Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zombie Report By ISP

Zonk posted more than 9 years ago | from the braaaains dept.

Security 260

twitter writes "Information Week has a summary of a report by Prolexic detailing Zombie activity by ISP, country and population statistics. AOL, the largest provider, had the most zombies but lower rates than others. Fourth largest Earthlink was not in the top 20. The information is gathered from hundreds of customer sites." From the article: "Weinstein went on to say that Prolexic's numbers were actually good news for AOL. 'It's a demonstration that the tools we provide are keeping members safe. Our very aggressive actions -- we provide anti-virus, anti-spyware, and firewall services to our users -- make them measurably safer than those on other ISPs.'"

Sorry! There are no comments related to the filter you selected.

Turn turn turn ... (5, Insightful)

It doesn't come easy (695416) | more than 9 years ago | (#12832309)

AOL spins the report as good news because they claim a low rate of 0.54% zombie machines per million subscribers...yeah but...

They are basing that on 21.7 million total subscribers. I wonder what their rate would be if they only counted broadband subscribers?

Re:Turn turn turn ... (0)

cayenne8 (626475) | more than 9 years ago | (#12832321)

I thought AOL was only a dial up service...how can it really have any zombies or a zombie problem?

Re:Turn turn turn ... (1)

jezstephens (882336) | more than 9 years ago | (#12832338)

AOL broadband exists also.

Re:Turn turn turn ... (2, Informative)

dmolavi (822749) | more than 9 years ago | (#12832351)

bzzt..AOL For Broadband [aol.com]

Re:Turn turn turn ... (2, Insightful)

It doesn't come easy (695416) | more than 9 years ago | (#12832408)

It's a good question. The truth is AOL isn't a real ISP. They are a proprietary system with access to the internet. Might be splitting hairs here but whatever. In any case, AOL has been trying to create an AOL broadband service. Not sure how successful that has been, but AOL does have partnership arrangements with other broadband providers where you connect to the broadband provider and then straight to AOL's system. I wonder how these kind of connections were counted? Probably not as an AOL IP address, cause the IP address would have been assigned to the broadband provider. Looks like another way to fudge the numbers to me...

Re:Turn turn turn ... (2, Insightful)

Disoculated (534967) | more than 9 years ago | (#12832475)

Normally, a true "AOL" brand broadband customer will be tunneled through AOL, otherwise it's parental controls (part of it's selling point) wouldn't work. So they'd show up as being in AOL's network space.

A person who's running AOL on another ISP's network and using the AOL client as a simple TCP app wouldn't (and shouldn't) be considered an AOL zombie for this study, otherwise the zombie would be counted twice.

Re:Turn turn turn ... (1)

It doesn't come easy (695416) | more than 9 years ago | (#12832549)

Good point on the tunneling part but I would still like to see what IP address shows up on the outside world. I think a VPN arrangement would still show the broadband provider's IP. Don't know enough about how AOL sets it up to be sure.

Re:Turn turn turn ... (1)

ThomaMelas (631856) | more than 9 years ago | (#12832673)

They show up as an AOL IP address. For a while the only provider that would give me DSL was AOL. (SBC provided the line but thier DSL people said they didn't service the area). Cable wasn't an option so I bit the bullet and went with them. The uptime was pretty good and the speeds weren't bad. Figuring out how to get things to work without having AOL's software open took a little research but just set up your router to act like a standard PPPoE connection. (If for some reason you want to use the parental controls then don't do this, this allows you to bypass them.) But my IP address was in AOL's block when tested or viewed by others.

Re:Turn turn turn ... (2, Insightful)

ArsenneLupin (766289) | more than 9 years ago | (#12832572)

A person who's running AOL on another ISP's network and using the AOL client as a simple TCP app wouldn't (and shouldn't) be considered an AOL zombie for this study, otherwise the zombie would be counted twice.

... but he will still be counted as a subscriber, leading to good per-subscriber infection rates. For fairness' sake AOL should really not count these users as subscribers either, nor the dialup users.

Re:Turn turn turn ... (4, Insightful)

tigerd (890439) | more than 9 years ago | (#12832337)

I dont really think an ISP is responsible for zombiemachines. Its the endusers who has the final responsibility. That means your an my grandma...

Re:Turn turn turn ... (2, Insightful)

-brazil- (111867) | more than 9 years ago | (#12832427)

Theoretically, yes. But pragmatically, some relatively simple measures taken by an ISP can greatly reduce end user vulnerability, while sufficiently educating all end users about how not to become infect is simply impossible in the face of most poeple's total lack of concern for the problem.

Re:Turn turn turn ... (2, Insightful)

liquidpele (663430) | more than 9 years ago | (#12832506)

Look, I understand an ISP cannot 100% tell if machines are zombied and block users based on tracking user activity. I don't think they should be held responsible. HOWEVER, they should absolutely be held responsible for not acting when they are tipped off by security companies and knowedgable users about specific machines that are doing things.

I think combining a complaint with a 10 minute packet tracking of the computer's activity should provide enough evidence to verify a machine is most likely zombied or not. Then only show a website with a "you've been infected, call this number for assistance" show up with http request.

zombie survival guide (2, Funny)

Anonymous Coward | more than 9 years ago | (#12832445)

aol should read this... [randomhouse.com]

Re:Turn turn turn ... (1)

SatanicPuppy (611928) | more than 9 years ago | (#12832592)

That was the first thing that leapt to my mind. What a crap comparison. Now they'll be trumpeting it all over, talking up their own safety based on an apples to oranges comparison.

I have to say I'm surpsied some of the infection numbers were as low as they were. Considering how quickly a windows box gets owned through a typical broadband connection, and how sloppy most people are with security, I would have thought the numbers would have been higher. As an example, I have a friend who's intelligent, works in IT, etc, who had an IPTables firewall issue, and instead of rewriting a rule, just plugged his unpatched windows box directly into the modem to download a 30 meg chunk of software. It was "more convenient". And this is someone who DOES know better.

I imagine they only got stats from customers that they service. I wonder how many customers they have, and how many of those customers attract DoS attacks on a regular basis?

Those bastard Zombies!! (-1)

Anonymous Coward | more than 9 years ago | (#12832313)

They ate my neighbors!!

Zombies (0)

gulfan (524955) | more than 9 years ago | (#12832315)

Mmmm.... Brains!

Brains! (2, Funny)

Anonymous Coward | more than 9 years ago | (#12832342)

What do we want?

Brains!

When do we want them?

Brains!

Re:Brains! (0)

Anonymous Coward | more than 9 years ago | (#12832359)

"Take THAT zombie George Washington!!!"

Re:Brains! (1)

eutychus_awakes (607787) | more than 9 years ago | (#12832443)

Bart: "Dad, You Killed zombie Flanders!"
Homer: "He was a zombie?."

no zombies please (-1)

Anonymous Coward | more than 9 years ago | (#12832318)

clean [shinyfeet.com]

No one is surprised (2, Funny)

Approaching.sanity (889047) | more than 9 years ago | (#12832319)

That the AOL users are zombies.

Re:No one is surprised (0)

Anonymous Coward | more than 9 years ago | (#12832354)

Me too!

Statistically Humorous (0)

Ryan.Latham (892596) | more than 9 years ago | (#12832334)

You give AOL an inch and they take a mile. Sue they have the better number but this is only due to their holding of so much of the ISP market.

Re:Statistically Humorous (0)

Anonymous Coward | more than 9 years ago | (#12832516)

Thats perhapsthe dumbest thing I've ever heard. Can we take away mod privledges from whoever modded that insightful?

AOL Zombies (2, Funny)

jim_v2000 (818799) | more than 9 years ago | (#12832638)

You know, I've talked to AOL on the phone alot, and I have to agree with this article...it does seem that a high percentage of people working for AOL are zombies.

Good! (3, Interesting)

ajs (35943) | more than 9 years ago | (#12832336)

Now, perhaps we can start putting some pressure on the bad ISPs to clean up their networks on the basis of their successful peers.

I'm really sick of everyone in the world looking down on me as soon as they find that my IP is on a Comcast block.

Re:Good! (3, Insightful)

kiwimate (458274) | more than 9 years ago | (#12832402)

No kidding. Comcast.net is ranked #5 in the Top Infected Networks table, and #2 in the Infected US Networks table.

So, let's summarize. If you live in the Philadelphia area, then you're stuck with the monopoly broadband company, and the commensurate extortionate prices, wretched customer service, frequent service interruptions...and now this.

I really loathe Comcast. And you just know there's no way they're going to clean up their act. Why would they? Where's the incentive or threat?

Re:Good! (1)

It doesn't come easy (695416) | more than 9 years ago | (#12832509)

Monopolies suck for the non-monopoly owner, no doubt about it. You should check out Verizon DSL [verizon.com] . If you live close to a civilized part of Philadelphia, you may be able to get it at your house. Their basic DSL in Philly now offers the equivalent speed of the entry level internet cable at about 2/3s the price with no contract required. Plus, they have a sale untl the end of June, 2005 on the first three month's subscription and no signup charges (and no, I don't work at Verizon). If we all keep switching providers when they have a price cut, we can keep the pressure on :)

Re:Good! (1, Interesting)

Anonymous Coward | more than 9 years ago | (#12832422)

But is it really the ISP's responsibility to make sure a given individual keeps their computer up to date? I mean sure, it would be nice, but I'd rather not have them checking that info on me.

Plus, I'm on a NAT behind a router, so it might be hard for them to scan my computers.

Re:Good! (0, Redundant)

caino59 (313096) | more than 9 years ago | (#12832502)

excellent point, AC

Comcast does do things like temp block port 25 on customer's modems that are zombie boxes sending out spam.

The problem isn't an ISP problem - it's the uneducated, unwashed masses.

Tools to protect are there on the provider's pages, and personaly, I'd rather them not be installed for me...no thank you.

They're there for the user, but is it REALLY the ISP's job to hold EVERYONE's hand through installing them and setting them up?

Well, why not stop it there - blame the computer manufacturer...or hell - hold the OS creator responsible!

Ultimately, keeping the computer safe and clean is the end-users responsibility.

They do own the damn thing after all - not the ISP.

Re:Good! (4, Insightful)

Bonker (243350) | more than 9 years ago | (#12832459)

I'd be willing to bet that the majority of the 1st world zombies originate on 'White Label' broadband. The aforementioned Comcast, Cox, SWB DSL... things like that. AOL has the most of any ISP, but I bet the conglomerate of the top 5 cable and dsl bandwidth providers easily dwarfs them.

They're the 'cheap' local providers, not the 'evil' big boys like AOL, so they're what your grandmother will subscribe to when your idiot nephew convinces her she needs an 'Always On' connection to listen to NPR or check her email every five minutes.

Yeah, this *looks* like it's just the industry's problem, but it's not. It's mine and yours. Every time you or I answer 'Well, I need a computer and a cable modem to check my email, right?' with just a 'yeah sure', we're adding to it.

Go buy Grandma that $39.99 firewall from Best Buy, configure it for her, and tell her that she doesn't need to worry about it. It's like the extra deadbolt on her front door. It helps keeps the bad-guys out.

Re:Good! (0)

Anonymous Coward | more than 9 years ago | (#12832527)

Those firewalls are down to under $20 on sale. (I've seen them as low as $10)

There's no reason not to have one.

Re:Good! (2, Insightful)

GigsVT (208848) | more than 9 years ago | (#12832526)

It doesn't matter which ISP you use, some idiots somewhere will have some personal grudge against it.

Let the jokes begin... (5, Funny)

pete19 (874979) | more than 9 years ago | (#12832345)

AOL, the largest provider, had the most zombies

Sometimes jokes just write themselves...

Late night TV (5, Funny)

Dancin_Santa (265275) | more than 9 years ago | (#12832355)

we provide anti-virus, anti-spyware, and firewall services to our users

BUT WAIT! There's more!

If you act now, we'll throw in ANOTHER anti-virus service at no extra charge! All this for only 89.95!

Okay, I'm not supposed to do this, but I'll personally add another EXTRA anti-spyware monitoring system AND take off 50 bucks from the retail price!

All this and more for only 3 easy payments of 39.95!

Re:Late night TV (1)

yarnia (892625) | more than 9 years ago | (#12832385)

I just love how they provide anti-SPAM / anti-Virus services, yet make it too easy for spammers to get AOL addresses in the first place. Either allowed or through an unpatched exploit, I don't know. But if you create a new AOL account -- you'll be loaded with SPAM in a matter of 5 minutes. Without doing anything.

Re:Late night TV (3, Interesting)

TheClam (209230) | more than 9 years ago | (#12832416)

That's just not true. When I moved, I used a free AOL CD just for dial-up, but I never used the email address. When I closed the acct a few months later, I only had 5 emails in the inbox.

Re:Late night TV (1)

yarnia (892625) | more than 9 years ago | (#12832474)

Well I'm glad you had such a positive experience. I can confidentely replicate the event using our AOL test account. Perhaps it is something to do with creating new screennames on an old account, or making an entirely new account?

Re:Late night TV (1)

Issue9mm (97360) | more than 9 years ago | (#12832670)

My guess is that it either has to do with reused accounts, or common account names. If I were a spammer, you're damn tooting sure I'd try "JohnSmith@aol.com".

As AOL is the largest ISP, they're more likely to have common names. Heck, I'd be willing to say that most addresses would work if you just stuck an aol.com on the end of it.

It would be an interesting experiment to farm a bunch of legitimate email addresses, stip off the domain and replace them with @aol.com. Then, mail something to the list and see how many delivery failures you get back. I'm betting it'd be a small percentage, depending on the sampling of course.

-9mm-

Re:Late night TV (0)

Anonymous Coward | more than 9 years ago | (#12832394)

What's your point here, jelly belly? I think you're too distracted with thoughts of how cool it will be when you're old enough to drive. As a result, you waste keystrokes and screen real estate with useless garbage like this. Sad, really. Stick to m4stu4b4t1on instead of typing please.

This is old news (0, Funny)

Anonymous Coward | more than 9 years ago | (#12832356)

Everyone knows the nexus for zombies is Haiti. Block the whole country and you should be safe.

Still the worst offender (2, Funny)

JanneM (7445) | more than 9 years ago | (#12832366)

So AOL has lower rate than some others. Doesn't really matter - since they have the most zombies in absolute numbers, blocking AOL from your IP range will give the most bang for the block anyway.

Re:Still the worst offender (4, Insightful)

Anonymous Coward | more than 9 years ago | (#12832392)

But you will block 21 million legitimate users too. If that is acceptable, I don't really want to have anything to do with your company.

Re:Still the worst offender (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12832424)

But you will block 21 million legitimate users too.

If eBay, playboy.com and espn.com blocked AOL users until AOL got rid of their zombies AOL would make absolute certain that the problem would be solved within 48 hours.

Re:Still the worst offender (1)

BlogPope (886961) | more than 9 years ago | (#12832567)

Yes, I'm sure eBay, playboy, and espn would have those blocks lifted in 3 hours, and the dumbass engineer who implemented them fired within 48 hours.

Re:Still the worst offender (0)

Anonymous Coward | more than 9 years ago | (#12832604)

AOL would make absolutely certain that the problem would be solved in 48 hours... by calling the CEOs of each of those companies and explaining to them how many of their customers use AOL and just how much revenue how much revenue the companies' IT departments were sacrificing just to save a little bandwidth.

Re:Still the worst offender (1)

ZorbaTHut (126196) | more than 9 years ago | (#12832587)

I help run an IRC channel that blocks AOL. Partly it's due to zombies and flooding, but much more commonly it's due to sheer stupidity. Every year or two we try unblocking it, and we get deluged by people demanding we do their homework, and we block it again.

Not all people blocking IP ranges are companies, and of those, I can easily imagine that not all of them find it's worth providing business to AOL users. There are exceptions of course, but on average, AOL users are just plain annoying to deal with.

Re:Still the worst offender (1)

beeblebrox87 (234597) | more than 9 years ago | (#12832535)

Bang per netblock, yes, but not bang per legitimate user. The cost of blocking isn't in the number of blocks of IPs you have to block, it's in the number of non-zombies that can't get through. You should concentrate on blocking ISPs with relatively few users, a large percentage of which of are zombies, since this gets you the most benefit per lost customer.

Re:Still the worst offender (1)

BlogPope (886961) | more than 9 years ago | (#12832585)

No, to get the most bang for your block, use this block: 0.0.0.0/0.0.0.0; At most 1 zombie can get through (you).

Best of all, this advice is worth every penny you paid for it.

Re:Still the worst offender (1)

It doesn't come easy (695416) | more than 9 years ago | (#12832659)

Why stop there? We could block the top four in the US (AOL, Comcast, Southwestern Bell, and Verizon) and knock off probably 2/3rds of all the zombie computers in the world...

Unfortunately, if we do that I won't be able to read any of your future comments because I am using Comcast with my non-zombie machine.

A better solution might be if the ISP determines the machine is a zombie, route them to a packet filtering system and filter out all connection requests except for a web page that contained instructions and tools showing how to take back control. The home user would have to clean up the machine (or get someone to do it for them) before they could get back to the internet. This could be done but ISP's probably would rather not because of the support cost.

It's either that, or risk screwing up the home computer by trying some automatic cleanup over the connection.

Where's the beef^h^h^h^hlist? (1)

HydraSwitch (184123) | more than 9 years ago | (#12832368)

So, where is the chart showing the top 20?

Re:Where's the beef^h^h^h^hlist? (4, Funny)

Anonymous Coward | more than 9 years ago | (#12832406)

You know those underlined bits in the summary at the top of this page? They're called hyperlinks, and you can click on them... try clicking on the second one.

Re:Where's the beef^h^h^h^hlist? (1)

HydraSwitch (184123) | more than 9 years ago | (#12832532)

Ok, got it. Thanks.
For me, the links don't show as underlined... they're something just *slightly* different in color from the regular black font.
And I read the article too, but didn't see a link for the chart in it. I'll look closer next time.

Let's all block AOL ip block... (0, Interesting)

Anonymous Coward | more than 9 years ago | (#12832372)

honestly for my purposes i could block anything coming from AOL without affecting any of my servers - do you really want AOLers taking up your bandwith to begin with?

Re:Let's all block AOL ip block... (1)

-brazil- (111867) | more than 9 years ago | (#12832444)

If your site actually generates business then yes, you very much DO want to be accessible to AOL users.

Re:Let's all block AOL ip block... (1)

bobintetley (643462) | more than 9 years ago | (#12832565)

And that wouldn't stop AOL users mailling you - the guys here are talking about mail delivered DIRECTLY from AOL IP addresses (ie. Running their own SMTP transports).

Since in practice no user should do this and go through AOL's SMTP servers anyway, you're only going to block crap by firewalling off packets from AOL dial-up/ADSL blocks coming to port 25.

Article is incorrect (0)

Anonymous Coward | more than 9 years ago | (#12832379)

Article is incorrect as it talks about "percent per million". I cannot think of any way this measure can ever make sense.

--JAB

Re:Article is incorrect (1)

VoidWraith (797276) | more than 9 years ago | (#12832569)

I agree. What kind of measurement is that? amount of boxes divided by subscribers in hundreds, divided by subscribers in millions? It makes no sense.

Re:Article is incorrect (3, Informative)

porcupine8 (816071) | more than 9 years ago | (#12832580)

I think it's (percent of all attacks originating from that provider) divided by (number of machines on that provider, in millions).

So (making #s up) if AOL is 10% of all attacks, and 100 million machines, they have .1 percent per million. But if Joe's ISP has 5% of all attacks, and only 5 million machines, they have 1.0 percent per million.

AOL has twice as many attacks total, but compared to their user base Joe's rate is ten times as high.

Zombie Activity (5, Funny)

fuct_onion (870134) | more than 9 years ago | (#12832384)

1. Participation in Distributed Denial-of-Service attacks
2. EATING BRAINS

Re:Zombie Activity (1)

3TimeLoser (853209) | more than 9 years ago | (#12832464)

Missed a couple of items. How's this:

1. Participation in Distributed Denial-of-Service attacks
2. EATING BRAINS

3. ???
4. Profit!

C'mon, you know it had to be done.

The fundamental zombie problem (3, Interesting)

Anonymous Coward | more than 9 years ago | (#12832397)

End users just *don't care*. This is why there are botnets. Because, although their owned boxen are f-ing with the rest of the internet, it doesn't affect them - a selfish luser attitude, why should they bother virus/trojan scanning their boxen?
I wish ISPs (victims and hosting) would hold the lusers responsible for this - I think criminal negligence would be an appropriate charge. I for one look after my gentoo linux boxen and keep them patched.

Re:The fundamental zombie problem (2, Insightful)

generic-man (33649) | more than 9 years ago | (#12832522)

The hostile behavior of self-proclaimed net.gods, looking down upon AOL "lusers" from their Linux "boxen," doesn't help matters any.

If you're upset about end-users ruining your ability to download new packages for your "boxen," then offer to help instead of bitching them out on Slashdot.

Re:The fundamental zombie problem (0)

Anonymous Coward | more than 9 years ago | (#12832647)

If you're upset ... then offer to help instead of bitching

I work in IT. I get paid to fix stupid people's computer problem. I sure as hell am not gonna volunteer to fix more on my days off.

You gotta be kidding (5, Insightful)

Dammital (220641) | more than 9 years ago | (#12832611)

"End users just *don't care* [...] a selfish luser attitude"
I don't think that's fair. The end users, for the most part, have been handed a box that was advertised as an appliance: "Plug it in and you're good to go! Surf the net, download music, play games with your chums, get photos from the grandkids!"

Except that it wasn't just an appliance, was it? It was a bug ridden piece of manure that was delivered with known defects, to people who by and large don't have the wherewithal to work around those defects.

This is Microsoft's fault, plainly. Not the poor bastards who were taken in.

Re:The fundamental zombie problem (0, Flamebait)

Quill_28 (553921) | more than 9 years ago | (#12832640)

How does this get modded interesting?

Interesting to read a arrogant self-absorbed jerk write flamebait.

Nobody wants to be a zombie idiot they do care.

But they are not knowledgeable enough to set their firewall up correctly or install linux.

So they connect and 4 minutes later they are taken over without even knowing it.

They just want to read some e-mail, see pictures of their relatives, maybe check their bank account.

Funny has you get pisted at the users and not the hackers.

Re:The fundamental zombie problem (1)

tricops (635353) | more than 9 years ago | (#12832650)

Doesn't affect them? Have you ever USED one of those virus/trojan ridden boxen? Slower than molasses, more unstable than a short halflife isotope... I'm sure the "lusers" would happily clean up their boxen if they had a clue how or even realized their machines were virus and trojan ridden.

Re:The fundamental zombie problem (0)

Anonymous Coward | more than 9 years ago | (#12832653)

Anyone who uses the term "luser" is a loser.

A solution (5, Insightful)

alvinrod (889928) | more than 9 years ago | (#12832398)

No matter how many software or hardware tools an ISP has in place to stop their customers computers from being turned into zombies, the only real way to combat the problem is to educate the end user more.

No amount of firewalls, switching to Mac or Linux, or anything else will stop people from having their computers taken over at the end of the day. Stupid users will always find a way to get infected dispite the best protection available.

Operating a computer should be like operating heavy machinary. You need to pass a test that says you're qualified to do it. Don't want to take the time to learn how to properly use a computer and avoid being just another zombie PC sending me emails about lowering my car payments or free nude pics of celebrities? Then don't use a computer at all.

If you think this is a little irrational, just remember that the financial damages caused by computer viruses are probably in the billions of dollars every year. Imagine how much trouble could be prevented.

Re:A solution (1)

Politburo (640618) | more than 9 years ago | (#12832458)

If you think this is a little irrational, just remember that the financial damages caused by computer viruses are probably in the billions of dollars every year. Imagine how much trouble could be prevented.

True, but one can think about it another way. If viruses/spyware weren't a problem, there would be fewer jobs in IT. Those estimated 'billions of dollars' don't just go into an incinerator. The productivity losses do (money that never existed, btw), but money spent to correct problems goes into the economy.

Re:A solution (3, Insightful)

99BottlesOfBeerInMyF (813746) | more than 9 years ago | (#12832499)

Operating a computer should be like operating heavy machinary. You need to pass a test that says you're qualified to do it.

You need to pass a test because lives are at risk, not bandwidth. Realistically their should be some basic instruction, hopefully provided in schools, but at that same time most computers should be much, much, much, much, much harder to remotely take over and turn into a zombie. Windows is the worst of the bunch, but pretty much all OSs could be a lot easier to use securely. I imagine they would be too, except for the fact that since MS gained their monopoly, innovation has slowed to a crawl. I want default sandboxes for new applications, services off by default, and easy built in standards compliant encryption and authentication schemes.

I agree that there will always be really stupid users that will get their machines taken over and agree to the most ridiculous risks to see the little bunny cartoon, but at least make the user click a button that says "Let this program do anything it wants to my computer" right next to the "run it in a sandbox and give it no access to the internet or my files" button.

Re:A solution (1)

mspohr (589790) | more than 9 years ago | (#12832552)

"No amount of firewalls, switching to Mac or Linux, or anything else will stop people from having their computers taken over at the end of the day." I'm not aware that Mac and Linux have any zombie activity... they do seem to be a good way to prevent infection.

Re:A solution (0)

Anonymous Coward | more than 9 years ago | (#12832630)

It's the age-old question, though, isn't it? If Mac OS X or Linux had the same marketshare as Windows, would they be just as often zombified?

It's an unknowable as, even though both run by default as non-root users (restricting the amount of damage that can be done by buffer overflows in e.g. web browsers), neither can truly be said to offer any defence against social engineering - if someone persuades a home-user to download and install a malicious app (as root, of course) and they do it, then the system is hosed. I'd give Linux a slight advantage here, as installing anything from anywhere but the official repositories can be a real pain, and it will be hard to not only get a malicious app in there but keep it in there once it is discovered. Of course, if there is ever an easy installation system made widespread (like autopackage, etc) then even this protection will be reduced. Or a malware purveyor could simply compile in any dependencies they need.

Does SELinux offer any conceivable defense, here? Note that I'm talking purely about installation of malware instigated by the user, rather than the drive-by installs that I'd say Linux and Mac OS X are better-able to defend against.

Punishing the victim (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12832631)

What you're proposing is kind of like insisting that all pedestrians must have black belts in karate and carry big guns. Otherwise, they might get mugged and use valuable police and hospital resources.

It's like saying that everyone has to be a CPA, otherwise they could be the victim of fraud and use valuable police and bank resources.

We have to punish the criminals, not the victims.

The other thing about AOL (4, Informative)

everphilski (877346) | more than 9 years ago | (#12832403)

The other thing about AOL's dialup service is that they buy modems from local ISP's in areas where they don't operate central hubs. I used to work for one such ISP that contracted to AOL. We were very proactive about protecting customers, etc.

So a lot of the AOL crowd having good numbers may very well be local ISP's that are taking good care of their own customers, and just happen to contract out to AOL on the side

-everphilski-

Whose IP space? (1)

oneiros27 (46144) | more than 9 years ago | (#12832563)

Were the users given numbers in AOLs, or your IP space?

After all, it's also possible that the reason that AOL has such good numbers is from their users being counted against someone else.

[or, more likely, that their users don't spend as much time connected, and so by looking at the number of attacks, you actually have to compare the sum of time that the subscribers were connected, rather than the number of subscribers.]

Umm... (1)

Cytlid (95255) | more than 9 years ago | (#12832407)

...Where can I see the report? I work for an ISP, it would be interesting to see where we fit. We're kinda medium-sized and mostly local, so I can't imagine we'd be on there at all.

But if we do show up at all, it's BOFH time!

AOL is the largest? (1)

dfn5 (524972) | more than 9 years ago | (#12832476)

"We're the largest ISP on the planet," Andrew Weinstein, a spokesman for AOL, said Wednesday.

AOL is the largest ISP on the planet? Who is AOL's ISP? Assuming AOL isn't their only customer wouldn't that make them the largest?

Re:AOL is the largest? (0)

Anonymous Coward | more than 9 years ago | (#12832562)

Are you retarded?

Re:AOL is the largest? (0)

Anonymous Coward | more than 9 years ago | (#12832577)

As far as I know, there are not infinite ISP's out there... Which should lead to the conclusion that one must be the largest... Sooooo.... I fail to see why AOL needs an ISP, I think you're looking at the organization of the system all wrong (besides the fact that I don't think they consider someone feeding them a huge data pipe to be an "ISP" in the traditional sense).

Re:AOL is the largest? (0)

Anonymous Coward | more than 9 years ago | (#12832628)

What do you mean? AOL is teh interwebs!

Stupid AOL (3, Insightful)

Andy Dodd (701) | more than 9 years ago | (#12832482)

They had the most zombies but a lower rate than others. They spin this as good.

But according to the post, Earthlink (the fourth largest provider) wasn't even in the top 20, implying that their zombie percentage is far lower than AOL's.

Re:Stupid AOL (0)

Avohir (889832) | more than 9 years ago | (#12832584)

Thats because Earthlink is Dial-Up. Its kind of hard to use dial-up in a botnet... FEAR the mighty DDOS going... at... 56k... yeeeeah... plus you generally find a lot less infections on dial-up computers (generally speaking, god knows there are exceptions) because all the crap thats getting downloaded onto the computer generally has a fairly significant file size, and it takes forever to download, just like a legitimate program. By the time they exploit finishes running, they've left the page, and/or the net

Re:Stupid AOL (0)

Anonymous Coward | more than 9 years ago | (#12832646)

There's also the question again of user size; I have no idea how big Earthlink actually is, but it's possible their rates are nearly even but just too small to make the top 20 (which is why a statement like "didn't make the top 20" with no actual numbers is worthless)

This is how it starts... (2, Informative)

suitepotato (863945) | more than 9 years ago | (#12832511)

...and this is how it ends up. [landofthedeadmovie.net]

Although, there are some AOL users I wouldn't mind being gobbled up, I hardly need to sit on my roof with a minigun and grenade launcher.

For the love of G-d, we must do something now!

Per capita (0)

Anonymous Coward | more than 9 years ago | (#12832536)

Per capita ratio is so misleading. Per connected computer would give a way better picture.

BAD AOL! "What me?" (0)

Anonymous Coward | more than 9 years ago | (#12832539)

People doing a study: "AOL, Your service is terrible!"

AOL: "Why thank you! See, that's why we have the best service!"

Report. (3, Informative)

saintlupus (227599) | more than 9 years ago | (#12832540)

The actual report is at:

http://www.prolexic.com/zr/ [prolexic.com]

--saint

Re:Report. (1)

saintlupus (227599) | more than 9 years ago | (#12832595)

Shit... downmod this post. For some reason, like the eye-burning color scheme, I didn't see the link in the summary.

Mea maxima fucking culpa.

--saint

No surprise here. (0)

Anonymous Coward | more than 9 years ago | (#12832546)

And the AOL client is based on what browser?

Article text (0)

Anonymous Coward | more than 9 years ago | (#12832575)


it must be such an inconvience to put "content" on their advertising website, i would hate to see the ratio of adverts>to content
----

America Online hosts more denial-of-service (DoS) spewing zombie PCs than any other ISP in the world, a report released Tuesday claimed. AOL thinks that's just fine.

Prolexic, a Florida-based company that offers a DoS mitigation service, tracked attempted attacks over the last six months to rank ISPs. AOL topped the global and U.S. domestic lists, with machines that use it as their link to the Internet accounting for 5.3 percent of DoS attacks worldwide, and 11.7 percent of those conducted in the U.S.

Worldwide, the German family of Deutsche Telekom ISPs -- t-ipconnect.de and t-dialin.net, among others -- came in second. In the U.S., Comcast, Bell South, Verizon, and Ameritech fleshed out the top five.

"We're the largest ISP on the planet," Andrew Weinstein, a spokesman for AOL, said Wednesday. "You'd expect us to have the most zombies."

Weinstein went on to say that Prolexic's numbers were actually good news for AOL. "It's a demonstration that the tools we provide are keeping members safe. Our very aggressive actions -- we provide anti-virus, anti-spyware, and firewall services to our users -- make them measurably safer than those on other ISPs."

Weinstein based that take on a comparison of Prolexic's numbers with the U.S. installed base of each ISP. Assuming JupiterResearch's estimate of AOL membership rolls is on target at 21.7 million, America Online accounts for .54 percent of the total U.S. DoS attacks for each million subscribers. Comcast, on the other hand, has just 7.4 million users, but accounted for 10.7 percent of the DoS attacks, for a rate of 1.44 percent per million. Verizon, meanwhile, posted a per million rate of 1.9 percent.

"That's three or four times as many attacks per million subscribers," Weinstein argued. "The numbers show that AOL members are significantly less likely to have been compromised by a zombie. This is actually good news for our users."

Some major U.S. ISPs were notable by their absence. EarthLink, for instance, the fourth largest provider according to JupiterResearch, was not on the list of the top 20, although Mindspring, which EarthLink acquired in 1999, came in at number 17, accounting for 1.3 percent of the DoS attacks tracked by Prolexic in the U.S.

AOL is on crack. Here's why. (3, Insightful)

bigtallmofo (695287) | more than 9 years ago | (#12832596)

"That's three or four times as many attacks per million subscribers," Weinstein argued. "The numbers show that AOL members are significantly less likely to have been compromised by a zombie. This is actually good news for our users."

Picture that you're a script-kiddie botnet owner looking for more zombie systems. You have a program that someone provided to you that scans netblocks for systems vulnerable to hundreds of various buffer overflow attacks. You get to pick what netblocks the scanner runs on.

Which would you pick:

1. AOL dialup netblocks, where the user's average 48 K/bps connection takes an average of 1 minute to scan and provides you with a wimpy 48 K/bps of DDoS power
2. Comcast Cable Modem netblocks, where the user's average 384 K/bps upstream bandwidth takes an average of 6 seconds to scan and provides you with a beefy 4,000 K/bps downstream DDoS power.

The numbers quoted above should be accurate enough to get the point. AOL hosts take far longer to compromise and provide far less "bang for the buck". No wonder they're compromised a smaller percentage of time.

Does AOL actually own anything ? (0)

Anonymous Coward | more than 9 years ago | (#12832626)


i thought they where just a branded reseller of other peoples equipment, like VirginMobile they own nothing and are just middlemen to the real asset owners, unless AOL have been laying their own cables in the road

File sharing (1, Interesting)

Anonymous Coward | more than 9 years ago | (#12832627)

Perhaps if we can get the zombies to start sharing music and movies we can get the MPAA/RIAA to shut them all down, one lawsuit at a time. :)

One solution... inform users about their bots (1)

mulescent (682036) | more than 9 years ago | (#12832655)

as far as i know, there is no easy way for the average user to find out if their computer is a zombie. it would be great if ISPs sent email notifications and then offered tools to remove malicious software. i think people would be very willing to take action, but the vast majority of people have no idea what the appropriate action is.

Intersting Country Stats (0)

Anonymous Coward | more than 9 years ago | (#12832672)

I was surpised to see that Vietnam has more zombies than Australlia and nearly as manay as Candada!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?