Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The New Face of Script Kiddiez

Zonk posted more than 8 years ago | from the some-of-them-are-actually-quite-old dept.

230

An anonymous reader writes "Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.'"

cancel ×

230 comments

New Face (4, Insightful)

RedHatLinux (453603) | more than 8 years ago | (#14884685)

Would seem to imply a new genre of script kiddie, such as old people doing it, rather than a mere change in behavior. And if they can track and shutdown is bot network, why hasn't someone arrested this idiot?

Re:New Face (5, Insightful)

kefkahax (915895) | more than 8 years ago | (#14884736)

Being that he goes by 'Witlog' either he's too young to disclose or they still don't know who he is. Either way, I'd like to point out that, though he may or may not cover his tracks well, "they break into thousands of PCs" is kind of inaccurate being that most of these DDoS bots automate the process of taking control of a machine. Most people that run these botnets don't know anything beyond compiling the bot and filling out a configuration file.

And they certainly don't deserve recognition...neither would a defacer[political or not]. I swear, "hackers" or "crackers" whatever you may prefer to call them, used to have more taste, pre-2000. Even the defacements used to carry more meaning...now it just seems like IRC channel wars, just at a new level...IRC server wars. Pretty dumb when it gets down to it.

Re:New Face (5, Informative)

msobkow (48369) | more than 8 years ago | (#14884901)

Exactly. While the rootkits, virus kits, worm kits, and other attack examples have been out there since the early DARPA days, most people using them were exploring for security holes to exploit. Now we've got people who just use that work to take over unpatched or obsolete machines.

They aren't hackers. They can't even claim to be crackers. They run a kit with as little thought to how it works as an Excel user thinks about the math and programming behind the interface. It's just a tool to them.

What's really annoying is their persistent attempts to break a patched/maintained environment wastes bandwidth that has better uses.

What's criminal is that their traffic interference can prevent you from using your connection to work or relax as you see fit. Legally, it should be comparable to theft of resources or vandalism preventing the use of resources. Following from that could be additional charges depending on the intended use of the victim's machines.

Re:New Face (0)

Anonymous Coward | more than 8 years ago | (#14884962)

So the child could be charged with 3,000 counts of vandalism? I'm cool with that.

Re:New Face (1)

whyrat (936411) | more than 8 years ago | (#14885252)

This is equivilent to saying we should arrest drug smugglers for tarriff evasion.

I think the waste of bandwidth is an arbitrary side-effect. It's the act of trying to usurp someone's computer that is the crime here, not wasting bandwidth.

Re:New Face (3, Insightful)

plover (150551) | more than 8 years ago | (#14884754)

why hasn't someone arrested this idiot?

Probably because the idiot is in Estonia, or some other place where the laws of the U.S. are not particularly respected. If all he's doing is installing adware on American PCs, you don't honestly think the local police are going to give a sh!t, do you?

Actually, they probably would. They'd probably want a 25% cut.

Re:New Face (5, Funny)

gEvil (beta) (945888) | more than 8 years ago | (#14884765)

...or some other place where the laws of the U.S. are not particularly respected.

I don't even know where to begin with a comment like that... : /

Re:New Face (1)

weierstrass (669421) | more than 8 years ago | (#14885244)

>...or some other place where the laws of the U.S. are not particularly respected.

Obviously not the uk [freegary.org.uk] , then.

Sometimes They Do (1)

miller60 (554835) | more than 8 years ago | (#14884778)

This morning WNBC News (Channel 4) in New York was touting an upcoming segment on identity theft. It turned out to be a jailhouse interview with a phisher who's doing hard time for grand larceny.

Re:New Face (4, Insightful)

blast3r (911514) | more than 8 years ago | (#14884887)

When you chase these botnet conrollers down you may find the operator in a channel on the server but normally they hide their real IP address. There is only so much you can do if you don't have access to the actual system the IRC server is located on. And even then it could be difficult to actually find them because they could be proxying through another hacked machine.

Re:New Face (1)

oliverthered (187439) | more than 8 years ago | (#14885043)

There's no need to reroute yourself all over the world any more when you could just be using one of the many open wireless networks to hide.

New genre of script kiddie (5, Funny)

this great guy (922511) | more than 8 years ago | (#14885069)

Would seem to imply a new genre of script kiddie, such as old people doing it,

Like Script Daddiez.

Re:New Face (4, Interesting)

Agelmar (205181) | more than 8 years ago | (#14885183)

Given the text of the interview in the article, I'm guessing that he is not in this country, or at the very least that he's a non-native speaker.

My logic: There is a line where the reporter is interviewing the 'kid'. He says the following:

why i did it? i've read an article on yahoo or smth like this

Aside from the obvious grammatical issues, the last word of the sentence is indicative of the fact that he may be a non-native speaker of English. A native speaker would likely use the word "that" instead of "this" when using the phrase "something like" in conjunction with an action taken in the past.

There's also the fact that he said "I've read" rather than "I read". While the former is not incorrect (using the past participle, 'have'), a native speaker is more likely to use the simple past ("I read" rather than "I have read"). This is especially true of a younger native speaker.

While it's obviously difficult to analyze the grammar of a script kiddy, if I had to bet I would say that he is a non-native speaker. Could easily be German, or east european given the language patterns.

Re:New Face (1)

sconeu (64226) | more than 8 years ago | (#14885266)

Would seem to imply a new genre of script kiddie, such as old people doing it,

So you're saying this guy's from Korea?

In Soviet Korea, old people email YOU!

nm (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14884689)

nm

OUTGOING (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14884695)

HELLO WORLD
36429 36429
HELLO WORLD
30588 30588 79166 79166 21882 21882 27372 27372 92307 92307
34489 34489 48172 48172 10301 10301 62144 62144 26872 26872
27023 27023 02845 02845 43695 43695 64580 64580 74372 74372
51904 51904 01250 01250 32918 32918 48986 48986 87571 87571
63251 63251 62816 62816 67758 67758 34587 34587 59077 59077
42761 42761 64175 64175 95245 95245 35413 35413 24258 24258
24909 24909 47482 47482 82411 82411 51303 51303 81992 81992
81886 81886 99725 99725 33060 33060 93465 93465 91123 91123
51702 51702 78679 78679 12533 12533 96661 96661 46000 46000
40794 40794 69581 69581 63258 63258 31209 31209 62782 62782
74750 74750 03375 03375 46912 46912 64784 64784 31778 31778
53718 53718 17014 17014 04797 04797 05671 05671 30482 30482
66052 66052 78248 78248 37910 37910 84148 84148 88397 88397
12559 12559 76972 76972 16177 16177 91844 91844 88247 88247
17868 17868 76140 76140 04200 04200 75335 75335 78380 78380
97253 97253 91355 91355 38249 38249 40715 40715 13736 13736
74333 74333 74038 74038 02644 02644 02482 02482 61806 61806
76095 76095 67911 67911 35944 35944 84215 84215 71096 71096
83059 83059 83094 83094 96379 96379 17437 17437 61046 61046
47246 47246 00309 00309 76445 76445 73157 73157 85238 85238
05070 05070 15842 15842 56733 56733 87773 87773 24359 24359
08094 08094 93138 93138 52736 52736
K-BYE

Someone decode pls... (0)

Anonymous Coward | more than 8 years ago | (#14885091)

K. Thx. Bye.

Could be helpful (5, Funny)

gEvil (beta) (945888) | more than 8 years ago | (#14884698)

...these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.

Great! Maybe he can reconcile my account balance while he's there.

Re:Could be helpful (1)

Rick.C (626083) | more than 8 years ago | (#14884877)

Great! Maybe he can reconcile my account balance while he's there.

When he's done the balance will be zero. C'mon, you don't need Quickbooks to be able to reconcile that yourself.

Re:Could be helpful (5, Funny)

KylePflug (898555) | more than 8 years ago | (#14885011)

Awesome! Zero is a step in the right direction!

The New Face of Script Kiddiez... (0, Funny)

Anonymous Coward | more than 8 years ago | (#14884702)

...is just as pimply as the old face.

Re:The New Face of Script Kiddiez... (0)

Anonymous Coward | more than 8 years ago | (#14884796)

The New Face of Script Kiddiez is just as pimply as the old face.

Nobody mentioned that he was using Linux.

lame (4, Interesting)

panic911 (224370) | more than 8 years ago | (#14884703)

i find it rather funny that all these bot-net owners are getting so much publicity right now. The washington post recently had another article [washingtonpost.com] about another botnet owner. this is nothing new. people have been exploiting various networks and running botnets for at least a decade (that I'm aware of). these new botnets aren't any larger than the ones back in the day, either. in fact exploiting systems back then was way easier since security wasn't nearly as important to many people and firewalls were pretty rare. either way, ITS LAME

Re:lame (1)

ZiakII (829432) | more than 8 years ago | (#14884726)

since security wasn't nearly as important to many people and firewalls were pretty rare

Ha this statement still holds true!

Re:lame (1)

Phurd Phlegm (241627) | more than 8 years ago | (#14884795)

The washington post recently had another article about another botnet owner.
They did. It was written by the same author, and he linked to it in the referenced article.

Lame maybe, but profitable (1)

Opportunist (166417) | more than 8 years ago | (#14884924)

Many people don't care how they make their money. Only how much.

'New Face'? (2, Insightful)

MECC (8478) | more than 8 years ago | (#14884714)

Hasn't this been going to for awhile?

Better Toys (5, Insightful)

Doc Ruby (173196) | more than 8 years ago | (#14884715)

These kids should be the new face of P2P research and production. Kids care more about group recognition, new toys and testing/breaking limits than they do about money. If more effort were put into giving them constructive P2P toys to play with, they would spend much less of their own effort breaking stuff.

Just stopping kids is a losing battle. The only way to win is to substitute something else into their idle hands. This has been proven over and again, most obviously with "Little League" which replaced gangs of window breakers with happy campers.

Re:Better Toys (1)

Meagermanx (768421) | more than 8 years ago | (#14884760)

All this guy did was use some source code and change some settings. Nothing major. He's not the kind of guy who's going to make another Napster. He probably doesn't even know how he's doing what he's doing.

How low can we set the bar? (5, Insightful)

khasim (1285) | more than 8 years ago | (#14884816)

All this guy did was use some source code and change some settings. Nothing major. He's not the kind of guy who's going to make another Napster. He probably doesn't even know how he's doing what he's doing.
I have to agree.

The only reason this guy is having any success at this is because of the default security settings on Windows.

No, this isn't an anti-Microsoft rant. But the fact is that without those open ports, his worm wouldn't be spreading. You cannot depend upon the end-users to correctly patch or firewall their systems.

All it would take to stop this guy is for the next version of Windows to ship without any open ports by default. Ubuntu already does this, Apple already does this.

Having a software firewall on the machine is a distant 2nd place option. If there is a flaw in the firewall software, he'll have the same opportunity he has now.

Re:Better Toys (2, Insightful)

Doc Ruby (173196) | more than 8 years ago | (#14884906)

So if someone gave him some other simple "P2P kit" to "hack" like that, which was constructive rather than destructive, he'd be doing something useful instead of harmful. I didn't even mention the idea of "blame", or how "bad" this guy is - I didn't even refer to this guy individually. Just because windows are breakable doesn't mean people have to break them. But with nothing else to do, I'm not surprised when kids break them.

Re:Better Toys (0)

Anonymous Coward | more than 8 years ago | (#14884800)

I couldn't think of a better toy than my neighbors credit account :)

Re:Better Toys (1)

Doc Ruby (173196) | more than 8 years ago | (#14884989)

Well, you seem to spend more time posting/reading Slashdot than you do cracking your neighbor's credit account. Slashdot saves the world!

Re:Better Toys (2, Insightful)

NitsujTPU (19263) | more than 8 years ago | (#14884832)

You seem to be under the impression that these kids know how to do something. They're not good hackers who went bad, they're bored kids who downloaded some source code somewhere.

Meet one or two of them. Most of them do not write this software, and do not know how to either.

Re:Better Toys (4, Interesting)

Doc Ruby (173196) | more than 8 years ago | (#14884925)

I've met plenty of these kinds of kids, since I used to be among them myself when I got started. One difference between them and me was that I was given constructive toys, actual (simple) programming projects, while they just passed around hacks/cheats given them by someone else.

They don't have to be hackers to cause harm. All they're doing is playing with toys. That's why less harmful toys in wider distribution will dilute the harm.

Re:Better Toys (4, Interesting)

NitsujTPU (19263) | more than 8 years ago | (#14884999)

I've met a number of these kids, and chatted with plenty in my day. I have always been under the impression that those who wanted to learn something did. I remember listening to Brock Meeks speak ad DefCon, only to have questioners lay into him saying, "You don't have to be interested in programming to be a good hacker." Those kids don't want to learn anything, and they won't.

I can name at least 3 of my friends from when I was 14 chatting on IRC who are off getting their PhDs now (and you can add me to that number in the Fall).

The kids who wanted to download "bitchslap" and knock a computer or two offline did that and didn't do anything more interesting than that. They ran into #2600 and barked at all of the people in there "Am I 1337 now!?!" and told all of their friends how hardcore they were.

All of that aside, most of the serious P2P research is simply outside of the reach of your standard issue coder, let alone some script kiddie who doesn't know what he's doing. Perhaps there's some simple, elegant technique out there that people haven't exploited yet. Heck, I have my own simple elegant technique that I think that everyone missed. The difference is that I'm writing a paper about it, not sitting in some IRC channel telling people how 1337 my misguided flood protocol is.

And, also, exactly, they don't have to be hackers to cause harm. They can be script kiddies and be plenty destructive. A script kiddie is called a script kiddie because he doesn't have any 1337 sk1llz though, not because he's trying to change the world. I wanted to learn about computers once too. You know what I did? I programmed.

Re:Better Toys (1)

Doc Ruby (173196) | more than 8 years ago | (#14885110)

I didn't say these kids have to produce the research themselves, any more than they produce the crackware they play with. Most kids will play with any toy they get, especially if all the other kids are playing with it, too. That sounds like a great "beta test" pool for new P2P systems, especially the more interactive ones. So if the "serious" researchers give their betas to kids as toys, they will displace the more dangerous tools, and kids will do less harm - and more good.

Re:Better Toys (1)

NitsujTPU (19263) | more than 8 years ago | (#14885179)

Eh, but most of us never crank out a "beta." I have a simulator that runs a mathematical version of my protocol now that I have preliminary results from (I have my own version of MITs P2PSim that does a few things better that are necessary for my tests). The real version will be a program written just to carry out my test and deployed on a private university cluster, and probably also on PlanetLab. Most of the serious research isn't producing anything that these kids would want to play with.

Even if it did, it would probably be some filesharing app, and all that you'd get is kids trading 1337 warez!

Re:Better Toys (1)

daranz (914716) | more than 8 years ago | (#14884868)

You already got Counterstrike... perfect thing to contain nasty annoying kiddies - plenty of them there already.

Re:Better Toys (1)

Jeff Benjamin (528348) | more than 8 years ago | (#14884996)

These kids should be the new face of P2P research and production. Kids care more about group recognition, new toys and testing/breaking limits than they do about money. If more effort were put into giving them constructive P2P toys to play with, they would spend much less of their own effort breaking stuff.

Because nothing interests kids more then research and production. Seriously though I agree with you, although I think it may be necessary to disguise the research and production, as you said, to make it look and feel like breaking stuff.

Re:Better Toys (1)

westlake (615356) | more than 8 years ago | (#14884998)

"Little League" which replaced gangs of window breakers with happy campers.

The "Little League" has always co-existed with juvenille detention centers. The places where your toys get taken away. Jail, in plain English.

Maybe the Geek ought to be spending a little more time introducing his juniors to some uncomfortable truths about the real world.

Re:Better Toys (1)

Doc Ruby (173196) | more than 8 years ago | (#14885145)

More effort getting kids into Little League, or some equivalent in a different activity, would reduce the demand for JD halls and jails. Before kids were organized into constructive play, they used to commit a lot more crime - distracted only by "child labor" and worse.

Kids are different from adults because it's not too late for most of them to change. Teaching them with toys rather than threatening them with jail is a lot more productive way to make better citizens. Centuries of prioritizing jail hasn't done much beyond turn jails into crime schools.

Lucky Bastards (4, Insightful)

Eightyford (893696) | more than 8 years ago | (#14884723)

The worst part of this is that when these people are caught they are often given lucrative jobs at security and antivirus companies. Making the front page of slashdot will probably even look good on the lucky bastard's resume.

And what kind of name is witlog? It's like cunningpoop, or something.

Re:Lucky Bastards (3, Funny)

Ben Newman (53813) | more than 8 years ago | (#14884970)

Not really. That might have been the case when you actually needed to know something to be a "hacker", but this kid is just downloading tools from other places. I doubt he knows what TCP/IP is.

the only feature (5, Funny)

Anonymous Coward | more than 8 years ago | (#14884729)

that should be distinctive on this "new face" is that it's either:

* Bruised and bloodied from the clue by four that's been applied; or

* mouth wide open screaming as his cell mate takes a new "wife."

Re:the only feature (0, Flamebait)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14884849)

I don't find brutal corporal punishment or rape to be "funny" or a reasonable solution to botnet operators. History will, hopefully, look back at our barbarous culture, where threat of homosexual rape is a prime deterrent, with abhorrence. It is sad that so many in our society see this sort of thing as not only acceptable, but amusing. I suppose people joked about cutting off the feet of slaves and slowly torturing jews to death as well. May historians link you IP address and name with your post so they can put your face on one of the "savages" in a future documentary about how crude and stupid people were back in 2006.

Re:the only feature (-1, Flamebait)

Tweekster (949766) | more than 8 years ago | (#14884903)

yeah rape is a little over the top. hopefully he is just killed in prison.

Re:the only feature (0)

Anonymous Coward | more than 8 years ago | (#14884959)

Wow, be careful getting off that soap box. You got so high up there, you might get hurt on the way down.

Re:the only feature (1)

r3adah3ad (936993) | more than 8 years ago | (#14885003)

No kidding. I, for one, hope there's a special place in Hell set aside for Spammers, bot-netters, etc.

Re:the only feature (0)

Anonymous Coward | more than 8 years ago | (#14884995)

exactly. rape is no laughing matter. unless you're raping a clown.

Re:the only feature (1)

eviloverlordx (99809) | more than 8 years ago | (#14885088)

exactly. rape is no laughing matter. unless you're raping a clown.

That would be rather...vulgar*, don't you think?

* get it?

Re:the only feature (1)

ClayDowling (629804) | more than 8 years ago | (#14885012)

What would you propose we do with him then? Allowing him to continue is a very bad option, possibly the worst of all available, and currently the accepted practice in the U.S. is incarceration.

A period of time as a guest of the state might convince him to stop messing around with other peoples' computers. The sodomy is purely gratuitous.

Re:the only feature (3, Insightful)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14885081)

What would you propose we do with him then? Allowing him to continue is a very bad option, possibly the worst of all available, and currently the accepted practice in the U.S. is incarceration.

While jail time is a valid option it should be jail time minus sexual assault. This may not be the reality in all cases, but rape and physical abuse should not be an accepted part of prison and anyone who accepts it as normal, or lauds it sickens me and just makes the problem worse. For a wholly non-violent offense like this, perhaps a long probation, confiscation of funds, and a few years of regular community service would be more appropriate.

I get the feeling from reading the posts here that almost everyone is interested in revenge against people who spam or run botnets or perform DoS attacks, and no one is interested in either rehabilitation or justice. Those advocating corporeal punishment, rape, death, and eternal damnation have no sense of a punishment fitting the scale of a crime and likely have no idea what it is like to truly suffer physical and mental pain. Gee a bunch of relatively wealthy computer geeks from the first world, what a surprise.

Re:the only feature (1)

ClayDowling (629804) | more than 8 years ago | (#14885209)

I don't think that you'll find any court including sodomy as part of the sentencing. It's just a fact of life in U.S. prisons, much like the fact that he's going to get beat up. Here's a hint: he's locked up with a lot of bad people, so we can expect bad things will happen to him there. Nobody got to prison by being well behaved.

You seem to have some notion that there's something the justice system should do to treat this person as special while he's in prison. He's special, just like everyone else. Which is why the state would be good enough to afford him meals, a roof over his head, and something resembling health care in exchange for keeping him off the street and prevent him from causing more trouble for people who haven't been convicted of crimes.

Re:the only feature (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14885047)

Oh shut up you self righteous tit!

People respond much better to the threat of pain and embarressment than they do to words like "No Timmy, put the knife down, it's not nice to threaten mummy".

Have you not noticed that since "Political Correctness" grabbed the western world by the testicles, that life is going rapidly down the toilet ? It was only a few years ago that kids would not have even dreamt about knocking over a little old lady for her money. Now it happens.

Kids these days don't know what is right and wrong for the simple reason that wrong is no longer associated with pain or embarressment.

Re:the only feature (0)

Anonymous Coward | more than 8 years ago | (#14885051)

I agree that brutal corporal punishment and homosexual rape aren't funny, especially considering that the latter is such a serious problem in the american penal system.

In the future (1)

wytcld (179112) | more than 8 years ago | (#14885062)

In the future, when computers are recognized as citizens with rights, botnet operators will be viewed as slavers, and any punishments they will have received be viewed as a mark of moral growth in society. (Personally, I don't agree that computers should be citizens. But given how so many people are stupid enough to see a soul in a zygote, there's little hope that in 20 years or so they won't see souls in their household devices, too.)

Why shouldn't kids who damage thousands of computers be subject to the same penalties as the kids who burned down those churches recently? The economic damage is about the same. The excuse, "This started as a joke!," about the same. The amount of effort required to start a fire or set loose a virus, about the same. It's destruction of property, with great economic loss, and serious inconvenience to thousands of people's lives - in both cases.

If we'd do the sensible thing and repeal the drug laws, we'd have plenty of room in our jails for these thugs.

Re:In the future (1)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14885135)

Why shouldn't kids who damage thousands of computers be subject to the same penalties as the kids who burned down those churches recently?

Well, in the case of arson there is a serious threat to the lives of many people. Maybe someone was sleeping upstairs at one church. Maybe the fire will spread to neighboring buildings or trees and kill someone. In this way I think arson is somewhat more serious. Aside from that, however, I don't think I ever advocated that the kids who set those fires should be seriously beaten or raped and I certainly don't think that. What purpose would it serve?

Re:the only feature (1)

MMaestro (585010) | more than 8 years ago | (#14885095)

Retrospect is always 20/20.

As it stands, the punishment for committing any type of 'cybercrime' these days is a joke. You get off with a slap on the wrist in terms of fines (since theres no real way to calculate how much damage you've done, a good lawyer can shrink it down to the thousands) and MAYBE some jail time (again, no real way to calculate.) Hell you get jackasses who hack into multi-billion dollar companies, get cause and 'punished' for like 6 months and then are rehired upon release by the same company to work for them. What kind of deterrence is that? If break into and steal cars, should I spend less than 5 years in jail only to be released and employed by Toyota designing security systems?

As for punishments in the past, thats generally attributed to racial or religious prejudices. If you want to nitpick, why not protest the genocidal killings in Africa or the imprisonment without trial treatment in China? That happens in MODERN times, most people don't consider it "funny" they flat-out IGNORE it.

Re:the only feature (1)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14885173)

What is your point? Do you think corporal punishment and rape is an appropriate punishment for a non-violent crime or not? Do you approve of this part of our culture or not? How does pointing out other atrocities that were and are being committed in any way mitigate someone here and now advocating and applauding rape?

Will someone PLEASE educate the end user! (2, Interesting)

RunFatBoy.net (960072) | more than 8 years ago | (#14884741)

I guarantee half of those bots are a result of some rogue ActiveX installation that most moms didn't know enough to click "don't install". Do everyone a favor, and just shut off ActiveX entirely. -- Jim http://www.runfatboy.net/ [runfatboy.net]

Re:Will someone PLEASE educate the end user! (1)

plover (150551) | more than 8 years ago | (#14884836)

just shut off ActiveX entirely

I think you're missing some clues here. These certainly are not all "moms" computers. 40 of the machines that joined the botnet during the chat in TFA were State of Texas computers, sitting in some government office building somewhere.

Big organizations (large corporations, governments) use ActiveX in their web "apps" all the time for various software functions. Shutting off ActiveX might mean turning off their ability to fill out their time sheets, or request vacation days, or reenroll in their health insurance plans. They may use ActiveX for requesting cubicle moves, new phone lines, or to request a janitor come fix a stopped toilet.

Microsoft planted these dependencies very deeply and very deliberately, guaranteeing vendor lock-in. They're not going away just because of some security hole.

Now here's an interesting idea. (5, Interesting)

Spy der Mann (805235) | more than 8 years ago | (#14884787)

Spread a worm that:

* Spreads itself to at least 2 other computers (for survival)
* Downloads and installs ad-aware
* Activates your windows firewall
* Downloads appropriate patches from Microsoft
* Prepares ad-aware to run on the next boot
* Deletes itself from the system

That'd be so beautiful *sniff* :')

If only crapware were easy to remove (3, Interesting)

LunaticTippy (872397) | more than 8 years ago | (#14884869)

That would be pure poetry.

If only I could come up with a script to clean a machine reliably I'd save plenty of time. Just today I tried and failed to de-crapify a horribly compromised Win ME/kazaa-induced nightmare.

I spent nearly an hour with ad-aware, hijackthis, and spybot s&d before realizing best case I'd end up with a limping Win ME system.

Now it's happily running 2k, fully patched, and the ignorant user warned.

Re:If only crapware were easy to remove (3, Insightful)

plover (150551) | more than 8 years ago | (#14884896)

and the ignorant user warned.

You really are an incurable optimist, aren't you?

Optimism is for Losers (1)

LunaticTippy (872397) | more than 8 years ago | (#14884937)

You really are an incurable optimist, aren't you?

Hardly. I simply warned the user that if they ever brought me a spammed-out zombie again I'd charge double.

And be crabbier.

Sure, your cousin did it. Nobody installs bad software on their own machine.

Re:Now here's an interesting idea. (1)

plover (150551) | more than 8 years ago | (#14884872)

We've seen that. I think it was the "Cheese" worm that was trying to come around and patch systems infected by the "Lion" worm. (Yup, confirmed, Google is my evil friend.) Noel Davis summed it up well: "These systems may have much greater problems than the Lion worm -- many more problems than another worm, no matter how friendly, can hope to fix."

Re:Now here's an interesting idea. (2, Informative)

baadger (764884) | more than 8 years ago | (#14884885)

I'm pretty sure during, or shortly after the peak of, the Blaster worm period someone engineered a worm to reach systems vulnerable to the Blaster worm, rid them of it, and then seal the hole. It ended up causing more problems than the actual Blaster worm in some cases.

Re:Now here's an interesting idea. (4, Informative)

MrNougat (927651) | more than 8 years ago | (#14884928)

Yup. Blaster was the first, and Welchia was supposed to fix it. Problem was, Welchia located other nodes by pinging. It didn't take too long for a network full of Welchia to grind to a halt with all that traffic. I saw it happen; an office of about 200 people had to be disconnected from the WAN in order to keep it contained. (No, I was not in charge of that office or that network.)

Embarrassment for Microsoft (5, Interesting)

digitaldc (879047) | more than 8 years ago | (#14884802)

SecurityFix: so did you just download the source from some site and set it loose?
Witlog: yes
Witlog: changed settings, and started it
Witlog: thats all
Witlog: anyone could do that
Witlog: you don't have to know many things to do a botnet like this


Why can't Microsoft push out its security fixes like this???

Cut off the head (4, Insightful)

Billosaur (927319) | more than 8 years ago | (#14884808)

Witlog: why i did it? i've read an article on yahoo or smth like this
Witlog: so when i've read that article, i thought "why not to make my own"?
SecurityFix: so did you just download the source from some site and set it loose?
Witlog: yes
Witlog: changed settings, and started it
Witlog: thats all
Witlog: anyone could do that
Witlog: you don't have to know many things to do a botnet like this

This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler. He finds a script or two somewhere, configures it, and lets it go. He has no moral compass, he doesn't care about other people's property, and he seems to think this is a hoot. He sounds too much like those college boys who are accused of setting those Alabama church fires [cnn.com] .

But as he says, anyone can do this. While it's nice that goups like Shadowserver.org are tracking down and shutting down these botnets, why isn't someone doing something about the supply source for these scripts? It's like leaving a loaded gun lying around -- some idiot may decide to use it, even though they don't know how. I say find the morons behind the botnet scripts and take them out. Stop wasting time on the small fry.

Re:Cut off the head (4, Insightful)

Denyer (717613) | more than 8 years ago | (#14884884)

It's like leaving a loaded gun lying around -- some idiot may decide to use it

It's really easy to make explosives. We can't ban the sale of ingredients. That's a slightly facile example -- there are legitimate uses for many things that could be used for malice, whilst fewer for exploit source code. However, prohibiting the availability of information about holes wouldn't improve the situation -- it'd mean more blackhats would have the information rather than people using that information to arrange protective measures.

Re:Cut off the head (1)

Pantero Blanco (792776) | more than 8 years ago | (#14884930)

One of the biggest defenses for allowing the sharing of exploit code is that security experts have to be able to share it and communicate about it in order to do what they do, either professionally or as hobbyists. There's no way to prohibit open sharing of exploit code without crippling security forums, newslists, et cetera.

Of course, if the person sharing it is also encouraging its misuse, there's already a law for dealing with them.

Captain of the Obviouuuus... to the rescue!! (1)

Spy der Mann (805235) | more than 8 years ago | (#14884890)

This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler.

D'OH, that's why the article title says "script kiddiez", not "hackers".

Re:Cut off the head (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14884944)

This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler. He finds a script or two somewhere, configures it, and lets it go. He has no moral compass, he doesn't care about other people's property, and he seems to think this is a hoot.

Yeah, that is the impression I get of botnet operators in general, especially the ones that are as easy to catch as this one.

why isn't someone doing something about the supply source for these scripts? It's like leaving a loaded gun lying around -- some idiot may decide to use it, even though they don't know how. I say find the morons behind the botnet scripts and take them out.

A tool is a tool. There is nothing wrong with making a tool, or even distributing it. Besides the authors of these things are very hard to track down. One interesting thing I've heard several times is how easy this problem would be to stop. I mean, you log into the control channel, reverse an update, and send your own that shuts down the botnet, maybe along with a patch for the user or just a message alerting them to the fact they have been hacked. The only real problem with this is it is running code on someone else's machine without permission, hence illegal. Otherwise security researchers could take down most of the existing botnets in a week or two.

Re:Cut off the head (2, Interesting)

Tweekster (949766) | more than 8 years ago | (#14884956)

Because the source code is perfectly legal. Making the source code, distributing it, all perfectly legal activities. Compiling it is also legal. Using it is legal too....Using it on someone elses computer you dont have permission to, ILLEGAL... see how much you can do before you even come close to breaking the law.

I'm confused.. (0, Troll)

RightSaidFred99 (874576) | more than 8 years ago | (#14884814)

Why isn't this little turd in prison? Are our authorities that FUCKING lazy that they can't track down and arrest some little punk like this who's engaging in thousands of counts of criminal tresspass? What the FUCK?

Re:I'm confused.. (2, Insightful)

blast3r (911514) | more than 8 years ago | (#14884960)

Ever tried to track these guys down? Have at it and let us know what you find out. =) First of all the term 'our authorities' sticks out. There isn't a single jurisdiction for this type of crime. A lot of these botnet operators live overseas and are hard to track down. Then if they do actually find them there are a lot of hurdles to jump through. The number of botnets is growing every day and I would guess that the number of law enforcment that deal with cybercrimes isn't growing at the same pace. This is already a huge problem and I would imagine it will only get worse.

Re:I'm confused.. (0, Offtopic)

$ASANY (705279) | more than 8 years ago | (#14885099)

Whois on witlog.com -- shouldn't be too hard for authorities to find this guy -- provided the information was correct in the first place, which it probably isn't. Let's see what else we can dig up...

Domain ID: D3421420-CNO
Domain Name: witlog.com
Domain Name IDN: witlog.com
Creation Date: 2000-09-26 19:18:08 UTC
Expiration Date: 2007-09-26 19:18:08 UTC
Last Modification Date: 2004-11-26 05:07:14 UTC
Sponsoring Registrar: CORE-51
Created by: CORE-51
Updated by: CORE-51
Last Updated By Registrar: CORE-51
Maintainer: 51
Registrant ID: COCO-746754
Registrant Name: Timothy Burke
Registrant Organization: Timothy Burke
Registrant Address: 8952 S. Kittiwake Street
Registrant City: Highlands Ranch
Registrant State/Province: Colorado
Registrant Postal Code: 80126-5252
Registrant Country: US
Registrant Phone Number: +30.34711986
Registrant Fax Number: +.
Registrant Email: tburke@ecentral.com
Admin ID: COCO-746754
Admin Name: Timothy Burke
Admin Organization: Timothy Burke
Admin Address: 8952 S. Kittiwake Street
Admin City: Highlands Ranch
Admin State/Province: Colorado
Admin Postal Code: 80126-5252
Admin Country: US
Admin Phone Number: +30.34711986
Admin Fax Number: +.
Admin Email: tburke@ecentral.com
Tech ID: COCO-457403
Tech Name: Marcus Faure
Tech Organization: OzNic GmbH
Tech Address: Mehrumer Str. 16
Tech City: Voerde
Tech State/Province: VIC
Tech Postal Code: 46562
Tech Country: DE
Tech Phone Number: +49.285596510
Tech Fax Number: +49.2855965117
Tech Email: hostmaster@oznic.de
Zone ID: COCO-457402
Zone Name: Marcus Faure
Zone Organization: OzNic GmbH
Zone Address: Mehrumer Str. 16
Zone City: Voerde
Zone State/Province: VIC
Zone Postal Code: 46562
Zone Country: DE
Zone Phone Number: +49.285596510
Zone Fax Number: +49.2855965117
Zone Email: hostmaster@oznic.de
Name Server: ns1.namehost.com
Name Server: ns2.namehost.com

Database last updated on 2006-02-28 18:44:44 UTC

CORE - [Internet Council of Registrars]

Re:I'm confused.. (2, Informative)

blast3r (911514) | more than 8 years ago | (#14885149)

uhmmm.. the botnet dood didn't register this domain. Well, now poor Timothy is going to have a busy week.

Fucking editors (2, Insightful)

caffeination (947825) | more than 8 years ago | (#14884834)

I know they do'n't spelcheck articlez, but this is rediculus!

Disclaimer: (4, Insightful)

WhiteWolf666 (145211) | more than 8 years ago | (#14884883)

What he does is wrong. Don't get me wrong.

At the same time, I couldn't give a rat's ass. Leave your car unlocked, get your radio stolen, see me cry 0 tears.

Leave your house unlocked, and the fine china will walk out the front door.

Leave your computer unprotected, and your data/bandwidth will be taken.

We run OS X/Linux. Automatic security updates, 0 ports exposed, everything behind a NAT, no automatic execution of downloaded files, and nobody types in administrator password without calling me first, either because they don't know them, or they know to verify EVERYTHING with me. Did I mention that user desktops run few (no) services? CUPS, SMB, SSH. No remote or local root logins.

Everyone here understands that ANY thing they download could potentially result in all their data being messed up. Period.

The last piece of the puzzle for me would be to prevent people from "spoofing" OS X users using incorrect icons for executable mime-types. Then I'll be happy.

Why should I care?

Re:Disclaimer: (0)

Anonymous Coward | more than 8 years ago | (#14884985)

At the same time, I couldn't give a rat's ass. Leave your car unlocked, get your radio stolen, see me cry 0 tears. Leave your house unlocked, and the fine china will walk out the front door.

Bah. Why should I have to deal with keys and locks and whatnot? Just because it's easy or tempting doesn't make it appropriate for someone to come in. I never lock my house. If you're going to come in and steal something, I'd rather not have to replace a window along with whatever you stole.

You will care (1)

Opportunist (166417) | more than 8 years ago | (#14884990)

When he sends that 'net for a DDoS ride to your address.

I have zero sympathy for idiots who can't secure their system. If they could only harm themselves, they could just as well go down in flames. Maybe it would work as a LART on them.

But it doesn't. Those bots are supposed to be no damage to the infected machine, but instead use said machine to cause harm somewhere else. If it DID cause some damage on the infected machine, the infected person would probably care.

So his attitude is just like yours: Why should I care?

Re:Disclaimer: (3, Insightful)

Bob Cat - NYMPHS (313647) | more than 8 years ago | (#14884992)

see me cry 0 tears.
Leave your house unlocked, and the fine china will walk out the front door.


Speaking of which, that lock you have on your front door can be picked in a few seconds. Don't believe me? Tell me your address, and I'll report here what your Royal Doulton brought on eBay.

Stealing is ALWAYS WRONG, even if the valuables are unsecured.

And you've hit the core of the "problem". (4, Interesting)

khasim (1285) | more than 8 years ago | (#14885175)

Speaking of which, that lock you have on your front door can be picked in a few seconds. Don't believe me? Tell me your address, and I'll report here what your Royal Doulton brought on eBay.
Some people trust the locks on their houses because they do not know any better. That doesn't make them bad or wrong. Just "ignorant".

Some people trust the system on their computers because they don't know any better. That doesn't make the bad or wrong. Just "ignorant".

The only difference is that you have a physical limit to the houses you can break into. There is no such limit on computers.

People have a much easier time understanding physical security because they can see it. They know when they've been robbed. They know when the neighbors are robbed.

With a computer, they probably won't know, or even really care. Unless they lose money from their accounts.

And fighting against ignorance is a long and difficult task. There are millions of individuals out there and each one has to be correctly educated.

Personally, I'd recommend focusing on an easier target ("easier" being relative here). Get Microsoft to ship the next version of Windows without any open ports by default. Yeah, I know what you're going to say. But it's more likely to happen than educating the millions of individual users out there.

Re:Disclaimer: (1)

Pantero Blanco (792776) | more than 8 years ago | (#14885185)

That has nothing to do with what he said. He didn't say the thief would be in the right. He said he'd be hard-put to feel sympathy for someone who didn't even take basic security measures.

If someone walks through a bad area of town wearing jewelry in the middle of the night and gets mugged, I'll still think the criminal should be captured and convicted, but I won't shed any tears for the victim. If another person walked through the same area of town at 7 PM showing nothing valuable, and got mugged, I'd be more sympathetic.

Last line of the article (3, Funny)

Spy der Mann (805235) | more than 8 years ago | (#14884914)

"At least one machine that he showed me from his botnet was located inside of a major U.S. defense contractor."

Ah, the irony...

Puts the Size vs. ease in perspective (1)

WindBourne (631190) | more than 8 years ago | (#14884972)

The writers write code against systems that are easily broken into. The SKs that would create botnets, simply grab code that is on the net and use it. It was never about size. It is about the ease of getting systems.

Spammers discussing arrests on specialham today (5, Interesting)

Animats (122034) | more than 8 years ago | (#14884979)

Specialham [specialham.com] , the spammer hangout, usually has ads for botnets. Today, though, the spammers are discussing someone who got caught:

Adam Vitale aka Batch1 arrested by Secret Service

  • From what I heard it was a guy named Sean Dunaway (spelled wrong I think). He used to work for AOL, sold out their huge 90+ million members dbase, got jail time, and apperently is working for the man now. This is a big case, pump and dump stock scams can hurt people to the tune of millions of dollars.
    M.
  • Yeah pump & dump would seem more like the Secret Service's department... the article just spoke of "promoting computer security software"... perhaps additional charges will be filed later... maybe this was just the SS's way to get him jailed and put pressure on him...
    Saw your other post too.. U r right, whoever isn't mailing compliant these days and is promoting illegal shit like pharm or stocks on top of it, is just asking for the feds to bust through their door...
    Hamster
  • From what i hear it wasnt about stocks or spamming, the security spam stuff was just a coverup. What the feds were really after was a botnet the guys were mailing from. Dont know the truth to this but i would not doubt it one bit, it would make sense why the SS was involved.
  • Just goes to show swank has ties with the antis look at this http://www.spamhaus.org/rokso/evidence.lasso?rokso _id=ROK4262 [spamhaus.org]
    I am not saying this guy didnt scam tons of people which is not right however if swank does not like you for whatever reason he will post you info on his anti friends websites so be very very carefull when dealing with swank and make sure your personal info is kept to you.. Personal revenge is the key to try and recover money that was scammed not whoring shit out to the anti's....
    P.S. swank you know I dont like fake people.. You guys get a kick of this one http://www.spamhaus.org/rokso/evidence.lasso?rokso _id=ROK4021 [spamhaus.org]
    Look half way down the message and you will see this
    "Swank"(Chris Brown) and "Batch1"(Adam Vitale) are in a tiff over a spam deal gone bad, and are in a flame-war on spamforum.biz.
    Swank has repeatedly posted "Batch1's contact info that was used in their spam dealings with each other.
    I think this is what I have been explaining all along about how swank has ties to the antis and posts peoples info if he doesnt like them and if you notice reading these articals the anti's really never say anything bad about swank HMMMM I wonder if he is friends with them.. Enjoy guys.....
  • Sean Dunaway is spelt correctly and he did not work for AOL and did not receive jail time. Soo sad that people are this missinformed.
  • Also the math makes no sense: Spammed 1.2 million AOL users with onbly 47,000 messages? Huh?
    ...
    1200000 / recipients_per_Email = 47,000 emails sent.
    hard to understand isnt it hamster ;)
    also if you've paid any attention to the forum, the informant (sean dunaway) is already notified and you've started a double thread because of your ignorance :P

This is starting to sound like those Mafia wiretap transcripts that came out as the New York Mafia was coming unglued. Law enforcement was doing well enough that the crooks were more afraid than the good guys, and were desperately trying to figure out who was selling out.

Spamming is starting to yield to straightforward police work.

ISP Blocking (3, Interesting)

PhYrE2k2 (806396) | more than 8 years ago | (#14884984)

I should point out that ISP blocking makes these folks essentially useless, not to mention limiting upstream.

However, I hate that my ISP is packet filtering for things like torrents (Rogers), one has to wonder why they fail to filter for the things that uselessly waste their network rather than the people who actually use it.

-M

Just link the punk to terrorist (0)

Anonymous Coward | more than 8 years ago | (#14885014)

The claim only needs to be as credible as Jr's claim about Al Qaeda and Saddam. Then just sit back and watch...

Re:Just link the punk to terrorist (4, Funny)

Urusai (865560) | more than 8 years ago | (#14885106)

Yeah, we'll catch him like Osama!

Arest Some SysAdmins Too? (3, Funny)

BoRegardless (721219) | more than 8 years ago | (#14885061)

Like which System Admin of a large government contractor is not aware of network security in this day and age, which would allow compromised computers and connections to the outside world?

Somebody needs pull up this guy and say (2, Funny)

k1980pc (942645) | more than 8 years ago | (#14885066)

It seems that you've been living two lives. One life, you're Thomas A. Anderson, program writer for a respectable software company. You have a social security number, pay your taxes, and you... help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias "Neo" and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not.
I'm sorry, I just watched matrix today again, so all my comments today might reflect it..i will go back to my cave till i'm off it.....

Hmmm (2, Funny)

CaffeineAddict2001 (518485) | more than 8 years ago | (#14885084)

Imagine if these bot nets did something more subtle... like.. turning a single random pixel black or slightly fudging the movement of the mouse. Warranty Havoc!! Gawd that would suck.

Re:Hmmm (1)

SheeEttin (899897) | more than 8 years ago | (#14885167)

Ingenious!

Now if you'll excuse me, I have some code to write.

Not a new tool, but a new threat (2, Interesting)

Opportunist (166417) | more than 8 years ago | (#14885102)

Botnets ain't new. They're even past their prime, past the time of the huge 'net that grew, unhindered by user awareness or antivirus tools.

Today's botnets are no longer standalone tools. They are used to spread secondary attacks. That's where the new threat comes in. That's how secondary threats like trojans and viri can spread via email. Or you can use the botnet to download and distribute updates for trojans.

The possibilities are pretty much limitless. Just imagine you have a few 100 to a many 1000 computers at your hands that could be used however you like, and let your imagination run wild.

Picture, please? (1)

ettlz (639203) | more than 8 years ago | (#14885157)

So we can all examine the EXIF fields, of course...
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...