Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Return of the Web Mob

CmdrTaco posted more than 8 years ago | from the cement-shoes-for-everyone dept.

146

Parore writes "eWeek is running a story about the return of the web mob, highlighting all the similiarities between the online attacks and the real-world mafia. From the article: "Black hat hackers have set up e-commerce sites offering private exploits capable of evading anti-virus scanners. An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs. Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software."

cancel ×

146 comments

Sorry! There are no comments related to the filter you selected.

People that matter don't care (5, Insightful)

liliafan (454080) | more than 8 years ago | (#15099098)

There is obviously a problem with botnets, virii, and trojans, part of the problem comes from a 'not my problem' attitude from law enforcement and ISP's.

Dozens of times when networks I maintain have been attacked I have contacted ISP's with all the information they would need to trace the user performing the attack and notify them that their machine is infected, however, the response I usually recieve is, 'it is our policy not to blah blah blah', when I have had verified hack attempts on my systems and have notified the authorities about it, I have been transfered all over the place, put on hold, transfered a little more until I completely loose interest, when I do get to report something it never gets investigated.

Until the people that can actually do something about these zombie machines and malicious users, get off their asses the problem will just keep getting bigger.

Re:People that matter don't care (3, Insightful)

Moby Cock (771358) | more than 8 years ago | (#15099133)

The day will come when the owners of the infected computers will be responsible. This is of course insane, but it is an easy way to assign blame. The real culprit, of course, is too difficult to track.

Re:People that matter don't care (4, Insightful)

liliafan (454080) | more than 8 years ago | (#15099182)

We know the people responsible are mean vicious hacker types, my point is that an ISP has a responsbility to not just protect its users from the internet but to also protect the internet from the user, if an ISP recieves a report that one of their users is doing something wrong they should take the time to check this, the same goes for law enforcement.

Users should take responsbility but you are right this will never happen, and a long as it is profitable the malicious users will continue to write their infections, the impact can be minimalised if ISPs take some responsibility for the users they allow to connect.

Re:People that matter don't care (4, Interesting)

LordOfTheNoobs (949080) | more than 8 years ago | (#15099604)

Maybe some administrators need to do what they did when there was no enforcement in the American old west. Take justice into their own hands. So you have the IP of a vulnerable bot that is assaulting your network? Nuke the SOB. If you must be friendly, leave a happy little "Your machine has been hijacked and when asked, your ISP was too busy to tell you. So I have conveniently and remotely removed all network drivers from your system."

Or, with a nod to the William Gibson, a little BLACK ICE to damage the foreign system beyond repair.

This is unrealistic I'm sure, illegal almost definately ( proactive self defense ? ). But damn would it be nice.

Re:People that matter don't care (1)

Capt James McCarthy (860294) | more than 8 years ago | (#15099751)

my point is that an ISP has a responsbility to not just protect its users from the internet but to also protect the internet from the user


IMO an ISP has no repsonsiblity to provide nothing more than bandwidth and uptime.

Re:People that matter don't care (1)

Enigma_Man (756516) | more than 8 years ago | (#15099963)

But it's much more cost effective for an ISP to just completely ignore the problem: They don't need to hire someone to monitor the junk / contact the customers, they don't lose their monthly $$ when they tell customers to fix their damn computers and the idiot customers just go to another ISP.

Re:People that matter don't care (4, Insightful)

gowen (141411) | more than 8 years ago | (#15099227)

The day will come when the owners of the infected computers will be responsible
Presumably, this will be the same day that women in short skirts will be responsible for their own rapes?

No matter how tempting a target I make myself, the responsibility for the crime will always remain with the criminal.

Re:People that matter don't care (4, Insightful)

giorgiofr (887762) | more than 8 years ago | (#15099251)

the responsibility for the crime will always remain with the criminal

and if, after being the victim, you start being the criminal, you will be held responsible for your crimes. for example: if you get HIV while being raped (btw... that's sad in so many ways I cannot count them) and you later go around merrily spreading it, you are certainly not responsible for being raped but you are for spreading the disease.

wow (1)

weierstrass (669421) | more than 8 years ago | (#15099300)

great analogy!

Re:People that matter don't care (2, Insightful)

geekboy642 (799087) | more than 8 years ago | (#15099347)

Actually, that is a marvelously apt analogy.

It is something akin to the violation of privacy and destruction of rights of rape, to have ones personal computer invaded by a virus or other malicious code. (yes I know, the severity level is vastly different, but it's the same type). Afterwords, if this personal computer wanders around the Internet having unprotected HTTP with other servers, any who don't have the vaccination are going to pick up whatever it's got.

Re:People that matter don't care (1)

Wikipedia (928774) | more than 8 years ago | (#15099810)

Unless you can't afford disinfection or virus/std testing, like many poor people in new orleans (who are now gone). Also microsoft should be to blame, correct? Since people can get sued for their software causing losses.

Re:People that matter don't care (2, Insightful)

gowen (141411) | more than 8 years ago | (#15099411)

If you get HIV while being raped (btw... that's sad in so many ways I cannot count them) and you later go around merrily spreading it
Throw the word "knowingly" in there, and I agree.

Re:People that matter don't care (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15099837)

What about if you, giorgiofr, get AIDS because you are having sex with a big sexy hairy man, and then spread it around to random bathhouse patrons? Does it depend whether you believe you were born gay, or you just do it for fun? Could you fill us in? You need to stop insults Persons with Aids (PWAs). PWAs are people too. They are not victims. They are empowered people, and your insulting them doesn;t help. I am sorry that you, giorgiofr, and your boyfriend can't be more understanding. I bet you are the type of guy who does his boyfriend and doesn't give him the courtesy of a reach around....

Re:People that matter don't care (4, Insightful)

giorgiofr (887762) | more than 8 years ago | (#15099233)

I don't think it's as insane as you think. It's quite akin to hold passengers responsible for whatever some ill-intentioned guy put in their luggage without their knowledge. After all, it's your duty to know the dangers of the machine you're operating: people are responsible for the damage if they drive at 150 km/h into a building and lose control of the car, even if they "did not know" that it was dangerous to do so.
Besides... responsible people are always the ones who have to pay for everyone else. If I keep my machine clean and safe, why do I have to suffer because you can't keep yours as mine? Is it my fault if you're stupid/misinformed/uninterested? Clearly it is not. On the contrary, I will think you are responsible for any damage (probably just some wasted bandwidth, but still) your machine is causing.

bad analogy (2, Insightful)

1800maxim (702377) | more than 8 years ago | (#15099429)

Wow, what a bad analgy.

Ignorance is different from negligence. And ignorance is not necessarily a negative term. It just highlights the fact that somebody does not know how stuff works in this example.

Driving 150 km/h is already doing too much, knowingly. The problem is when people drive cars they believe to be secure, driving at speed limit, while not knowing that somebody came and slowly started loosening the bolts on the wheels. Until eventually the wheels come off, the person driving the car loses control and causes a multiple vehicle collision on a highway.

Yes, blah, blah, it is the responsibility of the owner of the vehicle to check the safety of his/her vehicle. Let me ask you, do you check your lugnuts each day? How about each time you drive?

The problems of PC maintenance are highlighted especially in the young kids demographic as well as novice computer users, older computer users (mom/pop, grandma/grandpa), or people who are not technologically adept.

I expect the next line to be that such people should not use computers... Let's talk realistically intead of dreaming.

Re:People that matter don't care (1)

Wikipedia (928774) | more than 8 years ago | (#15099520)

kind of like broke down mountain, eh?

Re:People that matter don't care (1)

ABoerma (941672) | more than 8 years ago | (#15099374)

This is probably going to be considered flamebait, but I think people ought to feel when their computers are used for attacks, when it's relatively easy to keep them secure. ('Secure' in a relative sense: more secure than most people keep them.)

Re:People that matter don't care (1)

phreakv6 (760152) | more than 8 years ago | (#15099407)

The real culprit, of course, is too difficult to track.

Nah ! He is sitting there atop some 50 billion $s as the richest
man in the world

Re:People that matter don't care (1)

distilledprodigy (946341) | more than 8 years ago | (#15099447)

The problem isn't Bill Gates. The problem are the people writing the malicious code. It is unfortunate that we live in a society where instead of being angry at the asshats writing malicious code we're mad at the people being targeted by the asshats.

Re:People that matter don't care (1)

multisync (218450) | more than 8 years ago | (#15099478)

The day will come when the owners of the infected computers will be responsible. This is of course insane


I agree with you right up to the "this is of course insane" statement. I think the only solution is to hold the owners of the infected machines responsible, just like we make home owners responsible for shoveling the sidewalks in front of their houses.

Re:People that matter don't care (0)

Anonymous Coward | more than 8 years ago | (#15099639)

"shoveling the sidewalks in front of their houses"

How much time do you spend a year shoveling?

How much money do you spend?

How much time do you spend researching new shovels and shoveling techniques?

How much time do you spend watching the weather channel only to find out you shouldn't have went on the weekend retreat now you have 7" of snow that you are "responsible for" come on.. think before you type.

Apples man... keep your eyes on the topic.

Re:People that matter don't care (1)

Moby Cock (771358) | more than 8 years ago | (#15099687)

That is unmitigated nonsense.

Snow occurs natually. Your anology would have been more apt if you had said that homeowners are responsible for moving the snow put on their sidewalks by nefarious folks living up the street.

Re:People that matter don't care (1)

multisync (218450) | more than 8 years ago | (#15099903)

That is unmitigated nonsense.

Snow occurs natually


Perhaps I didn't use the best of analogies. My point was that the owners of the infected computers are not the (only) victims and should bear some of the responsiblilty for the damage done to third parties by their machines. It doesn't matter that snow occurs "naturally." I didn't cause it to land on my sidewalk, but I'll be sued if I don't take steps to remove it before the postman slips and falls.

This will never happen (3, Interesting)

Opportunist (166417) | more than 8 years ago | (#15099774)

Holding Joe Sixpack responsible for his computer's actions? Doubt it.

Remember that he's the one that generates money for the ISPs. He's not downloading Terabytes of movies.
He is the one that buys the crappy "download accelerators" and other useless programs.
He is the one that uses online banking.
He is the one that buys at Amazon.com and EBay.

Let's face it, he is the one they shape the internet for! The 'net ain't our net anymore. Hasn't been for well over 10 years now.

Now imagine he's held responsible for what happens out of his box. He doesn't know jack about his PC. He doesn't know he has a zillion dialers, trojans, adbots and whatnot, from klicking EVERYTHING presented to him. He only knows that "the net" somehow "did this" to his PC.

What is he going to do? Learn how to use it? Or stop using it altogether?

Which one is more likely? And would the industry like that reaction?

So will he ever be held responsible?

Re:People that matter don't care (0)

Anonymous Coward | more than 8 years ago | (#15099171)

Wrong approach. If the attack is from an American ISP address, just send a lawyerly looking letter pretending to represent [*Evil Corporation or Association*] and make some utterly ridiculous copyright violation claim traced to the PC in question. They'll probably be gone the next day -- no appeal and no proof required =/

Re:People that matter don't care (1)

Wikipedia (928774) | more than 8 years ago | (#15099269)

Shut them down with this :

http://ipnic.org/preliminary.html [ipnic.org]
[ipnic.org]

Only works in America.

Re:People that matter don't care (1)

misleb (129952) | more than 8 years ago | (#15099497)

Makes me feel good about the (small) ISP I worked for. We used to cut off service at the first sign of infection or trojan activity. Then we'd call the user up and tell them that they needed to clean their computer up before their service would be turned back on. The still had access to download some free tools, of course.

It wasn't completely altruistic. The way our network was set up, an infected user could cause problems for a lot of other customer. So it was in our interest to nip that kind of thing in the bud.

-matthew

Re:People that matter don't care (1)

Lord Kano (13027) | more than 8 years ago | (#15099537)

when I do get to report something it never gets investigated.

I understand that it must be frustrating, but think of it like this.

Who has the power to investigate a hack attack that comes from outside of your immediate area? A Federal Authority (the FBI for example), currently their top priority is making sure things don't get blown up. If the crime's result is a couple of hours of annoyance for some sysadmin, they can't be bothered.

I believe that the FBI has a $4,000 threshhold of damage before they will even begin to look into any computer crime.

LK

Re:People that matter don't care (1)

networkBoy (774728) | more than 8 years ago | (#15099818)

Something like that.
I had some twit in germany try to hack my server while I was sitting at it doing some work. I turned around and rooted his box, dropped a phone home trojan on it and proceeded to map to his printer. I then printed a message about what I thought of him 999 times. One print submission per page, spaced about 5 seconds apart, and only when he was on-line. The 1000'th page said I was done and reminded him to remove the trojan (with instructions).
Never saw that box try to hack me again (hopefully scared the patns off him, and I'm sure his dad whacked him a couple times).

That's how I dealt with hack attempts before I moved my server into a managed host environment.
-nB

A first post... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15099101)

...you can't refuse!

Analogy? (-1, Troll)

towsonu2003 (928663) | more than 8 years ago | (#15099112)

In this analogy, are narcotics MS Windows?

and, is this FP? :p

Re:Analogy? (-1, Offtopic)

towsonu2003 (928663) | more than 8 years ago | (#15099240)

ok, seriously, how is this troll? may be redundant ok, or overrated... but troll? wow: some mod needs his/her coffee injection...

Is anyone really surprised? (4, Insightful)

khasim (1285) | more than 8 years ago | (#15099144)

What did anyone expect?

The problem with anti-virus software is that it is 100% reactionary. The anti-virus companies don't release updates for viruses that they haven't seen yet.

That's why I view viruses/worms as a failure of the security model of the system.

Trojans are a different matter. But even with those there are ways to mitigate the effects. If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails. There will always be a few idiots.

Re:Is anyone really surprised? (1)

GrumblyStuff (870046) | more than 8 years ago | (#15099221)

If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails.

No, it won't if their on their Dell. They'll get a dialogue asking for their password and they'll be stupid enough to put it in without a second thought.

Re:Is anyone really surprised? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15099294)

The problem with anti-virus software is that it is 100% reactionary. The anti-virus companies don't release updates for viruses that they haven't seen yet.

Jesus Christ. You are a fucking slashtard, did you know that? Nah. I didn't think so. learn2think, fuckwad. And then go look up the definition of "heuristic analysis".

Fucking HELL, how does this SHIT get moderated up? COME ON PEOPLE, WHEN YOU HAVE MOD POINTS YOU'RE SUPPOSED TO MOD DOWN THE TRASH POSTS.

heuristic analysis (1)

morgan_greywolf (835522) | more than 8 years ago | (#15099563)

As if heuristic analysis were the key to stopping all the malware on the Internet. If it were, everyone would install AVG on their Windows PCs and all the malware would just go away.

However, reality bites us in the arse and then we realize that heuristic analysis only goes so far.

The key to having freedom from malware is to have operating systems which do not make it easy for malware to thrive. OSes should not default to having users logging in with administrative priveleges. Applications should not be able to be installed with a view lines of embedded scripting code in a Web page or an e-mail. E-mail software shouldn't allow attachments to be executed immediately upon clicking -- users should have to save the attachment and then launch it from the shell. This requires a little more thought process than "if I click here, I will see naked pictures of [insert celebrity]!"

Of course, the OS where all of these bad security models exist is Windows and the e-mail application in question is Outlook. We need to stop looking at the problem of malware as a user education problem and start seeing it for what it really is -- a broken OS issue caused by the greed and stupidity of the largest software company in the world.

Re:Is anyone really surprised? (1)

phreakv6 (760152) | more than 8 years ago | (#15099450)

If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails.

If there is such an option, it would be pretty trite and
the user would rather turn it off or blindly enter the password
every other time an exe asks to be run. It defeats the whole
purpose. Asking Qs for user affirmation each time an OS does
something is not security.
thats bad security model

Re:Is anyone really surprised? (1)

VikingThunder (924574) | more than 8 years ago | (#15099482)

Or you mean the antivirus companies that will be left behind. The "smarter" AV companies have been working at pro-active detection for a while now, through either virtual machine type heuristics (Eset, BitDefender's HIVE, Norman's Sandbox technology), or pro-active user/system intervention modules (Kaspersky in 6.0, McAfee's Entercept integration into VSE).

Re:Is anyone really surprised? (2, Interesting)

glsunder (241984) | more than 8 years ago | (#15099607)

anti-virus software is that it is 100% reactionary.

Thank the game companies for that. Isn't it just wonderful that anyone with kids has to give them admin rights just so the copy protection software can run on games?

If MS wanted to solve the problem they could, but they have to fight EA, UBIsoft, etc to get it done. Games are the lifeblood of windows in the home. Take them away and there's little reason for people to not use another OS, whether it be linux or mac. So, without another solution, MS isn't going to fix the problem, the general population isn't going to switch to another OS, and we're stuck with the status quo.

Foreigners... it's always foreigners. (4, Funny)

gowen (141411) | more than 8 years ago | (#15099150)

Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software
Phew, its a good job there are no malicious hackers in North America.

Thank God for the calming, lawful influences Mom's Apple Pie, Truth, Justice and Barry Bonds' adrenal glands.

Re:Foreigners... it's always foreigners. (1, Funny)

Anonymous Coward | more than 8 years ago | (#15099183)

Hey.
You forgot Chuck Norris' roundhouse kick, with which he killed all the hackers!

Odd that they don't mention any hacks in any part of the former british empire; the USA, Canada, Austrailia, India....

Maybe it's all them poncy english stiff-upper lips....

Re:Foreigners... it's always foreigners. (1)

Phoenixhunter (588958) | more than 8 years ago | (#15099215)

More than likely I'm beginning to suspect that NA crackers are probably 'above' such things as botnets and such. Kind of a scary proposition.

Re:Foreigners... it's always foreigners. (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15099399)

This is personal opinion based only on speculation:

I suspect that we're seeing these attacks come from places like Russia instead of places like America/Finland/etc. because mobsters in places like Russia find it easier to reach an under$tanding with the local authorities.

Bullshit (2, Informative)

Alphager (957739) | more than 8 years ago | (#15099518)

You see the attacks from such countries because it is damn convenient to proxy the traffic through those countries. Every good cracker in The US or Europe does that to have a layer of security between himself and the authorities.

Re:Foreigners... it's always foreigners. (2, Funny)

geobeck (924637) | more than 8 years ago | (#15099454)

Phew, its a good job there are no malicious hackers in North America.

It's even more fortunate that there isn't some sort of international network of wires and cables that would let these foreigners attack our computers from overseas.

Gotta admit (2)

dteichman2 (841599) | more than 8 years ago | (#15099154)

That $25 per 10,000 comps isn't bad....

One could do a lot with say... $250 worth.

Re:Gotta admit (0)

Anonymous Coward | more than 8 years ago | (#15099334)

Aria Gloris.

how would they collect (1)

Presto Vivace (882157) | more than 8 years ago | (#15099677)

suppose someone took you up on your offer, how would you handle billing? What are the chances of someone not being good for their money in a situation like that? I know this is the least important aspect of this; but I cannot help but be curious.

Re:Gotta admit (1)

Anne Thwacks (531696) | more than 8 years ago | (#15099690)

Aand if, after paying your money, you get zilch. Who you gonna call?

Ghostbusters?

If you are the sort of person who considers signing up for this, I can introduce you to a prominent member of Nigeria's former government ...

Things That Make You Go Hmmmm... (3, Insightful)

rueger (210566) | more than 8 years ago | (#15099173)

Let's see, the ISPs and other "authorities" can't do anything to stop the "black hat" hackers and mafia, or even refuse to do so.

Yet at the same time ATT is channelling massive amounts of customer traffic [slashdot.org] to the NSA for examination and interpretation.

Perhaps someone needs to define Mafia=Terrorist?

Re:Things That Make You Go Hmmmm... (0, Troll)

WinstonSmith2600 (961157) | more than 8 years ago | (#15099225)

Under the patriot act everyone is a terrorist.

Re:Things That Make You Go Hmmmm... (1)

geobeck (924637) | more than 8 years ago | (#15099569)

Under the patriot act everyone is a terrorist.

Hmm...

Concerned Citizen: Police! Stop that terrorist!
Police Officer: Terrorist? That's just Mr. Sanderson.
C Cit: Yes, but... He's running with scissors!
P Off: ... ?
CC: Well... he could snip the President!
PO: We're in Erehwon, Iowa, son. No president has visited here since Taft!
CC: But... I think he downloaded a copy of Loose Change [loosechange911.com] last week!
PO (running): STOP! You're under arrest for treason!... and running with scissors!

Re:Things That Make You Go Hmmmm... (1)

Lumpy (12016) | more than 8 years ago | (#15099356)

Dude the "authorities" do not do crap to stop regular criminals. Hell Most speeding tickets are intentionally given to those that look like they will not fight it. Drug dealers in rich neighborhoods are left alone while the poor ones are always dragged in.

Law enforcement in all aspects has been ineffective and selective for decades.

What the article doesn't say (1, Funny)

LiquidCoooled (634315) | more than 8 years ago | (#15099176)

is that the email was sent including 27 of the most recent exploits and anyone included in the list is also included in a new undernet.

I got one this morning and so far not&&^*%%£""£[NO CARRIER]

Re:What the article doesn't say (1)

Wikipedia (928774) | more than 8 years ago | (#15099401)

Do not click this link:

Paging Agent Gill... (2, Insightful)

Rob T Firefly (844560) | more than 8 years ago | (#15099191)

Cue yet another flood of FUD press on the evil "hackers who break into private and public systems, inserting viruses and exploit them to fulfill their own ends" while completely failing to mention the good guys on Bugtraq and such who have quietly been doing their thing for years.

Re:Paging Agent Gill... (0)

Anonymous Coward | more than 8 years ago | (#15099373)

failing to mention the good guys on Bugtraq and such who have quietly been doing their thing for years.

Jacking off while you look at the newest security vulnerabilities doesn't really take care of the problem. And wash your hands before you touch the keyboard. Yuck.

Vigilante? (1)

grumpyman (849537) | more than 8 years ago | (#15099203)

How about using the same exploit to alert the affected users; track down the originator and infect him (if he has a real terminal); raise money and send some tough guys to beat the crap out of the hackers?

Patch them all; GOD@heaven.org will find his own. (1)

abb3w (696381) | more than 8 years ago | (#15099732)

Alternatively, use the exploit to patch the hole and THEN alert the users. And, to get a start on that, spend $25 for a 10k machine botnet to start scanning for unpatched machines.

No, it's not remotely legal; it's not even vaguely close to ethical. However, it might work. Consider it akin to giving software makers only FOO weeks before the exploit is disclosed; users get only FOO weeks to apply patches against remote exploits before Grey Hats shove the patch up their computer's ass...embly, whether the user wants it or not. Perhaps do something like set the desktop background to a .gif saying "PATCH ME, MORON!" for good measure.

Should I RTFA? (-1)

Ohreally_factor (593551) | more than 8 years ago | (#15099223)

Judging from the comments, this story has nothing to do with the slashdot moberator system.

Crime uses new tech? What's new? (0)

Anonymous Coward | more than 8 years ago | (#15099236)

Criminals used the horse. then the rifle, then the telegraph, phone, car, airplane, etc. What would be different about the Internet?

Holy Exploits, Hackman! (2, Funny)

Spy der Mann (805235) | more than 8 years ago | (#15099238)

The web mob is back! We MUST stop them!
- Quick, To the TuxCave! [nyud.net]

Regarding Linux... (1)

Spy der Mann (805235) | more than 8 years ago | (#15099284)

Ok, joke aside, I was wondering if these viruses wouldn't be spread so easily if we used Linux, but that's too much "slashdot thinking". After reading the story on Open Standards, I thought of something more interesting.

Will Microsoft be able to widthstand this wave of exploits using their current software methodology? Or is Open Source programming the ONLY way?

In other words: Is Microsoft losing the war against viruses?

Re:Regarding Linux... (2, Insightful)

Cromac (610264) | more than 8 years ago | (#15099651)

Ok, joke aside, I was wondering if these viruses wouldn't be spread so easily if we used Linux, but that's too much "slashdot thinking".

Most likely, yes. "we" aren't the ones spreading virius and unknowingly joining botnets. It's the uneducated person who went to CompUSA or Dell and bought their PC. Those people wouldn't put up with the heightened security of a secure Linux box any more than they would with a secure Windows machien. They would still fall victem to the same trojans. Some virus and worms would probably spread more slowly but overall the situation would be pretty much the same because the common computer user doesn't want to deal with everything that goes along with a locked down, secure, system.

Look at the Price! (5, Interesting)

Spinlock_1977 (777598) | more than 8 years ago | (#15099239)

$25 to infect 10,000 pc's sure is cheap. If this guy can get only 25 bucks per 10,000, he must have competitors (read: there's a lot of people doing this), and it must be easy to do. These, of course, are not good signs.

However, it occurs to me that the best measure of Microsoft's success in security is the market price for 10,000 infections. For example, if Vista turns out to be an inpenatrible tank, we should see the price go up to 50 or 100 bucks, maybe more.

At the end of the day, until we all stop using the same operating system, we're doomed to a continual barrage of large-scale infections (remember the Irish potato famine?)

Re:Look at the Price! (2, Funny)

geobeck (924637) | more than 8 years ago | (#15099492)

...remember the Irish potato famine?

Interesting analogy. I guess the difference is that you can't patch a blighted potato.

"Aye, son, just spray a fine mist o' Service Pack 2 o'er that field o' mashers."

Re:Look at the Price! (2, Insightful)

chadamir (665725) | more than 8 years ago | (#15099580)

I feel as though I should give the 25 dollars and have the computers run folding@home for a day.

Re:Look at the Price! (1)

LunaticTippy (872397) | more than 8 years ago | (#15099951)

I suspect that zombie PCs don't have many spare CPU cycles. It's a nice thought, though.

Re:Look at the Price! (1)

sarlos (903082) | more than 8 years ago | (#15099758)

At the end of the day, until we all stop using the same operating system, we're doomed to a continual barrage of large-scale infections (remember the Irish potato famine?)
Actually, Dr. Ford, a professor at Florida Institute of Technology, did some research into this. In order to have enough diversity to make a dent in it, we would need some ungodly number of different operating systems. You can read about it in the December 2003 issue of Virus Bulletin [virusbtn.com] . It's in PDF format, and you have to do a free registration, but you can find the article in the archives.

Also note that Windows is a primary target because of its large install base. If we all switched to Linux, or MacOS, we'd still have problems, it would just be targeted at our new OS. As someone else mentioned, it all comes down to the user wanting to do what they want to do with their own machine.

Suprised this wasn't mentioned (2, Informative)

coaxeus (911103) | more than 8 years ago | (#15099242)

I think the most mafiaesque thing I've seen on the old HTTP lately would be the DDoS and demand for ransom money on milliondollarhomepage.com Here's an article on it, the blog on the site itself also details how it went down. http://www.techshout.com/internet/2006/19/ransom-s eeking-hackers-attack-uk-students-million-dollar-w eb-site/ [techshout.com]

It's OK with the FTC Apparently (1)

eno2001 (527078) | more than 8 years ago | (#15099246)

If it's good enough for SCO, Microsoft, and pretty much any other large computer industry player, then it's good enough for the black hats out there. I wonder if there's a yearly conference that all these folks go to? Oh yeah, it's called "ConCon". ;P

$25 for 10.000 computers (3, Interesting)

SmallFurryCreature (593017) | more than 8 years ago | (#15099257)

No wonder Bill Gates doesn't believe in the 100 dollar laptop. He is supplying the world with PC's that cost you a fraction of a cent.

Only kidding of course, well partially. How many botnets consist of linux or OS-X machines?

It does however show just how hopeless windows security is. Even criminals have costs so if they can make a profit after paying their hosting and electricity and hardware and man power with just 25 dollar per 10 thousand machines then the cost and labour of infecting a windows machine must truly be trivial.

Lets face it the mafia doesn't do it for penny profits. They are not supermarkets surviving on a 1 cent per sale profit. They want millions and they want them now.

How many times $25 does it take to intrest a mobster?

Frankly I don't think the problem is going to go away. The idea that MS is ever going to provide a secure OS is laughable and even if they did nothing helps against a dimwitted user who happily installs anything if it promises a nudie picture.

They only two easy solutions I see is to install a serious watchdog on the net. One who can kick off ISP's that host the mob AND users who let their PC's get infected.

Would that be workable? Even "respectable" western ISP's barely respond to complaints about attacks. We got a spam watchdog that already kicks of ISP off the email net when they misbehave and this just barely works. If the same was applied officially to the net as a whole entire parts of the world would be disconnected.

Perhaps it is just something we got to live with. The real live mafia never went away. Why should the net be any different. As long as their is money to made people will attempt to get it.

Re:$25 for 10.000 computers (1)

weierstrass (669421) | more than 8 years ago | (#15099345)

biggest botnet found: 17 million infected PCs. that's the biggest one that they know about, mind.

no, I don't have a reference, some man in the pub told me..

Prices tell a story (2, Insightful)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15099531)

but you have to be careful listening to them.

Hypothesis: the mob are the buyers of botnets, not the sellers, and the sellers are in a worse negotiating position.
Hypothesis: supply of infected machines exceeds demand.

Hard to tell which is correct.

Zero-day exploit pricing is interesting too. I've seen numbers like $500 or $1000. If that reflects supply and demand then Windows machines are still pathetically vulnerable. In any event, that means that any stalker or divorce investigator could afford one.

Anyone seen an actual published survey of zero-day pricing?

Re:$25 for 10.000 computers (1)

joeytmann (664434) | more than 8 years ago | (#15099794)

Lets face it the mafia doesn't do it for penny profits. They are not supermarkets surviving on a 1 cent per sale profit. They want millions and they want them now.

Wrong. The mafia wants to steal what you won't notice that much. They only go after sure things. If I recall correctly the biggest heist in US history by the mob was of Lufstansa Airlines, for like $5 million in the early 80's. Everything else was usually skimming casinos, robbing shippers and reselling the goods on the street, protection rackets, gambling and prositution rings.

Some don't care, some don't understand... (4, Insightful)

trazom28 (134909) | more than 8 years ago | (#15099260)

Most law enforcement I've worked with are great at their job.. if they can see it. Example - someone commits a crime, they can investigate and arrest. However I'd say about 1/2 of general law enforcement people do not grasp the concepts of the "virtual" world, through no fault of their own.

While Opping on irc, I noted a person claiming to sell laptops at 1/2 retail cost.. new ones. I pretended interest, and got some contact info.. forwarded this on to law enforcement for his area... within a week, the detective emailed me to say they'd busted a fraud ring. It was tangible, they could deal with it :)

Internet crimes still deal a lot in the virtual world, and if you haven't been trained on how to.. visualize and understand it, it's a tough concept. Not everyone gets it.

As with a lot of things, the key would be training. You're probably not going to get a small town sheriff trained, however some of the larger sheriff's departments would be excellent centers for this.. keep it to county level, forward to state or federal if needed.

But some are trying (3, Interesting)

BenEnglishAtHome (449670) | more than 8 years ago | (#15099826)

I've installed and run investigative workstations for my employer. It ain't easy. Our methodology is to set up workstations that are as bulletproof as we can make them (considering the places we're going to visit, that's a given) and then let specialists try to develop leads. We have procedures to allow non-LEO personnel do the initial legwork; they surf and chat and poke around, extensively logging everything. When something interesting pops up, they're free to dig deeper. Eventually, when they think they have enough information to write up a report, they do so and turn it over for review. If it's picked up for serious investigation, either on the criminal or civil side, it passes from their hands and they never really know what becomes of it. That's fine with me; the initial lead development is what's fun, anyway. I'm one of the few people I know who can say he's spent a great deal of time being paid by Uncle Sam to surf porn (and other unsavory stuff).

What bugs me are the amateurs. There's a certain nexus between the sleazy side of the porn world and financial crimes, so I've spent a bunch of time in places that, at first blush, might seem more titillating than profitable. You would not believe how many transparently fake attempts are made by local, often small-town cops to entice people into illegal behavior. By far, the most common problem is the "I'm a 12-year-old girl. Would you like to talk to me about sex?" thing. Yes, some of them are that crude. Apparently, there are a bunch of Barney Fifes out there who have convinced their bosses to set up an AOL account for them in a back room at the police station for the purpose of generating a few easy, cheap, and sensational arrests that'll get the name of the local DA in the paper before the next election.

I used to wish they'd just go away, but afaik perhaps they already have. I haven't worked in lead generation for several years so I haven't been in any of those places in quite a while.

Anybody have any recent experience with this? Are there still woefully clueless LEOs out there popping up at inappropriate places pretending to be hot-to-trot preteens? God, I hope not; they were a royal pain in the ass.

Re:Some don't care, some don't understand... (3, Informative)

AK Marc (707885) | more than 8 years ago | (#15099911)

It was tangible, they could deal with it :)

They are all tangible at some point. Someone uses a stolen credit card number to buy a widget. Sure, it takes 20 steps of "cyber crime" until the actual fraud is committed, but the crimes always come back to the physical. The problem is that the physical is too late to stop, in most cases.

I called the FBI on two occassions and told them of people that were trying to defraud me. They asked, "did they already get any money from you?" when I told them I wasn't that stupid, they said they weren't intersted in the solicited fraud. They wouldn't investigate without actual loss, they are too busy to prevent crime or catch people that probably did successfully defraud others. They'd rather have the open case they can ignore when the next person doesn't know what a 419 is...

Reason #1 security information should be released (2, Informative)

erroneus (253617) | more than 8 years ago | (#15099272)

This is exactly why any and all security information should be released to the public immediately.

Public release will serve the following purposes:

1. To inform the consumer of a problem/vulnerability so that action can be taken sooner.
2. To kick the vendor in the ass and make him move on the issue.
3. To prevent underground organizations from creating secret exploits that might otherwise go unnoticed or unidentified.
3a. To prevent commercial gain by exploiting the knowledge of such secret/unknown security problems.

Release isn't understanding (2, Insightful)

abb3w (696381) | more than 8 years ago | (#15099721)

1. To inform the consumer of a problem/vulnerability so that action can be taken sooner.

You presume that Joe or Jane Consumer will necessarily:
a) Hear
b) Pay attention
c) Understand
d) Be able to do something
e) Do something

Color me skeptical.

3. To prevent underground organizations from creating secret exploits that might otherwise go unnoticed or unidentified.

No, this only means that when someone else finds the hole, you can check if their have been black hats using it. A few of the Black Hat groups are skilled enough to find holes, and clever enough to exploit them without telling anyone else.

And people wonder... (5, Insightful)

John Hansen (652843) | more than 8 years ago | (#15099274)

... why other people can take advantage of their computers?
I run a network in a medium-sized business. When I came in, there was no IT staff to speak of. All the workstations were Dell computers, mostly running the default installations of Windows XP. There was a Windows 2000 domain controller set up, but most of the computers were not set up for the domain, meaning that there were no default security policies. The E-mail server had an antivirus scanner installed but it wasn't updating its definitions.
Since I came in, I've had to reformat & reinstall at least half of the workstations because they've been infected with spyware and viruses. This is because, despite having virus scanners, spybot scanners (Microsoft Anti-Spyware, Spybot, and Ad-Aware), and Firefox installed, the absence of IT staff meant that the company staff were ignoring spybot warnings, the antivirus was not up to date, and they were browsing the web with Internet Explorer.
I'm still fighting the use of Internet Explorer, since we have no real reason to be using it -- most all of the websites we access are Firefox friendly. However, the momentum means that I can't just block out access to it in the domain policy. People need to migrate their bookmarks and preferences over, and that isn't done overnight. It's maddening.
So who do I blame when I see headlines like this, or when I look at the company I work at and see a mess? My first point of blame lies with Microsoft for creating such a vulnerable infrastructure to begin with. And that's not because I'm an anti-MS or Linux zealot. It's true, I run Linux at home on every computer. It's also true that since coming in, I've set up a number of Linux servers and a Linux firewall. I know how to work with Microsoft products and lock them down to a reasonable state. It's just that it frustrates the hell out of me when a product built-in to the operating system has so many vulnerabilities, and it's a freaking product used to browse the web! Not something essential to the system like the kernel (which has problems too)... a web browser! Something that should have no system access!
So yes, I lay most of the blame for this kind of travesty at Microsoft's feet. Had they actually thought their design through before they started coding, I can almost assure you that we would not be having this kind of problem to begin with. There would be viruses for Windows, yes. There would be worms for Windows, yes. But I find it unlikely that a properly-designed Windows would have made it possible for there to be millions of zombie PCs across the world, able to be bought by the highest bidder.
The rest of the blame I lay on user education. Most people with computers are totally oblivious about what's on the Internet. They just click on the big 'e' and surf their favorite porn sites, check email for funny comments, et cetera. And then they wonder why they get hundreds of popups and their computer runs slow as frozen molasses. Some of this could be stopped if network admins took some effort to educate their users in a business environment (herculean but possible, and I know some organizations actually do so). Which leaves the home PC users. What do you do about them? Well, I think that's more Microsoft's responsibility, since they're the ones who created the product.
In the meantime, I'm setting up Ubuntu for people who want it, or giving out CDs with it on them and directions. And most people I've switched have been quite happy with it, since their main needs are web browsing and Email and it covers those. So until Microsoft produces a product that I can actually recommend to my mother, I cannot recommend Windows.

Re:And people wonder... (1)

matt328 (916281) | more than 8 years ago | (#15099584)

here here.

I totally agree. The folks over at Mozilla have no problem producing a secure web browser. It must not be too hard either, they give it out for free. You mean to tell me Microsoft can't (or won't) do that?

Re:And people wonder... (1)

sketchman (964604) | more than 8 years ago | (#15099617)

Sir, you are 100 percent correct. I agree completely.
But, the fact is, people love eye candy and easy use. Mr. Bill knows this, so thats all he puts into Windows. Nothing more.
This practice has gotten him enough money to feed all the starving nations in the world for a year or more, so he has no reason to change anything about his OS.
Maybe one day the world will wake up and switch to a secure OS.
Join the penguins of the computer revolution!

IE purchase? (5, Funny)

qwp (694253) | more than 8 years ago | (#15099276)

So........
When i went to purchase these 25,000 computers with my trusty Internet Explorer v4.0, I actually got A DEAL!. They tossed in a extra computer now I control 25,001. These guys are soo nice!.

Re:IE purchase? (0)

Anonymous Coward | more than 8 years ago | (#15099533)

I roffled heartily

Not only that... (2, Funny)

bepe86 (945139) | more than 8 years ago | (#15099541)

Yeah, that's not qall of it, they even accept credit cards :)

Maybe Governments & Virus Co's want it this wa (0)

Anonymous Coward | more than 8 years ago | (#15099280)

Maybe it is in the best interest of the virus companies and the governments to keep the status quo. Remember the NSA KEY in Windows 2K? Could be they have an easier time when the software is so open. Could be that the Virus companies make MORE $ when things get through on occasion and there is the NEXT BIG SCARE. Remember, news, even bad news, is good news and helps drive sales of your products, like anti-virus software....

Re:Maybe Governments & Virus Co's want it this (0)

Anonymous Coward | more than 8 years ago | (#15099493)

Remember the NSA KEY in Windows 2K?

You mean the hoax?

If only their power could be used for good... (1)

kenj0418 (230916) | more than 8 years ago | (#15099287)

So, if I gave these guys $25 to have 10,000 of their zombie computers all run SETI@Home, could I write it off as a tax deduction?

Re:If only their power could be used for good... (1)

MadRocketScientist (792254) | more than 8 years ago | (#15099452)

As if the problem isn't big enough now, your 25 bucks will probably give the worlds first verified intelligent extra-terrestrial signal to the mob, who will immediately infect it and gain control of a galactic-botnet. (everyone knows it's easy to infect alien systems using a Mac Book, right?)

Re:If only their power could be used for good... (1)

bepe86 (945139) | more than 8 years ago | (#15099561)

That would be great, "Control your very own galaxy for $199"

Analogy (again) (1)

towsonu2003 (928663) | more than 8 years ago | (#15099304)

Let's say real-life mobs exploit people's addiction to narcotics to make money. In this instance, these virtual-mobs are using people's addiction to MS Windows to make money[1]. Hence Narcotics => Windows. As a result, this current item is relates nicely to this article on open standards [slashdot.org] ?

[1] Those zero day exploits wouldn't exist (or, wouldn't be useful even if they existed) if Windows code was open to see and modify. For example, the most severe security bug (sudo password saved in plain text) I saw in Ubuntu was fixed and uploaded to the repositories in about 2-3 hours. Why would you want to buy any exploits that will become obsolete 3 hours after you used it?

You to can be rich!! Secrets revealed!! (2, Funny)

ylikone (589264) | more than 8 years ago | (#15099343)

Imagine never having to drive into work again!! Sit and home and make millions with proven black hat techniques! All you need are a few [amazon.com] hacking [amazon.com] books [amazon.com] from Amazon and a lack of morals! What could be easier!?

/this is not a troll, it's sarcasm

Oddly Appropriate Quotation (3, Interesting)

pmike_bauer (763028) | more than 8 years ago | (#15099344)

Considering the topic, the quotation at the bottom of the page is appropriate:

You can do more with a kind word and a gun than with just a kind word. -- Al Capone

AV software is akin to a kind word when it comes to combating the net mafia.

During the Wild West days when law enforcement was scarce, militias and posses were deputized to keep the peace. Today, police and government are stretched thin, so Congress should deputize 'white hats' to attack/track down virus writers. This has got to be better than the reactionary stuff we are legally permitted to use.

Re: email advertisment (2, Insightful)

romka1 (891990) | more than 8 years ago | (#15099507)

"An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs"

Dear researches i would like to make you an even better offer recently my good friend the president of nigeria was killed and he had left me a huge amount of money but i need help getting it out of the country for pay the fee for all the legal paper work and transfers i will give you 20% of my 100 million inheretence

the real botnet problem (1)

WinstonSmith2600 (961157) | more than 8 years ago | (#15099558)

The real problem with botnets is that they tend to draw attention to the exploit resulting in a patch. If it wasnt for botnets we could use the exploits for a longer period of time.

Cluster (1)

Orgasmatron (8103) | more than 8 years ago | (#15099579)

Damn, that is a cheap cluster. $25 per 10,000 machines. I wonder what kind of turnover you'd have if you used them for things unlikely to draw attention to yourself (that is, if you don't use them to DDOS IRC lamers)...

Get real about (US) users! (0)

Anonymous Coward | more than 8 years ago | (#15099602)

This references users primarily in the US. Other cultures & nations may be different, YMMV. Accept it, most US users want to use a computer like they use their car. No effort, no learning after the inital bit; use it (the car) when desired, ignore it when not using it. Most people in the US don't check for recall's or tech bulletins on their cars! This is despite the fact the user can die, from a failure to follow a recall notice or technical bulletin (especially with their poor driving habits). If the average US user won't put an effort into preserving their life; why should a sane individiual expect them to take any better care of their computer?!!

Blaming "the system" (1)

Opportunist (166417) | more than 8 years ago | (#15099865)

The internet is a wonderful thing, for it has no borders. Unfortunately, the real world does and that's the inherent problem of this all: Getting international police forces to work together takes a hell lot of time. If possible at all.

The problem lies in the placement of the criminal. In a normal, tangible crime, the criminal has to go to the place of his crime. You want to steal my car, you have to go to my car and steal it. You want to break into my home, you have to come to me and crowbar my door. You want to rob a bank, you have to go into the bank and withdraw with your iron CC. In any case, you have to go to the place of action, physically, and thus get into the reach of local law enforcement.

In the virtual world, you don't. You can be anywhere on this planet. Preferably in a country that has better problems to deal with than whether some guy in a foreign country loses some money. You can steal across borders, thus you don't get into reach of the local LEAs.

And quite suddenly, the legal problems of other countries, their lack of stability that was so convenient when dealing with them, because they could simply dump waste anywhere or don't have any problems with poor working conditions (and thus have CHEAP labour), those problems become yours.

Not exactly mafia tactics (2, Insightful)

psydeshow (154300) | more than 8 years ago | (#15099871)

Maybe I've seen too many movies, but these blackhats don't *sound* like the mob.

I'd think the mafia would build enterprise-ready e-commerce sites and then "persuade" businesses to purchase hosting from them. You know, the old protection racket.

None of this $25 a pop retail sales stuff. That's just monkey business.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>