
Gunbound don't run.
So I uninstall, and try to delete the program folder, and get Access Denied.
Long story short, even after uninstall, Gunbound left a process running on the computer. This reeks of backdoor/trojan.

I look at their site/game and it is very sophisticated. Lots of great programming! How do they pay for all of this? There is no charge to play, and no advertisements.
My guess is....
Computer for Sale!

Re:GunBound - Owns your PC (1)

imsabbel (611519) | more than 9 years ago | (#12714585)

If you actually READ what the update does, you would realize that its a anti cheating software that checksums the programm (actually, you can see it at startup before the main exe is run).
And that you cant delete the program folder: smarty, you installed an update as administrator, OF COURSE a user cant delete the files... i suggest get them off the way you got them on...

And yeah, because NOBODY would have detected a trojan that is installed by a game with >100.000 players...

The fundamental problem (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12714458)

End users just *don't care*. This is why there are botnets. Because, although their owned boxen are f-ing with the rest of the internet, it doesn't affect them - a selfish luser attitude, why should they bother virus/trojan scanning their boxen?
I wish ISPs (victims and hosting) would hold the lusers responsible for this - I think criminal negligence would be an appropriate charge. I for one look after my boxen and keep them patched (easier on the gentoo linux one).

Re:The fundamental problem (1)

WhiteWolf666 (145211) | more than 9 years ago | (#12714490)

Two steps.

1. ISPs and targets of said botnets should hold the zombie lusers accountable.

2. Federal legislation requiring that OS vendors indemnify customers versus certain types of security problems.

Re:The fundamental problem (3, Insightful)

Jeff Hornby (211519) | more than 9 years ago | (#12714558)

And what happens when a free software box is owned? Who gets held responsible then? Red Hat? Linus?

Price Wars (1)

datadriven (699893) | more than 9 years ago | (#12714465)

We can't win. Even though linux is free, Windows XP is still worth a nickel.

Read: Spam (2, Interesting)

Brent Nordquist (11533) | more than 9 years ago | (#12714466)

And of course a flood of spam will follow this like night follows day. This has been going on for some time; LURHQ wrote up some good articles about the virus/spam connection: Sobig.a and the Spam You Received Today [lurhq.com] , Sobig.e - Evolution of the Worm [lurhq.com] , and Sobig.f Examined [lurhq.com] .

Get the Facts (4, Funny)

mcleodnine (141832) | more than 9 years ago | (#12714477)

In a recent survey of BotNet administrators, hosts running Microsoft Windows operating systems were found to have at least a 40% less TCO than a comparable Linux offering.

"With volume discounts and integrated tools, we can now offer "managed" remote hosts as low as 5 cents per unit."

remote downloads are common these days (1)

Gary W. Longsine (124661) | more than 9 years ago | (#12714486)

Although CA has identified an interesting bot, it's not really using new techniques, merely combining some. Adware and spyware has been downloading buddies for a few years now as a common technique, and many other worms have done similar things.

Exploit chaining is a more serious and under-reported threat. (Download.ject I think was the tip of a coming iceberg.)

Further hybrids of adware and spyware techniques with botnets are likely. A mini payload may ride in through a browser exploit, like adware and spyware, then start downloading buddies, emailing itself out, and using IRC to fetch instructions and other modules. All of that has been done by separate worms, and the total combination is due any moment, I suspect.

By the way, IRC is pretty easy to block. The coming use of P2P based techniques for inter-bot communications will be more adaptive and thus harder to combat.

Apparently The Register is published in the South (2, Funny)

xorowo (733585) | more than 9 years ago | (#12714489)

Clearly I was wrong when I reckoned that the word "reckon" was most popularly used in the South.

Obligatory (1, Troll)

HurricaneDitka (824492) | more than 9 years ago | (#12714491)

I, for one, salute our massive botnet overlords.

I for one... (-1, Troll)

mboos (700155) | more than 9 years ago | (#12714516)

welcome our new botnet overlords.

How to survive a zombie attack (1)

foolinator (611098) | more than 9 years ago | (#12714530)

1) Unhook your Windows PC
2) Grab you C64 out of the garage
3) http://www.sics.se/~adam/contiki/ [www.sics.se]

How can you make a virus with only 64K of address space?

Re:How to survive a zombie attack (1)

Professr3 (670356) | more than 9 years ago | (#12714545)

More importantly, how long will you be able to stand a life of Pong and text editing, mixed with the constant hum of a 5 1/4" drive? :P I sense massive internet withdrawal symptoms in your future...

So this is how terrorist crack encryption (1)

kulakovich (580584) | more than 9 years ago | (#12714536)


I was wondering where they'd get the horsepower to break the intercepts they are getting.

kulakovich

Racketeering? (2, Insightful)

StormShadw (686387) | more than 9 years ago | (#12714565)

Could this be considered racketeering somehow? Prosecution under RICO would be interesting.

Security guy cynicism (4, Insightful)

lythander (21981) | more than 9 years ago | (#12714592)

OK, these things need to be taken seriously, but any press release needs to be taken with a grain (or bag) of salt. Spyware is the threat flavor of the day, and the specialized programs (ad-aware/spybot/spy sweeper/etc.) are better at managing it than traditional A/V is (at least right now). Bots are scary. Need to reformat and reinstall (our instructions to students at this major university). Viruses you can just clean (mostly, but mytob is throwing a wrench into that clean division). You figure which is scarier.

CA is the only product which detects ALL three of the mentioned viruses as of this posting. Which is not to say that they're making this up, but I'd be more willing to believe it if it came from the Secret Service or CERT.

name? (1)

noisymime (816237) | more than 9 years ago | (#12714596)

and they named the botnet...Slashdot!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?