×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Botnet on Botnet Action

CmdrTaco posted more than 6 years ago | from the thats-not-hot dept.

Security 187

Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

187 comments

Note to Editors (5, Funny)

Billosaur (927319) | more than 6 years ago | (#18811159)

Never let CmdrTaco come up with headlines after a night of watching girl-girl porn... the images created are... disturbing...

Re:Note to Editors (0, Offtopic)

Billosaur (927319) | more than 6 years ago | (#18811367)

Ok, I hate to reply to my own post... and far be it from me to insult the Gods of Karma... but "Insightful?" Now that's funny!

Re:Note to Editors (5, Insightful)

thestudio_bob (894258) | more than 6 years ago | (#18811443)

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

Re:Note to Editors (3, Insightful)

AndersOSU (873247) | more than 6 years ago | (#18811557)

because it is self defeating. If you clean up a computer, you no longer have access to a computer that would clean up other computers.

Re:Note to Editors (1)

maxume (22995) | more than 6 years ago | (#18811709)

So stick in a 5 month service period before the goodbot commits suicide on a given machine. I imagine the greater reason is that it would be a criminal act with no direct gain, so people that are able to do it and 'good guys' won't, because it represents a big risk with no real gain.

Re:Note to Editors (1)

WhatAmIDoingHere (742870) | more than 6 years ago | (#18812127)

Some people tried that. Modifying some of the bad worms to have a payload of "download and install the patch for the hole I came in with."

That failed pretty damn hard. It was argued that it did as much damage as the worm it was trying to stop.

Re:Note to Editors (1)

maxume (22995) | more than 6 years ago | (#18812399)

I don't think it's a good idea. It is notable that while the things that get called bots are worms, they are generally designed not to be destructive and to spread slow enough to avoid excessive attention. So making up history, my definition of 'goodbot' only includes bots that do more good than harm.

Re:Note to Editors (3, Informative)

It'sYerMam (762418) | more than 6 years ago | (#18812389)

Hmm, I don't think this has been thought through properly. (regardless of the insightful mod) Just because you've patched up the security hole on the host computer doesn't mean you can't still send stuff out. And of course, it's less than trivial to build in a time delay before the bot patches security holes and terminates itself, during which time it infects as many PCs as it can - so if, by some mechanism, the way you got in is related to the way you're sending yourself out, it would still work.

Re:Note to Editors (4, Interesting)

qwijibo (101731) | more than 6 years ago | (#18811723)

Because good has to be much more diligent, and that is orders of magnitude harder.

When you're working for evil, you don't have to worry about collateral damage. If you cause one system out of 100 to stop working completely, or just have some incompatibility that makes it less useful to the user, you don't care. If they didn't want to be infected, they'd have better security. Propagating evil viruses, trojans and worms is easy because you can be careless and expect the rest of the world to reboot if you have a bug.

This is also why large organizations have people to test that patches don't break the necessary functionality in their supported applications. If something breaks, they have to support it, so they make sure it's not going to come back to bite them. This takes a fair amount of time, people, and all of the supported configurations to ensure that things are safe. It's a real pain in the neck (or other body part) to do a good job at this.

The most secure machine is one that is turned off, unplugged and locked in a room that has an armed security guard with standing orders to shoot everyone. That's not the computer usage model that any of the companies listed want to encourage. They want the user to be insecure to different degrees.

Re:Note to Editors (4, Interesting)

plover (150551) | more than 6 years ago | (#18812605)

I'm not so sure about this. Why does good have to be diligent and honest? Why can't this be done by vigilante groups who are not officially sanctioned, but nobody complains about them?

The internet is still pretty much wide open, with no single governing body. A vigilante group could operate out of any number of less-than-cooperative countries. And this vigilante group does NOT have to be 100% good or careful. These zombies exist because their owners don't know or care enough to keep their machines safe, and now they're out attacking the rest of us. I have about zero tolerance for dangerously ignorant people or their hardware when it's threatening mine.

In medical terms, these zombies would be defined as malignant cancerous cells, and botnets as tumors. And to carry the medical analogy further, the treatment is to kill the rogue cells. We don't contact them, and ask "hey, Mr. Cancerous cell, you're hurting the rest of us, would you please stop?" No, we use chemo and radiation and surgery and remove and destroy the tumors so they don't spread further.

I really don't see why a vigilante group can't send out "good-faith" efforts to patch bad machines. If those machines die as a result of a bad patch, well, perhaps its because they deserved to die. I certainly wouldn't complain if someone started actively dismantling these networks.

Re:Note to Editors (1)

Junior J. Junior III (192702) | more than 6 years ago | (#18811725)

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone?


That's exactly what turning on Automatic Updates + Firewall protection + Antivirus software automatic updates is. You can still get 0wned even if you have Automatic Updates turned on, but it's better than nothing. Automatic Updates + Sunbelt Kerio Personal Firewall + AVG Anti-Virus Free Edition + a couple of spyware scan/remove apps + running Firefox instead of IE and being careful about what I click + hiding behind a NAT router keeps me pretty safe, for the most part.

Re:Note to Editors (4, Insightful)

bhmit1 (2270) | more than 6 years ago | (#18811731)

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.
Because of liability and money. A large company won't do this because if they take control of your machine against your will through a security hole (and there's no other way they'd put a dent in the problem if people had to volunteer to have this installed) they are liable for any damage that does and open themselves up for trespassing lawsuits. Consider a patch that a company is not installing because it conflicts with business critical applications or because they are aware of an even bigger security hole it exposes.

As for some hacker doing it, it's all about money, and maybe a little fame. Doing this puts you in a worse position than the airline ticket hacker. So anyone that exposes themselves to this kind of risk, does so for money. And right now, there's money to be made in cutting out the competition in terms of making your botnet bigger than theirs and less likely to be removed (users are less likely to notice just one bot).

Re:Note to Editors (3, Informative)

HUADPE (903765) | more than 6 years ago | (#18811931)

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

It's illegal. Botnets constitute several levels of fraud in that they a. install software without your consent; b. steal your bandwidth to copy themselves; and c. then use your computer to commit some other crime.

c. would not be done by a "good" botnet, but a. and b. would. Even if all the hijacks came from a commercial server set up for it, a. would be violated. If you think click-through EULAs are invalid...just imagine the invalid-ness of a botnet install.

Re:Note to Editors (2, Informative)

ajs318 (655362) | more than 6 years ago | (#18812381)

Because regardless of your intentions, it would still run afoul of the Misuse of Computers Act 1990.

open source anti-evil botnet (1)

Gary W. Longsine (124661) | more than 6 years ago | (#18812575)

Hmm... I suppose that if an open source effort were orchestrated and hosted from a non-extradition country, such a botnet fleet could be designed and maintained without running afoul of this law. The idea still has a number of other problems, not least of which is that it's not clear how R&D would be funded. Botnets are evolving rapidly due to the influx of R&D money. The Anti-botnet won't benefit from revenue generated by stolen credit card numbers, data stolen and then sold to corporations and governments, and SPAM.

Re:Note to Editors (0)

Anonymous Coward | more than 6 years ago | (#18812455)

Several years ago when the Blaster worm was making the rounds, my company fought a moderate amount of infections. As I remember it, there was a secondary worm, a "good" worm, that was intended to clean up infected machines if the users wouldn't/couldn't themselves. That secondary worm wrought more havoc on our network than did the worm it was meant to eradicate. I understood the intention, but the result was awful.

What's another word for pirate treasure? (2, Funny)

spun (1352) | more than 6 years ago | (#18811559)

All I could think of when reading this headline was Buck Rogers in the 25th Century. Specifically the second season, when they introduced Twiki's robot girlfriend. You know, the one who said "bootybootybooty," instead of "bidibidibidi."

Re:What's another word for pirate treasure? (1)

lonechicken (1046406) | more than 6 years ago | (#18811929)

All I could think of when reading this headline was Buck Rogers in the 25th Century. Specifically the second season, when they introduced Twiki's robot girlfriend. You know, the one who said "bootybootybooty," instead of "bidibidibidi."
Wasn't there a scene at the end of that one where Twiki and Booty were dancing (the robot dance of course), and the camera switched to Hawk who gave them an uncomfortable smile? Then Buck and Wilma go in the back to hook up? Maybe in my mind, that's how I wanted that episode to end.

"Second Variety" (1)

elrous0 (869638) | more than 6 years ago | (#18811569)

Reminds me of Phillip K. Dick's "Second Variety," where the robots evolved first into killing their human masters, then into killing one another.

Re:"Second Variety" (1)

orielbean (936271) | more than 6 years ago | (#18812049)

But it's a cute, starving child all along out in the wasteland! Who wouldn't want to save it?! What a great story.

Re:Note to Editors (1)

arbarbonif (307596) | more than 6 years ago | (#18811625)

But what will CmdrTaco do when he is NEVER allowed to come up with headlines?

Re:Note to Editors (4, Funny)

smooth wombat (796938) | more than 6 years ago | (#18811677)

But what will CmdrTaco do when he is NEVER allowed to come up with headlines?


Work on the broken mod point distribution code?

Re:Note to Editors (0)

Anonymous Coward | more than 6 years ago | (#18812443)

You misspelled 'midget-midget'.

Funny 404 (4, Funny)

gblackwo (1087063) | more than 6 years ago | (#18811213)

Got a good couple 404 error from slashdot on this page before anyone had commented, I thought the bots had a foothold.

"Botnet on Botnet Action" (2, Funny)

circletimessquare (444983) | more than 6 years ago | (#18811217)

that is some strange evolution going on. it seems that some of the porn spam bots have learned how to spam slashdot with story title submissions

sick jokes you (0)

Anonymous Coward | more than 6 years ago | (#18811325)

This is laughable for you who grows upsward in a suburb with no real problems or life challenges but i've been a botnets sexual object. it is confusing in childhood to have affection and torment from same thing, your botnet. new laws are needed.

I can see it now... (5, Funny)

Mockylock (1087585) | more than 6 years ago | (#18811237)

In a dark area of Brooklyn, servers have a standoff wearing their bandanas, willing to die for their turf.

"We are better with patches", says GlobalBot international server.

InterSearchBot united server sneers, "PATCHES!?... WE DON' NEED NO STINKING PATCHES!"

I imagined it more (1)

BlackCobra43 (596714) | more than 6 years ago | (#18812585)

as a West Side Story-style spontaneous but well-choreographed, complex dance-and-song number. I'm pretty sure that's just me, however.

So Possibly... (4, Insightful)

QBasicer (781745) | more than 6 years ago | (#18811249)

...the botnet creaters are trying to make their botnets more secure, and prevent other botnets from taking over the host? I'm not sure whether this is good or bad. The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?

Re:So Possibly... (1)

garcia (6573) | more than 6 years ago | (#18811293)

The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?

Well you can certainly find their clients. They are the ones that are constantly hitting your web server with POST commands with no preceding GET, have strange referrers, or stupid browser identification (AmigaOS or C64, etc).

I really wish that the residential cable ISPs would shutdown these fucking connections faster. My ban list is nearly unmanageable now, if it continues, it will only get worse.

Re:So Possibly... (5, Insightful)

plover (150551) | more than 6 years ago | (#18811397)

I don't report zombies on Comcast addresses probing my home web server to Comcast because I'm afraid they'll just get all pissy about my running a web server. It's strictly a "personal use" server, and it doesn't see a megabyte of traffic a day, but you never know what's going to tweak the wrong person. I figure it's better to stay below the radar, keep the patches current, keep watching the logs and put up with the probes.

Re:So Possibly... (1)

garcia (6573) | more than 6 years ago | (#18811623)

I don't bother to report mine to Comcast either because they don't do anything about it above and beyond their automated system checks anyway. They get enough abuse@ contacts that they cannot be concerned with some idiot that is running an open proxy.

Fortunately for me, I have a Visi DSL connection and they allow servers to be run without issue. Good thing too as I top 4.5 GB of transfer on average a month for my web server alone.

Re:So Possibly... (0)

Anonymous Coward | more than 6 years ago | (#18811795)

Er yeah, 'cos no one could possibly be visiting your website from an Amiga?

I agree with the rest of your point though. I recently added just two Class B ranges to my list, both owned by Yahoo! (Formally Inktomi) Various hosts on those ranges accounted for nearly 90% of the spam posts I was seeing.

Re:So Possibly... (1)

Darth_brooks (180756) | more than 6 years ago | (#18812497)

So instead of dying of the flu, whooping cough, measles, mumps, and rubella, you die of ebola virus. It's not really an improvement. Bots that are harder to hunt down and fix also raise the possibility of greater use of the net as a weapon. Instead of sending spam, the highest bidder on a bot net now uses it to attack financial markets, or DDOS more important communications centers.

It's not the evolution from amino acids to virus that worries me. It's the evolution from "swinging stone axes & clubs" to "advanced mechanized infantry tactics."

Marching down the road of informational warfare (3, Informative)

Anonymous Coward | more than 6 years ago | (#18811253)

This was predicted in the past, but here's one of the roadmaps:

http://www.iwar.org.uk/iwar/resources/treatise-on- iw/iw.htm [iwar.org.uk]

Quite a lot of reading, but its not too bad. Seems like all that is happening is that the crooks are catching up with the research faster than the commercial people are.

The fat years are over (5, Interesting)

Opportunist (166417) | more than 6 years ago | (#18811271)

The time when there was still a market to grow into with botnets is over. The big surge of new, clueless morons filling the net is slowly coming to an end, and even the morons now start using firewalls and AV tools (still no brains, but hey, I'm already happy with small steps).

So the maximum amount of machines to have is pretty much reached. Now the battle for the precious dimwits started. Well, it started some time ago, but we now get a lot of bot malware that actually tries to kick out the competition.

What for, one may ask. Why the overhead? I mean, what's wrong with 2 competing botnetters controlling a computer?

Bandwidth. You can only pump so much spam out of a machine with a given bandwidth. If two try that at the same time, they have to share. And sharing is not really a trait of a botnetter.

So, let the games for the herd begin. If anyone's looking for me, I'm in the lobby getting popcorn.

Re:The fat years are over (5, Insightful)

Applekid (993327) | more than 6 years ago | (#18811329)

There's a little more than just bandwidth. If your botnet can gain one extra machine, that's an advantage of +1. If your bothnet can gain control of a machine belonging to a competing botnet and kick it off that one into yours, you gain one extra machine and remove one from your opponent for an advantage of +2.

When it comes down to botnets being commissioned for Spam and DDoS attacks, the one with the most machines gets the highest bid, and the difference between that bid and the second best is likely directly related to how many computers make up the difference.

There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.

Sounds very similar to nature's natural selection.

Re:The fat years are over (1)

Opportunist (166417) | more than 6 years ago | (#18811429)

As a botnetter, you didn't even try getting into tightly secured machines (at least, you didn't 'til now). Not worth the hassle. There were enough machines to go around that have little to no security, comprised of an unpatched system, no AV (or with an outdated database), no router/fw in front of it and a braindead zombie not only in but also in front of the machine. The dominant way for infections are still mails with malware attachments. I.e. they need the user's aid to actually infect. You have a really, really hard time getting that past a user with a clue, no matter how much social engineering you put behind it to lure the user into clicking.

Users, in my experience, don't get smarter, though. They can't be bothered to actually learn and "behave", be at least wary when it comes to attachments from unknown sources. Those are the primary targets for botnetters.

So the herd will consist of a roughly stable number from now on. Some thousands give or take don't really matter. I think your analysis of the "biggest net == best offer" theory could be right, though for a "normal" launch of a malware spam flood, you rarely if ever rent a whole botnet. Few direct target attacks for EBay accounts or bank fraud are conducted worldwide, most have to be quite localized 'cause it's pretty hard to coordinate the logistics behind it, unless you want to use more people. And more people means more hands sharing the loot.

Re:The fat years are over (3, Insightful)

misleb (129952) | more than 6 years ago | (#18811979)

There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.


So if there is an intelligent designer behind the changes in the bots in response to selective pressure, is that evolution or intelligent design?

-matthew

Re:The fat years are over (2, Interesting)

plover (150551) | more than 6 years ago | (#18812395)

And if you use your bot to retrieve a competing bot, you can reverse engineer your opponent's command and control structure. Why fight for one advantage at a time when you can 0wn his entire botnet? Game, set and match.

This has been going on for years, (1, Informative)

twitter (104583) | more than 6 years ago | (#18811371)

and it has nothing to do with what users do other than use Windoze.

Re:This has been going on for years, (2, Interesting)

Opportunist (166417) | more than 6 years ago | (#18811827)

Ain't that easy.

Windows is the primary target simply because it has a market share of roughly 90% in the consumer area. You may safely assume that a business server is administrated by someone who has at least half a clue and uses security features, no matter how lenient, so the consumer is the core target group for botnetters.

Since most modern attack schemes rely not on system weaknesses but on user stupidity, this would work in every environment.

What it really has to do with is users clicking on everything and allowing everything their (rarely but still sometimes existing) security tools ask them to allow.

market niche is not security (1)

Gary W. Longsine (124661) | more than 6 years ago | (#18812337)

Almost everything you said is partly correct in some limited cases.

Some of the browser exploits don't require a user to allow the wrong thing nor visit an obviously bad web site. "Good" web sites get cracked and used as distribution vectors. Exploit chains are created such that malware can get on the box as an ordinary user, then elevate to super-user status by taking advantage of a local privilege escalation vulnerability. The amount of worm traffic probing around the internet, and the continual new versions of botnets with worm capabilities seem to indicate that remote execution holes have not been abandoned as a propagation vector.

Except in cases where they are seeking data from particular sources (confidential information, plans to fighter jets, government documents, millions of credit card numbers, etc.) botnet masters don't seem to much care about the nature of the systems they infect. They are clearly a mixture of home users, corporations, and government agencies.

Finally, it may be popular wisdom, but it really isn't clear at all that Windows market share causes botnet masters to ignore other platforms. Particularly in the last couple years it has become clear that cost/benefit analysis drives botnet technology. If it were easier to infect and own Mac OS X, there are over 20 million of them around, far more than the number needed to spam the bejeezus out of the entire planet. It's the number of bots needed by a botmaster that's important to their cost/benefit analysis. If they could own 10,000 Mac OS X systems at a lower cost than owning 10,000 Windows systems, they would do it tomorrow.

Unfortunately, this is not true (2, Interesting)

Mostly a lurker (634878) | more than 6 years ago | (#18811859)

The use of AV, anti spyware and personal firewall products is increasingly ineffective in preventing infection. If these products are fully up to date, the good ones will currently stop about 80% of the malware thrown at them, and the situation is becoming worse. The trend towards broadband routers with embedded NAT firewalls helps, but infections through email attachments and visiting malicious websites is not going to decrease: it is going to continue to increase. As the botnets become oriented primarily towards identity theft, industrial espionage and other kinds of high profit operations, you are also going to see these nets become more stealthy and harder to detect. By next year, they are going to be prevalent in corporate networks and often present for long periods without detection.

With profits already dwarfing that of the global drug business, there is every incentive for these tech savvy mafias to continue their heavy investment in improving their infrastructure. Most people in IT do not even yet realise the scope of the threat we are facing.

Re:Unfortunately, this is not true (1)

krbvroc1 (725200) | more than 6 years ago | (#18812079)

With profits already dwarfing that of the global drug business
Care to back that up with some sources? This seems like a huge overstatement to me...

sources (1)

Gary W. Longsine (124661) | more than 6 years ago | (#18812479)

A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.

Re:Unfortunately, this is not true (2, Insightful)

Mostly a lurker (634878) | more than 6 years ago | (#18812555)

The initial realization of the scale of the problem came from an FBI study last year. You can start with Malware Trends [itsecurity.com]. However, it is important to note matters are deteriorating faster than anticipated when that article was written last year.

You might also read Bumper crop of malware expected in 2007 [techtarget.com] which starts with Gartner's prediction that

75% of all enterprises will become infected with undetected, financially motivated malware by the end of 2007.
Unfortunately this is all too real and there are no quick fixes.

Re:Unfortunately, this is not true (2, Interesting)

Opportunist (166417) | more than 6 years ago | (#18812269)

What part of it is not true?

Corporate networks are largely unintersting. Few people store their personal information on their corporate machines, simply because it would be against their working contract in most places to use the machine for personal business. At best such networks would be interesting for their bandwidth, but they are usually a lot closer monitored than private machines and nets.

Yes, the stealthyness will increase. It already does. 2 years ago the average malware was an easily detectable process, now it is a thread in a running process and will evolve into a full blown rootkit in no time. I give us about 6 months tops before rootkits become a real problem. The trials are already out and running.

AV tools are improving, too. But there is no replacement for brains and common sense. Unfortunately, a lot of machines are lacking in the user department. And what's worse, they're not upgradable.

Evolution (5, Insightful)

Shambly (1075137) | more than 6 years ago | (#18811273)

I think this one oneupmanship is very good. Sure bots are bad but if we look at a virus they are now developing a symbiotic relationship with the hosts. How long until they become indispensable to the security unconscious consumer. Sorta like how bacteria evolved into helping the organism it inhabited. Very interesting to see where this will ultimately lead.

Re:Evolution (2)

Pollardito (781263) | more than 6 years ago | (#18811545)

for every bacteria that helps an organism, there are probably 2 or 3 that hurt them but this analogy is particularly weak because these computer viruses are only taking their beneficial steps to a certain point...they're not stopping themselves from ruining your PC. i'm not sure why you'd want a rooted computer that steals your bandwidth, your data, and ultimately your money just because it keeps other viruses from doing the same

Re:Evolution (3, Informative)

vivaoporto (1064484) | more than 6 years ago | (#18811627)

I can tell you in advance, without charge, where this will lead. Just like a disease vector [wikipedia.org], these machines will continue to be used by the botnet masters to infect other machines, spread SPAM, steal the very machine owner personal data and, in general, obfuscate illegal activities.

I don't know from where people commenting this article got the idea that having only one "infection" that don't totally destroy the machine is a good thing, even for the machine owner. Actually, it is very worse, because if people don't notice any different behavior they will not worry to fix the machine, even if they know about the infection. And in the end of the day, they will be the first to lose their money in some scam that they inadvertently help to spread.

People don't infect machines nowadays on the evilness of their hearts, only to wreak havoc or for bragging rights, not anymore. Now they do it for profit, it is organized crime that is happening there. Have no illusions about it.

Re:Evolution (1)

Shambly (1075137) | more than 6 years ago | (#18812441)

I don't think we have entered in a symbiotic relationship yet but I do believe that if this trend were too continue it would develop into one. Even benign bacteria have side effects (like acne). The point is that as the bots evolve due to pressures in the enviroment the likely most beneficial ones will be the ones that try to minimize the annoyance to the host while maximizing the defense. Its a gradual process... in nature it took a few billion years.

Re:Evolution (1)

gladish (982899) | more than 6 years ago | (#18812565)

Yes, but the likely solution will be similar to one for foot fungus. Your body has good fungus and bad fungus. The drug companies apprently never figured out how to manufacture a drug to kill off the bad foot fungus, but they did stumble upon one that kills it all. The virus companies will likely (in my opinion), come to a similar solution. You'll probably see virus updates that remove the software and undo any good that bots did while inhabiting the system.

Oblig (5, Funny)

xBOISEx (1089557) | more than 6 years ago | (#18811291)

"Begun, this bot war has"

Re:Oblig (1)

lonechicken (1046406) | more than 6 years ago | (#18811715)

"Begun, this bot war has"
I was refraining from using an "I for one welcome..." comment. This one had me rolling on the floor.

Have we gotten to the point yet where bots outsource the programming of good bots to bot-Delhi, in order to combat evil bots that have run rampant?

Obligatory Futurama (0)

Anonymous Coward | more than 6 years ago | (#18811303)

In a robotic female voice:

"Take this ... and that ... and one of these ..."

A Unique Opportunity (1)

Billosaur (927319) | more than 6 years ago | (#18811323)

All we need is to build a botnet capable of hunting down and destroying other botnets... or perhaps converting them? Kind of the Internet equivalent of an evangelist...

Re:A Unique Opportunity (1)

BlueTrin (683373) | more than 6 years ago | (#18811391)

Or we could just put their signature in an antivirus/antitrojan ?
Which is basically the result of the work of people working in companies using reports, honeypots and their brains.

Re:A Unique Opportunity (1)

drinkypoo (153816) | more than 6 years ago | (#18811403)

The problem with that is that the people who are using botnets for commercial purposes are way way way the hell ahead in the arms race. They already know what they're doing. And there's no reason to believe that they're stupid; they've accomplished so much...

Re:A Unique Opportunity (0)

Anonymous Coward | more than 6 years ago | (#18812627)

so we can expect it reelect Bush and start speaking in tongues...

What I want to see is a Botnet that (2, Interesting)

gurps_npc (621217) | more than 6 years ago | (#18811363)

hunts down pop-up advertiserment programs and either destroys them or tags them (so that pop-up blockers will automatically shut them down).

With all the punk 1eet programers out there, you would think that someone would spend time writing this instead of silly viruses.

I am tired of having pop-up advertisements beat my pop-up blocker.

How long until... (1, Funny)

rbanffy (584143) | more than 6 years ago | (#18811385)

How long until a botnet become sentient and decides eradicate humanity? ;-)

I keep telling people those Windows machines are dangerous. This puts them on a whole new scale.

Re:How long until... (1)

toejam316 (1000986) | more than 6 years ago | (#18811451)

How could it possibly eradicate humanity? WINDOWS. God, they'd have to put it into some kind of decent *NIX OS, using a VM, just for the damn thing to be able to run!

Re:How long until... (0)

Anonymous Coward | more than 6 years ago | (#18812129)

I for one welcome our new botnet overlords....

This is just setting us up for an interesting Matrixesque scenario

Could someone explain the closing of ports? (0)

Anonymous Coward | more than 6 years ago | (#18811409)

From a longtime Windows luser (i.e. lots of use, little technical experience):

Could someone explain why it is important that ports are closed?

From my heuristically driven mind: If a computer is infected, why wouldn't a bot simply check which of the ports are open and pick one of those? And if a computer is not infected, closing ports should not prevent infection from malware or web pages that the user installs.

The only situation I can see would be one where seemingly the 'infector' shoots blindly towards one specific port on a random IP without any user intervention, and manages to infect it. Is this usual?

Re:Could someone explain the closing of ports? (4, Informative)

dkf (304284) | more than 6 years ago | (#18811597)

Could someone explain why it is important that ports are closed?
The only way to have a message received off the internet is to have a port open. Most ports on desktop computers are only opened to specific machines while you're uploading or downloading some data (whether web, email, or any of a myriad other things). But on server computers, ports have to be open for connections from client machines which are potentially anywhere. If the software behind those ports isn't careful, it's possible to attack the machine through them.

Desktop systems are usually not as highly protected on the inside as server systems (alas) so having a firewall that blocks off server ports "Just In Case" is a good plan.

(And yes, I've left out lots of detail from this potted explanation.)

Re:Could someone explain the closing of ports? (1)

Tofystedeth (1076755) | more than 6 years ago | (#18811765)

The botnets usually have to communicate to some central location and doing so involves using a specific port. Shut down that port and it can't get instructions/download the rest of the things it needs etc. There's probably other reasons, as well as more correct ways to say what I think is going. I'm not a security guy.

And thus began the Computer Wars. (1)

ploafmaster general (920649) | more than 6 years ago | (#18811413)

As the the human casualties mounted, a horrific peripheral effect of Computer combat, we couldn't help wondering what the world could have been.

Title should have been (1)

wiredog (43288) | more than 6 years ago | (#18811465)

"Hawt Botnet on Botnet Action". With links to robot porn.

The new protection racket... (1)

kabocox (199019) | more than 6 years ago | (#18811479)

Forget anti-virus or malware vendors. We'll just admit that we live in the wild west/various mob ruled internet. How long do you think that it'll take them to figure out that they might be able to shack down the owners of those PCs for say a $30 a year "protection" fee from other anti-virus/anti-malware/ general evil spreading software products?

Re:The new protection racket... (0)

Anonymous Coward | more than 6 years ago | (#18811989)

How long do you think that it'll take them to figure out that they might be able to shack down the owners of those PCs for say a $30 a year "protection" fee from other anti-virus/anti-malware/ general evil spreading software products?

With certain AV programs and their pop-ups for free use, and constant chatter from the management app, I think people already *have* started charging $30 a year...

Curious... (1)

Bobfrankly1 (1043848) | more than 6 years ago | (#18811519)

The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."
I wonder how long it will be before we have bots that secure themselves out of the computers.
-
Cheesy Quotes! 5 Bucks, get your Cheesy Quotes!

botnets evolve themselves out of business? (4, Insightful)

Maximum Prophet (716608) | more than 6 years ago | (#18811555)

If botnet A installs patches 1,2 & 3, and botnet B simultaneously installs patches 4, 5, & 6, could the target machines be completely immunized after the next reboot?

Re:botnets evolve themselves out of business? (2, Informative)

Yetihehe (971185) | more than 6 years ago | (#18811665)

Yes, but they still have those two botnet's so they are not secure.

Re: Forced Evolution out of business! (1)

TaoPhoenix (980487) | more than 6 years ago | (#18811681)

Would one of you /. geniuses please discover a manual config of this idea so that we can breed an army of WinMules that can't reproduce any more bots?

The irony would be delicious.

Meme Wars (1, Interesting)

Anonymous Coward | more than 6 years ago | (#18811633)

This sort of reminds me of John Barnes "Meme Wars" [amazon.com] books. Except that the botnets are fighting over our computers instead of our minds. I'm wondering if it will get to the point where people will actively choose to infect their computer with one particular botnet or another if they find that that particular one interferes the least with their particular usage. At least you would know what your computer is infected with and that will keep the other garbage out.

Ah, the possibilities... (1)

l0b0 (803611) | more than 6 years ago | (#18811853)

Botnets who like guns

Botnet mud wrestling

Botnet suicides

Botnet - Revolutions

How I learned to stop worrying and love the botnet

Reminds me of "open range" disputes in Wild West (1)

Jacques Chester (151652) | more than 6 years ago | (#18811913)

A lot of disputes in the old wild west arose from open ranges, where "anyone" could graze. In practice it led to nasty disputes and illegal attempts to fence off ranges. I reckon it might be amenable to economic approaches. [clubtroppo.com.au]

Bring back the old worms (1)

alohatiger (313873) | more than 6 years ago | (#18812567)

Somebody should write worms that infect, propagate, and then kill/wipe the host. Maybe the cleanup/restore required will result in a more secure machine.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...