Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The World's Biggest Botnets

CowboyNeal posted more than 6 years ago | from the poised-to-strike dept.

Security 243

ancientribe writes "There's a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication, according to researchers, and it's a direct result of how Storm has changed the botnet game, with more powerful and wily botnets on the horizon. This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) — and what makes them tick and what they are after."

cancel ×

243 comments

Sorry! There are no comments related to the filter you selected.

Does it run on Windows? (3, Insightful)

SpaceLifeForm (228190) | more than 6 years ago | (#21289189)

I thought so.

Re:Does it run on Windows? (3, Interesting)

Wonko the Sane (25252) | more than 6 years ago | (#21289203)

I'd feel a lot safer if I could ever get selinux to work...

Re:Does it run on Windows? (5, Funny)

flyingfsck (986395) | more than 6 years ago | (#21289459)

I'd feel a lot safer if you could get selinux to work on Windows...

Re:Does it run on Windows? (5, Funny)

nsanders (208050) | more than 6 years ago | (#21289659)

I'd feel a lot better if I could get SELinux to work on Linux..

Re:Does it run on Windows? (2, Funny)

Wonko the Sane (25252) | more than 6 years ago | (#21289759)

Is there really more than about 3 people in the world that actually have a working SELinux system? That they use on a day-to-day basis?

Re:Does it run on Windows? (4, Funny)

Torvaun (1040898) | more than 6 years ago | (#21290009)

It's a well-known fact that SELinux was developed to confound hackers. It is a less-known fact that the trick is to try to get them to install it.

Re:Does it run on Windows? (2, Informative)

cheater512 (783349) | more than 6 years ago | (#21290187)

It was made by the NSA. What did you expect? :P

Re:Does it run on Windows? (1)

Typoboy (61087) | more than 6 years ago | (#21290139)

...that doesn't run in 'insecure' mode.

Re:Does it run on Windows? (1)

ozmanjusri (601766) | more than 6 years ago | (#21290057)

I'd feel a lot safer if I could ever get selinux to work.

SELinux isn't really appropriate to a general-purpose home computer, which is what these botnet operators target.

Re:Does it run on Windows? (2, Insightful)

Wonko the Sane (25252) | more than 6 years ago | (#21290095)

SELinux isn't really appropriate to a general-purpose home computer
That's probably 99% what's wrong with it. I agree with your statement, but I assert that it should be appropriate.

Well.... (2, Insightful)

Creepy Crawler (680178) | more than 6 years ago | (#21289207)

In other words, stupid people and people who dont care about security punish the rest of us. How nice.

You dont know how much I would appreciate a "Internet License" to show basic security and protections on the net. WIth the financial nets and traffic nets as they are, I'd say that hauling a 2 tom missle down a highway and doing this would be similar.

Gnnnnrrrrr (1)

Finallyjoined!!! (1158431) | more than 6 years ago | (#21289263)

In other words, stupid people and people who dont care about security punish the rest of us. How nice
Ummm, this is the intarweb right? How's your security then ?

hauling a 2 tom missle
A what?

Re:Gnnnnrrrrr (1)

Creepy Crawler (680178) | more than 6 years ago | (#21289311)

Well... That was not supposed to be a joke. Freudian slip. 2 ton missle = car/van

2 tom misle = damn scientologists.

Re:Gnnnnrrrrr (1)

Finallyjoined!!! (1158431) | more than 6 years ago | (#21289319)

No worries :-)

You Sank My Enterprise! (4, Interesting)

twitter (104583) | more than 6 years ago | (#21289301)

Ah, but you fail it!

In other words, stupid people and people who dont care about security punish the rest of us. How nice. You dont know how much I would appreciate a "Internet License" to show basic security and protections on the net.

Anyone who thinks non free software can be secured should be denied said license. FTFA:

This shift has even awakened enterprises, which historically have either looked the other way or been in denial about bots infiltrating their organizations. (See Bots Rise in the Enterprise [darkreading.com] .)

If you think you can do better than Fortune 100 support teams, you are sorely mistaken. They have all the time, money and employees they want to throw at this problem and still get their ass kicked. People trying to tweak non free software are working in the dark and will always be surprised. No matter how much they spend, they can never fix the problem.

Re:Well.... (5, Funny)

Anonymous Coward | more than 6 years ago | (#21289411)

I installed Storm on my computer and I've never been happier. Downloads are quicker, my mortgage has been refinanced, I made a fortune in the stock market, and my cock is 2 inches longer.

excellent botnet-er, would bot again++++!++!

Re:Well.... (1)

kryten250 (1177211) | more than 6 years ago | (#21289533)

I've always been very surprised on the various activist groups out there that will call you at 2am to tell you your SS# is on some ID theft forum or that abortion is wrong and yet there is no advocation for forced security updates other than the microsoft 'security' updates.

Re:Well.... (1)

billcopc (196330) | more than 6 years ago | (#21289775)

The night an activist calls me at 2 am to discuss their view on abortion, is the night I kill a bunch of goddamned nosey activists. Delayed abortion!

Re:Well.... (1)

Radres (776901) | more than 6 years ago | (#21289553)

But then Bill Gates wouldn't be able to use the internet!

Re:Well.... (1)

John Hasler (414242) | more than 6 years ago | (#21289591)

Bill Gates would have no difficulty at all using the Net, nor would other users of licensed copies of government-certified closed-source operating systems. It's just users of unregulated Free Software OSs that would be locked out.

Re:Well.... (1)

stratjakt (596332) | more than 6 years ago | (#21289593)

I bet you wouldn't qualify for one, if such a thing existed.

Re:Well.... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21289645)

In other words, stupid people and people who dont care about security punish the rest of us. How nice.

hmmmmm why does this remind me of bush...DHS and a few other government "authorities"

Papers please? (0)

Anonymous Coward | more than 6 years ago | (#21289677)

no thanks, commie..

Re:Papers please? (0)

Anonymous Coward | more than 6 years ago | (#21289831)

no thanks, commie..

That was the Nazis, dumb ass.

Re:Well.... (1)

Score Whore (32328) | more than 6 years ago | (#21289919)

In other words, stupid people and people who dont care about security punish the rest of us. How nice.


Yeah. But we can't ban bittorrent. In all seriousness, how is someone being infected with something like the storm bot punishing you? Presumedly you care about security and aren't stupid. So you're all patched up, have at least a basic firewall, and won't be opening up emails from Alice BigTits with a subject of "Wet teens big c0cks!!!!" and won't be double clicking on files named "RobMaldaToplessAndPlugged.jpg<lotsa spaces>.exe"

At the end of the day how is storm traffic any more punishing to you than any other traffic you don't give a shit about? Or any more punishing than millions of Radiohead downloads? Or WoW patches? Or linux distros? Or for that matter, absolutely anything that anyone else does that isn't related to you?

Re:Well.... (2, Insightful)

Torvaun (1040898) | more than 6 years ago | (#21290065)

Millions of Radiohead downloaders aren't telling me that I've won some European lottery, that's how. I could care less if these botnets were all doing SETI@home. I'd be pleased if they were all doing Folding@home. But they're filling my inbox instead.

Re:Well.... (2, Insightful)

Opportunist (166417) | more than 6 years ago | (#21290125)

In all seriousness, how is someone being infected with something like the storm bot punishing you?

By participating in a DDoS against me. Can happen easily to you if you're in malware research.

Not that I haven't thought of it before, but... (0)

Anonymous Coward | more than 6 years ago | (#21289941)

I've pondered an "internet license" as well. But I really don't like what you'd have to do to enforce it. Think "near death of anonymity online" due to all sorts of sites suddenly deciding that they need to see your IL just because and...

It's not that there wouldn't be a lot of upsides, but I really, really don't like some of the downsides I think it would create.

In the mean time, you can always do what I did: teach free classes at your local library (or wherever) that cover basic security issues like privacy, avoiding scams, etc.

Well....A sexy license (0)

Anonymous Coward | more than 6 years ago | (#21290003)

"In other words, stupid people and people who dont care about security punish the rest of us. How nice."

I feel the same way when people have sex and have unwanted kids or STDs and the public ends up footing the bill. Let's have a license to have sex.

Re:Well.... (4, Insightful)

Torvaun (1040898) | more than 6 years ago | (#21290037)

No, smart people who know plenty about security punish all of us and use the clueless as their weapons. Your statement is like blaming the bullet for a murder instead of the killer. Without a functioning mind building these botnets, it wouldn't matter to us how stupid the rest of humanity is.

Re:Well.... (2, Insightful)

Opportunist (166417) | more than 6 years ago | (#21290099)

And now try to get any politician to pass that. I mean, don't get me wrong, where do I sign up for your newsletter and where do I sign your petition, but you won't get that past the masses of computer illiterates that clutter the net.

To be honest, I'd even go a step further: I'd make people liable for the actions of their computer, unless they can somehow show that they had taken reasonable steps to prevent desaster from striking.

I don't require people to go through some IT course, but I want them to at least take precaution and not click like braindead monkeys on every piece of junk sent to them because it doesn't hurt them, to hell with the rest. These infected machines hurt the net. They can be used to disrupt communication, they can be used for blackmail, for spam distribution, for crimes. And yet nobody holds those idiots responsible for their foolish behaviour.

To use an ever popular car analogy, if people drove like they use the net, a mass accident with hundreds of people killed would not make it into the evening news. It would be an ordinary everyday matter.

Now, I don't want to create more criminals. I also don't want to discourage people from using the net. I want people to use brains when they do it, I want people to keep their machines clean. That's why I'm in the AV business (certainly not for the money, trust me on that one).

Yes, I want people to use AV tools. I know the dominant stance towards AV kits here, many here never used one and never needed one either. Yes, YOU don't. You know when not to open some mail, you know how to keep your machine clean, you know that something's fishy when your browser acts funny, crashes and then suddenly your HD starts rattling. You care and you act accordingly when something like that happens. The average computer illiterate doesn't. He just stares at his machine, waits for the rattling to stop, sighs in relief when it doesn't seem to be damaged and goes on with his life.

One thing I don't understand is why ISPs don't try to get some deals with AV vendors to bundle it with their access. I'm fairly sure a lot of AV companies would jump on that idea immediately, and the ISP can maybe reduce his traffic load with fewer infected machines spewing less botcrap through the net.

Anyway. What I want is to hold people liable for the damage they do. But try to get a majority for that...

Imagine if you will (5, Insightful)

Misanthrope (49269) | more than 6 years ago | (#21289209)

Imagine if somebody did this but donated cpu time to distributed computing projects like that one on cancer research. Force philanthropy would be rather strange and still illegal, but at least slightly more noble in a Robin Hood sort of way.

Re:Imagine if you will (4, Funny)

Deltaspectre (796409) | more than 6 years ago | (#21289223)

Or if everyone donated their CPU time to botnets!

Re:Imagine if you will (5, Funny)

Misanthrope (49269) | more than 6 years ago | (#21289247)

In Soviet Russia botnets donate cpu time to you.

Re:Imagine if you will (0)

Anonymous Coward | more than 6 years ago | (#21289373)

Did anyone else not catch the deeper meaning in that, intentional or not? (hint: a lot of botnets are thought to be operated by people in Russia)

Re:Imagine if you will (0)

Anonymous Coward | more than 6 years ago | (#21289713)

Fuck whom? (hint: fuck you)

Re:Imagine if you will (1)

Orthuberra (1145497) | more than 6 years ago | (#21289317)

Forget cancer research, there are more pressing concerns such as cracking HD-DVD and Blu Ray that these botnets should be working on.
I keed... :D

Re:Imagine if you will (1)

the_humeister (922869) | more than 6 years ago | (#21289385)

Or better yet, if each node ran a small neural net. with each node connected to many other nodes, the whole system might gain consciousness!

Re:Imagine if you will (2, Funny)

4D6963 (933028) | more than 6 years ago | (#21289523)

Or better yet, if each node ran a small neural net. with each node connected to many other nodes, the whole system might gain consciousness!

Right, because every AI researcher knows "strong AI" is as simple as creating a huge neural network and letting the magic happen ;-)

Re:Imagine if you will (2, Funny)

jandrese (485) | more than 6 years ago | (#21289573)

It seems to work just about as well as anything else they've tried.

Re:Imagine if you will (1)

4D6963 (933028) | more than 6 years ago | (#21289857)

It seems to work just about as well as anything else they've tried.

Yeah, in other words, we're about as close to Strong AI as we've always been. lol.

Who need so to imagine? (0)

Anonymous Coward | more than 6 years ago | (#21289405)

Imagine if somebody did this but donated cpu time to distributed computing projects like that one on cancer research.


Well, Bill Gates did do this and he is trying to patent yet another Malaria vaccine that does not work. Does that count?


Re:Who need so to imagine? (1)

Torvaun (1040898) | more than 6 years ago | (#21290101)

No malaria vaccine is going to work. Malaria is caused by parasites. Getting a vaccine for malaria would be like getting a vaccine for ducks. Only the symptoms can be treated.

Re:Imagine if you will (0)

Anonymous Coward | more than 6 years ago | (#21289679)

Imagine a beowulf cluster of these! ...Oh. Wait.

Re:Imagine if you will (1)

darjen (879890) | more than 6 years ago | (#21289745)

What if the owners actually discovered a cure for cancer this way? They could sell it to the highest bidder... hmm new business ideas coming to mind...

Re:sig (0, Offtopic)

rat10177sd (963462) | more than 6 years ago | (#21289899)

Man,I support the troops, they're just doing their job. It's unfortunate that the CIC who started the whole mess is an idiot.

Re:Imagine if you will (2, Funny)

OGC (1156089) | more than 6 years ago | (#21290201)

Imagine if somebody did this but instead of donating time to distributed computing projects like that one on cancer research, the distributed computing project was to have the bot spread like a cancer, refuse to be treated like a cancer, and generally plague and cripple the world with problems like a cancer. Oh wait.

spam spam spam spam and more spam (4, Funny)

User 956 (568564) | more than 6 years ago | (#21289237)

This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) -- and what makes them tick and what they are after.

From the look of things, it appears that their sole purpose is to send me myspace friend requests from lonely, hot girls that have Tom as their only friend, and have selected me as the lucky person who gets to share in viewing their private, personal website, which has many photos of their naked breasts and vagina. Seriously.

Re:spam spam spam spam and more spam (1)

corerunner (971136) | more than 6 years ago | (#21289357)

+1 hilarious!

Note total absence of word "Microsoft" (5, Interesting)

Animats (122034) | more than 6 years ago | (#21289239)

It's interesting that these articles don't even mention that Microsoft's insistence on running executable content from the browser is at the heart of all these problems.

Re:Note total absence of word "Microsoft" (4, Insightful)

toadlife (301863) | more than 6 years ago | (#21289323)

Probably because it's not the heart of all these problems. The heart of all these problems is that a billion security-unaware people operate computers that are connected to the internet.

Do you honestly think everyone switching to a different OS would solve the problem?

Yes, free software would fix the problem. (-1, Troll)

Erris (531066) | more than 6 years ago | (#21289597)

Do you honestly think everyone switching to a different OS would solve the problem?

Apple and Sun don't seem to have these problems. Go on and tell me that Apple users are somehow more aware of security and the workings than Windoze users are. Tell me that there are not enough Mac users to matter, even though you just told me they were richer and better educated or something stupid like that. It's not the user's fault and you Microtards know it.

GNU/Linux is better because so many more architectures are supported, each distribution is compiled with different options and each loads a different way. Apple and M$ are trying to duplicate this artificially by randomizing their memory loading. Nothing is worse than the i386 monoculture M$ enforces.

Re:Yes, free software would fix the problem. (1)

timmarhy (659436) | more than 6 years ago | (#21289687)

Apple and Sun are a very small % of the computer using population, and not a good dataset do they make.

Re:Yes, free software would fix the problem. (2, Insightful)

14erCleaner (745600) | more than 6 years ago | (#21289799)

Apple and Sun are a very small % of the computer using population, and not a good dataset do they make.

There are millions of Macs out there, and growing. But they're harder to compromise by design. The elusive "Mac virus threat" remains largely a marketing device for Symantec.

Re:Yes, free software would fix the problem. (1)

Score Whore (32328) | more than 6 years ago | (#21289991)

There are millions of Macs out there, and growing. But they're harder to compromise by design. The elusive "Mac virus threat" remains largely a marketing device for Symantec.


Not really. There is absolutely nothing on a current MacOS X system that prevents users from running shit they download from the net. And now you're going to go "But... but..." thinking that somehow they're magically protected cause they don't run as administrator. Of course the second anyone wants to do anything, they just create a situation where the user expects a dialog asking for root's password and they happily provide it. But even in that case, it's a totally moot point. You don't have to be root to run software on Mac OS X that connects to the network. Fuck, let's try and have a little perspective and give it even a small amount of thought. Lay off the anti-Microsoft fanboi cookies.

Re:Yes, free software would fix the problem. (4, Informative)

Opportunist (166417) | more than 6 years ago | (#21290193)

Not really. There is a very simple reason why botnets are dominated (to pretty much 100%) by MS systems. Numbers. Most machines in home user hands simply are running on some kind of MS OS.

Yes, Linux and MacOS are more secure. It's harder to slip something into the system, at best you can run with user privileges, yes, yes.

Unless you trick the user. And that's pretty much the main infection vector today. About 95% of malware comes in the form of infected spam mails, only 5% of infections rely on system insecurities, buffer overflows or other system related security holes.

And when you can trick the user into executing something, it's trivial to trick him also into giving the malware elevated privileges, provided you promise him something. Send someone a "tool" that promises 20% more speed or ram, but since it has to hook deeply into the system, it will require root privileges.

Yes, you won't fall for it. But the average clueless user? After all, this thingamajig is gonna do something with your system to make it run faster, so it's kinda logic that it will need system privs.

No system is secure from malware. Security is by definition the minimum of a system's security capabilities and its adminstrator's security capability. BOTH need to be secure to create a secure system.

Re:Yes, free software would fix the problem. (0)

Anonymous Coward | more than 6 years ago | (#21289917)

It's not the user's fault and you Microtards know it.

Yeah, fuck you, too. Asshole.

Re:Yes, free software would fix the problem. (1)

dedazo (737510) | more than 6 years ago | (#21290089)

The only thing standing between Linux and a botnet is a simple chmod +x.

In fact, given enough user apathy, they can all coexist [slashdot.org] quite happily.

Other than that, you have nothing but your psychotic hatred and infantile "M$ Windoze Microtard" insults, as usual.

You know the answer. (3, Insightful)

Anonymous Coward | more than 6 years ago | (#21289667)

If you are afraid of Linux, switch to OSX.

We have heard that line saying it's the fault of the novice computer.
I did not believe that 10 years ago. I still don't believe it.

10 years ago, I thought that Microsoft would fix the bugs that created this Anti-Virus business.

I was wrong. Microsoft never saw a business reason to fix those bugs. Instead they increase the "It's not our fault" marketing, and even got into the [Anti]Virus business themselves.

The Windows Virus-prone bugs 10 years ago were:

  - System access/execution from Office templates.
  - System access/execution from Active X.
  - System access/execution from Browser in general.
  - System access/execution from Email attachments.

These features I suppose are there for novices. The same novices that are blamed for perpetuating "viruses" by using these "features".

These "features" have never existed in Linux.

Re:Note total absence of word "Microsoft" (4, Insightful)

bit01 (644603) | more than 6 years ago | (#21289719)

Probably because it's not the heart of all these problems. The heart of all these problems is that a billion security-unaware people operate computers that are connected to the internet.

No, the heart of the problem is that windows, despite what M$ claims, was not be designed for those people and as a result those people make mistakes.

Software is soft, it can be anything we want it to be, and assholes who claim that "software can't do software related things" are lying through their teeth.

If thirty odd years ago windows had been designed responsibly we wouldn't have the mess that we have now. Amongst many other things when connected to the net they deliberately confused static data with executables and deliberately ran all programs as administrator. Things that mainframe OS' and Unix had understood and solved decades before. I can remember the very first time I saw a web page with an executable and thinking "you stupid fucking idiots". The ramifications were obvious right from the start; M$ just chose to ignore them.

The marketing parasites, and their patsies, who to this day continue to claim that windows was not a large part of the problem are lying arseholes. M$ is slowly improving their security but they still have a long, long way to go with a culture that still tries to test for security rather than building for it. And yes, despite what some idiots claim, security and user friendliness are not mutually contradictory. In fact they are more complimentary than contradictory with well built security systems helping users to make good choices for their own safety as well as everybody else's.

---

Flash = blink tag = incompetent web designer.

Re:Note total absence of word "Microsoft" (1)

Score Whore (32328) | more than 6 years ago | (#21290035)

If thirty odd years ago windows had been designed responsibly we wouldn't have the mess that we have now. Amongst many other things when connected to the net they deliberately confused static data with executables and deliberately ran all programs as administrator.


A) Thirty odd years ago Microsoft was still in the business of selling BASIC interpreters. B) You can't name a single consumer OS that prevents the user from running software that connects to the internet. So why not stop with the moroniness (sort of like truthiness but especially for you) and quit dropping the idea that not having users have some kind of elevated privileges by default is going to solve all the worlds virus problems.

You missed a few dollah signs (0, Troll)

Anonymous Coward | more than 6 years ago | (#21290045)

No, the heart of the problem i$ that window$, de$pite what MS claim$, wa$ not be de$igned for tho$e people and a$ a re$ult tho$e people make mi$take$.

$oftware i$ $oft, it can be anything we want it to be, and a$$hole$ who claim that "$oftware can't do $oftware related thing$" are lying through their teeth.

If thirty odd year$ ago window$ had been de$igned re$pon$ibly we wouldn't have the me$$ that we have now. Among$t many other thing$ when connected to the net they deliberately confu$ed $tatic data with executable$ and deliberately ran all program$ a$ admini$trator. Thing$ that mainframe O$' and Unix had under$tood and $olved decade$ before. I can remember the very fir$t time I $aw a web page with an executable and thinking "you $tupid fucking idiot$". The ramification$ were obviou$ right from the $tart; MS ju$t cho$e to ignore them.

The marketing para$ite$, and their pat$ie$, who to thi$ day continue to claim that window$ wa$ not a large part of the problem are lying ar$ehole$. MS i$ $lowly improving their $ecurity but they $till have a long, long way to go with a culture that $till trie$ to te$t for $ecurity rather than building for it. And ye$, de$pite what $ome idiot$ claim, $ecurity and u$er friendline$$ are not mutually contradictory. In fact they are more complimentary than contradictory with well built $ecurity $y$tem$ helping u$er$ to make good choice$ for their own $afety a$ well a$ everybody el$e'$.

Re:Note total absence of word "Microsoft" (1)

cadeon (977561) | more than 6 years ago | (#21289727)

Yes. Next Question.

Re:Note total absence of word "Microsoft" (4, Interesting)

fred fleenblat (463628) | more than 6 years ago | (#21289937)

Maybe solve isn't the right word, but switching everyone to linux (for example) would cut the infection rate to zero for about a year, until the bad guys adapted. After that it would still be way, way lower, mostly because of the better management of admin privileges.

OLPC is potentially quite secure against naive user problems. There are plans for about a billion of these, so you'll have your answer pretty soon.

Re:Note total absence of word "Microsoft" (1)

gmuslera (3436) | more than 6 years ago | (#21290031)

Lets say im not totally suicidal opening every mail attachment that comes. Lets say that im not a security expert, and use the browser that im practically forced to use in windows from day 0, even if i hear somewhere that there are other browsers in the market. Well, thats it, following a link (that come by mail, from a search result, in an online game/chat), a mistype in an URL, whatever, and the internet explorer by itself, could take care of downloading and installing a trojan, no confirmation required, and probably with administration access. Some years (?) ago, the same no user intervention infection was managed efficiently by outlook, the default/forced mail client.

What about other OSs?

You dont have so much monoculture in linux, different distributions, architectures, browsers (ok, mozilla/gecko should be the most used), dinamic in new versions, user access, even sources of installable programs. All of this conspires to make that model of trojan spreading a lot harder, not impossible, but harder. In OS X some of this applies too.

And yes, i think that Microsoft is at least part of the problem. Not just because their faulty implementation of programs, but also because their policies.

Re:Note total absence of word "Microsoft" (1)

budgenator (254554) | more than 6 years ago | (#21290061)

Do you honestly think everyone switching to a different OS would solve the problem? now that would be pretty silly; better to have several different well secured OSes and letting people choose between them, have each computer having it's own different OS would stop the malware, but it would also limit desired software

Re:Note total absence of word "Microsoft" (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21290191)

Care to run a Linux live CD, mount your file system, dump the whole tree to plain text, and post it? A green Franklin says you have a virus or piece of malware on your Windows box right now that you don't know about.

Yes, Linux would fix 99% of the problem, the same way not smoking crack will cure a drug problem. Did you think the world's biggest monopoly can't make a secure system if they want to? So why don't they? Because they make more money when it breaks beyond fixing and you have to buy a new one.

Check the literature from before Windows 3.1 spread everywhere, and contrast it with today. Stupid users did not cause Windows. Windows caused stupid users.

Re:Note total absence of word "Microsoft" (1)

loconet (415875) | more than 6 years ago | (#21289341)

Is that still the case with IE7 and Vista (or event XP SP2)? I'm genuinely curious, I stopped using Windows a long time ago.

Re:Note total absence of word "Microsoft" (4, Interesting)

Shados (741919) | more than 6 years ago | (#21289465)

In Protected Mode, IE7 on Vista is genuinly sandboxed, and throws a fit if you so much as do a right click View Source (which would run an executable: notepad by default). If the browser was actually standard compliant (sometimes by the time Duke Nuken Forever and Spore comes out I guess), it would be an excellent all around browser.

Other stuff, like running an executable sent to you by MSN is so freagin hard it puzzles even me sometimes (I beleive by default you have to change something in the registery, or it simply will flag em and you'll never be able to so much as extract exes from a zip file). Thats probably pushing it too far, but point is, if you don't have the admin password, its relatively difficult to do something retarded aside to hit your own account (which is possible in any OS really, and even then, you get quite a few warnings).

Something of interest, though not really related: Once I installed some game (I forget which) that tried to install a copy protection crap, and Vista actually asked me if I wanted to install it separately from the game itself (I got 2 pop ups). Said no, and it happened that this particular game would run without the copy protection...so I was able to tell it to shoo off (while my friend on XP hosed his install because of it...a patch came out the week later to fix the issue, but I never had the problem in the first place). MS is learning. Slowly.

Re:Note total absence of word "Microsoft" (1)

General Melchett (860357) | more than 6 years ago | (#21290141)

Off topic, but if you need a quick way of getting round that pesky MSN blocking exe's and zips thing, i find renaming it to say 'inoccuousfile.jpg' then sending it and renaming at the other end, seems to work a treat....

Re:Note total absence of word "Microsoft" (1)

644bd346996 (1012333) | more than 6 years ago | (#21290167)

IE has to open an external program just to show you the html source!? You'd think they could include some kind of mechanism to display text...

Re:Note total absence of word "Microsoft" (1)

Aetuneo (1130295) | more than 6 years ago | (#21289685)

Yes, but only accidentally: The amount of CPU power and Memory that Vista's interface takes up makes it almost impossible for the botnet programs to find any space on the computers to run, hence preventing them from running botnet software. Also, I was wondering ... Do you think that the storm botnet could run Vista with all the settings enabled? My bet is that it couldn't.

Re:Note total absence of word "Microsoft" (0)

Anonymous Coward | more than 6 years ago | (#21289397)

maybe because it's not? http://en.wikipedia.org/wiki/Storm_Worm [wikipedia.org]
 
once again a dumb fucking cunt gets modded up for not knowing what the fuck they're talking about.
 
we really need a -1 misinformation mod over an overrated mod.

Re:Note total absence of word "Microsoft" (0)

Anonymous Coward | more than 6 years ago | (#21289505)

I know that, since you're a potty mouth AC, it's hard for you to control yourself...
and I know that it's probable that the parent poster didn't really know exactly what they were talking about...

But before MS invaded the internet with their poorly designed crap anyone receiving an e-mail with an attachment pretty much needed to know what kind of file it was in order to make use of it. Is this a text file? Is it a file which belongs with a particular word processor or spreadsheet program? Is this a data file for an image? Just what kind of file is it?

Before MS invaded the internet with their poorly designed crap the user was required to know these things ahead of time, even if they wanted to configure their mail client for single click file opening, because they (the user) needed to specify the application associated with a MIME type or file extension.

So, even if they didn't know it, the parent poster is still correct and, as usual, you're being the pedantic (and unrightfully so) asshat. It wasn't until MS invaded the internet with their poorly designed single-click everything automagically works crap that people were able to put a mail attachment into executable memory space with a single click.

Even if someone had written a trojan for whatever OS they were using at the time it was still a matter of saving the attachment to disk and deliberately executing it. In those days "click to open" really did mean click to OPEN (with the appropriate associated application). There was no "click to execute".

So quit acting like you know what you're talking about. You're very annoying to those of us who do.

-HiLJ

Re:Note total absence of word "Microsoft" (0)

Anonymous Coward | more than 6 years ago | (#21289617)

your another moron who can't even read. my link shows that it was an email issue, not a web browser issue like the asshat gp claimed. you backed up his claim and at the same time affirmed mine. even though they conflict you tried to make them sound like the same thing. you're must be really dumb.

Re:Microsoft isn't the only irresponsible company (4, Interesting)

GaryOlson (737642) | more than 6 years ago | (#21289581)

Microsoft is not the only culprit. I have a Netgear FVS124G (with the latest firmware) which has been compromised: 3 sets of packets were sent on port 80 to the router and after the last set of packets "Access rule 257 added" was logged. Access rule 257 did not show in the interface. Then the router started sending botnet check-in packets on IRC ports to various IP addresses. And, the router log showed the malware was sending traffic using every MAC address in the route table as a "compromised PC" -- even the laptop which was disconnected from my network.

Yes, the router was still emailing me every log of all network traffic -- my traffic and the malware traffic also. Seems the malware author does not think my ability to log their traffic was significant.

Netgear was very helpful. Tier1 tech support said securing the router was my responsibility. Asshats!

Re:Microsoft isn't the only irresponsible company (1, Funny)

John Hasler (414242) | more than 6 years ago | (#21289633)

> Netgear was very helpful. Tier1 tech support said securing the router was my
> responsibility.

Easily done. Place the router in a trashcan and secure the lid. Then scrounge up an old pc or laptop and put a Linux router on it.

Re:Microsoft isn't the only irresponsible company (3, Informative)

Torvaun (1040898) | more than 6 years ago | (#21290169)

DD-WRT. Problem solved.

advertisement (-1, Troll)

schneidafunk (795759) | more than 6 years ago | (#21289251)

proxy symantec fear mongering

security through obscurity (5, Funny)

Anonymous Coward | more than 6 years ago | (#21289277)

Well thankfully I run Windows, which is inherently more secure than your "open source" systems. These botnet creators can look right inside your operating systems and see the vulnerabilities, whereas with Windows...

Re:security through obscurity (1)

Brian Gordon (987471) | more than 6 years ago | (#21289471)

Whoa whoa whoa, listen to what Symantec has to say on the issue. From TFA:

According to Symantec, Bobax bores open a back door and downloads files onto the infected machine, and lowers its security settings.
It can actually bore a hole through your Windows- without shattering them!

Which botnet is Ron Paul's? (0)

Anonymous Coward | more than 6 years ago | (#21289303)

Also how did his botnet get my credit card number.

Re:Which botnet is Ron Paul's? (0)

Anonymous Coward | more than 6 years ago | (#21289635)

Yeah, you can stop doing that now.

The lack of mention of business security here... (4, Interesting)

downix (84795) | more than 6 years ago | (#21289399)

All of these articles on botnets such as Storm always mention home system vulnerability...

Well, let me point out for a second how while dangerous for a single home system to be infected, it is a world worse when a business system becomes infected.

Within hours, typically that botnet has replicated to all of the machines on the internal network. Worse, now that botnet has access to your critical database information, consisting of customer records. Often times, the brains behind these botnets can better datamine than your business can, finding interconnections with your customers to better flood them with spam, or worse.

At my job, one of our machines was hit with the Storm. We isolated it within minutes, but even then it still wa a close call. If I hadn't been doing a routine portscan at just the right moment, we'd have never spotted it.

After that, the boss authorized me to begin a slow migration to Linux.

Re:The lack of mention of business security here.. (0)

Anonymous Coward | more than 6 years ago | (#21289711)

Please to explain how to detect storm botnet.

Re:The lack of mention of business security here.. (1)

downix (84795) | more than 6 years ago | (#21289735)

if you check online you'll find quite a few options. In my case, I happened to be checking my networks outgoing traffic and noticed the unusual port open on a typical P2P port. As work frowns on P2P (while not forbidding it) I went to the desk to see what they were eDonkey'ing.

Re:The lack of mention of business security here.. (1)

sowth (748135) | more than 6 years ago | (#21290189)

This is why I don't like companies to keep my credit card number on file. Yeah, it is convenient when you don't have to type it into a web form all the time, but any security breach, and some bastard can run up charges on your card. Not a risk I like to take.

Windows based Super Computers (5, Funny)

flyingfsck (986395) | more than 6 years ago | (#21289433)

So the world's largest networked super computer runs Windows. It is sad really, all these hundreds of millions of computers on the planet - half of them sending spam for the other half to filter out. One would think that there should be something slightly more useful for them to do.

Re:Windows based Super Computers (0)

Anonymous Coward | more than 6 years ago | (#21289585)

In a press release today, Microsoft proudly proclaimed its dominance in the botnet market!

Skynet? (1)

Archangel Michael (180766) | more than 6 years ago | (#21289881)

Who knew that Skynet was WINDOWS BASED? That explains a lot!

Re:Windows based Super Computers (0)

Anonymous Coward | more than 6 years ago | (#21289977)

"So the world's largest networked super computer runs Windows"

I get it! It's the same strategy as letting people run pirate Windows!

Oh, that wily, wily, Bill Gates.

Have you heard about the world's smallest botnet? (2, Funny)

moosejaw99 (1052622) | more than 6 years ago | (#21289515)

Just ask my wife.

Re:Have you heard about the world's smallest botne (1)

Archangel Michael (180766) | more than 6 years ago | (#21289909)

I have, and now I have to get a shot. Thanks!

crappy reporting, as usual (1)

EllynGeek (824747) | more than 6 years ago | (#21289729)

This article is newsworthy? It's shit. It doesn't name which applications and operating systems are vulnerable- are all web browsers going to infect system files from visiting infected Web sites? Do these worms and Trojan horses run on all operating systems? Macs? Unixes? BSDs? Linuxes? It's just a scary, ignorant infomercial for the anti-malware industry. The solution is to remove all Windows computers from the Internet. Problem 99% solved.

In criminal Russia... (0, Redundant)

sapphire wyvern (1153271) | more than 6 years ago | (#21289741)

you own botnet.

Relevant? (0, Troll)

Gothmolly (148874) | more than 6 years ago | (#21289795)

I have a firewall appliance, and run Linux. I send emails, read Slashdot, and a few hobby phpBB forums. How is this relevant to me?

The World's Biggest Brothels (2, Funny)

nexuspal (720736) | more than 6 years ago | (#21289817)

That's what I thought the name of the article was, I was like, cool! Then I was let down :-(.

obligatory.. (1)

Typoboy (61087) | more than 6 years ago | (#21290041)

I, for... I mean, ß, ñî ñâîåé ñòîðîíû, ïðèâåòñòâóåì íàøåãî íîâîãî ðîáîòà ñåòè çà ãîñïîä.

My Bad (0)

Anonymous Coward | more than 6 years ago | (#21290179)

When I read the title I thought it read "The World's Biggest Boners".
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>